def update(self, input):
i = openssl.c_int(0)
buffer = openssl.malloc(b"", len(input)+self.cipher.get_blocksize())
inp = openssl.malloc(input,len(input))
if openssl.EVP_CipherUpdate(self.ctx, openssl.byref(buffer), openssl.byref(i), inp, len(input)) == 0:
raise Exception("[OpenSSL] EVP_CipherUpdate FAIL ...")
self.size += i.value
self.ciphertext += buffer.raw[0:i.value]
def hmac(k, m):
"""
Compute the key and the message with HMAC SHA512
"""
key = openssl.malloc(k, len(k))
d = openssl.malloc(m, len(m))
md = openssl.malloc(0, 64)
i = openssl.pointer(openssl.c_int(0))
openssl.HMAC(openssl.EVP_sha512(), key, len(k), d, len(m), md, i)
return md.raw
def sign(self, inputb):
"""
Sign the input with ECDSA method and returns the signature
"""
try:
size = len(inputb)
buff = openssl.malloc(inputb, size)
digest = openssl.malloc(0, 64)
md_ctx = openssl.EVP_MD_CTX_create()
dgst_len = openssl.pointer(openssl.c_int(0))
siglen = openssl.pointer(openssl.c_int(0))
sig = openssl.malloc(0, 151)
key = openssl.EC_KEY_new_by_curve_name(self.curve)
if key == 0:
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
priv_key = openssl.BN_bin2bn(self.privkey, len(self.privkey), 0)
pub_key_x = openssl.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
pub_key_y = openssl.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
if (openssl.EC_KEY_set_private_key(key, priv_key)) == 0:
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
group = openssl.EC_KEY_get0_group(key)
pub_key = openssl.EC_POINT_new(group)
if (openssl.EC_POINT_set_affine_coordinates_GFp(group, pub_key, pub_key_x, pub_key_y, 0)) == 0:
raise Exception("[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
if (openssl.EC_KEY_set_public_key(key, pub_key)) == 0:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (openssl.EC_KEY_check_key(key)) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
openssl.EVP_MD_CTX_init(md_ctx)
openssl.EVP_DigestInit(md_ctx, openssl.EVP_ecdsa())
if (openssl.EVP_DigestUpdate(md_ctx, buff, size)) == 0:
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
openssl.EVP_DigestFinal(md_ctx, digest, dgst_len)
openssl.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key)
if (openssl.ECDSA_verify(0, digest, dgst_len.contents, sig, siglen.contents, key)) != 1:
raise Exception("[OpenSSL] ECDSA_verify FAIL ...")
return sig.raw
finally:
openssl.EC_KEY_free(key)
openssl.BN_free(pub_key_x)
openssl.BN_free(pub_key_y)
openssl.BN_free(priv_key)
openssl.EC_POINT_free(pub_key)
openssl.EVP_MD_CTX_destroy(md_ctx)
def verify(self, sig, inputb):
"""
Verify the signature with the input and the local public key. Returns a boolean
"""
try:
bsig = openssl.malloc(sig, len(sig))
binputb = openssl.malloc(inputb, len(inputb))
digest = openssl.malloc(0, 64)
dgst_len = openssl.pointer(openssl.c_int(0))
md_ctx = openssl.EVP_MD_CTX_create()
key = openssl.EC_KEY_new_by_curve_name(self.curve)
if key == 0:
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
pub_key_x = openssl.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
pub_key_y = openssl.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
group = openssl.EC_KEY_get0_group(key)
pub_key = openssl.EC_POINT_new(group)
if (openssl.EC_POINT_set_affine_coordinates_GFp(group, pub_key, pub_key_x, pub_key_y, 0)) == 0:
raise Exception("[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
if (openssl.EC_KEY_set_public_key(key, pub_key)) == 0:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (openssl.EC_KEY_check_key(key)) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
openssl.EVP_MD_CTX_init(md_ctx)
openssl.EVP_DigestInit(md_ctx, openssl.EVP_ecdsa())
if (openssl.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0:
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
openssl.EVP_DigestFinal(md_ctx, digest, dgst_len)
ret = openssl.ECDSA_verify(0, digest, dgst_len.contents, bsig, len(sig), key)
if ret == -1:
return False # Fail to Check
else :
if ret == 0:
return False # Bad signature !
else:
return True # Good
return False
finally:
openssl.EC_KEY_free(key)
openssl.BN_free(pub_key_x)
openssl.BN_free(pub_key_y)
openssl.EC_POINT_free(pub_key)
openssl.EVP_MD_CTX_destroy(md_ctx)
def __init__(self, key, iv, do, ciphername='aes-256-cbc'):
"""
do == 1 => Encrypt; do == 0 => Decrypt
"""
self.cipher = openssl.get_cipher(ciphername)
self.ctx = openssl.EVP_CIPHER_CTX_new()
self.ciphertext = b""
self.size = 0
if do == 1 or do == 0:
k = openssl.malloc(key, len(key))
IV = openssl.malloc(iv, len(iv))
openssl.EVP_CipherInit_ex(self.ctx, self.cipher.get_pointer(), 0, k, IV, do)
else:
raise Exception("RTFM ...")
def final(self):
i = openssl.c_int(0)
buffer = openssl.malloc(self.ciphertext, len(self.ciphertext)+self.cipher.get_blocksize())
if (openssl.EVP_CipherFinal_ex(self.ctx, openssl.byref(buffer,self.size), openssl.byref(i))) == 0:
raise Exception("[OpenSSL] EVP_CipherFinal_ex FAIL ...")
self.size += i.value
return buffer.raw[0:self.size]
def _generate(self):
try:
pub_key_x = openssl.BN_new()
pub_key_y = openssl.BN_new()
key = openssl.EC_KEY_new_by_curve_name(self.curve)
if key == 0:
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
if (openssl.EC_KEY_generate_key(key)) == 0:
raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ...")
if (openssl.EC_KEY_check_key(key)) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
priv_key = openssl.EC_KEY_get0_private_key(key)
group = openssl.EC_KEY_get0_group(key)
pub_key = openssl.EC_KEY_get0_public_key(key)
if (openssl.EC_POINT_get_affine_coordinates_GFp(group, pub_key, pub_key_x, pub_key_y, 0)) == 0:
raise Exception("[OpenSSL] EC_POINT_get_affine_coordinates_GFp FAIL ...")
privkey = openssl.malloc(0, openssl.BN_num_bytes(priv_key))
pubkeyx = openssl.malloc(0, openssl.BN_num_bytes(pub_key_x))
pubkeyy = openssl.malloc(0, openssl.BN_num_bytes(pub_key_y))
openssl.BN_bn2bin(priv_key,privkey)
privkey = privkey.raw
openssl.BN_bn2bin(pub_key_x,pubkeyx)
pubkeyx = pubkeyx.raw
openssl.BN_bn2bin(pub_key_y,pubkeyy)
pubkeyy = pubkeyy.raw
self.raw_check_key(privkey, pubkeyx, pubkeyy)
return privkey, pubkeyx, pubkeyy
finally:
openssl.EC_KEY_free(key)
openssl.BN_free(pub_key_x)
openssl.BN_free(pub_key_y)
def raw_get_ecdh_key(self, pubkey_x, pubkey_y):
try:
ecdh_keybuffer = openssl.malloc(0, 32)
other_key = openssl.EC_KEY_new_by_curve_name(self.curve)
if other_key == 0:
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
other_pub_key_x = openssl.BN_bin2bn(pubkey_x, len(pubkey_x), 0)
other_pub_key_y = openssl.BN_bin2bn(pubkey_y, len(pubkey_y), 0)
other_group = openssl.EC_KEY_get0_group(other_key)
other_pub_key = openssl.EC_POINT_new(other_group)
if (openssl.EC_POINT_set_affine_coordinates_GFp(other_group, other_pub_key, other_pub_key_x, other_pub_key_y, 0)) == 0:
raise Exception("[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
if (openssl.EC_KEY_set_public_key(other_key, other_pub_key)) == 0:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (openssl.EC_KEY_check_key(other_key)) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
own_key = openssl.EC_KEY_new_by_curve_name(self.curve)
if own_key == 0:
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
own_priv_key = openssl.BN_bin2bn(self.privkey, len(self.privkey), 0)
if (openssl.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
openssl.ECDH_set_method(own_key, openssl.ECDH_OpenSSL())
ecdh_keylen = openssl.ECDH_compute_key(ecdh_keybuffer, 32, other_pub_key, own_key, 0)
if ecdh_keylen != 32:
raise Exception("[OpenSSL] ECDH keylen FAIL ...")
return ecdh_keybuffer.raw
finally:
openssl.EC_KEY_free(other_key)
openssl.BN_free(other_pub_key_x)
openssl.BN_free(other_pub_key_y)
openssl.EC_POINT_free(other_pub_key)
openssl.EC_KEY_free(own_key)
openssl.BN_free(own_priv_key)