def signature(self, priv_key, message):
hash = int(sha256(message), 16)
k = 0
r = 0
s = 0
P = self.Gen
while r == 0 or s == 0:
k = secure_random(256)
P = k * self.Gen
r = (P.x * ECurve.IntMod(inverse(
P.z.value, self.p0 + self.p1))).value % self.order
s = inverse(k, self.order) * (hash + r * priv_key) % self.order
x = str.format('0x{:064X}', r)
y = str.format('{:064X}', s)
return x + y
def verify(key, message, nonce = None):
# unsign the message, convert to string, split off hash
ptxt = ltoa(unsign(key, message))
# Check message length
if len(ptxt) != MSG_LENGTH + NONCE_LENGTH + HASH_LENGTH:
#print "BAD MSG LEN"
return None
hash = sha.sha256(ptxt[:MSG_LENGTH + NONCE_LENGTH])
# compare hashes
if hash != ptxt[MSG_LENGTH + NONCE_LENGTH:]:
#print "BAD HASH"
return None
if nonce:
n = ptxt[MSG_LENGTH : MSG_LENGTH + NONCE_LENGTH]
# compare nonces
if n != nonce:
#print "BAD NONCE"
return None
return ptxt[:MSG_LENGTH]
return ptxt[:MSG_LENGTH + NONCE_LENGTH]
def verify_signature(self, pub_key, pL, signature):
pub_point = ECurve.pub_key_to_point(pub_key)
if self.verify_point(pub_point) is not True:
return False
signature = signature[2:]
r = int(signature[:64], 16)
s = int(signature[64:], 16)
if r < 1 or r > self.order - 1:
return False
if r < 1 or r > self.order - 1:
return False
e = int(sha256(pL), 16)
w = inverse(s, self.order)
u1 = self.mul_mod_order(e, w)
u2 = self.mul_mod_order(r, w)
verification_point = u1 * self.Gen + u2 * pub_point
if self.verify_point(verification_point) is not True:
return False
if r == (verification_point.x * ECurve.IntMod(
inverse(verification_point.z.value, self.p0 + self.p1))).value:
return True
else:
return False
temp_filename = "keys/public/voter" + str(c) + ".public"
try:
with open(temp_filename ): pass
except IOError:
break
c += 1
c -= 1
voter_id = -1
while voter_id < 1 or voter_id > c:
voter_id = int(raw_input("What is your voter number (1 - " + str(c) + ")? "))
temp = RSA.importKey(open("keys/public/voter" + str(voter_id) + ".public", "r").read())
temp_hash = sha.sha256(str(temp.n))
crypto_dictionary = {
"client_nonces" : { temp_hash : False } ,
"server_nonces" : { temp_hash : "0" } , # Default Server Nonce to begin with
"rsa_user_public_keys" : { temp_hash: [ temp, False ] } ,
"rsa_user_private_key" : RSA.importKey(open("keys/private/voter" + str(voter_id) + ".private", "r").read()) ,
"rsa_server_public_key" : { temp_hash : [ RSA.importKey(open("keys/public/server.public", "r").read()), False ] } ,
"homomorphic_public_key" : paillier.PAILLIER_Public("keys/public/homomorphic.public"),
"aes_session_keys" : { temp_hash : False },
"client_aes_id" : False ,
"rsa_user_public_key_hash" : temp_hash ,
"candidates": False
}
################## Handshake ####################
open("public.txt" , "w").close()
open("votes.txt" , "w").close()
# Open public keys
c = 1
registered_voters_public_keys = {}
while True:
temp_filename = "keys/public/voter" + str(c) + ".public"
try:
with open(temp_filename ): pass
except IOError:
break
temp_key = RSA.importKey(open(temp_filename , "r").read())
temp_hash = sha.sha256(str(temp_key.n))
registered_voters_public_keys[temp_hash] = [ temp_key, False ]
c += 1
if GLOBAL_VERBOSE:
print "RSA Public Key Hash Dictionary:"
print registered_voters_public_keys
print "\n\n"
candidates = {}
Base = util.ballot_base(len(registered_voters_public_keys))
for i in range(len(util.candidates_list)):
candidates[int(2 ** (Base * i))] = util.candidates_list[i]
if GLOBAL_VERBOSE:
print "Candidates Dictionary:"
def pack_handshake_general(message, crypto_dict, machine, verbose = False): if machine == "client": updated_nonce = "client_nonces" required_rsa_sign_key = "rsa_user_private_key" required_rsa_encrypt_key = "rsa_server_public_key" else: updated_nonce = "server_nonces" required_rsa_sign_key = "rsa_server_private_key" required_rsa_encrypt_key = "rsa_user_public_keys" # Update nonce try: crypto_dict[updated_nonce][crypto_dict["rsa_user_public_key_hash"]] = str(rand.rand_byte(32))[:32] except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rand ]: " + str(inst)] debug(verbose, updated_nonce, crypto_dict[updated_nonce][crypto_dict["rsa_user_public_key_hash"]]) # Compile message nonced_message = message + "," + crypto_dict["client_nonces"][crypto_dict["rsa_user_public_key_hash"]] + "," + crypto_dict["server_nonces"][crypto_dict["rsa_user_public_key_hash"]] + "," # Padding nonced_message to length of 128 while len(nonced_message) < padding_length: nonced_message += "." debug(verbose, "nonced_message", nonced_message) # Hash message try: message_hash = sha.sha256(nonced_message) hashed_message = nonced_message + "|" + message_hash except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> sha.sha256 ]: " + str(inst)] debug(verbose, "hashed_message", hashed_message) # Sign message try: message_signature = str(rsa.sign(crypto_dict[required_rsa_sign_key], message_hash)) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rsa.sign ]: " + str(inst)] # Encode signature and append try: signed_message = hashed_message + "|" + base64.b64encode(message_signature) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64encode (signature) ]: " + str(inst)] debug(verbose, "signed_message", signed_message) num_message_parts = int(math.ceil( len(signed_message) / 256 )) + 1 if verbose: print debug_spacing + "Debug: Signed message must be split into " + str(num_message_parts) + " messages." # Encrypt message try: rsa_encrypted_messages = [] for i in range(0, num_message_parts): rsa_encrypted_messages.append(str(rsa.encrypt(crypto_dict[required_rsa_encrypt_key][crypto_dict["rsa_user_public_key_hash"]][0], signed_message[ (i * 256) : (i + 1) * 256 ]))) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rsa.encrypt ]: " + str(inst)] # Encode message try: encoded_messages = [] for rsa_encrypted_message in rsa_encrypted_messages: encoded_messages.append(base64.b64encode(rsa_encrypted_message)) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64encode ]: " + str(inst)] encoded_message = "" for i in range(len(encoded_messages)): debug(verbose, "encoded_message ( Part " + str( i + 1 ) + " )", encoded_messages[i]) encoded_message += encoded_messages[i] + "|" encoded_message = encoded_message[:-1] debug(verbose, "encoded_message" , encoded_message) if verbose: print "\n" return [True, encoded_message]
def unpack_message_general(encoded_message, crypto_dict, machine, verbose = False):
if machine == "client":
verify_nonce = "client_nonces"
updated_nonce = "server_nonces"
required_rsa_key = "rsa_server_public_key"
else:
verify_nonce = "server_nonces"
updated_nonce = "client_nonces"
required_rsa_key = "rsa_user_public_keys"
debug(verbose, "encoded_message", encoded_message)
if machine != "client":
# Strip User ID
encoded_message = encoded_message.split(".")
user_id = encoded_message[0]
encoded_message = encoded_message[1]
debug(verbose, "aes_session_id", user_id)
# Decode message
try:
decoded_message = base64.b64decode(encoded_message)
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64decode (encrypt) ]: " + str(inst)]
if machine != "client":
crypto_dict["rsa_user_public_key_hash"] = None
for key in crypto_dict["aes_session_ids"]:
value = crypto_dict["aes_session_ids"][key]
if value == user_id:
crypto_dict["rsa_user_public_key_hash"] = key
break
if crypto_dict["rsa_user_public_key_hash"] == None:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: User ID invalid"]
# Decrypt message
try:
key = crypto_dict["aes_session_keys"][crypto_dict["rsa_user_public_key_hash"]]
debug(verbose, "key", key)
aes_decrypted_message = str(aes.aes_decrypt(key, decoded_message))
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> aes.decrypt ]: " + str(inst)]
debug(verbose, "aes_decrypted_message", aes_decrypted_message)
# Message Parsing
try:
rdmSplit = aes_decrypted_message.split("|")
message_content, message_hash, message_signature = rdmSplit[0], rdmSplit[1], rdmSplit[2]
# Remove any AES padding from signature
message_signature = message_signature.strip(".")
debug(verbose, "message_content", message_content)
debug(verbose, "message_hash", message_hash)
debug(verbose, "message_signature", message_signature)
mcSplit = message_content.split(",")
message, client_nonce, server_nonce = mcSplit[0], mcSplit[1], mcSplit[2]
debug(verbose, "message", message)
debug(verbose, "client_nonce", client_nonce)
debug(verbose, "server_nonce", server_nonce)
if machine != "client":
temp = message.split(";")
temp = temp[1]
crypto_dict["rsa_user_public_key"] = crypto_dict["rsa_user_public_keys"][temp][0]
if crypto_dict["rsa_user_public_keys"][temp][1]:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: user hash already voted"]
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> Message Parsing ]: " + str(inst)]
# Decode signature
try:
message_signature_decoded = base64.b64decode(message_signature)
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64decode (signature) ]: " + str(inst)]
# Verify Signature
try:
if str(rsa.unsign(crypto_dict[required_rsa_key][crypto_dict["rsa_user_public_key_hash"]][0], message_signature_decoded)) != message_hash:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: signature verification failed"]
elif verbose:
print debug_spacing + "Debug [ " + str(inspect.stack()[0][3]) + " ]: signature verification passed"
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rsa.unsign (Signature Verification) ]: " + str(inst)]
# Verify Hash
try:
if str(sha.sha256(message_content)) != message_hash:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: hash verification failed"]
elif verbose:
print debug_spacing + "Debug [ " + str(inspect.stack()[0][3]) + " ]: hash verification passed"
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> sha.sha256 (Hash Verification) ]: " + str(inst)]
# Verify Nonce
if machine == "client":
nonce = client_nonce
nonce_updated = server_nonce
else:
nonce = server_nonce
nonce_updated = client_nonce
if nonce != crypto_dict[verify_nonce][crypto_dict["rsa_user_public_key_hash"]]:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: nonce verification failed"]
elif verbose:
print debug_spacing + "Debug [ " + str(inspect.stack()[0][3]) + " ]: nonce verification passed"
# Upadte crypto_dictionary
crypto_dict[updated_nonce][crypto_dict["rsa_user_public_key_hash"]] = nonce_updated
if verbose:
print "\n"
if machine == "client":
return [True, message]
else:
try:
encoded_public_key = base64.b64encode(crypto_dict[required_rsa_key][crypto_dict["rsa_user_public_key_hash"]][0].publickey().exportKey("PEM"))
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64encode (Public Key) ]: " + str(inst)]
return [True, [encoded_public_key, message, base64.b64encode(message_signature)]]
def pack_message_general(message, crypto_dict, machine, verbose = False): if machine == "client": updated_nonce = "client_nonces" required_rsa_key = "rsa_user_private_key" else: updated_nonce = "server_nonces" required_rsa_key = "rsa_server_private_key" # Update machine's nonce try: crypto_dict[updated_nonce][crypto_dict["rsa_user_public_key_hash"]] = str(rand.rand_byte(32))[:32] except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rand ]: " + str(inst)] debug(verbose, updated_nonce, crypto_dict[updated_nonce][crypto_dict["rsa_user_public_key_hash"]]) # Compile message nonced_message = message + "," + crypto_dict["client_nonces"][crypto_dict["rsa_user_public_key_hash"]] + "," + crypto_dict["server_nonces"][crypto_dict["rsa_user_public_key_hash"]] + "," # Padding nonced_message to length of 128 while len(nonced_message) < padding_length: nonced_message += "." debug(verbose, "nonced_message", nonced_message) # Hash message try: message_hash = sha.sha256(nonced_message) hashed_message = nonced_message + "|" + message_hash except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> sha.sha256 ]: " + str(inst)] debug(verbose, "hashed_message", hashed_message) # Sign message try: message_signature = str(rsa.sign(crypto_dict[required_rsa_key], message_hash)) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rsa.sign ]: " + str(inst)] # Encode signature and append try: signed_message = hashed_message + "|" + base64.b64encode(message_signature) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64encode (signature) ]: " + str(inst)] # Padding signed_message to length of 128 (AES encryption needs message to be a length of multiple 16) while len(signed_message) % 16 != 0: signed_message += "." debug(verbose, "signed_message", signed_message) # Encrypt message try: key = crypto_dict["aes_session_keys"][crypto_dict["rsa_user_public_key_hash"]] debug(verbose, "key", key) aes_encrypted_message = str(aes.aes_encrypt(key, signed_message)) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> aes.aes_encrypt ]: " + str(inst)] # Encode message try: encoded_message = base64.b64encode(aes_encrypted_message) except Exception as inst: return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64encode (encrypt) ]: " + str(inst)] debug(verbose, "encoded_message", encoded_message) if verbose: print "\n" return [True, encoded_message]
def unpack_handshake_general(encoded_message, crypto_dict, machine, verbose = False):
if machine == "client":
required_rsa_decrypt_key = "rsa_user_private_key"
required_rsa_verify_key = "rsa_server_public_key"
else:
required_rsa_decrypt_key = "rsa_server_private_key"
required_rsa_verify_key = "rsa_user_public_keys"
debug(verbose, "encoded_message", encoded_message)
# Split messages
encoded_messages = encoded_message.split("|")
# Decode message
try:
decoded_messages = []
for encoded_message in encoded_messages:
decoded_messages.append(base64.b64decode(encoded_message))
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64decode (encrypt) ]: " + str(inst)]
# Decrypt message
try:
rsa_decrypted_message = ""
for decoded_message in decoded_messages:
rsa_decrypted_message += str(rsa.decrypt(crypto_dict[required_rsa_decrypt_key], decoded_message))
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rsa.decrypt ]: " + str(inst)]
debug(verbose, "rsa_decrypted_message", rsa_decrypted_message)
# Message Parsing
try:
rdmSplit = rsa_decrypted_message.split("|")
message_content, message_hash, message_signature = rdmSplit[0], rdmSplit[1], rdmSplit[2]
debug(verbose, "message_content", message_content)
debug(verbose, "message_hash", message_hash)
debug(verbose, "message_signature", message_signature)
mcSplit = message_content.split(",")
message, client_nonce, server_nonce = mcSplit[0], mcSplit[1], mcSplit[2]
debug(verbose, "message", message)
debug(verbose, "client_nonce", client_nonce)
debug(verbose, "server_nonce", server_nonce)
if machine != "client":
temp = message.split(";")
crypto_dict["rsa_user_public_key_hash"] = temp[1]
debug(verbose, "rsa_user_public_key_hash", crypto_dict["rsa_user_public_key_hash"])
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> Message Parsing ]: " + str(inst)]
# Decode signature
try:
message_signature = base64.b64decode(message_signature)
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> base64.b64decode (signature) ]: " + str(inst)]
# Verify Signature
try:
if str(rsa.unsign(crypto_dict[required_rsa_verify_key][crypto_dict["rsa_user_public_key_hash"]][0], message_signature)) != message_hash:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: signature verification failed"]
elif verbose:
print debug_spacing + "Debug [ " + str(inspect.stack()[0][3]) + " ]: signature verification passed"
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> rsa.unsign (Signature Verification) ]: " + str(inst)]
# Verify Hash
try:
if str(sha.sha256(message_content)) != message_hash:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: hash verification failed"]
elif verbose:
print debug_spacing + "Debug [ " + str(inspect.stack()[0][3]) + " ]: hash verification passed"
except Exception as inst:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " -> sha.sha256 (Hash Verification) ]: " + str(inst)]
# Verify Nonce
if machine == "client":
if client_nonce != crypto_dict["client_nonces"][crypto_dict["rsa_user_public_key_hash"]]:
return [False, "Error [ " + str(inspect.stack()[0][3]) + " ]: nonce verification failed"]
elif verbose:
print debug_spacing + "Debug [ " + str(inspect.stack()[0][3]) + " ]: nonce verification passed"
# Upadte crypto_dictionary
crypto_dict["server_nonces"][crypto_dict["rsa_user_public_key_hash"]] = server_nonce
else:
# Upadte crypto_dictionary
crypto_dict["client_nonces"][crypto_dict["rsa_user_public_key_hash"]] = client_nonce
if verbose:
print "\n"
return [True, message]
