Example #1
    def verify_fake_set(self, fake_indices, fake_blinds):
        Verify that fake blinds correspond to the fake values.

            fake_indices (list): An integer list that indicates the indices of the
                                 fake puzzles.
            fake_blinds (list): The fake values that were used to generate the
                                fake puzzles.
                                Have to be of same size as rsa key.

            The keys used to encrypt the fake puzzles
            if the fake_blinds^pk == fake puzzles, or None.
        if len(fake_indices) != len(fake_blinds) or len(fake_blinds) != self.n:
            return None

        for i in range(self.n):
            if len(fake_blinds[i]) != self.key.size:
                return None

            r = self.key.setup_blinding(fake_blinds[i])
            temp = BNToBin(r.bn_A, self.key.size)
            if BNToBin(r.bn_A, self.key.size) != self.puzzles[fake_indices[i]]:
                return None

        return [self.keys[x] for x in fake_indices]
Example #2
    def verify_fake_set(self, fake_indices, fake_blinds):
        if len(fake_indices) != len(fake_blinds) or len(fake_blinds) != self.n:
            return None

        for i in range(self.n):
            if len(fake_blinds[i]) != self.key.size:
                return None

            r = self.key.setup_blinding(fake_blinds[i])
            temp = BNToBin(r.bn_A, self.key.size)
            if BNToBin(r.bn_A, self.key.size) != self.puzzles[fake_indices[i]]:
                return None

        return [self.keys[x] for x in fake_indices]
Example #3
    def serialize_sig(self, sig):
        Takes in a signature in DER format and returns a byte
        string of R + S that should be 64 bytes in length

        sig_struct = ECDSA_SIG_st()
        p_sig_struct = ctypes.byref(ctypes.pointer(sig_struct))
        p_sig = ctypes.byref(ctypes.c_char_p(sig))
        _ssl.d2i_ECDSA_SIG(p_sig_struct, p_sig, len(sig))

        r = BNToBin(sig_struct.r, 32)
        s = BNToBin(sig_struct.s, 32)

        return r + s
Example #4
    def revert_blind(self, msg, blind):
        Removes a blind r from the message.

            msg (bytes): A blinded message.
            blind: The blind that was used on the msg. instance of Blind

            A byte string of the unblinded msg on success, None otherwise

        if len(msg) != self.size or blind is None:
            return None

        ctx = _ssl.BN_CTX_new()
        f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())

        if _ssl.BN_mod_mul(f, f, blind.bn_ri, self.bn_n, ctx) != 1:
            logging.debug('Failed to unblind msg')
            return None

        unblinded_msg = BNToBin(f, self.size)

        # Cleanup

        return unblinded_msg
Example #5
    def blind(self, msg, blind):
        Blinds a msg.

            msg (bytes): Message to be blinded.
            blind: The blind that was used on the msg. instance of Blind

            A byte string of the blinded msg on success, None otherwise

        if len(msg) != self.size or blind is None:
            return None

        ctx = _ssl.BN_CTX_new()
        f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())

        if _ssl.BN_mod_mul(f, f, blind.bn_A, self.bn_n, ctx) != 1:
            logging.debug('Failed to blind msg')
            return None

        blinded_msg = BNToBin(f, self.size)

        # Free
        return blinded_msg
Example #6
    def unblind(self, msg, blind):
        Unblinds a msg.

            msg: A string - a blinded message.
               len(msg) must equal self.size
            blind: The blind that was used on the msg. instance of Blind

            A byte string of the unblinded msg on success, None otherwise

        if (len(msg) != self.size or blind is None):
            return None

        ctx = _ssl.BN_CTX_new()
        f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())

        if _ssl.BN_mod_mul(f, f, blind.bn_Ai, self.bn_n, ctx) != 1:
            logging.debug("Failed to unblind msg")
            return None

        unblinded_msg = BNToBin(f, self.size)

        # Cleanup

        return unblinded_msg
Example #7
def get_random(bits, mod=None):
    Returns a random byte string of size `bits`/8 bytes.

        bits (int): The number of bits the random string should have.
        mod (:obj:`ctypes.c_void_p`, optional): A pointer to a BN instance
        A byte strings of length `bits`/8 or None if an error occured
        If mod is set the random byte string will have a value < mod
    ctx = _ssl.BN_CTX_new()
    r = _ssl.BN_CTX_get(ctx)
    ret = _ssl.BN_CTX_get(ctx)

    if mod:
        if _ssl.BN_rand_range(r, mod) == 0:
            logging.debug("get_random: failed to generate random number")
            return None

        while _ssl.BN_gcd(ret, r, mod, ctx) != 1:
            logging.debug("R is not a relative prime")
            if _ssl.BN_rand_range(r, mod) == 0:
                logging.debug("get_random: failed to generate random number")
                return None

        if _ssl.BN_rand(r, bits, 0, 1) == 0:
            logging.debug("get_random: failed to generate random number")
            return None

    rand = BNToBin(r, bits // 8)


    return rand
Example #8
    def multiply(self, z1, q2):
        """ Computes `z1` * `q2^e` mod `n`

        `e` is the rsa key public exponent
        `n` is the rsa key modulus

            A byte string representing the result of the computation

        # Convert to BN
        z1_bn = BinToBN(z1)
        q2_bn = BinToBN(q2)

        # Prep context
        ctx = _ssl.BN_CTX_new()

        # Get q2 ^ e
        ret = _ssl.BN_mod_exp(q2_bn, q2_bn, self.rsa_key.bn_e,
                              self.rsa_key.bn_n, ctx)
        if ret != 1:
            return None

        # Multiply z1 *  (q2 ^ e) mod n
        ret = _ssl.BN_mod_mul(z1_bn, z1_bn, q2_bn, self.rsa_key.bn_n, ctx)
        if ret != 1:
            return None

        result = BNToBin(z1_bn, self.rsa_key.size)


        return result
Example #9
    def prepare_puzzle_set(self, puzzle):
        bits = self.key.size * 8

        # Prepare reals
        reals = []
        self.real_blinds = []
        for i in range(self.m):
            r = self.compute_rand(bits)
            blind = self.key.setup_blinding(r)
            blinded_val = self.key.blind(self.puzzle, blind)
            if blinded_val is None:
                return None
            reals += [blinded_val]
            self.real_blinds += [r]

        # Prepare fakes
        fakes = []
        self.fake_blinds = []
        for i in range(self.n):
            r = self.compute_rand(bits)
            blind = self.key.setup_blinding(r)
            if blind is None:
                return None
            fakes += [BNToBin(blind.bn_A, self.key.size)]
            self.fake_blinds += [r]

        # Create Shuffled puzzle set
        self.puzzle_set = fakes[:]
        self.puzzle_set += reals

        # Record indices
        self.R = [self.puzzle_set.index(x) for x in reals]
        self.F = [self.puzzle_set.index(x) for x in fakes]

        return self.puzzle_set
Example #10
    def get_quotient(self, q1, q2):
        """ Computes (`q2` / `q1`) mod `n`

        `n` is the rsa key modulus

            A byte string representing the result of the computation

        # Convert to BN
        q1_bn = BinToBN(q1)
        q2_bn = BinToBN(q2)

        if q1_bn is None or q2_bn is None:
            return None

        # Prep context
        ctx = _ssl.BN_CTX_new()

        # Invert q1
        _ssl.BN_mod_inverse(q1_bn, q1_bn, self.rsa_key.bn_n, ctx)

        # Multiplty q2 * (q1)^-1
        ret = _ssl.BN_mod_mul(q1_bn, q1_bn, q2_bn, self.rsa_key.bn_n, ctx)
        if ret != 1:
            return None

        quotient = BNToBin(q1_bn, self.rsa_key.size)


        return quotient