def tx_content(self, tx): if tx[-256:-192] == self.public_key_hex: tx_type = tx[:2] logging.debug(f"{tx_type}") peer_pub_key = tx[-192:-128] try: user = self.pub_keys[peer_pub_key] except KeyError: self.save_key(peer_pub_key) user = self.pub_keys[peer_pub_key] logging.debug(f"user: {user}") if tx_type == "00": logging.debug("som v 00") dh_peer_key = X25519PublicKey.from_public_bytes( bytes.fromhex(tx[2:66])) shared_key = self.dh_private_key.exchange(dh_peer_key) derived_key = HKDF( algorithm=SHA256(), length=32, salt=None, info=b'blockchain', backend=backend, ).derive(shared_key) if user[1] == "no": #mozno by som nemal prijimat tx pocas syncovania self.send_message("send", cargo=["", peer_pub_key, "00"]) self.pub_keys[peer_pub_key][1] = derived_key.hex() logging.debug("posuvam do edit key files") self.edit_key_file(peer_pub_key, derived_key.hex(), 2) #musim kukat aj tx od seba ktore nemam elif tx_type == "01": nonce = bytes.fromhex(tx[2:34]) msg_size = int(tx[34:38], 16) * 2 msg = bytes.fromhex(tx[38:msg_size + 38]) if user[1] == "no" or user[1] == "sent": if user[0] == "__unknown" and user[1] == "no": self.del_pub_key(peer_pub_key) del self.pub_keys[peer_pub_key] print("sifrovana sprava ale neprebehla vymena klucov") return False encryption_key = bytes.fromhex(user[1]) algorithm = ChaCha20(encryption_key, nonce) cipher = Cipher(algorithm, mode=None, backend=backend) decryptor = cipher.decryptor() msg = decryptor.update(msg) msg = msg.decode("utf-8") print(f"e {user[0]}: {msg}") elif tx_type == "02": msg_size = int(tx[2:6], 16) * 2 msg = bytes.fromhex(tx[6:msg_size + 6]).decode("utf-8") print(f"{user[0]}: {msg}")
class ECDH: def __init__(self): #default curve is secp256r1 self.ecc_curve = NIST256p self.prv_key = SigningKey.generate(curve=self.ecc_curve) self.pub_key = self.prv_key.get_verifying_key() logging.info('N2 public key:') logging.info(self.pub_key.to_string()) logging.info("N2 public key size: ") logging.info(len(self.pub_key.to_string())) self.private_key = load_pem_private_key(self.prv_key.to_pem(), password=None, backend=default_backend()) self.public_key = load_pem_public_key(self.pub_key.to_pem(), backend=default_backend()) self.derived_key = None def encrypt(self, public_key, salt): logging.info('N1 public key') logging.info(public_key) pk = load_pem_public_key(VerifyingKey.from_string( public_key, curve=self.ecc_curve).to_pem(), backend=default_backend()) shared_key = self.private_key.exchange(ec.ECDH(), pk) logging.info('Shared Key:') logging.info(shared_key.hex()) logging.info('Salt:') logging.info(salt.hex()) self.derived_key = HKDF(algorithm=hashes.SHA256(), length=16, salt=salt, info=None, backend=default_backend()).derive(shared_key) logging.info('Symmetric Key:') logging.info(self.derived_key.hex())
def keyGenerate(): global count count += 1 private_key = Ed25519PrivateKey.generate() private_bytes = private_key.private_bytes( encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption()) public_key = private_key.public_key() public_bytes = public_key.public_bytes( encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw) tmpnid = hashlib.sha256() tmpnid.update(public_bytes) nid = HKDF(algorithm=hashes.SHA256(), length=16, salt=None, info=None).derive(tmpnid.digest()) print("私钥" + str(count), private_bytes, len(private_bytes)) print("公钥" + str(count), public_bytes, len(public_bytes)) print("nid", nid.hex()) return private_key, private_bytes, public_key, public_bytes, nid.hex()
def x25519_key_derive(private, peer): peer_public = X25519PublicKey.from_public_bytes( bytes.fromhex(peer.strip())) shared = private.exchange(peer_public) derived_key = HKDF( algorithm=hashes.SHA256(), length=32, salt=b'', info=b'exchange', backend=default_backend() ).derive(shared) return derived_key.hex().strip()
print("%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%") print("Shared Secret between Alice and Bob : ") print("------------------------------------------------") print("\t - Shared Key compute by Alice : ", Alice_Shared_Key.hex()) print("\t - Shared Key compute by Bob : ", Bob_Shared_Key.hex()) # Perform key derivation with Alice_Shared_Key. Alice_Derived_Key = HKDF( algorithm=hashes.SHA256(), length=32, salt=None, info=b'handshake data', backend=default_backend(), ).derive(Alice_Shared_Key) # Perform key derivation with Bob_Shared_Key. Bob_Derived_Key = HKDF( algorithm=hashes.SHA256(), length=32, salt=None, info=b'handshake data', backend=default_backend(), ).derive(Bob_Shared_Key) # Display Key Derivation print("%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%") print("Key Derivation of Alice and Bob : ") print("------------------------------------------------") print("\t - Key Derivation with Alice_Shared_Key : ", Alice_Derived_Key.hex()) print("\t - Key Derivation with Bob_Shared_Key : ", Bob_Derived_Key.hex())
# devices = scanner.scan(10.0) # # for dev in devices: # print("Device %s (%s), RSSI=%d dB" % (dev.addr, dev.addrType, dev.rssi)) # for (adtype, desc, value) in dev.getScanData(): # print(" %s = %s" % (desc, value)) private_key = ec.generate_private_key(ec.SECP256R1(), default_backend()) public_key = private_key.public_key() shared_key = private_key.exchange(ec.ECDH(), public_key) print(" shared key :", shared_key.hex()) derived_key = HKDF(algorithm=hashes.SHA256(), length=64, salt=None, info=b'mible-setup-info', backend=default_backend()).derive(shared_key) print("derived key :", derived_key.hex()) token = derived_key[0:12] bind_key = derived_key[12:28] A = derived_key[28:44] print(" token :", token.hex()) print(" bind_key :", bind_key.hex()) print(" A :", A.hex()) aesccm = AESCCM(A) nonce = bytearray([16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27]) did = "blt.3.129vl4ap05o01".encode() aad = "devID".encode() did_ct = aesccm.encrypt(nonce, did, aad) print(" AES did :", did_ct.hex())
def tx_content(self, tx): sender = False if tx[-192:-128] == self.public_key_hex: sender = True if tx[-256:-192] == self.public_key_hex or sender: tx_type = tx[:2] logging.debug(f"{tx_type}") if sender: peer_pub_key = tx[-256:-192] else: peer_pub_key = tx[-192:-128] timestamp = int(tx[-264:-256], 16) try: user = self.pub_keys[peer_pub_key] except KeyError: self.save_key(peer_pub_key) user = self.pub_keys[peer_pub_key] self.c_m.execute(f"""CREATE TABLE '{peer_pub_key}' ( timestamp INTEGER, message TEXT, sender INTEGER, encryption INTEGER) """) init_msg = "Komunikácia bola zahájená druhou stranou, ešte nemôžeš posielať šifrované správy" self.c_m.execute( f"INSERT INTO '{peer_pub_key}' VALUES (?,?,?,?);", (int(time()), init_msg, 3, 1)) self.conn_m.commit() logging.debug(f"user: {user}") if tx_type == "00": if sender: if user[1] == "no": user[1] = "sent" return logging.debug("som v 00") dh_peer_key = X25519PublicKey.from_public_bytes( bytes.fromhex(tx[2:66])) shared_key = self.dh_private_key.exchange(dh_peer_key) derived_key = HKDF( algorithm=SHA256(), length=32, salt=None, info=b'blockchain', backend=backend, ).derive(shared_key) if user[1] == "no": #mozno by som nemal prijimat tx pocas syncovania self.send_message("send", cargo=["", peer_pub_key, "00"]) self.pub_keys[peer_pub_key][1] = derived_key.hex() logging.debug("posuvam do edit key files") self.edit_key_file(peer_pub_key, derived_key.hex(), 2) #musim kukat aj tx od seba ktore nemam exchange_msg = "Výmena kľúčov prebehla úspešne odteraz môžeš správy posielať šifrované" self.c_m.execute( f"INSERT INTO '{peer_pub_key}' VALUES (?,?,?,?);", (timestamp, exchange_msg, 3, 1)) self.conn_m.commit() self.ui_in.put([ "new", [timestamp, exchange_msg, "Info", 1, peer_pub_key] ]) return elif tx_type == "01": nonce = bytes.fromhex(tx[2:34]) msg_size = int(tx[34:38], 16) * 2 msg = bytes.fromhex(tx[38:msg_size + 38]) if user[1] == "no" or user[1] == "sent": if user[0] == "__unknown" and user[ 1] == "no" and not sender: self.del_pub_key(peer_pub_key) del self.pub_keys[peer_pub_key] print("sifrovana sprava ale neprebehla vymena klucov") return False encryption_key = bytes.fromhex(user[1]) algorithm = ChaCha20(encryption_key, nonce) cipher = Cipher(algorithm, mode=None, backend=backend) decryptor = cipher.decryptor() msg = decryptor.update(msg) msg = msg.decode("utf-8") print(f"{user[0]}: {msg}") elif tx_type == "02": msg_size = int(tx[2:6], 16) * 2 msg = bytes.fromhex(tx[6:msg_size + 6]).decode("utf-8") print(f"{user[0]}: {msg}") msg_sender = 0 name = user[0] if sender: msg_sender = 1 name = "Me" self.c_m.execute( f"INSERT INTO '{peer_pub_key}' VALUES (?,?,?,?);", (timestamp, msg, msg_sender, int(not int(tx_type) - 1))) self.conn_m.commit() self.ui_in.put([ "new", [timestamp, msg, user[0], not int(tx_type) - 1, peer_pub_key] ])
def checkNidPublickey(nid, public_key_bytes): calcnid = HKDF(algorithm=hashes.SHA256(), length=16, salt=None, info=None).derive(public_key_bytes) return nid == calcnid.hex()