def invertGalois2(toInv: object):
"""
Invert given {array of bits, bytes, int} in GF()
! You need to initialize the Galois_Field before !
! You need to have a dictionary file available !
Output: bytes
"""
d = int(config.DEGREE / 8)
toInv = bm.multitype_to_bytes(toInv)
if config.GALOIS_WATCH or config.IN_CREATION:
config.WATCH_INVERSION_NUMBER += 1
exTime = time.time()
# A(x) . A(x)^-1 congruent to 1 mod P(x)
# where P(x) irreductible polynomial of given degree
# A ^ p^n - 2 = inverted
inv = poly_exp_mod_2(bm.bytes_to_int(toInv), config.NBR_ELEMENTS - 2,
config.IRRED_POLYNOMIAL)
inv = inv.to_bytes(bm.bytes_needed(inv), "big")
config.WATCH_GLOBAL_INVERSION += time.time() - exTime
else:
inv = config.INVERSIONS_BOX[bm.bytes_to_int(toInv)]
return bm.fill_byte(inv, d)
def IV(arr, key="y/B?E(H+MbQeThVm".encode()):
"""
The IV must, in addition to being unique, be unpredictable at encryption time.
Return a 8 bytes array.
"""
# Select a random encrypted message as initial vector to transform.
import secrets as sr
r1 = sr.randbelow(len(arr))
r2 = sr.randbits(8)
message = bm.bytes_to_int(arr[r1]) ^ r2
message = bm.multitype_to_bytes(message)
# Let's use the principle of hmac
# The basic idea is to concatenate the key and the message, and hash them together.
# https://pymotw.com/3/hmac/
import hmac
import hashlib
# Default algorithm for hmac is MD5, interaction is not the most secure
# so let's use SHA-1
digest_maker = hmac.new(key, message, hashlib.sha1)
digest = digest_maker.hexdigest()
return bytearray(bytes.fromhex(digest)[:8])
def signing(M: bytes,
privateK: tuple = None,
saving: bool = False,
Verbose: bool = False):
"""
Signing a message M (bytes).
"""
from ..hashbased import hashFunctions as hashF
# y choosed randomly between 1 and p-2 with condition than y coprime to p-1
if not privateK:
privateK = it.extractKeyFromFile("private_key")
p, g, x = privateK
size = it.getKeySize(privateK)
# M = bm.fileToBytes(M)
# M = "Blablabla".encode()
if Verbose: print("Hashing in progress...")
hm = hashF.sponge(M, size)
# #base64 to int
hm = bm.bytes_to_int(bm.multitype_to_bytes(hm))
if Verbose: print("Hashing done.\n")
import random as rd
p1 = p - 1
k = rd.randrange(2, p - 2)
while not ut.coprime(k, p1):
k = rd.randrange(2, p - 2)
if Verbose: print(f"Your secret integer is: {k}")
s1 = ut.square_and_multiply(g, k, p)
from ressources.multGroup import inv
s2 = (multGroup.inv(k, p1) * (hm - x * s1)) % p1
# In the unlikely event that s2 = 0 start again with a different random k.
if s2 == 0:
if Verbose: print(f"Unlikely, s2 is equal to 0. Restart signing...")
signing(M, privateK, saving, Verbose)
else:
sign = (s1, s2)
if saving:
sign = it.writeKeytoFile(sign, "elG_signature")
return sign
def pad(N, r):
iN = bm.bytes_to_int(N)
lN = int.bit_length(iN)
# Number of 0 to add
b = (r - ((lN + 3) % r)) % r
# Padding using the SHA-3 pattern 10*1: a 1 bit, followed by zero or more 0 bits (maximum r − 1) and a final 1 bit.
op = ((iN | (1 << b + lN + 1)) << 1) ^ 1
return bm.multitype_to_bytes(op)
def encrypt(M: bytes, publicKey, saving: bool = False):
assert isinstance(M, bytes) or isinstance(M, bytearray)
p, g, h = publicKey
def process_of_c1_c2(m):
y = rd.randrange(1, p - 1)
# shared secret -> g^xy
c1 = ut.square_and_multiply(g, y, p)
s = ut.square_and_multiply(h, y, p)
c2 = (m * s) % p
return (c1, c2)
Mint = bm.bytes_to_int(M)
if Mint < p:
# That's a short message
m = Mint
e = process_of_c1_c2(m)
else:
# M is a longer message, so it's divided into blocks
# You need to choose a different y for each block to prevent
# from Eve's attacks.
size = (it.getKeySize(publicKey) // 8) - 1
e = [
process_of_c1_c2(bm.bytes_to_int(elt))
for elt in bm.splitBytes(M, size)
]
if saving:
e = it.writeKeytoFile(e, "encrypted", config.DIRECTORY_PROCESSING,
".kat")
return e
def getIntKey(data: bytes, keyNumber: int = 1):
"""
Convert base64 key's into tuples of keyNumber integers.
"""
assert isinstance(data, bytes) or isinstance(data, bytearray)
if isinstance(keyNumber, str):
keyNumber = int(keyNumber)
if keyNumber != 1:
keys = ()
kL = []
for i in range(keyNumber):
kL.append(int.from_bytes(data[i * 2:i * 2 + 2], "big"))
padding = keyNumber * 2
for i, s in enumerate(kL):
keys += (int.from_bytes(data[padding: padding + s], "big"),)
padding = padding + s
else:
keys = bm.bytes_to_int(data)
return keys
def verifying(M: bytes, sign: tuple, publicKey: tuple = None):
"""
Verify given signature of message M with corresponding public key's.
"""
assert isinstance(M, bytes) or isinstance(M, bytearray)
from ..hashbased import hashFunctions as hashF
if not publicKey:
publicKey = it.extractKeyFromFile("public_key")
p, g, h = publicKey
size = it.getKeySize(publicKey)
hm = hashF.sponge(M, size)
hm = bm.bytes_to_int(bm.multitype_to_bytes(hm))
if not isinstance(sign, tuple):
b64data = sign
sign = it.getIntKey(b64data[1:], b64data[0])
s1, s2 = sign
if ((0 < s1 < p) and (0 < s2 < p - 1)):
test1 = (ut.square_and_multiply(h, s1, p) *
ut.square_and_multiply(s1, s2, p)) % p
test2 = ut.square_and_multiply(g, hm, p)
if test1 == test2:
return True
else:
return False
else:
raise ValueError
def md5(block):
'''
Return md5 hash
block: bytearray of data to hash
'''
import math
# Done using the Wikipedia algorithm
def iToB(i):
return int.to_bytes(i, 4, "little")
def p32(a, b):
return (a + b) % (1 << 32)
s = [
7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22,
5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20,
4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23,
6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21
]
K = []
for i in range (64):
K.append((math.floor(2**32 * abs(math.sin(i + 1)))) % (1 << 32))
iN = bm.bytes_to_int(block)
lN = len(block)*8
# Number of 0 to add
b = 512 - ((lN + 1) % 512)
lN = int.from_bytes(lN.to_bytes(8, byteorder='little'), byteorder='big', signed=False)
iN = (((iN << 1) | 1) << b) ^ lN
block = bm.multitype_to_bytes(iN)
b512 = bm.splitBytes(block, 64)
h1 = 0x67452301
h2 = 0xEFCDAB89
h3 = 0x98BADCFE
h4 = 0x10325476
for b5 in b512:
blocks = bm.splitBytes(b5, 4)
A = h1
B = h2
C = h3
D = h4
for i in range(64):
if i <= 15:
F = (B & C) | (~B & D)
g = i
elif i <= 31:
F = (D & B) | (~D & C)
g = (5*i + 1) % 16
elif i <= 47:
F = B ^ C ^ D
g = (3*i + 5) % 16
else:
# C xor (B or (not D))
F = C ^ (B | ~D) % (1 << 32)
g = (7*i) % 16
# F + A + K[i] + M[g]
try:
F = p32(p32(p32(F, A), K[i]), int.from_bytes(blocks[g],"little"))
except IndexError:
print(i, K, blocks[g])
raise Exception('Error')
A = D
D = C
C = B
# B + leftrotate(F, s[i])
B = p32(B, ((F << s[i]) | (F >> (32 - s[i]))))
h1 = p32(A, h1)
h2 = p32(B, h2)
h3 = p32(C, h3)
h4 = p32(D, h4)
return bm.packSplittedBytes([iToB(h1), iToB(h2), iToB(h3), iToB(h4)])