def test_when_dh_secret_is_generated_then_it_matches_on_both_keypairs(self):
keypair1 = ec.make_keypair(self.curve)
keypair2 = ec.make_keypair(self.curve)
self.assertNotEqual(keypair1.priv, keypair2.priv)
self.assertNotEqual(keypair1.pub, keypair2.pub)
ecdh1 = ec.ECDH(keypair1)
ecdh2 = ec.ECDH(keypair2)
self.assertEqual(ecdh1.get_secret(keypair2), ecdh2.get_secret(keypair1))
# Test that secret computation works without priv key
keypair3 = ec.Keypair(self.curve, pub=keypair1.pub)
ecdh3 = ec.ECDH(keypair3)
self.assertEqual(ecdh3.get_secret(keypair2), ecdh2.get_secret(keypair3))
def test_when_no_public_key_is_provided_then_it_is_calculated_from_private_key(
self):
keypair = ec.make_keypair(self.curve)
keys = ec.Keypair(self.curve, keypair.priv)
self.assertEqual(keypair.pub, keys.pub)
self.assertTrue(keys.can_encrypt)
self.assertTrue(keys.can_sign)
def main():
err = 0
if len(sys.argv) > 2:
server = (sys.argv[1], int(sys.argv[2]))
else:
server = ("127.0.0.1", 8443)
# TODO: encapsulate this into a nicer interface
nist256 = ec_reg.get_curve(TLS_SUPPORTED_GROUPS[TLSSupportedGroup.SECP256R1])
keypair = ec.make_keypair(nist256)
ec_pub = tlsk.point_to_ansi_str(keypair.pub)
draft_version = 18
ciphers = [TLSCipherSuite.TLS_AES_256_GCM_SHA384, TLSCipherSuite.TLS_AES_128_GCM_SHA256]
key_share = TLSExtension() / TLSExtKeyShare() / TLSClientHelloKeyShare(client_shares=[TLSKeyShareEntry(named_group=TLSSupportedGroup.SECP256R1,
key_exchange=ec_pub)])
named_groups = TLSExtension() / TLSExtSupportedGroups(named_group_list=[TLSSupportedGroup.SECP256R1,
TLSSupportedGroup.SECP384R1,
TLSSupportedGroup.SECP521R1])
extensions = [TLSExtension() / TLSExtServerNameIndication(server_names=TLSServerName(data=server[0])),
TLSExtension() / TLSExtRenegotiationInfo(),
named_groups,
TLSExtension() / TLSExtECPointsFormat(),
TLSExtension(type=TLSExtensionType.SESSIONTICKET_TLS),
TLSExtension() / TLSExtALPN(),
TLSExtension(type=TLSExtensionType.SIGNED_CERTIFICATE_TIMESTAMP),
key_share,
TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(draft_version)]),
TLSExtension() / TLSExtSignatureAlgorithms()]
with TLSSocket(client=True) as tls_socket:
tls_socket.tls_ctx.client_ctx.shares.append(tlsk.ECDHKeyStore.from_keypair(nist256, keypair))
tls_socket.connect(server)
try:
pkt = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() / TLSClientHello(cipher_suites=ciphers, extensions=extensions)])
r = tls_socket.do_round_trip(pkt)
r.show()
r = tls_socket.do_round_trip(TLSHandshakes(handshakes=[TLSHandshake() / TLSFinished(data=tls_socket.tls_ctx.get_verify_data())]), recv=False)
r = tls_socket.do_round_trip(TLSPlaintext("GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"))
r.show()
except TLSProtocolError as tpe:
print(tpe)
tpe.response.show()
err +=1
finally:
print(tls_socket.tls_ctx)
return err
def main():
err = 0
server = ("api.tidex.com", 443)
# TODO: encapsulate this into a nicer interface
nist256 = ec_reg.get_curve(
TLS_SUPPORTED_GROUPS[TLSSupportedGroup.SECP256R1])
keypair = ec.make_keypair(nist256)
ec_pub = tlsk.point_to_ansi_str(keypair.pub)
draft_version = 18
ciphers = [
TLSCipherSuite.TLS_AES_256_GCM_SHA384,
TLSCipherSuite.TLS_AES_128_GCM_SHA256
]
key_share = TLSExtension() / TLSExtKeyShare() / TLSClientHelloKeyShare(
client_shares=[
TLSKeyShareEntry(named_group=TLSSupportedGroup.SECP256R1,
key_exchange=ec_pub)
])
named_groups = TLSExtension() / TLSExtSupportedGroups(named_group_list=[
TLSSupportedGroup.SECP256R1, TLSSupportedGroup.SECP384R1,
TLSSupportedGroup.SECP521R1
])
extensions = [
TLSExtension() /
TLSExtServerNameIndication(server_names=TLSServerName(data=server[0])),
TLSExtension() / TLSExtRenegotiationInfo(), named_groups,
TLSExtension() / TLSExtECPointsFormat(),
TLSExtension(type=TLSExtensionType.SESSIONTICKET_TLS),
TLSExtension() / TLSExtALPN(),
TLSExtension(type=TLSExtensionType.SIGNED_CERTIFICATE_TIMESTAMP),
key_share,
TLSExtension() /
TLSExtSupportedVersions(versions=[tls_draft_version(draft_version)]),
TLSExtension() / TLSExtSignatureAlgorithms()
]
with TLSSocket(client=True) as tls_socket:
tls_socket.tls_ctx.client_ctx.shares.append(
tlsk.ECDHKeyStore.from_keypair(nist256, keypair))
tls_socket.connect(server)
try:
pkt = TLSRecord() / TLSHandshakes(handshakes=[
TLSHandshake() /
TLSClientHello(cipher_suites=ciphers, extensions=extensions)
])
r = tls_socket.do_round_trip(pkt)
r.show()
r = tls_socket.do_round_trip(TLSHandshakes(handshakes=[
TLSHandshake() /
TLSFinished(data=tls_socket.tls_ctx.get_verify_data())
]),
recv=False)
r = tls_socket.do_round_trip(
TLSPlaintext(
"GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n"
))
r.show()
except TLSProtocolError as tpe:
print(tpe)
tpe.response.show()
err += 1
finally:
print(tls_socket.tls_ctx)
return err
return m
#curve_params = {"p": 0x000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff,
#"a": 0x000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc,
#"b": 0x00000051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00,
#"g": (0x000000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66,
#0x0000011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650),
#"n": 0x000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409,
#"h": 0x1}
#sub_group = ec.SubGroup(curve_params["p"], curve_params["g"], curve_params["n"], curve_params["h"])
#curve = ec.Curve(curve_params["a"], curve_params["b"], sub_group, "mytest")
#curve = registry.get_curve('brainpoolP256r1')
#secp256r1 = nist p-256
curve = registry.get_curve('secp256r1')
keypair = ec.make_keypair(curve)
#m = secrets.randbelow(curve.field.p)
m = secrets.randbelow(0xffffffffffffffffffffffffffffffff)
print("plain-text:\nm: " + hex(m))
print("\nencrypt:")
(y1, y2) = encrypt(curve, keypair.pub, m)
print("\ndecrypt:")
decrypt_m = decrypt(curve, keypair.priv, y1, y2)
def test_when_keypair_is_generated_then_public_key_is_on_curve(self):
keypair = ec.make_keypair(self.curve)
self.assertTrue(1 <= keypair.priv <= self.curve.field.n)
self.assertTrue(self.curve.on_curve(keypair.pub.x, keypair.pub.y))
def test_when_no_public_key_is_provided_then_it_is_calculated_from_private_key(self):
keypair = ec.make_keypair(self.curve)
keys = ec.Keypair(self.curve, keypair.priv)
self.assertEqual(keypair.pub, keys.pub)
self.assertTrue(keys.can_encrypt)
self.assertTrue(keys.can_sign)
