def test_when_dh_secret_is_generated_then_it_matches_on_both_keypairs(self): keypair1 = ec.make_keypair(self.curve) keypair2 = ec.make_keypair(self.curve) self.assertNotEqual(keypair1.priv, keypair2.priv) self.assertNotEqual(keypair1.pub, keypair2.pub) ecdh1 = ec.ECDH(keypair1) ecdh2 = ec.ECDH(keypair2) self.assertEqual(ecdh1.get_secret(keypair2), ecdh2.get_secret(keypair1)) # Test that secret computation works without priv key keypair3 = ec.Keypair(self.curve, pub=keypair1.pub) ecdh3 = ec.ECDH(keypair3) self.assertEqual(ecdh3.get_secret(keypair2), ecdh2.get_secret(keypair3))
def test_when_no_public_key_is_provided_then_it_is_calculated_from_private_key( self): keypair = ec.make_keypair(self.curve) keys = ec.Keypair(self.curve, keypair.priv) self.assertEqual(keypair.pub, keys.pub) self.assertTrue(keys.can_encrypt) self.assertTrue(keys.can_sign)
def main(): err = 0 if len(sys.argv) > 2: server = (sys.argv[1], int(sys.argv[2])) else: server = ("127.0.0.1", 8443) # TODO: encapsulate this into a nicer interface nist256 = ec_reg.get_curve(TLS_SUPPORTED_GROUPS[TLSSupportedGroup.SECP256R1]) keypair = ec.make_keypair(nist256) ec_pub = tlsk.point_to_ansi_str(keypair.pub) draft_version = 18 ciphers = [TLSCipherSuite.TLS_AES_256_GCM_SHA384, TLSCipherSuite.TLS_AES_128_GCM_SHA256] key_share = TLSExtension() / TLSExtKeyShare() / TLSClientHelloKeyShare(client_shares=[TLSKeyShareEntry(named_group=TLSSupportedGroup.SECP256R1, key_exchange=ec_pub)]) named_groups = TLSExtension() / TLSExtSupportedGroups(named_group_list=[TLSSupportedGroup.SECP256R1, TLSSupportedGroup.SECP384R1, TLSSupportedGroup.SECP521R1]) extensions = [TLSExtension() / TLSExtServerNameIndication(server_names=TLSServerName(data=server[0])), TLSExtension() / TLSExtRenegotiationInfo(), named_groups, TLSExtension() / TLSExtECPointsFormat(), TLSExtension(type=TLSExtensionType.SESSIONTICKET_TLS), TLSExtension() / TLSExtALPN(), TLSExtension(type=TLSExtensionType.SIGNED_CERTIFICATE_TIMESTAMP), key_share, TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(draft_version)]), TLSExtension() / TLSExtSignatureAlgorithms()] with TLSSocket(client=True) as tls_socket: tls_socket.tls_ctx.client_ctx.shares.append(tlsk.ECDHKeyStore.from_keypair(nist256, keypair)) tls_socket.connect(server) try: pkt = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() / TLSClientHello(cipher_suites=ciphers, extensions=extensions)]) r = tls_socket.do_round_trip(pkt) r.show() r = tls_socket.do_round_trip(TLSHandshakes(handshakes=[TLSHandshake() / TLSFinished(data=tls_socket.tls_ctx.get_verify_data())]), recv=False) r = tls_socket.do_round_trip(TLSPlaintext("GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n")) r.show() except TLSProtocolError as tpe: print(tpe) tpe.response.show() err +=1 finally: print(tls_socket.tls_ctx) return err
def main(): err = 0 server = ("api.tidex.com", 443) # TODO: encapsulate this into a nicer interface nist256 = ec_reg.get_curve( TLS_SUPPORTED_GROUPS[TLSSupportedGroup.SECP256R1]) keypair = ec.make_keypair(nist256) ec_pub = tlsk.point_to_ansi_str(keypair.pub) draft_version = 18 ciphers = [ TLSCipherSuite.TLS_AES_256_GCM_SHA384, TLSCipherSuite.TLS_AES_128_GCM_SHA256 ] key_share = TLSExtension() / TLSExtKeyShare() / TLSClientHelloKeyShare( client_shares=[ TLSKeyShareEntry(named_group=TLSSupportedGroup.SECP256R1, key_exchange=ec_pub) ]) named_groups = TLSExtension() / TLSExtSupportedGroups(named_group_list=[ TLSSupportedGroup.SECP256R1, TLSSupportedGroup.SECP384R1, TLSSupportedGroup.SECP521R1 ]) extensions = [ TLSExtension() / TLSExtServerNameIndication(server_names=TLSServerName(data=server[0])), TLSExtension() / TLSExtRenegotiationInfo(), named_groups, TLSExtension() / TLSExtECPointsFormat(), TLSExtension(type=TLSExtensionType.SESSIONTICKET_TLS), TLSExtension() / TLSExtALPN(), TLSExtension(type=TLSExtensionType.SIGNED_CERTIFICATE_TIMESTAMP), key_share, TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(draft_version)]), TLSExtension() / TLSExtSignatureAlgorithms() ] with TLSSocket(client=True) as tls_socket: tls_socket.tls_ctx.client_ctx.shares.append( tlsk.ECDHKeyStore.from_keypair(nist256, keypair)) tls_socket.connect(server) try: pkt = TLSRecord() / TLSHandshakes(handshakes=[ TLSHandshake() / TLSClientHello(cipher_suites=ciphers, extensions=extensions) ]) r = tls_socket.do_round_trip(pkt) r.show() r = tls_socket.do_round_trip(TLSHandshakes(handshakes=[ TLSHandshake() / TLSFinished(data=tls_socket.tls_ctx.get_verify_data()) ]), recv=False) r = tls_socket.do_round_trip( TLSPlaintext( "GET /api/3/ticker/eth_btc HTTP/1.1\r\nHost: api.tidex.com\r\nConnection: close\r\n\r\n" )) r.show() except TLSProtocolError as tpe: print(tpe) tpe.response.show() err += 1 finally: print(tls_socket.tls_ctx) return err
return m #curve_params = {"p": 0x000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff, #"a": 0x000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc, #"b": 0x00000051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00, #"g": (0x000000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66, #0x0000011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650), #"n": 0x000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409, #"h": 0x1} #sub_group = ec.SubGroup(curve_params["p"], curve_params["g"], curve_params["n"], curve_params["h"]) #curve = ec.Curve(curve_params["a"], curve_params["b"], sub_group, "mytest") #curve = registry.get_curve('brainpoolP256r1') #secp256r1 = nist p-256 curve = registry.get_curve('secp256r1') keypair = ec.make_keypair(curve) #m = secrets.randbelow(curve.field.p) m = secrets.randbelow(0xffffffffffffffffffffffffffffffff) print("plain-text:\nm: " + hex(m)) print("\nencrypt:") (y1, y2) = encrypt(curve, keypair.pub, m) print("\ndecrypt:") decrypt_m = decrypt(curve, keypair.priv, y1, y2)
def test_when_keypair_is_generated_then_public_key_is_on_curve(self): keypair = ec.make_keypair(self.curve) self.assertTrue(1 <= keypair.priv <= self.curve.field.n) self.assertTrue(self.curve.on_curve(keypair.pub.x, keypair.pub.y))
def test_when_no_public_key_is_provided_then_it_is_calculated_from_private_key(self): keypair = ec.make_keypair(self.curve) keys = ec.Keypair(self.curve, keypair.priv) self.assertEqual(keypair.pub, keys.pub) self.assertTrue(keys.can_encrypt) self.assertTrue(keys.can_sign)