def fromBytes(self,W) : FS=curve.EFS xa=big.from_bytes(W[0:FS]) xb=big.from_bytes(W[FS:2*FS]) ya=big.from_bytes(W[2*FS:3*FS]) yb=big.from_bytes(W[3*FS:4*FS]) x=Fp2(Fp(xa),Fp(xb)) y=Fp2(Fp(ya),Fp(yb)) return self.set(x,y)
def fromBytes(self, W):
FS = curve.EFS
typ = W[0]
xa = big.from_bytes(W[1:FS + 1])
xb = big.from_bytes(W[FS + 1:2 * FS + 1])
x = Fp2(Fp(xa), Fp(xb))
if typ == 0x04:
ya = big.from_bytes(W[2 * FS + 1:3 * FS + 1])
yb = big.from_bytes(W[3 * FS + 1:4 * FS + 1])
y = Fp2(Fp(ya), Fp(yb))
return self.set(x, y)
else:
return self.setx(x, typ & 1)
def client_2(X, Y, ID, PIN, TK):
P = H(ID)
S = ECp()
if not S.fromBytes(TK):
return bytearray(0)
x = big.from_bytes(X)
y = big.from_bytes(Y)
x = (x + y) % curve.r
x = curve.r - x
S.add(PIN * P)
S = x * S
return S.toBytes(False)
def server(ID, Y, SS, U, V):
P = H(ID)
y = big.from_bytes(Y)
Q = ecp2.generator()
P = y * P
sQ = ECp2()
if not sQ.fromBytes(SS):
return (False, Fp12(), Fp12())
TU = ECp()
if not TU.fromBytes(U):
return (False, bytearray(0), bytearray(0))
TV = ECp()
if not TV.fromBytes(V):
return (False, bytearray(0), bytearray(0))
TU.add(P)
# TU.affine()
r = pair.double_ate(Q, TV, sQ, TU)
r = pair.fexp(r)
if r.isone():
return (True, bytearray(0), bytearray(0))
# failed - diagnose it
E = r.toBytes()
r = pair.e(Q, TU)
F = r.toBytes()
return (False, E, F)
def server(ID, Y, SS, U, V):
P = H(ID)
y = big.from_bytes(Y)
Q = ecp2.generator()
P = y * P
sQ = ECp2()
if not sQ.fromBytes(SS):
return (False, Fp12(), Fp12())
TU = ECp()
if not TU.fromBytes(U):
return (False, bytearray(0), bytearray(0))
TV = ECp()
if not TV.fromBytes(V):
return (False, bytearray(0), bytearray(0))
TU.add(P)
# TU.affine()
r = pair.double_ate(Q, TV, sQ, TU)
r = pair.fexp(r)
if r.isone():
return (True, bytearray(0), bytearray(0))
# failed - diagnose it
E = r.toBytes()
r = pair.e(Q, TU)
F = r.toBytes()
return (False, E, F)
def client_2(X, Y, ID, PIN, TK):
P = H(ID)
S = ECp()
if not S.fromBytes(TK):
return bytearray(0)
x = big.from_bytes(X)
y = big.from_bytes(Y)
x = (x + y) % curve.r
x = curve.r - x
S.add(PIN * P)
S = x * S
return S.toBytes(False)
def fromBytes(self, W):
t = W[0] # ord(W[0])
sp1 = curve.EFS + 1 # splits
sp2 = sp1 + curve.EFS
x = big.from_bytes(W[1:sp1])
if curve.CurveType == MONTGOMERY:
return self.set(x)
if t == 4:
y = big.from_bytes(W[sp1:sp2])
return self.setxy(x, y)
else:
if t == 2:
return self.set(x, 0)
if t == 3:
return self.set(x, 1)
self.inf()
return False
def fromBytes(self, W):
t = W[0] #ord(W[0])
sp1 = curve.EFS + 1 # splits
sp2 = sp1 + curve.EFS
x = big.from_bytes(W[1:sp1])
if curve.CurveType == MONTGOMERY:
return self.set(x)
if t == 4:
y = big.from_bytes(W[sp1:sp2])
return self.setxy(x, y)
else:
if t == 2:
return self.set(x, 0)
if t == 3:
return self.set(x, 1)
self.inf()
return False
def BLS_H(m):
h = hashlib.shake_256()
h.update(bytes(m, 'utf-8'))
hm = big.from_bytes(h.digest(curve.EFS))
HM = ECp()
while not HM.set(hm):
hm = hm + 1
return HM
def BLS_H(m):
h = hashlib.shake_256()
h.update(bytes(m, 'utf-8'))
hm=big.from_bytes(h.digest(curve.EFS))
HM=ECp()
while not HM.set(hm):
hm = hm + 1
return HM
def client_1(ID, X):
P = H(ID)
if X:
w = big.from_bytes(X)
else:
w = big.rand(curve.r)
X = big.to_bytes(w)
P = w * P
return (X, P.toBytes(False))
def client_1(ID, X):
P = H(ID)
if X:
w = big.from_bytes(X)
else:
w = big.rand(curve.r)
X = big.to_bytes(w)
P = w * P
return (X, P.toBytes(False))
def ECP_SpDSA(S, F):
FS = curve.EFS
G = generator()
m = hashlib.new(curve.SHA)
m.update(F)
H = m.digest()
HS = m.digest_size
if HS >= FS:
B = H[0:FS]
else:
B = bytearray(FS)
for i in range(0, HS):
B[i + FS - HS] = H[i]
C = bytearray(FS)
D = bytearray(FS)
r = curve.r
s = big.from_bytes(S)
f = big.from_bytes(B)
c = 0
d = 0
while d == 0:
u = big.rand(curve.r)
w = big.rand(curve.r) # masking
V = G.copy()
V = u * V
vx = V.getx()
c = vx % r
if c == 0:
continue
u = big.modmul(u, w, r)
u = big.invmodp(u, r)
d = big.modmul(s, c, r)
d += f
d = big.modmul(d, w, r)
d = big.modmul(d, u, r)
C = big.to_bytes(c)
D = big.to_bytes(d)
return C, D
def ECP_SpDSA(S, F):
FS = curve.EFS
G = generator()
m = hashlib.new(curve.SHA)
m.update(F)
H = m.digest()
HS = m.digest_size
if HS >= FS:
B = H[0:FS]
else:
B = bytearray(FS)
for i in range(0, HS):
B[i + FS - HS] = H[i]
C = bytearray(FS)
D = bytearray(FS)
r = curve.r
s = big.from_bytes(S)
f = big.from_bytes(B)
c = 0
d = 0
while d == 0:
u = big.rand(curve.r)
w = big.rand(curve.r) # masking
V = G.copy()
V = u * V
vx = V.getx()
c = vx % r
if c == 0:
continue
u = big.modmul(u, w, r)
u = big.invmodp(u, r)
d = big.modmul(s, c, r)
d += f
d = big.modmul(d, w, r)
d = big.modmul(d, u, r)
C = big.to_bytes(c)
D = big.to_bytes(d)
return C, D
def H(mpin_id):
p = curve.p
h = hashlib.new(curve.SHA)
h.update(bytes(mpin_id, 'utf-8'))
x = big.from_bytes(h.digest())
x %= p
P = ECp()
while not P.set(x):
x = x + 1
P = curve.CurveCof * P
return P
def ECP_KeyPairGenerate(S):
G = generator()
if S is None:
s = big.rand(curve.r)
else:
s = big.from_bytes(S) % curve.r
Y = s * G
SK = big.to_bytes(s)
PK = Y.toBytes(False)
return (SK, PK)
def ECP_KeyPairGenerate(S):
G = generator()
if S is None:
s = big.rand(curve.r)
else:
s = big.from_bytes(S) % curve.r
Y = s * G
SK = big.to_bytes(s)
PK = Y.toBytes(False)
return (SK, PK)
def ECP_SvDSA(P, F, C, D):
FS = curve.EFS
G = generator()
m = hashlib.new(curve.SHA)
m.update(F)
H = m.digest()
HS = m.digest_size
if HS >= FS:
B = H[0:FS]
else:
B = bytearray(FS)
for i in range(0, HS):
B[i + FS - HS] = H[i]
c = big.from_bytes(C)
d = big.from_bytes(D)
f = big.from_bytes(B)
r = curve.r
if c == 0 or c >= r or d == 0 or d >= r:
return False
d = big.invmodp(d, r)
f = big.modmul(f, d, r)
h2 = big.modmul(c, d, r)
WP = ECp()
if not WP.fromBytes(P):
return False
P = ECp.mul(WP, h2, G, f)
if P.isinf():
return False
d = P.getx() % r
if c != d:
return False
return True
def ECP_SvDSA(P, F, C, D):
FS = curve.EFS
G = generator()
m = hashlib.new(curve.SHA)
m.update(F)
H = m.digest()
HS = m.digest_size
if HS >= FS:
B = H[0:FS]
else:
B = bytearray(FS)
for i in range(0, HS):
B[i + FS - HS] = H[i]
c = big.from_bytes(C)
d = big.from_bytes(D)
f = big.from_bytes(B)
r = curve.r
if c == 0 or c >= r or d == 0 or d >= r:
return False
d = big.invmodp(d, r)
f = big.modmul(f, d, r)
h2 = big.modmul(c, d, r)
WP = ECp()
if not WP.fromBytes(P):
return False
P = ECp.mul(WP, h2, G, f)
if P.isinf():
return False
d = P.getx() % r
if c != d:
return False
return True
def ECP_SvdpDH(S, W):
s = big.from_bytes(S)
WP = ECp()
if not WP.fromBytes(W):
return ECDH_ERROR
r = curve.r
s %= r
WP = s * WP
if WP.isinf():
return ECDH_ERROR
x = WP.getx()
K = big.to_bytes(x)
return K
def ECP_SvdpDH(S, W):
s = big.from_bytes(S)
WP = ECp()
if not WP.fromBytes(W):
return ECDH_ERROR
r = curve.r
s %= r
WP = s * WP
if WP.isinf():
return ECDH_ERROR
x = WP.getx()
K = big.to_bytes(x)
return K
def H(mpin_id):
r = curve.r
p = curve.p
h = hashlib.new(curve.SHA)
h.update(bytes(mpin_id, 'utf-8'))
x = big.from_bytes(h.digest())
x %= p
P = ECp()
while not P.set(x):
x = x + 1
# work out co-factor
nb = p.bit_length()
cf = 1
cf = cf << (nb + 4) // 2
cf += p
cf //= r
if cf != 1:
P = cf * P
return P
def H(mpin_id):
r = curve.r
p = curve.p
h = hashlib.new(curve.SHA)
h.update(bytes(mpin_id, 'utf-8'))
x = big.from_bytes(h.digest())
x %= p
P = ECp()
while not P.set(x):
x = x + 1
# work out co-factor
nb = p.bit_length()
cf = 1
cf = cf << (nb + 4) // 2
cf += p
cf //= r
if cf != 1:
P = cf * P
return P
def get_server_secret(Z):
Q = ecp2.generator()
s = big.from_bytes(Z)
Q = s * Q
return Q.toBytes()
def sign(m,SK):
HM=BLS_H(m)
s=big.from_bytes(SK)
D=s*HM
return D.toBytes(True)
def fromBytes(self, E):
FS = curve.EFS
a = Fp4(Fp2(Fp(big.from_bytes(E[0:FS])),
Fp(big.from_bytes(E[FS:2 * FS]))),
Fp2(Fp(big.from_bytes(E[2 * FS:3 * FS])),
Fp(big.from_bytes(E[3 * FS:4 * FS]))))
b = Fp4(Fp2(Fp(big.from_bytes(E[4 * FS:5 * FS])),
Fp(big.from_bytes(E[5 * FS:6 * FS]))),
Fp2(Fp(big.from_bytes(E[6 * FS:7 * FS])),
Fp(big.from_bytes(E[7 * FS:8 * FS]))))
c = Fp4(Fp2(Fp(big.from_bytes(E[8 * FS:9 * FS])),
Fp(big.from_bytes(E[9 * FS:10 * FS]))),
Fp2(Fp(big.from_bytes(E[10 * FS:11 * FS])),
Fp(big.from_bytes(E[11 * FS:12 * FS]))))
self.set(a, b, c)
def sign(m, SK):
HM = BLS_H(m)
s = big.from_bytes(SK)
D = s * HM
return D.toBytes(True)
def get_client_secret(Z, ID):
P = H(ID)
s = big.from_bytes(Z)
P = s * P
return P.toBytes(False)
def get_client_secret(Z, ID):
P = H(ID)
s = big.from_bytes(Z)
P = s * P
return P.toBytes(False)
def get_server_secret(Z):
Q = ecp2.generator()
s = big.from_bytes(Z)
Q = s * Q
return Q.toBytes(False)
