def __init__(self, group=None, p=0, q=0, secparam=512): self.group = group if group is not None else IntegerGroupQ() self.group.p, self.group.q, self.group.r = p, q, 2 if self.group.p == 0 or self.group.q == 0: self.group.paramgen(secparam) self.p = self.group.p self.q = self.group.q self.x, self.g, = self.group.random(), self.group.randomGen() self.z, self.h, = self.group.randomGen(), self.group.randomGen() self.y = (self.g ** self.x) % self.p hs1 = hashlib.new('sha256') hs1.update(Conversion.IP2OS(integer(self.p))) hs1.update(Conversion.IP2OS(integer(self.q))) hs1.update(Conversion.IP2OS(integer(self.g))) hs1.update(Conversion.IP2OS(integer(self.h))) hs1.update(Conversion.IP2OS(integer(self.y))) msg = integer(Conversion.OS2IP(hs1.digest())) self.z = ((msg ** ((self.p - 1) / self.q)) % self.p) self.u = None self.d = None self.s1 = None self.s2 = None
def verify_blind(self, cp, blind_signature): # Convert to modular integer dictionary sig = SigConversion.convert_dict_modint(json.loads(blind_signature)) cp_pubk = get_cp_pubkey(cp, self.timestamp, self.policy) verifier = BlindSignatureVerifier(cp_pubk) message = Conversion.OS2IP(self.pubk) return verifier.verify(sig, message)
def encrypt(self, pk, m, salt=None): octetlen = int(ceil(int(pk['N']).bit_length() / 8.0)) EM = self.paddingscheme.encode(m, octetlen, "", salt) if debug: print("EM == >", EM) i = Conversion.OS2IP(EM) ip = integer(i) % pk['N'] #Convert to modular integer return (ip**pk['e']) % pk['N']
def setup_method(self, message=None): key = ECC.generate(curve='P-256') self.message = Conversion.OS2IP(key.public_key().export_key( format='DER')) if message is None else message challenge = self.signer.get_challenge() self.e = self.user.challenge_response(challenge, self.message) proofs = self.signer.get_proofs(self.e) self.sig = self.user.gen_signature(proofs)
def hash_util(d: dict or list) -> int: """ Creates a SHA256 hash of dict or list. Merely a helper function. :param d: Input on which a hash needs to be generated. :return: (int) Hash of the input d. """ hash_tmp = SHA256Hash().new(json.dumps(d).encode()) return Conversion.OS2IP(hash_tmp.digest())
def hash_util(d: dict or list) -> int: try: assert type(d) == dict or type(d) == list except AssertionError: print(type(d), file=sys.stderr) hashable = json.dumps(d) hash_tmp = SHA256Hash().new(hashable.encode()) return Conversion.OS2IP(hash_tmp.digest())
def encrypt(self, pk, m, salt=None): if (self.paddingscheme.name == "SAEPEncryptionPadding"): EM = self.paddingscheme.encode(m, pk['n'], pk['s0']) else: m = self.redundancyscheme.encode(m) octetlen = int(ceil(int(pk['N']).bit_length() / 8.0)) EM = self.paddingscheme.encode(m, octetlen, "", salt) if debug: print("EM == >", EM) i = Conversion.OS2IP(EM) ip = integer(i) % pk['N'] #Convert to modular integer return (ip**2) % pk['N']
def test1(client, p, nonce, key_client, key_p): group_object = PairingGroup('SS512') shared_key = group_object.random(GT) crypter_a = SymmetricCryptoAbstraction( extractor(bytesToObject(key_client, group_object))) crypter_b = SymmetricCryptoAbstraction( extractor(bytesToObject(key_p, group_object))) package_b = crypter_b.encrypt( objectToBytes([shared_key, serialize_endpoint(client)], group_object)) package_a = crypter_a.encrypt( objectToBytes([ Conversion.OS2IP(nonce), shared_key, serialize_endpoint(p), package_b ], group_object)) return package_a
def hash(self, strID): '''Hash the identity string and break it up in to l bit pieces''' assert type(strID) == str, "invalid input type" hash = self.sha2(strID) val = Conversion.OS2IP(hash) #Convert to integer format bstr = bin(val)[2:] #cut out the 0b header v=[] for i in range(self._length): #z must be greater than or equal to 1 binsubstr = bstr[self._bitsize*i : self._bitsize*(i+1)] intval = int(binsubstr, 2) intelement = self._group.init(ZR, intval) v.append(intelement) return v
def stringToInt(strID, zz, ll): '''Hash the identity string and break it up in to l bit pieces''' h = hashlib.new('sha1') h.update(bytes(strID, 'utf-8')) _hash = Bytes(h.digest()) val = Conversion.OS2IP(_hash) #Convert to integer format bstr = bin(val)[2:] #cut out the 0b header v=[] for i in range(zz): #z must be greater than or equal to 1 binsubstr = bstr[ll*i : ll*(i+1)] intval = int(binsubstr, 2) intelement = group.init(ZR, intval) v.append(intelement) return v
def strToId(pk, strID): getUserGlobals() hash = sha1(strID) val = Conversion.OS2IP(hash) bstr = bin(val)[2:] v = [] for i in range(pk[listIndexNoOfN_StrToId]): binsubstr = bstr[pk[listIndexNoOfl_StrToId] * i:pk[listIndexNoOfl_StrToId] * (i + 1)] print(binsubstr) intval = int(binsubstr, 2) intelement = groupObjBuiltInFuncs.init(ZR, intval) v.append(intelement) return v
def gen_proof_handler(e: dict): key = KeyModel.query.get((current_user.timestamp, current_user.policy)) signer = key.signer signer.d = current_user.d signer.u = current_user.u signer.s1 = current_user.s1 signer.s2 = current_user.s2 # Do the appropriate conversions so that we can serialize e = SigConversion.convert_dict_modint(e) proofs = SigConversion.convert_dict_strlist(signer.get_proofs(e)) hash_tmp = SHA256Hash().new(json.dumps(proofs).encode()) hash_proof = Conversion.OS2IP(hash_tmp.digest()) resp = {'proof': proofs, 'hash': hash_proof} return resp
def verify(self, pk, M, S): modbits = int(pk['N']).bit_length() k = int(ceil(modbits / 8.0)) emLen = int(ceil((modbits - 1) / 8.0)) if len(S) != k: if debug: print("Sig is %s octets long, not %" % (len(S), k)) return False s = Conversion.OS2IP(S) s = integer(s) % pk['N'] #Convert to modular integer m = (s**pk['e']) % pk['N'] EM = Conversion.IP2OS(m, emLen) if debug: print("Verifying") print("k =>", k) print("emLen =>", emLen) print("s =>", s) print("m =>", m) print("em =>", EM) print("S =>", S) return self.paddingscheme.verify(M, EM, modbits - 1)
def sign(self, sk, M, salt=None): #apply encoding modbits = int(sk['N']).bit_length() k = int(ceil(modbits / 8.0)) emLen = int(ceil((modbits - 1) / 8.0)) em = self.paddingscheme.encode(M, modbits - 1, salt) m = Conversion.OS2IP(em) m = integer(m) % sk['N'] #ERRROR m is larger than N s = (m**sk['d']) % sk['N'] S = Conversion.IP2OS(s, k) if debug: print("Signing") print("k =>", k) print("emLen =>", emLen) print("m =>", m) print("em =>", em) print("s =>", s) print("S =>", S) return S
def sign(self, sk, M, salt=None): #apply encoding while True: octetlen = int(ceil(int(sk['N']).bit_length() / 8.0)) em = self.paddingscheme.encode(M, octetlen, "", salt) m = Conversion.OS2IP(em) m = integer(m) % sk['N'] #ERRROR m is larger than N p = sk['p'] q = sk['q'] yp = sk['yp'] yq = sk['yq'] mp = (m**((p + 1) / 4)) % p mq = (m**((q + 1) / 4)) % q r1 = ((int(yp) * int(p) * int(mq)) + ((int(yq) * int(q) * int(mp)))) % int(sk['N']) r2 = int(sk['N']) - int(r1) s1 = (int(yp) * int(p) * int(mq) - int(yq) * int(q) * int(mp)) % int(sk['N']) s2 = int(sk['N']) - int(s1) if (((int((integer(r1)**2) % sk['N'] - m)) == 0) or ((int((integer(r2)**2) % sk['N'] - m)) == 0) or ((int((integer(s1)**2) % sk['N'] - m)) == 0) or ((int((integer(s2)**2) % sk['N'] - m)) == 0)): break S = {'s1': r1, 's2': r2, 's3': s1, 's4': s2} if debug: print("Signing") print("m =>", m) print("em =>", em) print("S =>", S) return S
def challenge_response(self, input, message): rnd = input.get('rnd') a = input.get('a') b1 = input.get('b1') b2 = input.get('b2') msg = integer(Conversion.OS2IP(SHA1(Conversion.IP2OS(rnd)))) z1 = (msg**((self.p - 1) / self.q)) % self.p gamma = self.group.random() tau = self.group.random() t1 = self.group.random() t2 = self.group.random() t3 = self.group.random() t4 = self.group.random() t5 = self.group.random() zeta = self.z**gamma zeta1 = z1**gamma zeta2 = zeta / zeta1 alpha = a * (self.g**t1) * (self.y**t2) % self.p beta1 = (b1**gamma) * (self.g**t3) * (zeta1**t4) % self.p beta2 = (b2**gamma) * (self.h**t5) * (zeta2**t4) % self.p eta = self.z**tau epsilon = integer( hash_int([zeta, zeta1, alpha, beta1, beta2, eta, message ])) % self.q e = (epsilon - t2 - t4) % self.q self.__store__(self, ('z1', z1), ('zeta', zeta), ('zeta1', zeta1)) self.__store__(self, ('zeta2', zeta2), ('alpha', alpha), ('beta1', beta1), ('beta2', beta2)) self.__store__(self, ('t1', t1), ('t2', t2), ('t3', t3), ('t4', t4), ('t5', t5)) self.__store__(self, ('gamma', gamma), ('tau', tau), ('eta', eta)) return {'e': e}
def get_challenge(self): rnd = randomBits(80) msg = integer(Conversion.OS2IP(SHA1(Conversion.IP2OS(rnd)))) z1 = ((msg ** ((self.p - 1) / self.q)) % self.p) inv_z1 = (mulinv(z1, self.p)) % self.p z2 = (int(self.z) * int(inv_z1)) % self.p self.u = self.group.random() self.s1 = self.group.random() self.s2 = self.group.random() self.d = self.group.random() a = self.g ** self.u b1 = (self.g ** self.s1) * (z1 ** self.d) b2 = (self.h ** self.s2) * (z2 ** self.d) return {'rnd': rnd, 'a': a, 'b1': b1, 'b2': b2}
def gen_proofs_handler(policy, es): # Get policy from database and setup list policy = PolicyModel.query.get(policy) resp = list() # Iterate through the challenge responses received for x in es: # Retrieve KeyModel object timestamp = x.get('timestamp') key = policy.get_key(timestamp) # Retrieve SigVarsModel object so we can populate the signer with u and d sigvars = current_user.get_sigvar(timestamp, policy.policy) # Get policy pool pool = policy.get_pool(timestamp) if key and sigvars: signer = key.signer signer.d = sigvars.d signer.u = sigvars.u signer.s1 = sigvars.s1 signer.s2 = sigvars.s2 # Do the appropriate conversions so that we can serialize x['e'] = SigConversion.strlist2modint(x.get('e')) proofs = SigConversion.convert_dict_strlist(signer.get_proofs(x)) hash_tmp = SHA256Hash().new(json.dumps(proofs).encode()) hash_proof = Conversion.OS2IP(hash_tmp.digest()) # Add proofs to the pool pool.append_to_pool(proofs) resp.append({'timestamp': timestamp, 'hash_proof': hash_proof}) resp = {'policy': policy.policy, 'hash_proofs': resp} return resp
def handle_challenge_util(signer_type: str, signer_id: int, resp: dict, policy: int, message: int = None): """ Utility function that takes care of type conversions and ultimately calls the signing function :param signer_type: Whether a blind signature is being requested from a CP or an AP. :param signer_id: The CP\\AP's participant ID :param resp: The CP\\AP response to the challenge request. :param policy: The policy for which the signature needs to be generated. :param message: The message that the blind signature needs to be generated on. :return: e: The challenge response that is used by the CP/AP's to generate the proofs. """ pubk = SigConversion.convert_dict_modint(resp.get('public_key')) challenge = SigConversion.convert_dict_modint(resp.get('challenge')) timestamp = resp.get('timestamp') # Generate signer and keymodel signer = UserBlindSignature(pubk) key_model = KeyModel(provider_type=signer_type, p_id=signer_id, policy=policy, signer=signer, interval=timestamp) if message is None: message = Conversion.OS2IP(key_model.public_key) e = SigConversion.convert_dict_strlist( signer.challenge_response(challenge, message)) e['timestamp'] = timestamp key_model.signer = signer key_model.save_to_db() return e
lsk_A_prime = waters.sha2(alpha_bytes + beta_bytes + r_1_bytes) lsk_A_prime = lsk_A_prime[0:16] # hash e and r_2 together to get esk_A_prime esk_A_prime = waters.sha2(e_bytes + r_2_bytes) esk_A_prime = esk_A_prime[0:16] # calculate r and w prf1 = MYPRF(lsk_A_prime) tmp1 = prf1._encrypt(e_bytes) prf2 = MYPRF(esk_A_prime) tmp2 = prf2._encrypt(r_1_bytes) tmp1 = tmp1['CipherText'] tmp2 = tmp2['CipherText'] tmp = group_order_bits // 8 r_value = Conversion.OS2IP(tmp1[0:tmp], True) + Conversion.OS2IP( tmp2[0:tmp], True) w_value = Conversion.OS2IP(tmp1[tmp:2 * tmp], True) + Conversion.OS2IP( tmp2[tmp:2 * tmp], True) r_value = r_value % group_order w_value = w_value % group_order capital_W_value = (g**w_value) % N_square capital_X_value = (g**r_value) % N_square capital_W_bytes = Conversion.IP2OS(capital_W_value, bits // 8) capital_X_bytes = Conversion.IP2OS(capital_X_value, bits // 8) # send N, group_order, g, hp_1, hp_2, W, X, t to party B N_bytes = Conversion.IP2OS(N, bits // 8) g_bytes = Conversion.IP2OS(g, bits // 8) group_order_bytes = Conversion.IP2OS(group_order, bits // 8)
def access_service_post(): # Get nonce from service res = requests.get('http://{}/request'.format( current_app.config['service_host'])).json() service_y = res.get('y') # Setup parameters that are sent to the AP params = { 'cp': int(request.form.get('cp')), 'timestamp': int(dateutil.parser.parse(request.form.get('timestamp')).timestamp()), 'policy': int(request.form.get('policy')) } # Request-certs CP_i res = requests.get('http://{}/request_certs'.format( current_app.config['ap_host']), params=params) if res.status_code == 500: flash("Error when requesting certs: " + res.json().get('message'), "access_service_error") return render_template('service_authenticate.html') # Get data from response and find corresponding keymodel data = res.json() key_model = KeyModel.query.filter_by( provider_type_=1, p_id_=params.get('cp'), policy_=params.get('policy'), interval_timestamp_=params.get('timestamp')).first() # Validate that block has not been altered try: validate_block(data) except Exception as e: flash("Error when validating block: " + str(e), "access_service_error") return render_template('service_authenticate.html') pubk = {'pubk': Conversion.OS2IP(key_model.public_key)} # Get the challenge from the AP in order to prove that the user owns a specific keypair res = requests.get('http://{}/prove_owner'.format( current_app.config['ap_host']), params=pubk) y = res.json().get('y') # Prove the user owns the private key corresponding to a set of proofs in the block # Proof consists of the signature of the private key on the nonce y and the blind signature on the public key try: (proof, proof_owner) = prove_owner(y, data, key_model.proof_hash) blind_signature = key_model.generate_blind_signature( proof.get('proofs')) proof_resp = json.dumps({ 'y': y, 'signature': proof_owner[1], 'blind_signature': json.dumps(SigConversion.convert_dict_strlist(blind_signature)) }) # Post the proofs res = requests.post('http://{}/prove_owner'.format( current_app.config['ap_host']), json=proof_resp, params=params) # Receive access token for AP access_info = res.json() err = access_info headers = {'Authorization': "Bearer " + access_info.get('access')} # Request challenge from AP to issue blind signature challenge = requests.get('http://{}/init_sig'.format( current_app.config['ap_host']), headers=headers).json() # Handle challenge try: challenge['timestamp'] = params.get('timestamp') e = json.dumps( handle_challenge_ap(challenge, params.get('policy'), service_y)) # Send Response proof_response = requests.post('http://{}/generate_proof'.format( current_app.config['ap_host']), json=e, headers=headers) proofs = proof_response.json() # Validate Response try: validate_proof(proofs) except Exception as e: flash("Error when validating proofs: " + str(e), "access_service_error") return render_template('service_authenticate.html') # Get AP Keymodel ap_key_model = KeyModel.query.filter_by(p_id_=2000, provider_type_=2).first() # Build signature blind_signature = ap_key_model.generate_blind_signature( proofs.get('proof')) # Send signature on service_y to service resp_service = { 'y': service_y, 'sig': json.dumps( SigConversion.convert_dict_strlist(blind_signature)), 'policy': params.get('policy'), 'timestamp': params.get('timestamp') } # Get access to service res = requests.post('http://{}/response'.format( current_app.config['service_host']), json=json.dumps(resp_service)) if res.status_code == 200: return render_template('thanks.html') else: message = res.json().get('message') flash("Response code was not 200: " + message, "access_service_error") return render_template('service_authenticate.html') except Exception as e: flash("There was an error when handling the challenge: " + str(e), "access_service_error") return render_template('service_authenticate.html') except Exception as e: flash( "There was an error in the ownership proving stage. The blind signature likely failed to verify: " + str(e), "access_service_error") return render_template('service_authenticate.html')
def sign(self, y:str) -> Tuple[int, int]: key = self.key_pair msg_hash = SHA256.new(bytes.fromhex(y)) signer = DSS.new(key, 'fips-186-3') signature = signer.sign(msg_hash) return Conversion.OS2IP(msg_hash.digest()), Conversion.OS2IP(signature)
def testPSSVector(self): # ================================== # Example 1: A 1024-bit RSA Key Pair # ================================== # ------------------------------ # Components of the RSA Key Pair # ------------------------------ # RSA modulus n: n = a2b_hex('\ a2 ba 40 ee 07 e3 b2 bd 2f 02 ce 22 7f 36 a1 95 \ 02 44 86 e4 9c 19 cb 41 bb bd fb ba 98 b2 2b 0e \ 57 7c 2e ea ff a2 0d 88 3a 76 e6 5e 39 4c 69 d4 \ b3 c0 5a 1e 8f ad da 27 ed b2 a4 2b c0 00 fe 88 \ 8b 9b 32 c2 2d 15 ad d0 cd 76 b3 e7 93 6e 19 95 \ 5b 22 0d d1 7d 4e a9 04 b1 ec 10 2b 2e 4d e7 75 \ 12 22 aa 99 15 10 24 c7 cb 41 cc 5e a2 1d 00 ee \ b4 1f 7c 80 08 34 d2 c6 e0 6b ce 3b ce 7e a9 a5 '.replace(' ', '')) n = Conversion.OS2IP(n, True) # RSA public exponent e: e = a2b_hex('01 00 01'.replace(' ', '')) e = Conversion.OS2IP(e, True) # Prime p: p = a2b_hex('\ d1 7f 65 5b f2 7c 8b 16 d3 54 62 c9 05 cc 04 a2 \ 6f 37 e2 a6 7f a9 c0 ce 0d ce d4 72 39 4a 0d f7 \ 43 fe 7f 92 9e 37 8e fd b3 68 ed df f4 53 cf 00 \ 7a f6 d9 48 e0 ad e7 57 37 1f 8a 71 1e 27 8f 6b '.replace(' ', '')) p = Conversion.OS2IP(p, True) # Prime q: q = a2b_hex('\ c6 d9 2b 6f ee 74 14 d1 35 8c e1 54 6f b6 29 87 \ 53 0b 90 bd 15 e0 f1 49 63 a5 e2 63 5a db 69 34 \ 7e c0 c0 1b 2a b1 76 3f d8 ac 1a 59 2f b2 27 57 \ 46 3a 98 24 25 bb 97 a3 a4 37 c5 bf 86 d0 3f 2f'.replace(' ', '')) q = Conversion.OS2IP(q, True) phi_N = (p - 1) * (q - 1) e = e % phi_N d = e**-1 # --------------------------------- # Step-by-step RSASSA-PSS Signature # --------------------------------- # Message to be signed: m = a2b_hex('\ 85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55 \ bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64 \ 78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17 \ 3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27 \ 12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0 \ 4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74 \ ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98 \ 90 fc '.replace(' ', '')) # mHash: mHash = a2b_hex('\ 37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1 \ 10 e6 2d 6a'.replace(' ', '')) # salt: salt = a2b_hex('\ e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 \ 3b ce 7e 61'.replace(' ', '')) # M': mPrime = a2b_hex('\ 00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35 \ 3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0 \ 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(' ', '')) # H: H = a2b_hex('\ df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54 \ 6f be 8c fe'.replace(' ', '')) # DB: DB = a2b_hex('\ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c \ 2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(' ', '')) # dbMask: dbMask = a2b_hex('\ 66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 \ d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af \ 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 \ d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 \ e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec \ d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46 \ 5e 87 a4 53 5c d4 c5 9b 10 02 8d'.replace(' ', '')) # maskedDB: maskedDB = a2b_hex('\ 66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 \ d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af \ 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 \ d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 \ e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec \ d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a \ 75 e2 4b db fd 5c 1d a0 de 7c ec'.replace(' ', '')) # Encoded message EM: EM = a2b_hex('\ 66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 \ d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af \ 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 \ d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 \ e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec \ d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a \ 75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d \ 8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc'.replace(' ', '')) # Signature S, the RSA decryption of EM: S = a2b_hex('\ 8d aa 62 7d 3d e7 59 5d 63 05 6c 7e c6 59 e5 44 \ 06 f1 06 10 12 8b aa e8 21 c8 b2 a0 f3 93 6d 54 \ dc 3b dc e4 66 89 f6 b7 95 1b b1 8e 84 05 42 76 \ 97 18 d5 71 5d 21 0d 85 ef bb 59 61 92 03 2c 42 \ be 4c 29 97 2c 85 62 75 eb 6d 5a 45 f0 5f 51 87 \ 6f c6 74 3d ed dd 28 ca ec 9b b3 0e a9 9e 02 c3 \ 48 82 69 60 4f e4 97 f7 4c cd 7c 7f ca 16 71 89 \ 71 23 cb d3 0d ef 5d 54 a2 b5 53 6a d9 0a 74 7e'.replace(' ', '')) if debug: print("PSS Test Step by Step") print("mHash = Hash(M)", mHash) print("salt = random ", salt) print("M' = Padding || mHash || salt", mPrime) print("H = Hash(M')", H) print("DB = Padding || salt", DB) print("dbMask = MGF(H, length(DB))", dbMask) print("maskedDB = DB xor dbMask", maskedDB) print("EM = maskedDB || H || 0xbc", EM) print("S = RSA decryption of EM", S) rsa = RSA_Sig() sk = {'phi_N': phi_N, 'd': d, 'N': n} sig = rsa.sign(sk, m, salt) assert S == sig
element_size = bits // 8 amount_expected = 7 * element_size + 20 data_received = b'' while len(data_received) < amount_expected: data_received += connection.recv(amount_expected) N_bytes = data_received[0:element_size] group_order_bytes = data_received[element_size:2 * element_size] g_bytes = data_received[2 * element_size:3 * element_size] hp_1_bytes = data_received[3 * element_size:4 * element_size] hp_2_bytes = data_received[4 * element_size:5 * element_size] capital_W_bytes = data_received[5 * element_size:6 * element_size] capital_X_bytes = data_received[6 * element_size:7 * element_size] t_bytes = data_received[7 * element_size:amount_expected] N_value = Conversion.OS2IP(N_bytes, True) group_order = Conversion.OS2IP(group_order_bytes, True) g_value = Conversion.OS2IP(g_bytes, True) hp_1_value = Conversion.OS2IP(hp_1_bytes, True) hp_2_value = Conversion.OS2IP(hp_2_bytes, True) capital_W_value = Conversion.OS2IP(capital_W_bytes, True) capital_X_value = Conversion.OS2IP(capital_X_bytes, True) t_value = Conversion.OS2IP(t_bytes, True) N_square = N_value**2 g_value = g_value % N_square hp_1_value = hp_1_value % N_square hp_2_value = hp_2_value % N_square capital_X_value = capital_X_value % N_square capital_W_value = capital_W_value % N_square
def testRSAVector(self): # ================================== # Example 1: A 1024-bit RSA Key Pair # ================================== # ------------------------------ # Components of the RSA Key Pair # ------------------------------ # RSA modulus n: n = a2b_hex('\ bb f8 2f 09 06 82 ce 9c 23 38 ac 2b 9d a8 71 f7 \ 36 8d 07 ee d4 10 43 a4 40 d6 b6 f0 74 54 f5 1f \ b8 df ba af 03 5c 02 ab 61 ea 48 ce eb 6f cd 48 \ 76 ed 52 0d 60 e1 ec 46 19 71 9d 8a 5b 8b 80 7f \ af b8 e0 a3 df c7 37 72 3e e6 b4 b7 d9 3a 25 84 \ ee 6a 64 9d 06 09 53 74 88 34 b2 45 45 98 39 4e \ e0 aa b1 2d 7b 61 a5 1f 52 7a 9a 41 f6 c1 68 7f \ e2 53 72 98 ca 2a 8f 59 46 f8 e5 fd 09 1d bd cb '.replace(' ', '')) n = Conversion.OS2IP(n, True) # RSA public exponent e: e = a2b_hex('11') e = Conversion.OS2IP(e, True) # Prime p: p = a2b_hex('\ ee cf ae 81 b1 b9 b3 c9 08 81 0b 10 a1 b5 60 01 \ 99 eb 9f 44 ae f4 fd a4 93 b8 1a 9e 3d 84 f6 32 \ 12 4e f0 23 6e 5d 1e 3b 7e 28 fa e7 aa 04 0a 2d \ 5b 25 21 76 45 9d 1f 39 75 41 ba 2a 58 fb 65 99 '.replace(' ', '')) p = Conversion.OS2IP(p, True) # Prime q: q = a2b_hex('\ c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35 \ 3f 6c 42 d0 88 66 b1 d0 5a 0f 20 35 02 8b 9d 86 \ 98 40 b4 16 66 b4 2e 92 ea 0d a3 b4 32 04 b5 cf \ ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03'.replace(' ', '')) q = Conversion.OS2IP(q, True) phi_N = (p - 1) * (q - 1) e = e % phi_N d = e**-1 # ---------------------------------- # Step-by-step RSAES-OAEP Encryption # ---------------------------------- # Message to be encrypted: M = a2b_hex('\ d4 36 e9 95 69 fd 32 a7 c8 a0 5b bc 90 d3 2c 49'.replace(' ', '')) lhash = a2b_hex('\ da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 \ af d8 07 09'.replace(' ', '')) # DB: db = a2b_hex('\ da 39 a3 ee 5e 6b 4b 0d 32 55 bf ef 95 60 18 90 \ af d8 07 09 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ 00 00 00 00 00 00 00 00 00 00 01 d4 36 e9 95 69 \ fd 32 a7 c8 a0 5b bc 90 d3 2c 49'.replace(' ', '')) # Seed: seed = a2b_hex('\ aa fd 12 f6 59 ca e6 34 89 b4 79 e5 07 6d de c2 \ f0 6c b5 8f '.replace(' ', '')) # dbMask: dbmask = a2b_hex('\ 06 e1 de b2 36 9a a5 a5 c7 07 d8 2c 8e 4e 93 24 \ 8a c7 83 de e0 b2 c0 46 26 f5 af f9 3e dc fb 25 \ c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4 \ 77 28 b4 a1 b7 c1 36 2b aa d2 9a b4 8d 28 69 d5 \ 02 41 21 43 58 11 59 1b e3 92 f9 82 fb 3e 87 d0 \ 95 ae b4 04 48 db 97 2f 3a c1 4e af f4 9c 8c 3b \ 7c fc 95 1a 51 ec d1 dd e6 12 64'.replace(' ', '')) # maskedDB: maskeddb = a2b_hex('\ dc d8 7d 5c 68 f1 ee a8 f5 52 67 c3 1b 2e 8b b4 \ 25 1f 84 d7 e0 b2 c0 46 26 f5 af f9 3e dc fb 25 \ c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4 \ 77 28 b4 a1 b7 c1 36 2b aa d2 9a b4 8d 28 69 d5 \ 02 41 21 43 58 11 59 1b e3 92 f9 82 fb 3e 87 d0 \ 95 ae b4 04 48 db 97 2f 3a c1 4f 7b c2 75 19 52 \ 81 ce 32 d2 f1 b7 6d 4d 35 3e 2d '.replace(' ', '')) # seedMask: seedmask = a2b_hex('\ 41 87 0b 5a b0 29 e6 57 d9 57 50 b5 4c 28 3c 08 \ 72 5d be a9 '.replace(' ', '')) # maskedSeed: maskedseed = a2b_hex('\ eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 ca \ 82 31 0b 26 '.replace(' ', '')) # EM = 00 || maskedSeed || maskedDB: em = a2b_hex('\ 00 eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 \ ca 82 31 0b 26 dc d8 7d 5c 68 f1 ee a8 f5 52 67 \ c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26 f5 af \ f9 3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db \ 4c dc fe 4f f4 77 28 b4 a1 b7 c1 36 2b aa d2 9a \ b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3 92 f9 \ 82 fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f \ 7b c2 75 19 52 81 ce 32 d2 f1 b7 6d 4d 35 3e 2d '.replace(' ', '')) # Encryption: enc = a2b_hex('\ 12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0 \ 39 a3 3d 1e 99 6f c8 2a 94 cc d3 00 74 c9 5d f7 \ 63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f 87 2c f6 \ 53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb \ 6d 84 b1 c3 1d 65 4a 19 70 e5 78 3b d6 eb 96 a0 \ 24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40 e5 bb 48 \ da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d \ 51 a7 4d df 85 d8 b5 0d e9 68 38 d6 06 3e 09 55 '.replace(' ', '')) rsa = RSA_Enc() pk = {'N': n, 'e': e} sk = {'phi_N': phi_N, 'd': d, 'N': n} c = rsa.encrypt(pk, M, seed) C = Conversion.IP2OS(c) if debug: print("RSA OEAP step by step") print("Label L = empty string") print("lHash = ", lhash) print("DB = ", db) print("seed = ", seed) print("dbMask = ", dbmask) print("maskedDB = ", maskeddb) print("seedMask = ", seedmask) print("maskedSeed = ", maskedseed) print("EM = ", em) assert C == enc
def testOS2IP(self): #9,202,000 = (0x)8c 69 50. i = Conversion.OS2IP(b'\x8c\x69\x50') self.assertEqual(i, 9202000)
def sign(data, private_key): signer = RSA_Sig() sig = signer.sign(private_key[1], data) sig = Conversion.OS2IP(sig) serial_data_and_sig = objectToBytes([data, sig], IntegerGroup()) return serial_data_and_sig
hp_2_bytes = data_received[element_size * 5 + group_order_size:element_size * 6 + group_order_size] u_1_bytes = data_received[element_size * 6 + group_order_size:element_size * 7 + group_order_size] u_2_bytes = data_received[element_size * 7 + group_order_size:element_size * 8 + group_order_size] X_bytes = data_received[element_size * 8 + group_order_size:element_size * 9 + group_order_size] t_bytes = data_received[element_size * 9 + group_order_size:amount_expected] group_p_value = Conversion.OS2IP(group_p_bytes, True) #group_q_value = Conversion.OS2IP(group_q_bytes, True) group_order = Conversion.OS2IP(group_order_bytes, True) #print('group.p = ', group_p_value) #print('group_order = ', group_order) g_value = Conversion.OS2IP(g_bytes, True) g_1_value = Conversion.OS2IP(g_1_bytes, True) g_2_value = Conversion.OS2IP(g_2_bytes, True) hp_1_value = Conversion.OS2IP(hp_1_bytes, True) hp_2_value = Conversion.OS2IP(hp_2_bytes, True) u_1_value = Conversion.OS2IP(u_1_bytes, True) u_2_value = Conversion.OS2IP(u_2_bytes, True) X_value = Conversion.OS2IP(X_bytes, True) t_value = Conversion.OS2IP(t_bytes, True) # group = IntegerGroup()
def hash_int(args): hash = SHA256Hash() for arg in args: hash.update(Conversion.IP2OS(arg)) return Conversion.OS2IP(hash.digest())
lsk_A_prime = waters.sha2(tmp) lsk_A_prime = lsk_A_prime[0:16] # get the first 128 bits # hash e_bytes, r_2_bytes together to get esk_A_prime tmp = e_bytes + r_2_bytes esk_A_prime = waters.sha2(tmp) esk_A_prime = esk_A_prime[0:16] # get the first 128 bits # calculate r and x prf1 = MYPRF(lsk_A_prime) tmp1 = prf1._encrypt(e_bytes) prf2 = MYPRF(esk_A_prime) tmp2 = prf2._encrypt(r_1_bytes) tmp1 = tmp1['CipherText'] tmp2 = tmp2['CipherText'] r_value = Conversion.OS2IP(tmp1[0:20], True) + Conversion.OS2IP(tmp2[0:20], True) x_value = Conversion.OS2IP(tmp1[20:40], True) + Conversion.OS2IP(tmp2[20:40], True) r_value = r_value % group_order x_value = x_value % group_order u_1_value = (g_1 ** r_value) % group.p u_2_value = (g_2 ** r_value) % group.p X_value = (g ** x_value) % group.p # send group.p, group.q, g, g1, g2, hp1, hp2, u1, u2, X, t to party B u_1_bytes = Conversion.IP2OS(u_1_value, 128) u_2_bytes = Conversion.IP2OS(u_2_value, 128) X_bytes = Conversion.IP2OS(X_value, 128) to_send = group_p_bytes + group_q_bytes + g_bytes + g_1_bytes + g_2_bytes + hp_1_bytes + hp_2_bytes + u_1_bytes + u_2_bytes + X_bytes + t_bytes # print('connecting to {} port {}'.format(*server_address)) # sock.connect(server_address)