Esempio n. 1
0
    def check_equal_logs(self, logs, v):
        (r, c, d) = logs
        temp1 = pow(self.g1, d, DH_MODULUS) * pow(self.g3o, c, DH_MODULUS) % DH_MODULUS

        temp2 = pow(self.qab, d, DH_MODULUS) * pow(r, c, DH_MODULUS) % DH_MODULUS

        cprime = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2))
        return long_to_bytes(c, 32) == cprime
Esempio n. 2
0
    def check_equal_coords(self, coords, v):
        (p, q, c, d1, d2) = coords
        temp1 = pow(self.g3, d1, DH_MODULUS) * pow(p, c, DH_MODULUS) % DH_MODULUS

        temp2 = pow(self.g1, d1, DH_MODULUS) * pow(self.g2, d2, DH_MODULUS) * pow(q, c, DH_MODULUS) % DH_MODULUS

        cprime = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2))

        return long_to_bytes(c, 32) == cprime
Esempio n. 3
0
    def check_equal_logs(self, logs, v):
        (r, c, d) = logs
        temp1 = pow(self.g1, d, DH_MODULUS) \
                * pow(self.g3o, c, DH_MODULUS) % DH_MODULUS

        temp2 = pow(self.qab, d, DH_MODULUS) \
                * pow(r, c, DH_MODULUS) % DH_MODULUS

        cprime = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2))
        return long_to_bytes(c, 32) == cprime
Esempio n. 4
0
    def proof_equal_logs(self, v):
        r = bytes_to_long(RNG.read(192))
        temp1 = pow(self.g1, r, DH1536_MODULUS)
        temp2 = pow(self.qab, r, DH1536_MODULUS)

        cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2))
        c = bytes_to_long(cb)
        temp1 = self.x3 * c % SM_ORDER
        d = (r - temp1) % SM_ORDER
        return c, d
Esempio n. 5
0
	def proof_equal_logs(self, v):
		r = random.randrange(2, DH_MAX)
		temp1 = pow(self.g1, r, DH_MODULUS)
		temp2 = pow(self.qab, r, DH_MODULUS)

		cb = HASH(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2))
		c = bytes_to_long(cb)
		temp1 = self.x3 * c % SM_ORDER
		d = (r - temp1) % SM_ORDER
		return c, d
Esempio n. 6
0
    def proof_equal_logs(self, v):
        r = randrange(2, DH_MAX)
        temp1 = pow(self.g1, r, DH_MODULUS)
        temp2 = pow(self.qab, r, DH_MODULUS)

        cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2))
        c = bytes_to_long(cb)
        temp1 = self.x3 * c % SM_ORDER
        d = (r - temp1) % SM_ORDER
        return c, d
Esempio n. 7
0
    def calculatePubkeyAuth(self, key, mackey):
        pubkey = self.privkey.serializePublicKey()
        buf = pack_mpi(self.dh.pub)
        buf += pack_mpi(self.gy)
        buf += pubkey
        buf += struct.pack(b'!I', self.ourKeyid)
        MB = self.privkey.sign(SHA256HMAC(mackey, buf))

        buf = pubkey
        buf += struct.pack(b'!I', self.ourKeyid)
        buf += MB
        return AESCTR(key).encrypt(buf)
Esempio n. 8
0
    def calculatePubkeyAuth(self, key, mackey):
        pubkey = self.privkey.serializePublicKey()
        buf = pack_mpi(self.dh.pub)
        buf += pack_mpi(self.gy)
        buf += pubkey
        buf += struct.pack(b'!I', self.ourKeyid)
        MB = self.privkey.sign(SHA256HMAC(mackey, buf))

        buf = pubkey
        buf += struct.pack(b'!I', self.ourKeyid)
        buf += MB
        return AESCTR(key).encrypt(buf)
Esempio n. 9
0
    def check_equal_coords(self, coords, v):
        (p, q, c, d1, d2) = coords
        temp1 = pow(self.g3, d1, DH_MODULUS) * pow(p, c, DH_MODULUS) \
                % DH_MODULUS

        temp2 = pow(self.g1, d1, DH_MODULUS) \
                * pow(self.g2, d2, DH_MODULUS) \
                * pow(q, c, DH_MODULUS) % DH_MODULUS

        cprime = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2))

        return long_to_bytes(c, 32) == cprime
Esempio n. 10
0
    def calculatePubkeyAuth(self, key, mackey):
    
        pubkey = self.privkey.serializePublicKey() # Changer cette méthode pour notre clé
        buf = pack_mpi(self.dh.pub)
        buf += pack_mpi(self.gy)
        buf += pubkey
        buf += struct.pack(b'!I', self.ourKeyid)
        MBsigned = self.privkey.sign(SHA256HMAC(mackey, buf))

        buf = pubkey
        buf += struct.pack(b'!I', self.ourKeyid)
        buf += MBsigned
        return AESCTR(key).encrypt(buf)
Esempio n. 11
0
    def proof_equal_coords(self, r, v):
        r1 = random.randrange(2, DH_MAX)
        r2 = random.randrange(2, DH_MAX)
        temp2 = pow(self.g1, r1, DH_MODULUS) * pow(self.g2, r2, DH_MODULUS) % DH_MODULUS
        temp1 = pow(self.g3, r1, DH_MODULUS)

        cb = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2))
        c = bytes_to_long(cb)

        temp1 = r * c % SM_ORDER
        d1 = (r1 - temp1) % SM_ORDER

        temp1 = self.secret * c % SM_ORDER
        d2 = (r2 - temp1) % SM_ORDER
        return c, d1, d2
Esempio n. 12
0
	def calculatePubkeyAuth(self, key, mackey):
	
		pubkey = self.privkey.serializePublicKey() # Clé d'authentification
		
		# Création de MAC(g^x, g^y, pubKey, IdPubKey)
		buf = pack_mpi(self.dh.pub)
		buf += pack_mpi(self.gy)
		buf += pubkey
		buf += struct.pack(b'!I', self.ourKeyid)
		MB = self.privkey.sign(SHA256HMAC(mackey, buf))

		# Création de Xb puis chiffrement
		xb = pubkey
		xb += struct.pack(b'!I', self.ourKeyid)
		xb += MB
		return AESCTR(key).encrypt(buf)
Esempio n. 13
0
    def checkPubkeyAuth(self, key, mackey, encsig):
        auth = AESCTR(key).decrypt(encsig)
        self.theirPubkey, auth = PK.parsePublicKey(auth)

        receivedKeyid, auth = proto.unpack(b'!I', auth)
        if receivedKeyid == 0:
            raise InvalidParameterError

        authbuf = pack_mpi(self.gy)
        authbuf += pack_mpi(self.dh.pub)
        authbuf += self.theirPubkey.serializePublicKey()
        authbuf += struct.pack(b'!I', receivedKeyid)

        if self.theirPubkey.verify(SHA256HMAC(mackey, authbuf), auth) is False:
            raise InvalidParameterError
        self.theirKeyid = receivedKeyid
Esempio n. 14
0
    def proof_equal_coords(self, r, v):
        r1 = randrange(2, DH_MAX)
        r2 = randrange(2, DH_MAX)
        temp2 = pow(self.g1, r1, DH_MODULUS) \
                * pow(self.g2, r2, DH_MODULUS) % DH_MODULUS
        temp1 = pow(self.g3, r1, DH_MODULUS)

        cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2))
        c = bytes_to_long(cb)

        temp1 = r * c % SM_ORDER
        d1 = (r1-temp1) % SM_ORDER

        temp1 = self.secret * c % SM_ORDER
        d2 = (r2 - temp1) % SM_ORDER
        return c, d1, d2
Esempio n. 15
0
    def checkPubkeyAuth(self, key, mackey, encsig):
        auth = AESCTR(key).decrypt(encsig)
        self.theirPubkey, auth = PK.parsePublicKey(auth)

        receivedKeyid, auth = proto.unpack(b'!I', auth)
        if receivedKeyid == 0:
            raise InvalidParameterError

        authbuf = pack_mpi(self.gy)
        authbuf += pack_mpi(self.dh.pub)
        authbuf += self.theirPubkey.serializePublicKey()
        authbuf += struct.pack(b'!I', receivedKeyid)

        if self.theirPubkey.verify(SHA256HMAC(mackey, authbuf), auth) is False:
            raise InvalidParameterError
        self.theirKeyid = receivedKeyid
Esempio n. 16
0
    def proof_equal_coords(self, r, v):
        r1 = bytes_to_long(RNG.read(192))
        r2 = bytes_to_long(RNG.read(192))
        temp2 = pow(self.g1, r1, DH1536_MODULUS) \
                * pow(self.g2, r2, DH1536_MODULUS) % DH1536_MODULUS
        temp1 = pow(self.g3, r1, DH1536_MODULUS)

        cb = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2))
        c = bytes_to_long(cb)

        temp1 = r * c % SM_ORDER
        d1 = (r1-temp1) % SM_ORDER

        temp1 = self.secret * c % SM_ORDER
        d2 = (r2 - temp1) % SM_ORDER
        return c, d1, d2
Esempio n. 17
0
	def checkPubkeyAuth(self, key, mackey, encsig):
	
		auth = AESCTR(key).decrypt(encsig)
		self.theirPubkey, auth = PK.parsePublicKey(auth) # Création d'une clé publique à partir de sa version serialisée (auth contient le reste des données)

		receivedKeyid, auth = proto.unpack(b'!I', auth)
		if receivedKeyid == 0:
			raise InvalidParameterError

		authbuf = pack_mpi(self.gy)
		authbuf += pack_mpi(self.dh.pub)
		authbuf += self.theirPubkey.serializePublicKey()
		authbuf += struct.pack(b'!I', receivedKeyid)
		
		if self.theirPubkey.verify(SHA256HMAC(mackey, authbuf), auth) is False:
			raise InvalidParameterError
		self.theirKeyid = receivedKeyid
Esempio n. 18
0
	def calculatePubkeyAuth(self, key, mackey):

		pubkey = self.privkey.serializePublicKey()
		buf = pack_mpi(self.dh.pub)
		buf += pack_mpi(self.gy)
		buf += pubkey
		buf += struct.pack(b'!I', self.ourKeyid)
		MBsigned = self.privkey.sign(SHA256HMAC(mackey, buf))
	
		logging.debug("Signature : {}".format( ':'.join(x.encode('hex') for x in MBsigned) ))
		
		buf = pubkey
		buf += struct.pack(b'!I', self.ourKeyid)
		buf += MBsigned
		
		logging.debug("Données envoyées : {}".format( ':'.join(x.encode('hex') for x in buf) ))
		
		return AESCTR(key).encrypt(buf)
Esempio n. 19
0
 def createAuthKeys(self):
     s = pow(self.gy, self.dh.priv, DH1536_MODULUS)
     sbyte = pack_mpi(s)
     self.sessionId = SHA256(b'\0' + sbyte)[:8]
     enc = SHA256(b'\1' + sbyte)
     self.enc_c, self.enc_cp = enc[:16], enc[16:]
     self.mac_m1 = SHA256(b'\2' + sbyte)
     self.mac_m2 = SHA256(b'\3' + sbyte)
     self.mac_m1p = SHA256(b'\4' + sbyte)
     self.mac_m2p = SHA256(b'\5' + sbyte)
Esempio n. 20
0
    def getSerializedPublicPayload(self):
    	
    	# Clé ECDSA
    	if self.keyType == 0x01:
    		return pack_data(self.getPublicPayload())
    	
    	else:
		    buf = b''
		    for x in self.getPublicPayload():
		        buf += pack_mpi(x)
		    return buf
Esempio n. 21
0
    def startAKE(self):
        self.r = long_to_bytes(getrandbits(128), 16)

        gxmpi = pack_mpi(self.dh.pub)

        self.hashgx = SHA256(gxmpi)
        self.encgx = AESCTR(self.r).encrypt(gxmpi)

        self.state = STATE_AWAITING_DHKEY

        return proto.DHCommit(self.encgx, self.hashgx)
Esempio n. 22
0
    def startAKE(self):
        self.r = RNG.read(16)

        gxmpi = pack_mpi(self.dh.pub)

        self.hashgx = SHA256(gxmpi)
        self.encgx = AESCTR(self.r).encrypt(gxmpi)

        self.state = STATE_AWAITING_DHKEY

        return proto.DHCommit(self.encgx, self.hashgx)
Esempio n. 23
0
 def createAuthKeys(self):
     s = pow(self.gy, self.dh.priv, DH_MODULUS)
     sbyte = pack_mpi(s)
     self.sessionId = SHA256(b'\x00' + sbyte)[:8]
     enc = SHA256(b'\x01' + sbyte)
     self.enc_c = enc[:16]
     self.enc_cp = enc[16:]
     self.mac_m1 = SHA256(b'\x02' + sbyte)
     self.mac_m2 = SHA256(b'\x03' + sbyte)
     self.mac_m1p = SHA256(b'\x04' + sbyte)
     self.mac_m2p = SHA256(b'\x05' + sbyte)
     self.extraKey = SHA256(b'\xff' + sbyte)
Esempio n. 24
0
	def createAuthKeys(self):
		s = pow(self.gy, self.dh.priv, DH_MODULUS)
		sbyte = pack_mpi(s)
		self.sessionId = SHA256(b'\x00' + sbyte)[:8]
		enc = SHA256(b'\x01' + sbyte)
		self.enc_c = enc[:16]
		self.enc_cp = enc[16:]
		self.mac_m1 = SHA256(b'\x02' + sbyte)
		self.mac_m2 = SHA256(b'\x03' + sbyte)
		self.mac_m1p = SHA256(b'\x04' + sbyte)
		self.mac_m2p = SHA256(b'\x05' + sbyte)
		self.extraKey = SHA256(b'\xff' + sbyte)
Esempio n. 25
0
	def createAuthKeys(self):
		
		s = self.dh.get_shared_secret(self.gy)
		sbyte = pack_mpi(s)
		self.sessionId = HASH(b'\x00' + sbyte)[:8]
		enc = HASH(b'\x01' + sbyte)
		self.enc_c = enc[:16]
		self.enc_cp = enc[16:]
		self.mac_m1 = HASH(b'\x02' + sbyte)
		self.mac_m2 = HASH(b'\x03' + sbyte)
		self.mac_m1p = HASH(b'\x04' + sbyte)
		self.mac_m2p = HASH(b'\x05' + sbyte)
		self.extraKey = HASH(b'\xff' + sbyte)
Esempio n. 26
0
	def startAKE(self):
	
		# Nombre aléatoire r
		self.r = long_to_bytes(random.getrandbits(128), 16)

		gxmpi = pack_mpi(self.dh.pub)

		self.hashgx = SHA256(gxmpi)
		self.encgx = AESCTR(self.r).encrypt(gxmpi)

		self.state = STATE_AWAITING_DHKEY

		# Retourne AESr(g^x), SHA256(g^x)
		return proto.DHCommit(self.encgx, self.hashgx)
Esempio n. 27
0
	def checkPubkeyAuth(self, key, mackey, encsig):
		
		auth = AESCTR(key).decrypt(encsig)
		
		logging.debug("Données reçues : {}".format( ':'.join(x.encode('hex') for x in auth) ))
		
		self.theirPubkey, auth = PK.parsePublicKey(auth)
		
		logging.debug("Clé parsée {}".format( ':'.join(x.encode('hex') for x in self.theirPubkey.serializePublicKey()) ))
		
		receivedKeyid, auth = proto.unpack(b'!I', auth)
		if receivedKeyid == 0:
			raise InvalidParameterError
			
		logging.debug("Signature reçue {}".format( ':'.join(x.encode('hex') for x in auth) ))

		authbuf = pack_mpi(self.gy)
		authbuf += pack_mpi(self.dh.pub)
		authbuf += self.theirPubkey.serializePublicKey()
		authbuf += struct.pack(b'!I', receivedKeyid)

		if self.theirPubkey.verify(SHA256HMAC(mackey, authbuf), auth) is False:
			raise InvalidParameterError
		self.theirKeyid = receivedKeyid
Esempio n. 28
0
    def create(cls, dh, y):
        s = pow(y, dh.priv, DH_MODULUS)
        sb = pack_mpi(s)

        if dh.pub > y:
            sendbyte = b'\1'
            rcvbyte = b'\2'
        else:
            sendbyte = b'\2'
            rcvbyte = b'\1'

        sendenc = SHA1(sendbyte + sb)[:16]
        sendmac = SHA1(sendenc)
        rcvenc = SHA1(rcvbyte + sb)[:16]
        rcvmac = SHA1(rcvenc)
        return cls(sendenc, sendmac, rcvenc, rcvmac)
Esempio n. 29
0
	def create(cls, dh, y):
		s = pow(y, dh.priv, DH_MODULUS)
		sb = pack_mpi(s)

		if dh.pub > y:
			sendbyte = b'\1'
			rcvbyte = b'\2'
		else:
			sendbyte = b'\2'
			rcvbyte = b'\1'

		sendenc = SHA1(sendbyte + sb)[:16]
		sendmac = SHA1(sendenc)
		rcvenc = SHA1(rcvbyte + sb)[:16]
		rcvmac = SHA1(rcvenc)
		return cls(sendenc, sendmac, rcvenc, rcvmac)
Esempio n. 30
0
	def create(cls, dh, y):

		s = dh.get_shared_secret(y)
		sb = pack_mpi(s)

		if dh.pub[0] > y[0]:
			sendbyte = b'\1'
			rcvbyte = b'\2'
		else:
			sendbyte = b'\2'
			rcvbyte = b'\1'

		sendenc = HASH(sendbyte + sb)[:16]
		sendmac = HASH(sendenc)
		rcvenc = HASH(rcvbyte + sb)[:16]
		rcvmac = HASH(rcvenc)
		return cls(sendenc, sendmac, rcvenc, rcvmac)
Esempio n. 31
0
def proof_known_log(g, x, v):
    r = randrange(2, DH_MAX)
    c = bytes_to_long(SHA256(struct.pack(b'B', v) + pack_mpi(pow(g, r, DH_MODULUS))))
    temp = x * c % SM_ORDER
    return c, (r-temp) % SM_ORDER
Esempio n. 32
0
def check_known_log(c, d, g, x, v):
    gd = pow(g, d, DH_MODULUS)
    xc = pow(x, c, DH_MODULUS)
    gdxc = gd * xc % DH_MODULUS
    return SHA256(struct.pack(b'B', v) + pack_mpi(gdxc)) == long_to_bytes(c, 32)
Esempio n. 33
0
def check_known_log(c, d, g, x, v):
	gd = pow(g, d, DH_MODULUS)
	xc = pow(x, c, DH_MODULUS)
	gdxc = gd * xc % DH_MODULUS
	return HASH(struct.pack(b'B', v) + pack_mpi(gdxc)) == long_to_bytes(c, 32)
Esempio n. 34
0
	def serialize_pubKey(cls, pubKey):
		return pack_mpi(pubKey[0])+pack_mpi(pubKey[1])
Esempio n. 35
0
def proof_known_log(g, x, v):
    r = bytes_to_long(RNG.read(192))
    c = bytes_to_long(SHA256(struct.pack(b'B', v) + pack_mpi(pow(g, r, DH1536_MODULUS))))
    temp = x * c % SM_ORDER
    return c, (r-temp) % SM_ORDER
Esempio n. 36
0
 def getPayload(self):
     d = struct.pack(b'!I', len(self.mpis))
     for n in self.mpis:
         d += pack_mpi(n)
     return d
Esempio n. 37
0
 def getSerializedPrivatePayload(self):
     buf = b''
     for x in self.getPrivatePayload():
         buf += pack_mpi(x)
     return buf
Esempio n. 38
0
def proof_known_log(g, x, v):
	r = random.randrange(2, DH_MAX)
	c = bytes_to_long(HASH(struct.pack(b'B', v) + pack_mpi(pow(g, r, DH_MODULUS))))
	temp = x * c % SM_ORDER
	return c, (r-temp) % SM_ORDER
Esempio n. 39
0
 def getSerializedPrivatePayload(self):
     buf = b''
     for x in self.getPrivatePayload():
         buf += pack_mpi(x)
     return buf
Esempio n. 40
0
 def getPayload(self):
     d = struct.pack(b"!I", len(self.mpis))
     for n in self.mpis:
         d += pack_mpi(n)
     return d
Esempio n. 41
0
	def get_serialized_privKey(self):
		return pack_mpi(self.priv)