def sign(tsm2):
data = func.random_hex(len(n))
k1_str = func.random_hex(len(n))
print(tsm2.send_p1(data, k1_str))
backdoor = input('backdoor:').strip()
result = tsm2.output_p1(k1_str, backdoor)
print(result)
def sm2_key_pair_func(self):
sm2_crypt = sm2.CryptSM2(private_key="", public_key="")
#产生私钥
pvk_str = self.privkey.text().strip()
if pvk_str != "":
if True != self.is_hex_string(pvk_str):
self.privkey.setText(pvk_str[0:len(pvk_str) - 1].upper())
self.Qmsgbox_show("Error", "Please input hex number")
return
if len(pvk_str) != 64:
info = "Length of the private key hex number string is : %d, error !" % (len(pvk_str))
self.Qmsgbox_show("Error", info)
return
self.privkey.setText(pvk_str.upper())
prvk_hex = pvk_str
else:
prvk_hex = func.random_hex(sm2_crypt.para_len)
self.privkey.setText(prvk_hex.upper())
self.result_textEdit.append("Gen Keypair - private key: " + prvk_hex.upper())
k = int(prvk_hex, 16)
#计算公钥
Pubk = sm2_crypt._kg(k, sm2_crypt.ecc_table['g'])
self.pubkx_LE.setText(Pubk[0:64].upper())
self.pubky_LE.setText(Pubk[64:len(Pubk)].upper())
self.result_textEdit.append("Gen Keypair - public key: " + Pubk.upper())
def generate_token(key, salt=func.random_hex(16)):
"""
@Args:
key: str (用户给定的key,需要用户保存以便之后验证token,每次产生token时的key 都可以是同一个key)
salt: gmssl func random_hex 生成的随机数
expire: int(最大有效时间,单位为s)
visit_limit: int(最大访问次数)
@Return:
state: str
"""
r = RedisInstance()
visit_limit = r.client.hget("appId:{}".format(key), "visit_limit")
if visit_limit is not None:
visit_limit = int(visit_limit)
else:
visit_limit = VISIT_LIMIT_DEFAULT
uri_list = r.client.hget("appid:{}".format(key), "uri_list")
if uri_list is None:
uri_list = "*"
data = "{timestamp}:{key}:{salt}:{expire}:{visit_limit}:{uri_list}".format(
timestamp=int(time.time()),
key=key,
salt=salt,
expire=EXPIRE_DEFAULT + int(time.time()),
visit_limit=visit_limit,
uri_list=uri_list)
enc_data = sm2_crypt.encrypt(data=data.encode('utf-8'))
b64_token = base64.urlsafe_b64encode(enc_data)
b64_token_dec = b64_token.decode("utf-8")
return b64_token_dec
def sm2_sign_func(self):
private_key = self.privkey.text().strip()
if len(private_key) != 64:
self.Qmsgbox_show("Error", "Private key len is (%d) HEXs not 32 bytes" % len(private_key))
return
self.result_textEdit.append("SM2 Sign Privatekey: " + private_key)
sm2_crypt = sm2.CryptSM2(private_key=private_key, public_key="")
sm2_msg = self.plaintext_hex.text().strip()
if sm2_msg != "":
self.result_textEdit.append("SM2 Sign msg: " + sm2_msg)
e_hash = self.e_LE.text().strip()
if len(e_hash) != 64:
self.Qmsgbox_show("Error", "e Hash, len is (%d) HEXs not 32 bytes" % len(e_hash))
return
self.result_textEdit.append("SM2 Sign e_hash: " + e_hash)
random_hex_str = func.random_hex(sm2_crypt.para_len)
self.result_textEdit.append("SM2 Sign Randnumber: " + random_hex_str.upper())
sign = sm2_crypt.sign(bytes().fromhex(e_hash), random_hex_str)
self.result_textEdit.append("SM2 Sign Result Hex: " + sign.upper())
data_r = sign[0:64]
self.result_textEdit.append("SM2 Sign Result: R Hex: " + data_r.upper())
data_s = sign[64:]
self.result_textEdit.append("SM2 Sign Result: S Hex: " + data_s.upper())
self.R.setText(data_r.upper())
self.S.setText(data_s.upper())
self.signature_value.setText(sign.upper())
def _sign(self, data, sk):
k_str = func.random_hex(len(self.ecc_table['n']))
k = int(k_str, 16) % int(self.ecc_table['n'], base=16)
R = self._kg(k, self.ecc_table['g'])
x1 = R[0:self.para_len]
e_str = self.sm3_hash_str(x1 + data)
e = int(e_str, 16)
d = int(sk, 16)
s = (k - d * e) % int(self.ecc_table['n'], base=16)
return '%064x%064x' % (s, e)
def sm2_sign(pri_k, d):
"""
签名
:param pri_k: <bytes>公钥
:param d: <bytes>数据
:return: <bytes>
"""
random = func.random_hex(64)
sm2_crypt = sm2.CryptSM2(pri_k, 0)
return sm2_crypt.sign(d, random).encode()
def sign(self, content, privateKey=None):
if privateKey is None:
privateKey = self.privateKey_
elif privateKey != self.privateKey_:
raise Exception("illegal privateKey")
from gmssl import func
random_hex_str = func.random_hex(self.sm2_crypt_.para_len)
if not isinstance(content, bytes):
content = bytes(content, encoding="utf8")
sign = self.sm2_crypt_.sign(content, random_hex_str)
return sign
def sm2_key_pair_func(self):
sm2_crypt = sm2.CryptSM2(private_key="", public_key="")
#产生私钥
random_hex_str = func.random_hex(sm2_crypt.para_len)
self.privkey.setText(random_hex_str.upper())
self.result_textEdit.append("Gen Keypair - private key: " + random_hex_str.upper())
k = int(random_hex_str, 16)
#计算公钥
Pubk = sm2_crypt._kg(k, sm2_crypt.ecc_table['g'])
self.pubkx_LE.setText(Pubk[0:64].upper())
self.pubky_LE.setText(Pubk[64:len(Pubk)].upper())
self.result_textEdit.append("Gen Keypair - public key: " + Pubk.upper())
def __init__(self, sk):
ecc_table = sm2p256v1_ecc_table
self.ecc_table = ecc_table
self.n = int(ecc_table['n'], 16)
self.para_len = len(ecc_table['n'])
self.ecc_a3 = (int(ecc_table['a'], base=16) + 3) % int(ecc_table['p'],
base=16)
self.sk = int(sk, 16)
self.pk = self._kg(self.sk, ecc_table['g'])
self.sks = int(func.random_hex(self.para_len), 16)
self.pks = pow((self.sk + 1) * self.sks, self.n - 2, self.n) % self.n
def generate():
private_key = '00' + func.random_hex(64)
# private_key = '00B9AB0B828FF68872F21A837FC303668428DEA11DCD1B24429D0C99E24EED83D5'
public_key = ''
sm2_crypt = sm2.CryptSM2(public_key=public_key, private_key=private_key)
# public_key(point) = private_key(int) * g(generator point)
public_key = sm2_crypt._kg2(int(private_key, 16), sm2.default_ecc_table['g'])
# ensure that works
sm2_crypt = sm2.CryptSM2(public_key=public_key, private_key=private_key)
data = b'zeox'
enc_data = sm2_crypt.encrypt(data)
dec_data =sm2_crypt.decrypt(enc_data)
assert dec_data == data, 'generation failed, try again'
random_hex_str = func.random_hex(sm2_crypt.para_len)
sign = sm2_crypt.sign(data, random_hex_str)
assert sm2_crypt.verify(sign, data)
return {
'pubkey': public_key,
'pvtkey': private_key
}
def test_sm2():
private_key = '00B9AB0B828FF68872F21A837FC303668428DEA11DCD1B24429D0C99E24EED83D5'
public_key = 'B9C9A6E04E9C91F7BA880429273747D7EF5DDEB0BB2FF6317EB00BEF331A83081A6994B8993F3F5D6EADDDB81872266C87C018FB4162F5AF347B483E24620207'
sm2_crypt = sm2.CryptSM2(public_key=public_key, private_key=private_key)
data = b"111"
enc_data = sm2_crypt.encrypt(data)
#print("enc_data:%s" % enc_data)
#print("enc_data_base64:%s" % base64.b64encode(bytes.fromhex(enc_data)))
dec_data = sm2_crypt.decrypt(enc_data)
print(b"dec_data:%s" % dec_data)
assert data == dec_data
print("-----------------test sign and verify---------------")
random_hex_str = func.random_hex(sm2_crypt.para_len)
sign = sm2_crypt.sign(data, random_hex_str)
print('sign:%s' % sign)
verify = sm2_crypt.verify(sign, data)
print('verify:%s' % verify)
assert verify
def sm2_sign_func(self):
private_key = self.privkey.text().strip()
if len(private_key) != 64:
QMessageBox.about(self, "Error", "Private key len is not 32 bytes")
return
self.result_textEdit.append("SM2 Sign Privatekey: " + private_key)
sm2_crypt = sm2.CryptSM2(private_key=private_key, public_key="")
sm2_msg = self.plaintext_hex.text().strip()
if sm2_msg != "":
self.result_textEdit.append("SM2 Sign msg: " + sm2_msg)
e_hash = self.e_LE.text().strip()
if len(e_hash) != 64:
QMessageBox.about(self, "Error", "e Hash, len is not 32 bytes")
return
self.result_textEdit.append("SM2 Sign e_hash: " + e_hash)
random_hex_str = func.random_hex(sm2_crypt.para_len)
self.result_textEdit.append("SM2 Sign Randnumber: " +
random_hex_str.upper())
sign = sm2_crypt.sign(bytes().fromhex(e_hash), random_hex_str)
self.result_textEdit.append("SM2 Sign Result: " + sign.upper())
self.signature_value.setText(sign.upper())
def decrypt(info_raw, file_enc):
endianness = func.endianness
data = func.destructure(file_enc)[0]
# decrypt sm4 key
private_key = info_raw['decrypt key']
public_key = ''
sm2_crypt = sm2.CryptSM2(public_key=public_key, private_key=private_key)
sm4_key = sm2_crypt.decrypt(data['sm4_key'])
# verify digestn
lf = len(file_enc)
# if sm3.hash(file_enc[lf - 142:lf - 32]) != file_enc[lf - 32:]:
# return 'block digest unmatch'
visited = data['flags'][0] >= 8 * 16
prev_info = func.parse_info(file_enc[lf - 110:lf - 32])
if visited:
prev_signature = prev_info['signature']
prev_id = prev_info['id']
prev_pubkey = None
# verify the previous visitor's signature
# this shall be done by the server
# but here we use local csv file for demonstration
# with open('database/keypairs.csv') as file:
# kps = csv.reader(file)
# for kp in kps:
# if kp[0] == prev_id:
# prev_pubkey = kp[2]
# break
# assert prev_pubkey != None, 'signer not found'
# sm2_verify = sm2.CryptSM2(public_key=prev_pubkey, private_key='')
# prev_sign_data = file_enc[lf - 110:lf - 106] + file_enc[lf - 42:lf - 32]
# assert sm2_verify.verify(prev_signature, prev_sign_data)
ip_addr = socket.gethostbyname(socket.gethostname())
my_info = {
'time_stamp':
int(time.time()).to_bytes(4, endianness),
'signature':
b'',
'ip_addr':
b''.join([int(i).to_bytes(1, endianness) for i in ip_addr.split('.')]),
'id':
info_raw['id'].encode('ascii')
}
sm2_sign = sm2.CryptSM2(public_key='', private_key=info_raw['private key'])
random_hex_str = func.random_hex(sm2_crypt.para_len)
sign_data = my_info['time_stamp'] + my_info['ip_addr'] + my_info['id']
my_info['signature'] = bytes.fromhex(
sm2_sign.sign(sign_data, random_hex_str))
# decypt file
crypt_sm4 = CryptSM4()
crypt_sm4.set_key(sm4_key, SM4_DECRYPT)
file_data = crypt_sm4.crypt_ecb(data['file_encrypted'])
# update the visitor's chain
# post the my_info dict to the server
# with open('database/visitors.csv', 'w', newline='') as file:
# writer = csv.writer(file)
# writer.writerow([repr(my_info[key]) for key in my_info])
try:
viewer.viewPdfBytes(file_data)
except RuntimeError:
return 'wrong decrypt key'
return [repr(my_info[key]) for key in my_info]
# class QtGui(QWidget):
# def __init__(self):
# super().__init__()
# self.initUI()
# def initUI(self):
# self.structureLabel = QLabel('Enc-File Decrypter')
# self.structureLabel.setStyleSheet('''
# color: #333;
# font-size: 35px;
# font-weight: 700;
# margin-top: 10px;
# margin-bottom: 35px;
# ''')
# self.idLabel = QLabel('user ID ')
# # self.pubkeyLabel = QLabel('public key ')
# self.pvtkeyLabel = QLabel('private key')
# self.deckeyLabel = QLabel('decrypt key')
# for item in [self.idLabel, self.pvtkeyLabel, self.deckeyLabel]:
# item.setStyleSheet('''
# width: 200px;
# color: #333;
# font-size: 25px;
# font-weight: 400;
# ''')
# self.idEdit = QLineEdit()
# # self.pubkeyEdit = QLineEdit()
# self.pvtkeyEdit = QLineEdit()
# self.deckeyEdit = QLineEdit()
# for item in [self.idEdit, self.pvtkeyEdit, self.deckeyEdit]:
# item.setStyleSheet('''
# padding: 5px 8px;
# width: 600px;
# font-size: 22px;
# color: #333;
# margin-left: 10px;
# ''')
# self.fileBtn = QPushButton('Select File', self)
# self.fileBtn.clicked.connect(self.openFile)
# self.fileBtn.setStyleSheet('''
# background-color: #80aaff;
# color: white;
# margin: 25px;
# width: 140px;
# height: 30px;
# padding: 10px 24px;
# border: none;
# font-weight: 1000;
# font-size: 22px;
# ''')
# self.msgLabel = QLabel('')
# self.msgLabel.setStyleSheet('''
# color: #ff6666;
# font-size: 26px;
# font-weight: 500;
# ''')
# labelHbox = QHBoxLayout()
# labelHbox.addStretch(1)
# labelHbox.addWidget(self.structureLabel)
# labelHbox.addStretch(1)
# idHbox = QHBoxLayout()
# idHbox.addStretch(1)
# idHbox.addWidget(self.idLabel)
# idHbox.addWidget(self.idEdit)
# idHbox.addStretch(1)
# # pubkeyHbox = QHBoxLayout()
# # pubkeyHbox.addStretch(1)
# # pubkeyHbox.addWidget(self.pubkeyLabel)
# # pubkeyHbox.addWidget(self.pubkeyEdit)
# # pubkeyHbox.addStretch(1)
# pvtkeyHbox = QHBoxLayout()
# pvtkeyHbox.addStretch(1)
# pvtkeyHbox.addWidget(self.pvtkeyLabel)
# pvtkeyHbox.addWidget(self.pvtkeyEdit)
# pvtkeyHbox.addStretch(1)
# deckeyHbox = QHBoxLayout()
# deckeyHbox.addStretch(1)
# deckeyHbox.addWidget(self.deckeyLabel)
# deckeyHbox.addWidget(self.deckeyEdit)
# deckeyHbox.addStretch(1)
# btnHbox = QHBoxLayout()
# btnHbox.addStretch(1)
# btnHbox.addWidget(self.fileBtn)
# btnHbox.addStretch(1)
# msgHbox = QHBoxLayout()
# msgHbox.addStretch(1)
# msgHbox.addWidget(self.msgLabel)
# msgHbox.addStretch(1)
# vbox = QVBoxLayout()
# vbox.addStretch(1)
# vbox.addLayout(labelHbox)
# vbox.addLayout(idHbox)
# # vbox.addLayout(pubkeyHbox)
# vbox.addLayout(pvtkeyHbox)
# vbox.addLayout(deckeyHbox)
# vbox.addLayout(btnHbox)
# vbox.addLayout(msgHbox)
# vbox.addStretch(1)
# self.setLayout(vbox)
# self.step = 0
# self.setGeometry(500, 250, 900, 500)
# self.setWindowTitle('D3CRYPT decrypter')
# self.setWindowIcon(QIcon('img/key.png'))
# self.setStyleSheet("background-color: white;")
# self.show()
# def showMsg(self, content):
# self.msgLabel.setText(content)
# def openFile(self):
# info_raw = {
# 'id': self.idEdit.text(),
# # 'public key': self.pubkeyEdit.text(),
# 'private key': self.pvtkeyEdit.text(),
# 'decrypt key': self.deckeyEdit.text()
# }
# for key in info_raw:
# if len(info_raw[key]) == 0:
# self.showMsg(key + ' cannot be empty')
# return
# try:
# int(info_raw[key], 16)
# except ValueError:
# self.showMsg(key + ' is invalid')
# return
# self.showMsg('')
# fname = QFileDialog.getOpenFileName(self, 'Open file', r'D:\\projects\\cryptocontest\\project')
# if fname[0]:
# if '.enc' not in fname[0]:
# self.showMsg('invalid document\nyou should select a .enc file')
# return
# self.showMsg('')
# self.showMsg(main(info_raw, fname[0]))
# if __name__ == '__main__':
# app = QApplication(sys.argv)
# gui = QtGui()
# sys.exit(app.exec_())
z_inv = pow(z,
int(self.ecc_table['p'], base=16) - 2,
int(self.ecc_table['p'], base=16))
z_invSquar = (z_inv * z_inv) % int(self.ecc_table['p'], base=16)
z_invQube = (z_invSquar * z_inv) % int(self.ecc_table['p'], base=16)
x_new = (x * z_invSquar) % int(self.ecc_table['p'], base=16)
y_new = (y * z_invQube) % int(self.ecc_table['p'], base=16)
z_new = (z * z_inv) % int(self.ecc_table['p'], base=16)
if z_new == 1:
form = '%%0%dx' % self.para_len
form = form * 2
return form % (x_new, y_new)
else:
return None
if __name__ == '__main__':
sk = func.random_hex(len(sm2p256v1_ecc_table['n']))
tsm2 = TSM2(sk)
print('pk:%s' % tsm2.pk)
print('pks:%064x' % tsm2.pks)
for i in range(10):
op = input('op: ').strip()
if op == 'sign':
sign(tsm2)
elif op == 'verify':
verify(tsm2)
else:
print("""sign: sign message
verify: verify message""")
def get_private_key():
"""
生成私钥
:return: <bytes> 私钥
"""
return func.random_hex(64).encode()
def handleLogin(self, e):
if not self.connected:
return
global jwt
self.clearStatuses()
username, ok = qw.QInputDialog.getText(self, 'name',
'Enter your name:')
if not ok:
return
global keys
self.changeStatus(0, 'searching local keys', 'loading')
# time.sleep(500)
found = False
for filename in os.listdir('.'):
if filename == "%s_keys.json" % username:
found = True
with open(filename, 'r') as f:
keys = json.loads(f.read())
if not found:
self.changeStatus(1, 'keys.json not found', 'question')
self.changeStatus(2, 'please select it yourself', 'question')
# time.sleep(500)
fname = qw.QFileDialog.getOpenFileName(self, 'select keys.json',
'.')
if not fname[0]:
self.clearStatuses()
return
if filename == ("%s_keys.json" % username):
with open(fname[0], 'r') as f:
keys = json.loads(f.read())
else:
self.changeStatus(0, 'that is not your key', 'wrong')
return
self.clearStatuses()
self.changeStatus(0, 'posting signature', 'loader')
timestring = str(int(time.time()))
sm2_sign = sm2.CryptSM2(public_key='', private_key=keys['pvtkey'])
random_hex_str = func.random_hex(sm2_sign.para_len)
sign_data = (username + timestring).encode('ascii')
req_data = json.dumps({
'mode':
'LOGIN',
'username':
username,
'timeval':
timestring,
'signature':
sm2_sign.sign(sign_data, random_hex_str)
})
sock.send(req_data.encode('ascii'))
res = recv_except()
if res == None:
return
res_data = json.loads(res.decode('ascii'))
if res_data['status'] == '200':
self.changeStatus(0, 'signature verified', 'check')
self.changeStatus(1, 'successfully logged in', 'check')
jwt = res_data['jwt']
self.close()
gui.show()
else:
self.changeStatus(1, res_data['msg'], 'wrong')
def sm2_sign(private_key, public_key, data):
sm2_crypt = sm2.CryptSM2(public_key=public_key, private_key=private_key)
random_hex_str = func.random_hex(sm2_crypt.para_len)
sign = sm2_crypt.sign(data, random_hex_str)
print('sign:%s' % sign)
data = file.read()
print(hash_msg(data) + "\n")
with open("sm3pdf-hash.txt", "w", encoding="utf-8") as hash_file:
hash_file.write(hash_msg(data))
pk, sk = generate_keypair()
print(pk.hex() + "\n")
print(sk.hex() + "\n")
sm2_crypt = sm2.CryptSM2(public_key=pk.hex(), private_key=sk.hex())
with open("sm2.pem", "w", encoding="utf-8") as sm2:
sm2.write(sk.hex())
with open("sm2Pub.pem", "w", encoding="utf-8") as sm2Pub:
sm2Pub.write(pk.hex())
data = bytes.fromhex(hash_msg(data))
random_hex_str = func.random_hex(sm2_crypt.para_len)
sign = sm2_crypt.sign(data, random_hex_str)
print(sign + "\n")
with open("sm3pdf-sign.txt", "w", encoding="utf-8") as sm3PdfSign:
sm3PdfSign.write(sign)
if sm2_crypt.verify(sign, data):
print("right")
else:
print("wrong")
def sign(pub_key, pri_key, msg: str):
encrypter = sm2.CryptSM2(public_key=pub_key, private_key=pri_key)
k = func.random_hex(encrypter.para_len) # 生成随机数
signature = encrypter.sign(msg.encode(), k) # 十六进制签名
return signature
