def verify_fake_set(self, fake_indices, fake_blinds):
"""
Verify that fake blinds correspond to the fake values.
Arguments:
fake_indices (list): An integer list that indicates the indices of the
fake puzzles.
fake_blinds (list): The fake values that were used to generate the
fake puzzles.
Have to be of same size as rsa key.
Returns:
The keys used to encrypt the fake puzzles
if the fake_blinds^pk == fake puzzles, or None.
"""
if len(fake_indices) != len(fake_blinds) or len(fake_blinds) != self.n:
return None
for i in range(self.n):
if len(fake_blinds[i]) != self.key.size:
return None
r = self.key.setup_blinding(fake_blinds[i])
temp = BNToBin(r.bn_A, self.key.size)
if BNToBin(r.bn_A, self.key.size) != self.puzzles[fake_indices[i]]:
return None
return [self.keys[x] for x in fake_indices]
def verify_fake_set(self, fake_indices, fake_blinds):
if len(fake_indices) != len(fake_blinds) or len(fake_blinds) != self.n:
return None
for i in range(self.n):
if len(fake_blinds[i]) != self.key.size:
return None
r = self.key.setup_blinding(fake_blinds[i])
temp = BNToBin(r.bn_A, self.key.size)
if BNToBin(r.bn_A, self.key.size) != self.puzzles[fake_indices[i]]:
return None
return [self.keys[x] for x in fake_indices]
def serialize_sig(self, sig):
"""
Takes in a signature in DER format and returns a byte
string of R + S that should be 64 bytes in length
"""
sig_struct = ECDSA_SIG_st()
p_sig_struct = ctypes.byref(ctypes.pointer(sig_struct))
p_sig = ctypes.byref(ctypes.c_char_p(sig))
_ssl.d2i_ECDSA_SIG(p_sig_struct, p_sig, len(sig))
r = BNToBin(sig_struct.r, 32)
s = BNToBin(sig_struct.s, 32)
return r + s
def revert_blind(self, msg, blind):
"""
Removes a blind r from the message.
Args:
msg (bytes): A blinded message.
blind: The blind that was used on the msg. instance of Blind
Returns:
A byte string of the unblinded msg on success, None otherwise
"""
if len(msg) != self.size or blind is None:
return None
ctx = _ssl.BN_CTX_new()
f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())
if _ssl.BN_mod_mul(f, f, blind.bn_ri, self.bn_n, ctx) != 1:
logging.debug('Failed to unblind msg')
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return None
unblinded_msg = BNToBin(f, self.size)
# Cleanup
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return unblinded_msg
def blind(self, msg, blind):
"""
Blinds a msg.
Args:
msg (bytes): Message to be blinded.
blind: The blind that was used on the msg. instance of Blind
Returns:
A byte string of the blinded msg on success, None otherwise
"""
if len(msg) != self.size or blind is None:
return None
ctx = _ssl.BN_CTX_new()
f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())
if _ssl.BN_mod_mul(f, f, blind.bn_A, self.bn_n, ctx) != 1:
logging.debug('Failed to blind msg')
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return None
blinded_msg = BNToBin(f, self.size)
# Free
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return blinded_msg
def unblind(self, msg, blind):
"""
Unblinds a msg.
Args:
msg: A string - a blinded message.
len(msg) must equal self.size
blind: The blind that was used on the msg. instance of Blind
Returns:
A byte string of the unblinded msg on success, None otherwise
"""
if (len(msg) != self.size or blind is None):
return None
ctx = _ssl.BN_CTX_new()
f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())
if _ssl.BN_mod_mul(f, f, blind.bn_Ai, self.bn_n, ctx) != 1:
logging.debug("Failed to unblind msg")
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return None
unblinded_msg = BNToBin(f, self.size)
# Cleanup
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return unblinded_msg
def get_random(bits, mod=None):
"""
Returns a random byte string of size `bits`/8 bytes.
Args:
bits (int): The number of bits the random string should have.
mod (:obj:`ctypes.c_void_p`, optional): A pointer to a BN instance
Returns:
A byte strings of length `bits`/8 or None if an error occured
If mod is set the random byte string will have a value < mod
"""
ctx = _ssl.BN_CTX_new()
_ssl.BN_CTX_start(ctx)
r = _ssl.BN_CTX_get(ctx)
ret = _ssl.BN_CTX_get(ctx)
if mod:
if _ssl.BN_rand_range(r, mod) == 0:
logging.debug("get_random: failed to generate random number")
return None
while _ssl.BN_gcd(ret, r, mod, ctx) != 1:
logging.debug("R is not a relative prime")
if _ssl.BN_rand_range(r, mod) == 0:
logging.debug("get_random: failed to generate random number")
return None
else:
if _ssl.BN_rand(r, bits, 0, 1) == 0:
logging.debug("get_random: failed to generate random number")
return None
rand = BNToBin(r, bits // 8)
_ssl.BN_free(r)
_ssl.BN_free(ret)
_ssl.BN_CTX_end(ctx)
_ssl.BN_CTX_free(ctx)
return rand
def multiply(self, z1, q2):
""" Computes `z1` * `q2^e` mod `n`
`e` is the rsa key public exponent
`n` is the rsa key modulus
Returns:
A byte string representing the result of the computation
"""
# Convert to BN
z1_bn = BinToBN(z1)
q2_bn = BinToBN(q2)
# Prep context
ctx = _ssl.BN_CTX_new()
_ssl.BN_CTX_start(ctx)
# Get q2 ^ e
ret = _ssl.BN_mod_exp(q2_bn, q2_bn, self.rsa_key.bn_e,
self.rsa_key.bn_n, ctx)
if ret != 1:
return None
# Multiply z1 * (q2 ^ e) mod n
ret = _ssl.BN_mod_mul(z1_bn, z1_bn, q2_bn, self.rsa_key.bn_n, ctx)
if ret != 1:
return None
result = BNToBin(z1_bn, self.rsa_key.size)
_ssl.BN_free(z1_bn)
_ssl.BN_free(q2_bn)
_ssl.BN_CTX_end(ctx)
_ssl.BN_CTX_free(ctx)
return result
def prepare_puzzle_set(self, puzzle):
bits = self.key.size * 8
# Prepare reals
reals = []
self.real_blinds = []
for i in range(self.m):
r = self.compute_rand(bits)
blind = self.key.setup_blinding(r)
blinded_val = self.key.blind(self.puzzle, blind)
if blinded_val is None:
return None
reals += [blinded_val]
self.real_blinds += [r]
# Prepare fakes
fakes = []
self.fake_blinds = []
for i in range(self.n):
r = self.compute_rand(bits)
blind = self.key.setup_blinding(r)
if blind is None:
return None
fakes += [BNToBin(blind.bn_A, self.key.size)]
self.fake_blinds += [r]
# Create Shuffled puzzle set
self.puzzle_set = fakes[:]
self.puzzle_set += reals
shuffle(self.puzzle_set)
# Record indices
self.R = [self.puzzle_set.index(x) for x in reals]
self.F = [self.puzzle_set.index(x) for x in fakes]
return self.puzzle_set
def get_quotient(self, q1, q2):
""" Computes (`q2` / `q1`) mod `n`
`n` is the rsa key modulus
Returns:
A byte string representing the result of the computation
"""
# Convert to BN
q1_bn = BinToBN(q1)
q2_bn = BinToBN(q2)
if q1_bn is None or q2_bn is None:
return None
# Prep context
ctx = _ssl.BN_CTX_new()
_ssl.BN_CTX_start(ctx)
# Invert q1
_ssl.BN_mod_inverse(q1_bn, q1_bn, self.rsa_key.bn_n, ctx)
# Multiplty q2 * (q1)^-1
ret = _ssl.BN_mod_mul(q1_bn, q1_bn, q2_bn, self.rsa_key.bn_n, ctx)
if ret != 1:
return None
quotient = BNToBin(q1_bn, self.rsa_key.size)
_ssl.BN_free(q1_bn)
_ssl.BN_free(q2_bn)
_ssl.BN_CTX_end(ctx)
_ssl.BN_CTX_free(ctx)
return quotient