def test_shared_2(self):
for _ in range(1024):
pri1 = curve25519.genkey()
pri2 = curve25519.genkey()
pub1 = curve25519.public(pri1)
pub2 = curve25519.public(pri2)
shared1 = curve25519.shared(pri1, pub2)
shared2 = curve25519.shared(pri2, pub1)
self.assertEqual(shared1, shared2)
def test_shared_2(self):
for _ in range(1024):
pri1 = curve25519.genkey()
pri2 = curve25519.genkey()
pub1 = curve25519.public(pri1)
pub2 = curve25519.public(pri2)
shared1 = curve25519.shared(pri1, pub2)
shared2 = curve25519.shared(pri2, pub1)
self.assertEqual(shared1, shared2)
def generate_new_seed():
# deserialize master ECDH public key embedded in program
master_pub = curve25519.public(unhexlify(MASTER_PUB_HEX))
# generate a random (yes, actually random) ECDH private key
ephem = curve25519.genkey()
# derive the corresponding public key for later embedding
ephem_pub = curve25519.public(ephem)
# combine the ECDH keys to generate the seed
seed = curve25519.shared(ephem, master_pub)
return seed, ephem_pub
def _write_operation_start(algorithm, operation):
"""Writes a fresh Operation Start message to tmp/operation_start.bin.
Generates an ECDHE key specified by <algorithm> and writes an Operation
Start message for executing <operation> on the device.
Args:
algorithm: Integer specifying the curve to use for the session key.
1: P256, 2: X25519
operation: Specifies the operation. 1: Certify, 2: Issue, 3: Issue Encrypted
Raises:
ValueError: algorithm or operation is is invalid.
"""
global _session_params
if algorithm > 2 or algorithm < 1:
raise ValueError('Invalid algorithm value.')
if operation > 3 or operation < 1:
raise ValueError('Invalid operation value.')
# Generate new key for each provisioning session
if algorithm == _ALGORITHMS['x25519']:
private_key = curve25519.genkey()
# Make 33 bytes to match P256
public_key = curve25519.public(private_key) + '\0'
elif algorithm == _ALGORITHMS['p256']:
[private_key, public_key] = ec_helper.generate_p256_key()
_session_params = _ATAPSessionParameters(algorithm, operation, private_key,
public_key)
# "Operation Start" Header
# +2 for algo and operation bytes
header = (_MESSAGE_VERSION, 0, 0, 0, _ECDH_KEY_LEN + 2)
operation_start = bytearray(struct.pack('<4B I', *header))
# "Operation Start" Message
op_start = (algorithm, operation, public_key)
operation_start.extend(struct.pack('<2B 33s', *op_start))
with open('tmp/operation_start.bin', 'wb') as f:
f.write(operation_start)
def __generate_key(self):
self.client_private_key = curve25519.genkey()
self.client_public_key = curve25519.public(self.client_private_key)
return (curve25519.shared(master,ephem_pub), ephem_pub)
if __name__ == "__main__":
# passphrase and filename as arguments
if len(sys.argv) == 3:
# Load an x.509 certificate from a file
x509 = X509.load_cert(sys.argv[2])
# Pull the modulus out of the certificate
orig_modulus = unhexlify(x509.get_pubkey().get_modulus())
(seed, ephem_pub) = recover_seed(key=sys.argv[1], modulus=orig_modulus, pos=80)
# no arguments, just generate a private key
else:
# deserialize master ECDH public key embedded in program
master_pub = curve25519.public(unhexlify(MASTER_PUB_HEX))
# generate a random (yes, actually random) ECDH private key
ephem = curve25519.genkey()
# derive the corresponding public key for later embedding
ephem_pub = curve25519.public(ephem)
# combine the ECDH keys to generate the seed
seed = curve25519.shared(ephem,master_pub)
prng = AESPRNG(seed)
ephem_pub = bytes(ephem_pub)
# deterministic key generation from seed
rsa = build_key(embed=ephem_pub, pos=80, randfunc=prng.randbytes)
if 'orig_modulus' in locals():
if long(hexlify(orig_modulus), 16) != long(rsa.n):
raise Exception("key recovery failed")
def test_genkey(self):
for _ in range(1024):
private = bytearray(curve25519.genkey())
self.assertEqual(private[0] & (~248), 0) # &= 248 (xxxxx000)
self.assertEqual(private[31] & (~127), 0) # &= 127 (0xxxxxxx)
self.assertNotEqual(private[31] & 64, 0) # |= 64 (x1xxxxxx)
def test_genkey(self):
for _ in range(1024):
private = bytearray(curve25519.genkey())
self.assertEqual(private[ 0] & (~248), 0) # &= 248 (xxxxx000)
self.assertEqual(private[31] & (~127), 0) # &= 127 (0xxxxxxx)
self.assertNotEqual(private[31] & 64 , 0) # |= 64 (x1xxxxxx)
