def verify(self, m, pair): r = crypturd.bigendian2int(pair[1:ord(pair[0]) + 1]) s = crypturd.bigendian2int(pair[ord(pair[0]) + 1:]) if not (0 < r and r < self.q and 0 < s and s < self.q): return False w = crypturd.modinv(s, self.q) u1 = (crypturd.littleendian2int(self.h(m)) * w) % self.q u2 = (r * w) % self.q v = ((crypturd.modexp(self.g, u1, self.p) * crypturd.modexp(self.y, u2, self.p)) % self.p) % self.q return r == v
def ECDH_calculate_common_secret(pk, secret, curve=Ed25519): # calculate G*a*b as an integer gab = (pk * crypturd.bigendian2int(secret)) # Convert to string common_secret = crypturd.sha.sha256( crypturd.common.int2bigendian(gab.y, 32) + crypturd.common.int2bigendian(gab.x, 32)) return common_secret
def sign_right(msg2, sk): "Sign 2 256-bit values using hash-bash signatures (second part)" msg2 = crypturd.fixed_length_key(msg2, 32) sig = "" M2 = crypturd.bigendian2int(msg2) for i in range(256): zero = sk[i * 64 + 16384:i * 64 + 16416] one = sk[i * 64 + 16416:i * 64 + 16448] if ((1 << i) & M2) > 0: zero = crypturd.sha256(zero) else: one = crypturd.sha256(one) sig += zero + one return sig
def sign_left(msg1, sk): "Sign 2 256-bit values using hash-bash signatures (first part)" msg1 = crypturd.fixed_length_key(msg1, 32) M1 = crypturd.bigendian2int(msg1) sig = "" for i in range(256): zero = sk[i * 64:i * 64 + 32] one = sk[i * 64 + 32:i * 64 + 64] if ((1 << i) & M1) > 0: zero = crypturd.sha256(zero) else: one = crypturd.sha256(one) sig += zero + one return sig
def digest_right(msg2, sig): "verify 2 256-bit values using hash-bash signatures (second part)" msg1 = crypturd.fixed_length_key(msg2, 32) digest2 = "" M2 = crypturd.bigendian2int(msg2) for i in range(256): zero = sig[i * 64 + 16384:i * 64 + 16416] one = sig[i * 64 + 16416:i * 64 + 16448] if ((1 << i) & M2) > 0: one = crypturd.sha256(one) else: zero = crypturd.sha256(zero) digest2 += zero + one return sha256(digest2)
def digest_left(msg1, sig): "verify 2 256-bit values using hash-bash signatures (first part)" msg1 = crypturd.fixed_length_key(msg1, 32) digest1 = "" M1 = crypturd.bigendian2int(msg1) for i in range(256): zero = sig[i * 64:i * 64 + 32] one = sig[i * 64 + 32:i * 64 + 64] if ((1 << i) & M1) > 0: one = crypturd.sha256(one) else: zero = crypturd.sha256(zero) digest1 += zero + one return sha256(digest1)
def decode_tuple(pair): "Decode string into tuple of integers" r = crypturd.bigendian2int(pair[1:ord(pair[0])+1]) s = crypturd.bigendian2int(pair[ord(pair[0])+1:]) return r,s