def Handshake(password, reader, writer):
myPrivateKey = Private()
myNonce = os.urandom(32)
WriteBin(writer, myPrivateKey.get_public().serialize())
WriteBin(writer, myNonce)
theirPublicKey = ReadBin(reader)
theirNonce = ReadBin(reader)
if myNonce == theirNonce:
return None
if theirPublicKey in (b'\x00' * 32, b'\x01' + (b'\x00' * 31)):
return None
theirPublicKey = Public(theirPublicKey)
sharedKey = myPrivateKey.get_shared_key(theirPublicKey)
myProof = ComputeProof(sharedKey, theirNonce + password)
WriteBin(writer, myProof)
theirProof = ReadBin(reader)
if not VerifyProof(sharedKey, myNonce + password, theirProof):
return None
return sharedKey
def test_hashfunc(self):
priv1 = Private(seed=b"abc")
priv2 = Private(seed=b"def")
shared_sha256 = priv1.get_shared_key(priv2.get_public())
e = b"da959ffe77ebeb4757fe5ba310e28ede425ae0d0ff5ec9c884e2d08f311cf5e5"
self.assertEqual(hexlify(shared_sha256), e)
# confirm the hash function remains what we think it is
def myhash(shared_key):
return sha256(b"curve25519-shared:"+shared_key).digest()
shared_myhash = priv1.get_shared_key(priv2.get_public(), myhash)
self.assertEqual(hexlify(shared_myhash), e)
def hexhash(shared_key):
return sha1(shared_key).hexdigest().encode()
shared_hexhash = priv1.get_shared_key(priv2.get_public(), hexhash)
self.assertEqual(shared_hexhash,
b"80eec98222c8edc4324fb9477a3c775ce7c6c93a")
def test_basic(self):
secret1 = b"abcdefghijklmnopqrstuvwxyz123456"
self.assertEqual(len(secret1), 32)
secret2 = b"654321zyxwvutsrqponmlkjihgfedcba"
self.assertEqual(len(secret2), 32)
priv1 = Private(secret=secret1)
pub1 = priv1.get_public()
priv2 = Private(secret=secret2)
pub2 = priv2.get_public()
shared12 = priv1.get_shared_key(pub2)
e = b"b0818125eab42a8ac1af5e8b9b9c15ed2605c2bbe9675de89e5e6e7f442b9598"
self.assertEqual(hexlify(shared12), e)
shared21 = priv2.get_shared_key(pub1)
self.assertEqual(shared12, shared21)
pub2a = Public(pub2.serialize())
shared12a = priv1.get_shared_key(pub2a)
self.assertEqual(hexlify(shared12a), e)
def test_basic(self):
secret1 = b"abcdefghijklmnopqrstuvwxyz123456"
self.assertEqual(len(secret1), 32)
secret2 = b"654321zyxwvutsrqponmlkjihgfedcba"
self.assertEqual(len(secret2), 32)
priv1 = Private(secret=secret1)
pub1 = priv1.get_public()
priv2 = Private(secret=secret2)
pub2 = priv2.get_public()
shared12 = priv1.get_shared_key(pub2)
e = b"b0818125eab42a8ac1af5e8b9b9c15ed2605c2bbe9675de89e5e6e7f442b9598"
self.assertEqual(hexlify(shared12), e)
shared21 = priv2.get_shared_key(pub1)
self.assertEqual(shared12, shared21)
pub2a = Public(pub2.serialize())
shared12a = priv1.get_shared_key(pub2a)
self.assertEqual(hexlify(shared12a), e)
def test_hashfunc(self):
priv1 = Private(seed=b"abc")
priv2 = Private(seed=b"def")
shared_sha256 = priv1.get_shared_key(priv2.get_public())
e = b"da959ffe77ebeb4757fe5ba310e28ede425ae0d0ff5ec9c884e2d08f311cf5e5"
self.assertEqual(hexlify(shared_sha256), e)
# confirm the hash function remains what we think it is
def myhash(shared_key):
return sha256(b"curve25519-shared:" + shared_key).digest()
shared_myhash = priv1.get_shared_key(priv2.get_public(), myhash)
self.assertEqual(hexlify(shared_myhash), e)
def hexhash(shared_key):
return sha1(shared_key).hexdigest().encode()
shared_hexhash = priv1.get_shared_key(priv2.get_public(), hexhash)
self.assertEqual(shared_hexhash,
b"80eec98222c8edc4324fb9477a3c775ce7c6c93a")
return "%d" % s
if s >= 1.0:
return "%.2fs" % s
if s >= 0.01:
return "%dms" % (1000*s)
if s >= 0.001:
return "%.1fms" % (1000*s)
if s >= 0.000001:
return "%.1fus" % (1000000*s)
return "%dns" % (1000000000*s)
def nohash(key): return key
for i in range(count):
p = Private()
start = time()
pub = p.get_public()
elapsed_get_public += time() - start
pub2 = Private().get_public()
start = time()
shared = p.get_shared_key(pub2) #, hashfunc=nohash)
elapsed_get_shared += time() - start
print("get_public: %s" % abbreviate_time(elapsed_get_public / count))
print("get_shared: %s" % abbreviate_time(elapsed_get_shared / count))
# these take about 560us-570us each (with the default compiler settings, -Os)
# on my laptop, same with -O2
# of which the python overhead is about 5us
# and the get_shared_key() hash step adds about 5us
#!/usr/bin/env python3
from curve25519 import Private, Public
from binascii import hexlify
keys = set()
for i in range(30):
myPrivate = Private()
val = int.to_bytes(
325606250916557431795983626356110631294008115727848805560023387167927233504,
32, 'little')
theirPublic = Public(val)
shared = myPrivate.get_shared_key(theirPublic)
print(hexlify(shared))
keys.add(shared)
print("[~] Num of different keys: {}".format(len(keys)))
import sys
import os
from curve25519 import Private, Public
import nacl.secret
import hmac
import hashlib
from pwn import *
context.log_level = 'debug'
sk = Private()
mypk = b'\xed\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f'
pk = Public(mypk)
myshare = sk.get_shared_key(pk)
def getmac(myn):
c = remote('mitm.ctfcompetition.com', 1337)
c.sendline('c')
pk = c.recvline()
n0 = c.recvline()
c.sendline(hexlify(mypk))
c.sendline(myn)
mac = c.recvline()
c.close()
return mac
'''
