Пример #1
0
 def get_data_for_auditor(self, padded_RSA_half, N_ba):
     self.padded_RSA_half = padded_RSA_half        
     self.N = ba2int(N_ba)
     self.data_for_auditor = bi2ba(self.N, fixed=256) + bi2ba(self.P.n, fixed=513) # contains server pubkey N, Paillier pubkey n and P(A), P(A^2), P(A^3) for each round        
     iv = ba2int(self.padded_RSA_half) #initial value (A for the first round)
     N = self.N
     P = self.P
     n_len = self.n_len
     for i in range(8):
         T1 = pow(iv, 4, N)
         #P2 stand for "part of T2"
         P2 = P.encrypt(4*pow(iv, 3, N) % N)
         P3 = P.encrypt(6*pow(iv, 2, N) % N)
         P4 = P.encrypt(4*iv % N)
         #len(K) < len(n_len) because we add K to another n_len-2 value. The sum must not overflow n
         K = randint(2**(n_len-2))
         #prepare iv for next round (L in the paper)
         iv = (T1 - K) % N
         self.data_for_auditor += bi2ba(P2, fixed=1026) + bi2ba(P3, fixed=1026) + bi2ba(P4, fixed=1026)
         self.K_values.append( {'K':K})
     #round 9
     X = iv
     A = ba2int(self.padded_RSA_half)
     PX = P.encrypt(X)
     PA = P.encrypt(A)
     self.data_for_auditor += bi2ba(PX, fixed=1026) + bi2ba(PA, fixed=1026)
     self.X = X
     #we now have 1KB*(3*8+2) ~26 KB worth of data
     return self.data_for_auditor
Пример #2
0
 def get_data_for_auditor(self, padded_RSA_half, N_ba):
     self.padded_RSA_half = padded_RSA_half
     self.N = ba2int(N_ba)
     self.data_for_auditor = bi2ba(self.N, fixed=256) + bi2ba(
         self.P.n, fixed=513
     )  # contains server pubkey N, Paillier pubkey n and P(A), P(A^2), P(A^3) for each round
     iv = ba2int(
         self.padded_RSA_half)  #initial value (A for the first round)
     N = self.N
     P = self.P
     n_len = self.n_len
     for i in range(8):
         T1 = pow(iv, 4, N)
         #P2 stand for "part of T2"
         P2 = P.encrypt(4 * pow(iv, 3, N) % N)
         P3 = P.encrypt(6 * pow(iv, 2, N) % N)
         P4 = P.encrypt(4 * iv % N)
         #len(K) < len(n_len) because we add K to another n_len-2 value. The sum must not overflow n
         K = randint(2**(n_len - 2))
         #prepare iv for next round (L in the paper)
         iv = (T1 - K) % N
         self.data_for_auditor += bi2ba(P2, fixed=1026) + bi2ba(
             P3, fixed=1026) + bi2ba(P4, fixed=1026)
         self.K_values.append({'K': K})
     #round 9
     X = iv
     A = ba2int(self.padded_RSA_half)
     PX = P.encrypt(X)
     PA = P.encrypt(A)
     self.data_for_auditor += bi2ba(PX, fixed=1026) + bi2ba(PA, fixed=1026)
     self.X = X
     #we now have 1KB*(3*8+2) ~26 KB worth of data
     return self.data_for_auditor
Пример #3
0
 def set_enc_second_half_pms(self):
     if not self.server_modulus:
         raise TLSNSSLError("Failed to set enc second half pms")
     ones_length = 103 + ba2int(self.server_mod_length) - 256
     self.pms2 = self.auditor_secret + (
         '\x00' * (24 - self.n_auditor_entropy - 1)) + '\x01'
     self.enc_second_half_pms = pow( ba2int('\x01'+('\x01'*(ones_length))+\
     self.auditor_padding_secret+ ('\x00'*25)+self.pms2), self.server_exponent, self.server_modulus )
Пример #4
0
 def do_ninth_round(self, PSum):
     A = ba2int(self.padded_RSA_half)
     enc_pms = (self.P.decrypt(PSum) + (A * self.X)) % self.N
     return enc_pms 
     
     
         
                    
Пример #5
0
 def __init__(self, padded_RSA_half,
              linkdata):  #the data which auditee passes in the link
     assert len(linkdata) == (256 + 513 + 1026 * (3 * 8 + 2))
     self.paillier_rounds = []
     N_ba = linkdata[:256]
     self.N = ba2int(N_ba)
     pubkey = linkdata[256:256 + 513]
     self.P = Paillier(pubkey=ba2int(pubkey))
     offset = 256 + 513
     self.n_len = 4096 + 8
     for i in range(8):
         d = {}
         d['P2'] = ba2int(linkdata[offset:offset + 1026])
         d['P3'] = ba2int(linkdata[offset + 1026:offset + 2 * 1026])
         d['P4'] = ba2int(linkdata[offset + 2 * 1026:offset + 3 * 1026])
         offset += 3 * 1026
         self.paillier_rounds.append(d)
     #for round 9
     PX = ba2int(linkdata[offset:offset + 1026])
     offset += 1026
     PA = ba2int(linkdata[offset:offset + 1026])
     assert len(linkdata) - offset == 1026
     self.padded_RSA_half = padded_RSA_half  #initial value for each round. B for first round
     self.paillier_rounds.append({'PX': PX, 'PA': PA})
     self.D = 0  #mask from the previous round
Пример #6
0
 def do_ninth_round(self, F):
     N = self.N
     P = self.P
     Y = (F - self.D) % N
     B = ba2int(self.padded_RSA_half)
     p_rounds = self.paillier_rounds
     BY = P.encrypt(B * Y % N)
     BX = P.e_mul_const(p_rounds[8]['PX'], B)
     AY = P.e_mul_const(p_rounds[8]['PA'], Y)
     PSum = P.e_add(P.e_add(BY, BX), AY)
     return PSum
Пример #7
0
 def do_ninth_round(self, F):
     N = self.N
     P = self.P
     Y = (F-self.D) % N
     B = ba2int(self.padded_RSA_half)
     p_rounds = self.paillier_rounds            
     BY = P.encrypt(B*Y % N)
     BX = P.e_mul_const(p_rounds[8]['PX'], B)
     AY = P.e_mul_const(p_rounds[8]['PA'], Y)
     PSum = P.e_add(P.e_add(BY, BX), AY)
     return PSum
Пример #8
0
 def do_round(self, round_no, F):
     assert round_no < 8
     N = self.N
     P = self.P
     n_len = self.n_len
     p_rounds = self.paillier_rounds
     if round_no == 0:
         iv = ba2int(self.padded_RSA_half)
     else:
         iv = (F - self.D) % N
     T2 = P.e_mul_const(p_rounds[round_no]['P2'], iv)
     T3 = P.e_mul_const(p_rounds[round_no]['P3'], pow(iv, 2, N))
     T4 = P.e_mul_const(p_rounds[round_no]['P4'], pow(iv, 3, N))
     T5 = P.encrypt(pow(iv, 4, N))
     TSum = P.e_add(P.e_add(P.e_add(T2, T3), T4), T5)
     #apply mask D
     self.D = randint(2**(n_len - 2))
     E = P.e_add(TSum, P.encrypt(self.D))
     return E
Пример #9
0
 def do_round(self, round_no, F):
     assert round_no < 8
     N = self.N
     P = self.P
     n_len = self.n_len
     p_rounds = self.paillier_rounds
     if round_no == 0:
         iv = ba2int(self.padded_RSA_half)
     else:
         iv = (F-self.D) % N               
     T2 = P.e_mul_const(p_rounds[round_no]['P2'], iv )
     T3 = P.e_mul_const(p_rounds[round_no]['P3'], pow(iv, 2, N) )
     T4 = P.e_mul_const(p_rounds[round_no]['P4'], pow(iv, 3, N) )
     T5 = P.encrypt( pow(iv, 4, N) )        
     TSum = P.e_add(P.e_add(P.e_add(T2, T3), T4), T5)       
     #apply mask D
     self.D = randint(2**(n_len-2))
     E = P.e_add(TSum, P.encrypt(self.D))
     return E
Пример #10
0
 def __init__(self, padded_RSA_half, linkdata): #the data which auditee passes in the link
     assert len(linkdata) == (256+513+1026*(3*8+2))
     self.paillier_rounds = []
     N_ba = linkdata[:256]
     self.N = ba2int(N_ba)
     pubkey = linkdata[256:256+513]
     self.P = Paillier(pubkey=ba2int(pubkey))        
     offset = 256+513
     self.n_len = 4096+8        
     for i in range(8):
         d = {}
         d['P2'] = ba2int(linkdata[offset:offset+1026])
         d['P3'] = ba2int(linkdata[offset+1026:offset+2*1026])
         d['P4'] = ba2int(linkdata[offset+2*1026:offset+3*1026])
         offset += 3*1026
         self.paillier_rounds.append(d)
     #for round 9
     PX = ba2int(linkdata[offset:offset+1026])
     offset += 1026
     PA = ba2int(linkdata[offset:offset+1026])
     assert len(linkdata)-offset == 1026
     self.padded_RSA_half = padded_RSA_half #initial value for each round. B for first round
     self.paillier_rounds.append( {'PX':PX, 'PA':PA} )
     self.D = 0 #mask from the previous round        
Пример #11
0
 def do_ninth_round(self, PSum):
     A = ba2int(self.padded_RSA_half)
     enc_pms = (self.P.decrypt(PSum) + (A * self.X)) % self.N
     return enc_pms