def processTLSpacket(self,pkt):
mtls=TLS(pkt)
if scapy_ssl_tls.ssl_tls.TLSServerHello in mtls:
self.serverrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSServerHello])[2:34]
print 'Server Random Found'
if scapy_ssl_tls.ssl_tls.TLSClientHello in mtls:
self.clientrandom= str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[2:34]
#mtls[scapy_ssl_tls.ssl_tls.TLSClientHello].show2()
#print [ord(i) for i in str(mtls[scapy_ssl_tls.ssl_tls.TLSClientHello])[:40]]
print [ord(i) for i in self.clientrandom]
print 'Client Random Found'
if scapy_ssl_tls.ssl_tls.TLSServerKeyExchange in mtls:
server_kex = mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange]
a = server_kex[scapy_ssl_tls.ssl_tls.TLSServerECDHParams]
point = scapy_ssl_tls.ssl_tls_keystore.ansi_str_to_point(a.p)
self.serverpub=a.p
curve = ec_reg.get_curve('secp256r1')
scapy_ssl_tls.ssl_tls_keystore.ECDHKeyStore(curve, ec.Point(curve, *point))
# PREMASTER KEY
ec_curve = ec_reg.get_curve('secp256r1')
server_keypair = ec.Keypair(ec_curve, pub= str_to_ec_point(self.serverpub,ec_curve))
client_keypair=pickle.load(open('/home/gabriel/waterfall/decoy/scapy_ssl_tls/clientpriv'))
secret_point = ec.ECDH(client_keypair).get_secret(server_keypair)
mk = int_to_str(secret_point.x) # masalan premaster key
sec_params = scapy_ssl_tls.ssl_tls_crypto.TLSSecurityParameters.from_pre_master_secret(self.prf, scapy_ssl_tls.ssl_tls.TLSCipherSuite.ECDHE_RSA_WITH_AES_128_GCM_SHA256,
mk, self.clientrandom,
self.serverrandom)
sym_keystore = sec_params.server_keystore
# print("SYYYYYN JEEEEEET", sym_keystore.key)
self.server_write_key = sym_keystore.key
self.server_write_iv = sym_keystore.iv
self.candecrypt = True
# ecdh=scapy_ssl_tls.ssl_tls.TLSServerECDHParams(str(mtls[scapy_ssl_tls.ssl_tls.TLSServerKeyExchange]))
# self.serverpub=ecdh.p
# print 'server public Found'
# self.driveKeys()
if self.candecrypt:
# print 'decrypting '
# mtls.show2()
if scapy_ssl_tls.ssl_tls.TLSCiphertext in mtls:
# print 'decryptable'
plain=self.decrypt(mtls[scapy_ssl_tls.ssl_tls.TLSCiphertext].data)
if mtls.records[0].content_type==23:
self.startreplace=True
#print plain[:60]
self.addHTTPpacket(plain)
def test_scrypt():
A_curve = getCurve(5)
A_pri = getPri(A_curve)
A_pub = getPub(A_pri, A_curve)
B_curve = getCurve(5)
B_pri = getPri(B_curve)
B_pub = getPub(B_pri, B_curve)
A_sym = getShairKey(A_pri, B_pub)
B_sym = getShairKey(B_pri, A_pub)
A_Parts = ( A_pub.curve.name, A_pub.x, A_pub.y )
print(A_Parts)
p1 = ec.Point( registry.get_curve(A_Parts[0]), A_Parts[1], A_Parts[2] )
P_sym = getShairKey(B_pri, p1)
#print(f'P is {p1}')
#print(f'A_sym:', compress(A_sym))
#print(f'B_sym:', compress(B_sym))
#print(f'P_sym:', compress(P_sym))
print("Are eq:", A_sym == B_sym)
print(f'p1 is a sutable replacement:{A_sym == P_sym}')
def __init__(self, curve='brainpoolP160r1', hash=hashlib.sha1, private_key=None, public_key=None):
self._curve = registry.get_curve(curve)
self._bytes = (int(math.log(self._curve.field.p, 2)) + 7) / 8
self._bits = self._bytes * 8
self._hash = hash
if not self._hash().block_size >= self._bytes:
raise ValueError('Incompatible hash function')
if private_key:
self._private_key = self._from_bytes(base64.decodestring(private_key))
else:
self._private_key = None
if private_key and not public_key:
self._public_key = self._curve.g * self._private_key
elif public_key:
self._public_key = self._osp2ec(base64.decodestring(public_key))
else:
self._public_key = None
self._kex_shared_key = None
self._kex_public_key = None
self._kex_private_key = None
if self._public_key:
self._public_key_digest = self._mgf2(self._ec2osp(self._public_key), AES.block_size)
else:
self._public_key_digest = None
self._cached_kex_request = None
self._cached_kex_response = None
def decrypt_key(pkey):
privKey = int(pkey)
curve = registry.get_curve('brainpoolP256r1')
g = curve.g
(ciphertextPubKey) = compute_public_ciphertext(g)
decryptKey = ecc_calc_decryption_key(privKey, ciphertextPubKey)
return compress_point(decryptKey)
def getSharedKey(sock, destinationIP, destinationPort, debug=False):
curve = registry.get_curve('brainpoolP256r1')
privKey = secrets.randbelow(curve.field.n)
pubKey = privKey * curve.g
print("My private key {} {}:".format(privKey, type(privKey)))
# Now exchange the public keys (e.g. through Internet)
if not debug:
sock.sendto(("[Key]" + pubKey).encode(),
(destinationIP, destinationPort))
data = sock.recvfrom(4096)
decodedMessage = data.decode()
pairPubKey = decodedMessage
else:
pairPrivKey = secrets.randbelow(curve.field.n)
pairPubKey = pairPrivKey * curve.g
mySharedKey = privKey * pairPubKey
print(
"My shared key to {} {}:".format(compress(mySharedKey),
destinationPort),
compress(mySharedKey))
if debug:
pairSharedKey = pairPrivKey * pubKey
print(
"Pair shared key to {} {}:".format(destinationIP, destinationPort),
compress(mySharedKey))
assert mySharedKey == pairSharedKey
return compress(mySharedKey)
def __init__(self,
curve='brainpoolP160r1',
hash=None,
private_key=None,
public_key=None):
if not hash:
if '160' in curve:
hash = SHA1
elif '224' in curve:
hash = SHA3_256
elif '256' in curve:
hash = SHA3_256
elif '384' in curve:
hash = SHA3_512
elif '521' in curve:
hash = SHA3_512
else:
raise ValueError('Appropriate hash should be specified')
self._curve = registry.get_curve(curve)
self._bytes = (int(math.log(self._curve.field.p, 2)) + 7) / 8
self._bits = self._bytes * 8
self._hash = hash
# Check that hash is properly initialized
self._hash.new()
try:
self._mgf_size = self._hash.new().block_size
except AttributeError:
self._mgf_size = self._hash.digest_size
if not self._mgf_size >= self._bytes:
raise ValueError('Incompatible hash function')
if private_key:
self._private_key = self._from_bytes(
base64.decodestring(private_key))
else:
self._private_key = None
if private_key and not public_key:
self._public_key = self._curve.g * self._private_key
elif public_key:
self._public_key = self._osp2ec(base64.decodestring(public_key))
else:
self._public_key = None
self._kex_shared_key = None
self._kex_public_key = None
self._kex_private_key = None
if self._public_key:
self._public_key_digest = self._mgf2(
self._ec2osp(self._public_key), AES.block_size)
else:
self._public_key_digest = None
self._cached_kex_request = None
self._cached_kex_response = None
def test_when_valid_curve_name_is_provided_then_curve_object_is_built(
self):
curve_name = "brainpoolP160r1"
curve = reg.get_curve(curve_name)
self.assertIsInstance(curve, ec.Curve)
self.assertEqual(curve_name, curve.name)
self.assertEqual(reg.EC_CURVE_REGISTRY[curve_name]["n"], curve.field.n)
def main():
""" Crypt&Decrypt message using ECC & AES """
curve = registry.get_curve('brainpoolP256r1')
msg = input("Podaj wiadomość: ")
msg = msg.encode('utf-8')
print("Oryginalna wiadomość:", msg.decode("ISO-8859-1").rstrip('\0'))
privKey = secrets.randbelow(curve.field.n)
pubKey = privKey * curve.g
starttime = timeit.default_timer()
encryptedMsg = encrypt_ECC(msg, pubKey, curve)
encryptedMsgObj = {
'ciphertext': binascii.hexlify(encryptedMsg[0]),
'nonce': binascii.hexlify(encryptedMsg[1]),
'authTag': binascii.hexlify(encryptedMsg[2]),
'ciphertextPubKey':
hex(encryptedMsg[3].x) + hex(encryptedMsg[3].y % 2)[2:]
}
print("Czas szyfrowania używając ECC: ",
timeit.default_timer() - starttime, "s")
starttime = timeit.default_timer()
decryptedMsg = decrypt_ECC(encryptedMsg, privKey)
print("Czas odszyfrowania ECC: ", timeit.default_timer() - starttime, "s")
print("Zaszyfrowana wiadomość:", encryptedMsgObj)
print("Odszyfrowana wiadomość:",
decryptedMsg.decode("ISO-8859-1").rstrip('\0'))
def readPublicKey(init_file):
FileCredibility.fullStop(init_file)
with open(init_file, 'r') as out:
content = out.readline().replace('[', '').replace(']', '').split(',')
return ec.Point(registry.get_curve(content[0]), int(content[1]),
int(content[2]))
def get_encrypted_key():
curve = registry.get_curve('brainpoolP256r1')
privKey = secrets.randbelow(curve.field.n)
g = curve.g
pubKey = privKey * g
(encryptKey, ciphertextPubKey) = ecc_calc_encryption_keys(pubKey, curve)
return (privKey, compress_point(encryptKey))
def generatePrivateKey(curve_name='secp192r1'):
"""
Generates an ECC private key in the specified curve.
:param curve_name: Name of the elliptic curve employed.
:return: Private EC key.
"""
curve = reg.get_curve(curve_name)
privKey = secrets.randbelow(curve.field.n)
return toHex(privKey)
def hashToPoint(input, curve_name='secp192r1'):
"""
A hash function that returns a point of the curve
:param input: A point of an elliptic curve.
:param curve_name: Name of the elliptic curve employed.
:return: A point on the curve.
"""
curve = reg.get_curve(curve_name)
scalar = hashToScalar(str(input), curve_name)
return scalar * curve.g
def generateKeyPair(curve_name='secp192r1') -> object:
"""
Generates an ECC private and public key in the specified curve.
:param curve_name: Name of the elliptic curve employed.
:return: A tuple of private and public EC keys
"""
curve = reg.get_curve(curve_name)
privKey = secrets.randbelow(curve.field.n)
pubKey = privKey * curve.g
return privKey, pubKey
def generatePublicKey(curve_name='secp192r1'):
"""
Generates an ECC public key in the specified curve.
:param curve_name: Name of the elliptic curve employed.
:return: A public EC key (EC Point)
"""
curve = reg.get_curve(curve_name)
privKey = secrets.randbelow(curve.field.n)
pubKey = privKey * curve.g
return toStandardFormat(pubKey)
def Elliptic_crypto():
curve = registry.get_curve('secp256r1') #standard elliptic curves
privkey = secrets.randbelow(curve.field.n)
f = curve.g
m = f.y + f.x
pubkey = privkey * m
privkey = str(privkey)
pubkeycomp = str(pubkey) #public key compression
return (privkey, pubkeycomp)
def ECDHE(self, server_pubkey, curve_type_byte):
curve_type_str = analyze_dict(
curve_type_byte, Define().define_named_curve)
curve = registry.get_curve(curve_type_str)
self.privkey = secrets.randbelow(curve.field.n)
self.pubkey = self.privkey * curve.g
self.sharekey = self.privkey * server_pubkey
def hashToScalar(input, curve_name='secp192r1'):
"""
Given an input, returns an element in the field defined by the curve.
:param input: Any hashable input.
:param curve_name: Name of the elliptic curve employed.
:return: A number in the finite field defined by the curve.
"""
curve = reg.get_curve(curve_name)
p = curve.field.p
if isinstance(input, str):
input = input.encode('utf-8')
return fromHexToInt(hashlib.sha3_256(input).hexdigest()) % p
def decompressPoint(point, curve_name='secp192r1'):
"""
Takes a compressed point of the form (x, even/odd)
:param point: Compressed point in the form (x, even/odd)
:param curve_name: Name of the elliptic curve employed.
:return: EC Point
"""
curve = reg.get_curve(curve_name)
p = curve.field.p
y = sqrtmod(pow(point.x, 3, p) + curve.a * point.x + curve.b, p)
if point.y:
return ec.Point(curve, point.x, y)
else:
return ec.Point(curve, point.x, p - y)
def ECDHE_Key_Point(self, rfc5480_pubkey, curve_type_byte):
curve_type_str = analyze_dict(
curve_type_byte, Define().define_named_curve)
curve_type = registry.get_curve(curve_type_str)
x_byte = rfc5480_pubkey[1:33]
x = int.from_bytes(x_byte, 'big')
y_byte = rfc5480_pubkey[33:65]
y = int.from_bytes(y_byte, 'big')
pubkey = ec.Point(curve_type, x, y)
return pubkey
def generateKeys():
global curve
global server_private_key
global server_public_key
print("generateKeys --> Init")
curve = reg.get_curve('secp256r1')
#Generating Server private
server_private_key = secrets.randbelow(curve.field.n)
#server_private_key = 1 # Prueba con key harcodeada
#print("Z(p): ", curve.field.n)
print("generateKeys --> Server private key: ", server_private_key)
# Generate Server publickey from the private key and Generator point
server_public_key = server_private_key * curve.g
print("generateKeys --> Server public key: ", server_public_key, "type: ",
type(server_public_key))
def test_client_ecdh_parameters_generation_matches_fixed_data(self):
tls_ctx = tlsc.TLSSessionCtx()
secp256r1 = reg.get_curve("secp256r1")
public = ec.Point(secp256r1, 71312736565121892539464098105317518227531978702333415386264829982789952731614,
108064706642599821618918248475955325719985341096102200103424860263181813987462)
tls_ctx.server_ctx.kex_keystore = tlsk.ECDHKeyStore(secp256r1, public)
client_privkey = 15320484772785058360598040144348894600917526501829289880527760633524785596585
client_keys = ec.Keypair(secp256r1, client_privkey)
client_pubkey = tls_ctx.get_client_ecdh_pubkey(client_privkey)
self.assertTrue(client_pubkey.startswith("\x04"))
self.assertEqual("\x04%s%s" % (tlsc.int_to_str(client_keys.pub.x), tlsc.int_to_str(client_keys.pub.y)),
client_pubkey)
self.assertEqual(client_keys.pub, tls_ctx.client_ctx.kex_keystore.public)
self.assertEqual("'(\x17\x94l\xd7AO\x03\xd4Fi\x05}mP\x1aX5C7\xf0_\xa9\xb0\xac\xba{r\x1f\x12\x8f",
tls_ctx.premaster_secret)
def __init__(self, curve="brainpoolP256r1"):
if curve is "" or curve is None:
self.curve = "brainpoolP256r1"
curve_options = [
"brainpoolP160r1", "brainpoolP192r1", "brainpoolP224r1",
"brainpoolP256r1", "brainpoolP320r1", "brainpoolP384r1",
"brainpoolP512r1", "secp192r1", "secp224r1", "secp256r1",
"secp384r1", "secp521r1"
]
if curve in curve_options:
self.curve = registry.get_curve(curve)
else:
raise Exception("the specified curve is unknown", curve)
def driveKeys(self):
#pk= ec.generate_private_key(ec.SECP256R1, backend)
ec_curve = ec_reg.get_curve('secp256r1')
server_keypair = ec.Keypair(ec_curve, pub= str_to_ec_point(self.serverpub,ec_curve))
client_keypair=pickle.load(open('clientpriv'))
secret_point = ec.ECDH(client_keypair).get_secret(server_keypair)
mk = int_to_str(secret_point.x)
pshare=self.prf.get_bytes(mk,'master secret',self.clientrandom+self.serverrandom,num_bytes=48)
target_len=128
blockkey=self.prf.get_bytes(pshare,'key expansion',self.serverrandom+self.clientrandom,num_bytes=target_len)
print [ord(i) for i in blockkey]
i = 0
self.client_write_MAC_key = blockkey[i:i+self.mac_key_length]
i += self.mac_key_length
self.server_write_MAC_key = blockkey[i:i+self.mac_key_length]
i += self.mac_key_length
self.client_write_key = blockkey[i:i+self.cipher_key_length]
i += self.cipher_key_length
self.server_write_key = blockkey[i:i+self.cipher_key_length]
i += self.cipher_key_length
self.client_write_IV = blockkey[i:i+self.iv_length]
i += self.iv_length
self.server_write_IV = blockkey[i:i+self.iv_length]
i += self.iv_length
self.httpcarry=''
self.initDecryptor()
#print [ord(i) for i in self.clientrandom]
#print [ord(i) for i in self.serverrandom]
#print [ord(i) for i in self.ivkey]
print 'Keys are in place'
def main():
err = 0
if len(sys.argv) > 2:
server = (sys.argv[1], int(sys.argv[2]))
else:
server = ("127.0.0.1", 8443)
# TODO: encapsulate this into a nicer interface
nist256 = ec_reg.get_curve(TLS_SUPPORTED_GROUPS[TLSSupportedGroup.SECP256R1])
keypair = ec.make_keypair(nist256)
ec_pub = tlsk.point_to_ansi_str(keypair.pub)
draft_version = 18
ciphers = [TLSCipherSuite.TLS_AES_256_GCM_SHA384, TLSCipherSuite.TLS_AES_128_GCM_SHA256]
key_share = TLSExtension() / TLSExtKeyShare() / TLSClientHelloKeyShare(client_shares=[TLSKeyShareEntry(named_group=TLSSupportedGroup.SECP256R1,
key_exchange=ec_pub)])
named_groups = TLSExtension() / TLSExtSupportedGroups(named_group_list=[TLSSupportedGroup.SECP256R1,
TLSSupportedGroup.SECP384R1,
TLSSupportedGroup.SECP521R1])
extensions = [TLSExtension() / TLSExtServerNameIndication(server_names=TLSServerName(data=server[0])),
TLSExtension() / TLSExtRenegotiationInfo(),
named_groups,
TLSExtension() / TLSExtECPointsFormat(),
TLSExtension(type=TLSExtensionType.SESSIONTICKET_TLS),
TLSExtension() / TLSExtALPN(),
TLSExtension(type=TLSExtensionType.SIGNED_CERTIFICATE_TIMESTAMP),
key_share,
TLSExtension() / TLSExtSupportedVersions(versions=[tls_draft_version(draft_version)]),
TLSExtension() / TLSExtSignatureAlgorithms()]
with TLSSocket(client=True) as tls_socket:
tls_socket.tls_ctx.client_ctx.shares.append(tlsk.ECDHKeyStore.from_keypair(nist256, keypair))
tls_socket.connect(server)
try:
pkt = TLSRecord() / TLSHandshakes(handshakes=[TLSHandshake() / TLSClientHello(cipher_suites=ciphers, extensions=extensions)])
r = tls_socket.do_round_trip(pkt)
r.show()
r = tls_socket.do_round_trip(TLSHandshakes(handshakes=[TLSHandshake() / TLSFinished(data=tls_socket.tls_ctx.get_verify_data())]), recv=False)
r = tls_socket.do_round_trip(TLSPlaintext("GET / HTTP/1.1\r\nHOST: localhost\r\n\r\n"))
r.show()
except TLSProtocolError as tpe:
print(tpe)
tpe.response.show()
err +=1
finally:
print(tls_socket.tls_ctx)
return err
def init_curve(self):
self.curve = registry.get_curve('brainpoolP256r1')
if os.path.exists(KEY_FILE):
key_file = open(KEY_FILE, 'rb')
keys = pickle.load(key_file)
self.pubKey = keys[0]
self.privKey = keys[1]
else:
self.privKey = secrets.randbelow(self.curve.field.n)
self.pubKey = self.privKey * self.curve.g
keys = [self.pubKey, self.privKey]
key_file = open(KEY_FILE, 'wb')
pickle.dump(keys, key_file)
def test_client_ecdh_parameters_generation_matches_fixed_data(self):
tls_ctx = tlsc.TLSSessionCtx()
tls_ctx.crypto.server.ecdh.curve_name = "secp256r1"
secp256r1 = reg.get_curve(tls_ctx.crypto.server.ecdh.curve_name)
tls_ctx.crypto.server.ecdh.pub = ec.Point(
secp256r1,
71312736565121892539464098105317518227531978702333415386264829982789952731614L,
108064706642599821618918248475955325719985341096102200103424860263181813987462L)
client_privkey = 15320484772785058360598040144348894600917526501829289880527760633524785596585L
client_keys = ec.Keypair(secp256r1, client_privkey)
client_pubkey = tls_ctx.get_client_ecdh_pubkey(client_privkey)
self.assertTrue(client_pubkey.startswith("\x04"))
self.assertEqual("\x04%s%s" % (tlsc.int_to_str(client_keys.pub.x), tlsc.int_to_str(client_keys.pub.y)),
client_pubkey)
self.assertEqual(client_keys.pub, tls_ctx.crypto.client.ecdh.pub)
self.assertEqual("'(\x17\x94l\xd7AO\x03\xd4Fi\x05}mP\x1aX5C7\xf0_\xa9\xb0\xac\xba{r\x1f\x12\x8f",
tls_ctx.crypto.session.premaster_secret)
def tls_group_to_keystore(named_group_id, point_str):
import scapy_ssl_tls.ssl_tls as tls
try:
point = ansi_str_to_point(point_str)
named_group_name = tls.TLS_SUPPORTED_GROUPS[named_group_id]
# Unknown curve case. Just record raw values, but do nothing with them
except KeyError:
keystore = ECDHKeyStore(None, point)
warnings.warn("Unknown TLS defined group id: %d" % named_group_id)
# We are on a known group
else:
try:
group = ec_reg.get_curve(named_group_name)
keystore = ECDHKeyStore(group, ec.Point(group, *point))
except ValueError:
keystore = ECDHKeyStore(None, point)
warnings.warn("Unsupported TinyEC group: %s" % named_group_name)
return keystore
def tls_group_to_keystore(named_group_id, point_str):
import scapy_ssl_tls.ssl_tls as tls
try:
point = ansi_str_to_point(point_str)
named_group_name = tls.TLS_SUPPORTED_GROUPS[named_group_id]
# Unknown curve case. Just record raw values, but do nothing with them
except KeyError:
keystore = ECDHKeyStore(None, point)
warnings.warn("Unknown TLS defined group id: %d" % named_group_id)
# We are on a known group
else:
try:
group = ec_reg.get_curve(named_group_name)
keystore = ECDHKeyStore(group, ec.Point(group, *point))
except ValueError:
keystore = ECDHKeyStore(None, point)
warnings.warn("Unsupported TinyEC group: %s" % named_group_name)
return keystore
def test():
curve = registry.get_curve("secp521r1") # get rand curve
alicePrivKey = secrets.randbelow(curve.field.n)
alicePubKey = alicePrivKey * curve.g
print("Alice public key:", compress(alicePubKey))
bobPrivKey = secrets.randbelow(curve.field.n)
bobPubKey = bobPrivKey * curve.g
print("Bob public key:", compress(bobPubKey))
print("Now exchange the public keys (e.g. through Internet)")
aliceSharedKey = alicePrivKey * bobPubKey
print("Alice shared key:", compress(aliceSharedKey))
bobSharedKey = bobPrivKey * alicePubKey
print("Bob shared key:", compress(bobSharedKey))
print("Equal shared keys:", aliceSharedKey == bobSharedKey)
def verify(keys, key_image, seed, random_numbers, used_keys=None, message='I voted for Kodos', curve_name='secp192r1'):
"""
:param keys: List of public keys used in the signature.
:param key_image: Key Image of the signer's private key.
:param seed: Initial seed of the ring.
:param random_numbers: List of random numbers employed in the signature.
:param used_keys: Keys used in previous signatures.
:param message: Message to sign.
:param curve_name: Name of the elliptic curve employed.
:return:
"""
# If the key_image was already used the signature is not valid
if key_image in used_keys:
return False
# Curve parameters
curve = reg.get_curve(curve_name)
# Ring signature parameters
n_keys = len(keys)
L = [0] * n_keys
R = [0] * n_keys
c = [0] * n_keys
c[0] = seed # Introduce seed
# Compute first element of the signature
L[0] = random_numbers[0] * curve.g + c[0] * keys[0]
R[0] = random_numbers[0] * utils.hashToPoint(keys[0]) + c[0] * key_image
c[1] = utils.hashToScalar(str((message, L[0], R[0])), curve_name)
# Compute the rest of the ring elements
i = 1
while i < n_keys:
L[i] = random_numbers[i] * curve.g + c[i] * keys[i]
R[i] = random_numbers[i] * utils.hashToPoint(keys[i]) + c[i] * key_image
c[((i + 1) % n_keys)] = utils.hashToScalar(str((message, L[i], R[i])), curve_name)
i = i + 1
# Compute final element
return seed == c[0]
def sign(keys, signer_index, signer_private, message='I voted for Kodos', curve_name='secp192r1'):
"""
:param keys: List of public keys used in the signature.
:param signer_index: Index of the real signer in the public keys
:param signer_private: Signer's private key.
:param message: Message to sign.
:param curve_name: Name of the elliptic curve employed.
:return:
"""
# Curve parameters
curve = reg.get_curve(curve_name)
prime_field = curve.field.p
# Ring signature parameters
n_keys = len(keys)
random_numbers = [secrets.randbelow(prime_field) for i in range(n_keys)]
alpha = secrets.randbelow(prime_field)
L = [0] * n_keys
R = [0] * n_keys
c = [0] * n_keys
# Compute first element of the ring
key_image = signer_private * utils.hashToPoint(keys[signer_index])
L[signer_index] = alpha * curve.g
R[signer_index] = alpha * utils.hashToPoint(keys[signer_index])
c[(signer_index + 1) % n_keys] = utils.hashToScalar(str((message, L[signer_index], R[signer_index])), curve_name)
# Iterate for the rest of elements
i = (signer_index + 1) % n_keys
while i != signer_index:
L[i] = random_numbers[i] * curve.g + c[i] * keys[i]
R[i] = random_numbers[i] * utils.hashToPoint(keys[i]) + c[i] * key_image
c[(i + 1) % n_keys] = utils.hashToScalar(str((message, L[i], R[i])), curve_name)
i = (i + 1) % n_keys
# Close the ring
random_numbers[signer_index] = alpha - c[signer_index] * signer_private
return keys, key_image, c[0], random_numbers
def ecdh(curve_name):
# generate keys
begin = time.time()
curve = reg.get_curve(curve_name)
alice_sk = secrets.randbelow(curve.field.n)
alice_pk = alice_sk * curve.g
bob_sk = secrets.randbelow(curve.field.n)
bob_pk = bob_sk * curve.g
# key exchange
alice_ss = alice_sk * bob_pk
bob_ss = bob_sk * alice_pk
end = time.time() - begin
# check if shared secrets are equal
if (alice_ss != bob_ss):
print("Something went wrong!")
return 0
return end
def __init__(self,
curve='brainpoolP160r1',
hash=hashlib.sha1,
private_key=None,
public_key=None):
self._curve = registry.get_curve(curve)
self._bytes = (int(math.log(self._curve.field.p, 2)) + 7) / 8
self._bits = self._bytes * 8
self._hash = hash
if not self._hash().block_size >= self._bytes:
raise ValueError('Incompatible hash function')
if private_key:
self._private_key = self._from_bytes(
base64.decodestring(private_key))
else:
self._private_key = None
if private_key and not public_key:
self._public_key = self._curve.g * self._private_key
elif public_key:
self._public_key = self._osp2ec(base64.decodestring(public_key))
else:
self._public_key = None
self._kex_shared_key = None
self._kex_public_key = None
self._kex_private_key = None
if self._public_key:
self._public_key_digest = self._mgf2(
self._ec2osp(self._public_key), AES.block_size)
else:
self._public_key_digest = None
self._cached_kex_request = None
self._cached_kex_response = None
def encrypt_AES_GCM(msg, secretKey):
aesCipher = AES.new(secretKey, AES.MODE_GCM)
ciphertext, authTag = aesCipher.encrypt_and_digest(msg)
return (ciphertext, aesCipher.nonce, authTag)
def decrypt_AES_GCM(ciphertext, nonce, authTag, secretKey):
aesCipher = AES.new(secretKey, AES.MODE_GCM, nonce)
plaintext = aesCipher.decrypt_and_verify(ciphertext, authTag)
return plaintext
def ecc_point_to_256_bit_key(point):
sha = hashlib.sha256(int.to_bytes(point.x, 32, 'big'))
sha.update(int.to_bytes(point.y, 32, 'big'))
return sha.digest()
curve = registry.get_curve('brainpoolP256r1')
def encrypt_ECC(msg, pubKey):
ciphertextPrivKey = secrets.randbelow(curve.field.n)
sharedECCKey = ciphertextPrivKey * pubKey
secretKey = ecc_point_to_256_bit_key(sharedECCKey)
ciphertext, nonce, authTag = encrypt_AES_GCM(msg, secretKey)
ciphertextPubKey = ciphertextPrivKey * curve.g
return (ciphertext, nonce, authTag, ciphertextPubKey)
def decrypt_ECC(encryptedMsg, privKey):
(ciphertext, nonce, authTag, ciphertextPubKey) = encryptedMsg
sharedECCKey = privKey * ciphertextPubKey
secretKey = ecc_point_to_256_bit_key(sharedECCKey)
plaintext = decrypt_AES_GCM(ciphertext, nonce, authTag, secretKey)
return plaintext
def test_when_invalid_curve_name_is_provided_then_exception_is_raised(self):
with self.assertRaises(ValueError):
reg.get_curve("abcd")
def setUp(self):
self.field = ec.SubGroup(23, (1, 2), 5, 1)
self.curve = reg.get_curve("brainpoolP384r1")
super(TestCurve, self).setUp()
def setUp(self):
self.curve = reg.get_curve("secp384r1")
super(TestECDH, self).setUp()
def setUp(self):
self.curve = reg.get_curve("brainpoolP160r1")
super(TestKeyPair, self).setUp()
def test_when_valid_curve_name_is_provided_then_curve_object_is_built(self):
curve_name = "brainpoolP160r1"
curve = reg.get_curve(curve_name)
self.assertIsInstance(curve, ec.Curve)
self.assertEqual(curve_name, curve.name)
self.assertEqual(reg.EC_CURVE_REGISTRY[curve_name]["n"], curve.field.n)
