def testLongTermKeys(self):
params = DefaultParams
lts1 = LongTermSecretKey(params)
ltp1 = lts1.getPublicKey()
lts2 = LongTermSecretKey.unserialize(params, lts1.serialize())
ltp2 = LongTermPublicKey.unserialize(params, ltp1.serialize())
assert getMod(lts2.getX()) == params.q
assert getMod(ltp2.getY()) == params.p
assert lts1.getX() == lts2.getX()
assert ltp1.getY() == ltp2.getY()
assert lts1 == lts2
assert ltp1 == ltp2
msg1 = 'msg1'
msg2 = 'msg2'
signer1 = lts1.getSigner()
signer2 = lts2.getSigner()
sig1 = signer1.sign(msg1)
sig2 = signer2.sign(msg2)
assert ltp1.getVerifier(sig1).verify(msg1) == True
assert ltp1.getVerifier(sig2).verify(msg2) == True
assert ltp2.getVerifier(sig1).verify(msg1) == True
assert ltp2.getVerifier(sig2).verify(msg2) == True
def __eq__(self, other):
return isinstance(other, self.__class__) and\
self.ltp == other.ltp and\
self.stp == other.stp and\
getMod(self.r) == getMod(other.r) and\
self.r == other.r and\
self.kgcPk == other.kgcPk and\
self.params == other.params
def __eq__(self, other):
return isinstance(other, self.__class__) and\
getMod(self.k_c) == getMod(other.k_c) and\
self.k_c == other.k_c and\
getMod(self.s) == getMod(other.s) and\
self.s == other.s and\
self.lts == other.lts and\
self.sts == other.sts and\
self.params == other.params
def __eq__(self, other):
return isinstance(other, self.__class__) and\
self.group.p == other.group.p and\
self.group.q == other.group.q and\
self.group.r == other.group.r and\
self.p == other.p and\
self.q == other.q and\
getMod(self.g) == getMod(other.g) and\
self.g == other.g
def __init__(self, params, lts, sts, k_c, s):
assert isinstance(params, Params)
assert isinstance(lts, LongTermSecretKey)
assert isinstance(sts, ShortTermSecretKey)
assert getMod(s) == params.q
assert getMod(k_c) == params.q
self.lts = lts
self.sts = sts
self.params = params
self.k_c = k_c
self.s = s # this is just the s from the (r,s) SchnorrSignature
def testSchnorrSig(self):
sk = LongTermSecretKey(DefaultParams)
signer = sk.getSigner()
sig = signer.sign('some random message')
s = sig.serialize()
sig2 = SchnorrSignature.unserialize(s)
assert getMod(sig.getR()) == getMod(sig2.getR())
assert getMod(sig.getS()) == getMod(sig2.getS())
assert sig2.getR() == sig.getR()
assert sig2.getS() == sig.getS()
assert sig == sig2
def testShortTermKeys(self):
params = DefaultParams
sts1 = ShortTermSecretKey(params)
stp1 = sts1.getPublicKey()
sts2 = ShortTermSecretKey.unserialize(params, sts1.serialize())
stp2 = ShortTermPublicKey.unserialize(params, stp1.serialize())
assert getMod(sts2.getT()) == params.q
assert getMod(stp2.getU()) == params.p
assert sts1.getT() == sts2.getT()
assert stp1.getU() == stp2.getU()
assert stp1 == stp2
assert sts1 == sts2
def sign(self, m):
e = self.params.groupHash(m, self.r_hashed)
q = self.params.q
k = self.k
x = self.lts.getX()
assert getMod(k) == q
assert getMod(x) == q
assert getMod(e) == q
# FIXME: REDUCEBUG: the result is mod q, but the number is not reduced % q
# unless we apply the % q. figure out why charm-crypto does it this way.
s = (k + e * x) % q
assert getMod(s) == q
# NOTE: when r_hashed != r, this is returning r = g^k, not r_hashed
return SchnorrSignature(self.r, s)
def testExponentiationReduces(self):
params = self.params
p = params.p
for i in range(0, 16):
x = params.group.random()
y = (params.g ** x)
yp = (params.g ** x) % p
#print "g=",params.g
#print "q=",params.q
#print "x=",x
#print "y=",y
#print "yp=",yp
assert getMod(y) == p
assert getMod(yp) == p
assert y == yp
def fails_testMultiplicationReduces(self):
q = self.params.q
a = (q - 1) % q
b = (q - 2) % q
c = a * b
for i in range(0, 1024):
c = c * a * b
assert getMod(a) == q
assert getMod(b) == q
assert getMod(c) == q
#print c
#print integer(c)
#print c % q
#assert integer(c % q) < q
assert integer(c) < q
def __init__(self, params, t=None):
assert isinstance(params, Params)
self.params = params
if t is None:
self.t = self.params.group.random()
else:
assert isinstance(t, integer)
assert getMod(t) == params.q
self.t = t
def __init__(self, params, x=None):
assert isinstance(params, Params)
self.params = params
if x is None:
self.x = self.params.group.random()
else:
assert isinstance(x, integer)
assert getMod(x) == params.q
self.x = x
def testDefaultParams(self):
p = self.params.p
q = self.params.q
g = self.params.g
assert getMod(g) == p
assert isPrime(p)
assert isPrime(q)
assert p != q
assert p == 2*q + 1
assert bitsize(p) >= 1024
assert bitsize(q) >= 1023
def testBasic(self):
msg = 'some message'
assert msg != msg[::-1] # will assume this below
pk = self.pk
sk = self.sk
p = self.params.p
q = self.params.q
signer = sk.getSigner()
sig = signer.sign(msg)
# Make sure this is a non-empty signature
assert sig.getR() is not None
assert sig.getS() is not None
assert signer.getK() is not None
assert getMod(signer.getK()) == q
assert getMod(sig.getS()) == q
assert getMod(sig.getR()) == p
assert sig.getR() > integer(0) % p
assert sig.getS() > integer(0) % q
assert signer.getK() > integer(0) % q
assert integer(sig.getR()) < p
print "s=",sig.getS()
print "integer(s)=",integer(sig.getS())
assert integer(sig.getS()) < q
assert integer(signer.getK()) < q
assert bitsize(sig.getR()) > 1
assert bitsize(sig.getS()) > 1
assert bitsize(signer.getK()) > 1
assert (self.params.g ** signer.getK()) == sig.getR()
# Make sure verifying the signed message succeeds
verifier = pk.getVerifier(sig)
assert verifier.verify(msg) == True
# Make sure verifying a different message fails
assert verifier.verify(msg + 'a') == False
assert verifier.verify('b' + msg) == False
msg = msg[::-1] # reverses string
assert verifier.verify(msg) == False
def testSecretKey(self):
params = DefaultParams
k_c = params.group.random()
lts = LongTermSecretKey(params)
sts = ShortTermSecretKey(params)
s = params.group.random()
sk1 = SecretKey(params, lts, sts, k_c, s)
sk2 = SecretKey.unserialize(params, sk1.serialize())
assert getMod(sk2.k_c) == params.q
assert getMod(sk2.getS()) == params.q
assert sk2.s == s
assert sk2.k_c == k_c
assert sk2.getX() == sk1.getX()
assert sk2.getT() == sk1.getT()
assert sk2.getS() == sk1.getS()
assert sk2.getParams().g == sk1.getParams().g
assert sk2.getParams().p == sk1.getParams().p
assert sk2.getParams().q == sk1.getParams().q
assert sk1 == sk2
def __init__(self, params, ltp, stp, r, kgcPk):
assert getMod(r) == params.p
assert isinstance(params, Params)
assert isinstance(ltp, LongTermPublicKey)
assert isinstance(stp, ShortTermPublicKey)
assert isinstance(kgcPk, LongTermPublicKey)
self.ltp = ltp
self.stp = stp
self.params = params
self.r = r
self.kgcPk = kgcPk
def testPublicKey(self):
params = DefaultParams
r = params.g ** params.group.random()
ltp = LongTermSecretKey(params).getPublicKey()
stp = ShortTermSecretKey(params).getPublicKey()
y_KGC = params.g ** params.group.random()
kgcPk = LongTermPublicKey(params, y_KGC)
pk1 = PublicKey(params, ltp, stp, r, kgcPk)
pk2 = PublicKey.unserialize(params, pk1.serialize())
assert getMod(pk2.getR()) == params.p
assert pk2.getR() == pk1.getR()
assert pk2.getU() == pk1.getU()
assert pk2.getY() == pk1.getY()
assert pk2.getKgcY() == pk1.getKgcY()
assert pk2.getParams().g == pk1.getParams().g
assert pk2.getParams().p == pk1.getParams().p
assert pk2.getParams().q == pk1.getParams().q
assert pk1 == pk2
def __init__(self, params, u):
assert isinstance(params, Params)
assert getMod(u) == params.p
self.params = params
self.u = u
def __init__(self, params, y):
assert isinstance(params, Params)
assert getMod(y) == params.p
self.params = params
self.y = y
def __eq__(self, other):
return isinstance(other, self.__class__) and\
getMod(self.y) == getMod(other.y) and\
self.y == other.y and\
self.params == other.params
def __init__(self, r, s):
# FIXME: REDUCEBUG
self.r = r % getMod(r)
self.s = s % getMod(s)
def testHashIsModQ(self):
r = self.params.g ** self.params.group.random()
h = self.params.groupHash('some message', r)
assert getMod(h) == self.params.q
assert getMod(h) != self.params.p
def __eq__(self, other):
return isinstance(other, self.__class__) and\
getMod(other.x) == getMod(self.x) and\
other.x == self.x and\
other.params == self.params
