def testLongTermKeys(self): params = DefaultParams lts1 = LongTermSecretKey(params) ltp1 = lts1.getPublicKey() lts2 = LongTermSecretKey.unserialize(params, lts1.serialize()) ltp2 = LongTermPublicKey.unserialize(params, ltp1.serialize()) assert getMod(lts2.getX()) == params.q assert getMod(ltp2.getY()) == params.p assert lts1.getX() == lts2.getX() assert ltp1.getY() == ltp2.getY() assert lts1 == lts2 assert ltp1 == ltp2 msg1 = 'msg1' msg2 = 'msg2' signer1 = lts1.getSigner() signer2 = lts2.getSigner() sig1 = signer1.sign(msg1) sig2 = signer2.sign(msg2) assert ltp1.getVerifier(sig1).verify(msg1) == True assert ltp1.getVerifier(sig2).verify(msg2) == True assert ltp2.getVerifier(sig1).verify(msg1) == True assert ltp2.getVerifier(sig2).verify(msg2) == True
def __eq__(self, other): return isinstance(other, self.__class__) and\ self.ltp == other.ltp and\ self.stp == other.stp and\ getMod(self.r) == getMod(other.r) and\ self.r == other.r and\ self.kgcPk == other.kgcPk and\ self.params == other.params
def __eq__(self, other): return isinstance(other, self.__class__) and\ getMod(self.k_c) == getMod(other.k_c) and\ self.k_c == other.k_c and\ getMod(self.s) == getMod(other.s) and\ self.s == other.s and\ self.lts == other.lts and\ self.sts == other.sts and\ self.params == other.params
def __eq__(self, other): return isinstance(other, self.__class__) and\ self.group.p == other.group.p and\ self.group.q == other.group.q and\ self.group.r == other.group.r and\ self.p == other.p and\ self.q == other.q and\ getMod(self.g) == getMod(other.g) and\ self.g == other.g
def __init__(self, params, lts, sts, k_c, s): assert isinstance(params, Params) assert isinstance(lts, LongTermSecretKey) assert isinstance(sts, ShortTermSecretKey) assert getMod(s) == params.q assert getMod(k_c) == params.q self.lts = lts self.sts = sts self.params = params self.k_c = k_c self.s = s # this is just the s from the (r,s) SchnorrSignature
def testSchnorrSig(self): sk = LongTermSecretKey(DefaultParams) signer = sk.getSigner() sig = signer.sign('some random message') s = sig.serialize() sig2 = SchnorrSignature.unserialize(s) assert getMod(sig.getR()) == getMod(sig2.getR()) assert getMod(sig.getS()) == getMod(sig2.getS()) assert sig2.getR() == sig.getR() assert sig2.getS() == sig.getS() assert sig == sig2
def testShortTermKeys(self): params = DefaultParams sts1 = ShortTermSecretKey(params) stp1 = sts1.getPublicKey() sts2 = ShortTermSecretKey.unserialize(params, sts1.serialize()) stp2 = ShortTermPublicKey.unserialize(params, stp1.serialize()) assert getMod(sts2.getT()) == params.q assert getMod(stp2.getU()) == params.p assert sts1.getT() == sts2.getT() assert stp1.getU() == stp2.getU() assert stp1 == stp2 assert sts1 == sts2
def sign(self, m): e = self.params.groupHash(m, self.r_hashed) q = self.params.q k = self.k x = self.lts.getX() assert getMod(k) == q assert getMod(x) == q assert getMod(e) == q # FIXME: REDUCEBUG: the result is mod q, but the number is not reduced % q # unless we apply the % q. figure out why charm-crypto does it this way. s = (k + e * x) % q assert getMod(s) == q # NOTE: when r_hashed != r, this is returning r = g^k, not r_hashed return SchnorrSignature(self.r, s)
def testExponentiationReduces(self): params = self.params p = params.p for i in range(0, 16): x = params.group.random() y = (params.g ** x) yp = (params.g ** x) % p #print "g=",params.g #print "q=",params.q #print "x=",x #print "y=",y #print "yp=",yp assert getMod(y) == p assert getMod(yp) == p assert y == yp
def fails_testMultiplicationReduces(self): q = self.params.q a = (q - 1) % q b = (q - 2) % q c = a * b for i in range(0, 1024): c = c * a * b assert getMod(a) == q assert getMod(b) == q assert getMod(c) == q #print c #print integer(c) #print c % q #assert integer(c % q) < q assert integer(c) < q
def __init__(self, params, t=None): assert isinstance(params, Params) self.params = params if t is None: self.t = self.params.group.random() else: assert isinstance(t, integer) assert getMod(t) == params.q self.t = t
def __init__(self, params, x=None): assert isinstance(params, Params) self.params = params if x is None: self.x = self.params.group.random() else: assert isinstance(x, integer) assert getMod(x) == params.q self.x = x
def testDefaultParams(self): p = self.params.p q = self.params.q g = self.params.g assert getMod(g) == p assert isPrime(p) assert isPrime(q) assert p != q assert p == 2*q + 1 assert bitsize(p) >= 1024 assert bitsize(q) >= 1023
def testBasic(self): msg = 'some message' assert msg != msg[::-1] # will assume this below pk = self.pk sk = self.sk p = self.params.p q = self.params.q signer = sk.getSigner() sig = signer.sign(msg) # Make sure this is a non-empty signature assert sig.getR() is not None assert sig.getS() is not None assert signer.getK() is not None assert getMod(signer.getK()) == q assert getMod(sig.getS()) == q assert getMod(sig.getR()) == p assert sig.getR() > integer(0) % p assert sig.getS() > integer(0) % q assert signer.getK() > integer(0) % q assert integer(sig.getR()) < p print "s=",sig.getS() print "integer(s)=",integer(sig.getS()) assert integer(sig.getS()) < q assert integer(signer.getK()) < q assert bitsize(sig.getR()) > 1 assert bitsize(sig.getS()) > 1 assert bitsize(signer.getK()) > 1 assert (self.params.g ** signer.getK()) == sig.getR() # Make sure verifying the signed message succeeds verifier = pk.getVerifier(sig) assert verifier.verify(msg) == True # Make sure verifying a different message fails assert verifier.verify(msg + 'a') == False assert verifier.verify('b' + msg) == False msg = msg[::-1] # reverses string assert verifier.verify(msg) == False
def testSecretKey(self): params = DefaultParams k_c = params.group.random() lts = LongTermSecretKey(params) sts = ShortTermSecretKey(params) s = params.group.random() sk1 = SecretKey(params, lts, sts, k_c, s) sk2 = SecretKey.unserialize(params, sk1.serialize()) assert getMod(sk2.k_c) == params.q assert getMod(sk2.getS()) == params.q assert sk2.s == s assert sk2.k_c == k_c assert sk2.getX() == sk1.getX() assert sk2.getT() == sk1.getT() assert sk2.getS() == sk1.getS() assert sk2.getParams().g == sk1.getParams().g assert sk2.getParams().p == sk1.getParams().p assert sk2.getParams().q == sk1.getParams().q assert sk1 == sk2
def __init__(self, params, ltp, stp, r, kgcPk): assert getMod(r) == params.p assert isinstance(params, Params) assert isinstance(ltp, LongTermPublicKey) assert isinstance(stp, ShortTermPublicKey) assert isinstance(kgcPk, LongTermPublicKey) self.ltp = ltp self.stp = stp self.params = params self.r = r self.kgcPk = kgcPk
def testPublicKey(self): params = DefaultParams r = params.g ** params.group.random() ltp = LongTermSecretKey(params).getPublicKey() stp = ShortTermSecretKey(params).getPublicKey() y_KGC = params.g ** params.group.random() kgcPk = LongTermPublicKey(params, y_KGC) pk1 = PublicKey(params, ltp, stp, r, kgcPk) pk2 = PublicKey.unserialize(params, pk1.serialize()) assert getMod(pk2.getR()) == params.p assert pk2.getR() == pk1.getR() assert pk2.getU() == pk1.getU() assert pk2.getY() == pk1.getY() assert pk2.getKgcY() == pk1.getKgcY() assert pk2.getParams().g == pk1.getParams().g assert pk2.getParams().p == pk1.getParams().p assert pk2.getParams().q == pk1.getParams().q assert pk1 == pk2
def __init__(self, params, u): assert isinstance(params, Params) assert getMod(u) == params.p self.params = params self.u = u
def __init__(self, params, y): assert isinstance(params, Params) assert getMod(y) == params.p self.params = params self.y = y
def __eq__(self, other): return isinstance(other, self.__class__) and\ getMod(self.y) == getMod(other.y) and\ self.y == other.y and\ self.params == other.params
def __init__(self, r, s): # FIXME: REDUCEBUG self.r = r % getMod(r) self.s = s % getMod(s)
def testHashIsModQ(self): r = self.params.g ** self.params.group.random() h = self.params.groupHash('some message', r) assert getMod(h) == self.params.q assert getMod(h) != self.params.p
def __eq__(self, other): return isinstance(other, self.__class__) and\ getMod(other.x) == getMod(self.x) and\ other.x == self.x and\ other.params == self.params