def do_second_mixed_test(): subcredential = os.urandom(32) client_ephemeral_enc_privkey = PrivateKey() client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() intro_enc_privkey = PrivateKey() intro_enc_pubkey = intro_enc_privkey.get_public() # service-side enc key intro_auth_pubkey_str = os.urandom(32) # Let's do mixed client_enc_key, client_mac_key = tor_client1(intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_privkey, subcredential) assert(client_enc_key) assert(client_mac_key) service_enc_key, service_mac_key, service_ntor_key_seed, service_ntor_auth_mac, service_ephemeral_pubkey = service_part1(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) client_ntor_auth_mac, client_ntor_key_seed = tor_client2(intro_auth_pubkey_str, client_ephemeral_enc_privkey, intro_enc_pubkey, service_ephemeral_pubkey, subcredential) assert(client_ntor_auth_mac) assert(client_ntor_key_seed) assert(client_ntor_key_seed == service_ntor_key_seed) assert(client_ntor_auth_mac == service_ntor_auth_mac) print("DONE: 2nd mixed dance [%s]" % repr(client_ntor_auth_mac))
def do_pure_python_ntor_test(): # Initialize all needed key material client_ephemeral_enc_privkey = PrivateKey() client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() intro_enc_privkey = PrivateKey() intro_enc_pubkey = intro_enc_privkey.get_public() intro_auth_pubkey_str = os.urandom(32) subcredential = os.urandom(32) client_enc_key, client_mac_key = client_part1( intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, subcredential) service_enc_key, service_mac_key, service_ntor_key_seed, service_auth_input_mac, service_ephemeral_pubkey = service_part1( intro_auth_pubkey_str, client_ephemeral_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) assert (client_enc_key == service_enc_key) assert (client_mac_key == service_mac_key) client_ntor_key_seed, client_auth_input_mac = client_part2( intro_auth_pubkey_str, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, intro_enc_pubkey, service_ephemeral_pubkey) assert (client_ntor_key_seed == service_ntor_key_seed) assert (client_auth_input_mac == service_auth_input_mac) print("DONE: python dance [%s]" % repr(client_auth_input_mac))
def service_part1(intro_auth_pubkey_str, client_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential): intro_enc_key, intro_mac_key = intro2_ntor_service(intro_auth_pubkey_str, client_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) assert (intro_enc_key) assert (intro_mac_key) service_ephemeral_privkey = PrivateKey() service_ephemeral_pubkey = service_ephemeral_privkey.get_public() dh_result1 = service_ephemeral_privkey.get_shared_key( client_enc_pubkey, hash_nil) dh_result2 = intro_enc_privkey.get_shared_key(client_enc_pubkey, hash_nil) rend_secret_hs_input = dh_result1 + dh_result2 + intro_auth_pubkey_str + intro_enc_pubkey.serialize( ) + client_enc_pubkey.serialize() + service_ephemeral_pubkey.serialize( ) + PROTOID assert (len(rend_secret_hs_input) == REND_SECRET_LEN) ntor_key_seed = mac(rend_secret_hs_input, T_HSENC) verify = mac(rend_secret_hs_input, T_HSVERIFY) auth_input = verify + intro_auth_pubkey_str + intro_enc_pubkey.serialize( ) + service_ephemeral_pubkey.serialize() + client_enc_pubkey.serialize( ) + PROTOID + b"Server" assert (len(auth_input) == AUTH_INPUT_LEN) auth_input_mac = mac(auth_input, T_HSMAC) assert (ntor_key_seed) assert (auth_input_mac) assert (service_ephemeral_pubkey) return intro_enc_key, intro_mac_key, ntor_key_seed, auth_input_mac, service_ephemeral_pubkey
def do_little_t_tor_ntor_test(): # Initialize all needed key material subcredential = os.urandom(32) client_ephemeral_enc_privkey = PrivateKey() client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() intro_enc_privkey = PrivateKey() intro_enc_pubkey = intro_enc_privkey.get_public() # service-side enc key intro_auth_pubkey_str = os.urandom(32) client_enc_key, client_mac_key = tor_client1(intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_privkey, subcredential) assert (client_enc_key) assert (client_mac_key) service_enc_key, service_mac_key, service_ntor_auth_mac, service_ntor_key_seed, service_eph_pubkey = tor_server1( intro_auth_pubkey_str, intro_enc_privkey, client_ephemeral_enc_pubkey, subcredential) assert (service_enc_key) assert (service_mac_key) assert (service_ntor_auth_mac) assert (service_ntor_key_seed) assert (client_enc_key == service_enc_key) assert (client_mac_key == service_mac_key) # Turn from bytes to key service_eph_pubkey = curve25519mod.Public(service_eph_pubkey) client_ntor_auth_mac, client_ntor_key_seed = tor_client2( intro_auth_pubkey_str, client_ephemeral_enc_privkey, intro_enc_pubkey, service_eph_pubkey, subcredential) assert (client_ntor_auth_mac) assert (client_ntor_key_seed) assert (client_ntor_key_seed == service_ntor_key_seed) assert (client_ntor_auth_mac == service_ntor_auth_mac) print("DONE: tor dance [%s]" % repr(client_ntor_auth_mac))
def do_first_mixed_test(): subcredential = os.urandom(32) client_ephemeral_enc_privkey = PrivateKey() client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() intro_enc_privkey = PrivateKey() intro_enc_pubkey = intro_enc_privkey.get_public() # service-side enc key intro_auth_pubkey_str = os.urandom(32) # Let's do mixed client_enc_key, client_mac_key = client_part1(intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, subcredential) service_enc_key, service_mac_key, service_ntor_auth_mac, service_ntor_key_seed, service_eph_pubkey = tor_server1(intro_auth_pubkey_str, intro_enc_privkey, client_ephemeral_enc_pubkey, subcredential) assert(service_enc_key) assert(service_mac_key) assert(service_ntor_auth_mac) assert(service_ntor_key_seed) assert(service_eph_pubkey) assert(client_enc_key == service_enc_key) assert(client_mac_key == service_mac_key) # Turn from bytes to key service_eph_pubkey = curve25519mod.Public(service_eph_pubkey) client_ntor_key_seed, client_auth_input_mac = client_part2(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, intro_enc_pubkey, service_eph_pubkey) assert(client_auth_input_mac == service_ntor_auth_mac) assert(client_ntor_key_seed == service_ntor_key_seed) print("DONE: 1st mixed dance [%s]" % repr(client_auth_input_mac))
def do_little_t_tor_ntor_test(): # Initialize all needed key material subcredential = os.urandom(32) client_ephemeral_enc_privkey = PrivateKey() client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() intro_enc_privkey = PrivateKey() intro_enc_pubkey = intro_enc_privkey.get_public() # service-side enc key intro_auth_pubkey_str = os.urandom(32) client_enc_key, client_mac_key = tor_client1(intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_privkey, subcredential) assert(client_enc_key) assert(client_mac_key) service_enc_key, service_mac_key, service_ntor_auth_mac, service_ntor_key_seed, service_eph_pubkey = tor_server1(intro_auth_pubkey_str, intro_enc_privkey, client_ephemeral_enc_pubkey, subcredential) assert(service_enc_key) assert(service_mac_key) assert(service_ntor_auth_mac) assert(service_ntor_key_seed) assert(client_enc_key == service_enc_key) assert(client_mac_key == service_mac_key) # Turn from bytes to key service_eph_pubkey = curve25519mod.Public(service_eph_pubkey) client_ntor_auth_mac, client_ntor_key_seed = tor_client2(intro_auth_pubkey_str, client_ephemeral_enc_privkey, intro_enc_pubkey, service_eph_pubkey, subcredential) assert(client_ntor_auth_mac) assert(client_ntor_key_seed) assert(client_ntor_key_seed == service_ntor_key_seed) assert(client_ntor_auth_mac == service_ntor_auth_mac) print("DONE: tor dance [%s]" % repr(client_ntor_auth_mac))
def do_pure_python_ntor_test(): # Initialize all needed key material client_ephemeral_enc_privkey = PrivateKey() client_ephemeral_enc_pubkey = client_ephemeral_enc_privkey.get_public() intro_enc_privkey = PrivateKey() intro_enc_pubkey = intro_enc_privkey.get_public() intro_auth_pubkey_str = os.urandom(32) subcredential = os.urandom(32) client_enc_key, client_mac_key = client_part1(intro_auth_pubkey_str, intro_enc_pubkey, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, subcredential) service_enc_key, service_mac_key, service_ntor_key_seed, service_auth_input_mac, service_ephemeral_pubkey = service_part1(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) assert(client_enc_key == service_enc_key) assert(client_mac_key == service_mac_key) client_ntor_key_seed, client_auth_input_mac = client_part2(intro_auth_pubkey_str, client_ephemeral_enc_pubkey, client_ephemeral_enc_privkey, intro_enc_pubkey, service_ephemeral_pubkey) assert(client_ntor_key_seed == service_ntor_key_seed) assert(client_auth_input_mac == service_auth_input_mac) print("DONE: python dance [%s]" % repr(client_auth_input_mac))
def service_part1(intro_auth_pubkey_str, client_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential): intro_enc_key, intro_mac_key = intro2_ntor_service(intro_auth_pubkey_str, client_enc_pubkey, intro_enc_privkey, intro_enc_pubkey, subcredential) assert(intro_enc_key) assert(intro_mac_key) service_ephemeral_privkey = PrivateKey() service_ephemeral_pubkey = service_ephemeral_privkey.get_public() dh_result1 = service_ephemeral_privkey.get_shared_key(client_enc_pubkey, hash_nil) dh_result2 = intro_enc_privkey.get_shared_key(client_enc_pubkey, hash_nil) rend_secret_hs_input = dh_result1 + dh_result2 + intro_auth_pubkey_str + intro_enc_pubkey.serialize() + client_enc_pubkey.serialize() + service_ephemeral_pubkey.serialize() + PROTOID assert(len(rend_secret_hs_input) == REND_SECRET_LEN) ntor_key_seed = mac(rend_secret_hs_input, T_HSENC) verify = mac(rend_secret_hs_input, T_HSVERIFY) auth_input = verify + intro_auth_pubkey_str + intro_enc_pubkey.serialize() + service_ephemeral_pubkey.serialize() + client_enc_pubkey.serialize() + PROTOID + b"Server" assert(len(auth_input) == AUTH_INPUT_LEN) auth_input_mac = mac(auth_input, T_HSMAC) assert(ntor_key_seed) assert(auth_input_mac) assert(service_ephemeral_pubkey) return intro_enc_key, intro_mac_key, ntor_key_seed, auth_input_mac, service_ephemeral_pubkey