def createDataMessage(self, message, flags=0, tlvs=None): # check MSGSTATE if self.theirKeyid == 0: raise InvalidParameterError if tlvs is None: tlvs = [] sess = self.sessionkeys[1][0] sess.sendctr.inc() logger.debug('create: enc={0!r} mac={1!r} ctr={2!r}' \ .format(sess.sendenc, sess.sendmac, sess.sendctr)) # plaintext + TLVS plainBuf = message + b'\0' + b''.join([ bytes(t) for t in tlvs]) encmsg = AESCTR(sess.sendenc, sess.sendctr).encrypt(plainBuf) msg = proto.DataMessage(flags, self.ourKeyid-1, self.theirKeyid, long_to_bytes(self.ourDHKey.pub), sess.sendctr.byteprefix(), encmsg, b'', b''.join(self.savedMacKeys)) self.savedMacKeys = [] msg.mac = SHA1HMAC(sess.sendmac, msg.getMacedData()) return msg
def check_equal_logs(self, logs, v): (r, c, d) = logs temp1 = pow(self.g1, d, DH_MODULUS) * pow(self.g3o, c, DH_MODULUS) % DH_MODULUS temp2 = pow(self.qab, d, DH_MODULUS) * pow(r, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def handleDHCommit(self, msg): self.encgx = msg.encgx self.hashgx = msg.hashgx self.state = STATE_AWAITING_REVEALSIG # Retourne g^y return proto.DHKey(long_to_bytes(self.dh.pub))
def check_equal_coords(self, coords, v): (p, q, c, d1, d2) = coords temp1 = pow(self.g3, d1, DH_MODULUS) * pow(p, c, DH_MODULUS) % DH_MODULUS temp2 = pow(self.g1, d1, DH_MODULUS) * pow(self.g2, d2, DH_MODULUS) * pow(q, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b"B", v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def check_equal_logs(self, logs, v): (r, c, d) = logs temp1 = pow(self.g1, d, DH_MODULUS) \ * pow(self.g3o, c, DH_MODULUS) % DH_MODULUS temp2 = pow(self.qab, d, DH_MODULUS) \ * pow(r, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def startAKE(self): self.r = long_to_bytes(getrandbits(128), 16) gxmpi = pack_mpi(self.dh.pub) self.hashgx = SHA256(gxmpi) self.encgx = AESCTR(self.r).encrypt(gxmpi) self.state = STATE_AWAITING_DHKEY return proto.DHCommit(self.encgx, self.hashgx)
def startAKE(self): self.r = long_to_bytes(random.getrandbits(128), 16) gxmpi = self.dh.get_serialized_pubKey() self.hashgx = HASH(gxmpi) self.encgx = AESCTR(self.r).encrypt(gxmpi) self.state = STATE_AWAITING_DHKEY return proto.DHCommit(self.encgx, self.hashgx)
def check_equal_coords(self, coords, v): (p, q, c, d1, d2) = coords temp1 = pow(self.g3, d1, DH_MODULUS) * pow(p, c, DH_MODULUS) \ % DH_MODULUS temp2 = pow(self.g1, d1, DH_MODULUS) \ * pow(self.g2, d2, DH_MODULUS) \ * pow(q, c, DH_MODULUS) % DH_MODULUS cprime = SHA256(struct.pack(b'B', v) + pack_mpi(temp1) + pack_mpi(temp2)) return long_to_bytes(c, 32) == cprime
def startAKE(self): # Nombre aléatoire r self.r = long_to_bytes(random.getrandbits(128), 16) gxmpi = pack_mpi(self.dh.pub) self.hashgx = SHA256(gxmpi) self.encgx = AESCTR(self.r).encrypt(gxmpi) self.state = STATE_AWAITING_DHKEY # Retourne AESr(g^x), SHA256(g^x) return proto.DHCommit(self.encgx, self.hashgx)
def sign(self, data): # 2 <= K <= q = 160bit = 20 byte K = bytes_to_long(RNG.read(19)) + 2 r, s = self.priv.sign(data, K) return long_to_bytes(r) + long_to_bytes(s)
def byteprefix(self): return long_to_bytes(self.prefix).rjust(8, b'\0')
def __call__(self): bytesuffix = long_to_bytes(self.val, 8) self.val += 1 return self.byteprefix() + bytesuffix
def byteprefix(self): return long_to_bytes(self.prefix, 8)
def __call__(self): val = long_to_bytes(self.val) prefix = long_to_bytes(self.prefix) self.val += 1 return self.byteprefix() + val.rjust(8, b'\0')
def check_known_log(c, d, g, x, v): gd = pow(g, d, DH_MODULUS) xc = pow(x, c, DH_MODULUS) gdxc = gd * xc % DH_MODULUS return HASH(struct.pack(b'B', v) + pack_mpi(gdxc)) == long_to_bytes(c, 32)
def handleDHCommit(self, msg): self.encgx = msg.encgx self.hashgx = msg.hashgx self.state = STATE_AWAITING_REVEALSIG return proto.DHKey(long_to_bytes(self.dh.pub))
def sign(self, data): # 2 <= K <= q K = random.randrange(2, self.priv.q) r, s = self.priv.sign(data, K) return long_to_bytes(r, 20) + long_to_bytes(s, 20)
def check_known_log(c, d, g, x, v): gd = pow(g, d, DH_MODULUS) xc = pow(x, c, DH_MODULUS) gdxc = gd * xc % DH_MODULUS return SHA256(struct.pack(b'B', v) + pack_mpi(gdxc)) == long_to_bytes(c, 32)
def sign(self, data): # 2 <= K <= q K = randrange(2, self.priv.q) r, s = self.priv.sign(data, K) return long_to_bytes(r, 20) + long_to_bytes(s, 20)