def test_serialize_number_compact(self): for number, string in ( (1231234, b'#c!E'), (0, b''), (255, b'$p'), (1231231231232, b'$?Pvfdc'), (13371337, b'5AkH'), (90, b'#!'), (89, b'~'), (256, b'$q')): self.assertEqual(seccure.serialize_number(number, fmt=seccure.SER_COMPACT), string) self.assertEqual(seccure.serialize_number(gmpy.mpz(number), fmt=seccure.SER_COMPACT), string) self.assertEqual(seccure.deserialize_number( string, fmt=seccure.SER_COMPACT), number) for number, string in ( (1231234, b'!!!!!!#c!E'), (0, b'!!!!!!!!!!'), (255, b'!!!!!!!!$p'), (1231231231232, b'!!!$?Pvfdc'), (13371337, b'!!!!!!5AkH'), (90, b'!!!!!!!!#!'), (89, b'!!!!!!!!!~'), (256, b'!!!!!!!!$q')): self.assertEqual( seccure.serialize_number(number, outlen=10, fmt=seccure.SER_COMPACT), string) self.assertEqual(seccure.deserialize_number(string, fmt=seccure.SER_COMPACT), number)
def test_serialize_number_binary(self): for number, string in ( (1231234, b'12c982'), (0, b''), (255, b'ff'), (1231231231232, b'011eab19a500'), (13371337, b'cc07c9'), (256, b'0100')): self.assertEqual( binascii.hexlify( seccure.serialize_number(number)), string) self.assertEqual(binascii.hexlify(seccure.serialize_number( gmpy.mpz(number))), string) self.assertEqual(seccure.deserialize_number( binascii.unhexlify(string)), number) for number, string in ( (1231234, b'0012c982'), (0, b'00000000'), (255, b'000000ff'), (13371337, b'00cc07c9'), (256, b'00000100')): self.assertEqual(binascii.hexlify( seccure.serialize_number(number, outlen=4)), string) self.assertEqual(binascii.hexlify( seccure.serialize_number(gmpy.mpz(number), outlen=4)), string) self.assertEqual(seccure.deserialize_number( binascii.unhexlify(string)), number)
def test_serialize_number_binary(self): for number, string in ( (1231234, b'12c982'), (0, b''), (255, b'ff'), (1231231231232, b'011eab19a500'), (13371337, b'cc07c9'), (256, b'0100')): self.assertEqual(binascii.hexlify(seccure.serialize_number(number)), string) self.assertEqual(binascii.hexlify(seccure.serialize_number( gmpy.mpz(number))), string) self.assertEqual(seccure.deserialize_number( binascii.unhexlify(string)), number) for number, string in ( (1231234, b'0012c982'), (0, b'00000000'), (255, b'000000ff'), (13371337, b'00cc07c9'), (256, b'00000100')): self.assertEqual(binascii.hexlify( seccure.serialize_number(number, outlen=4)), string) self.assertEqual(binascii.hexlify( seccure.serialize_number(gmpy.mpz(number), outlen=4)), string) self.assertEqual(seccure.deserialize_number( binascii.unhexlify(string)), number)
def test_serialize_number_compact(self): for number, string in ((1231234, b'#c!E'), (0, b''), (255, b'$p'), (1231231231232, b'$?Pvfdc'), (13371337, b'5AkH'), (90, b'#!'), (89, b'~'), (256, b'$q')): self.assertEqual( seccure.serialize_number(number, fmt=seccure.SER_COMPACT), string) self.assertEqual( seccure.serialize_number(gmpy.mpz(number), fmt=seccure.SER_COMPACT), string) self.assertEqual( seccure.deserialize_number(string, fmt=seccure.SER_COMPACT), number) for number, string in ((1231234, b'!!!!!!#c!E'), (0, b'!!!!!!!!!!'), (255, b'!!!!!!!!$p'), (1231231231232, b'!!!$?Pvfdc'), (13371337, b'!!!!!!5AkH'), (90, b'!!!!!!!!#!'), (89, b'!!!!!!!!!~'), (256, b'!!!!!!!!$q')): self.assertEqual( seccure.serialize_number(number, outlen=10, fmt=seccure.SER_COMPACT), string) self.assertEqual( seccure.deserialize_number(string, fmt=seccure.SER_COMPACT), number)
def do_sae(curve, password, addr1, addr2, rand1, mask1, rand2, mask2): counter = 1 addr1 = addr_to_bin(addr1) addr2 = addr_to_bin(addr2) p = serialize_number(curve.m) keylen = len(p) * 8 point = None while not point: print 'Counter: %d' % counter pwdseed = hmac_sha256(max(addr1, addr2) + min(addr1, addr2), password + chr(counter)) counter += 1 print 'Pwd-seed: %s' % binascii.hexlify(pwdseed) pwdval = kdfz(pwdseed, "SAE Hunting and Pecking", p, keylen) print 'Pwd-value: %s' % binascii.hexlify(pwdval) if bin_cmp(pwdval, p) >= 0: continue try: point = curve.point_from_string(pwdval) if not point.on_curve: point = None continue except: point = None continue print 'PWE: %s, %s' % (point.x, point.y) # generate commit scalar and commit element from each # party's randomly generated values r_a = deserialize_number(binascii.unhexlify(rand1)) m_a = deserialize_number(binascii.unhexlify(mask1)) r_b = deserialize_number(binascii.unhexlify(rand2)) m_b = deserialize_number(binascii.unhexlify(mask2)) s_a = (r_a + m_a) % curve.order E_a = point * m_a E_a.y = curve.m-E_a.y s_b = (r_b + m_b) % curve.order E_b = point * m_b E_b.y = curve.m-E_b.y print 'a commit scalar: %s' % binascii.hexlify(serialize_number(s_a)) print 'a commit elem x: %s' % binascii.hexlify(serialize_number(E_a.x)) print 'a commit elem y: %s' % binascii.hexlify(serialize_number(E_a.y)) print print 'b commit scalar: %s' % binascii.hexlify(serialize_number(s_b)) print 'b commit elem x: %s' % binascii.hexlify(serialize_number(E_b.x)) print 'b commit elem y: %s' % binascii.hexlify(serialize_number(E_b.y)) # generate shared secret K_a = (point * s_b + E_b) * r_a K_b = (point * s_a + E_a) * r_b print 'a k: %s' % binascii.hexlify(serialize_number(K_a.x)) print 'b k: %s' % binascii.hexlify(serialize_number(K_b.x)) print # generate KCK and PMK seed = hmac_sha256('\0'*32, serialize_number(K_a.x)) pmkid = (s_a + s_b) % curve.order kck_pmk = kdfz(seed, "SAE KCK and PMK", serialize_number(pmkid), 512) print 'KCK: %s' % binascii.hexlify(kck_pmk[0:32]) print 'PMK: %s' % binascii.hexlify(kck_pmk[32:]) print 'PMKID: %s' % binascii.hexlify(serialize_number(pmkid))