def blind(self, msg, blind):
"""
Blinds a msg.
Args:
msg (bytes): Message to be blinded.
blind: The blind that was used on the msg. instance of Blind
Returns:
A byte string of the blinded msg on success, None otherwise
"""
if len(msg) != self.size or blind is None:
return None
ctx = _ssl.BN_CTX_new()
f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())
if _ssl.BN_mod_mul(f, f, blind.bn_A, self.bn_n, ctx) != 1:
logging.debug('Failed to blind msg')
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return None
blinded_msg = BNToBin(f, self.size)
# Free
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return blinded_msg
def revert_blind(self, msg, blind):
"""
Removes a blind r from the message.
Args:
msg (bytes): A blinded message.
blind: The blind that was used on the msg. instance of Blind
Returns:
A byte string of the unblinded msg on success, None otherwise
"""
if len(msg) != self.size or blind is None:
return None
ctx = _ssl.BN_CTX_new()
f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())
if _ssl.BN_mod_mul(f, f, blind.bn_ri, self.bn_n, ctx) != 1:
logging.debug('Failed to unblind msg')
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return None
unblinded_msg = BNToBin(f, self.size)
# Cleanup
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return unblinded_msg
def unblind(self, msg, blind):
"""
Unblinds a msg.
Args:
msg: A string - a blinded message.
len(msg) must equal self.size
blind: The blind that was used on the msg. instance of Blind
Returns:
A byte string of the unblinded msg on success, None otherwise
"""
if (len(msg) != self.size or blind is None):
return None
ctx = _ssl.BN_CTX_new()
f = _ssl.BN_bin2bn(msg, len(msg), _ssl.BN_new())
if _ssl.BN_mod_mul(f, f, blind.bn_Ai, self.bn_n, ctx) != 1:
logging.debug("Failed to unblind msg")
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return None
unblinded_msg = BNToBin(f, self.size)
# Cleanup
_ssl.BN_free(f)
_ssl.BN_CTX_free(ctx)
return unblinded_msg
def get_random(bits, mod=None):
"""
Returns a random byte string of size `bits`/8 bytes.
Args:
bits (int): The number of bits the random string should have.
mod (:obj:`ctypes.c_void_p`, optional): A pointer to a BN instance
Returns:
A byte strings of length `bits`/8 or None if an error occured
If mod is set the random byte string will have a value < mod
"""
ctx = _ssl.BN_CTX_new()
_ssl.BN_CTX_start(ctx)
r = _ssl.BN_CTX_get(ctx)
ret = _ssl.BN_CTX_get(ctx)
if mod:
if _ssl.BN_rand_range(r, mod) == 0:
logging.debug("get_random: failed to generate random number")
return None
while _ssl.BN_gcd(ret, r, mod, ctx) != 1:
logging.debug("R is not a relative prime")
if _ssl.BN_rand_range(r, mod) == 0:
logging.debug("get_random: failed to generate random number")
return None
else:
if _ssl.BN_rand(r, bits, 0, 1) == 0:
logging.debug("get_random: failed to generate random number")
return None
rand = BNToBin(r, bits // 8)
_ssl.BN_free(r)
_ssl.BN_free(ret)
_ssl.BN_CTX_end(ctx)
_ssl.BN_CTX_free(ctx)
return rand
def __init__(self, r, e, mod):
assert r is not None
assert e is not None
assert mod is not None
ctx = _ssl.BN_CTX_new()
self._free = []
self.r = r
self.bn_r = _ssl.BN_bin2bn(r, len(r), _ssl.BN_new()) # r
self.bn_Ai = _ssl.BN_mod_inverse(None, self.bn_r, mod, ctx) # r^-1
self.bn_A = _ssl.BN_new() # r^pk
if _ssl.BN_mod_exp(self.bn_A, self.bn_r, e, mod, ctx) != 1:
logging.debug("Failed to get r^pk")
self.bn_ri = _ssl.BN_new() # (r^-1)^pk
if _ssl.BN_mod_exp(self.bn_ri, self.bn_Ai, e, mod, ctx) != 1:
logging.debug("Failed to get (r^-1)^pk")
_ssl.BN_CTX_free(ctx)
self._free = [self.bn_r, self.bn_ri, self.bn_A, self.bn_Ai]
def multiply(self, z1, q2):
""" Computes `z1` * `q2^e` mod `n`
`e` is the rsa key public exponent
`n` is the rsa key modulus
Returns:
A byte string representing the result of the computation
"""
# Convert to BN
z1_bn = BinToBN(z1)
q2_bn = BinToBN(q2)
# Prep context
ctx = _ssl.BN_CTX_new()
_ssl.BN_CTX_start(ctx)
# Get q2 ^ e
ret = _ssl.BN_mod_exp(q2_bn, q2_bn, self.rsa_key.bn_e,
self.rsa_key.bn_n, ctx)
if ret != 1:
return None
# Multiply z1 * (q2 ^ e) mod n
ret = _ssl.BN_mod_mul(z1_bn, z1_bn, q2_bn, self.rsa_key.bn_n, ctx)
if ret != 1:
return None
result = BNToBin(z1_bn, self.rsa_key.size)
_ssl.BN_free(z1_bn)
_ssl.BN_free(q2_bn)
_ssl.BN_CTX_end(ctx)
_ssl.BN_CTX_free(ctx)
return result
def get_quotient(self, q1, q2):
""" Computes (`q2` / `q1`) mod `n`
`n` is the rsa key modulus
Returns:
A byte string representing the result of the computation
"""
# Convert to BN
q1_bn = BinToBN(q1)
q2_bn = BinToBN(q2)
if q1_bn is None or q2_bn is None:
return None
# Prep context
ctx = _ssl.BN_CTX_new()
_ssl.BN_CTX_start(ctx)
# Invert q1
_ssl.BN_mod_inverse(q1_bn, q1_bn, self.rsa_key.bn_n, ctx)
# Multiplty q2 * (q1)^-1
ret = _ssl.BN_mod_mul(q1_bn, q1_bn, q2_bn, self.rsa_key.bn_n, ctx)
if ret != 1:
return None
quotient = BNToBin(q1_bn, self.rsa_key.size)
_ssl.BN_free(q1_bn)
_ssl.BN_free(q2_bn)
_ssl.BN_CTX_end(ctx)
_ssl.BN_CTX_free(ctx)
return quotient