本文整理汇总了Python中petlib.ec.EcGroup.check_point方法的典型用法代码示例。如果您正苦于以下问题:Python EcGroup.check_point方法的具体用法?Python EcGroup.check_point怎么用?Python EcGroup.check_point使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类petlib.ec.EcGroup的用法示例。
在下文中一共展示了EcGroup.check_point方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: mix_client_one_hop
# 需要导入模块: from petlib.ec import EcGroup [as 别名]
# 或者: from petlib.ec.EcGroup import check_point [as 别名]
def mix_client_one_hop(public_key, address, message):
"""
Encode a message to travel through a single mix with a set public key.
The maximum size of the final address and the message are 256 bytes and 1000 bytes respectively.
Returns an 'OneHopMixMessage' with four parts: a public key, an hmac (20 bytes),
an address ciphertext (256 + 2 bytes) and a message ciphertext (1002 bytes).
"""
G = EcGroup()
assert G.check_point(public_key)
assert isinstance(address, bytes) and len(address) <= 256
assert isinstance(message, bytes) and len(message) <= 1000
# Encode the address and message
# Use those as the payload for encryption
address_plaintext = pack("!H256s", len(address), address)
message_plaintext = pack("!H1000s", len(message), message)
## Generate a fresh public key
private_key = G.order().random()
client_public_key = private_key * G.generator()
#TODO ADD CODE HERE
return OneHopMixMessage(client_public_key, expected_mac, address_cipher, message_cipher)示例2: mix_server_one_hop
# 需要导入模块: from petlib.ec import EcGroup [as 别名]
# 或者: from petlib.ec.EcGroup import check_point [as 别名]
def mix_server_one_hop(private_key, message_list):
""" Implements the decoding for a simple one-hop mix.
Each message is decoded in turn:
- A shared key is derived from the message public key and the mix private_key.
- the hmac is checked against all encrypted parts of the message
- the address and message are decrypted, decoded and returned
"""
G = EcGroup()
out_queue = []
# Process all messages
for msg in message_list:
## Check elements and lengths
if not G.check_point(msg.ec_public_key) or \
not len(msg.hmac) == 20 or \
not len(msg.address) == 258 or \
not len(msg.message) == 1002:
raise Exception("Malformed input message")
## First get a shared key
shared_element = private_key * msg.ec_public_key
key_material = sha512(shared_element.export()).digest()
# Use different parts of the shared key for different operations
hmac_key = key_material[:16]
address_key = key_material[16:32]
message_key = key_material[32:48]
## Check the HMAC
h = Hmac(b"sha512", hmac_key)
h.update(msg.address)
h.update(msg.message)
expected_mac = h.digest()
print "my hmac: " + str(msg.hmac)
print "ex hmac: " + str(expected_mac[:20])
if not secure_compare(msg.hmac, expected_mac[:20]):
raise Exception("HMAC check failure")
## Decrypt the address and the message
iv = b"\x00"*16
address_plaintext = aes_ctr_enc_dec(address_key, iv, msg.address)
message_plaintext = aes_ctr_enc_dec(message_key, iv, msg.message)
# Decode the address and message
address_len, address_full = unpack("!H256s", address_plaintext)
message_len, message_full = unpack("!H1000s", message_plaintext)
output = (address_full[:address_len], message_full[:message_len])
out_queue += [output]
return sorted(out_queue)示例3: mix_client_one_hop
# 需要导入模块: from petlib.ec import EcGroup [as 别名]
# 或者: from petlib.ec.EcGroup import check_point [as 别名]
def mix_client_one_hop(public_key, address, message):
"""
Encode a message to travel through a single mix with a set public key.
The maximum size of the final address and the message are 256 bytes and 1000 bytes respectively.
Returns an 'OneHopMixMessage' with four parts: a public key, an hmac (20 bytes),
an address ciphertext (256 + 2 bytes) and a message ciphertext (1002 bytes).
"""
G = EcGroup()
assert G.check_point(public_key)
assert isinstance(address, bytes) and len(address) <= 256
assert isinstance(message, bytes) and len(message) <= 1000
# Encode the address and message
# Use those as the payload for encryption
address_plaintext = pack("!H256s", len(address), address)
message_plaintext = pack("!H1000s", len(message), message)
## Generate a fresh public key
private_key = G.order().random()
client_public_key = private_key * G.generator()
# generate shared element
shared = public_key.pt_mul(private_key)
material = sha512(shared.export()).digest()
# split shared key for different operations
hmac_key = material[:16]
address_key = material[16:32]
message_key = material[32:48]
# random inistialisation vector
iv = b"\x00"*16
# encoding address and message
address_cipher = aes_ctr_enc_dec(address_key, iv, address_plaintext)
message_cipher = aes_ctr_enc_dec(message_key, iv, message_plaintext)
# generate hmac h
h = Hmac(b"sha512",hmac_key)
h.update(address_cipher)
h.update(message_cipher)
expected_mac = h.digest()
expected_mac = expected_mac[:20]
return OneHopMixMessage(client_public_key, expected_mac, address_cipher, message_cipher)示例4: mix_client_one_hop
# 需要导入模块: from petlib.ec import EcGroup [as 别名]
# 或者: from petlib.ec.EcGroup import check_point [as 别名]
def mix_client_one_hop(public_key, address, message):
"""
Encode a message to travel through a single mix with a set public key.
The maximum size of the final address and the message are 256 bytes and 1000 bytes respectively.
Returns an 'OneHopMixMessage' with four parts: a public key, an hmac (20 bytes),
an address ciphertext (256 + 2 bytes) and a message ciphertext (1002 bytes).
"""
G = EcGroup()
assert G.check_point(public_key)
assert isinstance(address, bytes) and len(address) <= 256
assert isinstance(message, bytes) and len(message) <= 1000
# Encode the address and message
# Use those as the payload for encryption
address_plaintext = pack("!H256s", len(address), address)
message_plaintext = pack("!H1000s", len(message), message)
## Generate a fresh public key
private_key = G.order().random()
client_public_key = private_key * G.generator()
encryption_key = private_key * public_key
ek = sha512(encryption_key.export()).digest()
#TODO ADD CODE HERE
#get coresponding key parts
hmac_key = ek[:16]
address_key = ek[16:32]
message_key = ek[32:48]
#encrypt
iv = b"\x00"*16
address_cipher = aes_ctr_enc_dec(address_key, iv, address_plaintext)
message_cipher = aes_ctr_enc_dec(message_key, iv, message_plaintext)
#calculate mac
h = Hmac(b"sha512", hmac_key)
h.update(address_cipher)
h.update(message_cipher)
expected_mac = h.digest()
expected_mac = expected_mac[:20]
return OneHopMixMessage(client_public_key, expected_mac, address_cipher, message_cipher)示例5: mix_server_n_hop
# 需要导入模块: from petlib.ec import EcGroup [as 别名]
# 或者: from petlib.ec.EcGroup import check_point [as 别名]
def mix_server_n_hop(private_key, message_list, use_blinding_factor=False, final=False):
""" Decodes a NHopMixMessage message and outputs either messages destined
to the next mix or a list of tuples (address, message) (if final=True) to be
sent to their final recipients.
Broadly speaking the mix will process each message in turn:
- it derives a shared key (using its private_key),
- checks the first hmac,
- decrypts all other parts,
- Either forwards or decodes the message.
The implementation of the blinding factor is optional and therefore only activated
in the bonus tests.
"""
G = EcGroup()
out_queue = []
# Process all messages
for msg in message_list:
## Check elements and lengths
if not G.check_point(msg.ec_public_key) or \
not isinstance(msg.hmacs, list) or \
not len(msg.hmacs[0]) == 20 or \
not len(msg.address) == 258 or \
not len(msg.message) == 1002:
raise Exception("Malformed input message")
## First get a shared key
shared_element = private_key * msg.ec_public_key
key_material = sha512(shared_element.export()).digest()
# Use different parts of the shared key for different operations
hmac_key = key_material[:16]
address_key = key_material[16:32]
message_key = key_material[32:48]
# Extract a blinding factor for the public_key
# (only if you're brave enough for the bonus task)
new_ec_public_key = msg.ec_public_key
if (use_blinding_factor):
blinding_factor = Bn.from_binary(key_material[48:])
new_ec_public_key = blinding_factor * msg.ec_public_key
## Check the HMAC
h = Hmac(b"sha512", hmac_key)
for other_mac in msg.hmacs[1:]:
h.update(other_mac)
h.update(msg.address)
h.update(msg.message)
expected_mac = h.digest()
if not secure_compare(msg.hmacs[0], expected_mac[:20]):
raise Exception("HMAC check failure")
# Decrypt hmacs
new_hmacs = []
for i, other_mac in enumerate(msg.hmacs[1:]):
# Ensure the IV is different for each hmac
iv = pack("H14s", i, b"\x00"*14)
hmac_plaintext = aes_ctr_enc_dec(hmac_key, iv, other_mac)
new_hmacs += [hmac_plaintext]
# Decrypt address & message
iv = b"\x00"*16
address_plaintext = aes_ctr_enc_dec(address_key, iv, msg.address)
message_plaintext = aes_ctr_enc_dec(message_key, iv, msg.message)
if final:
# Decode the address and message
address_len, address_full = unpack("!H256s", address_plaintext)
message_len, message_full = unpack("!H1000s", message_plaintext)
out_msg = (address_full[:address_len], message_full[:message_len])
out_queue += [out_msg]
else:
# Pass the new mix message to the next mix
out_msg = NHopMixMessage(new_ec_public_key, new_hmacs, address_plaintext, message_plaintext)
out_queue += [out_msg]
return out_queue示例6: test_protocol
# 需要导入模块: from petlib.ec import EcGroup [as 别名]
# 或者: from petlib.ec.EcGroup import check_point [as 别名]
def test_protocol():
# Parameters of the BL schemes
G = EcGroup(713)
q = G.order()
g = G.hash_to_point(b"g")
h = G.hash_to_point(b"h")
z = G.hash_to_point(b"z")
hs = [G.hash_to_point(("h%s" % i).encode("utf8")) for i in range(100)]
# Inputs from user
R = q.random()
L1 = 10
L2 = 20 #age
C = R * hs[0] + L1 * hs[1] + L2 * hs[2]
m = b"Hello World!"
# Inputs from the Issuer
# TODO: check ZK on C
x = q.random()
y = x * g
# Preparation
rnd = q.random()
z1 = C + rnd * g
z2 = z + (-z1)
## Send: (rnd,) to user
if rnd % q == 0:
raise
z1 = C + rnd * g
gam = q.random()
zet = gam * z
zet1 = gam * z1
zet2 = zet + (-zet1)
tau = q.random()
eta = tau * z
# Validation: Issuer
u, r1p, r2p, cp = [q.random() for _ in range(4)]
a = u * g
a1p = r1p * g + cp * z1
a2p = r2p * h + cp * z2
## Send(a, ap = (a1p, a2p))
# User side
assert G.check_point(a)
assert G.check_point(a1p)
assert G.check_point(a2p)
t1, t2, t3, t4, t5 = [q.random() for _ in range(5)]
alph = a + t1 * g + t2 * y
alph1 = gam * a1p + t3 * g + t4 * zet1
alph2 = gam * a2p + t5 * h + t4 * zet2
# Make epsilon
H = [zet, zet1, alph, alph1, alph2, eta]
Hstr = list(map(EcPt.export, H)) + [m]
Hhex = b"|".join(map(b64encode, Hstr))
epsilon = Bn.from_binary(sha256(Hhex).digest()) % q
e = epsilon.mod_sub(t2, q).mod_sub(t4, q)
## Send: (e,) to Issuer
c = e.mod_sub(cp, q)
r = u.mod_sub((c * x), q)
## Send: (c,r, cp, rp = (r1p, r2p)) to User
ro = r.mod_add(t1, q)
om = c.mod_add(t2, q)
ro1p = (gam * r1p + t3) % q
ro2p = (gam * r2p + t5) % q
omp = (cp + t4) % q
mu = (tau - omp * gam) % q
signature = (m, zet, zet1, zet2, om, omp, ro, ro1p, ro2p)
gam_hs = [gam * hsi for hsi in hs]
zet1p = zet1 - L2 * gam_hs[2]
# Check verification equation
lhs = (om + omp) % q
rhs_h = [zet, zet1p,
ro * g + om * y,
ro1p * g + omp * zet1p,
ro2p * h + omp * zet2, ## problem
mu * z + omp * zet]
Hstr = list(map(EcPt.export, rhs_h)) + [m]
Hhex = b"|".join(map(b64encode, Hstr))
rhs = Bn.from_binary(sha256(Hhex).digest()) % q
# Check the (future) ZK proof
assert zet == gam * z
gam_hs = [gam * hsi for hsi in hs]
gam_g = gam * g
#assert rnd * gam_g + R * gam_hs[0] + L1 * gam_hs[1] + L2 * gam_hs[2] == zet1
assert rnd * gam_g + R * gam_hs[0] + L1 * gam_hs[1] == zet1 - L2 * gam_hs[2]
#.........这里部分代码省略.........