Split work to Alice and Bob, Alice sends salt for KDF
This commit is contained in:
parent
1aca203119
commit
27ccbc0141
62
main.py
62
main.py
@ -4,47 +4,77 @@ import pickle
|
|||||||
import Crypto.Random
|
import Crypto.Random
|
||||||
import Crypto.Cipher.AES
|
import Crypto.Cipher.AES
|
||||||
import Crypto.Protocol.KDF
|
import Crypto.Protocol.KDF
|
||||||
|
import contextlib
|
||||||
|
|
||||||
m0 = b"alice"
|
curve = curves.Curve.get_curve("NIST-P224")
|
||||||
m1 = b"bob"
|
|
||||||
c = False
|
|
||||||
|
|
||||||
curve = curves.Curve.get_curve('NIST-P224')
|
|
||||||
q = curve.size
|
q = curve.size
|
||||||
g = curve.generator
|
g = curve.generator
|
||||||
|
|
||||||
salt = Crypto.Random.get_random_bytes(16)
|
|
||||||
|
|
||||||
def H(p: curves.Point) -> bytes:
|
def H(p: curves.Point, salt: bytes) -> bytes:
|
||||||
print("H({p})")
|
|
||||||
secret = pickle.dumps((p.x, p.y), protocol=4)
|
secret = pickle.dumps((p.x, p.y), protocol=4)
|
||||||
key = Crypto.Protocol.KDF.scrypt(secret, salt, 16, N=2**14, r=8, p=1)
|
key = Crypto.Protocol.KDF.scrypt(secret, salt, 16, N=2**14, r=8, p=1)
|
||||||
return key[:32] # first 32 bytes of generated key
|
return key[:32] # first 32 bytes of generated key
|
||||||
|
|
||||||
|
|
||||||
def E(key: bytes, message: bytes) -> tuple[bytes, bytes]:
|
def E(key: bytes, message: bytes) -> tuple[bytes, bytes]:
|
||||||
cipher = Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CTR)
|
cipher = Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CTR)
|
||||||
ct = cipher.encrypt(message)
|
ct = cipher.encrypt(message)
|
||||||
return (ct, cipher.nonce)
|
return (ct, cipher.nonce)
|
||||||
|
|
||||||
|
|
||||||
def D(key: bytes, encrypted_with_nonce: tuple[bytes, bytes]) -> bytes:
|
def D(key: bytes, encrypted_with_nonce: tuple[bytes, bytes]) -> bytes:
|
||||||
ct, nonce = encrypted_with_nonce
|
ct, nonce = encrypted_with_nonce
|
||||||
cipher = Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CTR, nonce=nonce)
|
cipher = Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_CTR, nonce=nonce)
|
||||||
return cipher.decrypt(ct)
|
return cipher.decrypt(ct)
|
||||||
|
|
||||||
|
|
||||||
|
########################################################
|
||||||
|
# Workers
|
||||||
|
########################################################
|
||||||
|
|
||||||
|
|
||||||
|
def alice(m0: bytes, m1: bytes):
|
||||||
a = 1 + secrets.randbelow(q)
|
a = 1 + secrets.randbelow(q)
|
||||||
b = 1 + secrets.randbelow(q)
|
|
||||||
|
|
||||||
A = curve.mul_point(a, g)
|
A = curve.mul_point(a, g)
|
||||||
|
B = yield A
|
||||||
|
|
||||||
|
salt = Crypto.Random.get_random_bytes(16)
|
||||||
|
|
||||||
|
k0 = H(curve.mul_point(a, B), salt)
|
||||||
|
k1 = H(curve.mul_point(a, curve.sub_point(B, A)), salt)
|
||||||
|
e0 = E(k0, m0)
|
||||||
|
e1 = E(k1, m1)
|
||||||
|
yield e0, e1, salt
|
||||||
|
|
||||||
|
|
||||||
|
def bob(c: bool):
|
||||||
|
b = 1 + secrets.randbelow(q)
|
||||||
|
A = yield
|
||||||
B = curve.mul_point(b, g)
|
B = curve.mul_point(b, g)
|
||||||
if c:
|
if c:
|
||||||
B = curve.add_point(A, B)
|
B = curve.add_point(A, B)
|
||||||
|
|
||||||
k0 = H(curve.mul_point(a, B))
|
e0, e1, salt = yield B
|
||||||
k1 = H(curve.mul_point(a, curve.sub_point(B, A)))
|
kc = H(curve.mul_point(b, A), salt)
|
||||||
e0 = E(k0, m0)
|
|
||||||
e1 = E(k1, m1)
|
|
||||||
|
|
||||||
kc = H(curve.mul_point(b, A))
|
|
||||||
print(D(kc, e1 if c else e0))
|
print(D(kc, e1 if c else e0))
|
||||||
|
|
||||||
|
|
||||||
|
########################################################
|
||||||
|
# Arrows
|
||||||
|
########################################################
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
with contextlib.suppress(StopIteration):
|
||||||
|
a = alice(b"msg one", b"msg two")
|
||||||
|
b = bob(True)
|
||||||
|
A = a.send(None)
|
||||||
|
b.send(None)
|
||||||
|
B = b.send(A)
|
||||||
|
encrypted = a.send(B)
|
||||||
|
b.send(encrypted)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
|
Loading…
Reference in New Issue
Block a user