init
This commit is contained in:
commit
428d692283
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
__pycache__
|
||||||
|
exchange.bin
|
BIN
.utils.py.swp
Normal file
BIN
.utils.py.swp
Normal file
Binary file not shown.
46
README.md
Normal file
46
README.md
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
# Rekomendowane parametry/komponenty
|
||||||
|
|
||||||
|
## Punkt _a_ w dokumencie projektu
|
||||||
|
|
||||||
|
Interesują nas grupy dla Internet Key Exchange (IKE), jeżeli nie chcemy używać krzywych eliptycznych to użyjmy MODP-3072 z (RFC3526)[https://www.ietf.org/rfc/rfc3526.txt], jeżeli chcemy krzywe eliptyczne to można brać NIST P-224 – parametry dostępne są (tutaj)[https://safecurves.cr.yp.to/field.html].
|
||||||
|
```
|
||||||
|
MOPD-3072
|
||||||
|
|
||||||
|
prime = FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1
|
||||||
|
29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD
|
||||||
|
EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245
|
||||||
|
E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED
|
||||||
|
EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D
|
||||||
|
C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F
|
||||||
|
83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D
|
||||||
|
670C354E 4ABC9804 F1746C08 CA18217C 32905E46 2E36CE3B
|
||||||
|
E39E772C 180E8603 9B2783A2 EC07A28F B5C55DF0 6F4C52C9
|
||||||
|
DE2BCBF6 95581718 3995497C EA956AE5 15D22618 98FA0510
|
||||||
|
15728E5A 8AAAC42D AD33170D 04507A33 A85521AB DF1CBA64
|
||||||
|
ECFB8504 58DBEF0A 8AEA7157 5D060C7D B3970F85 A6E1E4C7
|
||||||
|
ABF5AE8C DB0933D7 1E8C94E0 4A25619D CEE3D226 1AD2EE6B
|
||||||
|
F12FFA06 D98A0864 D8760273 3EC86A64 521F2B18 177B200C
|
||||||
|
BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31
|
||||||
|
43DB5BFC E0FD108E 4B82D120 A93AD2CA FFFFFFFF FFFFFFFF
|
||||||
|
|
||||||
|
generator = 2
|
||||||
|
```
|
||||||
|
|
||||||
|
Dlaczego tak a nie inaczej – opiszę to #TODO
|
||||||
|
|
||||||
|
## Punkt _b_ w dokumencie projektu
|
||||||
|
|
||||||
|
KDF który proponuję to scrypt, ponieważ jest kosztowy obliczeniowo ORAZ pamięciowo.
|
||||||
|
|
||||||
|
(Tutaj)[https://datatracker.ietf.org/doc/html/rfc7914#section-2] można znaleźć rekomendowane parametry, ze względu na ilość wykonywnych operacji proponuję parametry:
|
||||||
|
```
|
||||||
|
N = 2 ** 14
|
||||||
|
r = 8
|
||||||
|
p = 1
|
||||||
|
```
|
||||||
|
poparte (tą prezentacją)[https://www.tarsnap.com/scrypt/scrypt-slides.pdf].
|
||||||
|
|
||||||
|
## Punkt _c_ w dokumencie projektu
|
||||||
|
|
||||||
|
Tutaj proponuję AES256 w trybie CouTeR, opisane np. (tutaj)[https://www.pycryptodome.org/src/cipher/classic#ctr-mode].
|
||||||
|
Do wygenerowania noncji może zostać użyty scrypt.
|
10
alice.py
Normal file
10
alice.py
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
from utils import generate_secret
|
||||||
|
from utils import prime, FILE
|
||||||
|
from Crypto.Math.Numbers import Integer, from_bytes
|
||||||
|
|
||||||
|
g = Integer(2)
|
||||||
|
a = generate_secret()
|
||||||
|
A_secret = pow(g, Integer.from_bytes(a), prime)
|
||||||
|
|
||||||
|
with open(FILE, 'wb') as f:
|
||||||
|
f.write(A_secret.to_bytes())
|
16
bob.py
Normal file
16
bob.py
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
from utils import generate_secret, coin_toss
|
||||||
|
from utils import prime, FILE
|
||||||
|
from Crypto.Math.Numbers import Integer
|
||||||
|
|
||||||
|
g = Integer(2)
|
||||||
|
b = generate_secret()
|
||||||
|
|
||||||
|
B_secret = pow(g, Integer.from_bytes(b), prime)
|
||||||
|
|
||||||
|
if coin_toss():
|
||||||
|
with open(FILE, 'r') as f:
|
||||||
|
A_secret = f.read()
|
||||||
|
B_secret = A_secret * B_secret
|
||||||
|
print('siup')
|
||||||
|
|
||||||
|
print(B_secret)
|
26
utils.py
Normal file
26
utils.py
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
from Crypto.PublicKey import ECC
|
||||||
|
from Crypto.Protocol.KDF import PBKDF2
|
||||||
|
from Crypto.Hash import SHA512
|
||||||
|
from Crypto.Random import get_random_bytes
|
||||||
|
from secrets import randbelow
|
||||||
|
|
||||||
|
FILE = 'exchange.bin'
|
||||||
|
|
||||||
|
prime = 0xffffffffffffffffffffffffffffffff000000000000000000000001
|
||||||
|
|
||||||
|
def generate_secret(c = 0):
|
||||||
|
# 'DER' format for byte output
|
||||||
|
return ECC.generate(curve='NIST P-224').export_key(format='DER')
|
||||||
|
|
||||||
|
def H(secret):
|
||||||
|
# secret should be bytearray[], pref. from generate_secret() function
|
||||||
|
salt = get_random_bytes(16)
|
||||||
|
key = PBKDF2(generate_secret(), salt, 64, count=1000000, hmac_hash_module=SHA512)
|
||||||
|
return key[32:] # first 32 bytes of generated key
|
||||||
|
|
||||||
|
def coin_toss():
|
||||||
|
x = randbelow(2 ** 64)
|
||||||
|
if x & 1:
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
return True
|
Loading…
Reference in New Issue
Block a user