-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcommitment.py
78 lines (61 loc) · 1.77 KB
/
commitment.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
"""
The Scantegrity commitment scheme
Ben Adida
2009-09-21
"""
import base64, hashlib, binascii
from Crypto.Cipher import AES
def aes_ecb(message, key):
"""
A simple AES ECB wrapper for a single block
"""
aes_cipher = AES.new(key, AES.MODE_ECB)
return aes_cipher.encrypt(message)
def sha256(message):
"""
A simple wrapper around SHA256 with byte-array output
"""
return hashlib.sha256(message).digest()
DEBUG = False
def debug(message):
if DEBUG:
print message
def commit(message, key_b64, constant):
"""
commit to a message with a given key and constant.
the message is a string / byte array
the key is a base64-encoded key
the constant is a base64-encoded constant
"""
# decode the base64 inputs
key = base64.b64decode(key_b64)
debug("key: %s " % binascii.hexlify(key))
# now feeding it decoded
#constant = base64.b64decode(constant_b64)
debug("constant: %s " % binascii.hexlify(constant))
# compute sak from const
sak = aes_ecb(constant, key)
debug("sak: %s " % binascii.hexlify(sak))
# compute h1 and h2
h1 = sha256(message + sak)
debug("h1: %s " % binascii.hexlify(h1))
h2 = sha256(message + aes_ecb(h1, sak))
debug("h2: %s " % binascii.hexlify(h2))
# concatenate and encode
return base64.b64encode(h1 + h2)
##
## TEST VECTOR
##
if __name__ == '__main__':
DEBUG = True
message = binascii.unhexlify('3004030102000301000200030104020001')
key_b64 = 'dWvJjTDof3YHWyOYvkIFoA=='
constant_b64 = 'UHJpbmNldG9uRWxlY3Rpbw=='
expected_b64 = 'EaYe2BToq529uzV7Re2vMdlqh38Wx3sjbcvnE/7qiWC6be1ytPGzQDsOotAUx2jkOpVThQo9zq+RRwDIQGxrjA=='
result = commit(message, key_b64, constant_b64)
debug("result: %s" % result)
if result == expected_b64:
print "GOOD!"
else:
print "BAD :("