Files
@ 6511b6f4f6c0
Branch filter:
Location: Shamira/src/shamira.py - annotation
6511b6f4f6c0
3.1 KiB
text/x-python
added printable condensed version
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 | 8968eab714bc 8968eab714bc 438dcebc9c63 9ccd379021d5 9ccd379021d5 90fb179128d4 438dcebc9c63 438dcebc9c63 438dcebc9c63 438dcebc9c63 3907396d80a5 90fb179128d4 438dcebc9c63 438dcebc9c63 438dcebc9c63 438dcebc9c63 438dcebc9c63 9ccd379021d5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 9ccd379021d5 438dcebc9c63 438dcebc9c63 9ccd379021d5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 db65075fe7e0 db65075fe7e0 db65075fe7e0 90fb179128d4 90fb179128d4 db65075fe7e0 9ccd379021d5 9ccd379021d5 9ccd379021d5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 3907396d80a5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9c496886dde9 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9c496886dde9 9c496886dde9 9ccd379021d5 9ccd379021d5 9ccd379021d5 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 90fb179128d4 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 90fb179128d4 90fb179128d4 90fb179128d4 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9ccd379021d5 9c496886dde9 9c496886dde9 | # GNU GPLv3, see LICENSE
import os
import re
import base64
import binascii
import gf256
def _shareByte(secretB,k,n):
assert k<=n<255
coefs=[int(secretB)]+[int(b) for b in os.urandom(k-1)]
points=[gf256.evaluate(coefs,i) for i in range(1,n+1)]
return points
def generateRaw(secret,k,n):
"""Splits secret into shares.
:param secret: (bytes)
:param k: number of shares necessary for secret recovery. 1 <= k <= n
:param n: (int) number of shares generated. 1 <= n < 255
:return: [(i, (bytes) share), ...]"""
shares=[_shareByte(b,k,n) for b in secret]
return [(i+1, bytes([s[i] for s in shares])) for i in range(n)]
def reconstructRaw(*shares):
"""Tries to recover the secret from its shares.
:param shares: ((i, (bytes) share), ...)
:return: (bytes) reconstructed secret. Too few shares returns garbage."""
secretLen=len(shares[0][1])
res=[None]*secretLen
for i in range(secretLen):
points=[(x,s[i]) for (x,s) in shares]
res[i]=(gf256.getConstantCoef(*points))
return bytes(res)
def generate(secret,k,n,encoding="b32"):
"""Wraps generateRaw().
:param secret: (str or bytes)
:param k: number of shares necessary for secret recovery
:param n: number of shares generated
:param encoding: {hex, b32, b64} desired output encoding. Hexadecimal, Base32 or Base64.
:return: [(str) share, ...]"""
if isinstance(secret,str):
secret=secret.encode("utf-8")
shares=generateRaw(secret,k,n)
return [encode(s,encoding) for s in shares]
def reconstruct(*shares,encoding="",raw=False):
"""Wraps reconstructRaw.
:param shares: ((str) share, ...)
:param encoding: {hex, b32, b64, ""} encoding of share strings. If not provided or empty, the function tries to guess it.
:param raw: (bool) whether to return bytes (True) or str (False)
:return: (str or bytes) reconstructed secret. Too few shares returns garbage."""
if not encoding:
encoding=detectEncoding(shares)
bs=reconstructRaw(*(decode(s,encoding) for s in shares))
return bs if raw else bs.decode(encoding="utf-8")
def encode(share,encoding="b32"):
if encoding=="hex": f=base64.b16encode
elif encoding=="b32": f=base64.b32encode
else: f=base64.b64encode
(i,bs)=share
return "{0}.{1}".format(i,f(bs).decode("utf-8"))
def decode(share,encoding="b32"):
try:
(i,_,shareStr)=share.partition(".")
i=int(i)
if not 1<=i<=255:
raise ValueError()
if encoding=="hex": f=base64.b16decode
elif encoding=="b32": f=base64.b32decode
else: f=base64.b64decode
shareBytes=f(shareStr)
return (i,shareBytes)
except (ValueError,binascii.Error):
raise ValueError('bad share format: share="{0}", encoding="{1}"'.format(share,encoding))
def detectEncoding(shares):
classes=[
(re.compile(r"\d+\.([0-9A-F]{2})+"), "hex"),
(re.compile(r"\d+\.([A-Z2-7]{8})*([A-Z2-7]{8}|[A-Z2-7]{2}={6}|[A-Z2-7]{4}={4}|[A-Z2-7]{5}={3}|[A-Z2-7]{7}={1})"), "b32"),
(re.compile(r"\d+\.([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{4}|[A-Za-z0-9+/]{2}={2}|[A-Za-z0-9+/]{3}={1})"), "b64")
]
for (regexp, res) in classes:
if all(regexp.fullmatch(share) for share in shares):
return res
raise ValueError("no expected encoding detected")
if __name__=="__main__":
import cli
cli.run()
|