#### <center> Module 4d - Asymmetric Cryptographic Primitives - Digital Signing Algorithm
## <center> ENGR 580A2: Secure Vehicle and Industrial Networking
## <center> <img src="https://www.engr.colostate.edu/~jdaily/Systems-EN-CSU-1-C357.svg" width="600" /> 
### <center> Instructor: Dr. Jeremy Daily<br>Fall 2021

## Learning Objectives
By the end of this exercise, students should be able to
1. Use sign and verify messages using RSA
1. Use sign and verify messages using ECDSA
2. Use secure hash values to detect changes.

In [None]:
# Install some prequisites
# Be sure version 3.1 or higher is installed
%pip install --upgrade --user cryptography

In [None]:
# Import only the modules we need
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
import base64
import json

## Generate keys for Alice and Bob

In [None]:
#Alice needs to generate a key pair
private_key_for_alice = rsa.generate_private_key(
                         public_exponent=65537,
                         key_size=2048 # should use at least 4096, but smaller keys are easier to display
                        )
private_key_for_alice

In [None]:
#To send out the public key, we have to derive it from the private key and serialize it
public_key_for_alice = private_key_for_alice.public_key()
public_key_for_alice

In [None]:
#Let's serialize it so we can send it accross the network to bob (and everyone)
public_pem_key_for_alice = public_key_for_alice.public_bytes(
       encoding=serialization.Encoding.PEM,
       format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(public_pem_key_for_alice.decode('ascii'))

In [None]:
#Bob also needs to generate a key pair
private_key_for_bob = rsa.generate_private_key(
                         public_exponent=65537,
                         key_size=2048 # should use at least 4096, but smaller keys are easier to display
                        )
private_key_for_bob

In [None]:
# Bob extracts the public key 
public_key_for_bob = private_key_for_bob.public_key()
public_key_for_bob

In [None]:
#Let's serialize it so we can send it across the network to Alice (and everyone)
public_pem_key_for_bob = public_key_for_bob.public_bytes(
       encoding=serialization.Encoding.PEM,
       format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(public_pem_key_for_bob.decode('ascii'))

### Integrity and Authenticity
Bob would like some assurance that he received the message as Alice intended. Since everyone has Bob's public key, anyone can send Bob encrypted messages. Bob wants to know it was from Alice.

Alice sends Bob (and everyone else) her public key.

Alice computes a secure hash of the message sent to Bob.

Alice signs the hash digest with her private key and sends the signature to Bob.

Bob compute the secure hash of the original message.

Bob verifies the hash matches the signature.

<img src="Asymmetric Encryption Primitives - Verify Message.svg"/> 

Let's work this out with some code.

## Alice Sends a Message to Bob

In [None]:
# Alice has a message for Bob:
plain_text = b'We choose to go to the Moon in this decade and do the other things, not because they are easy, but because they are hard; because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one we intend to win, and the others, too.'
plain_text

### Detecting alteration

In transit, the plain text message was changed.


In [None]:
#Recall
changed_plain_text = b'We choose to go to MARS in this decade and do the other things, not because they are easy, but because they are hard; because that goal will serve to organize and measure the best of our energies and skills, because that challenge is one that we are willing to accept, one we are unwilling to postpone, and one we intend to win, and the others, too.'
changed_plain_text

In [None]:
# This is the function used to sign the data
def sign(text,private_pem_key,password=None):
    #private_pem_key and text need to be bytes
    private_key = serialization.load_pem_private_key(private_pem_key,password)
    signature = private_key.sign(
            text,
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
    return signature

In [None]:
pem = private_key_for_alice.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption()
 )

signature_from_alice = sign(plain_text,pem)
signature_from_alice

In [None]:
# These signatures will change each time from the salt.
signature_from_alice = sign(plain_text,pem)
signature_from_alice

In [None]:
# Make this safe for encapsualting in email or json
sig_from_alice_b64 = base64.b64encode(signature_from_alice)
sig_from_alice_b64

In [None]:
# Do this to make sure all the plain text are in ascii text
plain_text_b64 = base64.b64encode(plain_text)
plain_text_b64

In [None]:
# Let's make a message to send in json format.
message = json.dumps({'text': plain_text_b64.decode('utf-8'), 
                      'signature': sig_from_alice_b64.decode('utf-8'),
                      'pub_key': public_pem_key_for_alice.decode('utf-8')})
message

In [None]:
print(public_pem_key_for_alice.decode('utf-8'))

## Send message to Bob

In [None]:
message_for_bob = json.loads(message)
message_for_bob

In [None]:
# Load the verification key
pub_bytes = message_for_bob['pub_key'].encode('ascii')
print(pub_bytes)

In [None]:
# Verificaiton routine
# if nothing happens, the signature was verified. Usually we put this in a try except block
from cryptography.exceptions import InvalidSignature
def validate(text,signature,pub_bytes):
    verification_key = serialization.load_pem_public_key(pub_bytes)
    try:
        verification_key.verify(
             signature,
             text,
             padding.PSS(
                 mgf=padding.MGF1(hashes.SHA256()),
                 salt_length=padding.PSS.MAX_LENGTH
             ),
             hashes.SHA256()
        )
        return("Message Verfied.")
    except InvalidSignature:
        return("Bad Signature")

In [None]:
#Verify the message against the signature
sig_bytes = base64.b64decode(message_for_bob['signature'])
print("sig_bytes")
print(sig_bytes)
plain_text_bytes = base64.b64decode(message_for_bob['text'])
print("\nplain_text_bytes")
print(plain_text_bytes)
validate(plain_text_bytes,sig_bytes,pub_bytes)

In [None]:
plain_text_bytes = changed_plain_text
print("\nplain_text_bytes")
print(plain_text_bytes)
validate(plain_text_bytes,sig_bytes,pub_bytes)

## Class Exercise
Determine which message has been altered:

Churchill's Message:

    You ask, what is our aim? I can answer in one word. It is Victory. Victory at all costs - Victory in spite of all terrors - Victory, however long and hard the road may be, for without Victory there is no survival.

Signature of Churchill's Message  (Base64 encoded)
    
`EwW+JghPEI7X+/3izXdobEA3rjYNxWGPkg4Xwkh1+XukURadECpxzuOLHsNtkvcThaGL3gvIRbK/SLBB7lNdG+eDpjjzzT+lc37GD0CPef1uoncxoRsCVKuGzqeFj6sQ5VBj2OqmyhH2cbZ28S/y8pG4+xrN6KxDOzTv7yRtnU41JvaxhLX9F7zQfYRQocDqVj5x5zcQdgoC2ayxdEwzBWw+RO/XfQKYos0a4eKaXp0Tsa5bWnQeaUeUikEdLobfoXadiycD5HqkGD+vpoXcHXiSZuqdSA2bUMoIFBB1XwwiitWvKDPtjOJo9/143e8JzX51Qmo+XDb2xwc2ZtTWWQ==`

Churchill's Verification key:
```
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoxIAKE5I9a/aR6I/UJe
pO2nsgsC9CB7cakanpv3g/JQwbF7brg8FRx02URVnpuZEwh7eAgwsug32mpghZCz
Ix2uKBxPjhlyjpD6XDEqq1b3sKBKJv+OhqJS8RPNGtV8OFmbp0Ay2lZRN223YgLd
/9gMO8P5h4MXCvT8qt5qfAGnltV4otCl9N3Tj42+xW9Ycxlzj0GPCfM+sLBktiYL
rbmm7X+YRY2FYv3AZb1PSc1aB6e4P2tKtGM5gA4CuKpSKctPVS7yvlFbB0IhfSLi
2eLOKYoihRaE50b+SRP4fXPwwahIDumczWF7momIMoK2MXlE1bPZR14vmLFtb9g0
QQIDAQAB
-----END PUBLIC KEY-----
```

Roosevelt's Message:

    Yesterday, December 7th, 1941 -- a date which will live in infamy -- the United States of America was suddenly and deliberately attacked by naval and air forces of the Empire of Japan.
    
Signature of Roosevelt's Message (Base64 encoded)
                                       `MDRzeA4o3/S0B0BMgSYPBt4wxjkMDWrnAKm5X580XhVJ6OdmFlCsoBSYhev05KLyVsJ8C3pzfPB+PEdeZ9rkJJxAhnwxFUTpV+tNjJuNBuLuojdrWppC50xrPDStxZd6h5D7gzo32GgRAAX2Tww4BU1TtwQzkubGKgXIr2ualU8PbBMbGYw9Cx827WhIqJD0WCDV7MuanhauGVXcfXMf1CCebVqGoYXhjmp4Z7nSnoCGr7YyfvIZN9thSdz3ORiSivXn83avSiPZsyuJoZtIDsHQYg0D+uPv1NmG/XpoFJR0T3BXfJfZEdiTCyK+46mZz0hZWzxAnSfcV1gPKsqfhg==`

Roosevelt's Verification Key:

```
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bHZs7RxSNTk+Z1MMkHE
v7F7WK5oxLmJ9HypDyagbF4csmwCqsnhMwqJ9vEi3zmlE3VtjfrjpNSJSSvr1RDV
mxh7yz7z+sKvH+JBccMxmFS7/IrKZpNLJPnSY4JlrrCVKYhGwcx0z+kr0Xd4fi97
NVH7xSZaVTXJ+SC19j4EN/gb8nWcYk6umBJmVF688RdOeHQ6ZE3hLbUhKW48oDu1
u8YyRWIHNYyxZXz7G7ojuosd69e7bkO2GR0gAmQpZhXurxD5EGJLYWKvNFYcWPux
YJvgjlmBJCcGz4lKSJcdNzZfSg2YLqopKLcKmNSR9NmywpXIMu0S3wUAWJ7SgGMm
XQIDAQAB
-----END PUBLIC KEY-----
````


In [None]:
# Hints: You can enter the text in as bytes. 
FDR = b'Yesterday, December 7th, 1941 -- a date which will live in infamy -- the United States of America was suddenly and deliberately attacked by naval and air forces of the Empire of Japan.'
FDR

In [None]:
fdr_sig = base64.b64decode(b'MDRzeA4o3/S0B0BMgSYPBt4wxjkMDWrnAKm5X580XhVJ6OdmFlCsoBSYhev05KLyVsJ8C3pzfPB+PEdeZ9rkJJxAhnwxFUTpV+tNjJuNBuLuojdrWppC50xrPDStxZd6h5D7gzo32GgRAAX2Tww4BU1TtwQzkubGKgXIr2ualU8PbBMbGYw9Cx827WhIqJD0WCDV7MuanhauGVXcfXMf1CCebVqGoYXhjmp4Z7nSnoCGr7YyfvIZN9thSdz3ORiSivXn83avSiPZsyuJoZtIDsHQYg0D+uPv1NmG/XpoFJR0T3BXfJfZEdiTCyK+46mZz0hZWzxAnSfcV1gPKsqfhg==')

In [None]:
fdr_pub = b'''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bHZs7RxSNTk+Z1MMkHE
v7F7WK5oxLmJ9HypDyagbF4csmwCqsnhMwqJ9vEi3zmlE3VtjfrjpNSJSSvr1RDV
mxh7yz7z+sKvH+JBccMxmFS7/IrKZpNLJPnSY4JlrrCVKYhGwcx0z+kr0Xd4fi97
NVH7xSZaVTXJ+SC19j4EN/gb8nWcYk6umBJmVF688RdOeHQ6ZE3hLbUhKW48oDu1
u8YyRWIHNYyxZXz7G7ojuosd69e7bkO2GR0gAmQpZhXurxD5EGJLYWKvNFYcWPux
YJvgjlmBJCcGz4lKSJcdNzZfSg2YLqopKLcKmNSR9NmywpXIMu0S3wUAWJ7SgGMm
XQIDAQAB
-----END PUBLIC KEY-----'''

In [None]:
#Enter your code here to verify Roosevelt's message

In [None]:
# Hints: You can enter the text in as bytes. 
Churchill = b'You ask, what is our aim? I can answer in one word. It is Victory. Victory at all costs - Victory in spite of all terrors - Victory, however long and hard the road may be, for without Victory there is no survival.'
Churchill

In [None]:
churchill_sig = base64.b64decode(b'XCumWxz3AAMxdsMFaiDD8faqFRUDIDHWUANj3mDwJHU6twkfb5eiWT14jgeb515mJedWzjYM3JUEpwCxgmpL9wycm8lGzemCDgVJJxXCijn4BAWmyZ6rRIvOtnCyJamiZWT3mG2EAmxpydaEl2dSeqJVp3sYIZ1Q8Mw+FoVIB/OSbIiBn/J2klpDO5JPfxxFAbio7Rm31w1ZW0/YR2HWwBBdUA+gIPEFWGza+rcdTu++hkzpzIRZtqrJuFMvFYMkv5k88cJuxLeFbJAnD48XxS1L0njqM6SJRRFm8/3B5lTGiGQsE2XsftdcHvTPBmE0nzwO2A9IZXRkq+XHv0y2gg==')

In [None]:
churchhill_pub_ = b'''-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoxIAKE5I9a/aR6I/UJe
pO2nsgsC9CB7cakanpv3g/JQwbF7brg8FRx02URVnpuZEwh7eAgwsug32mpghZCz
Ix2uKBxPjhlyjpD6XDEqq1b3sKBKJv+OhqJS8RPNGtV8OFmbp0Ay2lZRN223YgLd
/9gMO8P5h4MXCvT8qt5qfAGnltV4otCl9N3Tj42+xW9Ycxlzj0GPCfM+sLBktiYL
rbmm7X+YRY2FYv3AZb1PSc1aB6e4P2tKtGM5gA4CuKpSKctPVS7yvlFbB0IhfSLi
2eLOKYoihRaE50b+SRP4fXPwwahIDumczWF7momIMoK2MXlE1bPZR14vmLFtb9g0
QQIDAQAB
-----END PUBLIC KEY-----'''

In [None]:
## Enter your code here to verify Churchill's message

## Summary

We used asymmetric encryption to digitally sign messages to determine if they have been altered.


A question still remains: How can we trust Alice is who she says? What if Eve is in the middle pretending to be Alice? 

A middle person attack can easily resign the message. Never trust a public key comes from a principal without verification.


# Elliptic Curve Cryptography
ECC is an asymmetric algorithm the uses smaller key sizes and is faster. It suffers from the lack of ability to encrypt data. Instead, ECC is used to exchange pre-shared secrets that can be used for symmetric encryption. Digital signing is well suited for ECC.

References:

https://safecurves.cr.yp.to/ - Advocates for more advanced Elliptic Curves

https://satoshinichi.gitlab.io/b/safecurves-scare.html - Realizes there are system considerations

In [None]:
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ed25519

In [None]:
# Generate a private key
private_key = ed25519.Ed25519PrivateKey.generate()
private_key

In [None]:
private_bytes = private_key.private_bytes(
     encoding=serialization.Encoding.Raw,
     format=serialization.PrivateFormat.Raw,
     encryption_algorithm=serialization.NoEncryption()
)
private_bytes

In [None]:
#ECC keys are small.
len(private_bytes)

In [None]:
#Compare to an RSA key
private_pem_for_bob = private_key_for_bob.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption()
 )
print(private_pem_for_bob.decode('ascii'))

In [None]:
#RSA keys are much larger
len(private_pem_for_bob)

In [None]:
# Extract the public portion of the key
public_key = private_key.public_key()
public_key

In [None]:
public_bytes = public_key.public_bytes(
     encoding=serialization.Encoding.Raw,
     format=serialization.PublicFormat.Raw,
)
public_bytes

In [None]:
len(public_bytes)

In [None]:
# Ascii safe PEM Keys
public_pem_bytes = public_key.public_bytes(
     encoding=serialization.Encoding.PEM,
     format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
public_pem_bytes

In [None]:
#Dissect PEM format
print(public_pem_bytes.decode('ascii'))

In [None]:
# Show the bytes
pem_bytes = base64.b64decode(lines[1])
pem_bytes

In [None]:
# The pem key has the raw bytes encoded
pem_bytes[-32:]

In [None]:
public_bytes == pem_bytes[-32:]

## Digital Signing
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519/

In [None]:
ecc_signature = private_key.sign(plain_text)
ecc_signature

In [None]:
len(ecc_signature)

In [None]:
# If nothing happens, it's verified
public_key.verify(ecc_signature,plain_text)

In [None]:
# Change the message to fail
public_key.verify(ecc_signature,plain_text+b'\x00')

In [None]:
# Change the signature to fail
public_key.verify(ecc_signature+b'\x00',plain_text)

## Summary
ECC uses much shorter keys, which is important for embedded vehicle and industrial systems.

You can use ECC to digitally sign data.


