In [51]:
## diffie hellman
from cryptography.hazmat.primitives.asymmetric import dh
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF

parameters = dh.generate_parameters(generator=2, key_size=512)

alice_private_key = parameters.generate_private_key()
bob_private_key = parameters.generate_private_key()
bob_public_key = bob_private_key.public_key()
alice_public_key = alice_private_key.public_key()

alice_shared_key = alice_private_key.exchange(bob_public_key)

alice_derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(alice_shared_key)

print (alice_derived_key)

## bob
bob_shared_key = bob_private_key.exchange(alice_public_key)

bob_derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(bob_shared_key)

print (bob_derived_key)

if alice_derived_key == bob_derived_key:
    print ("derived keys are equal")
else:
    print ("derived keys are not equal")

b'\xf8H\xcd\x1e\xe4\x9e\x85\xe2\xae\xfc\xfav\xd0\xd9\xf6\x89\xa7x\xcaFi\x85U\x85\xc0`\xd9J\x17\xfb\xfa6'
b'\xf8H\xcd\x1e\xe4\x9e\x85\xe2\xae\xfc\xfav\xd0\xd9\xf6\x89\xa7x\xcaFi\x85U\x85\xc0`\xd9J\x17\xfb\xfa6'
derived keys are equal


For AES, the legal key sizes are 128, 192, and 256 bits.
for des it was 64 - but 60 bits are used for the key and 4 bits are used for parity checking

In [52]:
parameters = dh.generate_parameters(generator=2, key_size=512)
p = parameters.parameter_numbers().p
g = parameters.parameter_numbers().g
client_private_key = parameters.generate_private_key()
client_y = client_private_key.public_key().public_numbers().y
client_x = client_private_key.private_numbers().x
print (p)
print (g)
print (client_y)
print (client_x)
# it stores p,g,client_y,client_x as the main parameters for later use
# then it sends p,g,client_y parameters to the server



12074373864345937335555390278227135792049648086979546743721107013156533671600665717789965385489806950774250050871442179111254648382710227874773638139942327
2
10675252100798032616449538982288848207288966437957380138446868355558161121324998610917538045385251324454028043219364780011278028035627516449041019943685368
3534089549310988717925805642175389175191069973151865270302807865733263707357617963881165051262557959310220059339528132359643698893209418664810274439203600


In [53]:
dominykas_key = 4406081192861135331958262273451869593683017678524489026964821445397841449792156988203193189716958862372703950153564671359780188501688643780552798404389598

In [54]:
pn = dh.DHParameterNumbers(p, g)
# client_public_number = dh.DHPublicNumbers(client_y, pn)
client_public_number = dh.DHPublicNumbers(dominykas_key, pn)
client_public_key = client_public_number.public_key()

parameters = pn.parameters()
server_private_key = parameters.generate_private_key()
server_y = server_private_key.public_key().public_numbers().y
server_x = server_private_key.private_numbers().x
print (server_y)
print (server_x)

758788460832913428960894810704893700863996908274032007439156076907991735938479660538491802977511099440671090155168525554672658556722452851805484196402030
3994508343628303126321690996323296594259505919982343617553557302643161107670456399419577492499911269823117651578141797059170412901193660677795666523860022


In [55]:
pn = dh.DHParameterNumbers(p, g)
client_public_number = dh.DHPublicNumbers(client_y, pn)
client_private_number = dh.DHPrivateNumbers(client_x, client_public_number)
client_private_key = client_private_number.private_key()



server_public_number = dh.DHPublicNumbers(server_y, pn)
server_public_key = server_public_number.public_key()

In [56]:
client_shared_key = client_private_key.exchange(server_public_key)

client_derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(client_shared_key)

print (client_derived_key)

## bob
server_shared_key = server_private_key.exchange(client_public_key)

server_derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(server_shared_key)

print (server_derived_key)

if client_derived_key == server_derived_key:# check this for the next time
    print ("derived keys are equal")

b'fn\xa1\xf1|\xec\xaeY/`\xe9\x0b\x9a\xd6\xab\xc1\xe0\xa5g\x92\xe2\xeb.%\x1aXF*\x9d\x90\x11n'
b'X\xf9\x89\xcdWY\xc1\x7fn\xad\x94o\xe9\xfb\x08\x7f\xf8,\xe8\x1a\xf9U\xa7\xd1\x19%\x96\xc1\x8f}\x89\x80'
