# Calculator Applet

Demo that does various calculations - sha, hmac, pbkdf, field math, elliptic curve math

In [1]:
from applets.helpers import get_connection, AppletBase

class Calculator(AppletBase):
    def __init__(self, connection=None):
        super().__init__("B00B5111CC01", connection)

    def sha256(self, d):
        data = bytes([len(d)])+d
        r = "B0A10000"+(bytes([len(data)])+data).hex().upper()
        return self.request(r)
    
    def hmac_sha256(self, k, d):
        data = bytes([len(k)])+k+bytes([len(d)])+d
        r = "B0A20000"+(bytes([len(data)])+data).hex().upper()
        return self.request(r)
    
    def sha512(self, d):
        data = bytes([len(d)])+d
        r = "B0A30000"+(bytes([len(data)])+data).hex().upper()
        return self.request(r)
    
    def hmac_sha512(self, k, d):
        data = bytes([len(k)])+k+bytes([len(d)])+d
        r = "B0A40000"+(bytes([len(data)])+data).hex().upper()
        return self.request(r)

    def add_mod_FP(self, a, b):
        data = bytes([len(a)])+a+bytes([len(b)])+b
        r = "B0A50000"+(bytes([len(data)])+data).hex().upper()
        return self.request(r)
    
    def add_mod_N(self, a, b):
        data = bytes([len(a)])+a+bytes([len(b)])+b
        r = "B0A60000"+(bytes([len(data)])+data).hex().upper()
        return self.request(r)

In [2]:
connection = get_connection()
if connection is not None:
    atr=bytes(connection.getATR())
    print(atr.hex())
else:
    print("Failed to open a connection. No cardreaders?")

3bdc18ff8191fe1fc38073c821136605036351000250


In [3]:
app = Calculator(connection)
app.select()

b''

In [4]:
d = b'hello'
k = b'key'

In [5]:
# sha functions from the card
print("sha256:\t\t", app.sha256(d).hex())
print("hmac-sha256:\t", app.hmac_sha256(k, d).hex())
print("sha512:\t\t", app.sha512(d).hex())
print("hmac-sha512:\t", app.hmac_sha512(k, d).hex())

sha256:		 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
hmac-sha256:	 9307b3b915efb5171ff14d8cb55fbcc798c6c0ef1456d66ded1a6aa723a58b7b
sha512:		 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043
hmac-sha512:	 ff06ab36757777815c008d32c8e14a705b4e7bf310351a06a23b612dc4c7433e7757d20525a5593b71020ea2ee162d2311b247e9855862b270122419652c0c92


In [6]:
import hashlib, hmac
# same using hashlib
print("sha256:\t\t",hashlib.sha256(d).digest().hex())
print("hmac-sha256:\t",hmac.new(k, d, digestmod=hashlib.sha256).digest().hex())
print("sha512:\t\t",hashlib.sha512(d).digest().hex())
print("hmac-sha512:\t",hmac.new(k, d, digestmod=hashlib.sha512).digest().hex())

sha256:		 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
hmac-sha256:	 9307b3b915efb5171ff14d8cb55fbcc798c6c0ef1456d66ded1a6aa723a58b7b
sha512:		 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043
hmac-sha512:	 ff06ab36757777815c008d32c8e14a705b4e7bf310351a06a23b612dc4c7433e7757d20525a5593b71020ea2ee162d2311b247e9855862b270122419652c0c92


In [7]:
FP = 2**256 - 2**32 - 977
N = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

In [8]:
def to_bytes(n:int):
    return n.to_bytes(32, 'big')

In [9]:
# random check
import random
for i in range(10):
    a = random.randint(1,N)
    b = random.randint(1,N)
    r = (a+b) % FP
    rr = r.to_bytes(32, 'big').hex()
    rc = app.add_mod_FP(to_bytes(a),to_bytes(b)).hex()
    print(i)
    if (rr!=rc):
        raise RuntimeError("Meh")

0
1
2
3
4
5
6
7
8
9


In [10]:
# edge cases - slightly less than mod, slightly more, equal and overflow
a = FP-20
for i, b in enumerate([10,23,20,10500, 1020203124]):
    r = (a+b) % FP
    rr = r.to_bytes(32, 'big').hex()
    rc = app.add_mod_FP(to_bytes(a),to_bytes(b)).hex()
    print(i)
    if (rr!=rc):
        raise RuntimeError("Meh")

0
1
2
3
4


In [11]:
from embit import bip32, ec
import os
seed = os.urandom(64)
root = bip32.HDKey.from_seed(seed)
# without prefix, depth, root fingerprint and index
root.serialize()[13:].hex()

'f6601418f3f4beb9b17c72f9895288849b9e999e09c6842a29cce4b76147015a003730dd2069f5232baa3df1c9f1dba65baebe72b0ace410c95600208bab8a4445'

In [12]:
root.child(10, hardened=False).serialize()[13:].hex()

'523a39f880ed1b8267a7ac98751a948388c6052e505c27b082ae1ff305e2e9e400d7b500ac33936ddde185efe398301b3db8da6866a4e3f95358586a832b4018d5'

In [13]:
data = bytes([65])+root.serialize()[13:]+bytes([4,0x00,0,0,10])
r = "B0A90000"+(bytes([len(data)])+data).hex().upper()
app.request(r).hex()


'523a39f880ed1b8267a7ac98751a948388c6052e505c27b082ae1ff305e2e9e400d7b500ac33936ddde185efe398301b3db8da6866a4e3f95358586a832b4018d5'

In [14]:
# point addition
p = root.to_public().key
p.compressed = False
print(p.sec().hex())
pp = ec.PublicKey.parse(p.serialize())
ec.secp256k1.ec_pubkey_tweak_add(pp._point, b'4'*32)
print(pp.sec().hex())

041695267943ea7ad197a73a4991e78266a0331ac3a9e466032e022d71ead396db0219716dc60d86357fa5a10b690a72074fb334d482de2cd483d900153ac6deb9
045cfa57273489af89679485e0f69854c6952e3a9eeb66fa45572e04edaab8b8052b7130cec688b788bf283c43eed2b4433c131dcb6adfb3fd70981c0b777909c0


In [15]:
data = bytes([32])+b'4'*32+bytes([65])+p.sec()
r = "B0A70000"+(bytes([len(data)])+data).hex().upper()
app.request(r).hex()


'045cfa57273489af89679485e0f69854c6952e3a9eeb66fa45572e04edaab8b8052b7130cec688b788bf283c43eed2b4433c131dcb6adfb3fd70981c0b777909c0'

In [16]:
p3 = ec.PublicKey.parse(ec.secp256k1.ec_pubkey_serialize(ec.secp256k1.ec_pubkey_combine(p._point,pp._point)))
p3.compressed = False
p3.sec().hex()

'04665aa3541c31c1401fa3b66b14d542395889de005b58c34597fe9aaf8d763fa80d3d572e0709cdbfc65a3ab7f8fe5955b6aa440d2a703d13a4247304dca9f477'

In [17]:
data = bytes([65])+pp.sec()+bytes([65])+p.sec()
r = "B0A80000"+(bytes([len(data)])+data).hex().upper()
app.request(r).hex()


'04665aa3541c31c1401fa3b66b14d542395889de005b58c34597fe9aaf8d763fa80d3d572e0709cdbfc65a3ab7f8fe5955b6aa440d2a703d13a4247304dca9f477'

In [18]:
xpub = root.to_public()
xpub.serialize()[13:].hex()

'f6601418f3f4beb9b17c72f9895288849b9e999e09c6842a29cce4b76147015a031695267943ea7ad197a73a4991e78266a0331ac3a9e466032e022d71ead396db'

In [19]:
xpub.child(10, hardened=False).serialize()[13:].hex()

'523a39f880ed1b8267a7ac98751a948388c6052e505c27b082ae1ff305e2e9e403465c5cc892a5a538c495f4f839ca4df6f2cc27e11c71535c5a7b31c158ad5433'

In [20]:
fullpub = ec.PublicKey.parse(xpub.key.serialize())
fullpub.compressed=False
data = bytes([65])+xpub.serialize()[13:]+bytes([4,0x00,0,0,10])+bytes([65])+fullpub.sec()
r = "B0AA0000"+(bytes([len(data)])+data).hex().upper()
app.request(r).hex()


'523a39f880ed1b8267a7ac98751a948388c6052e505c27b082ae1ff305e2e9e404465c5cc892a5a538c495f4f839ca4df6f2cc27e11c71535c5a7b31c158ad5433'

In [21]:
import hashlib
print(hashlib.pbkdf2_hmac('sha512', b'pwd', b'salt', 2048, 64).hex())
print(hashlib.pbkdf2_hmac('sha512', b'pwd', b'salt', 100, 64).hex())

82218bfe339fa8a349423df85eaf89728b4e7dc02360e8c6feec346a8e46232db544f6f2d2fff1430e53f76c0adafd9a2087652b7b943fdc07c0cff4c74252e2
038c39d10762fd77de3a035e2c8c7ba4410f07f8251a28b1d670649abc256e810afb12e6c7e4b3e976fc1be1a387c345b282c9127f02b23862c16859bde9ff7f


In [22]:
import time
time.time()

1586556598.8387709

In [23]:
t0 = time.time()
# 2048 iterations -> 0x8000
iterations = 100
data = bytes([2])+iterations.to_bytes(2,'big')+bytes([3])+b'pwd'+bytes([4])+b'salt'
r = "B0A00000"+(bytes([len(data)])+data).hex().upper()
# print(r)
print(app.request(r).hex())
dt = time.time()-t0
print(f"{dt} seconds for {iterations} iterations.\nFor 2048 iterations it will be {dt*2048/iterations} seconds")

038c39d10762fd77de3a035e2c8c7ba4410f07f8251a28b1d670649abc256e810afb12e6c7e4b3e976fc1be1a387c345b282c9127f02b23862c16859bde9ff7f
3.5966057777404785 seconds for 100 iterations.
For 2048 iterations it will be 73.658486328125 seconds


In [24]:
connection.disconnect()