Beispiel #1
0
def Signature(M, IDA, dA, PA):
	a = config.get_a()
	b = config.get_b()
	n = config.get_n()
	Gx = config.get_Gx()
	Gy = config.get_Gy()
	ZA = get_Z(IDA, PA)
	# A1:置M=ZA ∥ M
	M_ = ZA + M
	# A2:计算e = Hv(M),按本文本第1部分4.2.3和4.2.2给出的细节将e的数据类型转换为整数
	e = hash_function(M_)
	e = bytes_to_int(bits_to_bytes(e))
	r = 0
	k = 0
	while(r==0 or r+k==n):
		# A3:用随机数发生器产生随机数k ∈[1,n-1]
		k = PRG_function(1, n-1)
		# A4:计算椭圆曲线点(x1,y1)=[k]G,按本文本第1部分4.2.7给出的细节将x1的数据类型转换为整 数
		x1 = ECG_k_point(k, Point(Gx, Gy)).x
		x1 = bytes_to_int(ele_to_bytes(x1))
		# A5:计算r=(e+x1) modn,若r=0或r+k=n则返回A3
		r = (e+x1)%n
	# A6:计算s = ((1 + dA)−1 ·(k−r·dA)) modn,若s=0则返回A3
	s = ( inverse(1+dA, n)*(k-r*dA) ) % n	
	# A7:按本文本第1部分4.2.1给出的细节将r、s的数据类型转换为字节串,消息M 的签名为(r,s)。
	#Sig = Point(int_to_bytes(r, math.ceil(n/256)), int_to_bytes(s, math.ceil(n/256)))
	#Sig = Point(int_to_bytes(r, math.ceil(math.log(n, 2)/8)), int_to_bytes(s, math.ceil(math.log(n, 2)/8)))
	r = int_to_bytes(r, math.ceil(math.log(n, 2)/8))
	s = int_to_bytes(s, math.ceil(math.log(n, 2)/8))
	Sig = r
	for i in s:
		Sig.append(i)
	return Sig
Beispiel #2
0
def Verification(M, Sig, IDA, PA):
	a = config.get_a()
	b = config.get_b()
	n = config.get_n()
	Gx = config.get_Gx()
	Gy = config.get_Gy()
	ZA = get_Z(IDA, PA)
	r = Sig[0:int(len(Sig)/2)]
	s = Sig[int(len(Sig)/2): len(Sig)]
	r = bytes_to_int(r)
	s = bytes_to_int(s)
	if(r<1 or r>n-1 or s<1 or s>n-1):
		#print("wrong signature: r,s wrong range")
		return False
	M_ = ZA + M
	e = hash_function(M_)
	e = bytes_to_int(bits_to_bytes(e))
	t = (r + s) % n
	if(t == 0):
		#print("wrong signature : t is 0")
		return False

	x1 = ECG_ele_add( ECG_k_point(s, Point(Gx, Gy)), ECG_k_point(t, PA) ).x
	R = (e + x1) % n
	if R!=r:
		#print("wrong signature: R unequal r")
		return False
	return True
def key_generation_1():
    n = config.get_n()
    Gx = config.get_Gx()
    Gy = config.get_Gy()
    # A1. 用随机数发生器产生随机数rA ∈[1, n-1]
    rA = PRG_function(1, n - 1)
    # A2. 计算椭圆曲线点RA = [rA]G=(x1,y1)
    RA = ECG_k_point(rA, Point(Gx, Gy))
    # A3. 将RA发送给用户B
    return RA, rA
def get_Z(ID, PA):
	a = config.get_a()
	a = bytes_to_bits(ele_to_bytes(a))
	b = config.get_b()
	b = bytes_to_bits(ele_to_bytes(b))
	n = config.get_n()
	Gx = config.get_Gx()
	Gx_ = bytes_to_bits(ele_to_bytes(Gx))
	Gy = config.get_Gy()
	Gy_ = bytes_to_bits(ele_to_bytes(Gy))

	ID = bytes_to_bits(str_to_bytes(ID))
	ENTL = int_to_bytes(math.ceil((len(ID)-2)/8)*8, 2)
	ENTL = bytes_to_bits(ENTL)
	xA = bytes_to_bits(ele_to_bytes(PA.x))
	yA = bytes_to_bits(ele_to_bytes(PA.y))
	ZA = hash_function(ENTL+ID+a+b+Gx_+Gy_+xA+yA)
	return ZA
Beispiel #5
0
def Verification(M, signature, IDA, PA):
    a = config.get_a()
    b = config.get_b()
    n = config.get_n()
    Gx = config.get_Gx()
    Gy = config.get_Gy()
    ZA = get_Z(IDA, PA)

    r = signature[0:int(len(signature) / 2)]
    s = signature[int(len(signature) / 2):len(signature)]

    r = bytes_to_int(r)
    s = bytes_to_int(s)
    #print("r:", r)
    # print("s:", s)
    if r < 1 or r > n - 1 or s < 1 or s > n - 1:
        print("r或s的范围不对,验证不通过")
        return False
    M_ = ZA + M

    M1 = M_ + M_  # Z1+M
    e1 = hash_function(M1)
    e1 = bytes_to_int(bits_to_bytes(e1))
    # print("e1:", e1)
    # e = hash_function(M_)
    # e = bytes_to_int(bits_to_bytes(e))
    t = (r + s) % n
    # print("t:", t)
    if t == 0:
        print("t等于0,验证不通过")
        return False

    x1 = ECG_ele_add(ECG_k_point(s, Point(Gx, Gy)), ECG_k_point(t, PA)).x
    # print("x1:", x1)
    R = (e1 + x1) % n
    #print("R:", R)
    if R == r:
        # print("wrong signature: R unequal r")
        # return False
        print("R等于r,验证通过")
    else:
        print("R不等于r,验证不通过")
    return True
def key_generation_2(ZA, ZB, r_self, R_self, R_opposite, d_self, P_self,
                     P_opposite, klen, is_send):
    q = config.get_q()
    a = config.get_a()
    b = config.get_b()
    n = config.get_n()
    Gx = config.get_Gx()
    Gy = config.get_Gy()
    h = config.get_h()
    w = math.ceil(math.ceil(math.log(n, 2)) / 2) - 1
    # A4. 从R_self中取出域元素x_self,将x_self的数据类型转换为整数,计算x_self_ = 2w +(x_self&(2w−1));
    x_self = R_self.x
    x_self = ele_to_int(x_self)
    y_self = R_self.y
    y_self = ele_to_int(y_self)
    x_self_ = 2**w + (x_self & (2**w - 1))
    # A5. 计算t_self = (d_self + ¯ x_self·r_self)modn
    t_self = (d_self + x_self_ * r_self) % n
    # A6.1 验证R_opposite是否满足椭圆曲线方程,若不满足则协商失败;
    # A6.2 否则从R_opposite中取出域元素x_opposite,将x_opposite的数据类型转换为整数,计算x_opposite_ = 2w +(x_opposite&(2w−1));
    x_opposite = R_opposite.x
    x_opposite = ele_to_int(x_opposite)
    y_opposite = R_opposite.y
    y_opposite = ele_to_int(y_opposite)
    if (y_opposite**2) % q != (x_opposite**3 + a * x_opposite + b) % q:
        print("keyExchange Fail: R_opposite do not satisfy the equation")
        return -1
    x_opposite_ = 2**w + (x_opposite & (2**w - 1))
    # A7.1 计算椭圆曲线点U_self = [h·t_self](P_opposite +[x_opposite_]R_opposite) = (xU_self,yU_self)
    # A7.2 若U_self是无穷远点,则A协商失败;否则将xU_self、yU_self的数据类型转换为比特串
    U_self = ECG_k_point(
        h * t_self,
        ECG_ele_add(P_opposite, ECG_k_point(x_opposite_, R_opposite)))
    xU_self = U_self.x
    yU_self = U_self.y
    xU_self = bytes_to_bits(ele_to_bytes(xU_self))
    xU_self = remove_0b_at_beginning(xU_self)
    yU_self = bytes_to_bits(ele_to_bytes(yU_self))
    yU_self = remove_0b_at_beginning(yU_self)
    # A8. 计算KA=KDF(xU_self ∥yU_self ∥ZA ∥ZB,klen)
    k_self = KDF(xU_self + yU_self + ZA + ZB, klen)
    # A9. 将R_self的坐标x_self、y_self 和R_opposite的坐标x_opposite、y_opposite的数据类型转换为比特串
    # 计算S_test= Hash(0x02∥yU_self ∥Hash(xU_self ∥ZA ∥ZB ∥x_self ∥y_self ∥x_opposite ∥y_opposite))
    # 并检验S_test=SB是否成立,若等式不成立则从B到A的密钥确认失败;

    x_self = bytes_to_bits(ele_to_bytes(x_self))
    x_self = remove_0b_at_beginning(x_self)
    y_self = bytes_to_bits(ele_to_bytes(y_self))
    y_self = remove_0b_at_beginning(y_self)
    x_opposite = bytes_to_bits(ele_to_bytes(x_opposite))
    x_opposite = remove_0b_at_beginning(x_opposite)
    y_opposite = bytes_to_bits(ele_to_bytes(y_opposite))
    y_opposite = remove_0b_at_beginning(y_opposite)
    if is_send:
        prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(2, 1)))
        S_test = hash_function(prefix + yU_self +
                               hash_function(xU_self + ZA + ZB + x_opposite +
                                             y_opposite + x_self + y_self))
    else:
        prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(3, 1)))
        S_test = hash_function(prefix + yU_self +
                               hash_function(xU_self + ZA + ZB + x_self +
                                             y_self + x_opposite + y_opposite))
    S_test = remove_0b_at_beginning(S_test)
    # A10. (选项)计算S_target= Hash(0x03∥yU_self ∥Hash(xU_self ∥ZA ∥ZB ∥x_self ∥y_self ∥x_opposite ∥y_opposite)),并将S_target发送给用户B
    if is_send:
        prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(3, 1)))
        S_target = hash_function(prefix + yU_self +
                                 hash_function(xU_self + ZA + ZB + x_opposite +
                                               y_opposite + x_self + y_self))
    else:
        prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(2, 1)))
        S_target = hash_function(prefix + yU_self +
                                 hash_function(xU_self + ZA + ZB + x_self +
                                               y_self + x_opposite +
                                               y_opposite))
    S_target = remove_0b_at_beginning(S_target)
    return k_self, S_target, S_test, x_self_, t_self, x_opposite_, U_self
Beispiel #7
0
    # print("x1:", x1)
    R = (e1 + x1) % n
    #print("R:", R)
    if R == r:
        # print("wrong signature: R unequal r")
        # return False
        print("R等于r,验证通过")
    else:
        print("R不等于r,验证不通过")
    return True


### test Signature ###
config.default_config()
parameters = config.get_parameters()
point_g = Point(config.get_Gx(), config.get_Gy())
n = config.get_n()

print("请输入待验证的文件:")
f1 = input()
f = open(f1, 'r')
M = f.read()

IDA = '*****@*****.**'

print("请输入需要验证的签名:")
f2 = input()
sign = open(f2, "r")
signature = sign.read().replace("[", "").replace("]",
                                                 "").replace("", "").split(",")
print("请输入公钥PA:")
Beispiel #8
0
def Signature(M, IDA, dA, PA, d1, d2):
    a = config.get_a()
    b = config.get_b()
    n = config.get_n()
    Gx = config.get_Gx()
    Gy = config.get_Gy()

    ZA = get_Z(IDA, PA)

    # A1:置M=ZA ∥ M
    M_ = ZA + M
    # A2:计算e = Hv(M),按本文本第1部分4.2.3和4.2.2给出的细节将e的数据类型转换为整数
    # e = hash_function(M_)
    # e = bytes_to_int(bits_to_bytes(e))

    M1 = M_ + M_  # Z1+M
    e1 = hash_function(M1)
    e1 = bytes_to_int(bits_to_bytes(e1))
    # print("e1:", e1)
    r = 0
    k = 0

    k1 = 0
    k2 = 0
    k3 = 0
    while (r == 0) or (r + k == n):
        # A3:用随机数发生器产生随机数k ∈[1,n-1]
        k = PRG_function(1, n - 1)
        # A4:计算椭圆曲线点(x1,y1)=[k]G,按本文本第1部分4.2.7给出的细节将x1的数据类型转换为整 数

        k1 = PRG_function(1, n - 1)
        print("1:随机选取k1:", k1)
        k2 = PRG_function(1, n - 1)
        k3 = PRG_function(1, n - 1)
        Q1 = ECG_k_point(k1, Point(Gx, Gy))
        print("1:计算Q1=k1*G,并把Q1发送给用户2")
        print("2:Q1:", Q1)
        print("2:随机选取k2,k3:", k2, k3)
        Q2 = ECG_k_point(k2, Point(Gx, Gy))
        print("2:计算Q2=k2*G,Q2:", Q2)

        # print("k1:", k1)
        # print("k2:", k2)
        # print("k3:", k3)

        # x1 = ECG_k_point(k1, Point(Gx, Gy)).x
        # x1 = bytes_to_int(ele_to_bytes(x1))
        # A5:计算r=(e+x1) modn,若r=0或r+k=n则返回A3

        temp = k1 * k3 + k2
        # print("temp:", temp)
        rx = ECG_k_point(temp, Point(Gx, Gy)).x  # (k1*k3 + k2)*G
        rx = bytes_to_int(ele_to_bytes(rx))
        print("2:利用k3,Q1,Q2计算得到rx:", rx)

        r = (rx + e1) % n
        print("2:利用rx和待签名文件的哈希值计算r")
        # print("r:", r)
        # r = (e+x1) % n
    # A6:计算s = ((1 + dA)−1 ·(k−r·dA)) modn,若s=0则返回A3
    # s = (inverse(1+dA, n)*(k-r*dA)) % n

    s2 = (d2 * k3) % n
    s3 = (d2 * (r + k2)) % n
    print("2:根据d2,k2,k3计算得到s2,s3,并将r,s2,s3发送给用户1")
    print("1:r:", r)
    print("1:s2:", s2)
    print("1:s3:", s3)
    s = (d1 * k1 * s2 + d1 * s3 - r) % n
    print("1:根据d1,k1,r,s2,s3计算s:", s)

    # print("s:", s)
    # A7:按本文本第1部分4.2.1给出的细节将r、s的数据类型转换为字节串,消息M 的签名为(r,s)。
    #Sig = Point(int_to_bytes(r, math.ceil(n/256)), int_to_bytes(s, math.ceil(n/256)))
    #Sig = Point(int_to_bytes(r, math.ceil(math.log(n, 2)/8)), int_to_bytes(s, math.ceil(math.log(n, 2)/8)))
    r = int_to_bytes(r, math.ceil(math.log(n, 2) / 8))
    s = int_to_bytes(s, math.ceil(math.log(n, 2) / 8))
    Sig = r
    for i in s:
        Sig.append(i)
    return Sig