def open_point_with_mac(players):
global elliptic_time
n, cp, cq, cn, g = Player.n, Player.cp, Player.cq, Player.cn, Player.g
for p in players:
p.temp = p.broadcast
p.set_broadcast(p.temp[0])
broadcast(players)
t0 = time.time()
for p in players:
p.open_point = add(cp, cq, cn, p.broadcast, p.other)
p.open_left = mulp(cp, cq, cn, p.open_point, p.alpha)
p.open_right = mulp(cp, cq, cn, g, p.temp[1])
p.set_broadcast((p.open_left, p.open_right))
t1 = time.time()
elliptic_time += t1 - t0
broadcast(players)
t0 = time.time()
for p in players:
p.open_left = add(cp, cq, cn, p.broadcast[0], p.other[0])
p.open_right = add(cp, cq, cn, p.broadcast[1], p.other[1])
assert p.open_left == p.open_right
#print(p.open_left == p.open_right)
t1 = time.time()
elliptic_time += t1 - t0
def ecdsa_keygen(players):
cn, cp, cq, g, n = Player.cn, Player.cp, Player.cq, Player.g, Player.n
for p in players:
p.private_key = p.share_values.pop()
p.public_key = mulp(cp, cq, cn, g, p.private_key[0])
p.set_broadcast(p.public_key)
broadcast(players)
for p in players:
p.overall_public_key = add(cp, cq, cn, p.broadcast, p.other)
def validate(sign, hash_message, overall_public_key):
cn, cp, cq, g, n = Player.cn, Player.cp, Player.cq, Player.g, Player.n
r, s = sign
s_inv = inv(s, n)
p1 = mulp(cp, cq, cn, g, (s_inv * hash_message) % n)
p2 = mulp(cp, cq, cn, overall_public_key, (s_inv * r) % n)
p = add(cp, cq, cn, p1, p2)
assert p[0] == r
Ua=long(M3)
time2=time.time()
stringca=idA+str(PKax)+str(PKay)+str(Ua)
md5a=md5()
md5a.update(stringca)
ca_check=md5a.hexdigest()
if ca_check==ca:
time2=time.time()-time2
M4=str(Tb[0])+','+str(Tb[1])
connection.send(M4)
time3=time.time()
Ta=mul(c_p,c_q,c_n,(x,y),Ua)
negPKa=neg(PKa, c_n) # -PKa
sum=add(c_p,c_q,c_n,negPKa,Ta) # Ta-PKa
Kb=mul(c_p,c_q,c_n,sum,Rb) # Rb*(Ta-PKa)
hmac_stringb=idA+idB+PKax+PKay+str(PKbx)+str(PKby)+str(Ua)+str(Tb[0])+str(Tb[1])
newhash=hmac.new(str(Kb[0]),'',sha256)
newhash.update(hmac_stringb)
digb=newhash.hexdigest()[0:4]
print 'digest is', digb
time3=time.time()-time3
print 'computation time on B is', time1+time2+time3
else:
print 'commita is invalid, protocol fails'
token=1
# 3. A receive M2, send Na
M2 = sock.recv(1024).decode()
PKbx = M2.split(',')[0]
PKby = M2.split(',')[1]
cb = M2.split(',')[2]
PKb = (int(PKbx), int(PKby))
time3 = time.time()
# generate random number Ra1
Ra1 = random.randint(10000000, 999999999)
# calculate random number Ra2
Ra2 = SKa - Ra1
# generate the shared key
Ka1 = mul(c_p, c_q, c_n, PKb, Ra1)
Ka2 = mul(c_p, c_q, c_n, PKb, Ra2)
Ka = add(c_p, c_q, c_n, Ka1, Ka2)
#-------------------
Na = random.randint(000000, 999999)
time4 = time.time()
M3 = str(Na)
sock.send(M3.encode())
# 5. A receive M4, verify cb, compute and show diga
M4 = sock.recv(1024).decode()
Nb = int(M4)
time5 = time.time()
stringcb = PKbx + str(PKax) + str(Nb)
newmd5 = md5()
newmd5.update(stringcb.encode())
# 2.6) Send M2=(A,B,Nb,PKbx,PKby) to sensor A
M2 = (addressA + "," + addressB + "," + str(Nb) + "," + str(PKbx) +
"," + str(PKby))
connection.send(M2.encode())
# 1.7) Wait for sensor A to acknowledge M2
ACK = connection.recv(1024).decode()
if ACK == "M2":
print("M2 Acknowledged! Continuing the protocol")
else:
print("M2 was NOT acknowledged...stopping the protocol")
flag = True
break
# Stage 4
# 4.1) Recover PKa
PKa = add(c_p, c_q, c_n, PKaps, PW)
# 4.2) Compute DHKey and macB
dhkey = mul(c_p, c_q, c_n, PKa, SKb)
hmac_stringb = addressA + addressB + Na + str(Nb)
newhash = hmac.new(str(dhkey[0]).encode(), "".encode(), sha256)
newhash.update(hmac_stringb.encode())
macb = newhash.hexdigest()
# 4.3) Send M3=(A,B,Nb,PKbx,PKby, macb) to sensor A
M3 = (addressA + "," + addressB + "," + str(Nb) + "," + str(PKbx) +
"," + str(PKby) + "," + macb)
connection.send(M3.encode())
# 4.4) Wait for sensor A to acknowledge M3
ACK = connection.recv(1024).decode()
if ACK == "M3":
print("M3 Acknowledged! Continuing the protocol")
else:
try:
while not flag:
print("Socket connected to coordinator B")
startTime = time.time()
# Stage 1
# 1.1) Generate a random keypair
keypair = Key.generate(256)
# 1.2) Select private key SKa
SKa = keypair._priv[1]
# 1.3) Compute public key PKa
PKax = keypair._pub[1][0]
PKay = keypair._pub[1][1]
PKa = (PKax, PKay)
# 1.4) Compute password-scrambled public key PKaps
PKaps = add(c_p, c_q, c_n, PKa, neg(PW, c_n))
# 1.5) Select Nonce A (Na)
Na = random.randint(000000, 999999)
# 1.6) Send M1=(B,A,Na,PKax,PKay) to coordinator B
M1 = (
addressB
+ ","
+ addressA
+ ","
+ str(Na)
+ ","
+ str(PKaps[0])
+ ","
+ str(PKaps[1])
)
sock.send(M1.encode())
newhash = hmac.new(str(Ra).encode(), ''.encode(), sha256)
newhash.update(hash_stringa.encode())
hasha_check = newhash.hexdigest()
if hasha_check == hasha:
Nb = random.randint(000000, 999999)
ub = Nb + SKb
M6 = str(ub)
connection.send(M6.encode())
# 8. 1)receive M7=maca, 2)compute Kb, 3)verify maca, 4)compute macb, 5)send M8=macb
M7 = connection.recv(1024).decode()
maca = M7
# (ua*G - PKa) * Nb
t1 = time.time()
NegPkb = neg(PKa, c_n)
temp = add(c_p, c_q, c_n, Ta, NegPkb)
SessionKey = mul(c_p, c_q, c_n, temp, Nb)
t2 = time.time() - t1
# ub||Rb||idA||idB
hmac_stringa = str(ub) + str(Rb) + idA + idB
newhash = hmac.new(
str(SessionKey[0]).encode(), ''.encode(), sha256)
newhash.update(hmac_stringa.encode())
maca_check = newhash.hexdigest()
if maca_check == maca:
#ub||Ra||idB||idA
hmac_stringb = str(ub) + str(Ra) + idB + idA
newhash = hmac.new(
str(SessionKey[0]).encode(), ''.encode(), sha256)
newhash.update(hmac_stringb.encode())
macb = newhash.hexdigest()
sock.connect((server_ip, server_port))
try:
while (token == 0):
print('connection up')
print('connected')
# 1. A side: send M1=(B,A,Na,PKapwx,PKapwy) to B
#1.1) generate my (A) keypair PKa SKa
keypair = Key.generate(256)
PKax = keypair._pub[1][0]
PKay = keypair._pub[1][1]
PKa = (PKax, PKay)
SKa = keypair._priv[1]
# 1.2) compute PKapw
negPW = neg(PW, c_n)
PKapw = add(c_p, c_q, c_n, PKa, negPW)
#1.2) generate my (A) nonce Na
Na = random.randint(000000, 999999)
# 1.3) A->B: M1=(B,A,Na,PKax,PKay)
M1 = idA + ',' + idB + ',' + str(Na) + ',' + str(
PKapw[0]) + ',' + str(PKapw[1])
sock.send(M1.encode())
# 3. A side: 1)receive M2, 2)compute Ka, 3)compute maca,macb_check 4)send M3
# 3.1) receive M2 from B, M2=(A,B,Nb,PKbx,PKby)
M2 = sock.recv(1024).decode()
Nb = M2.split(',')[2]
PKbx = M2.split(',')[3]
PKby = M2.split(',')[4]
PKb = (int(PKbx), int(PKby))
# 3.2) compute Ka
newhash.update(hash_stringa.encode())
hasha_check=newhash.hexdigest()
if hasha_check==hasha:
Nb=random.randint(000000,999999)
ub = Nb + SKb
M6=str(ub)
connection.send(M6.encode())
# 8. 1)receive M7=maca, 2)compute Kb, 3)verify maca, 4)compute macb, 5)send M8=macb
M7=connection.recv(1024).decode()
maca=M7
# (ua*G - PKa) * Nb
t1 =time.time()
Key = mul(c_p,c_q,c_n,G,ua)
NegPkb = neg(PKa,c_n)
temp = add(c_p,c_q,c_n,Key,NegPkb)
SessionKey = mul(c_p,c_q,c_n,temp,Nb)
t2 = time.time()
hmac_stringa=str(ua)+str(ub)+str(Rb)+idA+idB
newhash=hmac.new(str(SessionKey[0]).encode(),''.encode(),sha256)
newhash.update(hmac_stringa.encode())
maca_check=newhash.hexdigest()
if maca_check==maca:
hmac_stringb=str(ub)+str(ua)+str(Ra)+idB+idA
newhash=hmac.new(str(SessionKey[0]).encode(),''.encode(),sha256)
newhash.update(hmac_stringb.encode())
macb=newhash.hexdigest()
M8=macb
connection.send(M8.encode())
print('maca is valid')
print('the shared secrety is', SessionKey)
time1 = time.time()
keypair = Key.generate(521)
PKbx = keypair._pub[1][0]
PKby = keypair._pub[1][1]
SKb = keypair._priv[1]
# generate random number Rb1
Rb1 = random.randint(10000000, 999999999)
# calculate random number Rb2
Rb2 = SKb - Rb1
# calculate the same shared key
Kb1 = mul(c_p, c_q, c_n, PKa, Rb1)
Kb2 = mul(c_p, c_q, c_n, PKa, Rb2)
Kb = add(c_p, c_q, c_n, Kb1, Kb2)
Nb = random.randint(000000,999999)
stringcb = str(PKbx)+PKax+str(Nb)
newmd5 = md5()
newmd5.update(stringcb.encode())
cb = newmd5.hexdigest()
time2 = time.time()
M2 = str(PKbx)+','+str(PKby)+','+cb
connection.send(M2.encode())
# 4. B receive M3=Na, send M4=Nb, compute and show digb
M3 = connection.recv(1024).decode()
Na = int(M3)
M4 = str(Nb)
connection.send(M4.encode())
PKbx = keypair._pub[1][0]
PKby = keypair._pub[1][1]
SKb = keypair._priv[1]
# 2.3) genearate my nonce Nb
Nb = random.randint(000000, 999999)
# 2.4) B->A: M2=(A,B,Nb,PKbx,PKby)
M2 = idA + ',' + idB + ',' + str(Nb) + ',' + str(PKbx) + ',' + str(
PKby)
connection.send(M2.encode())
# 4. B side: 1) receive M3 from A 2) compute Kb 3) compute maca_check, macb 4)verfiy maca 5)send M4
# 4.1) receive M3=maca from A
M3 = connection.recv(1024).decode()
maca = M3
# 4.2) compute Kb
PKa = add(c_p, c_q, c_n, PKapw, PW)
Kb = mul(c_p, c_q, c_n, PKa, SKb)
# 4.3) compute maca_check, macb
hmac_stringa = idB + idA + str(Nb) + Na
newhash = hmac.new(str(Kb[0]).encode(), ''.encode(), sha256)
newhash.update(hmac_stringa.encode())
maca_check = newhash.hexdigest()
hmac_stringb = idA + idB + Na + str(Nb)
newhash = hmac.new(str(Kb[0]).encode(), ''.encode(), sha256)
newhash.update(hmac_stringb.encode())
macb = newhash.hexdigest()
# 4.4) verify maca
if maca_check == maca:
# 4.5) send M4
M4 = macb
connection.send(M4.encode())
M3 = str(Ua)
sock.send(M3)
# 5. receive M4, verify cb,compute K, compute and show diga
M4 = sock.recv(1024)
Tbx = M4.split(',')[0]
Tby = M4.split(',')[1]
Tb = (long(Tbx), long(Tby))
time2 = time.time()
stringcb = idB + PKbx + PKby + Tbx + Tby
md5b = md5()
md5b.update(stringcb)
cb_check = md5b.hexdigest()
if cb_check == cb:
negPKb = neg(PKb, c_n) #-PKb
sum = add(c_p, c_q, c_n, negPKb, Tb) #Tb-PKb
Ka = mul(c_p, c_q, c_n, sum, Ra) #Ka=Ra*(Tb-PKb)
hmac_stringa = idA + idB + str(PKax) + str(
PKay) + PKbx + PKby + str(Ua) + Tbx + Tby
newhash = hmac.new(str(Ka[0]), '', sha256)
newhash.update(hmac_stringa)
diga = newhash.hexdigest()[0:4]
print('digest is', diga)
time2 = time.time() - time2
print('computation time on A is', time1 + time2)
else:
print 'commita is invalid, protocol fails'
token = 1
except KeyboardInterrupt:
