def update_password(pw_old, pw_new, smartcard_file):
if not is_logged_in():
return 1
(auth_params, tp, ltk, kh, f) = util.load(smartcard_file)
pwd_old = compute_one_way_hash(str(urs.uid) + urs.k + pw_old)
fx = compute_one_way_hash(str(urs.uid) + str(pwd_old) + str(urs.ct))
if fx != f:
print("Incorrect password")
urs.reset()
return 1
pwd_new = compute_one_way_hash(str(urs.uid) + urs.k + pw_new)
auth_params_new = []
for sid, a, p in auth_params:
a_new = a ^ pwd_old ^ pwd_new
p_new = p ^ pwd_old ^ pwd_new
auth_params_new.append((sid, a_new, p_new))
f_new = compute_one_way_hash(str(urs.uid) + str(pwd_new) + str(urs.ct))
util.store((auth_params_new, tp, ltk, kh, f_new), smartcard_file)
print("Password updated successfully")
return 0
def register_user(uid, pwd):
auth_params = []
for (sid, x) in servers:
a = compute_one_way_hash(str(uid) + str(x)) ^ pwd
p = compute_one_way_hash(str(sid) + str(x)) ^ pwd
auth_params.append((sid, a, p))
users.append((uid, compute_one_way_hash(str(pwd) + str(x))))
util.store(users, config.MSRC_USER_FILE_PATH)
return auth_params
def login(uid, pw, biom_file, smartcard_file):
biom = util.load_biometric(biom_file)
(auth_params, tp, ltk, kh, f) = util.load(smartcard_file)
urs.uid = int(uid)
urs.ct = compute_cancellable_template(biom, tp)
urs.k = util.decode(ltk ^ urs.ct)
if kh != compute_one_way_hash(urs.k):
print("User authentication failed: Incorrect biometric")
urs.reset()
return 1
pwd = compute_one_way_hash(str(urs.uid) + urs.k + pw)
fx = compute_one_way_hash(str(urs.uid) + str(pwd) + str(urs.ct))
if fx != f:
print("User authentication failed: Incorrect user credentials (username/password)")
urs.reset()
return 1
rc = random.getrandbits(64)
ts1 = time.time()
sid, a, p = auth_params[0]
m1 = a ^ pwd
m2 = p ^ pwd
m3 = urs.uid ^ m2
m4 = m1 ^ rc
m5 = compute_one_way_hash(str(m1) + str(rc) + str(ts1))
err, sid, m11, m12, ts2 = server.login1(sid, m3, m4, m5, ts1)
if err == 1:
print("Server not found")
urs.reset()
return 1
if err == 2:
print("Server authentication failed")
urs.reset()
return 1
m13 = m11 ^ compute_one_way_hash(str(m1) + str(rc))
urs.sk = compute_one_way_hash(str(m2) + str(m1) + str(rc) + str(m13) + str(ts2))
m14 = compute_one_way_hash(str(urs.sk) + str(m1) + str(rc) + str(ts2))
if m12 != m14:
print("Failed to setup session key: Verification failed at user end")
urs.reset()
return 1
ts3 = time.time()
m15 = compute_one_way_hash(str(urs.sk) + str(m1) + str(m13) + str(ts3))
if server.login2(m15, ts3) == 1:
print("Failed to setup session key: Verification failed at server end")
urs.reset()
return 1
print("Login successful!")
printf("It is successful")
print("Session key: ", urs.sk)
return 0
def register(uid, pw, biom_file):
uid = int(uid)
biom = util.load_biometric(biom_file)
tp = numpy.random.rand(4)
ct = compute_cancellable_template(biom, tp)
k = str(uuid.uuid1())
kcw = util.encode(k)
ltk = kcw ^ ct
pwd = compute_one_way_hash(str(uid) + k + pw)
auth_params = register_user(uid, pwd)
f = compute_one_way_hash(str(uid) + str(pwd) + str(ct))
smart_card = (auth_params, tp, ltk, compute_one_way_hash(k), f)
store_user_data(biom_file, smart_card, uid)
print("Successfully registered user: ", uid)
return 0
def update_biometric(pw, biom_file, smartcard_file):
if not is_logged_in():
return 1
biom = util.load_biometric(biom_file)
(auth_params, tp, ltk, kh, f) = util.load(smartcard_file)
pwd = compute_one_way_hash(str(urs.uid) + urs.k + pw)
fx = compute_one_way_hash(str(urs.uid) + str(pwd) + str(urs.ct))
if fx != f:
print("Incorrect password")
urs.reset()
return 1
tp_new = numpy.random.rand(4)
ct_new = compute_cancellable_template(biom, tp_new)
ltk_new = ltk ^ urs.ct ^ ct_new
f_new = compute_one_way_hash(str(urs.uid) + str(pwd) + str(ct_new))
util.store((auth_params, tp_new, ltk_new, kh, f_new), smartcard_file)
print("Fingerprint updated successfully")
return 0
def login1(tsid, m3, m4, m5, ts1):
global m8, rs
key_list = [x1 for (sid1, x1) in servers if sid1 == tsid]
if len(key_list) == 0:
return 1, 0, 0, 0, 0
ss.sid = tsid
ss.x = key_list[0]
m6 = compute_one_way_hash(str(ss.sid) + str(ss.x))
m7 = m3 ^ m6
m8 = compute_one_way_hash(str(m7) + str(ss.x))
m9 = m4 ^ m8
m10 = compute_one_way_hash(str(m8) + str(m9) + str(ts1))
if m10 != m5:
ss.reset()
return 2, 0, 0, 0, 0
rs = random.getrandbits(64)
ts2 = time.time()
m11 = compute_one_way_hash(str(m8) + str(m9)) ^ rs
ss.sk = compute_one_way_hash(str(m6) + str(m8) + str(m9) + str(rs) + str(ts2))
m12 = compute_one_way_hash(str(ss.sk) + str(m8) + str(m9) + str(ts2))
return 0, ss.sid, m11, m12, ts2
def login2(m15, ts3):
m16 = compute_one_way_hash(str(ss.sk) + str(m8) + str(rs) + str(ts3))
if m16 != m15:
ss.reset()
return 1
return 0
def register_server(sid):
x = compute_one_way_hash(str(sid) + krc)
servers.append((sid, x))
util.store(servers, config.MSRC_SERVER_FILE_PATH)
return x