def ele_to_int(a):
#print("--- 域元素到字节串的转换 ---")
x = 0
q = config.get_q()
if (config.is_q_prime() and q % 2 == 1): # q为奇素数
x = a
elif config.is_q_power_of_two(): # q为2的幂
if type(a) == str and a[0:2] == '0b':
m = math.log(q, 2)
if len(a) - 2 == m:
#a = a.replace('0b', '')
a = remove_0b_at_beginning(a)
for i in a:
x = x * 2 + int(i)
else:
print(
"*** ERROR: 域元素必须为长度为m的比特串 *** function:ele_to_int(a, q)")
return -1
else:
print("*** ERROR: 输入必须为比特串 *** function:ele_to_int(a, q) ***")
return -1
else:
print("*** ERROR: q不满足奇素数或2的幂 *** function:ele_to_int(a, q) ***")
return -1
return x
def bytes_to_point(a, b, S):
q = config.get_q()
l = math.ceil(math.log(q, 2) / 8)
PC = ''
X = []
Y = []
# a.
if len(S) == 2 * l + 1: #为压缩表示形式或者混合表示形式
PC = S[0]
for i in range(1, l + 1):
X.append(S[i])
for i in range(l + 1, 2 * l + 1):
Y.append(S[i])
elif len(S) == l + 1: #压缩表示形式
PC = S[0]
for i in range(1, l):
X.append(S[i])
else:
print('*** ERROR: wrong size function: bytes_to_point ***')
# b. 将X转换成与元素x
x = bytes_to_ele(q, X)
##### c. 压缩表示形式 #####
y1 = ''
# c.1 and c.2
if PC == 2:
y1 = '0'
elif PC == 3:
y1 = '1'
##### d. 未压缩表示形式 #####
elif PC == 4:
y = bytes_to_ele(q, Y)
##### e. 混合表示形式 #####
# e.1 and e.2
elif PC == 6 or 7:
y = bytes_to_ele(q, Y)
else:
print('ERROR in bytes_to_point')
# f.
result = 0
if (type(x) != type(1)):
x = int(x, 2)
if (type(y) != type(1)):
y = int(y, 2)
if (config.is_q_prime() and q % 2 == 1): # q为奇素数
if (y**2) % q != (x**3 + a * x + b) % q:
return -1
elif config.is_q_power_of_two():
if (y**2 + x * y) != (x**3 + a * x + b):
return -1
# g.
point = Point(x, y)
return point
def ele_to_bytes(a):
#print("--- 域元素到字节串的转换 ---")
S = []
q = config.get_q()
if (config.is_q_prime() and q % 2 == 1): # q为奇素数
if (a >= 0 and a <= q - 1):
t = math.ceil(math.log(q, 2))
l = math.ceil(t / 8)
S = int_to_bytes(a, l)
else:
print(
"*** ERROR: 域元素须在区间[0, q-1]上 *** function:ele_to_bytes(a) ***")
return -1
elif config.is_q_power_of_two(): # q为2的幂
if type(a) == str and a[0:2] == '0b':
m = math.ceil(math.log(q, 2))
a = padding_0_to_length(a, m)
'''temp = a
a = ''
for i in range(0, 2):
a = a + temp[i]
for i in range(0, m-len(temp)+2):
a = a + '0'
for i in range(0, len(temp)-2):
a = a + temp[i+2]'''
if len(a) - 2 == m:
S = bits_to_bytes(a)
else:
print("*** ERROR: 域元素必须为长度为m的比特串 *** function:ele_to_bytes(a)")
return -1
else:
print("*** ERROR: 输入必须为比特串 *** function:ele_to_bytes(a) ***")
return -1
else:
print("*** ERROR: q不满足奇素数或2的幂 *** function:ele_to_bytes(a) ***")
return -1
return S
def key_generation_2(ZA, ZB, r_self, R_self, R_opposite, d_self, P_self,
P_opposite, klen, is_send):
q = config.get_q()
a = config.get_a()
b = config.get_b()
n = config.get_n()
Gx = config.get_Gx()
Gy = config.get_Gy()
h = config.get_h()
w = math.ceil(math.ceil(math.log(n, 2)) / 2) - 1
# A4. 从R_self中取出域元素x_self,将x_self的数据类型转换为整数,计算x_self_ = 2w +(x_self&(2w−1));
x_self = R_self.x
x_self = ele_to_int(x_self)
y_self = R_self.y
y_self = ele_to_int(y_self)
x_self_ = 2**w + (x_self & (2**w - 1))
# A5. 计算t_self = (d_self + ¯ x_self·r_self)modn
t_self = (d_self + x_self_ * r_self) % n
# A6.1 验证R_opposite是否满足椭圆曲线方程,若不满足则协商失败;
# A6.2 否则从R_opposite中取出域元素x_opposite,将x_opposite的数据类型转换为整数,计算x_opposite_ = 2w +(x_opposite&(2w−1));
x_opposite = R_opposite.x
x_opposite = ele_to_int(x_opposite)
y_opposite = R_opposite.y
y_opposite = ele_to_int(y_opposite)
if (y_opposite**2) % q != (x_opposite**3 + a * x_opposite + b) % q:
print("keyExchange Fail: R_opposite do not satisfy the equation")
return -1
x_opposite_ = 2**w + (x_opposite & (2**w - 1))
# A7.1 计算椭圆曲线点U_self = [h·t_self](P_opposite +[x_opposite_]R_opposite) = (xU_self,yU_self)
# A7.2 若U_self是无穷远点,则A协商失败;否则将xU_self、yU_self的数据类型转换为比特串
U_self = ECG_k_point(
h * t_self,
ECG_ele_add(P_opposite, ECG_k_point(x_opposite_, R_opposite)))
xU_self = U_self.x
yU_self = U_self.y
xU_self = bytes_to_bits(ele_to_bytes(xU_self))
xU_self = remove_0b_at_beginning(xU_self)
yU_self = bytes_to_bits(ele_to_bytes(yU_self))
yU_self = remove_0b_at_beginning(yU_self)
# A8. 计算KA=KDF(xU_self ∥yU_self ∥ZA ∥ZB,klen)
k_self = KDF(xU_self + yU_self + ZA + ZB, klen)
# A9. 将R_self的坐标x_self、y_self 和R_opposite的坐标x_opposite、y_opposite的数据类型转换为比特串
# 计算S_test= Hash(0x02∥yU_self ∥Hash(xU_self ∥ZA ∥ZB ∥x_self ∥y_self ∥x_opposite ∥y_opposite))
# 并检验S_test=SB是否成立,若等式不成立则从B到A的密钥确认失败;
x_self = bytes_to_bits(ele_to_bytes(x_self))
x_self = remove_0b_at_beginning(x_self)
y_self = bytes_to_bits(ele_to_bytes(y_self))
y_self = remove_0b_at_beginning(y_self)
x_opposite = bytes_to_bits(ele_to_bytes(x_opposite))
x_opposite = remove_0b_at_beginning(x_opposite)
y_opposite = bytes_to_bits(ele_to_bytes(y_opposite))
y_opposite = remove_0b_at_beginning(y_opposite)
if is_send:
prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(2, 1)))
S_test = hash_function(prefix + yU_self +
hash_function(xU_self + ZA + ZB + x_opposite +
y_opposite + x_self + y_self))
else:
prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(3, 1)))
S_test = hash_function(prefix + yU_self +
hash_function(xU_self + ZA + ZB + x_self +
y_self + x_opposite + y_opposite))
S_test = remove_0b_at_beginning(S_test)
# A10. (选项)计算S_target= Hash(0x03∥yU_self ∥Hash(xU_self ∥ZA ∥ZB ∥x_self ∥y_self ∥x_opposite ∥y_opposite)),并将S_target发送给用户B
if is_send:
prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(3, 1)))
S_target = hash_function(prefix + yU_self +
hash_function(xU_self + ZA + ZB + x_opposite +
y_opposite + x_self + y_self))
else:
prefix = remove_0b_at_beginning(bytes_to_bits(int_to_bytes(2, 1)))
S_target = hash_function(prefix + yU_self +
hash_function(xU_self + ZA + ZB + x_self +
y_self + x_opposite +
y_opposite))
S_target = remove_0b_at_beginning(S_target)
return k_self, S_target, S_test, x_self_, t_self, x_opposite_, U_self
def point_to_bytes(point):
q = config.get_q()
l = math.ceil(math.log(q, 2) / 8)
x = point.x
y = point.y
S = []
PC = ''
# a. 将域元素x转换成长度为l的字节串X
X = ele_to_bytes(x)
temp = X
X = []
for i in range(0, l - len(temp)):
X.append(0)
for i in range(0, len(temp)):
X.append(temp[i])
'''
##### b. 压缩表示形式 #####
# b.1 计算比特y1
temp = ele_to_bytes(y)
y1_temp = bytes_to_bits(temp)#[math.ceil(math.log(q,2)/8)*8-1:math.ceil(math.log(q,2)/8)*8]
y1 = y1_temp[len(y1_temp)-1:len(y1_temp)]
# b.2 若y1=0,则令PC=02;若y1=1,则令PC=03
if y1 == '0':
PC = 2
elif y1 == '1':
PC = 3
else:
print('ERROR')
# b.3 字节串S=PC||X
S.append(PC)
for i in X:
S.append(i)
'''
'''
##### c. 未压缩表示形式 #####
# c.1 将域元素y转换成长度为l的字节串Y
Y = ele_to_bytes(y)
# c.2 令PC=04
PC = 4
# c.3 字节串S=PC||X||Y
S.append(PC)
for m in X:
S.append(m)
for n in Y:
S.append(n)
'''
##### d. 混合表示形式 #####
# d.1 将域元素y转换成长度为l的字节串Y
Y = ele_to_bytes(y)
temp = Y
Y = []
for i in range(0, l - len(temp)):
Y.append(0)
for i in range(0, len(temp)):
Y.append(temp[i])
# d.2 计算比特y1
y1_temp = bytes_to_bits(
Y) #[math.ceil(math.log(q,2)/8)*8-1:math.ceil(math.log(q,2)/8)*8]
y1 = y1_temp[len(y1_temp) - 1:len(y1_temp)]
# d.3 若y1=0,则令PC=06;若y1=1,则令PC=07
if y1 == '0':
PC = 6
elif y1 == '1':
PC = 7
else:
print('*** ERROR: PC值不对 function: point_to_bytes ***')
# d.4 字节串S=PC||X||Y
S.append(PC)
for m in X:
S.append(m)
for n in Y:
S.append(n)
return S
