// Decode a BER encoded Diffie-Hellman Key
void DH_Decoder::Decode(DH& key)
{
ReadHeader();
if (source_.GetError().What()) return;
// group parms
key.SetP(GetInteger(Integer().Ref()));
key.SetG(GetInteger(Integer().Ref()));
}
/*Generate Group Parameters*/
void GetGroupParameters(Integer &g, Integer &p, Integer &q)
{
AutoSeededRandomPool rnd;
unsigned int bits = 1024;
DH dh;
dh.AccessGroupParameters().GenerateRandomWithKeySize(rnd, bits);
if(!dh.GetGroupParameters().ValidateGroup(rnd, 3))
cout << "Failed to validate prime and generator" << endl;
size_t count = 0;
p = dh.GetGroupParameters().GetModulus();
count = p.BitCount();
q = dh.GetGroupParameters().GetSubgroupOrder();
count = q.BitCount();
g = dh.GetGroupParameters().GetGenerator();
count = g.BitCount();
#ifdef DEBUG
cout << "P (" << std::dec << count << "): " << std::hex << p << endl;
cout << "Q (" << std::dec << count << "): " << std::hex << q << endl;
cout << "G (" << std::dec << count << "): " << std::dec << g << endl;
#endif
Integer v = ModularExponentiation(g, q, p);
if(v != Integer::One())
{
cout << "Failed to verify order of the subgroup" << endl;
exit(1);
}
}
void AKETest::test()
{
cout << "BEGIN TESTING " << endl;
Integer p("0xB10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
"9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
"13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
"98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
"A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708"
"DF1FB2BC2E4A4371");
Integer g("0xA4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
"D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
"160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
"909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
"D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24"
"855E6EEB22B3B2E5");
Integer q("0xF518AA8781A8DF278ABA4E7D64B7CB9D49462353");
// Schnorr Group primes are of the form p = rq + 1, p and q prime. They
// provide a subgroup order. In the case of 1024-bit MODP Group, the
// security level is 80 bits (based on the 160-bit prime order subgroup).
// For a compare/contrast of using the maximum security level, see
// dh-unified.zip. Also see http://www.cryptopp.com/wiki/Diffie-Hellman
// and http://www.cryptopp.com/wiki/Security_level .
DH dh;
AutoSeededRandomPool rnd;
dh.AccessGroupParameters().Initialize(p, q, g);
if(!dh.GetGroupParameters().ValidateGroup(rnd, 3))
throw runtime_error("Failed to validate prime and generator");
size_t count = 0;
p = dh.GetGroupParameters().GetModulus();
q = dh.GetGroupParameters().GetSubgroupOrder();
g = dh.GetGroupParameters().GetGenerator();
// http://groups.google.com/group/sci.crypt/browse_thread/thread/7dc7eeb04a09f0ce
Integer v = ModularExponentiation(g, q, p);
if(v != Integer::One())
throw runtime_error("Failed to verify order of the subgroup");
KeyGenerator keyGen = KeyGenerator(dh);
SecByteBlock sprivA(keyGen.StaticPrivateKeyLength()), spubA(keyGen.StaticPublicKeyLength());
SecByteBlock eprivA(keyGen.EphemeralPrivateKeyLength()), epubA(keyGen.EphemeralPublicKeyLength());
keyGen.GenerateStaticKeyPair(rnd, sprivA, spubA);
keyGen.GenerateEphemeralKeyPair(rnd, eprivA, epubA);
cout << "END TESTING " << endl;
}
void CBackProp::recalWeight(SOCKET conn)
{
// server
// share the dwt
// re apply
AutoSeededRandomPool rnd;
unsigned int bits = 512;
DH dh;
dh.AccessGroupParameters().GenerateRandomWithKeySize(rnd, bits);
if(!dh.GetGroupParameters().ValidateGroup(rnd, 3))
throw runtime_error("Failed to validate prime and generator");
size_t count = 0;
const Integer& p = dh.GetGroupParameters().GetModulus();
const Integer& q = dh.GetGroupParameters().GetSubgroupOrder();
Send(conn, p);
Send(conn, q);
CryptoPP::Integer g = RandomQuadraticResidue(p);
Send(conn, g);
CryptoPP::Integer ua = RandomQuadraticResidue(q);
ModularArithmetic group_S(p);
CryptoPP::Integer VA = group_S.Exponentiate(g, ua);
// receive VB from Party B.
byte output[128];
unsigned char buf[8];
CryptoPP::Integer VB;
recv(conn,(char *)output, 128,0);
VB.Decode(output, 128);
CryptoPP::Integer rA1 = RandomQuadraticResidue(q);
CryptoPP::Integer rA2 = RandomQuadraticResidue(q);
for(int i=1;i<numl;i++)
for(int j=0;j<lsize[i];j++)
for(int k=0;k<lsize[i-1]+1;k++) {
//Party A XA = dwt[i][j][k] YA = 10000.0
CryptoPP::Integer XA, YA;
//dwt[i][j][k] = -1505;
XA = (int)(dwt[i][j][k] / 2);
YA = 1000 / 2; // divided by 10
//Send g and p, q to B
CryptoPP::Integer xA1 = group_S.Exponentiate(g, rA1);
CryptoPP::Integer xA2;
if( XA >= 0)
xA2 = (group_S.Exponentiate((VA * VB), rA1) * group_S.Exponentiate(g, XA));
else
xA2 = group_S.Divide(group_S.Exponentiate((VA * VB), rA1) , group_S.Exponentiate(g, -XA));
CryptoPP::Integer yA1 = group_S.Exponentiate(g, rA2);
CryptoPP::Integer yA2;
if( YA >= 0)
yA2 = (group_S.Exponentiate((VA * VB), rA2) * group_S.Exponentiate(g, YA));
else
yA2 = group_S.Divide(group_S.Exponentiate((VA * VB), rA2), group_S.Exponentiate(g, -YA));
Send(conn, xA1);
Send(conn, xA2);
Send(conn, yA1);
Send(conn, yA2);
CryptoPP::Integer theta1, theta2, pi1, pi2;
recv(conn,(char *)output, 128,0);
theta1.Decode(output, 128);
recv(conn,(char *)output, 128,0);
theta2.Decode(output, 128);
recv(conn,(char *)output, 128,0);
pi1.Decode(output, 128);
recv(conn,(char *)output, 128,0);
pi2.Decode(output, 128);
// compute eta
CryptoPP::Integer eta1 = group_S.Divide(theta1 , group_S.Exponentiate(pi1, ua));
CryptoPP::Integer eta2 = group_S.Divide(theta2 , group_S.Exponentiate(pi2, ua));
Send(conn, eta1);
Send(conn, eta2);
//TODO: Receive the average result
int peta1, peta2;
recv(conn, (char *)buf, 4, 0);
peta1 = (buf[0] << 24) + (buf[1] << 16) + (buf[2] << 8) + (buf[3] << 0);
//cout << "peta1 " << peta1 << endl;
recv(conn,(char *)buf, 4,0);
peta2 = (buf[0] << 24) + (buf[1] << 16) + (buf[2] << 8) + (buf[3] << 0);
//cout << "peta2 " << peta2 << endl;
double avgWeight = (double)peta1 / ((double)peta2 * 10.0 );
weight[i][j][k] = prevWeight[i][j][k] + avgWeight;
}
}
int main()
{
using namespace CryptoPP;
AutoSeededRandomPool rng;
DH dhA; //< Diffie-Hellman structure
DH2 dh2A(dhA); //< Diffie-Hellman structure
SecByteBlock sprivA; //< static private key
SecByteBlock spubA; //< static public key
SecByteBlock eprivA; //< ephemeral private key
SecByteBlock epubA; //< ephemeral public key
SecByteBlock sharedA; //< shared key
DH dhB; //< Diffie-Hellman structure
DH2 dh2B(dhA); //< Diffie-Hellman structure
SecByteBlock sprivB; //< static private key
SecByteBlock spubB; //< static public key
SecByteBlock eprivB; //< ephemeral private key
SecByteBlock epubB; //< ephemeral public key
SecByteBlock sharedB; //< shared key
std::cout << "Initializing DH parameters" << std::endl;;
dhA.AccessCryptoParameters().GenerateRandomWithKeySize(rng,1024);
dhB.AccessCryptoParameters().GenerateRandomWithKeySize(rng,1024);
std::cout << "Generating Keys" << std::endl;;
sprivA = SecByteBlock( dh2A.StaticPrivateKeyLength() );
spubA = SecByteBlock( dh2A.StaticPublicKeyLength() );
eprivA = SecByteBlock( dh2A.EphemeralPrivateKeyLength() );
epubA = SecByteBlock( dh2A.EphemeralPublicKeyLength() );
dh2A.GenerateStaticKeyPair(rng,sprivA,spubA);
dh2A.GenerateEphemeralKeyPair(rng,eprivA, epubA);
sharedA= SecByteBlock( dh2A.AgreedValueLength() );
sprivB = SecByteBlock( dh2B.StaticPrivateKeyLength() );
spubB = SecByteBlock( dh2B.StaticPublicKeyLength() );
eprivB = SecByteBlock( dh2B.EphemeralPrivateKeyLength() );
epubB = SecByteBlock( dh2B.EphemeralPublicKeyLength() );
dh2B.GenerateStaticKeyPair(rng,sprivB,spubB);
dh2B.GenerateEphemeralKeyPair(rng,eprivB, epubB);
sharedB= SecByteBlock( dh2B.AgreedValueLength() );
if(!dh2A.Agree(sharedA, sprivA, eprivA, spubB, epubB) )
std::cerr << "A failed to agree " << std::endl;
if(!dh2B.Agree(sharedB, sprivB, eprivB, spubA, epubA) )
std::cerr << "B failed to agree " << std::endl;
Integer sharedAOut, sharedBOut;
sharedAOut.Decode(sharedA.BytePtr(), sharedA.SizeInBytes());
sharedBOut.Decode(sharedB.BytePtr(), sharedB.SizeInBytes());
std::cout << "shared secret:"
<< "\n A: " << std::hex << sharedAOut
<< "\n B: " << std::hex << sharedBOut
<< std::endl;
}