In [None]:
pip install pycryptodome

In [102]:
from Crypto.Cipher import AES, PKCS1_OAEP
from Crypto.PublicKey import RSA
from Crypto.Signature import pkcs1_15
from Crypto.Hash import HMAC, SHA256
from Crypto.Random import get_random_bytes

---

Digtal Signatures and verification

In [103]:
def sign_message(message, private_sig_key):
    h = SHA256.new(message)
    return pkcs1_15.new(private_sig_key).sign(h)

In [104]:
def verify_signature(message, signature, public_sig_key):
    key = RSA.import_key(public_sig_key)
    h = SHA256.new(message)
    try:
        pkcs1_15.new(key).verify(h, signature)
        return True
    except (ValueError, TypeError):
        return False

Asymmetric Encryption using RSA key pairs

In [105]:
def aenc(message, public_key):
    key = RSA.import_key(public_key)
    cipher = PKCS1_OAEP.new(key)
    return cipher.encrypt(message)

In [106]:
def adec(ciphertext, private_key):
    decipher = PKCS1_OAEP.new(private_key)
    plaintext = decipher.decrypt(ciphertext)
    return plaintext

Symmetric Encryption using AES

In [107]:
def senc(message, session_key):
    cipher_CTR = AES.new(session_key, AES.MODE_CTR)
    ciphertext = cipher_CTR.encrypt(message)
    return ciphertext, cipher_CTR.nonce

In [108]:
def sdec(ciphertext, session_key, nonce):
    decipher_CTR = AES.new(session_key, AES.MODE_CTR, nonce=nonce)
    plaintext = decipher_CTR.decrypt(ciphertext)
    return plaintext.decode()

Hashes for data integrity

In [109]:
def calculate_hash(message, key):
    h = HMAC.new(key, digestmod=SHA256)
    h.update(message)
    return h.hexdigest()

---

In [110]:
class Phone:
    private_sig_key = RSA.generate(1024)
    public_sig_key = private_sig_key.public_key().export_key()
    private_key = RSA.generate(1024)
    public_key = private_key.public_key().export_key()

In [111]:
class Server:
    private_sig_key = RSA.generate(1024)
    public_sig_key = private_sig_key.public_key().export_key()
    private_key = RSA.generate(1024)
    public_key = private_key.public_key().export_key()

    @classmethod
    def set_secret_key_IoT(cls, value):
        cls.secret_key_IoT = value

In [112]:
class IoT_Device:
    private_sig_key = RSA.generate(1024)
    public_sig_key = private_sig_key.public_key().export_key()
    private_key = RSA.generate(1024)
    public_key = private_key.public_key().export_key()

    @classmethod
    def set_secret_key_IoT(cls, value):
        cls.secret_key_IoT = value

In [113]:
preshared_key = get_random_bytes(16) # preshared key
IoT_Device.set_secret_key_IoT(preshared_key)
Server.set_secret_key_IoT(preshared_key)

---

In [114]:
server_accepts_phone = False
server_terminates_phone = True
phone_accepts = False
phone_terminates = False

In [115]:
pk_Phone = Phone.public_key
spk_Phone = Phone.public_sig_key
pk_Server = Server.public_key
spk_Server = Server.public_sig_key

In [116]:
def Phone_1():
    nonce_21 = get_random_bytes(16)
    m21 = aenc(nonce_21, pk_Server)
    m21_sig = sign_message(m21, Phone.private_sig_key)
    return m21, m21_sig, nonce_21

In [117]:
def Phone_2(m22, m22_sig, NONCE_21):
    if(verify_signature(m22, m22_sig, spk_Server)):
        msg = adec(m22, Phone.private_key)
        nonce_21 = msg[:len(msg) // 2]
        nonce_22 = msg[len(msg) // 2:]
        if(NONCE_21 == nonce_21):
            global phone_accepts
            phone_accepts = True
            m23 = aenc(nonce_22, pk_Server)
            m23_sig = sign_message(m23, Phone.private_sig_key)
            global phone_terminates
            phone_terminates = True
            return m23, m23_sig
        else: 
            print("Phone does not accept")

In [118]:
def Server_1(m21, m21_sig):
    if(verify_signature(m21, m21_sig, spk_Phone)):
        nonce_21 = adec(m21, Server.private_key)
        nonce_22 = get_random_bytes(16)
        global server_accepts_phone
        server_accepts_phone = True
        m22 = aenc(nonce_21 + nonce_22, pk_Phone)
        m22_sig = sign_message(m22, Server.private_sig_key)
        return m22, m22_sig, nonce_22

In [119]:
def Server_2(m23, m23_sig, NONCE_22):
    if(verify_signature(m23, m23_sig, spk_Phone)):
        nonce_22 = adec(m23, Server.private_key)
        if(NONCE_22 == nonce_22):
            global server_terminates_phone
            server_terminates_phone = True
            nonce_11 = get_random_bytes(16)
            control_data = get_random_bytes(16)
            m11_1, nonce_aes_1 = senc(nonce_11, Server.secret_key_IoT)
            m11_2, nonce_aes_2 = senc(control_data, Server.secret_key_IoT)
            h11_1 = calculate_hash(m11_1, Server.secret_key_IoT)
            h11_2 = calculate_hash(m11_2, Server.secret_key_IoT)
            return m11_1, m11_2, h11_1, h11_2, nonce_11, nonce_aes_1, nonce_aes_2
        else:
            print("Server does not accept")

In [122]:
def IoT_Device_1(m11_1, m11_2, h11_1, h11_2, nonce_aes_1, nonce_aes_2):
    if(calculate_hash(m11_1, IoT_Device.secret_key_IoT) == h11_1 and calculate_hash(m11_2, IoT_Device.secret_key_IoT) == h11_2):
        nonce_11 = sdec(m11_1, nonce_aes_1)
        control_data = sdec(m11_2, nonce_aes_2)
    else:
        print("IoT does not accept")

In [123]:
m21, m21_sig, NONCE_21 = Phone_1()

m22, m22_sig, NONCE_22 = Server_1(m21, m21_sig)
print("server_accepts = ", server_accepts_phone)

m23, m23_sig = Phone_2(m22, m22_sig, NONCE_21)
print("phone_accepts = ", phone_accepts)
print("phone_terminates = ", phone_terminates)

m11_1, m11_2, h11_1, h11_2, NONCE_11, nonce_aes_1, nonce_aes_2 = Server_2(m23, m23_sig, NONCE_22)

IoT_1(m11_1, m11_2, h11_1, h11_2, nonce_aes_1, nonce_aes_2)


server_accepts =  True
phone_accepts =  True
phone_terminates =  True


NameError: name 'IoT' is not defined

<br><br>

In [69]:
message = "Hello World!"
signature = sign_message(message, Phone.private_sig_key)
print("Verification result:", verify_signature(message, signature, Phone.public_sig_key))

Verification result: True


In [54]:
key = get_random_bytes(16)  # 128-bit key for AES-128
message = "Hello, world!"
ciphertext, nonce = senc(message, key)
print("Ciphertext:", ciphertext)

decrypted_message = sdec(ciphertext, key, nonce)
print("Decrypted message:", decrypted_message)

Ciphertext: b'c!\x0cG\xc9\xa4"l2<\xca\xa3\\'
Decrypted message: Hello, world!


In [75]:
m = aenc(message, Phone.public_key)
print(m)
print(adec(m, Phone.private_key))

b'\xa8YK\xcfL\xe9?D>\xaa\xe7\x89-\xd2\x0f\x1d\x1f\xf8\xf1\x81\x8co\xa6\r7\xa5\xc0h\xf0\xb9\x1e\x83Q\xce\x0f\x11\x9d\xd1\xc2d\x07\x89\x01\xc5\xb4\xfb\xf1\xd9\x8b\xf7psM\x16\xeaD\x1c\xeb\xf1\x15bS:Vtqa\xd3\xe6\xa7z\xea\xf65\xdd\xc7\xd7\xc7\x97\x01I\x1f\xaf`\xc9Z\xbe\xd8q\x01\xec^\xf2W\x14h\xa3-\xba\x86\x8f\x08J\xe4\x00\x8b\xd6W\x98\xebZ\x81\r\x88\x91\x84\x14\xf3\x1a=r\xael\xccz-\x12;'
Hello, world!
