The dinamic between server and user is the next:
- The server has e and n, this keys are public.
- The user has n and d, where d is the private key.
- When a user open the page, server generate a x random number.
- The user use this number for generate a response(r), the response is generate for a script, provided for the server.
- Then the user put this r in the service and the server compare r with a num produced.
- If this is correct the users are welcome, else the users are denied.
Important points:
- For generate r (user), need two functions f(x) & fastmodexp(x, y, mod).
- where in my case f(x) return (x*2)+5, this can be a other ecuation.
- fasmodexp is f(x)**d mod n
- d is the private key.
- In the autentification for the server we need to implement the same f(x), but this help us to compare, use fasmodexp(r, e, n), where r is the response of the user and e & n is the public key.
Code:
home.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function getUsuarios($usuario) | |
| { | |
| include 'parametrosLogin/loginConnection.php'; | |
| $link_C = "SELECT usuario FROM rsa_cripto"; | |
| $link_CR = mysql_query($link_C, $conexion) or die(mysql_error()); | |
| $link_C_rows = mysql_num_rows($link_CR); | |
| if ($link_C_rows> 0) { | |
| while ($link_C_Rrows = mysql_fetch_assoc($link_CR)) { | |
| $usuario = $link_C_Rrows['usuario']; | |
| echo "<option value=$usuario >$usuario</option>"; | |
| } | |
| } | |
| } | |
| ?> | |
| <html> | |
| <head> | |
| </head> | |
| <body> | |
| <!--<form action="home.php" method="post">--> | |
| <h1>RSA</h1> | |
| <form action="rsaAutentification.php" method="post"> | |
| <a href="#">Script.py</a><br/> | |
| <label>Your x: </label> | |
| <input type="text" name="x" size = "10" value="<?php echo rand(0, 10)?>" required="required"/> | |
| <p> | |
| <h4>Autentification</h4> | |
| <label>User: </laberl> | |
| <select name="user" required="required"> | |
| <option value="">---</option> | |
| <?php getUsuarios(); ?> | |
| </select><br/> | |
| <label>Respuesta:</label> | |
| <input type="text" name="respuesta" size = "10" required="required"/> </br> | |
| </p> | |
| <input type="submit" value="submit" /> </br> | |
| </form> | |
| </body> | |
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a href="home.php">Regresar</a><br/> | |
| <?php | |
| validar($_POST['user'], $_POST['respuesta'], $_POST['x']); | |
| function validar($usuario, $r, $x) | |
| { | |
| $lista = getUser($usuario); | |
| if($lista) | |
| { | |
| $e = $lista[0]; | |
| $n = $lista[1]; | |
| $y = f($x); | |
| $num = fastmodexp($r, $e, $n); | |
| if($y == $num) | |
| { | |
| echo "<h3>Welcome $usuario</h3>"; | |
| echo "You can see 9gag<br/><br/>"; | |
| echo "<iframe src='http://www.9gag.com' width='900' height='900'></iframe>"; | |
| } | |
| else echo "Fail..!"; | |
| echo "<br/><br/>"; | |
| } | |
| else | |
| { | |
| echo "<h1>Usuario invalido<h1>"; | |
| die(); | |
| } | |
| } | |
| function getUser($usuario) | |
| { | |
| include 'parametrosLogin/loginConnection.php'; | |
| $link_C = "SELECT e, n FROM rsa_cripto where usuario = '".$usuario."'"; | |
| $link_CR = mysql_query($link_C, $conexion) or die(mysql_error()); | |
| $link_C_rows = mysql_num_rows($link_CR); | |
| if ($link_C_rows> 0) { | |
| while ($link_C_Rrows = mysql_fetch_assoc($link_CR)) { | |
| $e = $link_C_Rrows['e']; | |
| $n = $link_C_Rrows['n']; | |
| } | |
| $lista = array($e, $n); | |
| return $lista; | |
| } | |
| else return False; | |
| } | |
| function f($x) | |
| { | |
| return ($x*2)+5; | |
| } | |
| function fastmodexp($x, $y, $mod) | |
| { | |
| $p = 1; | |
| $aux = $x; | |
| while($y > 0){ | |
| if ($y % 2 == 1){ | |
| $p = ($p * $aux) % $mod; | |
| } | |
| $aux = ($aux * $aux) % $mod; | |
| $y = $y >> 1; | |
| } | |
| return ($p); | |
| } | |
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def main(x, d, n): | |
| print f(x) | |
| r = fastmodexp(f(x), d, n) | |
| print 'tu valor de r es:', r | |
| def f(x): | |
| return (x*2)+5 | |
| def fastmodexp(x, y, mod): | |
| p = 1 | |
| aux = x | |
| while y > 0: | |
| if y % 2 == 1: | |
| p = (p * aux) % mod | |
| aux = (aux * aux) % mod | |
| y = y >> 1 | |
| return p | |
| x = int(raw_input("Dame x: ")) | |
| n = int(raw_input("Dame n: ")) | |
| d = int(raw_input("Dame d: ")) | |
| main(x, d, n) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create table rsa_cripto(id int not null auto_increment primary key, usuario varchar(20), e int(30), n int(30)); |
result:
WebService:
You can check the program in the next link: ....
Note:
Php is a pussy, in my case when I use a big numbers the autentification fail, but checking in python the autentification is correct.
Well, you get 10 as you are aware of the big-key problem.
ResponderEliminar