http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-cgo/README.txt ---------------------------------------------------------------------- diff --git a/go/examples-cgo/README.txt b/go/examples-cgo/README.txt new file mode 100644 index 0000000..cc05766 --- /dev/null +++ b/go/examples-cgo/README.txt @@ -0,0 +1,5 @@ +When the library is built with; + +-D USE_ANONYMOUS=on + +then the only example that works is mpinfullAnon.go
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-cgo/mpin.go ---------------------------------------------------------------------- diff --git a/go/examples-cgo/mpin.go b/go/examples-cgo/mpin.go new file mode 100644 index 0000000..35b1d03 --- /dev/null +++ b/go/examples-cgo/mpin.go @@ -0,0 +1,221 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo" + amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amclcgo.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amclcgo.MPIN_today() + + // Epoch time in seconds + timeValue := amclcgo.MPIN_GET_TIME() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + // MESSAGE := []byte("test sign message") + + // Generate Master Secret Share 1 + rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS1: 0x") + amclcgo.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS2: 0x") + amclcgo.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amclcgo.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS1: 0x") + amclcgo.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS2: 0x") + amclcgo.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amclcgo.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS1: 0x") + amclcgo.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS2: 0x") + amclcgo.MPIN_printBinary(CS2[:]) + + // Combine client secret shares + CS := make([]byte, amclcgo.G1S) + rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amclcgo.MPIN_printBinary(CS[:]) + + // Generate time permit share 1 + rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP1: 0x") + amclcgo.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP2: 0x") + amclcgo.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amclcgo.MPIN_printBinary(TOKEN[:]) + + ////// Client ////// + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + // Send U, UT, V, timeValue and Message to server + var X [amclcgo.EGS]byte + fmt.Printf("X: 0x") + amclcgo.MPIN_printBinary(X[:]) + rtn, XOut, Y1, SEC, U, UT := amclcgo.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + fmt.Printf("Y1: 0x") + amclcgo.MPIN_printBinary(Y1[:]) + fmt.Printf("XOut: 0x") + amclcgo.MPIN_printBinary(XOut[:]) + + ////// Server ////// + rtn, HID, HTID, Y2, E, F := amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn) + } + fmt.Printf("Y2: 0x") + amclcgo.MPIN_printBinary(Y2[:]) + fmt.Printf("HID: 0x") + amclcgo.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amclcgo.MPIN_printBinary(HTID[:]) + + if rtn != 0 { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + err := amclcgo.MPIN_KANGAROO(E[:], F[:]) + if err != 0 { + fmt.Printf("PIN Error %d\n", err) + } + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-cgo/mpinTwoPass.go ---------------------------------------------------------------------- diff --git a/go/examples-cgo/mpinTwoPass.go b/go/examples-cgo/mpinTwoPass.go new file mode 100644 index 0000000..9e4cc62 --- /dev/null +++ b/go/examples-cgo/mpinTwoPass.go @@ -0,0 +1,227 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo" + amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amclcgo.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amclcgo.MPIN_today() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Generate Master Secret Share 1 + rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS1: 0x") + amclcgo.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS2: 0x") + amclcgo.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amclcgo.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS1: 0x") + amclcgo.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS2: 0x") + amclcgo.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amclcgo.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS1: 0x") + amclcgo.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS2: 0x") + amclcgo.MPIN_printBinary(CS2[:]) + + // Combine client secret shares + CS := make([]byte, amclcgo.G1S) + rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amclcgo.MPIN_printBinary(CS[:]) + + // Generate time permit share 1 + rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP1: 0x") + amclcgo.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP2: 0x") + amclcgo.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amclcgo.MPIN_printBinary(TOKEN[:]) + + ////// Client ////// + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + ////// Client Pass 1 ////// + // Send U and UT to server + var X [amclcgo.EGS]byte + fmt.Printf("X: 0x") + amclcgo.MPIN_printBinary(X[:]) + rtn, XOut, SEC, U, UT := amclcgo.MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + fmt.Printf("XOut: 0x") + amclcgo.MPIN_printBinary(XOut[:]) + + ////// Server Pass 1 ////// + /* Calculate H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ + HID, HTID := amclcgo.MPIN_SERVER_1_WRAP(date, ID) + + /* Send Y to Client */ + rtn, Y := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("Y: 0x") + amclcgo.MPIN_printBinary(Y[:]) + + /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + rtn, V := amclcgo.MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn) + } + + /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ + /* If PIN error not required, set E and F = null */ + rtn, _, _ = amclcgo.MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) + if rtn != 0 { + fmt.Printf("FAILURE: MPIN_SERVER_2 rtn: %d\n", rtn) + } + fmt.Printf("HID: 0x") + amclcgo.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amclcgo.MPIN_printBinary(HTID[:]) + + if rtn != 0 { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-cgo/mpinfull.go ---------------------------------------------------------------------- diff --git a/go/examples-cgo/mpinfull.go b/go/examples-cgo/mpinfull.go new file mode 100644 index 0000000..5a6a649 --- /dev/null +++ b/go/examples-cgo/mpinfull.go @@ -0,0 +1,293 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo" + amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amclcgo.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amclcgo.MPIN_today() + + // Epoch time in seconds + timeValue := amclcgo.MPIN_GET_TIME() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + // MESSAGE := []byte("test sign message") + + // Generate Master Secret Share 1 + rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS1: 0x") + amclcgo.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS2: 0x") + amclcgo.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amclcgo.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS1: 0x") + amclcgo.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS2: 0x") + amclcgo.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amclcgo.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS1: 0x") + amclcgo.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS2: 0x") + amclcgo.MPIN_printBinary(CS2[:]) + + // Combine client secret shares + CS := make([]byte, amclcgo.G1S) + rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amclcgo.MPIN_printBinary(CS[:]) + + // Generate time permit share 1 + rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP1: 0x") + amclcgo.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP2: 0x") + amclcgo.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amclcgo.MPIN_printBinary(TOKEN[:]) + + ////// Client ////// + + // Precomputation + rtn, G1, G2 := amclcgo.MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_PRECOMPUTE(TOKEN[:], HCID) Error:", rtn) + return + } + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + // Send U, UT, V, timeValue and Message to server + var X [amclcgo.EGS]byte + fmt.Printf("X: 0x") + amclcgo.MPIN_printBinary(X[:]) + rtn, XOut, Y1, V, U, UT := amclcgo.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + fmt.Printf("Y1: 0x") + amclcgo.MPIN_printBinary(Y1[:]) + fmt.Printf("XOut: 0x") + amclcgo.MPIN_printBinary(XOut[:]) + + // Send Z=r.ID to Server + var R [amclcgo.EGS]byte + fmt.Printf("R: 0x") + amclcgo.MPIN_printBinary(R[:]) + rtn, ROut, Z := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:]) + fmt.Printf("ROut: 0x") + amclcgo.MPIN_printBinary(ROut[:]) + + ////// Server ////// + rtn, HID, HTID, Y2, E, F := amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn) + } + fmt.Printf("Y2: 0x") + amclcgo.MPIN_printBinary(Y2[:]) + fmt.Printf("HID: 0x") + amclcgo.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amclcgo.MPIN_printBinary(HTID[:]) + + if rtn != 0 { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + err := amclcgo.MPIN_KANGAROO(E[:], F[:]) + if err != 0 { + fmt.Printf("PIN Error %d\n", err) + } + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } + + // send T=w.ID to client + var W [amclcgo.EGS]byte + fmt.Printf("W: 0x") + amclcgo.MPIN_printBinary(W[:]) + rtn, WOut, T := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:]) + fmt.Printf("WOut: 0x") + amclcgo.MPIN_printBinary(WOut[:]) + fmt.Printf("T: 0x") + amclcgo.MPIN_printBinary(T[:]) + + // Hash all values + HM := amclcgo.MPIN_HASH_ALL_WRAP(ID[:],U[:],UT[:],Y2[:],V[:],Z[:],T[:]) + + rtn, AES_KEY_SERVER := amclcgo.MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], HM[:],HID[:],U[:], UT[:]) + fmt.Printf("Server Key = 0x") + amclcgo.MPIN_printBinary(AES_KEY_SERVER[:]) + + rtn, AES_KEY_CLIENT := amclcgo.MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], HM[:],T[:]) + fmt.Printf("Client Key = 0x") + amclcgo.MPIN_printBinary(AES_KEY_CLIENT[:]) + + ////// Server ////// + + // Initialization vector + IV := amclgo.GENERATE_RANDOM(rng, 12) + fmt.Printf("IV: 0x") + amclcgo.MPIN_printBinary(IV[:]) + + // header + HEADER := amclgo.GENERATE_RANDOM(rng, 16) + fmt.Printf("HEADER: 0x") + amclcgo.MPIN_printBinary(HEADER[:]) + + // Input plaintext + plaintextStr := "A test message" + PLAINTEXT1 := []byte(plaintextStr) + fmt.Printf("String to encrypt: %s \n", plaintextStr) + fmt.Printf("PLAINTEXT1: 0x") + amclcgo.MPIN_printBinary(PLAINTEXT1[:]) + + // AES-GCM Encryption + CIPHERTEXT, TAG1 := amclcgo.MPIN_AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:]) + fmt.Printf("CIPHERTEXT: 0x") + amclcgo.MPIN_printBinary(CIPHERTEXT[:]) + fmt.Printf("TAG1: 0x") + amclcgo.MPIN_printBinary(TAG1[:]) + + // Send IV, HEADER, CIPHERTEXT and TAG1 to client + + // AES-GCM Decryption + PLAINTEXT2, TAG2 := amclcgo.MPIN_AES_GCM_DECRYPT(AES_KEY_CLIENT[:], IV[:], HEADER[:], CIPHERTEXT[:]) + fmt.Printf("PLAINTEXT2: 0x") + amclcgo.MPIN_printBinary(PLAINTEXT2[:]) + fmt.Printf("TAG2: 0x") + amclcgo.MPIN_printBinary(TAG2[:]) + fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2)) +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-cgo/mpinfullAnon.go ---------------------------------------------------------------------- diff --git a/go/examples-cgo/mpinfullAnon.go b/go/examples-cgo/mpinfullAnon.go new file mode 100644 index 0000000..57472cb --- /dev/null +++ b/go/examples-cgo/mpinfullAnon.go @@ -0,0 +1,295 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +// Use MPIN with only hashed IDs to the server + +package main + +import ( + "encoding/hex" + "fmt" + + amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo" + amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amclcgo.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amclcgo.MPIN_today() + + // Epoch time in seconds + timeValue := amclcgo.MPIN_GET_TIME() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + // MESSAGE := []byte("test sign message") + + // Generate Master Secret Share 1 + rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS1: 0x") + amclcgo.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS2: 0x") + amclcgo.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amclcgo.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS1: 0x") + amclcgo.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS2: 0x") + amclcgo.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amclcgo.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS1: 0x") + amclcgo.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS2: 0x") + amclcgo.MPIN_printBinary(CS2[:]) + + // Combine client secret shares + CS := make([]byte, amclcgo.G1S) + rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amclcgo.MPIN_printBinary(CS[:]) + + // Generate time permit share 1 + rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP1: 0x") + amclcgo.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP2: 0x") + amclcgo.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amclcgo.MPIN_printBinary(TOKEN[:]) + + ////// Client ////// + + // Precomputation + rtn, G1, G2 := amclcgo.MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_PRECOMPUTE(TOKEN[:], HCID) Error:", rtn) + return + } + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + // Send U, UT, V, timeValue and Message to server + var X [amclcgo.EGS]byte + fmt.Printf("X: 0x") + amclcgo.MPIN_printBinary(X[:]) + rtn, XOut, Y1, V, U, UT := amclcgo.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + fmt.Printf("Y1: 0x") + amclcgo.MPIN_printBinary(Y1[:]) + fmt.Printf("XOut: 0x") + amclcgo.MPIN_printBinary(XOut[:]) + + // Send Z=r.ID to Server + var R [amclcgo.EGS]byte + fmt.Printf("R: 0x") + amclcgo.MPIN_printBinary(R[:]) + rtn, ROut, Z := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:]) + fmt.Printf("ROut: 0x") + amclcgo.MPIN_printBinary(ROut[:]) + + ////// Server ////// + rtn, HID, HTID, Y2, E, F := amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn) + } + fmt.Printf("Y2: 0x") + amclcgo.MPIN_printBinary(Y2[:]) + fmt.Printf("HID: 0x") + amclcgo.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amclcgo.MPIN_printBinary(HTID[:]) + + if rtn != 0 { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + err := amclcgo.MPIN_KANGAROO(E[:], F[:]) + if err != 0 { + fmt.Printf("PIN Error %d\n", err) + } + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } + + // send T=w.ID to client + var W [amclcgo.EGS]byte + fmt.Printf("W: 0x") + amclcgo.MPIN_printBinary(W[:]) + rtn, WOut, T := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:]) + fmt.Printf("WOut: 0x") + amclcgo.MPIN_printBinary(WOut[:]) + fmt.Printf("T: 0x") + amclcgo.MPIN_printBinary(T[:]) + + // Hash all values + HM := amclcgo.MPIN_HASH_ALL_WRAP(HCID[:], U[:], UT[:], Y2[:], V[:], Z[:], T[:]) + + rtn, AES_KEY_SERVER := amclcgo.MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], HM[:], HID[:], U[:], UT[:]) + fmt.Printf("Server Key = 0x") + amclcgo.MPIN_printBinary(AES_KEY_SERVER[:]) + + rtn, AES_KEY_CLIENT := amclcgo.MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], HM[:], T[:]) + fmt.Printf("Client Key = 0x") + amclcgo.MPIN_printBinary(AES_KEY_CLIENT[:]) + + ////// Server ////// + + // Initialization vector + IV := amclgo.GENERATE_RANDOM(rng, 12) + fmt.Printf("IV: 0x") + amclcgo.MPIN_printBinary(IV[:]) + + // header + HEADER := amclgo.GENERATE_RANDOM(rng, 16) + fmt.Printf("HEADER: 0x") + amclcgo.MPIN_printBinary(HEADER[:]) + + // Input plaintext + plaintextStr := "A test message" + PLAINTEXT1 := []byte(plaintextStr) + fmt.Printf("String to encrypt: %s \n", plaintextStr) + fmt.Printf("PLAINTEXT1: 0x") + amclcgo.MPIN_printBinary(PLAINTEXT1[:]) + + // AES-GCM Encryption + CIPHERTEXT, TAG1 := amclcgo.MPIN_AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:]) + fmt.Printf("CIPHERTEXT: 0x") + amclcgo.MPIN_printBinary(CIPHERTEXT[:]) + fmt.Printf("TAG1: 0x") + amclcgo.MPIN_printBinary(TAG1[:]) + + // Send IV, HEADER, CIPHERTEXT and TAG1 to client + + // AES-GCM Decryption + PLAINTEXT2, TAG2 := amclcgo.MPIN_AES_GCM_DECRYPT(AES_KEY_CLIENT[:], IV[:], HEADER[:], CIPHERTEXT[:]) + fmt.Printf("PLAINTEXT2: 0x") + amclcgo.MPIN_printBinary(PLAINTEXT2[:]) + fmt.Printf("TAG2: 0x") + amclcgo.MPIN_printBinary(TAG2[:]) + fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2)) +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-cgo/timempin.go ---------------------------------------------------------------------- diff --git a/go/examples-cgo/timempin.go b/go/examples-cgo/timempin.go new file mode 100644 index 0000000..d055bce --- /dev/null +++ b/go/examples-cgo/timempin.go @@ -0,0 +1,84 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "flag" + "log" + "os" + "runtime/pprof" + "time" + + amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo" +) + +// Number of iterations to time functions +const nIter int = 1000 + +var cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file") + +func main() { + flag.Parse() + if *cpuprofile != "" { + f, err := os.Create(*cpuprofile) + if err != nil { + log.Fatal(err) + } + pprof.StartCPUProfile(f) + defer pprof.StopCPUProfile() + } + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16673 + + // Epoch time in seconds + timeValue := 1440594584 + + SSHex := "07f8181687f42ce22ea0dee4ba9df3f2cea67ad2d79e59adc953142556d510831bbd59e9477ac479019887020579aed16af43dc7089ae8c14262e64b5d09740109917efd0618c557fbf7efaa68fb64e8d46b3766bb184dea9bef9638f23bbbeb03aedbc6e4eb9fbd658719aab26b849638690521723c0efb9c8622df2a8efa3c" + SS, _ := hex.DecodeString(SSHex) + UHex := "0403e76a28df08ea591912e0ff84ebf419e21aadf8ec5aed4b0f3cd0fc1cdea14a06f05a3be4f9f2d16530c6b4934da2e3439ea287796faac079d396f8cdb9f565" + U, _ := hex.DecodeString(UHex) + UTHex := "041012e53c991edc9514889de50fb7d893c406dc9bf4c89d46fec9ba408cc5f596226402e7c468c823a28b9003a3944c4600a1b797f10cf01060d3729729212932" + UT, _ := hex.DecodeString(UTHex) + SECHex := "04051b0d3e9dfdb2a378f0ac7056fb264a900d0867e39c334950527d8c460d76132346bf8ed8a419e2eab4ad52a8b7a51d8c09cbcfa4e80bc0487965ece72ab0ce" + SEC, _ := hex.DecodeString(SECHex) + var MESSAGE []byte + // MESSAGE := []byte("test sign message") + + t0 := time.Now() + var rtn int + for i := 0; i < nIter; i++ { + rtn, _, _, _, _, _ = amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:]) + } + t1 := time.Now() + log.Printf("Number Iterations: %d Time: %v\n", nIter, t1.Sub(t0)) + + if rtn != 0 { + log.Printf("Authentication failed Error Code %d\n", rtn) + return + } else { + log.Printf("Authenticated ID: %s \n", IDstr) + } +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/ecdh.go ---------------------------------------------------------------------- diff --git a/go/examples-go/ecdh.go b/go/examples-go/ecdh.go new file mode 100644 index 0000000..190ea14 --- /dev/null +++ b/go/examples-go/ecdh.go @@ -0,0 +1,180 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + + // j:=0 + pp := "M0ng00se" + res := 0 + + var S1 [amcl.ECDH_EGS]byte + var W0 [2*amcl.ECDH_EFS + 1]byte + var W1 [2*amcl.ECDH_EFS + 1]byte + var Z0 [amcl.ECDH_EFS]byte + var Z1 [amcl.ECDH_EFS]byte + var RAW [100]byte + var SALT [8]byte + var P1 [3]byte + var P2 [4]byte + var V [2*amcl.ECDH_EFS + 1]byte + var M [17]byte + var T [12]byte + var CS [amcl.ECDH_EGS]byte + var DS [amcl.ECDH_EGS]byte + + rng := amcl.NewRAND() + + rng.Clean() + for i := 0; i < 100; i++ { + RAW[i] = byte(i) + } + + rng.Seed(100, RAW[:]) + + //for j:=0;j<100;j++ { + + for i := 0; i < 8; i++ { + SALT[i] = byte(i + 1) + } // set Salt + + fmt.Printf("Alice's Passphrase= " + pp) + fmt.Printf("\n") + PW := []byte(pp) + + /* private key S0 of size EGS bytes derived from Password and Salt */ + + S0 := amcl.PBKDF2(PW, SALT[:], 1000, amcl.ECDH_EGS) + + fmt.Printf("Alice's private key= 0x") + amcl.ECDH_printBinary(S0) + + /* Generate Key pair S/W */ + amcl.ECDH_KEY_PAIR_GENERATE(nil, S0, W0[:]) + + fmt.Printf("Alice's public key= 0x") + amcl.ECDH_printBinary(W0[:]) + + res = amcl.ECDH_PUBLIC_KEY_VALIDATE(true, W0[:]) + if res != 0 { + fmt.Printf("ECP Public Key is invalid!\n") + return + } + + /* Random private key for other party */ + amcl.ECDH_KEY_PAIR_GENERATE(rng, S1[:], W1[:]) + + fmt.Printf("Servers private key= 0x") + amcl.ECDH_printBinary(S1[:]) + + fmt.Printf("Servers public key= 0x") + amcl.ECDH_printBinary(W1[:]) + + res = amcl.ECDH_PUBLIC_KEY_VALIDATE(true, W1[:]) + if res != 0 { + fmt.Printf("ECP Public Key is invalid!\n") + return + } + /* Calculate common key using DH - IEEE 1363 method */ + + amcl.ECPSVDP_DH(S0, W1[:], Z0[:]) + amcl.ECPSVDP_DH(S1[:], W0[:], Z1[:]) + + same := true + for i := 0; i < amcl.ECDH_EFS; i++ { + if Z0[i] != Z1[i] { + same = false + } + } + + if !same { + fmt.Printf("*** ECPSVDP-DH Failed\n") + return + } + + KEY := amcl.KDF1(Z0[:], amcl.ECDH_EAS) + + fmt.Printf("Alice's DH Key= 0x") + amcl.ECDH_printBinary(KEY) + fmt.Printf("Servers DH Key= 0x") + amcl.ECDH_printBinary(KEY) + + if amcl.CURVETYPE != amcl.MONTGOMERY { + fmt.Printf("Testing ECIES\n") + + P1[0] = 0x0 + P1[1] = 0x1 + P1[2] = 0x2 + P2[0] = 0x0 + P2[1] = 0x1 + P2[2] = 0x2 + P2[3] = 0x3 + + for i := 0; i <= 16; i++ { + M[i] = byte(i) + } + + C := amcl.ECIES_ENCRYPT(P1[:], P2[:], rng, W1[:], M[:], V[:], T[:]) + + fmt.Printf("Ciphertext= \n") + fmt.Printf("V= 0x") + amcl.ECDH_printBinary(V[:]) + fmt.Printf("C= 0x") + amcl.ECDH_printBinary(C) + fmt.Printf("T= 0x") + amcl.ECDH_printBinary(T[:]) + + RM := amcl.ECIES_DECRYPT(P1[:], P2[:], V[:], C, T[:], S1[:]) + if RM == nil { + fmt.Printf("*** ECIES Decryption Failed\n") + return + } else { + fmt.Printf("Decryption succeeded\n") + } + + fmt.Printf("Message is 0x") + amcl.ECDH_printBinary(RM) + + fmt.Printf("Testing ECDSA\n") + + if amcl.ECPSP_DSA(rng, S0, M[:], CS[:], DS[:]) != 0 { + fmt.Printf("***ECDSA Signature Failed\n") + return + } + fmt.Printf("Signature= \n") + fmt.Printf("C= 0x") + amcl.ECDH_printBinary(CS[:]) + fmt.Printf("D= 0x") + amcl.ECDH_printBinary(DS[:]) + + if amcl.ECPVP_DSA(W0[:], M[:], CS[:], DS[:]) != 0 { + fmt.Printf("***ECDSA Verification Failed\n") + return + } else { + fmt.Printf("ECDSA Signature/Verification succeeded \n") + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/generateRandom.go ---------------------------------------------------------------------- diff --git a/go/examples-go/generateRandom.go b/go/examples-go/generateRandom.go new file mode 100644 index 0000000..83faf1b --- /dev/null +++ b/go/examples-go/generateRandom.go @@ -0,0 +1,48 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* Password Based Key Derivation Function Example */ + +package main + +import ( + "encoding/hex" + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amcl.NewRAND() + rng.Seed(len(seed), seed) + + // Generate random byte values + for i := 0; i < 10; i++ { + val := amcl.GENERATE_RANDOM(rng, 12) + fmt.Printf("Random byte array %s\n", hex.EncodeToString(val)) + } + +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/mpin.go ---------------------------------------------------------------------- diff --git a/go/examples-go/mpin.go b/go/examples-go/mpin.go new file mode 100644 index 0000000..4ee3ae7 --- /dev/null +++ b/go/examples-go/mpin.go @@ -0,0 +1,248 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +/* Configure mode of operation */ + +const PERMITS bool = true +const PINERROR bool = true +const FULL bool = true +const SINGLE_PASS bool = true + +func main() { + rng := amcl.NewRAND() + var raw [100]byte + for i := 0; i < 100; i++ { + raw[i] = byte(i + 1) + } + rng.Seed(100, raw[:]) + + const EGS = amcl.MPIN_EGS + const EFS = amcl.MPIN_EFS + const G1S = 2*EFS + 1 /* Group 1 Size */ + const G2S = 4 * EFS /* Group 2 Size */ + const EAS int = 16 + + var S [EGS]byte + var SST [G2S]byte + var TOKEN [G1S]byte + var PERMIT [G1S]byte + var SEC [G1S]byte + var xID [G1S]byte + var xCID [G1S]byte + var X [EGS]byte + var Y [EGS]byte + var E [12 * EFS]byte + var F [12 * EFS]byte + var HID [G1S]byte + var HTID [G1S]byte + + var G1 [12 * EFS]byte + var G2 [12 * EFS]byte + var R [EGS]byte + var Z [G1S]byte + var W [EGS]byte + var T [G1S]byte + var CK [EAS]byte + var SK [EAS]byte + var MESSAGE [256]byte + + /* Trusted Authority set-up */ + + amcl.MPIN_RANDOM_GENERATE(rng, S[:]) + fmt.Printf("Master Secret s: 0x") + amcl.MPIN_printBinary(S[:]) + + /* Create Client Identity */ + IDstr := "[email protected]" + CLIENT_ID := []byte(IDstr) + + HCID := amcl.MPIN_HASH_ID(CLIENT_ID) /* Either Client or TA calculates Hash(ID) - you decide! */ + + fmt.Printf("Client ID= ") + amcl.MPIN_printBinary(CLIENT_ID) + fmt.Printf("\n") + + /* Client and Server are issued secrets by DTA */ + amcl.MPIN_GET_SERVER_SECRET(S[:], SST[:]) + fmt.Printf("Server Secret SS: 0x") + amcl.MPIN_printBinary(SST[:]) + + amcl.MPIN_GET_CLIENT_SECRET(S[:], HCID, TOKEN[:]) + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(TOKEN[:]) + + /* Client extracts PIN from secret to create Token */ + pin := 1234 + fmt.Printf("Client extracts PIN= %d", pin) + fmt.Printf("\n") + rtn := amcl.MPIN_EXTRACT_PIN(CLIENT_ID, pin, TOKEN[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d", rtn) + fmt.Printf("\n") + } + + fmt.Printf("Client Token TK: 0x") + amcl.MPIN_printBinary(TOKEN[:]) + + if FULL { + amcl.MPIN_PRECOMPUTE(TOKEN[:], HCID, G1[:], G2[:]) + } + + date := 0 + if PERMITS { + date = amcl.MPIN_today() + /* Client gets "Time Token" permit from DTA */ + amcl.MPIN_GET_CLIENT_PERMIT(date, S[:], HCID, PERMIT[:]) + fmt.Printf("Time Permit TP: 0x") + amcl.MPIN_printBinary(PERMIT[:]) + + /* This encoding makes Time permit look random - Elligator squared */ + amcl.MPIN_ENCODING(rng, PERMIT[:]) + fmt.Printf("Encoded Time Permit TP: 0x") + amcl.MPIN_printBinary(PERMIT[:]) + amcl.MPIN_DECODING(PERMIT[:]) + fmt.Printf("Decoded Time Permit TP: 0x") + amcl.MPIN_printBinary(PERMIT[:]) + } + + pin = -1 + for pin < 0 { + fmt.Printf("\nPIN= ") + fmt.Scanf("%d", &pin) + } + + pxID := xID[:] + pxCID := xCID[:] + pHID := HID[:] + pHTID := HTID[:] + pE := E[:] + pF := F[:] + pPERMIT := PERMIT[:] + var prHID []byte + + if date != 0 { + prHID = pHTID + if !PINERROR { + pxID = nil + pHID = nil + } + } else { + prHID = pHID + pPERMIT = nil + pxCID = nil + pHTID = nil + } + if !PINERROR { + pE = nil + pF = nil + } + + if SINGLE_PASS { + fmt.Printf("MPIN Single Pass\n") + timeValue := amcl.MPIN_GET_TIME() + rtn = amcl.MPIN_CLIENT(date, CLIENT_ID, rng, X[:], pin, TOKEN[:], SEC[:], pxID, pxCID, pPERMIT, MESSAGE[:], timeValue, Y[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + } + + if FULL { + HCID = amcl.MPIN_HASH_ID(CLIENT_ID) + amcl.MPIN_GET_G1_MULTIPLE(rng, 1, R[:], HCID, Z[:]) /* Also Send Z=r.ID to Server, remember random r */ + } + + rtn = amcl.MPIN_SERVER(date, pHID, pHTID, Y[:], SST[:], pxID, pxCID, SEC[:], pE, pF, CLIENT_ID, MESSAGE[:], timeValue) + if rtn != 0 { + fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn) + } + + if FULL { + amcl.MPIN_GET_G1_MULTIPLE(rng, 0, W[:], prHID, T[:]) /* Also send T=w.ID to client, remember random w */ + } + } else { + fmt.Printf("MPIN Multi Pass\n") + /* Send U=x.ID to server, and recreate secret from token and pin */ + rtn = amcl.MPIN_CLIENT_1(date, CLIENT_ID, rng, X[:], pin, TOKEN[:], SEC[:], pxID, pxCID, pPERMIT) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT_1 rtn: %d\n", rtn) + } + + if FULL { + HCID = amcl.MPIN_HASH_ID(CLIENT_ID) + amcl.MPIN_GET_G1_MULTIPLE(rng, 1, R[:], HCID, Z[:]) /* Also Send Z=r.ID to Server, remember random r */ + } + + /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ + amcl.MPIN_SERVER_1(date, CLIENT_ID, pHID, pHTID) + + /* Server generates Random number Y and sends it to Client */ + amcl.MPIN_RANDOM_GENERATE(rng, Y[:]) + + if FULL { + amcl.MPIN_GET_G1_MULTIPLE(rng, 0, W[:], prHID, T[:]) /* Also send T=w.ID to client, remember random w */ + } + + /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + rtn = amcl.MPIN_CLIENT_2(X[:], Y[:], SEC[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn) + } + + /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ + /* If PIN error not required, set E and F = null */ + + rtn = amcl.MPIN_SERVER_2(date, pHID, pHTID, Y[:], SST[:], pxID, pxCID, SEC[:], pE, pF) + } + + if rtn != 0 { + fmt.Printf("FAILURE: SERVER_1 rtn: %d\n", rtn) + } + + if rtn == amcl.MPIN_BAD_PIN { + fmt.Printf("Server says - Bad Pin. I don't know you. Feck off.\n") + if PINERROR { + err := amcl.MPIN_KANGAROO(E[:], F[:]) + if err != 0 { + fmt.Printf("(Client PIN is out by %d)\n", err) + } + } + return + } else { + fmt.Printf("Server says - PIN is good! You really are " + IDstr) + fmt.Printf("\n") + } + + if FULL { + amcl.MPIN_CLIENT_KEY(G1[:], G2[:], pin, R[:], X[:], T[:], CK[:]) + fmt.Printf("Client Key = 0x") + amcl.MPIN_printBinary(CK[:]) + + amcl.MPIN_SERVER_KEY(Z[:], SST[:], W[:], pxID, pxCID, SK[:]) + fmt.Printf("Server Key = 0x") + amcl.MPIN_printBinary(SK[:]) + } + +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/mpinTwoPass.go ---------------------------------------------------------------------- diff --git a/go/examples-go/mpinTwoPass.go b/go/examples-go/mpinTwoPass.go new file mode 100644 index 0000000..b745f10 --- /dev/null +++ b/go/examples-go/mpinTwoPass.go @@ -0,0 +1,207 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amcl.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amcl.MPIN_today() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amcl.NewRAND() + rng.Seed(len(seed), seed) + + const EGS = amcl.MPIN_EGS + const EFS = amcl.MPIN_EFS + const G1S = 2*EFS + 1 /* Group 1 Size */ + const G2S = 4 * EFS /* Group 2 Size */ + const EAS = amcl.MPIN_PAS + + var MS1 [EGS]byte + var SS1 [G2S]byte + var CS1 [G1S]byte + var TP1 [G1S]byte + var MS2 [EGS]byte + var SS2 [G2S]byte + var CS2 [G1S]byte + var TP2 [G1S]byte + var SS [G2S]byte + var TP [G1S]byte + var TOKEN [G1S]byte + var SEC [G1S]byte + var U [G1S]byte + var UT [G1S]byte + var X [EGS]byte + var Y [EGS]byte + var E [12 * EFS]byte + var F [12 * EFS]byte + var HID [G1S]byte + var HTID [G1S]byte + + // Generate Master Secret Share 1 + amcl.MPIN_RANDOM_GENERATE(rng, MS1[:]) + fmt.Printf("MS1: 0x") + amcl.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + amcl.MPIN_RANDOM_GENERATE(rng, MS2[:]) + fmt.Printf("MS2: 0x") + amcl.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amcl.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + amcl.MPIN_GET_SERVER_SECRET(MS1[:], SS1[:]) + fmt.Printf("SS1: 0x") + amcl.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + amcl.MPIN_GET_SERVER_SECRET(MS2[:], SS2[:]) + fmt.Printf("SS2: 0x") + amcl.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn := amcl.MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2, SS) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amcl.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + amcl.MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:]) + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + amcl.MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:]) + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS2[:]) + + // Combine client secret shares : TOKEN is the full client secret + rtn = amcl.MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(CS1, CS2, TOKEN) Error:", rtn) + return + } + + // Generate time permit share 1 + amcl.MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:]) + fmt.Printf("TP1: 0x") + amcl.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + amcl.MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:]) + fmt.Printf("TP2: 0x") + amcl.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn = amcl.MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2, TP) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + rtn = amcl.MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amcl.MPIN_printBinary(TOKEN[:]) + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + /* Clients first pass. Calculate U and UT */ + rtn = amcl.MPIN_CLIENT_1(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + + /* Server first pass. Calculate H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ + amcl.MPIN_SERVER_1(date, ID, HID[:], HTID[:]) + + /* Server generates Random number Y and sends it to Client */ + amcl.MPIN_RANDOM_GENERATE(rng, Y[:]) + + /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + rtn = amcl.MPIN_CLIENT_2(X[:], Y[:], SEC[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn) + } + + /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ + /* If PIN error not required, set E and F = null */ + rtn = amcl.MPIN_SERVER_2(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:]) + if rtn != 0 { + fmt.Printf("FAILURE: MPIN_SERVER_2 rtn: %d\n", rtn) + } + fmt.Printf("HID: 0x") + amcl.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amcl.MPIN_printBinary(HTID[:]) + + if rtn == amcl.MPIN_BAD_PIN { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + err := amcl.MPIN_KANGAROO(E[:], F[:]) + if err != 0 { + fmt.Printf("PIN Error %d\n", err) + } + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/mpinTwoPassWrap.go ---------------------------------------------------------------------- diff --git a/go/examples-go/mpinTwoPassWrap.go b/go/examples-go/mpinTwoPassWrap.go new file mode 100644 index 0000000..f3174d1 --- /dev/null +++ b/go/examples-go/mpinTwoPassWrap.go @@ -0,0 +1,228 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amcl.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amcl.MPIN_today() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amcl.NewRAND() + rng.Seed(len(seed), seed) + + const EGS = amcl.MPIN_EGS + const EFS = amcl.MPIN_EFS + const G1S = 2*EFS + 1 /* Group 1 Size */ + const G2S = 4 * EFS /* Group 2 Size */ + const EAS = amcl.MPIN_PAS + + var X [EGS]byte + + // Generate Master Secret Share 1 + rtn, MS1 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS1: 0x") + amcl.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + rtn, MS2 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS2: 0x") + amcl.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amcl.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + rtn, SS1 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS1: 0x") + amcl.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + rtn, SS2 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS2: 0x") + amcl.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn, SS := amcl.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amcl.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + rtn, CS1 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + rtn, CS2 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS2[:]) + + // Combine client secret shares + rtn, CS := amcl.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS[:]) + + // Generate time permit share 1 + rtn, TP1 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP1: 0x") + amcl.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + rtn, TP2 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP2: 0x") + amcl.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn, TP := amcl.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + rtn, TOKEN := amcl.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amcl.MPIN_printBinary(TOKEN[:]) + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + /* Clients first pass. Calculate U and UT */ + fmt.Printf("X: 0x") + amcl.MPIN_printBinary(X[:]) + rtn, Xout, SEC, U, UT := amcl.MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + fmt.Printf("Xout: 0x") + amcl.MPIN_printBinary(Xout[:]) + + /* Server first pass. Calculate H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ + HID, HTID := amcl.MPIN_SERVER_1_WRAP(date, ID) + + /* Server generates Random number Y and sends it to Client */ + rtn, Y := amcl.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("Y: 0x") + amcl.MPIN_printBinary(Y[:]) + + /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + rtn, V := amcl.MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn) + } + + /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ + /* If PIN error not required, set E and F = null */ + rtn, _, _ = amcl.MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) + if rtn != 0 { + fmt.Printf("FAILURE: MPIN_SERVER_2 rtn: %d\n", rtn) + } + fmt.Printf("HID: 0x") + amcl.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amcl.MPIN_printBinary(HTID[:]) + + if rtn == amcl.MPIN_BAD_PIN { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/mpinfull.go ---------------------------------------------------------------------- diff --git a/go/examples-go/mpinfull.go b/go/examples-go/mpinfull.go new file mode 100644 index 0000000..53135c4 --- /dev/null +++ b/go/examples-go/mpinfull.go @@ -0,0 +1,269 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amcl.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amcl.MPIN_today() + + // Epoch time in seconds + timeValue := amcl.MPIN_GET_TIME() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amcl.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + // MESSAGE := []byte("test sign message") + + const EGS = amcl.MPIN_EGS + const EFS = amcl.MPIN_EFS + const G1S = 2*EFS + 1 /* Group 1 Size */ + const G2S = 4 * EFS /* Group 2 Size */ + const EAS = amcl.MPIN_PAS + + var MS1 [EGS]byte + var SS1 [G2S]byte + var CS1 [G1S]byte + var TP1 [G1S]byte + var MS2 [EGS]byte + var SS2 [G2S]byte + var CS2 [G1S]byte + var TP2 [G1S]byte + var SS [G2S]byte + var TP [G1S]byte + var TOKEN [G1S]byte + var SEC [G1S]byte + var U [G1S]byte + var UT [G1S]byte + var X [EGS]byte + var Y [EGS]byte + var E [12 * EFS]byte + var F [12 * EFS]byte + var HID [G1S]byte + var HTID [G1S]byte + + var G1 [12 * EFS]byte + var G2 [12 * EFS]byte + var R [EGS]byte + var Z [G1S]byte + var W [EGS]byte + var T [G1S]byte + var AES_KEY_CLIENT [EAS]byte + var AES_KEY_SERVER [EAS]byte + + // Generate Master Secret Share 1 + amcl.MPIN_RANDOM_GENERATE(rng, MS1[:]) + fmt.Printf("MS1: 0x") + amcl.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + amcl.MPIN_RANDOM_GENERATE(rng, MS2[:]) + fmt.Printf("MS2: 0x") + amcl.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amcl.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + amcl.MPIN_GET_SERVER_SECRET(MS1[:], SS1[:]) + fmt.Printf("SS1: 0x") + amcl.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + amcl.MPIN_GET_SERVER_SECRET(MS2[:], SS2[:]) + fmt.Printf("SS2: 0x") + amcl.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn := amcl.MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2, SS) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amcl.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + amcl.MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:]) + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + amcl.MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:]) + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS2[:]) + + // Combine client secret shares : TOKEN is the full client secret + rtn = amcl.MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(CS1, CS2, TOKEN) Error:", rtn) + return + } + + // Generate time permit share 1 + amcl.MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:]) + fmt.Printf("TP1: 0x") + amcl.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + amcl.MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:]) + fmt.Printf("TP2: 0x") + amcl.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn = amcl.MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2, TP) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + rtn = amcl.MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amcl.MPIN_printBinary(TOKEN[:]) + + ////// Client ////// + + // precomputation + amcl.MPIN_PRECOMPUTE(TOKEN[:], HCID, G1[:], G2[:]) + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + // Send U, UT, V, timeValue and Message to server + rtn = amcl.MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + + // Send Z=r.ID to Server + amcl.MPIN_GET_G1_MULTIPLE(rng, 1, R[:], HCID, Z[:]) + + ////// Server ////// + rtn = amcl.MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue) + if rtn != 0 { + fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn) + } + fmt.Printf("HID: 0x") + amcl.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amcl.MPIN_printBinary(HTID[:]) + + if rtn == amcl.MPIN_BAD_PIN { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + err := amcl.MPIN_KANGAROO(E[:], F[:]) + if err != 0 { + fmt.Printf("PIN Error %d\n", err) + } + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } + + // send T=w.ID to client + amcl.MPIN_GET_G1_MULTIPLE(rng, 0, W[:], HTID[:], T[:]) + fmt.Printf("W: 0x") + amcl.MPIN_printBinary(W[:]) + fmt.Printf("T: 0x") + amcl.MPIN_printBinary(T[:]) + + amcl.MPIN_SERVER_KEY(Z[:], SS[:], W[:], U[:], UT[:], AES_KEY_SERVER[:]) + fmt.Printf("Server Key = 0x") + amcl.MPIN_printBinary(AES_KEY_SERVER[:]) + + amcl.MPIN_CLIENT_KEY(G1[:], G2[:], PIN2, R[:], X[:], T[:], AES_KEY_CLIENT[:]) + fmt.Printf("Client Key = 0x") + amcl.MPIN_printBinary(AES_KEY_CLIENT[:]) + + ////// Server ////// + + // Initialization vector + IV := amcl.GENERATE_RANDOM(rng, 12) + fmt.Printf("IV: 0x") + amcl.MPIN_printBinary(IV[:]) + + // header + HEADER := amcl.GENERATE_RANDOM(rng, 16) + fmt.Printf("HEADER: 0x") + amcl.MPIN_printBinary(HEADER[:]) + + // Input plaintext + plaintextStr := "A test message" + PLAINTEXT1 := []byte(plaintextStr) + fmt.Printf("String to encrypt: %s \n", plaintextStr) + fmt.Printf("PLAINTEXT1: 0x") + amcl.MPIN_printBinary(PLAINTEXT1[:]) + + // AES-GCM Encryption + CIPHERTEXT, TAG1 := amcl.AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:]) + fmt.Printf("CIPHERTEXT: 0x") + amcl.MPIN_printBinary(CIPHERTEXT[:]) + fmt.Printf("TAG1: 0x") + amcl.MPIN_printBinary(TAG1[:]) + + // Send IV, HEADER, CIPHERTEXT and TAG1 to client + + // AES-GCM Decryption + PLAINTEXT2, TAG1 := amcl.AES_GCM_DECRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], CIPHERTEXT[:]) + fmt.Printf("PLAINTEXT2: 0x") + amcl.MPIN_printBinary(PLAINTEXT2[:]) + fmt.Printf("TAG1: 0x") + amcl.MPIN_printBinary(TAG1[:]) + fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2)) +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/mpinfullWrap.go ---------------------------------------------------------------------- diff --git a/go/examples-go/mpinfullWrap.go b/go/examples-go/mpinfullWrap.go new file mode 100644 index 0000000..12a7240 --- /dev/null +++ b/go/examples-go/mpinfullWrap.go @@ -0,0 +1,293 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + fmt.Printf("ID: ") + amcl.MPIN_printBinary(ID) + fmt.Printf("\n") + + // Epoch time in days + date := amcl.MPIN_today() + + // Epoch time in seconds + timeValue := amcl.MPIN_GET_TIME() + + // PIN variable to create token + PIN1 := -1 + // PIN variable to authenticate + PIN2 := -1 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amcl.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + // MESSAGE := []byte("test sign message") + + // Generate Master Secret Share 1 + rtn, MS1 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS1: 0x") + amcl.MPIN_printBinary(MS1[:]) + + // Generate Master Secret Share 2 + rtn, MS2 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng) + if rtn != 0 { + fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn) + return + } + fmt.Printf("MS2: 0x") + amcl.MPIN_printBinary(MS2[:]) + + // Either Client or TA calculates Hash(ID) + HCID := amcl.MPIN_HASH_ID(ID) + + // Generate server secret share 1 + rtn, SS1 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS1: 0x") + amcl.MPIN_printBinary(SS1[:]) + + // Generate server secret share 2 + rtn, SS2 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + if rtn != 0 { + fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn) + return + } + fmt.Printf("SS2: 0x") + amcl.MPIN_printBinary(SS2[:]) + + // Combine server secret shares + rtn, SS := amcl.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn) + return + } + fmt.Printf("SS: 0x") + amcl.MPIN_printBinary(SS[:]) + + // Generate client secret share 1 + rtn, CS1 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS1: 0x") + amcl.MPIN_printBinary(CS1[:]) + + // Generate client secret share 2 + rtn, CS2 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn) + return + } + fmt.Printf("Client Secret Share CS2: 0x") + amcl.MPIN_printBinary(CS2[:]) + + // Combine client secret shares + CS := make([]byte, amcl.G1S) + rtn, CS = amcl.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn) + return + } + fmt.Printf("Client Secret CS: 0x") + amcl.MPIN_printBinary(CS[:]) + + // Generate time permit share 1 + rtn, TP1 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP1: 0x") + amcl.MPIN_printBinary(TP1[:]) + + // Generate time permit share 2 + rtn, TP2 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn) + return + } + fmt.Printf("TP2: 0x") + amcl.MPIN_printBinary(TP2[:]) + + // Combine time permit shares + rtn, TP := amcl.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + if rtn != 0 { + fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn) + return + } + + // Client extracts PIN1 from secret to create Token + for PIN1 < 0 { + fmt.Printf("Please enter PIN to create token: ") + fmt.Scan(&PIN1) + } + + fmt.Printf("ID: 0x") + amcl.MPIN_printBinary(ID[:]) + fmt.Printf("CS: 0x") + amcl.MPIN_printBinary(CS[:]) + rtn, TOKEN := amcl.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + if rtn != 0 { + fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn) + return + } + fmt.Printf("Client Token TK: 0x") + amcl.MPIN_printBinary(TOKEN[:]) + + ////// Client ////// + + // Precomputation + rtn, G1, G2 := amcl.MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID) + if rtn != 0 { + fmt.Println("MPIN_PRECOMPUTE(TOKEN[:], HCID) Error:", rtn) + return + } + + for PIN2 < 0 { + fmt.Printf("Please enter PIN to authenticate: ") + fmt.Scan(&PIN2) + } + + // Send U, UT, V, timeValue and Message to server + var X [amcl.EGS]byte + fmt.Printf("X: 0x") + amcl.MPIN_printBinary(X[:]) + rtn, XOut, Y1, SEC, U, UT := amcl.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn) + return + } + fmt.Printf("Y1: 0x") + amcl.MPIN_printBinary(Y1[:]) + fmt.Printf("XOut: 0x") + amcl.MPIN_printBinary(XOut[:]) + + // Send Z=r.ID to Server + var R [amcl.EGS]byte + fmt.Printf("R: 0x") + amcl.MPIN_printBinary(R[:]) + rtn, ROut, Z := amcl.MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:]) + fmt.Printf("ROut: 0x") + amcl.MPIN_printBinary(ROut[:]) + + ////// Server ////// + rtn, HID, HTID, Y2, E, F := amcl.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:]) + if rtn != 0 { + fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn) + } + fmt.Printf("Y2: 0x") + amcl.MPIN_printBinary(Y2[:]) + fmt.Printf("HID: 0x") + amcl.MPIN_printBinary(HID[:]) + fmt.Printf("HTID: 0x") + amcl.MPIN_printBinary(HTID[:]) + + if rtn != 0 { + fmt.Printf("Authentication failed Error Code %d\n", rtn) + err := amcl.MPIN_KANGAROO(E[:], F[:]) + if err != 0 { + fmt.Printf("PIN Error %d\n", err) + } + return + } else { + fmt.Printf("Authenticated ID: %s \n", IDstr) + } + + // send T=w.ID to client + var W [amcl.EGS]byte + fmt.Printf("W: 0x") + amcl.MPIN_printBinary(W[:]) + rtn, WOut, T := amcl.MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:]) + fmt.Printf("WOut: 0x") + amcl.MPIN_printBinary(WOut[:]) + fmt.Printf("T: 0x") + amcl.MPIN_printBinary(T[:]) + + rtn, AES_KEY_SERVER := amcl.MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], U[:], UT[:]) + fmt.Printf("Server Key = 0x") + amcl.MPIN_printBinary(AES_KEY_SERVER[:]) + + rtn, AES_KEY_CLIENT := amcl.MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], T[:]) + fmt.Printf("Client Key = 0x") + amcl.MPIN_printBinary(AES_KEY_CLIENT[:]) + + ////// Server ////// + + // Initialization vector + IV := amcl.GENERATE_RANDOM(rng, 12) + fmt.Printf("IV: 0x") + amcl.MPIN_printBinary(IV[:]) + + // header + HEADER := amcl.GENERATE_RANDOM(rng, 16) + fmt.Printf("HEADER: 0x") + amcl.MPIN_printBinary(HEADER[:]) + + // Input plaintext + plaintextStr := "A test message" + PLAINTEXT1 := []byte(plaintextStr) + fmt.Printf("String to encrypt: %s \n", plaintextStr) + fmt.Printf("PLAINTEXT1: 0x") + amcl.MPIN_printBinary(PLAINTEXT1[:]) + + // AES-GCM Encryption + CIPHERTEXT, TAG1 := amcl.AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:]) + fmt.Printf("CIPHERTEXT: 0x") + amcl.MPIN_printBinary(CIPHERTEXT[:]) + fmt.Printf("TAG1: 0x") + amcl.MPIN_printBinary(TAG1[:]) + + // Send IV, HEADER, CIPHERTEXT and TAG1 to client + + // AES-GCM Decryption + PLAINTEXT2, TAG2 := amcl.AES_GCM_DECRYPT(AES_KEY_CLIENT[:], IV[:], HEADER[:], CIPHERTEXT[:]) + fmt.Printf("PLAINTEXT2: 0x") + amcl.MPIN_printBinary(PLAINTEXT2[:]) + fmt.Printf("TAG2: 0x") + amcl.MPIN_printBinary(TAG2[:]) + fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2)) +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/otp.go ---------------------------------------------------------------------- diff --git a/go/examples-go/otp.go b/go/examples-go/otp.go new file mode 100644 index 0000000..dbeef16 --- /dev/null +++ b/go/examples-go/otp.go @@ -0,0 +1,48 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* Password Based Key Derivation Function Example */ + +package main + +import ( + "encoding/hex" + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amcl.NewRAND() + rng.Seed(len(seed), seed) + + // Generate the one time passwords + for i := 0; i < 10; i++ { + otp := amcl.GENERATE_OTP(rng) + fmt.Printf("One Time Passord %d\n", otp) + } + +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/pbkdf2.go ---------------------------------------------------------------------- diff --git a/go/examples-go/pbkdf2.go b/go/examples-go/pbkdf2.go new file mode 100644 index 0000000..dbd209c --- /dev/null +++ b/go/examples-go/pbkdf2.go @@ -0,0 +1,88 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amcl.NewRAND() + rng.Seed(len(seed), seed) + + // Password / Pass-phrase + passwordStr := "#!qwerty" + password := []byte(passwordStr) + fmt.Printf("password: %s \n", password) + fmt.Printf("PASSWORD: 0x") + amcl.MPIN_printBinary(password[:]) + + // Salt + salt := amcl.GENERATE_RANDOM(rng, 16) + fmt.Printf("salt: 0x") + amcl.MPIN_printBinary(salt[:]) + + // Number of repetitions + rep := 1000 + + KEY := amcl.PBKDF2(password[:], salt[:], rep, amcl.MPIN_PAS) + + // Initialization vector + IV := amcl.GENERATE_RANDOM(rng, 12) + fmt.Printf("IV: 0x") + amcl.MPIN_printBinary(IV[:]) + + // header + HEADER := amcl.GENERATE_RANDOM(rng, 16) + fmt.Printf("HEADER: 0x") + amcl.MPIN_printBinary(HEADER[:]) + + // Input plaintext + plaintextStr := "A test message" + PLAINTEXT1 := []byte(plaintextStr) + fmt.Printf("String to encrypt: %s \n", plaintextStr) + fmt.Printf("PLAINTEXT1: 0x") + amcl.MPIN_printBinary(PLAINTEXT1[:]) + + // AES-GCM Encryption + CIPHERTEXT, TAG1 := amcl.AES_GCM_ENCRYPT(KEY[:], IV[:], HEADER[:], PLAINTEXT1[:]) + fmt.Printf("CIPHERTEXT: 0x") + amcl.MPIN_printBinary(CIPHERTEXT[:]) + fmt.Printf("TAG1: 0x") + amcl.MPIN_printBinary(TAG1[:]) + + // AES-GCM Decryption + PLAINTEXT2, TAG1 := amcl.AES_GCM_DECRYPT(KEY[:], IV[:], HEADER[:], CIPHERTEXT[:]) + fmt.Printf("PLAINTEXT2: 0x") + amcl.MPIN_printBinary(PLAINTEXT2[:]) + fmt.Printf("TAG1: 0x") + amcl.MPIN_printBinary(TAG1[:]) + fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2)) +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/rsa.go ---------------------------------------------------------------------- diff --git a/go/examples-go/rsa.go b/go/examples-go/rsa.go new file mode 100644 index 0000000..201beeb --- /dev/null +++ b/go/examples-go/rsa.go @@ -0,0 +1,71 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* RSA API high-level functions */ + +package main + +import ( + "fmt" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +func main() { + + message := "Hello World\n" + + pub := amcl.New_rsa_public_key(amcl.FFLEN) + priv := amcl.New_rsa_private_key(amcl.HFLEN) + + var ML [amcl.RSA_RFS]byte + var C [amcl.RSA_RFS]byte + var RAW [100]byte + + rng := amcl.NewRAND() + + rng.Clean() + for i := 0; i < 100; i++ { + RAW[i] = byte(i) + } + + rng.Seed(100, RAW[:]) + //for (i=0;i<10;i++) + //{ + fmt.Printf("Generating public/private key pair\n") + amcl.RSA_KEY_PAIR(rng, 65537, priv, pub) + + M := []byte(message) + + fmt.Printf("Encrypting test string\n") + E := amcl.RSA_OAEP_ENCODE(M, rng, nil) /* OAEP encode message M to E */ + + amcl.RSA_ENCRYPT(pub, E, C[:]) /* encrypt encoded message */ + fmt.Printf("Ciphertext= 0x") + amcl.RSA_printBinary(C[:]) + + fmt.Printf("Decrypting test string\n") + amcl.RSA_DECRYPT(priv, C[:], ML[:]) + MS := amcl.RSA_OAEP_DECODE(nil, ML[:]) /* OAEP decode message */ + + message = string(MS) + fmt.Printf(message) + //} + amcl.RSA_PRIVATE_KEY_KILL(priv) +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/examples-go/timempin.go ---------------------------------------------------------------------- diff --git a/go/examples-go/timempin.go b/go/examples-go/timempin.go new file mode 100644 index 0000000..9906b69 --- /dev/null +++ b/go/examples-go/timempin.go @@ -0,0 +1,96 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package main + +import ( + "encoding/hex" + "flag" + "log" + "os" + "runtime/pprof" + "time" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +// Number of iterations to time functions +const nIter int = 10 + +var cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file") + +func main() { + flag.Parse() + if *cpuprofile != "" { + f, err := os.Create(*cpuprofile) + if err != nil { + log.Fatal(err) + } + pprof.StartCPUProfile(f) + defer pprof.StopCPUProfile() + } + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16673 + + // Epoch time in seconds + timeValue := 1440594584 + + SSHex := "07f8181687f42ce22ea0dee4ba9df3f2cea67ad2d79e59adc953142556d510831bbd59e9477ac479019887020579aed16af43dc7089ae8c14262e64b5d09740109917efd0618c557fbf7efaa68fb64e8d46b3766bb184dea9bef9638f23bbbeb03aedbc6e4eb9fbd658719aab26b849638690521723c0efb9c8622df2a8efa3c" + SS, _ := hex.DecodeString(SSHex) + UHex := "0403e76a28df08ea591912e0ff84ebf419e21aadf8ec5aed4b0f3cd0fc1cdea14a06f05a3be4f9f2d16530c6b4934da2e3439ea287796faac079d396f8cdb9f565" + U, _ := hex.DecodeString(UHex) + UTHex := "041012e53c991edc9514889de50fb7d893c406dc9bf4c89d46fec9ba408cc5f596226402e7c468c823a28b9003a3944c4600a1b797f10cf01060d3729729212932" + UT, _ := hex.DecodeString(UTHex) + SECHex := "04051b0d3e9dfdb2a378f0ac7056fb264a900d0867e39c334950527d8c460d76132346bf8ed8a419e2eab4ad52a8b7a51d8c09cbcfa4e80bc0487965ece72ab0ce" + SEC, _ := hex.DecodeString(SECHex) + var MESSAGE []byte + // MESSAGE := []byte("test sign message") + + const EGS = amcl.MPIN_EGS + const EFS = amcl.MPIN_EFS + const G1S = 2*EFS + 1 /* Group 1 Size */ + const G2S = 4 * EFS /* Group 2 Size */ + + var Y [EGS]byte + var E [12 * EFS]byte + var F [12 * EFS]byte + var HID [G1S]byte + var HTID [G1S]byte + + ////// Server ////// + t0 := time.Now() + rtn := 0 + for i := 0; i < nIter; i++ { + rtn = amcl.MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue) + } + t1 := time.Now() + log.Printf("Number Iterations: %d Time: %v\n", nIter, t1.Sub(t0)) + + if rtn == amcl.MPIN_BAD_PIN { + log.Printf("Authentication failed Error Code %d\n", rtn) + return + } else { + log.Printf("Authenticated ID: %s \n", IDstr) + } +}
