MILAGRO-14.Updating package name with apache git
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/commit/85fabaa6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/tree/85fabaa6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/diff/85fabaa6 Branch: refs/heads/master Commit: 85fabaa62b4aa6dda91aff8eefb5b7df25900cf4 Parents: b55e613 Author: ajanthan <[email protected]> Authored: Fri Aug 12 16:25:56 2016 -0700 Committer: ajanthan <[email protected]> Committed: Fri Aug 12 16:25:56 2016 -0700 ---------------------------------------------------------------------- go/amcl-cgo/README.txt | 9 + go/amcl-cgo/crypto.go | 828 ++++++++++++ go/amcl-cgo/crypto_test.go | 1175 +++++++++++++++++ go/amcl-go/AES.go | 634 ++++++++++ go/amcl-go/BIG.go | 956 ++++++++++++++ go/amcl-go/DBIG.go | 260 ++++ go/amcl-go/ECDH.go | 657 ++++++++++ go/amcl-go/ECP.go | 1076 ++++++++++++++++ go/amcl-go/ECP2.go | 672 ++++++++++ go/amcl-go/FF.go | 926 ++++++++++++++ go/amcl-go/FP.go | 288 +++++ go/amcl-go/FP12.go | 654 ++++++++++ go/amcl-go/FP2.go | 324 +++++ go/amcl-go/FP4.go | 522 ++++++++ go/amcl-go/GCM.go | 472 +++++++ go/amcl-go/HASH.go | 215 ++++ go/amcl-go/MPIN.go | 807 ++++++++++++ go/amcl-go/MPIN_test.go | 898 +++++++++++++ go/amcl-go/PAIR.go | 541 ++++++++ go/amcl-go/RAND.go | 187 +++ go/amcl-go/ROM.go | 353 ++++++ go/amcl-go/RSA.go | 373 ++++++ go/amcl-go/UTILS.go | 45 + go/amcl-go/UTILS_test.go | 71 ++ go/amcl-go/crypto.go | 222 ++++ go/amcl-go/crypto_test.go | 1194 ++++++++++++++++++ go/examples-cgo/README.txt | 5 + go/examples-cgo/mpin.go | 221 ++++ go/examples-cgo/mpinTwoPass.go | 227 ++++ go/examples-cgo/mpinfull.go | 293 +++++ go/examples-cgo/mpinfullAnon.go | 295 +++++ go/examples-cgo/timempin.go | 84 ++ go/examples-go/ecdh.go | 180 +++ go/examples-go/generateRandom.go | 48 + go/examples-go/mpin.go | 248 ++++ go/examples-go/mpinTwoPass.go | 207 +++ go/examples-go/mpinTwoPassWrap.go | 228 ++++ go/examples-go/mpinfull.go | 269 ++++ go/examples-go/mpinfullWrap.go | 293 +++++ go/examples-go/otp.go | 48 + go/examples-go/pbkdf2.go | 88 ++ go/examples-go/rsa.go | 71 ++ go/examples-go/timempin.go | 96 ++ go/examples-go/timempinWrap.go | 84 ++ go/readme.txt | 6 +- go/src/github.com/miracl/amcl-cgo/README.txt | 9 - go/src/github.com/miracl/amcl-cgo/crypto.go | 828 ------------ .../github.com/miracl/amcl-cgo/crypto_test.go | 1175 ----------------- go/src/github.com/miracl/amcl-go/AES.go | 634 ---------- go/src/github.com/miracl/amcl-go/BIG.go | 956 -------------- go/src/github.com/miracl/amcl-go/DBIG.go | 260 ---- go/src/github.com/miracl/amcl-go/ECDH.go | 657 ---------- go/src/github.com/miracl/amcl-go/ECP.go | 1076 ---------------- go/src/github.com/miracl/amcl-go/ECP2.go | 672 ---------- go/src/github.com/miracl/amcl-go/FF.go | 926 -------------- go/src/github.com/miracl/amcl-go/FP.go | 288 ----- go/src/github.com/miracl/amcl-go/FP12.go | 654 ---------- go/src/github.com/miracl/amcl-go/FP2.go | 324 ----- go/src/github.com/miracl/amcl-go/FP4.go | 522 -------- go/src/github.com/miracl/amcl-go/GCM.go | 472 ------- go/src/github.com/miracl/amcl-go/HASH.go | 215 ---- go/src/github.com/miracl/amcl-go/MPIN.go | 807 ------------ go/src/github.com/miracl/amcl-go/MPIN_test.go | 898 ------------- go/src/github.com/miracl/amcl-go/PAIR.go | 541 -------- go/src/github.com/miracl/amcl-go/RAND.go | 187 --- go/src/github.com/miracl/amcl-go/ROM.go | 353 ------ go/src/github.com/miracl/amcl-go/RSA.go | 373 ------ go/src/github.com/miracl/amcl-go/UTILS.go | 45 - go/src/github.com/miracl/amcl-go/UTILS_test.go | 71 -- go/src/github.com/miracl/amcl-go/crypto.go | 222 ---- go/src/github.com/miracl/amcl-go/crypto_test.go | 1194 ------------------ .../github.com/miracl/examples-cgo/README.txt | 5 - go/src/github.com/miracl/examples-cgo/mpin.go | 221 ---- .../miracl/examples-cgo/mpinTwoPass.go | 227 ---- .../github.com/miracl/examples-cgo/mpinfull.go | 293 ----- .../miracl/examples-cgo/mpinfullAnon.go | 295 ----- .../github.com/miracl/examples-cgo/timempin.go | 84 -- go/src/github.com/miracl/examples-go/ecdh.go | 180 --- .../miracl/examples-go/generateRandom.go | 48 - go/src/github.com/miracl/examples-go/mpin.go | 248 ---- .../miracl/examples-go/mpinTwoPass.go | 207 --- .../miracl/examples-go/mpinTwoPassWrap.go | 228 ---- .../github.com/miracl/examples-go/mpinfull.go | 269 ---- .../miracl/examples-go/mpinfullWrap.go | 293 ----- go/src/github.com/miracl/examples-go/otp.go | 48 - go/src/github.com/miracl/examples-go/pbkdf2.go | 88 -- go/src/github.com/miracl/examples-go/rsa.go | 71 -- .../github.com/miracl/examples-go/timempin.go | 96 -- .../miracl/examples-go/timempinWrap.go | 84 -- 89 files changed, 17347 insertions(+), 17347 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-cgo/README.txt ---------------------------------------------------------------------- diff --git a/go/amcl-cgo/README.txt b/go/amcl-cgo/README.txt new file mode 100644 index 0000000..79b1cee --- /dev/null +++ b/go/amcl-cgo/README.txt @@ -0,0 +1,9 @@ +When the library is built with; + +-D USE_ANONYMOUS=on + +then set + +const USE_ANONYMOUS = true + +in crypto_test.go http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-cgo/crypto.go ---------------------------------------------------------------------- diff --git a/go/amcl-cgo/crypto.go b/go/amcl-cgo/crypto.go new file mode 100644 index 0000000..db5a6b1 --- /dev/null +++ b/go/amcl-cgo/crypto.go @@ -0,0 +1,828 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package amcl + +/* +#cgo CFLAGS: -std=c99 -O3 -I/opt/amcl/include +#cgo LDFLAGS: -L/opt/amcl/lib -lmpin -lamcl -lm +#include <stdio.h> +#include <stdlib.h> +#include "amcl.h" +#include "mpin.h" +#include "utils.h" +*/ +import "C" +import ( + "encoding/hex" + "fmt" + "unsafe" + + amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +const EAS int = int(C.PAS) +const EGS int = int(C.PGS) +const EFS int = int(C.PFS) +const HASH_BYTES int = int(C.HASH_BYTES) +const IVS int = 12 +const G1S = 2*EFS + 1 +const G2S = 4 * EFS +const GTS = 12 * EFS + +var RNG C.csprng + +func OCT_free(valOctet *C.octet) { + C.free(unsafe.Pointer(valOctet.val)) +} + +func GetOctetZero(lenStr int) C.octet { + valBytes := make([]byte, lenStr) + val := string(valBytes) + valCS := C.CString(val) + lenCS := C.int(lenStr) + octetVal := C.octet{lenCS, lenCS, valCS} + return octetVal +} + +func GetOctet(valStr string) C.octet { + valCS := C.CString(valStr) + lenCS := C.int(len(valStr)) + octetVal := C.octet{lenCS, lenCS, valCS} + return octetVal +} + +func GetOctetHex(valHex string) C.octet { + valBytes, err := hex.DecodeString(valHex) + if err != nil { + octetVal := GetOctetZero(0) + return octetVal + } + valStr := string(valBytes) + octetVal := GetOctet(valStr) + return octetVal +} + +func OCT_len(valOctet *C.octet) int { + return int(valOctet.len) +} + +// Convert an octet to a string +func OCT_toStr(valOct *C.octet) string { + dstLen := OCT_len(valOct) + dstBytes := make([]byte, dstLen) + dstStr := string(dstBytes) + dst := C.CString(dstStr) + C.OCT_toStr(valOct, dst) + dstStr = C.GoStringN(dst, valOct.len) + C.free(unsafe.Pointer(dst)) + return dstStr +} + +// Convert an octet to bytes +func OCT_toBytes(valOct *C.octet) []byte { + dstLen := OCT_len(valOct) + dstBytes := make([]byte, dstLen) + dstStr := string(dstBytes) + dst := C.CString(dstStr) + C.OCT_toStr(valOct, dst) + dstStr = C.GoStringN(dst, valOct.len) + C.free(unsafe.Pointer(dst)) + dstBytes = []byte(dstStr) + return dstBytes +} + +// Convert an octet to a hex string +func OCT_toHex(valOctet *C.octet) string { + dstLen := OCT_len(valOctet) + dstBytes := make([]byte, hex.EncodedLen(dstLen)) + dstStr := string(dstBytes) + dst := C.CString(dstStr) + C.OCT_toHex(valOctet, dst) + dstStr = C.GoString(dst) + C.free(unsafe.Pointer(dst)) + return dstStr +} + +/* return time in slots since epoch */ +func MPIN_today() int { + date := C.MPIN_today() + return int(date) +} + +/* return time since epoch */ +func MPIN_GET_TIME() int { + timeValue := C.MPIN_GET_TIME() + return int(timeValue) +} + +func MPIN_CREATE_CSPRNG(RNG *C.csprng, SEED []byte) { + // Form Octet + SEEDStr := string(SEED) + SEEDOct := GetOctet(SEEDStr) + defer OCT_free(&SEEDOct) + C.MPIN_CREATE_CSPRNG(RNG, &SEEDOct) +} + +func MPIN_HASH_ID(ID []byte) (HASHID []byte) { + // Form Octets + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + HASHIDOct := GetOctetZero(HASH_BYTES) + defer OCT_free(&HASHIDOct) + + // Hash MPIN_ID + C.MPIN_HASH_ID(&IDOct, &HASHIDOct) + + // Convert octet to bytes + HASHID = OCT_toBytes(&HASHIDOct) + + return +} + +/* create random secret S. Use GO RNG */ +func MPIN_RANDOM_GENERATE_WRAP(RNG *amcl.RAND) (int, []byte) { + var S [EGS]byte + errorCode := amcl.MPIN_RANDOM_GENERATE(RNG, S[:]) + return errorCode, S[:] +} + +/* create random secret S. Use C RNG */ +func MPIN_RANDOM_GENERATE_C(RNG *C.csprng) (errorCode int, S []byte) { + // Form Octet + SOct := GetOctetZero(EGS) + defer OCT_free(&SOct) + + rtn := C.MPIN_RANDOM_GENERATE(RNG, &SOct) + errorCode = int(rtn) + + // Convert octet to bytes + S = OCT_toBytes(&SOct) + + return +} + +/* Extract Server Secret SS=S*Q where Q is fixed generator in G2 and S is master secret */ +func MPIN_GET_SERVER_SECRET_WRAP(S []byte) (errorCode int, SS []byte) { + // Form Octets + SStr := string(S) + SOct := GetOctet(SStr) + defer OCT_free(&SOct) + SSOct := GetOctetZero(G2S) + defer OCT_free(&SSOct) + + rtn := C.MPIN_GET_SERVER_SECRET(&SOct, &SSOct) + errorCode = int(rtn) + + // Convert octet to bytes + SS = OCT_toBytes(&SSOct) + + return +} + +/* R=R1+R2 in group G1 */ +func MPIN_RECOMBINE_G1_WRAP(R1 []byte, R2 []byte) (errorCode int, R []byte) { + // Form Octets + R1Str := string(R1) + R1Oct := GetOctet(R1Str) + defer OCT_free(&R1Oct) + R2Str := string(R2) + R2Oct := GetOctet(R2Str) + defer OCT_free(&R2Oct) + ROct := GetOctetZero(G1S) + defer OCT_free(&ROct) + + rtn := C.MPIN_RECOMBINE_G1(&R1Oct, &R2Oct, &ROct) + errorCode = int(rtn) + + // Convert octet to bytes + R = OCT_toBytes(&ROct) + + return +} + +/* W=W1+W2 in group G2 */ +func MPIN_RECOMBINE_G2_WRAP(W1 []byte, W2 []byte) (errorCode int, W []byte) { + // Form Octets + W1Str := string(W1) + W1Oct := GetOctet(W1Str) + defer OCT_free(&W1Oct) + W2Str := string(W2) + W2Oct := GetOctet(W2Str) + defer OCT_free(&W2Oct) + WOct := GetOctetZero(G2S) + defer OCT_free(&WOct) + + rtn := C.MPIN_RECOMBINE_G2(&W1Oct, &W2Oct, &WOct) + errorCode = int(rtn) + + // Convert octet to bytes + W = OCT_toBytes(&WOct) + + return +} + +/* Client secret CS=S*H(ID) where ID is client ID and S is master secret */ +/* CID is hashed externally */ +func MPIN_GET_CLIENT_SECRET_WRAP(S []byte, ID []byte) (errorCode int, CS []byte) { + // Form Octets + SStr := string(S) + SOct := GetOctet(SStr) + defer OCT_free(&SOct) + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + CSOct := GetOctetZero(G1S) + defer OCT_free(&CSOct) + + rtn := C.MPIN_GET_CLIENT_SECRET(&SOct, &IDOct, &CSOct) + errorCode = int(rtn) + + // Convert octet to bytes + CS = OCT_toBytes(&CSOct) + + return +} + +/* Time Permit TP=S*(date|H(ID)) where S is master secret */ +func MPIN_GET_CLIENT_PERMIT_WRAP(date int, S, ID []byte) (errorCode int, TP []byte) { + // Form Octets + SStr := string(S) + SOct := GetOctet(SStr) + defer OCT_free(&SOct) + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + TPOct := GetOctetZero(G1S) + defer OCT_free(&TPOct) + + rtn := C.MPIN_GET_CLIENT_PERMIT(C.int(date), &SOct, &IDOct, &TPOct) + errorCode = int(rtn) + + // Convert octet to bytes + TP = OCT_toBytes(&TPOct) + + return +} + +/* Extract PIN from CS for identity CID to form TOKEN */ +func MPIN_EXTRACT_PIN_WRAP(ID []byte, PIN int, CS []byte) (errorCode int, TOKEN []byte) { + // Form Octets + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + CSStr := string(CS) + CSOct := GetOctet(CSStr) + defer OCT_free(&CSOct) + + rtn := C.MPIN_EXTRACT_PIN(&IDOct, C.int(PIN), &CSOct) + errorCode = int(rtn) + + // Convert octet to bytes + TOKEN = OCT_toBytes(&CSOct) + + return +} + +/* One pass MPIN Client. Using GO RNG */ +func MPIN_CLIENT_WRAP(date, TimeValue, PIN int, RNG *amcl.RAND, ID, X, TOKEN, TP, MESSAGE []byte) (errorCode int, XOut, Y, SEC, U, UT []byte) { + amcl.MPIN_RANDOM_GENERATE(RNG, X[:]) + errorCode, XOut, Y, SEC, U, UT = MPIN_CLIENT_C(date, ID[:], nil, X[:], PIN, TOKEN[:], TP[:], MESSAGE[:], TimeValue) + return +} + +/* One pass MPIN Client. Using C RNG */ +func MPIN_CLIENT_C(date int, ID []byte, RNG *C.csprng, X []byte, PIN int, TOKEN []byte, TP []byte, MESSAGE []byte, TimeValue int) (errorCode int, XOut, Y, SEC, U, UT []byte) { + // Form Octets + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + XStr := string(X) + XOct := GetOctet(XStr) + defer OCT_free(&XOct) + TOKENStr := string(TOKEN) + TOKENOct := GetOctet(TOKENStr) + defer OCT_free(&TOKENOct) + TPStr := string(TP) + TPOct := GetOctet(TPStr) + defer OCT_free(&TPOct) + MESSAGEStr := string(MESSAGE) + MESSAGEOct := GetOctet(MESSAGEStr) + defer OCT_free(&MESSAGEOct) + + SECOct := GetOctetZero(G1S) + defer OCT_free(&SECOct) + UOct := GetOctetZero(G1S) + defer OCT_free(&UOct) + UTOct := GetOctetZero(G1S) + defer OCT_free(&UTOct) + YOct := GetOctetZero(EGS) + defer OCT_free(&YOct) + + rtn := C.MPIN_CLIENT(C.int(date), &IDOct, RNG, &XOct, C.int(PIN), &TOKENOct, &SECOct, &UOct, &UTOct, &TPOct, &MESSAGEOct, C.int(TimeValue), &YOct) + errorCode = int(rtn) + + // Convert octet to bytes + XOut = OCT_toBytes(&XOct) + SEC = OCT_toBytes(&SECOct) + U = OCT_toBytes(&UOct) + UT = OCT_toBytes(&UTOct) + Y = OCT_toBytes(&YOct) + + return +} + +// Precompute values for use by the client side of M-Pin Full +func MPIN_PRECOMPUTE_WRAP(TOKEN []byte, ID []byte) (errorCode int, GT1 []byte, GT2 []byte) { + // Form Octets + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + TOKENStr := string(TOKEN) + TOKENOct := GetOctet(TOKENStr) + defer OCT_free(&TOKENOct) + + GT1Oct := GetOctetZero(GTS) + defer OCT_free(>1Oct) + GT2Oct := GetOctetZero(GTS) + defer OCT_free(>2Oct) + + rtn := C.MPIN_PRECOMPUTE(&TOKENOct, &IDOct, >1Oct, >2Oct) + errorCode = int(rtn) + + // Convert octet to bytes + GT1 = OCT_toBytes(>1Oct) + GT2 = OCT_toBytes(>2Oct) + + return +} + +/* + W=x*H(G); + if RNG == NULL then X is passed in + if RNG != NULL the X is passed out + if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve + Use GO RNG +*/ +func MPIN_GET_G1_MULTIPLE_WRAP(RNG *amcl.RAND, typ int, X, G []byte) (errorCode int, XOut, W []byte) { + amcl.MPIN_RANDOM_GENERATE(RNG, X[:]) + errorCode, XOut, W = MPIN_GET_G1_MULTIPLE_C(nil, typ, X[:], G[:]) + return +} + +/* + W=x*H(G); + if RNG == NULL then X is passed in + if RNG != NULL the X is passed out + if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve + Use C RNG +*/ +func MPIN_GET_G1_MULTIPLE_C(RNG *C.csprng, typ int, X []byte, G []byte) (errorCode int, XOut, W []byte) { + XStr := string(X) + XOct := GetOctet(XStr) + defer OCT_free(&XOct) + GStr := string(G) + GOct := GetOctet(GStr) + defer OCT_free(&GOct) + + WOct := GetOctetZero(G1S) + defer OCT_free(&WOct) + + rtn := C.MPIN_GET_G1_MULTIPLE(RNG, C.int(typ), &XOct, &GOct, &WOct) + errorCode = int(rtn) + + // Convert octet to bytes + XOut = OCT_toBytes(&XOct) + W = OCT_toBytes(&WOct) + + return +} + +/* One pass MPIN Server */ +func MPIN_SERVER_WRAP(date, TimeValue int, SS, U, UT, V, ID, MESSAGE []byte) (errorCode int, HID, HTID, Y, E, F []byte) { + SSStr := string(SS) + SSOct := GetOctet(SSStr) + defer OCT_free(&SSOct) + UStr := string(U) + UOct := GetOctet(UStr) + defer OCT_free(&UOct) + UTStr := string(UT) + UTOct := GetOctet(UTStr) + defer OCT_free(&UTOct) + VStr := string(V) + VOct := GetOctet(VStr) + defer OCT_free(&VOct) + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + MESSAGEStr := string(MESSAGE) + MESSAGEOct := GetOctet(MESSAGEStr) + defer OCT_free(&MESSAGEOct) + + HIDOct := GetOctetZero(G1S) + defer OCT_free(&HIDOct) + HTIDOct := GetOctetZero(G1S) + defer OCT_free(&HTIDOct) + YOct := GetOctetZero(EGS) + defer OCT_free(&YOct) + EOct := GetOctetZero(GTS) + defer OCT_free(&EOct) + FOct := GetOctetZero(GTS) + defer OCT_free(&FOct) + + rtn := C.MPIN_SERVER(C.int(date), &HIDOct, &HTIDOct, &YOct, &SSOct, &UOct, &UTOct, &VOct, &EOct, &FOct, &IDOct, &MESSAGEOct, C.int(TimeValue)) + errorCode = int(rtn) + + // Convert octet to bytes + HID = OCT_toBytes(&HIDOct) + HTID = OCT_toBytes(&HTIDOct) + Y = OCT_toBytes(&YOct) + E = OCT_toBytes(&EOct) + F = OCT_toBytes(&FOct) + + return +} + +/* Pollards kangaroos used to return PIN error */ +func MPIN_KANGAROO(E []byte, F []byte) (PINError int) { + EStr := string(E) + EOct := GetOctet(EStr) + defer OCT_free(&EOct) + FStr := string(F) + FOct := GetOctet(FStr) + defer OCT_free(&FOct) + + rtn := C.MPIN_KANGAROO(&EOct, &FOct) + PINError = int(rtn) + return +} + +/* calculate common key on server side */ +/* Z=r.A - no time permits involved */ +func MPIN_SERVER_KEY_WRAP(Z, SS, W, P, I, U, UT []byte) (errorCode int, SK []byte) { + ZStr := string(Z) + ZOct := GetOctet(ZStr) + defer OCT_free(&ZOct) + SSStr := string(SS) + SSOct := GetOctet(SSStr) + defer OCT_free(&SSOct) + WStr := string(W) + WOct := GetOctet(WStr) + defer OCT_free(&WOct) + PStr := string(P) + POct := GetOctet(PStr) + defer OCT_free(&POct) + IStr := string(I) + IOct := GetOctet(IStr) + defer OCT_free(&IOct) + UStr := string(U) + UOct := GetOctet(UStr) + defer OCT_free(&UOct) + UTStr := string(UT) + UTOct := GetOctet(UTStr) + defer OCT_free(&UTOct) + + SKOct := GetOctetZero(EAS) + defer OCT_free(&SKOct) + + rtn := C.MPIN_SERVER_KEY(&ZOct, &SSOct, &WOct, &POct, &IOct, &UOct, &UTOct, &SKOct) + errorCode = int(rtn) + + // Convert octet to bytes + SK = OCT_toBytes(&SKOct) + + return +} + +/* calculate common key on client side */ +/* wCID = w.(A+AT) */ +func MPIN_CLIENT_KEY_WRAP(PIN int, GT1, GT2, R, X, P, T []byte) (errorCode int, CK []byte) { + GT1Str := string(GT1) + GT1Oct := GetOctet(GT1Str) + defer OCT_free(>1Oct) + GT2Str := string(GT2) + GT2Oct := GetOctet(GT2Str) + defer OCT_free(>2Oct) + RStr := string(R) + ROct := GetOctet(RStr) + defer OCT_free(&ROct) + XStr := string(X) + XOct := GetOctet(XStr) + defer OCT_free(&XOct) + PStr := string(P) + POct := GetOctet(PStr) + defer OCT_free(&POct) + TStr := string(T) + TOct := GetOctet(TStr) + defer OCT_free(&TOct) + + CKOct := GetOctetZero(EAS) + defer OCT_free(&CKOct) + + rtn := C.MPIN_CLIENT_KEY(>1Oct, >2Oct, C.int(PIN), &ROct, &XOct, &POct, &TOct, &CKOct) + errorCode = int(rtn) + + // Convert octet to bytes + CK = OCT_toBytes(&CKOct) + + return +} + +// Generate a random byte array +func GENERATE_RANDOM_C(RNG *C.csprng, randomLen int) (random []byte) { + randomOct := GetOctetZero(randomLen) + defer OCT_free(&randomOct) + + C.generateRandom(RNG, &randomOct) + + // Convert octet to bytes + random = OCT_toBytes(&randomOct) + + return +} + +// Generate random six digit value +func GENERATE_OTP_C(RNG *C.csprng) int { + rtn := C.generateOTP(RNG) + return int(rtn) +} + +/* AES-GCM Encryption: + K is key, H is header, IV is initialization vector and P is plaintext. + Returns cipthertext and tag (MAC) */ +func MPIN_AES_GCM_ENCRYPT(K, IV, H, P []byte) ([]byte, []byte) { + KStr := string(K) + KOct := GetOctet(KStr) + defer OCT_free(&KOct) + IVStr := string(IV) + IVOct := GetOctet(IVStr) + defer OCT_free(&IVOct) + HStr := string(H) + HOct := GetOctet(HStr) + defer OCT_free(&HOct) + PStr := string(P) + POct := GetOctet(PStr) + defer OCT_free(&POct) + + TOct := GetOctetZero(16) + defer OCT_free(&TOct) + lenC := len(PStr) + COct := GetOctetZero(lenC) + defer OCT_free(&COct) + + C.MPIN_AES_GCM_ENCRYPT(&KOct, &IVOct, &HOct, &POct, &COct, &TOct) + + // Convert octet to bytes + C := OCT_toBytes(&COct) + T := OCT_toBytes(&TOct) + + return C, T[:] +} + +/* AES-GCM Deryption: + K is key, H is header, IV is initialization vector and P is plaintext. + Returns cipthertext and tag (MAC) */ +func MPIN_AES_GCM_DECRYPT(K, IV, H, C []byte) ([]byte, []byte) { + KStr := string(K) + KOct := GetOctet(KStr) + defer OCT_free(&KOct) + IVStr := string(IV) + IVOct := GetOctet(IVStr) + defer OCT_free(&IVOct) + HStr := string(H) + HOct := GetOctet(HStr) + defer OCT_free(&HOct) + CStr := string(C) + COct := GetOctet(CStr) + defer OCT_free(&COct) + + TOct := GetOctetZero(16) + defer OCT_free(&TOct) + lenP := len(CStr) + POct := GetOctetZero(lenP) + defer OCT_free(&POct) + + C.MPIN_AES_GCM_DECRYPT(&KOct, &IVOct, &HOct, &COct, &POct, &TOct) + + // Convert octet to bytes + P := OCT_toBytes(&POct) + T := OCT_toBytes(&TOct) + + return P, T[:] +} + +/* Password based Key Derivation Function */ +/* Input password p, salt s, and repeat count */ +/* Output key of length olen */ +func MPIN_PBKDF2(Pass, Salt []byte, rep, olen int) (Key []byte) { + PassStr := string(Pass) + PassOct := GetOctet(PassStr) + defer OCT_free(&PassOct) + SaltStr := string(Salt) + SaltOct := GetOctet(SaltStr) + defer OCT_free(&SaltOct) + + KeyOct := GetOctetZero(olen) + defer OCT_free(&KeyOct) + + C.MPIN_PBKDF2(&PassOct, &SaltOct, C.int(rep), C.int(olen), &KeyOct) + + // Convert octet to bytes + Key = OCT_toBytes(&KeyOct) + + return +} + +func MPIN_printBinary(array []byte) { + for i := 0; i < len(array); i++ { + fmt.Printf("%02x", array[i]) + } + fmt.Printf("\n") +} + +/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */ +func MPIN_SERVER_1_WRAP(date int, ID []byte) (HID, HTID []byte) { + // Form Octets + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + + HIDOct := GetOctetZero(G1S) + defer OCT_free(&HIDOct) + HTIDOct := GetOctetZero(G1S) + defer OCT_free(&HTIDOct) + + C.MPIN_SERVER_1(C.int(date), &IDOct, &HIDOct, &HTIDOct) + + // Convert octet to bytes + HID = OCT_toBytes(&HIDOct) + HTID = OCT_toBytes(&HTIDOct) + + return +} + +/* Implement step 2 of MPin protocol on server side */ +func MPIN_SERVER_2_WRAP(date int, HID []byte, HTID []byte, Y []byte, SS []byte, U []byte, UT []byte, V []byte) (errorCode int, E, F []byte) { + // Form Octets + HIDStr := string(HID) + HIDOct := GetOctet(HIDStr) + defer OCT_free(&HIDOct) + HTIDStr := string(HTID) + HTIDOct := GetOctet(HTIDStr) + defer OCT_free(&HTIDOct) + YStr := string(Y) + YOct := GetOctet(YStr) + defer OCT_free(&YOct) + SSStr := string(SS) + SSOct := GetOctet(SSStr) + defer OCT_free(&SSOct) + UStr := string(U) + UOct := GetOctet(UStr) + defer OCT_free(&UOct) + UTStr := string(UT) + UTOct := GetOctet(UTStr) + defer OCT_free(&UTOct) + VStr := string(V) + VOct := GetOctet(VStr) + defer OCT_free(&VOct) + + EOct := GetOctetZero(GTS) + defer OCT_free(&EOct) + FOct := GetOctetZero(GTS) + defer OCT_free(&FOct) + rtn := C.MPIN_SERVER_2(C.int(date), &HIDOct, &HTIDOct, &YOct, &SSOct, &UOct, &UTOct, &VOct, &EOct, &FOct) + + errorCode = int(rtn) + E = OCT_toBytes(&EOct) + F = OCT_toBytes(&FOct) + + return +} + +/* Implement step 1 on client side of MPin protocol. Use GO code to generate random X */ +func MPIN_CLIENT_1_WRAP(date int, ID []byte, RNG *amcl.RAND, X []byte, PIN int, TOKEN []byte, TP []byte) (errorCode int, XOut, SEC, U, UT []byte) { + amcl.MPIN_RANDOM_GENERATE(RNG, X[:]) + errorCode, XOut, SEC, U, UT = MPIN_CLIENT_1_C(date, ID[:], nil, X[:], PIN, TOKEN[:], TP[:]) + return +} + +/* Implement step 1 on client side of MPin protocol + When rng=nil the X value is externally generated +*/ +func MPIN_CLIENT_1_C(date int, ID []byte, rng *C.csprng, X []byte, PIN int, TOKEN []byte, TP []byte) (errorCode int, XOut, SEC, U, UT []byte) { + // Form Octets + IDStr := string(ID) + IDOct := GetOctet(IDStr) + defer OCT_free(&IDOct) + + XStr := string(X) + XOct := GetOctet(XStr) + defer OCT_free(&XOct) + + TOKENStr := string(TOKEN) + TOKENOct := GetOctet(TOKENStr) + defer OCT_free(&TOKENOct) + + TPStr := string(TP) + TPOct := GetOctet(TPStr) + defer OCT_free(&TPOct) + + SECOct := GetOctetZero(G1S) + defer OCT_free(&SECOct) + UOct := GetOctetZero(G1S) + defer OCT_free(&UOct) + UTOct := GetOctetZero(G1S) + defer OCT_free(&UTOct) + + rtn := C.MPIN_CLIENT_1(C.int(date), &IDOct, rng, &XOct, C.int(PIN), &TOKENOct, &SECOct, &UOct, &UTOct, &TPOct) + + errorCode = int(rtn) + // Convert octet to bytes + XOut = OCT_toBytes(&XOct) + SEC = OCT_toBytes(&SECOct) + U = OCT_toBytes(&UOct) + UT = OCT_toBytes(&UTOct) + + return +} + +/* Implement step 2 on client side of MPin protocol */ +func MPIN_CLIENT_2_WRAP(X []byte, Y []byte, SEC []byte) (errorCode int, V []byte) { + // Form Octets + XStr := string(X) + XOct := GetOctet(XStr) + defer OCT_free(&XOct) + YStr := string(Y) + YOct := GetOctet(YStr) + defer OCT_free(&YOct) + SECStr := string(SEC) + SECOct := GetOctet(SECStr) + defer OCT_free(&SECOct) + + rtn := C.MPIN_CLIENT_2(&XOct, &YOct, &SECOct) + + errorCode = int(rtn) + // Convert octet to bytes + V = OCT_toBytes(&SECOct) + + return +} + +func MPIN_HASH_ALL_WRAP(I, U, UT, Y, V, R, W []byte) (HM []byte) { + // Form Octets + IStr := string(I) + IOct := GetOctet(IStr) + defer OCT_free(&IOct) + + UStr := string(U) + UOct := GetOctet(UStr) + defer OCT_free(&UOct) + + UTStr := string(UT) + UTOct := GetOctet(UTStr) + defer OCT_free(&UTOct) + + YStr := string(Y) + YOct := GetOctet(YStr) + defer OCT_free(&YOct) + + VStr := string(V) + VOct := GetOctet(VStr) + defer OCT_free(&VOct) + + RStr := string(R) + ROct := GetOctet(RStr) + defer OCT_free(&ROct) + + WStr := string(W) + WOct := GetOctet(WStr) + defer OCT_free(&WOct) + + HMOct := GetOctetZero(HASH_BYTES) + defer OCT_free(&HMOct) + + // Hash values + C.MPIN_HASH_ALL(&IOct, &UOct, &UTOct, &YOct, &VOct, &ROct, &WOct, &HMOct) + + // Convert octet to bytes + HM = OCT_toBytes(&HMOct) + + return +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-cgo/crypto_test.go ---------------------------------------------------------------------- diff --git a/go/amcl-cgo/crypto_test.go b/go/amcl-cgo/crypto_test.go new file mode 100644 index 0000000..0fa7c78 --- /dev/null +++ b/go/amcl-cgo/crypto_test.go @@ -0,0 +1,1175 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +package amcl + +import ( + "crypto/rand" + "encoding/hex" + "fmt" + mathrand "math/rand" + "testing" + + "github.com/stretchr/testify/assert" + + amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go" +) + +const nIter int = 100 + +// Set to true if library built with "-D USE_ANONYMOUS=on" +const USE_ANONYMOUS = false + +func TestGoodPIN(t *testing.T) { + want := 0 + var got int + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + if USE_ANONYMOUS { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + assert.Equal(t, want, got, "Should be equal") +} + +func TestBadPIN(t *testing.T) { + want := -19 + var got int + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1235 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + ////// Client ////// + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + ////// Server ////// + if USE_ANONYMOUS { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + assert.Equal(t, want, got, "Should be equal") +} + +func TestBadToken(t *testing.T) { + want := -19 + var got int + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, _, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + // Send UT as V to model bad token + if USE_ANONYMOUS { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], HCID[:], MESSAGE[:]) + } else { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], ID[:], MESSAGE[:]) + } + assert.Equal(t, want, got, "Should be equal") +} + +func TestRandom(t *testing.T) { + want := 0 + var got int + + for i := 0; i < nIter; i++ { + + // Seed value for Random Number Generator (RNG) + seed := make([]byte, 16) + rand.Read(seed) + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Epoch time in days + date := MPIN_today() + + // Epoch time in seconds + timeValue := MPIN_GET_TIME() + + // PIN variable to create token + PIN1 := mathrand.Intn(10000) + // PIN variable to authenticate + PIN2 := PIN1 + + // Assign the End-User a random ID + ID := make([]byte, 16) + rand.Read(ID) + + // Message to sign + var MESSAGE []byte + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + if USE_ANONYMOUS { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + assert.Equal(t, want, got, "Should be equal") + } +} + +func TestGoodSignature(t *testing.T) { + want := 0 + var got int + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Message to sign + MESSAGE := []byte("test message to sign") + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + // Authenticate + if USE_ANONYMOUS { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + assert.Equal(t, want, got, "Should be equal") +} + +func TestSignatureExpired(t *testing.T) { + want := -19 + var got int + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Message to sign + MESSAGE := []byte("test message to sign") + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + timeValue += 10 + // Authenticate + if USE_ANONYMOUS { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + assert.Equal(t, want, got, "Should be equal") +} + +func TestBadSignature(t *testing.T) { + want := -19 + var got int + + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Message to sign + MESSAGE := []byte("test message to sign") + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + // Authenticate + MESSAGE[0] = 00 + if USE_ANONYMOUS { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + assert.Equal(t, want, got, "Should be equal") +} + +func TestPINError(t *testing.T) { + want := 1001 + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 2235 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + var E []byte + var F []byte + if USE_ANONYMOUS { + _, _, _, _, E, F = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + _, _, _, _, E, F = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + + got := MPIN_KANGAROO(E[:], F[:]) + assert.Equal(t, want, got, "Should be equal") +} + +func TestMPINFull(t *testing.T) { + want := "4e0317c9962dc2944c121ec41c800e16" + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // Epoch time in seconds + timeValue := 1439465203 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Message to sign + var MESSAGE []byte + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Precomputation + _, G1, G2 := MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID) + + // Send U, UT, V, timeValue and Message to server + var X [EGS]byte + _, XOut, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) + + // Send Z=r.ID to Server + var R [EGS]byte + _, ROut, Z := MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:]) + + // Authenticate + var HID []byte + var HTID []byte + var Y []byte + if USE_ANONYMOUS { + _, HID, HTID, Y, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:]) + } else { + _, HID, HTID, Y, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) + } + + // send T=w.ID to client + var W [EGS]byte + _, WOut, T := MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:]) + + // Hash all values + HM := MPIN_HASH_ALL_WRAP(HCID[:], U[:], UT[:], Y[:], V[:], Z[:], T[:]) + + _, AES_KEY_SERVER := MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], HM[:], HID[:], U[:], UT[:]) + got := hex.EncodeToString(AES_KEY_SERVER[:]) + if got != want { + t.Errorf("%s != %s", want, got) + } + + _, AES_KEY_CLIENT := MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], HM[:], T[:]) + got = hex.EncodeToString(AES_KEY_CLIENT[:]) + + assert.Equal(t, want, got, "Should be equal") +} + +func TestTwoPassGoodPIN(t *testing.T) { + want := 0 + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Client Pass 1 + var X [EGS]byte + _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) + + // Server Pass 1 + var HID []byte + var HTID []byte + if USE_ANONYMOUS { + HID, HTID = MPIN_SERVER_1_WRAP(date, HCID) + } else { + HID, HTID = MPIN_SERVER_1_WRAP(date, ID) + } + _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Client Pass 2 + _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) + + // Server Pass 2 + got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) + assert.Equal(t, want, got, "Should be equal") +} + +func TestTwoPassBadPIN(t *testing.T) { + want := -19 + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1235 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Client Pass 1 + var X [EGS]byte + _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) + + // Server Pass 1 + var HID []byte + var HTID []byte + if USE_ANONYMOUS { + HID, HTID = MPIN_SERVER_1_WRAP(date, HCID) + } else { + HID, HTID = MPIN_SERVER_1_WRAP(date, ID) + } + _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Client Pass 2 + _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) + + // Server Pass 2 + got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) + assert.Equal(t, want, got, "Should be equal") +} + +func TestTwoPassBadToken(t *testing.T) { + want := -19 + // Assign the End-User an ID + IDstr := "[email protected]" + ID := []byte(IDstr) + + // Epoch time in days + date := 16660 + + // PIN variable to create token + PIN1 := 1234 + // PIN variable to authenticate + PIN2 := 1234 + + // Seed value for Random Number Generator (RNG) + seedHex := "9e8b4178790cd57a5761c4a6f164ba72" + seed, err := hex.DecodeString(seedHex) + if err != nil { + fmt.Println("Error decoding seed value") + return + } + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Client Pass 1 + var X [EGS]byte + _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) + + // Server Pass 1 + var HID []byte + var HTID []byte + if USE_ANONYMOUS { + HID, HTID = MPIN_SERVER_1_WRAP(date, HCID) + } else { + HID, HTID = MPIN_SERVER_1_WRAP(date, ID) + } + _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Client Pass 2 + _, _ = MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) + + // Server Pass 2 + // Send UT as V to model bad token + got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], UT[:]) + assert.Equal(t, want, got, "Should be equal") +} + +func TestRandomTwoPass(t *testing.T) { + want := 0 + + for i := 0; i < nIter; i++ { + + // Seed value for Random Number Generator (RNG) + seed := make([]byte, 16) + rand.Read(seed) + rng := amclgo.NewRAND() + rng.Seed(len(seed), seed) + + // Epoch time in days + date := MPIN_today() + + // PIN variable to create token + PIN1 := mathrand.Intn(10000) + // PIN variable to authenticate + PIN2 := PIN1 + + // Assign the End-User a random ID + ID := make([]byte, 16) + rand.Read(ID) + + // Generate Master Secret Share 1 + _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Generate Master Secret Share 2 + _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Either Client or TA calculates Hash(ID) + HCID := MPIN_HASH_ID(ID) + + // Generate server secret share 1 + _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) + + // Generate server secret share 2 + _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) + + // Combine server secret shares + _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) + + // Generate client secret share 1 + _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) + + // Generate client secret share 2 + _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) + + // Combine client secret shares + CS := make([]byte, G1S) + _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) + + // Generate time permit share 1 + _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) + + // Generate time permit share 2 + _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) + + // Combine time permit shares + _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) + + // Create token + _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) + + // Client Pass 1 + var X [EGS]byte + _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) + + // Server Pass 1 + var HID []byte + var HTID []byte + if USE_ANONYMOUS { + HID, HTID = MPIN_SERVER_1_WRAP(date, HCID) + } else { + HID, HTID = MPIN_SERVER_1_WRAP(date, ID) + } + _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) + + // Client Pass 2 + _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) + + // Server Pass 2 + got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) + assert.Equal(t, want, got, "Should be equal") + + } +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-go/AES.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/AES.go b/go/amcl-go/AES.go new file mode 100644 index 0000000..598d408 --- /dev/null +++ b/go/amcl-go/AES.go @@ -0,0 +1,634 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* AES Encryption */ + +package amcl + +//import "fmt" + +const aes_ECB int = 0 +const aes_CBC int = 1 +const aes_CFB1 int = 2 +const aes_CFB2 int = 3 +const aes_CFB4 int = 5 +const aes_OFB1 int = 14 +const aes_OFB2 int = 15 +const aes_OFB4 int = 17 +const aes_OFB8 int = 21 +const aes_OFB16 int = 29 + +var aes_InCo = [...]byte{0xB, 0xD, 0x9, 0xE} /* Inverse Coefficients */ + +var aes_ptab = [...]byte{ + 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53, + 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170, + 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49, + 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205, + 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136, + 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154, + 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163, + 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160, + 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65, + 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117, + 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128, + 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84, + 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202, + 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14, + 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23, + 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1} + +var aes_ltab = [...]byte{ + 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3, + 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193, + 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120, + 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142, + 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56, + 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16, + 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186, + 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87, + 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232, + 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160, + 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183, + 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157, + 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209, + 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171, + 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165, + 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7} + +var aes_fbsub = [...]byte{ + 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118, + 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192, + 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21, + 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117, + 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132, + 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207, + 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168, + 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210, + 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115, + 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219, + 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121, + 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8, + 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138, + 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158, + 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223, + 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22} + +var aes_rbsub = [...]byte{ + 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251, + 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203, + 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78, + 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37, + 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146, + 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132, + 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6, + 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107, + 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115, + 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110, + 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27, + 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244, + 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95, + 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239, + 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97, + 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125} + +var aes_rco = [...]byte{1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216, 171, 77, 154, 47} + +var aes_ftable = [...]uint32{ + 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0xdf2f2ff, 0xbd6b6bd6, + 0xb16f6fde, 0x54c5c591, 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56, + 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f, + 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb, + 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, + 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, + 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551, + 0x34e5e5d1, 0x8f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, + 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, + 0xf05050a, 0xb59a9a2f, 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, + 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d, + 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, + 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, + 0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1, + 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, + 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, + 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a, + 0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe, + 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, + 0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1, + 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, + 0xef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, + 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755, + 0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, + 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, + 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, + 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264, + 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8, + 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, + 0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, + 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac, + 0x7f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, + 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657, + 0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, + 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, + 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c, + 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199, + 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, + 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, + 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, + 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7, + 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, + 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c} + +var aes_rtable = [...]uint32{ + 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f, + 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, + 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25, + 0x980eea45, 0xe1c0fe5d, 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, + 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, + 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, + 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5, + 0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, + 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, + 0x578f1fe3, 0x2aab5566, 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3, + 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7, + 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, + 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040, + 0x69f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, + 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, + 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, + 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0, 0x83868009, 0x48ed2b32, + 0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, + 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0xfe75793, + 0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, + 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0xb0d090e, 0xadc78bf2, + 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, + 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb, + 0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, + 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, + 0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, + 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9, + 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, + 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, + 0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, + 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x97826cd, 0xf418596e, + 0x1b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef, + 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a, + 0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, + 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, + 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, + 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92, + 0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, + 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, + 0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, + 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0xc25e2bc, + 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, + 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0} + +type AES struct { + mode int + fkey [44]uint32 + rkey [44]uint32 + f [16]byte +} + +/* Rotates 32-bit word left by 1, 2 or 3 byte */ + +func aes_ROTL8(x uint32) uint32 { + return (((x) << 8) | ((x) >> 24)) +} + +func aes_ROTL16(x uint32) uint32 { + return (((x) << 16) | ((x) >> 16)) +} + +func aes_ROTL24(x uint32) uint32 { + return (((x) << 24) | ((x) >> 8)) +} + +func aes_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */ + return ((uint32(b[3]) & 0xff) << 24) | ((uint32(b[2]) & 0xff) << 16) | ((uint32(b[1]) & 0xff) << 8) | (uint32(b[0]) & 0xff) +} + +func aes_unpack(a uint32) [4]byte { /* unpack bytes from a word */ + var b = [4]byte{byte(a & 0xff), byte((a >> 8) & 0xff), byte((a >> 16) & 0xff), byte((a >> 24) & 0xff)} + return b +} + +func aes_bmul(x byte, y byte) byte { /* x.y= AntiLog(Log(x) + Log(y)) */ + + ix := int(x) & 0xff + iy := int(y) & 0xff + lx := int(aes_ltab[ix]) & 0xff + ly := int(aes_ltab[iy]) & 0xff + + if x != 0 && y != 0 { + return aes_ptab[(lx+ly)%255] + } else { + return byte(0) + } +} + +func aes_SubByte(a uint32) uint32 { + b := aes_unpack(a) + b[0] = aes_fbsub[int(b[0])] + b[1] = aes_fbsub[int(b[1])] + b[2] = aes_fbsub[int(b[2])] + b[3] = aes_fbsub[int(b[3])] + return aes_pack(b) +} + +func aes_product(x uint32, y uint32) byte { /* dot product of two 4-byte arrays */ + xb := aes_unpack(x) + yb := aes_unpack(y) + + return (aes_bmul(xb[0], yb[0]) ^ aes_bmul(xb[1], yb[1]) ^ aes_bmul(xb[2], yb[2]) ^ aes_bmul(xb[3], yb[3])) +} + +func aes_InvMixCol(x uint32) uint32 { /* matrix Multiplication */ + var b [4]byte + m := aes_pack(aes_InCo) + b[3] = aes_product(m, x) + m = aes_ROTL24(m) + b[2] = aes_product(m, x) + m = aes_ROTL24(m) + b[1] = aes_product(m, x) + m = aes_ROTL24(m) + b[0] = aes_product(m, x) + var y = aes_pack(b) + return y +} + +/* reset cipher */ +func (A *AES) Reset(m int, iv []byte) { /* reset mode, or reset iv */ + A.mode = m + for i := 0; i < 16; i++ { + A.f[i] = 0 + } + if (A.mode != aes_ECB) && (iv != nil) { + for i := 0; i < 16; i++ { + A.f[i] = iv[i] + } + } +} + +func (A *AES) Init(m int, key []byte, iv []byte) { /* Key=16 bytes */ + /* Key Scheduler. Create expanded encryption key */ + var CipherKey [4]uint32 + var b [4]byte + nk := 4 + A.Reset(m, iv) + N := 44 + + j := 0 + for i := 0; i < nk; i++ { + for k := 0; k < 4; k++ { + b[k] = key[j+k] + } + CipherKey[i] = aes_pack(b) + j += 4 + } + for i := 0; i < nk; i++ { + A.fkey[i] = CipherKey[i] + } + j = nk + for k := 0; j < N; k++ { + A.fkey[j] = A.fkey[j-nk] ^ aes_SubByte(aes_ROTL24(A.fkey[j-1])) ^ uint32(aes_rco[k]) + for i := 1; i < nk && (i+j) < N; i++ { + A.fkey[i+j] = A.fkey[i+j-nk] ^ A.fkey[i+j-1] + } + j += nk + } + + /* now for the expanded decrypt key in reverse order */ + + for j := 0; j < 4; j++ { + A.rkey[j+N-4] = A.fkey[j] + } + for i := 4; i < N-4; i += 4 { + k := N - 4 - i + for j := 0; j < 4; j++ { + A.rkey[k+j] = aes_InvMixCol(A.fkey[i+j]) + } + } + for j := N - 4; j < N; j++ { + A.rkey[j-N+4] = A.fkey[j] + } +} + +func NewAES() *AES { + var A = new(AES) + return A +} + +func (A *AES) Getreg() [16]byte { + var ir [16]byte + for i := 0; i < 16; i++ { + ir[i] = A.f[i] + } + return ir +} + +/* Encrypt a single block */ +func (A *AES) ecb_encrypt(buff []byte) { + var b [4]byte + var p [4]uint32 + var q [4]uint32 + + j := 0 + for i := 0; i < 4; i++ { + for k := 0; k < 4; k++ { + b[k] = buff[j+k] + } + p[i] = aes_pack(b) + p[i] ^= A.fkey[i] + j += 4 + } + + k := 4 + + /* State alternates between p and q */ + for i := 1; i < 10; i++ { + q[0] = A.fkey[k] ^ aes_ftable[int(p[0]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[1]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[2]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[3]>>24)&0xff)]) + + q[1] = A.fkey[k+1] ^ aes_ftable[int(p[1]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[2]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[3]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[0]>>24)&0xff)]) + + q[2] = A.fkey[k+2] ^ aes_ftable[int(p[2]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[3]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[0]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[1]>>24)&0xff)]) + + q[3] = A.fkey[k+3] ^ aes_ftable[int(p[3]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[0]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[1]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[2]>>24)&0xff)]) + + k += 4 + for j = 0; j < 4; j++ { + t := p[j] + p[j] = q[j] + q[j] = t + } + } + + /* Last Round */ + + q[0] = A.fkey[k] ^ uint32(aes_fbsub[int(p[0]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[1]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[2]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[3]>>24)&0xff)])) + + q[1] = A.fkey[k+1] ^ uint32(aes_fbsub[int(p[1]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[2]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[3]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[0]>>24)&0xff)])) + + q[2] = A.fkey[k+2] ^ uint32(aes_fbsub[int(p[2]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[3]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[0]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[1]>>24)&0xff)])) + + q[3] = A.fkey[k+3] ^ uint32(aes_fbsub[int(p[3]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[0]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[1]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[2]>>24)&0xff)])) + + j = 0 + for i := 0; i < 4; i++ { + b = aes_unpack(q[i]) + for k = 0; k < 4; k++ { + buff[j+k] = b[k] + } + j += 4 + } +} + +/* Decrypt a single block */ +func (A *AES) ecb_decrypt(buff []byte) { + var b [4]byte + var p [4]uint32 + var q [4]uint32 + + j := 0 + for i := 0; i < 4; i++ { + for k := 0; k < 4; k++ { + b[k] = buff[j+k] + } + p[i] = aes_pack(b) + p[i] ^= A.rkey[i] + j += 4 + } + + k := 4 + + /* State alternates between p and q */ + for i := 1; i < 10; i++ { + + q[0] = A.rkey[k] ^ aes_rtable[int(p[0]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[3]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[2]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[1]>>24)&0xff)]) + + q[1] = A.rkey[k+1] ^ aes_rtable[int(p[1]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[0]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[3]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[2]>>24)&0xff)]) + + q[2] = A.rkey[k+2] ^ aes_rtable[int(p[2]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[1]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[0]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[3]>>24)&0xff)]) + + q[3] = A.rkey[k+3] ^ aes_rtable[int(p[3]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[2]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[1]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[0]>>24)&0xff)]) + + k += 4 + for j := 0; j < 4; j++ { + t := p[j] + p[j] = q[j] + q[j] = t + } + } + + /* Last Round */ + + q[0] = A.rkey[k] ^ uint32(aes_rbsub[int(p[0]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[3]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[2]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[1]>>24)&0xff)])) + + q[1] = A.rkey[k+1] ^ uint32(aes_rbsub[int(p[1]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[0]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[3]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[2]>>24)&0xff)])) + + q[2] = A.rkey[k+2] ^ uint32(aes_rbsub[int(p[2]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[1]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[0]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[3]>>24)&0xff)])) + + q[3] = A.rkey[k+3] ^ uint32(aes_rbsub[int((p[3])&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[2]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[1]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[0]>>24)&0xff)])) + + j = 0 + for i := 0; i < 4; i++ { + b = aes_unpack(q[i]) + for k := 0; k < 4; k++ { + buff[j+k] = b[k] + } + j += 4 + } +} + +/* Encrypt using selected mode of operation */ +func (A *AES) Encrypt(buff []byte) uint32 { + var st [16]byte + + // Supported Modes of Operation + + var fell_off uint32 = 0 + switch A.mode { + case aes_ECB: + A.ecb_encrypt(buff) + return 0 + case aes_CBC: + for j := 0; j < 16; j++ { + buff[j] ^= A.f[j] + } + A.ecb_encrypt(buff) + for j := 0; j < 16; j++ { + A.f[j] = buff[j] + } + return 0 + + case aes_CFB1: + fallthrough + case aes_CFB2: + fallthrough + case aes_CFB4: + bytes := A.mode - aes_CFB1 + 1 + for j := 0; j < bytes; j++ { + fell_off = (fell_off << 8) | uint32(A.f[j]) + } + for j := 0; j < 16; j++ { + st[j] = A.f[j] + } + for j := bytes; j < 16; j++ { + A.f[j-bytes] = A.f[j] + } + A.ecb_encrypt(st[:]) + for j := 0; j < bytes; j++ { + buff[j] ^= st[j] + A.f[16-bytes+j] = buff[j] + } + return fell_off + + case aes_OFB1: + fallthrough + case aes_OFB2: + fallthrough + case aes_OFB4: + fallthrough + case aes_OFB8: + fallthrough + case aes_OFB16: + + bytes := A.mode - aes_OFB1 + 1 + A.ecb_encrypt(A.f[:]) + for j := 0; j < bytes; j++ { + buff[j] ^= A.f[j] + } + return 0 + + default: + return 0 + } +} + +/* Decrypt using selected mode of operation */ +func (A *AES) Decrypt(buff []byte) uint32 { + + var st [16]byte + + // Supported Modes of Operation + + var fell_off uint32 = 0 + switch A.mode { + case aes_ECB: + A.ecb_decrypt(buff) + return 0 + case aes_CBC: + for j := 0; j < 16; j++ { + st[j] = A.f[j] + A.f[j] = buff[j] + } + A.ecb_decrypt(buff) + for j := 0; j < 16; j++ { + buff[j] ^= st[j] + st[j] = 0 + } + return 0 + case aes_CFB1: + fallthrough + case aes_CFB2: + fallthrough + case aes_CFB4: + bytes := A.mode - aes_CFB1 + 1 + for j := 0; j < bytes; j++ { + fell_off = (fell_off << 8) | uint32(A.f[j]) + } + for j := 0; j < 16; j++ { + st[j] = A.f[j] + } + for j := bytes; j < 16; j++ { + A.f[j-bytes] = A.f[j] + } + A.ecb_encrypt(st[:]) + for j := 0; j < bytes; j++ { + A.f[16-bytes+j] = buff[j] + buff[j] ^= st[j] + } + return fell_off + case aes_OFB1: + fallthrough + case aes_OFB2: + fallthrough + case aes_OFB4: + fallthrough + case aes_OFB8: + fallthrough + case aes_OFB16: + bytes := A.mode - aes_OFB1 + 1 + A.ecb_encrypt(A.f[:]) + for j := 0; j < bytes; j++ { + buff[j] ^= A.f[j] + } + return 0 + + default: + return 0 + } +} + +/* Clean up and delete left-overs */ +func (A *AES) End() { // clean up + for i := 0; i < 44; i++ { + A.fkey[i] = 0 + A.rkey[i] = 0 + } + for i := 0; i < 16; i++ { + A.f[i] = 0 + } +} + +/* +func main() { + var key [16]byte + var block [16]byte + var iv [16]byte + + for i:=0;i<16;i++ {key[i]=0} + key[0]=1 + for i:=0;i<16;i++ {iv[i]=byte(i)} + for i:=0;i<16;i++ {block[i]=byte(i)} + + a:=NewAES() + + a.Init(aes_CBC,key[:],iv[:]) + fmt.Printf("Plain= \n") + for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)} + fmt.Printf("\n") + + a.Encrypt(block[:]) + + fmt.Printf("Encrypt= \n") + for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)} + fmt.Printf("\n") + + a.Reset(aes_CBC,iv[:]) + a.Decrypt(block[:]) + + fmt.Printf("Decrypt= \n") + for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)} + fmt.Printf("\n") + + a.End(); +} +*/
