http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/doc/latex/words.eps ---------------------------------------------------------------------- diff --git a/doc/latex/words.eps b/doc/latex/words.eps new file mode 100644 index 0000000..6651c4b --- /dev/null +++ b/doc/latex/words.eps @@ -0,0 +1,469 @@ +%!PS-Adobe-2.0 EPSF-2.0 +%%Title: C:\Users\Shamus\Pictures\words.dia +%%Creator: Dia v0.97.2 +%%CreationDate: Tue Jul 29 11:17:31 2014 +%%For: Shamus +%%Orientation: Portrait +%%Magnification: 1.0000 +%%BoundingBox: 0 0 966 249 +%%BeginSetup +%%EndSetup +%%EndComments +%%BeginProlog +[ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright +/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one +/two /three /four /five /six /seven /eight /nine /colon /semicolon +/less /equal /greater /question /at /A /B /C /D /E +/F /G /H /I /J /K /L /M /N /O +/P /Q /R /S /T /U /V /W /X /Y +/Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c +/d /e /f /g /h /i /j /k /l /m +/n /o /p /q /r /s /t /u /v /w +/x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright +/ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior +/acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf +/threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla +/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde +/Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex +/Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring +/ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis +/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave +/uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def +/cp {closepath} bind def +/c {curveto} bind def +/f {fill} bind def +/a {arc} bind def +/ef {eofill} bind def +/ex {exch} bind def +/gr {grestore} bind def +/gs {gsave} bind def +/sa {save} bind def +/rs {restore} bind def +/l {lineto} bind def +/m {moveto} bind def +/rm {rmoveto} bind def +/n {newpath} bind def +/s {stroke} bind def +/sh {show} bind def +/slc {setlinecap} bind def +/slj {setlinejoin} bind def +/slw {setlinewidth} bind def +/srgb {setrgbcolor} bind def +/rot {rotate} bind def +/sc {scale} bind def +/sd {setdash} bind def +/ff {findfont} bind def +/sf {setfont} bind def +/scf {scalefont} bind def +/sw {stringwidth pop} bind def +/tr {translate} bind def + +/ellipsedict 8 dict def +ellipsedict /mtrx matrix put +/ellipse +{ ellipsedict begin + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def /savematrix mtrx currentmatrix def + x y tr xrad yrad sc + 0 0 1 startangle endangle arc + savematrix setmatrix + end +} def + +/mergeprocs { +dup length +3 -1 roll +dup +length +dup +5 1 roll +3 -1 roll +add +array cvx +dup +3 -1 roll +0 exch +putinterval +dup +4 2 roll +putinterval +} bind def +/Times-Roman-latin1 + /Times-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-Italic-latin1 + /Times-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-Bold-latin1 + /Times-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-BoldItalic-latin1 + /Times-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-Gothic-latin1 + /AvantGarde-Gothic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-BookOblique-latin1 + /AvantGarde-BookOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-Demi-latin1 + /AvantGarde-Demi findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-DemiOblique-latin1 + /AvantGarde-DemiOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-Light-latin1 + /Bookman-Light findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-LightItalic-latin1 + /Bookman-LightItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-Demi-latin1 + /Bookman-Demi findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-DemiItalic-latin1 + /Bookman-DemiItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-latin1 + /Courier findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-Oblique-latin1 + /Courier-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-Bold-latin1 + /Courier-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-BoldOblique-latin1 + /Courier-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-latin1 + /Helvetica findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Oblique-latin1 + /Helvetica-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Bold-latin1 + /Helvetica-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-BoldOblique-latin1 + /Helvetica-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-latin1 + /Helvetica-Narrow findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-Oblique-latin1 + /Helvetica-Narrow-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-Bold-latin1 + /Helvetica-Narrow-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-BoldOblique-latin1 + /Helvetica-Narrow-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-Roman-latin1 + /NewCenturySchlbk-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-Italic-latin1 + /NewCenturySchlbk-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-Bold-latin1 + /NewCenturySchlbk-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-BoldItalic-latin1 + /NewCenturySchlbk-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Roman-latin1 + /Palatino-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Italic-latin1 + /Palatino-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Bold-latin1 + /Palatino-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-BoldItalic-latin1 + /Palatino-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Symbol-latin1 + /Symbol findfont +definefont pop +/ZapfChancery-MediumItalic-latin1 + /ZapfChancery-MediumItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/ZapfDingbats-latin1 + /ZapfDingbats findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +28.346000 -28.346000 scale +-4.000000 2.867500 translate +%%EndProlog + + +0.100000 slw +[] 0 sd +[] 0 sd +0 slj +0.000000 0.000000 0.000000 srgb +n 5.000000 -10.000000 m 5.000000 -7.000000 l 14.000000 -7.000000 l 14.000000 -10.000000 l cp s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 8.000000 -10.000000 m 8.000000 -7.000000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slj +n 15.000000 -10.000000 m 15.000000 -7.000000 l 24.000000 -7.000000 l 24.000000 -10.000000 l cp s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 16.000000 -10.000000 m 16.000000 -7.000000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slj +n 29.000000 -10.000000 m 29.000000 -7.000000 l 38.000000 -7.000000 l 38.000000 -10.000000 l cp s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 30.000000 -10.000000 m 30.000000 -7.000000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 11.000000 -10.000000 m 11.000000 -7.000000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 6.000000 -10.000000 m 6.000000 -7.000000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 18.000000 -10.000000 m 18.000000 -7.000000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 32.000000 -10.000000 m 32.000000 -7.000000 l s +/Helvetica-latin1 ff 0.560000 scf sf +(Sign bit) 4.000000 -3.120000 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 5.000000 -4.000000 m 5.000000 -5.513197 l s +[] 0 sd +0 slj +0 slc +n 5.000000 -5.888197 m 5.250000 -5.388197 l 5.000000 -5.513197 l 4.750000 -5.388197 l ef +n 5.000000 -5.888197 m 5.250000 -5.388197 l 5.000000 -5.513197 l 4.750000 -5.388197 l cp s +/Helvetica-latin1 ff 0.560000 scf sf +(Field Excess) 8.000000 -3.120000 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 9.000000 -4.000000 m 9.000000 -5.513197 l s +[] 0 sd +0 slj +0 slc +n 9.000000 -5.888197 m 9.250000 -5.388197 l 9.000000 -5.513197 l 8.750000 -5.388197 l ef +n 9.000000 -5.888197 m 9.250000 -5.388197 l 9.000000 -5.513197 l 8.750000 -5.388197 l cp s +/Helvetica-latin1 ff 0.560000 scf sf +(Word Excess) 15.000000 -3.120000 m + gs 1 -1 sc sh gr +/Helvetica-latin1 ff 0.560000 scf sf +(Word Excess) 29.000000 -3.120000 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 17.000000 -4.000000 m 17.000000 -5.513197 l s +[] 0 sd +0 slj +0 slc +n 17.000000 -5.888197 m 17.250000 -5.388197 l 17.000000 -5.513197 l 16.750000 -5.388197 l ef +n 17.000000 -5.888197 m 17.250000 -5.388197 l 17.000000 -5.513197 l 16.750000 -5.388197 l cp s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 31.000000 -4.000000 m 31.000000 -5.513197 l s +[] 0 sd +0 slj +0 slc +n 31.000000 -5.888197 m 31.250000 -5.388197 l 31.000000 -5.513197 l 30.750000 -5.388197 l ef +n 31.000000 -5.888197 m 31.250000 -5.388197 l 31.000000 -5.513197 l 30.750000 -5.388197 l cp s +/Helvetica-latin1 ff 0.560000 scf sf +(Base Bits) 20.000000 -8.120000 m + gs 1 -1 sc sh gr +/Helvetica-latin1 ff 0.560000 scf sf +(Base Bits) 34.000000 -8.120000 m + gs 1 -1 sc sh gr +/Helvetica-latin1 ff 0.560000 scf sf +(Top Bits) 11.000000 -8.120000 m + gs 1 -1 sc sh gr +/Helvetica-latin1 ff 0.560000 scf sf +(..........) 26.000000 -7.120000 m + gs 1 -1 sc sh gr +/Helvetica-latin1 ff 0.560000 scf sf +(Most Significant Word) 7.000000 -11.120000 m + gs 1 -1 sc sh gr +/Helvetica-latin1 ff 0.560000 scf sf +(Least Significant Word) 30.000000 -11.120000 m + gs 1 -1 sc sh gr +showpage
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/CMakeLists.txt ---------------------------------------------------------------------- diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt new file mode 100644 index 0000000..e7c6467 --- /dev/null +++ b/examples/CMakeLists.txt @@ -0,0 +1,58 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +cmake_minimum_required(VERSION 3.1 FATAL_ERROR) + +foreach(curve ${AMCL_CURVE}) + amcl_curve_field(PF "${curve}") + amcl_curve_field(TC "${curve}") + amcl_curve_field(CS "${curve}") + + amcl_configure_file_curve(testecdh_ZZZ.c.in testecdh_${TC}.c "${curve}" testecdh_${TC}_GEN_SRCS) + add_executable(testecdh_${TC} ${testecdh_${TC}_GEN_SRCS}) + target_link_libraries(testecdh_${TC} PRIVATE amcl_curve_${TC}) + + if(TARGET amcl_mpin_${TC}) + amcl_configure_file_curve(testmpin_ZZZ.c.in testmpin_${TC}.c "${curve}" testmpin_${TC}_GEN_SRCS) + add_executable(testmpin_${TC} ${testmpin_${TC}_GEN_SRCS}) + target_link_libraries(testmpin_${TC} PRIVATE amcl_mpin_${TC}) + + amcl_configure_file_curve(testdvs_ZZZ.c.in testdvs_${TC}.c "${curve}" testdvs_${TC}_GEN_SRCS) + add_executable(testdvs_${TC} ${testdvs_${TC}_GEN_SRCS}) + target_link_libraries(testdvs_${TC} PRIVATE amcl_mpin_${TC}) + endif() + + if(TARGET amcl_wcc_${TC}) + amcl_configure_file_curve(testwcc_ZZZ.c.in testwcc_${TC}.c "${curve}" testwcc_${TC}_GEN_SRCS) + add_executable(testwcc_${TC} ${testwcc_${TC}_GEN_SRCS}) + target_link_libraries(testwcc_${TC} PRIVATE amcl_wcc_${TC}) + + amcl_configure_file_curve(testwcc_dta_ZZZ.c.in testwcc_dta_${TC}.c "${curve}" testwcc_dta_${TC}_GEN_SRCS) + add_executable(testwcc_dta_${TC} ${testwcc_dta_${TC}_GEN_SRCS}) + target_link_libraries(testwcc_dta_${TC} PRIVATE amcl_wcc_${TC}) + endif() + +endforeach() + +foreach(level ${AMCL_RSA}) + amcl_rsa_field(TFF "${level}") + + amcl_configure_file_rsa(testrsa_WWW.c.in testrsa_${TFF}.c "${level}" testrsa_${TFF}_GEN_SRCS) + add_executable(testrsa_${TFF} ${testrsa_${TFF}_GEN_SRCS}) + target_link_libraries(testrsa_${TFF} PRIVATE amcl_rsa_${TFF}) + +endforeach() http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/amcl_build.c ---------------------------------------------------------------------- diff --git a/examples/amcl_build.c b/examples/amcl_build.c new file mode 100644 index 0000000..e2b0f93 --- /dev/null +++ b/examples/amcl_build.c @@ -0,0 +1,32 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* Test version function */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "amcl.h" +#include "version.h" + +int main() +{ + amcl_version(); + return 0; +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/testall.c ---------------------------------------------------------------------- diff --git a/examples/testall.c b/examples/testall.c new file mode 100644 index 0000000..ec961db --- /dev/null +++ b/examples/testall.c @@ -0,0 +1,913 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "ecdh_ED25519.h" +#include "mpin_BN254CX.h" +#include "rsa_2048.h" +#include "rsa_3072.h" +#include "randapi.h" + +#if CHUNK!=16 +#include "ecdh_NIST256.h" +#include "ecdh_GOLDILOCKS.h" +#endif + +int ecdh_ED25519(csprng *RNG) +{ + int i,res; + unsigned long ran; + char *pp="M0ng00se"; + // These octets are automatically protected against buffer overflow attacks + // Note salt must be big enough to include an appended word + // Note ECIES ciphertext C must be big enough to include at least 1 appended block + // Recall EFS_ED25519 is field size in bytes. So EFS_ED25519=32 for 256-bit curve + char s0[2*EGS_ED25519],s1[EGS_ED25519],w0[2*EFS_ED25519+1],w1[2*EFS_ED25519+1],z0[EFS_ED25519],z1[EFS_ED25519],key[EAS_ED25519],salt[40],pw[40]; + octet S0= {0,sizeof(s0),s0}; + octet S1= {0,sizeof(s1),s1}; + octet W0= {0,sizeof(w0),w0}; + octet W1= {0,sizeof(w1),w1}; + octet Z0= {0,sizeof(z0),z0}; + octet Z1= {0,sizeof(z1),z1}; + octet KEY= {0,sizeof(key),key}; + octet SALT= {0,sizeof(salt),salt}; + octet PW= {0,sizeof(pw),pw}; + + SALT.len=8; + for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt + + printf("Alice's Passphrase= %s\n",pp); + + OCT_empty(&PW); + OCT_jstring(&PW,pp); // set Password from string + + // private key S0 of size EGS_ED25519 bytes derived from Password and Salt + + PBKDF2(HASH_TYPE_ECC_ED25519,&PW,&SALT,1000,EGS_ED25519,&S0); + + printf("Alices private key= 0x"); + OCT_output(&S0); + + // Generate Key pair S/W + + ECP_ED25519_KEY_PAIR_GENERATE(NULL,&S0,&W0); + printf("Alices public key= 0x"); + OCT_output(&W0); + + res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W0); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + + // Random private key for other party + ECP_ED25519_KEY_PAIR_GENERATE(RNG,&S1,&W1); + res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W1); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + printf("Servers private key= 0x"); + OCT_output(&S1); + printf("Servers public key= 0x"); + OCT_output(&W1); + + // Calculate common key using DH - IEEE 1363 method + + ECP_ED25519_SVDP_DH(&S0,&W1,&Z0); + ECP_ED25519_SVDP_DH(&S1,&W0,&Z1); + + if (!OCT_comp(&Z0,&Z1)) + { + printf("*** ECPSVDP-DH Failed\n"); + return 0; + } + + KDF2(HASH_TYPE_ECC_ED25519,&Z0,NULL,EAS_ED25519,&KEY); + + printf("Alice's DH Key= 0x"); + OCT_output(&KEY); + printf("Servers DH Key= 0x"); + OCT_output(&KEY); + +#if CURVETYPE_ED25519 != MONTGOMERY + + char ds[EGS_ED25519],p1[30],p2[30],v[2*EFS_ED25519+1],m[32],c[64],t[32],cs[EGS_ED25519]; + octet DS= {0,sizeof(ds),ds}; + octet CS= {0,sizeof(cs),cs}; + octet P1= {0,sizeof(p1),p1}; + octet P2= {0,sizeof(p2),p2}; + octet V= {0,sizeof(v),v}; + octet M= {0,sizeof(m),m}; + octet C= {0,sizeof(c),c}; + octet T= {0,sizeof(t),t}; + + printf("Testing ECIES\n"); + + P1.len=3; + P1.val[0]=0x0; + P1.val[1]=0x1; + P1.val[2]=0x2; + P2.len=4; + P2.val[0]=0x0; + P2.val[1]=0x1; + P2.val[2]=0x2; + P2.val[3]=0x3; + + M.len=17; + for (i=0; i<=16; i++) M.val[i]=i; + + ECP_ED25519_ECIES_ENCRYPT(HASH_TYPE_ECC_ED25519,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T); + + printf("Ciphertext= \n"); + printf("V= 0x"); + OCT_output(&V); + printf("C= 0x"); + OCT_output(&C); + printf("T= 0x"); + OCT_output(&T); + + if (!ECP_ED25519_ECIES_DECRYPT(HASH_TYPE_ECC_ED25519,&P1,&P2,&V,&C,&T,&S1,&M)) + { + printf("*** ECIES Decryption Failed\n"); + return 0; + } + else printf("Decryption succeeded\n"); + + printf("Message is 0x"); + OCT_output(&M); + + + printf("Testing ECDSA\n"); + + if (ECP_ED25519_SP_DSA(HASH_TYPE_ECC_ED25519,RNG,NULL,&S0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Signature Failed\n"); + return 0; + } + + printf("Signature C = 0x"); + OCT_output(&CS); + printf("Signature D = 0x"); + OCT_output(&DS); + + if (ECP_ED25519_VP_DSA(HASH_TYPE_ECC_ED25519,&W0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Verification Failed\n"); + return 0; + } + else + { + printf("ECDSA Signature/Verification succeeded\n"); + } + +#endif + + return 0; +} + +#if CHUNK!=16 +int ecdh_NIST256(csprng *RNG) +{ + int i,res; + unsigned long ran; + char *pp="M0ng00se"; + // These octets are automatically protected against buffer overflow attacks + // Note salt must be big enough to include an appended word + // Note ECIES ciphertext C must be big enough to include at least 1 appended block + // Recall EFS_NIST256 is field size in bytes. So EFS_NIST256=32 for 256-bit curve + char s0[2*EGS_NIST256],s1[EGS_NIST256],w0[2*EFS_NIST256+1],w1[2*EFS_NIST256+1],z0[EFS_NIST256],z1[EFS_NIST256],key[EAS_NIST256],salt[40],pw[40]; + octet S0= {0,sizeof(s0),s0}; + octet S1= {0,sizeof(s1),s1}; + octet W0= {0,sizeof(w0),w0}; + octet W1= {0,sizeof(w1),w1}; + octet Z0= {0,sizeof(z0),z0}; + octet Z1= {0,sizeof(z1),z1}; + octet KEY= {0,sizeof(key),key}; + octet SALT= {0,sizeof(salt),salt}; + octet PW= {0,sizeof(pw),pw}; + + SALT.len=8; + for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt + + printf("Alice's Passphrase= %s\n",pp); + + OCT_empty(&PW); + OCT_jstring(&PW,pp); // set Password from string + + // private key S0 of size EGS_NIST256 bytes derived from Password and Salt + + PBKDF2(HASH_TYPE_ECC_NIST256,&PW,&SALT,1000,EGS_NIST256,&S0); + + printf("Alices private key= 0x"); + OCT_output(&S0); + + // Generate Key pair S/W + + ECP_NIST256_KEY_PAIR_GENERATE(NULL,&S0,&W0); + printf("Alices public key= 0x"); + OCT_output(&W0); + + res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W0); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + + // Random private key for other party + ECP_NIST256_KEY_PAIR_GENERATE(RNG,&S1,&W1); + res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W1); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + printf("Servers private key= 0x"); + OCT_output(&S1); + printf("Servers public key= 0x"); + OCT_output(&W1); + + // Calculate common key using DH - IEEE 1363 method + + ECP_NIST256_SVDP_DH(&S0,&W1,&Z0); + ECP_NIST256_SVDP_DH(&S1,&W0,&Z1); + + if (!OCT_comp(&Z0,&Z1)) + { + printf("*** ECPSVDP-DH Failed\n"); + return 0; + } + + KDF2(HASH_TYPE_ECC_NIST256,&Z0,NULL,EAS_NIST256,&KEY); + + printf("Alice's DH Key= 0x"); + OCT_output(&KEY); + printf("Servers DH Key= 0x"); + OCT_output(&KEY); + +#if CURVETYPE_NIST256 != MONTGOMERY + + char ds[EGS_NIST256],p1[30],p2[30],v[2*EFS_NIST256+1],m[32],c[64],t[32],cs[EGS_NIST256]; + octet DS= {0,sizeof(ds),ds}; + octet CS= {0,sizeof(cs),cs}; + octet P1= {0,sizeof(p1),p1}; + octet P2= {0,sizeof(p2),p2}; + octet V= {0,sizeof(v),v}; + octet M= {0,sizeof(m),m}; + octet C= {0,sizeof(c),c}; + octet T= {0,sizeof(t),t}; + + printf("Testing ECIES\n"); + + P1.len=3; + P1.val[0]=0x0; + P1.val[1]=0x1; + P1.val[2]=0x2; + P2.len=4; + P2.val[0]=0x0; + P2.val[1]=0x1; + P2.val[2]=0x2; + P2.val[3]=0x3; + + M.len=17; + for (i=0; i<=16; i++) M.val[i]=i; + + ECP_NIST256_ECIES_ENCRYPT(HASH_TYPE_ECC_NIST256,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T); + + printf("Ciphertext= \n"); + printf("V= 0x"); + OCT_output(&V); + printf("C= 0x"); + OCT_output(&C); + printf("T= 0x"); + OCT_output(&T); + + if (!ECP_NIST256_ECIES_DECRYPT(HASH_TYPE_ECC_NIST256,&P1,&P2,&V,&C,&T,&S1,&M)) + { + printf("*** ECIES Decryption Failed\n"); + return 0; + } + else printf("Decryption succeeded\n"); + + printf("Message is 0x"); + OCT_output(&M); + + + printf("Testing ECDSA\n"); + + if (ECP_NIST256_SP_DSA(HASH_TYPE_ECC_NIST256,RNG,NULL,&S0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Signature Failed\n"); + return 0; + } + + printf("Signature C = 0x"); + OCT_output(&CS); + printf("Signature D = 0x"); + OCT_output(&DS); + + if (ECP_NIST256_VP_DSA(HASH_TYPE_ECC_NIST256,&W0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Verification Failed\n"); + return 0; + } + else + { + printf("ECDSA Signature/Verification succeeded\n"); + } + +#endif + + return 0; +} + +int ecdh_GOLDILOCKS(csprng *RNG) +{ + int i,res; + unsigned long ran; + char *pp="M0ng00se"; + // These octets are automatically protected against buffer overflow attacks + // Note salt must be big enough to include an appended word + // Note ECIES ciphertext C must be big enough to include at least 1 appended block + // Recall EFS_GOLDILOCKS is field size in bytes. So EFS_GOLDILOCKS=32 for 256-bit curve + char s0[2*EGS_GOLDILOCKS],s1[EGS_GOLDILOCKS],w0[2*EFS_GOLDILOCKS+1],w1[2*EFS_GOLDILOCKS+1],z0[EFS_GOLDILOCKS],z1[EFS_GOLDILOCKS],key[EAS_GOLDILOCKS],salt[40],pw[40]; + octet S0= {0,sizeof(s0),s0}; + octet S1= {0,sizeof(s1),s1}; + octet W0= {0,sizeof(w0),w0}; + octet W1= {0,sizeof(w1),w1}; + octet Z0= {0,sizeof(z0),z0}; + octet Z1= {0,sizeof(z1),z1}; + octet KEY= {0,sizeof(key),key}; + octet SALT= {0,sizeof(salt),salt}; + octet PW= {0,sizeof(pw),pw}; + + SALT.len=8; + for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt + + printf("Alice's Passphrase= %s\n",pp); + + OCT_empty(&PW); + OCT_jstring(&PW,pp); // set Password from string + + // private key S0 of size EGS_GOLDILOCKS bytes derived from Password and Salt + + PBKDF2(HASH_TYPE_ECC_GOLDILOCKS,&PW,&SALT,1000,EGS_GOLDILOCKS,&S0); + + printf("Alices private key= 0x"); + OCT_output(&S0); + + // Generate Key pair S/W + + ECP_GOLDILOCKS_KEY_PAIR_GENERATE(NULL,&S0,&W0); + printf("Alices public key= 0x"); + OCT_output(&W0); + + res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W0); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + + // Random private key for other party + ECP_GOLDILOCKS_KEY_PAIR_GENERATE(RNG,&S1,&W1); + res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W1); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + printf("Servers private key= 0x"); + OCT_output(&S1); + printf("Servers public key= 0x"); + OCT_output(&W1); + + // Calculate common key using DH - IEEE 1363 method + + ECP_GOLDILOCKS_SVDP_DH(&S0,&W1,&Z0); + ECP_GOLDILOCKS_SVDP_DH(&S1,&W0,&Z1); + + if (!OCT_comp(&Z0,&Z1)) + { + printf("*** ECPSVDP-DH Failed\n"); + return 0; + } + + KDF2(HASH_TYPE_ECC_GOLDILOCKS,&Z0,NULL,EAS_GOLDILOCKS,&KEY); + + printf("Alice's DH Key= 0x"); + OCT_output(&KEY); + printf("Servers DH Key= 0x"); + OCT_output(&KEY); + +#if CURVETYPE_GOLDILOCKS != MONTGOMERY + + char ds[EGS_GOLDILOCKS],p1[30],p2[30],v[2*EFS_GOLDILOCKS+1],m[32],c[64],t[32],cs[EGS_GOLDILOCKS]; + octet DS= {0,sizeof(ds),ds}; + octet CS= {0,sizeof(cs),cs}; + octet P1= {0,sizeof(p1),p1}; + octet P2= {0,sizeof(p2),p2}; + octet V= {0,sizeof(v),v}; + octet M= {0,sizeof(m),m}; + octet C= {0,sizeof(c),c}; + octet T= {0,sizeof(t),t}; + + printf("Testing ECIES\n"); + + P1.len=3; + P1.val[0]=0x0; + P1.val[1]=0x1; + P1.val[2]=0x2; + P2.len=4; + P2.val[0]=0x0; + P2.val[1]=0x1; + P2.val[2]=0x2; + P2.val[3]=0x3; + + M.len=17; + for (i=0; i<=16; i++) M.val[i]=i; + + ECP_GOLDILOCKS_ECIES_ENCRYPT(HASH_TYPE_ECC_GOLDILOCKS,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T); + + printf("Ciphertext= \n"); + printf("V= 0x"); + OCT_output(&V); + printf("C= 0x"); + OCT_output(&C); + printf("T= 0x"); + OCT_output(&T); + + if (!ECP_GOLDILOCKS_ECIES_DECRYPT(HASH_TYPE_ECC_GOLDILOCKS,&P1,&P2,&V,&C,&T,&S1,&M)) + { + printf("*** ECIES Decryption Failed\n"); + return 0; + } + else printf("Decryption succeeded\n"); + + printf("Message is 0x"); + OCT_output(&M); + + + printf("Testing ECDSA\n"); + + if (ECP_GOLDILOCKS_SP_DSA(HASH_TYPE_ECC_GOLDILOCKS,RNG,NULL,&S0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Signature Failed\n"); + return 0; + } + + printf("Signature C = 0x"); + OCT_output(&CS); + printf("Signature D = 0x"); + OCT_output(&DS); + + if (ECP_GOLDILOCKS_VP_DSA(HASH_TYPE_ECC_GOLDILOCKS,&W0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Verification Failed\n"); + return 0; + } + else + { + printf("ECDSA Signature/Verification succeeded\n"); + } + +#endif + + return 0; +} +#endif + +#define PERMITS // for time permits ON or OFF +#define PINERROR // For PIN ERROR detection ON or OFF +#define FULL // for M-Pin Full or M-Pin regular + +int mpin_BN254CX(csprng *RNG) +{ + int i,pin,rtn,err; +#ifdef PERMITS + int date=today(); +#else + int date=0; +#endif + unsigned long ran; + char x[PGS_BN254CX],s[PGS_BN254CX],y[PGS_BN254CX],client_id[100],sst[4*PFS_BN254CX],token[2*PFS_BN254CX+1],sec[2*PFS_BN254CX+1],permit[2*PFS_BN254CX+1],xcid[2*PFS_BN254CX+1],xid[2*PFS_BN254CX+1],e[12*PFS_BN254CX],f[12*PFS_BN254CX]; + char hcid[PFS_BN254CX],hsid[PFS_BN254CX],hid[2*PFS_BN254CX+1],htid[2*PFS_BN254CX+1],h[PGS_BN254CX]; +#ifdef FULL + char r[PGS_BN254CX],z[2*PFS_BN254CX+1],w[PGS_BN254CX],t[2*PFS_BN254CX+1]; + char g1[12*PFS_BN254CX],g2[12*PFS_BN254CX]; + char ck[MPIN_PAS],sk[MPIN_PAS]; +#endif + octet S= {0,sizeof(s),s}; + octet X= {0,sizeof(x),x}; + octet Y= {0,sizeof(y),y}; + octet H= {0,sizeof(h),h}; + octet CLIENT_ID= {0,sizeof(client_id),client_id}; + octet SST= {0,sizeof(sst),sst}; + octet TOKEN= {0,sizeof(token),token}; + octet SEC= {0,sizeof(sec),sec}; + octet PERMIT= {0,sizeof(permit),permit}; + octet xCID= {0,sizeof(xcid),xcid}; + octet xID= {0,sizeof(xid),xid}; + octet HCID= {0,sizeof(hcid),hcid}; + octet HSID= {0,sizeof(hsid),hsid}; + octet HID= {0,sizeof(hid),hid}; + octet HTID= {0,sizeof(htid),htid}; + octet E= {0,sizeof(e),e}; + octet F= {0,sizeof(f),f}; +#ifdef FULL + octet R= {0,sizeof(r),r}; + octet Z= {0,sizeof(z),z}; + octet W= {0,sizeof(w),w}; + octet T= {0,sizeof(t),t}; + octet G1= {0,sizeof(g1),g1}; + octet G2= {0,sizeof(g2),g2}; + octet SK= {0,sizeof(sk),sk}; + octet CK= {0,sizeof(ck),ck}; +#endif + octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID; + char idhex[100]; + + // Trusted Authority set-up + MPIN_BN254CX_RANDOM_GENERATE(RNG,&S); + printf("Master Secret= "); + OCT_output(&S); + + // Create Client Identity + OCT_jstring(&CLIENT_ID,"[email protected]"); + HASH_ID(HASH_TYPE_MPIN_BN254CX,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide! + + printf("Client ID Hash= "); + OCT_output(&HCID); + printf("\n"); + + OCT_toHex(&CLIENT_ID,idhex); + printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n"); + + MPIN_BN254CX_GET_CLIENT_SECRET(&S,&HCID,&TOKEN); + printf("Client Secret= "); + OCT_output(&TOKEN); + +// Client and Server are issued secrets by DTA + MPIN_BN254CX_GET_SERVER_SECRET(&S,&SST); + printf("Server Secret= "); + OCT_output(&SST); + + + + // Client extracts PIN from secret to create Token + pin=1234; + printf("Client extracts PIN= %d\n",pin); + MPIN_BN254CX_EXTRACT_PIN(HASH_TYPE_MPIN_BN254CX,&CLIENT_ID,pin,&TOKEN); + printf("Client Token= "); + OCT_output(&TOKEN); + +#ifdef FULL + MPIN_BN254CX_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2); +#endif + +#ifdef PERMITS + // Client gets "Time Permit" from DTA + printf("Client gets Time Permit\n"); + + MPIN_BN254CX_GET_CLIENT_PERMIT(HASH_TYPE_MPIN_BN254CX,date,&S,&HCID,&PERMIT); + printf("Time Permit= "); + OCT_output(&PERMIT); + + // This encoding makes Time permit look random + if (MPIN_BN254CX_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n"); + // printf("Encoded Time Permit= "); OCT_output(&PERMIT); + if (MPIN_BN254CX_DECODING(&PERMIT)!=0) printf("Decoding error\n"); + // printf("Decoded Time Permit= "); OCT_output(&PERMIT); +#endif + + // MPin Protocol + + // Client enters PIN + //printf("\nPIN= "); + //if(scanf("%d",&pin)) {}; + // to avoid silly compile error + //getchar(); + pin = 1234; + + // Set date=0 and PERMIT=NULL if time permits not in use + + // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC + // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID))) + // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG + + // HSID - hashed client ID as calculated by the server + // HCID - hashed client ID as calculated by the client + + // IMPORTANT: To save space and time.. + // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only + // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required + // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only. + + + + pxID=&xID; + pxCID=&xCID; + pHID=&HID; + pHTID=&HTID; + pE=&E; + pF=&F; + pPERMIT=&PERMIT; + +#ifdef PERMITS + prHID=pHTID; +#ifndef PINERROR + pxID=NULL; +// pHID=NULL; //new +#endif +#else + prHID=pHID; + pPERMIT=NULL; + pxCID=NULL; + pHTID=NULL; +#endif +#ifndef PINERROR + pE=NULL; + pF=NULL; +#endif + + // When set only send hashed IDs to server + octet *pID; +#ifdef USE_ANONYMOUS + pID = &HCID; +#else + pID = &CLIENT_ID; +#endif + +#ifdef SINGLE_PASS + int timeValue; + printf("MPIN Single Pass\n"); + timeValue = MPIN_BN254CX_GET_TIME(); + + rtn=MPIN_BN254CX_CLIENT(HASH_TYPE_MPIN_BN254CX,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y); + + if (rtn != 0) + { + printf("MPIN_BN254CX_CLIENT ERROR %d\n", rtn); + return 1; + } + +#ifdef FULL + MPIN_BN254CX_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r +#endif + + + rtn=MPIN_BN254CX_SERVER(HASH_TYPE_MPIN_BN254CX,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue); + +#ifdef FULL + HASH_ID(HASH_TYPE_MPIN_BN254CX,&CLIENT_ID,&HSID); // new + MPIN_BN254CX_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w +#endif + +#else // SINGLE_PASS + printf("MPIN Multi Pass\n"); + if (MPIN_BN254CX_CLIENT_1(HASH_TYPE_MPIN_BN254CX,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0) + { + printf("Error from Client side - First Pass\n"); + return 0; + } + + // Send U=x.ID to server, and recreate secret from token and pin + +#ifdef FULL + HASH_ID(HASH_TYPE_MPIN_BN254CX,&CLIENT_ID,&HCID); + MPIN_BN254CX_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component +#endif + + // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. + MPIN_BN254CX_SERVER_1(HASH_TYPE_MPIN_BN254CX,date,pID,pHID,pHTID); + + // Server generates Random number Y and sends it to Client + MPIN_BN254CX_RANDOM_GENERATE(RNG,&Y); + +#ifdef FULL + HASH_ID(HASH_TYPE_MPIN_BN254CX,&CLIENT_ID,&HSID); //new + MPIN_BN254CX_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component +#endif + + // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC + if (MPIN_BN254CX_CLIENT_2(&X,&Y,&SEC)!=0) + { + printf("Error from Client side - Second Pass\n"); + return 1; + } + + // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. + // If PIN error not required, set E and F = NULL + rtn=MPIN_BN254CX_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL); +#endif // SINGLE_PASS + + if (rtn!=0) + { + printf("Server says - Bad Pin.\n"); +#ifdef PINERROR + + err=MPIN_BN254CX_KANGAROO(&E,&F); + if (err) printf("(Client PIN is out by %d)\n",err); + +#endif + return 1; + } + else + { + printf("Server says - PIN is good! You really are "); + OCT_output_string(&CLIENT_ID); + printf(".\n"); + } + +#ifdef FULL + + HASH_ALL(HASH_TYPE_MPIN_BN254CX,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new + MPIN_BN254CX_CLIENT_KEY(HASH_TYPE_MPIN_BN254CX,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H + printf("Client Key = "); + OCT_output(&CK); + + HASH_ALL(HASH_TYPE_MPIN_BN254CX,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); + MPIN_BN254CX_SERVER_KEY(HASH_TYPE_MPIN_BN254CX,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID + printf("Server Key = "); + OCT_output(&SK); +#endif + return 0; +} + +int rsa_2048(csprng *RNG) +{ + int i; + unsigned long ran; + char m[RFS_2048],ml[RFS_2048],c[RFS_2048],e[RFS_2048],s[RFS_2048]; + rsa_public_key_2048 pub; + rsa_private_key_2048 priv; + + octet M= {0,sizeof(m),m}; + octet ML= {0,sizeof(ml),ml}; + octet C= {0,sizeof(c),c}; + octet E= {0,sizeof(e),e}; + octet S= {0,sizeof(s),s}; + + printf("Generating public/private key pair\n"); + RSA_2048_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL); + + printf("Encrypting test string\n"); + OCT_jstring(&M,(char *)"Hello World\n"); + + OAEP_ENCODE(HASH_TYPE_RSA_2048,&M,RNG,NULL,&E); // OAEP encode message m to e + + RSA_2048_ENCRYPT(&pub,&E,&C); // encrypt encoded message + printf("Ciphertext= "); + OCT_output(&C); + + printf("Decrypting test string\n"); + RSA_2048_DECRYPT(&priv,&C,&ML); // ... and then decrypt it + + OAEP_DECODE(HASH_TYPE_RSA_2048,NULL,&ML); // decode it + OCT_output_string(&ML); + + printf("Signing message\n"); + PKCS15(HASH_TYPE_RSA_2048,&M,&C); + + RSA_2048_DECRYPT(&priv,&C,&S); // create signature in S + + printf("Signature= "); + OCT_output(&S); + + RSA_2048_ENCRYPT(&pub,&S,&ML); + + if (OCT_comp(&C,&ML)) printf("Signature is valid\n"); + else printf("Signature is INVALID\n"); + + RSA_2048_PRIVATE_KEY_KILL(&priv); + + OCT_clear(&M); + OCT_clear(&ML); // clean up afterwards + OCT_clear(&C); + OCT_clear(&E); + + return 0; +} + + +int rsa_3072(csprng *RNG) +{ + int i; + unsigned long ran; + char m[RFS_3072],ml[RFS_3072],c[RFS_3072],e[RFS_3072],s[RFS_3072]; + rsa_public_key_3072 pub; + rsa_private_key_3072 priv; + + octet M= {0,sizeof(m),m}; + octet ML= {0,sizeof(ml),ml}; + octet C= {0,sizeof(c),c}; + octet E= {0,sizeof(e),e}; + octet S= {0,sizeof(s),s}; + + printf("Generating public/private key pair\n"); + RSA_3072_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL); + + printf("Encrypting test string\n"); + OCT_jstring(&M,(char *)"Hello World\n"); + + OAEP_ENCODE(HASH_TYPE_RSA_3072,&M,RNG,NULL,&E); // OAEP encode message m to e + + RSA_3072_ENCRYPT(&pub,&E,&C); // encrypt encoded message + printf("Ciphertext= "); + OCT_output(&C); + + printf("Decrypting test string\n"); + RSA_3072_DECRYPT(&priv,&C,&ML); // ... and then decrypt it + + OAEP_DECODE(HASH_TYPE_RSA_3072,NULL,&ML); // decode it + OCT_output_string(&ML); + + printf("Signing message\n"); + PKCS15(HASH_TYPE_RSA_3072,&M,&C); + + RSA_3072_DECRYPT(&priv,&C,&S); // create signature in S + + printf("Signature= "); + OCT_output(&S); + + RSA_3072_ENCRYPT(&pub,&S,&ML); + + if (OCT_comp(&C,&ML)) printf("Signature is valid\n"); + else printf("Signature is INVALID\n"); + + RSA_3072_PRIVATE_KEY_KILL(&priv); + + OCT_clear(&M); + OCT_clear(&ML); // clean up afterwards + OCT_clear(&C); + OCT_clear(&E); + + return 0; +} + + +int main() +{ + int i,res; + unsigned long ran; + + char raw[100]; + octet RAW= {0,sizeof(raw),raw}; + csprng RNG; // Crypto Strong RNG + + time((time_t *)&ran); + + RAW.len=100; // fake random seed source + RAW.val[0]=ran; + RAW.val[1]=ran>>8; + RAW.val[2]=ran>>16; + RAW.val[3]=ran>>24; + for (i=0; i<100; i++) RAW.val[i]=i; + + CREATE_CSPRNG(&RNG,&RAW); // initialise strong RNG + + printf("\nTesting MPIN protocols for curve BN254CX\n"); + mpin_BN254CX(&RNG); + printf("\nTesting ECDH protocols for curve ED25519\n"); + ecdh_ED25519(&RNG); +#if CHUNK!=16 + printf("\nTesting ECDH protocols for curve NIST256\n"); + ecdh_NIST256(&RNG); + printf("\nTesting ECDH protocols for curve GOLDILOCKS\n"); + ecdh_GOLDILOCKS(&RNG); +#endif + printf("\nTesting RSA protocols for 2048-bit RSA\n"); + rsa_2048(&RNG); + + printf("\nTesting RSA protocols for 3072-bit RSA\n"); + rsa_3072(&RNG); + + KILL_CSPRNG(&RNG); +} + + + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/testdvs_ZZZ.c.in ---------------------------------------------------------------------- diff --git a/examples/testdvs_ZZZ.c.in b/examples/testdvs_ZZZ.c.in new file mode 100644 index 0000000..1168d9a --- /dev/null +++ b/examples/testdvs_ZZZ.c.in @@ -0,0 +1,308 @@ +/** + * @file test_mpin_ZZZ.c + * @author Kealan McCusker + * @brief Test good token and correct PIN with D-TA. Single pass + * + * LICENSE + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/* Test Designated Verifier Signature (DVS) scheme */ + +/* Build executible after installation: + + gcc -std=c99 -g ./testdvs.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl_mpin_ZZZ -lamcl_pairing_ZZZ -lamcl_curve_ZZZ -lamcl_core -o testdvs + +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "config_curve_ZZZ.h" +#include "randapi.h" +#if CURVE_SECURITY_ZZZ == 128 +#include "mpin_ZZZ.h" +#elif CURVE_SECURITY_ZZZ == 192 +#include "mpin192_ZZZ.h" +#elif CURVE_SECURITY_ZZZ == 256 +#include "mpin256_ZZZ.h" +#endif + +// Support multiple security levels +#if CURVE_SECURITY_ZZZ == 128 +#define G2LEN 4*PFS_ZZZ +#elif CURVE_SECURITY_ZZZ == 192 +#define G2LEN 8*PFS_ZZZ +#elif CURVE_SECURITY_ZZZ == 256 +#define G2LEN 16*PFS_ZZZ +#endif + +int main() +{ + int i,PIN1,PIN2,rtn; + + char id[256+G2LEN]; + octet ID = {0,sizeof(id),id}; + + // Message to sign + char m[256]; + octet M= {0,sizeof(m),m}; + + /* Hash of the message */ + char hm[PFS_ZZZ]; + octet HM= {0,sizeof(hm), hm}; + + char x[PGS_ZZZ],y1[PGS_ZZZ],y2[PGS_ZZZ]; + octet X= {0, sizeof(x),x}; + octet Y1= {0,sizeof(y1),y1}; + octet Y2= {0,sizeof(y2),y2}; + + /* Master secret shares */ + char ms1[PGS_ZZZ], ms2[PGS_ZZZ]; + octet MS1= {0,sizeof(ms1),ms1}; + octet MS2= {0,sizeof(ms2),ms2}; + + /* Hash values of Client ID */ + char hcid[PFS_ZZZ]; + octet HCID= {0,sizeof(hcid), hcid}; + + /* Client secret and shares */ + char cs1[2*PFS_ZZZ+1], cs2[2*PFS_ZZZ+1], sec[2*PFS_ZZZ+1]; + octet SEC= {0,sizeof(sec),sec}; + octet CS1= {0,sizeof(cs1), cs1}; + octet CS2= {0,sizeof(cs2), cs2}; + + /* Client Public Key and z */ + char z[PGS_ZZZ], pa[G2LEN]; + octet Z= {0,sizeof(z),z}; + octet Pa= {0,sizeof(pa),pa}; + + /* Server secret and shares */ + char ss1[G2LEN], ss2[G2LEN], serverSecret[G2LEN]; + octet ServerSecret= {0,sizeof(serverSecret),serverSecret}; + octet SS1= {0,sizeof(ss1),ss1}; + octet SS2= {0,sizeof(ss2),ss2}; + + /* Token stored on computer */ + char token[2*PFS_ZZZ+1]; + octet TOKEN= {0,sizeof(token),token}; + + char u[2*PFS_ZZZ+1]; + octet U= {0,sizeof(u),u}; + + char hid[2*PFS_ZZZ+1]; + octet HID= {0,sizeof(hid),hid}; + + int TimeValue = 0; + + PIN1 = 1234; + PIN2 = 1234; + + /* Assign the End-User an ID */ + char* user = "[email protected]"; + OCT_jstring(&ID,user); + printf("CLIENT: ID %s\n", user); + + char seed[32] = {0}; + octet SEED = {0,sizeof(seed),seed}; + csprng RNG; + + /* unrandom seed value! */ + SEED.len=32; + for (i=0; i<32; i++) SEED.val[i]=i+1; + + /* initialise random number generator */ + CREATE_CSPRNG(&RNG,&SEED); + + /* Generate random public key and z */ + rtn = MPIN_ZZZ_GET_DVS_KEYPAIR(&RNG,&Z,&Pa); + if (rtn!=0) + { + printf("MPIN_ZZZ_GET_DVS_KEYPAIR(&RNG,&Z,&Pa) Error %d\n", rtn); + return 1; + } + printf("Z: 0x"); + OCT_output(&Z); + printf("Pa: 0x"); + OCT_output(&Pa); + + /* Append Pa to ID */ + OCT_joctet(&ID,&Pa); + printf("ID|Pa: 0x"); + OCT_output(&ID); + + /* Hash ID */ + HASH_ID(HASH_TYPE_ZZZ,&ID,&HCID); + printf("HCID: 0x"); + OCT_output(&HCID); + + /* Generate Client master secret for MIRACL and Customer */ + rtn = MPIN_ZZZ_RANDOM_GENERATE(&RNG,&MS1); + if (rtn != 0) + { + printf("MPIN_ZZZ_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn); + return 1; + } + rtn = MPIN_ZZZ_RANDOM_GENERATE(&RNG,&MS2); + if (rtn != 0) + { + printf("MPIN_ZZZ_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn); + return 1; + } + printf("MASTER SECRET MIRACL:= 0x"); + OCT_output(&MS1); + printf("MASTER SECRET CUSTOMER:= 0x"); + OCT_output(&MS2); + + /* Generate server secret shares */ + rtn = MPIN_ZZZ_GET_SERVER_SECRET(&MS1,&SS1); + if (rtn != 0) + { + printf("MPIN_ZZZ_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn); + return 1; + } + rtn = MPIN_ZZZ_GET_SERVER_SECRET(&MS2,&SS2); + if (rtn != 0) + { + printf("MPIN_ZZZ_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn); + return 1; + } + printf("SS1 = 0x"); + OCT_output(&SS1); + printf("SS2 = 0x"); + OCT_output(&SS2); + + /* Combine server secret share */ + rtn = MPIN_ZZZ_RECOMBINE_G2(&SS1, &SS2, &ServerSecret); + if (rtn != 0) + { + printf("MPIN_ZZZ_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn); + return 1; + } + printf("ServerSecret = 0x"); + OCT_output(&ServerSecret); + + /* Generate client secret shares */ + rtn = MPIN_ZZZ_GET_CLIENT_SECRET(&MS1,&HCID,&CS1); + if (rtn != 0) + { + printf("MPIN_ZZZ_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn); + return 1; + } + rtn = MPIN_ZZZ_GET_CLIENT_SECRET(&MS2,&HCID,&CS2); + if (rtn != 0) + { + printf("MPIN_ZZZ_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn); + return 1; + } + printf("CS1 = 0x"); + OCT_output(&CS1); + printf("CS2 = 0x"); + OCT_output(&CS2); + + /* Combine client secret shares : TOKEN is the full client secret */ + rtn = MPIN_ZZZ_RECOMBINE_G1(&CS1, &CS2, &TOKEN); + if (rtn != 0) + { + printf("MPIN_ZZZ_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn); + return 1; + } + printf("Client Secret CS = 0x"); + OCT_output(&TOKEN); + + /* Compute client secret for key escrow less scheme z.CS */ + rtn = MPIN_ZZZ_GET_G1_MULTIPLE(NULL,0,&Z,&TOKEN,&TOKEN); + if (rtn != 0) + { + printf("MPIN_ZZZ_GET_G1_MULTIPLE(NULL,0,&Z,&CS,&CS) Error %d\n", rtn); + return 1; + } + printf("z.CS: 0x"); + OCT_output(&TOKEN); + + /* Client extracts PIN1 from secret to create Token */ + rtn = MPIN_ZZZ_EXTRACT_PIN(HASH_TYPE_ZZZ,&ID, PIN1, &TOKEN); + if (rtn != 0) + { + printf("MPIN_ZZZ_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn); + return 1; + } + printf("Token = 0x"); + OCT_output(&TOKEN); + + /* Client: Sign message */ + TimeValue = GET_TIME(); + printf("TimeValue %d \n", TimeValue); + char* message = "sign this message"; + OCT_jstring(&M,message); + HASH_ID(HASH_TYPE_ZZZ,&M,&HM); + printf("HM: 0x"); + OCT_output(&HM); + + rtn = MPIN_ZZZ_CLIENT(HASH_TYPE_ZZZ,0,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,NULL,NULL,&HM,TimeValue,&Y1); + if (rtn != 0) + { + printf("MPIN_ZZZ_CLIENT ERROR %d\n", rtn); + return 1; + } + printf("Send to server:\n"); + printf("ID:"); + OCT_output(&ID); + printf("U:"); + OCT_output(&U); + printf("V:"); + OCT_output(&SEC); + printf("TimeValue %d\n", TimeValue); + + /* Server: Verify message */ + rtn = MPIN_ZZZ_SERVER(HASH_TYPE_ZZZ,0,&HID,NULL,&Y2,&ServerSecret,&U,NULL,&SEC,NULL,NULL,&ID,&HM,TimeValue,&Pa); + if (rtn != 0) + { + printf("FAILURE Signature Verification %d\n", rtn); + } + else + { + printf("SUCCESS Error Code %d\n", rtn); + } + + /* clear memory */ + OCT_clear(&ID); + OCT_clear(&X); + OCT_clear(&Y1); + OCT_clear(&Y2); + OCT_clear(&MS1); + OCT_clear(&MS2); + OCT_clear(&HCID); + OCT_clear(&SEC); + OCT_clear(&CS1); + OCT_clear(&CS2); + OCT_clear(&ServerSecret); + OCT_clear(&SS1); + OCT_clear(&SS2); + OCT_clear(&TOKEN); + OCT_clear(&U); + OCT_clear(&HID); + OCT_clear(&SEED); + OCT_clear(&Z); + OCT_clear(&Pa); + + KILL_CSPRNG(&RNG); + return 0; +} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/testecdh_ZZZ.c.in ---------------------------------------------------------------------- diff --git a/examples/testecdh_ZZZ.c.in b/examples/testecdh_ZZZ.c.in new file mode 100644 index 0000000..1bbfc29 --- /dev/null +++ b/examples/testecdh_ZZZ.c.in @@ -0,0 +1,231 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "ecdh_ZZZ.h" +#include "ecdh_support.h" +#include "randapi.h" + +int ecdh(csprng *RNG) +{ + int i,res; + char *pp="M0ng00se"; + /* These octets are automatically protected against buffer overflow attacks */ + /* Note salt must be big enough to include an appended word */ + /* Note ECIES ciphertext C must be big enough to include at least 1 appended block */ + /* Recall EFS_ZZZ is field size in bytes. So EFS_ZZZ=32 for 256-bit curve */ + char s0[2*EGS_ZZZ],s1[EGS_ZZZ],w0[2*EFS_ZZZ+1],w1[2*EFS_ZZZ+1],z0[EFS_ZZZ],z1[EFS_ZZZ],key[AESKEY_ZZZ],salt[40],pw[40]; + octet S0= {0,sizeof(s0),s0}; + octet S1= {0,sizeof(s1),s1}; + octet W0= {0,sizeof(w0),w0}; + octet W1= {0,sizeof(w1),w1}; + octet Z0= {0,sizeof(z0),z0}; + octet Z1= {0,sizeof(z1),z1}; + octet KEY= {0,sizeof(key),key}; + octet SALT= {0,sizeof(salt),salt}; + octet PW= {0,sizeof(pw),pw}; + + SALT.len=8; + for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt + + printf("Alice's Passphrase= %s\n",pp); + + OCT_empty(&PW); + OCT_jstring(&PW,pp); // set Password from string + + /* private key S0 of size EGS_ZZZ bytes derived from Password and Salt */ + + PBKDF2(HASH_TYPE_ZZZ,&PW,&SALT,1000,EGS_ZZZ,&S0); + + printf("Alices private key= 0x"); + OCT_output(&S0); + + /* Generate Key pair S/W */ + + ECP_ZZZ_KEY_PAIR_GENERATE(NULL,&S0,&W0); + printf("Alices public key= 0x"); + OCT_output(&W0); + + res=ECP_ZZZ_PUBLIC_KEY_VALIDATE(&W0); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + + /* Random private key for other party */ + ECP_ZZZ_KEY_PAIR_GENERATE(RNG,&S1,&W1); + res=ECP_ZZZ_PUBLIC_KEY_VALIDATE(&W1); + if (res!=0) + { + printf("ECP Public Key is invalid!\n"); + return 0; + } + printf("Servers private key= 0x"); + OCT_output(&S1); + printf("Servers public key= 0x"); + OCT_output(&W1); + + /* Calculate common key using DH - IEEE 1363 method */ + + ECP_ZZZ_SVDP_DH(&S0,&W1,&Z0); + ECP_ZZZ_SVDP_DH(&S1,&W0,&Z1); + + if (!OCT_comp(&Z0,&Z1)) + { + printf("*** ECPSVDP-DH Failed\n"); + return 0; + } + + KDF2(HASH_TYPE_ZZZ,&Z0,NULL,AESKEY_ZZZ,&KEY); + + printf("Alice's DH Key= 0x"); + OCT_output(&KEY); + printf("Servers DH Key= 0x"); + OCT_output(&KEY); + +#if CURVETYPE_ZZZ != MONTGOMERY + + char ds[EGS_ZZZ],p1[30],p2[30],v[2*EFS_ZZZ+1],m[32],c[64],t[32],cs[EGS_ZZZ]; + octet DS= {0,sizeof(ds),ds}; + octet CS= {0,sizeof(cs),cs}; + octet P1= {0,sizeof(p1),p1}; + octet P2= {0,sizeof(p2),p2}; + octet V= {0,sizeof(v),v}; + octet M= {0,sizeof(m),m}; + octet C= {0,sizeof(c),c}; + octet T= {0,sizeof(t),t}; + + printf("Testing ECIES\n"); + + P1.len=3; + P1.val[0]=0x0; + P1.val[1]=0x1; + P1.val[2]=0x2; + P2.len=4; + P2.val[0]=0x0; + P2.val[1]=0x1; + P2.val[2]=0x2; + P2.val[3]=0x3; + + M.len=17; + for (i=0; i<=16; i++) M.val[i]=i; + + ECP_ZZZ_ECIES_ENCRYPT(HASH_TYPE_ZZZ,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T); + + printf("Ciphertext= \n"); + printf("V= 0x"); + OCT_output(&V); + printf("C= 0x"); + OCT_output(&C); + printf("T= 0x"); + OCT_output(&T); + + if (!ECP_ZZZ_ECIES_DECRYPT(HASH_TYPE_ZZZ,&P1,&P2,&V,&C,&T,&S1,&M)) + { + printf("*** ECIES Decryption Failed\n"); + return 0; + } + else printf("Decryption succeeded\n"); + + printf("Message is 0x"); + OCT_output(&M); + + + printf("Testing ECDSA\n"); + + if (ECP_ZZZ_SP_DSA(HASH_TYPE_ZZZ,RNG,NULL,&S0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Signature Failed\n"); + return 0; + } + + printf("Signature C = 0x"); + OCT_output(&CS); + printf("Signature D = 0x"); + OCT_output(&DS); + + if (ECP_ZZZ_VP_DSA(HASH_TYPE_ZZZ,&W0,&M,&CS,&DS)!=0) + { + printf("***ECDSA Verification Failed\n"); + return 0; + } + else + { + printf("ECDSA Signature/Verification succeeded\n"); + } + +#endif + + /* clear memory */ + OCT_clear(&S0); + OCT_clear(&S1); + OCT_clear(&W0); + OCT_clear(&W1); + OCT_clear(&Z0); + OCT_clear(&Z1); + OCT_clear(&KEY); + OCT_clear(&SALT); + OCT_clear(&PW); +#if CURVETYPE_ZZZ != MONTGOMERY + OCT_clear(&DS); + OCT_clear(&CS); + OCT_clear(&P1); + OCT_clear(&P2); + OCT_clear(&V); + OCT_clear(&M); + OCT_clear(&C); + OCT_clear(&T); +#endif + return 0; +} + +int main() +{ + int i; + unsigned long ran; + + char raw[100]; + octet RAW= {0,sizeof(raw),raw}; + /* Crypto Strong RNG */ + csprng RNG; + + time((time_t *)&ran); + + /* fake random seed source */ + RAW.len=100; + RAW.val[0]=ran; + RAW.val[1]=ran>>8; + RAW.val[2]=ran>>16; + RAW.val[3]=ran>>24; + for (i=0; i<100; i++) RAW.val[i]=i+1; + + /* initialise strong RNG */ + CREATE_CSPRNG(&RNG,&RAW); + + ecdh(&RNG); + + KILL_CSPRNG(&RNG); +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/testmpin_ZZZ.c.in ---------------------------------------------------------------------- diff --git a/examples/testmpin_ZZZ.c.in b/examples/testmpin_ZZZ.c.in new file mode 100644 index 0000000..0fbeb6b --- /dev/null +++ b/examples/testmpin_ZZZ.c.in @@ -0,0 +1,372 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* test driver and function exerciser for MPIN Functions */ +/* Version 3.0 - supports Time Permits */ + +/* Build executible after installation: + + gcc -std=c99 -g ./testmpin.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl_mpin_ZZZ -lamcl_pairing_ZZZ -lamcl_curve_ZZZ -lamcl_core -o testmpin_ZZZ + +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "config_curve_ZZZ.h" +#include "randapi.h" +#if CURVE_SECURITY_ZZZ == 128 +#include "mpin_ZZZ.h" +#elif CURVE_SECURITY_ZZZ == 192 +#include "mpin192_ZZZ.h" +#elif CURVE_SECURITY_ZZZ == 256 +#include "mpin256_ZZZ.h" +#endif + +// Support multiple security levels +#if CURVE_SECURITY_ZZZ == 128 +#define G2LEN 4*PFS_ZZZ +#elif CURVE_SECURITY_ZZZ == 192 +#define G2LEN 8*PFS_ZZZ +#elif CURVE_SECURITY_ZZZ == 256 +#define G2LEN 16*PFS_ZZZ +#endif +#define GTLEN 3*G2LEN + +//#define PERMITS /* for time permits ON or OFF */ +#define PINERROR /* For PIN ERROR detection ON or OFF */ +#define FULL /* for M-Pin Full or M-Pin regular */ +//#define SINGLE_MPIN_PASS /* SINGLE MPIN_PASS M-Pin */ + +int mpin(csprng *RNG) +{ + int pin,pin2,rtn,err; +#ifdef PERMITS + int date=today(); +#else + int date=0; +#endif + char x[PGS_ZZZ],s[PGS_ZZZ],y[PGS_ZZZ],client_id[100],sst[G2LEN],token[2*PFS_ZZZ+1],sec[2*PFS_ZZZ+1],permit[2*PFS_ZZZ+1],xcid[2*PFS_ZZZ+1],xid[2*PFS_ZZZ+1],e[GTLEN],f[GTLEN]; + char hcid[PFS_ZZZ],hsid[PFS_ZZZ],hid[2*PFS_ZZZ+1],htid[2*PFS_ZZZ+1],h[PGS_ZZZ]; +#ifdef FULL + char r[PGS_ZZZ],z[2*PFS_ZZZ+1],w[PGS_ZZZ],t[2*PFS_ZZZ+1]; + char g1[GTLEN],g2[GTLEN]; + char ck[AESKEY_ZZZ],sk[AESKEY_ZZZ]; +#endif + octet S= {0,sizeof(s),s}; + octet X= {0,sizeof(x),x}; + octet Y= {0,sizeof(y),y}; + octet H= {0,sizeof(h),h}; + octet CLIENT_ID= {0,sizeof(client_id),client_id}; + octet SST= {0,sizeof(sst),sst}; + octet TOKEN= {0,sizeof(token),token}; + octet SEC= {0,sizeof(sec),sec}; + octet PERMIT= {0,sizeof(permit),permit}; + octet xCID= {0,sizeof(xcid),xcid}; + octet xID= {0,sizeof(xid),xid}; + octet HCID= {0,sizeof(hcid),hcid}; + octet HSID= {0,sizeof(hsid),hsid}; + octet HID= {0,sizeof(hid),hid}; + octet HTID= {0,sizeof(htid),htid}; + octet E= {0,sizeof(e),e}; + octet F= {0,sizeof(f),f}; +#ifdef FULL + octet R= {0,sizeof(r),r}; + octet Z= {0,sizeof(z),z}; + octet W= {0,sizeof(w),w}; + octet T= {0,sizeof(t),t}; + octet G1= {0,sizeof(g1),g1}; + octet G2= {0,sizeof(g2),g2}; + octet SK= {0,sizeof(sk),sk}; + octet CK= {0,sizeof(ck),ck}; +#endif + octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID; + char idhex[100]; + + /* Trusted Authority set-up */ + MPIN_ZZZ_RANDOM_GENERATE(RNG,&S); + printf("Master Secret= "); + OCT_output(&S); + + /* Create Client Identity */ + OCT_jstring(&CLIENT_ID,"[email protected]"); + HASH_ID(HASH_TYPE_ZZZ,&CLIENT_ID,&HCID); /* Either Client or TA calculates Hash(ID) - you decide! */ + + printf("Client ID Hash= "); + OCT_output(&HCID); + printf("\n"); + + OCT_toHex(&CLIENT_ID,idhex); + printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n"); + + /* Client and Server are issued secrets by DTA */ + MPIN_ZZZ_GET_SERVER_SECRET(&S,&SST); + printf("Server Secret= "); + OCT_output(&SST); + + MPIN_ZZZ_GET_CLIENT_SECRET(&S,&HCID,&TOKEN); + printf("Client Secret= "); + OCT_output(&TOKEN); + + /* Client extracts PIN from secret to create Token */ + pin=1234; + printf("Client extracts PIN= %d\n",pin); + MPIN_ZZZ_EXTRACT_PIN(HASH_TYPE_ZZZ,&CLIENT_ID,pin,&TOKEN); + printf("Client Token= "); + OCT_output(&TOKEN); + +#ifdef FULL + MPIN_ZZZ_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2); +#endif + + /* Client extracts PIN2 generated from bio-metric from token */ + pin2=1212; + printf("Client extracts PIN= %d\n",pin2); + MPIN_ZZZ_EXTRACT_FACTOR(HASH_TYPE_ZZZ,&CLIENT_ID,pin2,14,&TOKEN); + printf("Client Token= "); + OCT_output(&TOKEN); + +#ifdef PERMITS + /* Client gets "Time Permit" from DTA */ + printf("Client gets Time Permit\n"); + + MPIN_ZZZ_GET_CLIENT_PERMIT(HASH_TYPE_ZZZ,date,&S,&HCID,&PERMIT); + printf("Time Permit= "); + OCT_output(&PERMIT); + + /* This encoding makes Time permit look random */ + if (MPIN_ZZZ_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n"); + /* printf("Encoded Time Permit= "); OCT_output(&PERMIT); */ + if (MPIN_ZZZ_DECODING(&PERMIT)!=0) printf("Decoding error\n"); + /* printf("Decoded Time Permit= "); OCT_output(&PERMIT); */ +#endif + + /* MPin Protocol */ + + /* Client adds PIN2 generated from bio-metric to token */ + printf("Client adds PIN= %d\n",pin2); + MPIN_ZZZ_RESTORE_FACTOR(HASH_TYPE_ZZZ,&CLIENT_ID,pin2,14,&TOKEN); + printf("Client Token= "); + OCT_output(&TOKEN); + + /* Client enters PIN */ + printf("\nPIN= "); + if(scanf("%d",&pin)) {}; + /* to avoid silly compile error */ + getchar(); + + /* Set date=0 and PERMIT=NULL if time permits not in use + + Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC + If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID))) + Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG + + HSID - hashed client ID as calculated by the server + HCID - hashed client ID as calculated by the client + + IMPORTANT: To save space and time.. + If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only + If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required + If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only. + + */ + + pxID=&xID; + pxCID=&xCID; + pHID=&HID; + pHTID=&HTID; + pE=&E; + pF=&F; + pPERMIT=&PERMIT; + +#ifdef PERMITS + prHID=pHTID; +#ifndef PINERROR + pxID=NULL; +// pHID=NULL; //new +#endif +#else + prHID=pHID; + pPERMIT=NULL; + pxCID=NULL; + pHTID=NULL; +#endif +#ifndef PINERROR + pE=NULL; + pF=NULL; +#endif + +#ifdef SINGLE_MPIN_PASS + int timeValue; + printf("MPIN Single Pass\n"); + timeValue = GET_TIME(); + + rtn=MPIN_ZZZ_CLIENT(HASH_TYPE_ZZZ,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y); + + if (rtn != 0) + { + printf("MPIN_ZZZ_CLIENT ERROR %d\n", rtn); + return 1; + } + +#ifdef FULL + MPIN_ZZZ_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */ +#endif + + + + rtn=MPIN_ZZZ_SERVER(HASH_TYPE_ZZZ,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,&CLIENT_ID,NULL,timeValue,NULL); + + +#ifdef FULL + HASH_ID(HASH_TYPE_ZZZ,&CLIENT_ID,&HSID); // new + MPIN_ZZZ_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w */ +#endif + +#else // SINGLE_MPIN_PASS + printf("MPIN Multi Pass\n"); + if (MPIN_ZZZ_CLIENT_1(HASH_TYPE_ZZZ,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0) + { + printf("Error from Client side - First pass\n"); + return 0; + } + + /* Send U=x.ID to server, and recreate secret from token and pin */ + +#ifdef FULL + HASH_ID(HASH_TYPE_ZZZ,&CLIENT_ID,&HCID); + MPIN_ZZZ_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r, DH component */ +#endif + + /* Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ + MPIN_ZZZ_SERVER_1(HASH_TYPE_ZZZ,date,&CLIENT_ID,pHID,pHTID); + + /* Server generates Random number Y and sends it to Client */ + MPIN_ZZZ_RANDOM_GENERATE(RNG,&Y); + +#ifdef FULL + HASH_ID(HASH_TYPE_ZZZ,&CLIENT_ID,&HSID); //new + MPIN_ZZZ_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w, DH component */ +#endif + + /* Client Second pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + if (MPIN_ZZZ_CLIENT_2(&X,&Y,&SEC)!=0) + { + printf("Error from Client side - Second MPIN pass\n"); + return 1; + } + + /* Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ + /* If PIN error not required, set E and F = NULL */ + + rtn=MPIN_ZZZ_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL); + +#endif // SINGLE_MPIN_PASS + + if (rtn!=0) + { + printf("Server says - Bad Pin.\n"); +#ifdef PINERROR + + err=MPIN_ZZZ_KANGAROO(&E,&F); + if (err) printf("(Client PIN is out by %d)\n",err); + +#endif + return 1; + } + else + { + printf("Server says - PIN is good! You really are "); + OCT_output_string(&CLIENT_ID); + printf(".\n"); + } + +#ifdef FULL + HASH_ALL(HASH_TYPE_ZZZ,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new + MPIN_ZZZ_CLIENT_KEY(HASH_TYPE_ZZZ,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H + printf("Client Key = "); + OCT_output(&CK); + + HASH_ALL(HASH_TYPE_ZZZ,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); + MPIN_ZZZ_SERVER_KEY(HASH_TYPE_ZZZ,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID + printf("Server Key = "); + OCT_output(&SK); +#endif + + /* clear memory */ + OCT_clear(&S); + OCT_clear(&X); + OCT_clear(&Y); + OCT_clear(&H); + OCT_clear(&CLIENT_ID); + OCT_clear(&SST); + OCT_clear(&TOKEN); + OCT_clear(&SEC); + OCT_clear(&PERMIT); + OCT_clear(&xCID); + OCT_clear(&xID); + OCT_clear(&HCID); + OCT_clear(&HSID); + OCT_clear(&HID); + OCT_clear(&HTID); + OCT_clear(&E); + OCT_clear(&F); +#ifdef FULL + OCT_clear(&R); + OCT_clear(&Z); + OCT_clear(&W); + OCT_clear(&T); + OCT_clear(&G1); + OCT_clear(&G2); + OCT_clear(&SK); + OCT_clear(&CK); +#endif + + return 0; +} + +int main() +{ + int i; + unsigned long ran; + + char raw[100]; + octet RAW= {0,sizeof(raw),raw}; + /* Crypto Strong RNG */ + csprng RNG; + + time((time_t *)&ran); + + /* fake random seed source */ + RAW.len=100; + RAW.val[0]=ran; + RAW.val[1]=ran>>8; + RAW.val[2]=ran>>16; + RAW.val[3]=ran>>24; + for (i=0; i<100; i++) RAW.val[i]=i+1; + + /* initialise strong RNG */ + CREATE_CSPRNG(&RNG,&RAW); + + mpin(&RNG); + + KILL_CSPRNG(&RNG); +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/testrsa_WWW.c.in ---------------------------------------------------------------------- diff --git a/examples/testrsa_WWW.c.in b/examples/testrsa_WWW.c.in new file mode 100644 index 0000000..8d03d05 --- /dev/null +++ b/examples/testrsa_WWW.c.in @@ -0,0 +1,106 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/* test driver and function exerciser for RSA API Functions */ + +#include <stdio.h> +#include <time.h> +#include "rsa_WWW.h" +#include "randapi.h" + +int rsa(csprng *RNG) +{ + char m[RFS_WWW],ml[RFS_WWW],c[RFS_WWW],e[RFS_WWW],s[RFS_WWW]; + rsa_public_key_WWW pub; + rsa_private_key_WWW priv; + + octet M= {0,sizeof(m),m}; + octet ML= {0,sizeof(ml),ml}; + octet C= {0,sizeof(c),c}; + octet E= {0,sizeof(e),e}; + octet S= {0,sizeof(s),s}; + + printf("Generating public/private key pair\n"); + RSA_WWW_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL); + + printf("Encrypting test string\n"); + OCT_jstring(&M,(char *)"Hello World\n"); + + OAEP_ENCODE(HASH_TYPE_RSA_WWW,&M,RNG,NULL,&E); /* OAEP encode message m to e */ + + RSA_WWW_ENCRYPT(&pub,&E,&C); /* encrypt encoded message */ + printf("Ciphertext= "); + OCT_output(&C); + + printf("Decrypting test string\n"); + RSA_WWW_DECRYPT(&priv,&C,&ML); /* ... and then decrypt it */ + + OAEP_DECODE(HASH_TYPE_RSA_WWW,NULL,&ML); /* decode it */ + OCT_output_string(&ML); + + printf("Signing message\n"); + PKCS15(HASH_TYPE_RSA_WWW,&M,&C); + + RSA_WWW_DECRYPT(&priv,&C,&S); /* create signature in S */ + + printf("Signature= "); + OCT_output(&S); + + RSA_WWW_ENCRYPT(&pub,&S,&ML); + + if (OCT_comp(&C,&ML)) printf("Signature is valid\n"); + else printf("Signature is INVALID\n"); + + RSA_WWW_PRIVATE_KEY_KILL(&priv); + + /* clear memory */ + OCT_clear(&M); + OCT_clear(&ML); + OCT_clear(&C); + OCT_clear(&E); + OCT_clear(&S); + + return 0; +} + +int main() +{ + int i; + unsigned long ran; + + char raw[100]; + octet RAW= {0,sizeof(raw),raw}; + csprng RNG; /* Crypto Strong RNG */ + + time((time_t *)&ran); + + RAW.len=100; /* fake random seed source */ + RAW.val[0]=ran; + RAW.val[1]=ran>>8; + RAW.val[2]=ran>>16; + RAW.val[3]=ran>>24; + for (i=0; i<100; i++) RAW.val[i]=i+1; + + CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */ + + rsa(&RNG); + + KILL_CSPRNG(&RNG); +} + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/examples/testwcc_ZZZ.c.in ---------------------------------------------------------------------- diff --git a/examples/testwcc_ZZZ.c.in b/examples/testwcc_ZZZ.c.in new file mode 100644 index 0000000..65612dd --- /dev/null +++ b/examples/testwcc_ZZZ.c.in @@ -0,0 +1,394 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + + +/* Demonstrate WCC with one TA */ + +/* Build executable after installation: + gcc -std=c99 -g testwcc_ZZZ.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl_wcc_ZZZ -lamcl_pairing_ZZZ -lamcl_curve_ZZZ -lamcl_core_ZZZ -o testwcc_ZZZ */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <time.h> +#include "utils.h" +#include "config_curve_ZZZ.h" +#include "randapi.h" +#if CURVE_SECURITY_ZZZ == 128 +#include "wcc_ZZZ.h" +#elif CURVE_SECURITY_ZZZ == 192 +#include "wcc192_ZZZ.h" +#elif CURVE_SECURITY_ZZZ == 256 +#include "wcc256_ZZZ.h" +#endif + +#if CURVE_SECURITY_ZZZ == 128 +#define G2LEN 4*WCC_PFS_ZZZ +#elif CURVE_SECURITY_ZZZ == 192 +#define G2LEN 8*WCC_PFS_ZZZ +#elif CURVE_SECURITY_ZZZ == 256 +#define G2LEN 16*WCC_PFS_ZZZ +#endif + +// #define DEBUG + +int main() +{ + int i,rtn; + + /* Master secret */ + char ms[WCC_PGS_ZZZ]; + octet MS= {sizeof(ms),sizeof(ms),ms}; + + // sender keys + char akeyG1[2*WCC_PFS_ZZZ+1]; + octet AKeyG1= {0,sizeof(akeyG1), akeyG1}; + + // receiver keys + char bkeyG2[G2LEN]; + octet BKeyG2= {0,sizeof(bkeyG2), bkeyG2}; + + // Identities + char alice_id[256],bob_id[256]; + octet IdA= {0,sizeof(alice_id),alice_id}; + octet IdB= {0,sizeof(bob_id),bob_id}; + + // Hash of the identities + char hida[WCC_PFS_ZZZ], hidb[WCC_PFS_ZZZ]; + octet HIdA = {0,sizeof(hida),hida}; + octet HIdB = {0,sizeof(hidb),hidb}; + + char x[WCC_PGS_ZZZ]; + octet X = {0,sizeof(x),x}; + char y[WCC_PGS_ZZZ]; + octet Y = {0,sizeof(y),y}; + char w[WCC_PGS_ZZZ]; + octet W = {0,sizeof(w),w}; + char pia[WCC_PGS_ZZZ]; + octet PIA = {0,sizeof(pia),pia}; + char pib[WCC_PGS_ZZZ]; + octet PIB = {0,sizeof(pib),pib}; + + char pgg1[2*WCC_PFS_ZZZ+1]; + octet PgG1 = {0,sizeof(pgg1), pgg1}; + + char pag1[2*WCC_PFS_ZZZ+1]; + octet PaG1 = {0,sizeof(pag1), pag1}; + + char pbg2[G2LEN]; + octet PbG2 = {0,sizeof(pbg2), pbg2}; + + char seed[32] = {0}; + octet SEED = {0,sizeof(seed),seed}; + csprng RNG; + + char message1[256]; + octet MESSAGE1 = {0, sizeof(message1), message1}; + OCT_jstring(&MESSAGE1,"Hello Bob"); + + char t1[PTAG]; // Tag + char t2[PTAG]; // Tag + char k1[AESKEY_ZZZ]; // AES Key + char k2[AESKEY_ZZZ]; // AES Key + char iv[PIV]; // IV - Initialization vector + char c[100]; // Ciphertext + char p[100]; // Recovered Plaintext + octet T1= {sizeof(t1),sizeof(t1),t1}; + octet T2= {sizeof(t2),sizeof(t2),t2}; + octet K1= {0,sizeof(k1),k1}; + octet K2= {0,sizeof(k2),k2}; + octet IV= {0,sizeof(iv),iv}; + octet C= {0,sizeof(c),c}; + octet P= {0,sizeof(p),p}; + + /* non random seed value! */ + SEED.len=32; + for (i=0; i<32; i++) SEED.val[i]=i+1; +#ifdef DEBUG + printf("SEED: "); + OCT_output(&SEED); + printf("\n"); +#endif + + /* initialise random number generator */ + CREATE_CSPRNG(&RNG,&SEED); + + /* TA: Generate master secret */ + rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&MS); + if (rtn != 0) + { + printf("TA WCC_ZZZ_RANDOM_GENERATE(&RNG,&MS) Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("TA MASTER SECRET: "); + OCT_output(&MS); + printf("\n"); +#endif + + // Alice's ID + OCT_jstring(&IdA,"[email protected]"); + + // Hash Alice's Id + HASH_ID(HASH_TYPE_ZZZ,&IdA,&HIdA); + + // TA: Generate Alices's sender key + rtn = WCC_ZZZ_GET_G1_MULTIPLE(&MS,&HIdA,&AKeyG1); + if (rtn != 0) + { + printf("TA WCC_ZZZ_GET_G1_MULTIPLE() Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("TA Alice's sender key: "); + OCT_output(&AKeyG1); +#endif + + // Bob's ID + OCT_jstring(&IdB,"[email protected]"); + + // Hash Bob's Id + HASH_ID(HASH_TYPE_ZZZ,&IdB,&HIdB); + + // TA: Generate Bob's receiver key + rtn = WCC_ZZZ_GET_G2_MULTIPLE(&MS,&HIdB,&BKeyG2); + if (rtn != 0) + { + printf("TA WCC_ZZZ_GET_G2_MULTIPLE() Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("TA Bob's receiver key: "); + OCT_output(&BKeyG2); + printf("\n"); +#endif + + printf("Alice\n"); + + rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&X); + if (rtn != 0) + { + printf("Alice WCC_ZZZ_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("Alice X: "); + OCT_output(&X); + printf("\n"); +#endif + + rtn = WCC_ZZZ_GET_G1_MULTIPLE(&X,&HIdA,&PaG1); + if (rtn != 0) + { + printf("Alice WCC_ZZZ_GET_G1_MULTIPLE() Error %d\n", rtn); + return 1; + } + + printf("Alice sends IdA and PaG1 to Bob\n\n"); + printf("Alice IdA: "); + OCT_output_string(&IdA); + printf("\n"); + printf("Alice PaG1: "); + OCT_output(&PaG1); + printf("\n"); + + printf("Bob\n"); + + rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&W); + if (rtn != 0) + { + printf("Bob WCC_ZZZ_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("Bob W: "); + OCT_output(&W); + printf("\n"); +#endif + rtn = WCC_ZZZ_GET_G1_MULTIPLE(&W,&HIdA,&PgG1); + if (rtn != 0) + { + printf("Bob WCC_ZZZ_GET_G1_MULTIPLE() Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("PgG1: "); + OCT_output(&PgG1); + printf("\n"); +#endif + + rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&Y); + if (rtn != 0) + { + printf("Bob WCC_ZZZ_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("Bob Y: "); + OCT_output(&Y); + printf("\n"); +#endif + rtn = WCC_ZZZ_GET_G2_MULTIPLE(&Y,&HIdB,&PbG2); + if (rtn != 0) + { + printf("Bob WCC_ZZZ_GET_G2_MULTIPLE() Error %d\n", rtn); + return 1; + } +#ifdef DEBUG + printf("Bob PbG2: "); + OCT_output(&PbG2); + printf("\n"); +#endif + + // pia = Hq(PaG1,PbG2,PgG1,IdB) + WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PaG1,&PbG2,&PgG1,&IdB,&PIA); + + // pib = Hq(PbG2,PaG1,PgG1,IdA) + WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PbG2,&PaG1,&PgG1,&IdA,&PIB); + +#ifdef DEBUG + printf("Bob PIA: "); + OCT_output(&PIA); + printf("\n"); + printf("Bob PIB: "); + OCT_output(&PIB); + printf("\n"); +#endif + + // Bob calculates AES Key + WCC_ZZZ_RECEIVER_KEY(HASH_TYPE_ZZZ,&Y,&W,&PIA,&PIB,&PaG1,&PgG1,&BKeyG2,&IdA,&K2); + if (rtn != 0) + { + printf("Bob WCC_ZZZ_RECEIVER_KEY() Error %d\n", rtn); + return 1; + } + printf("Bob AES Key: "); + OCT_output(&K2); + + printf("Bob sends IdB, PbG2 and PgG1 to Alice\n\n"); + printf("Bob IdB: "); + OCT_output_string(&IdB); + printf("\n"); + printf("Bob PbG2: "); + OCT_output(&PbG2); + printf("\n"); + printf("Bob PgG1: "); + OCT_output(&PgG1); + printf("\n"); + + printf("Alice\n"); + + // pia = Hq(PaG1,PbG2,PgG1,IdB) + WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PaG1,&PbG2,&PgG1,&IdB,&PIA); + + // pib = Hq(PbG2,PaG1,PgG1,IdA) + WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PbG2,&PaG1,&PgG1,&IdA,&PIB); + +#ifdef DEBUG + printf("Alice PIA: "); + OCT_output(&PIA); + printf("\n"); + printf("Alice PIB: "); + OCT_output(&PIB); + printf("\n"); +#endif + + // Alice calculates AES Key + rtn = WCC_ZZZ_SENDER_KEY(HASH_TYPE_ZZZ,&X,&PIA,&PIB,&PbG2,&PgG1,&AKeyG1,&IdB,&K1); + if (rtn != 0) + { + printf("Alice WCC_ZZZ_SENDER_KEY() Error %d\n", rtn); + return 1; + } + printf("Alice AES Key: "); + OCT_output(&K1); + + + // Send message + IV.len=12; + for (i=0; i<IV.len; i++) + IV.val[i]=i+1; + printf("Alice: IV "); + OCT_output(&IV); + + printf("Alice: Message to encrypt for Bob: "); + OCT_output_string(&MESSAGE1); + printf("\n"); + + AES_GCM_ENCRYPT(&K1,&IV,&IdA,&MESSAGE1,&C,&T1); + + printf("Alice: Ciphertext: "); + OCT_output(&C); + + printf("Alice: Encryption Tag: "); + OCT_output(&T1); + printf("\n"); + + AES_GCM_DECRYPT(&K2,&IV,&IdA,&C,&P,&T2); + + printf("Bob: Decrypted message received from Alice: "); + OCT_output_string(&P); + printf("\n"); + + printf("Bob: Decryption Tag: "); + OCT_output(&T2); + printf("\n"); + + if (!OCT_comp(&MESSAGE1,&P)) + { + printf("FAILURE Decryption\n"); + return 1; + } + + if (!OCT_comp(&T1,&T2)) + { + printf("FAILURE TAG mismatch\n"); + return 1; + } + + /* clear memory */ + OCT_clear(&MS); + OCT_clear(&AKeyG1); + OCT_clear(&BKeyG2); + OCT_clear(&IdA); + OCT_clear(&IdB); + OCT_clear(&HIdA); + OCT_clear(&HIdB); + OCT_clear(&X); + OCT_clear(&Y); + OCT_clear(&W); + OCT_clear(&PIA); + OCT_clear(&PIB); + OCT_clear(&PgG1); + OCT_clear(&PaG1); + OCT_clear(&PbG2); + OCT_clear(&SEED); + OCT_clear(&MESSAGE1); + OCT_clear(&T1); + OCT_clear(&T2); + OCT_clear(&K1); + OCT_clear(&K2); + OCT_clear(&IV); + OCT_clear(&C); + OCT_clear(&P); + + KILL_CSPRNG(&RNG); + + return 0; +}
