http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/PAIR.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/PAIR.go b/go/amcl-go/PAIR.go deleted file mode 100644 index 8a7de9f..0000000 --- a/go/amcl-go/PAIR.go +++ /dev/null @@ -1,541 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* AMCL BN Curve Pairing functions */ - -package amcl - -//import "fmt" - -/* Line function */ -func line(A *ECP2, B *ECP2, Qx *FP, Qy *FP) *FP12 { - P := NewECP2() - - P.copy(A) - ZZ := NewFP2copy(P.getz()) - ZZ.sqr() - var D int - if A == B { - D = A.dbl() - } else { - D = A.add(B) - } - - if D < 0 { - return NewFP12int(1) - } - - Z3 := NewFP2copy(A.getz()) - - var a *FP4 - var b *FP4 - c := NewFP4int(0) - - if D == 0 { /* Addition */ - X := NewFP2copy(B.getx()) - Y := NewFP2copy(B.gety()) - T := NewFP2copy(P.getz()) - T.mul(Y) - ZZ.mul(T) - - NY := NewFP2copy(P.gety()) - NY.neg() - ZZ.add(NY) - Z3.pmul(Qy) - T.mul(P.getx()) - X.mul(NY) - T.add(X) - a = NewFP4fp2s(Z3, T) - ZZ.neg() - ZZ.pmul(Qx) - b = NewFP4fp2(ZZ) - } else { /* Doubling */ - X := NewFP2copy(P.getx()) - Y := NewFP2copy(P.gety()) - T := NewFP2copy(P.getx()) - T.sqr() - T.imul(3) - - Y.sqr() - Y.add(Y) - Z3.mul(ZZ) - Z3.pmul(Qy) - - X.mul(T) - X.sub(Y) - a = NewFP4fp2s(Z3, X) - T.neg() - ZZ.mul(T) - ZZ.pmul(Qx) - b = NewFP4fp2(ZZ) - } - return NewFP12fp4s(a, b, c) -} - -/* Optimal R-ate pairing */ -func ate(P *ECP2, Q *ECP) *FP12 { - f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb)) - x := NewBIGints(CURVE_Bnx) - n := NewBIGcopy(x) - K := NewECP2() - var lv *FP12 - n.pmul(6) - n.dec(2) - n.norm() - P.affine() - Q.affine() - Qx := NewFPcopy(Q.getx()) - Qy := NewFPcopy(Q.gety()) - - A := NewECP2() - r := NewFP12int(1) - - A.copy(P) - nb := n.nbits() - - for i := nb - 2; i >= 1; i-- { - lv = line(A, A, Qx, Qy) - r.smul(lv) - - if n.bit(i) == 1 { - lv = line(A, P, Qx, Qy) - r.smul(lv) - } - r.sqr() - } - - lv = line(A, A, Qx, Qy) - r.smul(lv) - - /* R-ate fixup */ - - r.conj() - - K.copy(P) - K.frob(f) - A.neg() - lv = line(A, K, Qx, Qy) - r.smul(lv) - K.frob(f) - K.neg() - lv = line(A, K, Qx, Qy) - r.smul(lv) - - return r -} - -/* Optimal R-ate double pairing e(P,Q).e(R,S) */ -func ate2(P *ECP2, Q *ECP, R *ECP2, S *ECP) *FP12 { - f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb)) - x := NewBIGints(CURVE_Bnx) - n := NewBIGcopy(x) - K := NewECP2() - var lv *FP12 - n.pmul(6) - n.dec(2) - n.norm() - P.affine() - Q.affine() - R.affine() - S.affine() - - Qx := NewFPcopy(Q.getx()) - Qy := NewFPcopy(Q.gety()) - Sx := NewFPcopy(S.getx()) - Sy := NewFPcopy(S.gety()) - - A := NewECP2() - B := NewECP2() - r := NewFP12int(1) - - A.copy(P) - B.copy(R) - nb := n.nbits() - - for i := nb - 2; i >= 1; i-- { - lv = line(A, A, Qx, Qy) - r.smul(lv) - lv = line(B, B, Sx, Sy) - r.smul(lv) - - if n.bit(i) == 1 { - lv = line(A, P, Qx, Qy) - r.smul(lv) - lv = line(B, R, Sx, Sy) - r.smul(lv) - } - r.sqr() - } - - lv = line(A, A, Qx, Qy) - r.smul(lv) - - lv = line(B, B, Sx, Sy) - r.smul(lv) - - /* R-ate fixup */ - r.conj() - - K.copy(P) - K.frob(f) - A.neg() - lv = line(A, K, Qx, Qy) - r.smul(lv) - K.frob(f) - K.neg() - lv = line(A, K, Qx, Qy) - r.smul(lv) - - K.copy(R) - K.frob(f) - B.neg() - lv = line(B, K, Sx, Sy) - r.smul(lv) - K.frob(f) - K.neg() - lv = line(B, K, Sx, Sy) - r.smul(lv) - - return r -} - -/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */ -func fexp(m *FP12) *FP12 { - f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb)) - x := NewBIGints(CURVE_Bnx) - r := NewFP12copy(m) - - /* Easy part of final exp */ - lv := NewFP12copy(r) - lv.inverse() - r.conj() - - r.mul(lv) - lv.copy(r) - r.frob(f) - r.frob(f) - r.mul(lv) - /* Hard part of final exp */ - lv.copy(r) - lv.frob(f) - x0 := NewFP12copy(lv) - x0.frob(f) - lv.mul(r) - x0.mul(lv) - x0.frob(f) - x1 := NewFP12copy(r) - x1.conj() - x4 := r.pow(x) - - x3 := NewFP12copy(x4) - x3.frob(f) - - x2 := x4.pow(x) - - x5 := NewFP12copy(x2) - x5.conj() - lv = x2.pow(x) - - x2.frob(f) - r.copy(x2) - r.conj() - - x4.mul(r) - x2.frob(f) - - r.copy(lv) - r.frob(f) - lv.mul(r) - - lv.usqr() - lv.mul(x4) - lv.mul(x5) - r.copy(x3) - r.mul(x5) - r.mul(lv) - lv.mul(x2) - r.usqr() - r.mul(lv) - r.usqr() - lv.copy(r) - lv.mul(x1) - r.mul(x0) - lv.usqr() - r.mul(lv) - r.reduce() - return r -} - -/* GLV method */ -func glv(e *BIG) []*BIG { - t := NewBIGint(0) - q := NewBIGints(CURVE_Order) - var u []*BIG - var v []*BIG - - for i := 0; i < 2; i++ { - t.copy(NewBIGints(CURVE_W[i])) // why not just t=new BIG(ROM.CURVE_W[i]); - d := mul(t, e) - v = append(v, NewBIGcopy(d.div(q))) - u = append(u, NewBIGint(0)) - } - u[0].copy(e) - for i := 0; i < 2; i++ { - for j := 0; j < 2; j++ { - t.copy(NewBIGints(CURVE_SB[j][i])) - t.copy(modmul(v[j], t, q)) - u[i].add(q) - u[i].sub(t) - u[i].mod(q) - } - } - return u -} - -/* Galbraith & Scott Method */ -func gs(e *BIG) []*BIG { - t := NewBIGint(0) - q := NewBIGints(CURVE_Order) - var u []*BIG - var v []*BIG - for i := 0; i < 4; i++ { - t.copy(NewBIGints(CURVE_WB[i])) - d := mul(t, e) - v = append(v, NewBIGcopy(d.div(q))) - u = append(u, NewBIGint(0)) - } - u[0].copy(e) - for i := 0; i < 4; i++ { - for j := 0; j < 4; j++ { - t.copy(NewBIGints(CURVE_BB[j][i])) - t.copy(modmul(v[j], t, q)) - u[i].add(q) - u[i].sub(t) - u[i].mod(q) - } - } - return u -} - -/* Multiply P by e in group G1 */ -func G1mul(P *ECP, e *BIG) *ECP { - var R *ECP - if USE_GLV { - P.affine() - R = NewECP() - R.copy(P) - Q := NewECP() - Q.copy(P) - q := NewBIGints(CURVE_Order) - cru := NewFPbig(NewBIGints(CURVE_Cru)) - t := NewBIGint(0) - u := glv(e) - Q.getx().mul(cru) - - np := u[0].nbits() - t.copy(modneg(u[0], q)) - nn := t.nbits() - if nn < np { - u[0].copy(t) - R.neg() - } - - np = u[1].nbits() - t.copy(modneg(u[1], q)) - nn = t.nbits() - if nn < np { - u[1].copy(t) - Q.neg() - } - - R = R.mul2(u[0], Q, u[1]) - - } else { - R = P.mul(e) - } - return R -} - -/* Multiply P by e in group G2 */ -func G2mul(P *ECP2, e *BIG) *ECP2 { - var R *ECP2 - if USE_GS_G2 { - var Q []*ECP2 - f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb)) - q := NewBIGints(CURVE_Order) - u := gs(e) - - t := NewBIGint(0) - P.affine() - Q = append(Q, NewECP2()) - Q[0].copy(P) - for i := 1; i < 4; i++ { - Q = append(Q, NewECP2()) - Q[i].copy(Q[i-1]) - Q[i].frob(f) - } - for i := 0; i < 4; i++ { - np := u[i].nbits() - t.copy(modneg(u[i], q)) - nn := t.nbits() - if nn < np { - u[i].copy(t) - Q[i].neg() - } - } - R = mul4(Q, u) - - } else { - R = P.mul(e) - } - return R -} - -/* f=f^e */ -/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */ -func GTpow(d *FP12, e *BIG) *FP12 { - var r *FP12 - if USE_GS_GT { - var g []*FP12 - f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb)) - q := NewBIGints(CURVE_Order) - t := NewBIGint(0) - - u := gs(e) - - g = append(g, NewFP12copy(d)) - for i := 1; i < 4; i++ { - g = append(g, NewFP12int(0)) - g[i].copy(g[i-1]) - g[i].frob(f) - } - for i := 0; i < 4; i++ { - np := u[i].nbits() - t.copy(modneg(u[i], q)) - nn := t.nbits() - if nn < np { - u[i].copy(t) - g[i].conj() - } - } - r = pow4(g, u) - } else { - r = d.pow(e) - } - return r -} - -/* test group membership */ -/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */ -func GTmember(m *FP12) bool { - if m.isunity() { - return false - } - r := NewFP12copy(m) - r.conj() - r.mul(m) - if !r.isunity() { - return false - } - - f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb)) - - r.copy(m) - r.frob(f) - r.frob(f) - w := NewFP12copy(r) - w.frob(f) - w.frob(f) - w.mul(m) - if !GT_STRONG { - if !w.equals(r) { - return false - } - x := NewBIGints(CURVE_Bnx) - r.copy(m) - w = r.pow(x) - w = w.pow(x) - r.copy(w) - r.sqr() - r.mul(w) - r.sqr() - w.copy(m) - w.frob(f) - } - return w.equals(r) -} - -/* -func main() { - - Q:=NewECPbigs(NewBIGints(CURVE_Gx),NewBIGints(CURVE_Gy)) - P:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb))) - - r:=NewBIGints(CURVE_Order) - xa:=NewBIGints(CURVE_Pxa) - - fmt.Printf("P= "+P.toString()) - fmt.Printf("\n"); - fmt.Printf("Q= "+Q.toString()); - fmt.Printf("\n"); - - //m:=NewBIGint(17) - - e:=ate(P,Q) - fmt.Printf("\ne= "+e.toString()) - fmt.Printf("\n") - - e=fexp(e) - // e=GTpow(e,m); - - fmt.Printf("\ne= "+e.toString()) - fmt.Printf("\n"); - GLV:=glv(r) - - fmt.Printf("GLV[0]= "+GLV[0].toString()) - fmt.Printf("\n") - - fmt.Printf("GLV[0]= "+GLV[1].toString()) - fmt.Printf("\n") - - G:=NewECP(); G.copy(Q) - R:=NewECP2(); R.copy(P) - - - e=ate(R,Q) - e=fexp(e) - - e=GTpow(e,xa) - fmt.Printf("\ne= "+e.toString()); - fmt.Printf("\n") - - R=G2mul(R,xa) - e=ate(R,G) - e=fexp(e) - - fmt.Printf("\ne= "+e.toString()) - fmt.Printf("\n") - - G=G1mul(G,xa) - e=ate(P,G) - e=fexp(e) - fmt.Printf("\ne= "+e.toString()) - fmt.Printf("\n") -} -*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/RAND.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/RAND.go b/go/amcl-go/RAND.go deleted file mode 100644 index eb92107..0000000 --- a/go/amcl-go/RAND.go +++ /dev/null @@ -1,187 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* - * Cryptographic strong random number generator - * - * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers - * Slow - but secure - * - * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification - */ - -/* Marsaglia & Zaman Random number generator constants */ - -package amcl - -import ( - "sync" -) - -//import "fmt" - -const rand_NK int = 21 -const rand_NJ int = 6 -const rand_NV int = 8 - -type RAND struct { - sync.Mutex - ira [rand_NK]uint32 /* random number... */ - rndptr int - borrow uint32 - pool_ptr int - pool [32]byte -} - -/* Terminate and clean up */ -func (R *RAND) Clean() { /* kill internal state */ - R.pool_ptr = 0 - R.rndptr = 0 - for i := 0; i < 32; i++ { - R.pool[i] = 0 - } - for i := 0; i < rand_NK; i++ { - R.ira[i] = 0 - } - R.borrow = 0 -} - -func NewRAND() *RAND { - R := new(RAND) - R.Clean() - return R -} - -func (R *RAND) sbrand() uint32 { /* Marsaglia & Zaman random number generator */ - R.rndptr++ - if R.rndptr < rand_NK { - return R.ira[R.rndptr] - } - R.rndptr = 0 - k := rand_NK - rand_NJ - for i := 0; i < rand_NK; i++ { /* calculate next NK values */ - if k == rand_NK { - k = 0 - } - t := R.ira[k] - pdiff := t - R.ira[i] - R.borrow - if pdiff < t { - R.borrow = 0 - } - if pdiff > t { - R.borrow = 1 - } - R.ira[i] = pdiff - k++ - } - - return R.ira[0] -} - -func (R *RAND) sirand(seed uint32) { - var m uint32 = 1 - R.borrow = 0 - R.rndptr = 0 - R.ira[0] ^= seed - for i := 1; i < rand_NK; i++ { /* fill initialisation vector */ - in := (rand_NV * i) % rand_NK - R.ira[in] ^= m /* note XOR */ - t := m - m = seed - m - seed = t - } - - for i := 0; i < 10000; i++ { - R.sbrand() - } /* "warm-up" & stir the generator */ -} - -func (R *RAND) fill_pool() { - - sh := NewHASH() - for i := 0; i < 128; i++ { - sh.Process(byte(R.sbrand() & 0xff)) - } - R.pool = sh.Hash() - R.pool_ptr = 0 -} - -func pack(b [4]byte) uint32 { /* pack 4 bytes into a 32-bit Word */ - return (((uint32(b[3])) & 0xff) << 24) | ((uint32(b[2]) & 0xff) << 16) | ((uint32(b[1]) & 0xff) << 8) | (uint32(b[0]) & 0xff) -} - -/* Initialize RNG with some real entropy from some external source */ -func (R *RAND) Seed(rawlen int, raw []byte) { /* initialise from at least 128 byte string of raw random entropy */ - var b [4]byte - sh := NewHASH() - R.pool_ptr = 0 - - for i := 0; i < rand_NK; i++ { - R.ira[i] = 0 - } - - if rawlen > 0 { - for i := 0; i < rawlen; i++ { - sh.Process(raw[i]) - } - digest := sh.Hash() - - /* initialise PRNG from distilled randomness */ - - for i := 0; i < 8; i++ { - b[0] = digest[4*i] - b[1] = digest[4*i+1] - b[2] = digest[4*i+2] - b[3] = digest[4*i+3] - R.sirand(pack(b)) - } - } - R.fill_pool() -} - -/* get random byte */ -func (R *RAND) GetByte() byte { - R.Lock() - defer R.Unlock() - - r := R.pool[R.pool_ptr] - R.pool_ptr++ - - if R.pool_ptr >= 32 { - R.fill_pool() - } - return byte(r & 0xff) -} - -/* test main program */ -/* -func main() { - var raw [100]byte - rng:=NewRAND() - - rng.Clean() - for i:=0;i<100;i++ {raw[i]=byte(i)} - - rng.Seed(100,raw[:]) - - for i:=0;i<1000;i++ { - fmt.Printf("%03d ",rng.GetByte()) - } -} -*/ http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/ROM.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/ROM.go b/go/amcl-go/ROM.go deleted file mode 100644 index 0a4ceb9..0000000 --- a/go/amcl-go/ROM.go +++ /dev/null @@ -1,353 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* Fixed Data in ROM - Field and Curve parameters */ - -package amcl - -const NOT_SPECIAL int = 0 -const PSEUDO_MERSENNE int = 1 -const MONTGOMERY_FRIENDLY int = 2 -const WEIERSTRASS int = 0 -const EDWARDS int = 1 -const MONTGOMERY int = 2 - -const NLEN int = 5 -const DNLEN int = 2 * NLEN -const CHUNK int = 64 -const MODBYTES uint = 32 - -/*** Enter Some Field details here ***/ -// Curve 25519 -//const MODBITS uint=255 -//const MOD8 uint=5 -// NIST256 or Brainpool -//const MODBITS uint=256 -//const MOD8 uint=7 -// MF254 -//const MODBITS uint=254 -//const MOD8 uint=7 -// MS255 -//const MODBITS uint= 255 -//const MOD8 uint= 3 -// MF256 -//const MODBITS uint=256 -//const MOD8 uint=7 -// MS256 -//const MODBITS uint= 256 -//const MOD8 uint= 3 -// ANSSI -//const MODBITS uint= 256 -//const MOD8 uint= 3 -// BN Curve -const MODBITS uint = 254 /* Number of bits in Modulus */ -const MOD8 uint = 3 /* Modulus mod 8 */ - -/* Don't Modify from here... */ -const MASK int64 = ((int64(1) << BASEBITS) - 1) -const BASEBITS uint = 56 -const OMASK int64 = ((int64(-1)) << (MODBITS % BASEBITS)) -const HBITS uint = (BASEBITS / 2) -const HMASK int64 = ((int64(1) << HBITS) - 1) -const TBITS uint = MODBITS % BASEBITS // Number of active bits in top word -const TMASK int64 = (int64(1) << TBITS) - 1 -const FF_BITS int = 2048 /* Finite Field Size in bits - must be 256.2^n */ -const FFLEN int = (FF_BITS / 256) -const HFLEN int = (FFLEN / 2) /* Useful for half-size RSA private key operations */ - -const NEXCESS int = (1 << (uint(CHUNK) - BASEBITS - 1)) -const FEXCESS int64 = (int64(1) << (BASEBITS*uint(NLEN) - MODBITS)) - -// START SPECIFY FIELD DETAILS HERE -//********************************************************************************* -// Curve25519 Modulus -//const MODTYPE int=PSEUDO_MERSENNE -//var Modulus = [...]int64 {0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF} -//const MConst int64=0x13 -// NIST-256 Curve -//const MODTYPE int=NOT_SPECIAL -//var Modulus = [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFF,0x0,0x1000000,0xFFFFFFFF} -//const MConst int64=0x1 -// MF254 Modulus -//const MODTYPE int=MONTGOMERY_FRIENDLY -//var Modulus= [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF} -//const MConst int64=0x3F810000 -// MS255 Modulus -//const MODTYPE int= 1 -//var Modulus= [...]int64 {0xFFFFFFFFFFFD03,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF} -//const MConst int64=0x2FD -// MF256 Modulus -//const MODTYPE int= 2 -//var Modulus= [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFA7FFFF} -//const MConst int64=0xFFA80000 -// MS256 Modulus -//const MODTYPE int= 1 -//var Modulus= [...]int64 {0xFFFFFFFFFFFF43,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFF} -//const MConst int64=0xBD -// Brainpool -//const MODTYPE int= NOT_SPECIAL -//var Modulus= [...]int64 {0x13481D1F6E5377,0xF623D526202820,0x909D838D726E3B,0xA1EEA9BC3E660A,0xA9FB57DB} -//const MConst int64 =0xA75590CEFD89B9 -// ANSSI -//const MODTYPE int= 0 -//var Modulus= [...]int64{0xFCF353D86E9C03,0xADBCABC8CA6DE8,0xE8CE42435B3961,0xB3AD58F10126D,0xF1FD178C} -//const MConst int64=0x97483A164E1155 -// BNCX Curve Modulus -const MODTYPE int = NOT_SPECIAL - -var Modulus = [...]int64{0x6623EF5C1B55B3, 0xD6EE18093EE1BE, 0x647A6366D3243F, 0x8702A0DB0BDDF, 0x24000000} - -const MConst int64 = 0x4E205BF9789E85 - -// BN Curve -//const MODTYPE int=NOT_SPECIAL -//var Modulus= [...]int64 {0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482} -//const MConst int64=0x435E50D79435E5 -// BNT Curve -//const MODTYPE int=NOT_SPECIAL -//var Modulus= [...]int64 {0x9DBBFEEEB4A713,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB} -//const MConst int64=0xC5A872D914C4E5 -// BNT2 Curve -//const MODTYPE int=NOT_SPECIAL -//var Modulus= [...]int64 {0xB2DC2BB460A48B,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482} -//const MConst int64=0xFE6A47A6505CDD - -// START SPECIFY CURVE DETAILS HERE -//********************************************************************************* - -// Ed25519 Curve -//const CURVETYPE int=EDWARDS -//const CURVE_A int = -1 -//var CURVE_B = [...]int64 {0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE} -//var CURVE_Order = [...]int64 {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000} -//var CURVE_Gx = [...]int64 {0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3} -//var CURVE_Gy = [...]int64 {0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666} - -// NIST-256 Curve -//const CURVETYPE int=WEIERSTRASS -//const CURVE_A int = -3 -//var CURVE_B = [...]int64 {0xCE3C3E27D2604B,0x6B0CC53B0F63B,0x55769886BC651D,0xAA3A93E7B3EBBD,0x5AC635D8} -//var CURVE_Order = [...]int64 {0xB9CAC2FC632551,0xFAADA7179E84F3,0xFFFFFFFFFFBCE6,0xFFFFFF,0xFFFFFFFF} -//var CURVE_Gx =[...]int64 {0xA13945D898C296,0x7D812DEB33A0F4,0xE563A440F27703,0xE12C4247F8BCE6,0x6B17D1F2} -//var CURVE_Gy =[...]int64 {0xB6406837BF51F5,0x33576B315ECECB,0x4A7C0F9E162BCE,0xFE1A7F9B8EE7EB,0x4FE342E2} - -// MF254 Modulus, Weierstrass Curve w-254-mont -//const CURVETYPE int= 0 -//const CURVE_A int = -3 -//var CURVE_B = [...]int64 {0xFFFFFFFFFFD08D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF} -//var CURVE_Order=[...]int64 {0xA419C4AF8DF83F,0x8BEA0DA375C06F,0xFFFFFFFFFFEB81,0xFFFFFFFFFFFFFF,0x3F80FFFF} -//var CURVE_Gx =[...]int64 {0x2,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0x65DF37F90D4EBC,0x38E3F8511931AD,0x75BD778AEBDFB7,0x3B2E56014AE15A,0x140E3FD3} - -// MF254 Modulus, Edwards Curve ed-254-mont -//const CURVETYPE int= 1 -//const CURVE_A int= -1 -//var CURVE_B = [...]int64 {0x367B,0x0,0x0,0x0,0x0} -//var CURVE_Order=[...]int64 {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF} -//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0x52D0FDAF2701E5,0x9A840E3212187C,0xD502363F4E3632,0xD6A4C335951D00,0x19F0E690} - -// MF254 Modulus, Montgomery Curve -//const CURVETYPE int=MONTGOMERY -//const CURVE_A int= -55790 -//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used -//var CURVE_Order=[...]int64 {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF} -//var CURVE_Gx =[...]int64 {0x3,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0} // not used - -// MS255 Modulus, Weierstrass Curve -//const CURVETYPE int= 0 -//const CURVE_A int= -3 -//var CURVE_B = [...]int64 {0xFFFFFFFFFFAB46,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF} -//var CURVE_Order=[...]int64 {0x8FAC983C594AEB,0x38283AD2B3DFAB,0xFFFFFFFFFF864A,0xFFFFFFFFFFFFFF,0x7FFFFFFF} -//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}; -//var CURVE_Gy =[...]int64 {0x33FF6769CB44BA,0xC78CDDFDA60D17,0xF9B2FF7D177DB6,0xEDBA7833921EBF,0x6F7A6AC0} - -// MS255 Modulus, Edwards Curve -//const CURVETYPE int= 1 -//const CURVE_A int= -1 -//var CURVE_B = [...]int64{0xEA97,0x0,0x0,0x0,0x0} -//var CURVE_Order=[...]int64{0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF} -//var CURVE_Gx =[...]int64{0x4,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64{0x2A255BD08736A0,0x4B8AED445A45BA,0xDD8E0C47E55291,0x4A7BB545EC254C,0x26CB7853} - -// MS255 Modulus, Montgomery Curve -//const CURVETYPE int=MONTGOMERY -//const CURVE_A int=-240222 -//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} -//var CURVE_Order=[...]int64 {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF} -//var CURVE_Gx =[...]int64 {0x4,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0}; - -// MF256 Modulus, Weierstrass Curve -//const CURVETYPE int= 0 -//const CURVE_A int= -3 -//var CURVE_B = [...]int64 {0x14E6A,0x0,0x0,0x0,0x0} -//var CURVE_Order=[...]int64 {0x10C5E1A79857EB,0x7513E6E5074B9D,0xFFFFFFFFFFFC51,0xFFFFFFFFFFFFFF,0xFFA7FFFF} -//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0x7954C2B724D2A,0x47EB8D94DC6610,0x26123DAE289569,0xBE1808CE7BABBA,0x20887C87} - -// MF256, Edwards Curve -//const CURVETYPE int= 1 -//const CURVE_A int= -1 -//var CURVE_B = [...]int64 {0x350A,0x0,0x0,0x0,0x0} -//var CURVE_Order=[...]int64 {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF} -//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0xEAA722F2F3C908,0x5E648DFEA68D7D,0xF3DB2C1AACA0C0,0xF8CC4D5AEAEBEE,0xDAD8D4F8} - -// MF256 Modulus, Montgomery Curve -//const CURVETYPE int=MONTGOMERY -//const CURVE_A int= -54314 -//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used -//var CURVE_Order=[...]int64 {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF} -//var CURVE_Gx =[...]int64 {0x8,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0} // not used - -// MS256, Weierstrass Curve -//const CURVETYPE int= 0 -//const CURVE_A int= -3 -//var CURVE_B = [...]int64 {0x25581,0x0,0x0,0x0,0x0} -//var CURVE_Order=[...]int64 {0xAB20294751A825,0x8275EA265C6020,0xFFFFFFFFFFE43C,0xFFFFFFFFFFFFFF,0xFFFFFFFF} -//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0xF46306C2B56C77,0x2F9375894EC10B,0x6CCEEEDD6BD02C,0xC1E466D7FC82C9,0x696F1853} - -// MS256, Edwards Curve -//const CURVETYPE int= 1 -//const CURVE_A int= -1 -//var CURVE_B = [...]int64 {0x3BEE,0x0,0x0,0x0,0x0} -//var CURVE_Order=[...]int64 {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF} -//var CURVE_Gx =[...]int64 {0xD,0x0,0x0,0x0,0x0} -//var CURVE_Gy =[...]int64 {0x7F6FB5331CADBA,0x6D63824D303F70,0xB39FA046BFBE2A,0x2A1276DBA3D330,0x7D0AB41E} - -// MS256 Modulus, Montgomery Curve -//const CURVETYPE int=MONTGOMERY -//const CURVE_A int=-61370 -//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used -//var CURVE_Order= [...]int64 {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF} -//var CURVE_Gx = [...]int64 {0xb,0x0,0x0,0x0,0x0} -//var CURVE_Gy = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used - -// Brainpool -//const CURVETYPE int= 0 -//const CURVE_A int= -3 -//var CURVE_B = [...]int64 {0xE58101FEE92B04,0xEBC4AF2F49256A,0x733D0B76B7BF93,0x30D84EA4FE66A7,0x662C61C4} -//var CURVE_Order= [...]int64 {0x1E0E82974856A7,0x7AA3B561A6F790,0x909D838D718C39,0xA1EEA9BC3E660A,0xA9FB57DB} -//var CURVE_Gx = [...]int64 {0xA191562E1305F4,0x42C47AAFBC2B79,0xB23A656149AFA1,0xC1CFE7B7732213,0xA3E8EB3C} -//var CURVE_Gy = [...]int64 {0xABE8F35B25C9BE,0xB6DE39D027001D,0xE14644417E69BC,0x3439C56D7F7B22,0x2D996C82} - -// ANSSI -//const CURVETYPE int= 0 -//const CURVE_A int= -3 -//var CURVE_B = [...]int64 {0x75ED967B7BB73F,0xC9AE4B1A18030,0x754A44C00FDFEC,0x5428A9300D4ABA,0xEE353FCA} -//var CURVE_Order=[...]int64 {0xFDD459C6D655E1,0x67E140D2BF941F,0xE8CE42435B53DC,0xB3AD58F10126D,0xF1FD178C} -//var CURVE_Gx =[...]int64 {0xC97A2DD98F5CFF,0xD2DCAF98B70164,0x4749D423958C27,0x56C139EB31183D,0xB6B3D4C3} -//var CURVE_Gy =[...]int64 {0x115A1554062CFB,0xC307E8E4C9E183,0xF0F3ECEF8C2701,0xC8B204911F9271,0x6142E0F7} - -// BNCX Curve - -const CURVETYPE int = WEIERSTRASS -const CURVE_A int = 0 - -var CURVE_B = [...]int64{0x2, 0x0, 0x0, 0x0, 0x0} -var CURVE_Order = [...]int64{0x11C0A636EB1F6D, 0xD6EE0CC906CEBE, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000} -var CURVE_Bnx = [...]int64{0x3C012B1, 0x40, 0x0, 0x0, 0x0} -var CURVE_Cru = [...]int64{0xE0931794235C97, 0xDF6471EF875631, 0xCA83F1440BD, 0x480000, 0x0} -var CURVE_Fra = [...]int64{0xD9083355C80EA3, 0x7326F173F8215B, 0x8AACA718986867, 0xA63A0164AFE18B, 0x1359082F} -var CURVE_Frb = [...]int64{0x8D1BBC06534710, 0x63C7269546C062, 0xD9CDBC4E3ABBD8, 0x623628A900DC53, 0x10A6F7D0} -var CURVE_Pxa = [...]int64{0x851CEEE4D2EC74, 0x85BFA03E2726C0, 0xF5C34BBB907C, 0x7053B256358B25, 0x19682D2C} -var CURVE_Pxb = [...]int64{0xA58E8B2E29CFE1, 0x97B0C209C30F47, 0x37A8E99743F81B, 0x3E19F64AA011C9, 0x1466B9EC} -var CURVE_Pya = [...]int64{0xFBFCEBCF0BE09F, 0xB33D847EC1B30C, 0x157DAEE2096361, 0x72332B8DD81E22, 0xA79EDD9} -var CURVE_Pyb = [...]int64{0x904B228898EE9D, 0x4EA569D2EDEBED, 0x512D8D3461C286, 0xECC4C09035C6E4, 0x6160C39} -var CURVE_Gx = [...]int64{0x6623EF5C1B55B2, 0xD6EE18093EE1BE, 0x647A6366D3243F, 0x8702A0DB0BDDF, 0x24000000} -var CURVE_Gy = [...]int64{0x1, 0x0, 0x0, 0x0, 0x0} -var CURVE_W = [2][5]int64{{0x546349162FEB83, 0xB40381200, 0x6000, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}} -var CURVE_SB = [2][2][5]int64{{{0x5463491DB010E4, 0xB40381280, 0x6000, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}, {{0x7802561, 0x80, 0x0, 0x0, 0x0}, {0xBD5D5D20BB33EA, 0xD6EE0188CEBCBD, 0x647A6366D2643F, 0x8702A0DB0BDDF, 0x24000000}}} -var CURVE_WB = [4][5]int64{{0x1C2118567A84B0, 0x3C012B040, 0x2000, 0x0, 0x0}, {0xCDF995BE220475, 0x94EDA8CA7F9A36, 0x8702A0DC07E, 0x300000, 0x0}, {0x66FCCAE0F10B93, 0x4A76D4653FCD3B, 0x4381506E03F, 0x180000, 0x0}, {0x1C21185DFAAA11, 0x3C012B0C0, 0x2000, 0x0, 0x0}} -var CURVE_BB = [4][4][5]int64{{{0x11C0A6332B0CBD, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x7802562, 0x80, 0x0, 0x0, 0x0}}, {{0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBD, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}}, {{0x7802562, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}, {{0x3C012B2, 0x40, 0x0, 0x0, 0x0}, {0xF004AC2, 0x100, 0x0, 0x0, 0x0}, {0x11C0A62F6AFA0A, 0xD6EE0CC906CE3E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x3C012B2, 0x40, 0x0, 0x0, 0x0}}} - -// BN Curve -/* -const CURVETYPE int=WEIERSTRASS -const CURVE_A int= 0 -var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0} -var CURVE_Order=[...]int64 {0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482} -var CURVE_Bnx=[...]int64 {0x80000000000001,0x40,0x0,0x0,0x0} -var CURVE_Cru=[...]int64 {0x80000000000007,0x6CD,0x40000000024909,0x49B362,0x0} -var CURVE_Fra=[...]int64 {0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619} -var CURVE_Frb=[...]int64 {0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69} -var CURVE_Pxa=[...]int64 {0xAB2C7935FD0CB4,0xE319E4FCC57C2B,0x24F6DF763B05A5,0xF55EA7EA335FB7,0x95B04D4} -var CURVE_Pxb=[...]int64 {0xA07D0790962455,0x86BE3D27AA5E38,0x89E05747F39D6D,0xC08347B49D42BF,0x5D4D8A7} -var CURVE_Pya=[...]int64 {0xADCE687A08A46C,0x2B30E98A4191F9,0x4C3784B1F16908,0x25E5313FA16D1C,0xABF2ABF} -var CURVE_Pyb=[...]int64 {0xDF88D405F306EC,0x82076ADD13A0E6,0x1E47819D6A5C04,0xE679DABDB38627,0x18769A87} -var CURVE_Gx =[...]int64 {0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482} -var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0} -var CURVE_W=[2][5]int64{{0x3,0x80000000000204,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}} -var CURVE_SB=[2][2][5]int64 {{{0x4,0x80000000000285,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482}}} -var CURVE_WB=[4][5]int64 {{0x80000000000000,0x80000000000040,0x2080,0x0,0x0},{0x80000000000005,0x54A,0x8000000001C707,0x312241,0x0},{0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120,0x0},{0x80000000000001,0x800000000000C1,0x2080,0x0,0x0}} -var CURVE_BB=[4][4][5]int64 {{{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x2,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482}},{{0x2,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x80000000000002,0x40,0x0,0x0,0x0},{0x2,0x102,0x0,0x0,0x0},{0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x80000000000002,0x40,0x0,0x0,0x0}}} -*/ - -// BNT Curve -/* -const CURVETYPE int=WEIERSTRASS -const CURVE_A int= 0 -var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0} -var CURVE_Order=[...]int64 {0x75777E8D30210D,0xD43492B2CB363A,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB} -var CURVE_Bnx=[...]int64 {0x806000004081,0x40,0x0,0x0,0x0} -var CURVE_Cru=[...]int64 {0xEB53D5AB4FCD87,0x82A5F2BAB11FAD,0x47651504C9764C,0x4801B1,0x0} -var CURVE_Fra=[...]int64 {0xF5D14EADC80022,0x4904D6FACCE359,0xF190A13211BE6C,0xC9BBC4394F6509,0x1328A292} -var CURVE_Frb=[...]int64 {0xA7EAB040ECA6F1,0xC513DF997D764,0x450657A3DEB01E,0x9B5B3D15AAA6A1,0x10D87E48} -var CURVE_Pxa=[...]int64 {0x8987E2288E65BB,0xAD1CAA6313BE,0x325041548B7CCC,0x4C1339EBCC055,0x14483FCD} -var CURVE_Pxb=[...]int64 {0x67888808DBE2C0,0x7FE1F81E34853A,0xA631A51B57B95,0x384EC302DA3FC5,0x87F46B3} -var CURVE_Pya=[...]int64 {0x202C47E020CA1D,0xB4167E8399F36C,0xC6E5439F72C94C,0x102B0BD74A2C69,0x14E8C29C} -var CURVE_Pyb=[...]int64 {0xD8437C716628F2,0x27E167BCB7DC6B,0xA82C7572681D0A,0x62454BD1EDEC18,0x17AFE2A4} -var CURVE_Gx =[...]int64 {0x9DBBFEEEB4A712,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB} -var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0} -var CURVE_W=[2][5]int64{{0x26430061838403,0x81218241998384,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}} -var CURVE_SB=[2][2][5]int64 {{{0x2743C061840504,0x81218241998404,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x4F347E2BAC9D0A,0x5313107131B2B6,0x3696F8D5EFAE87,0x6517014EFA0BAB,0x240120DB}}} -var CURVE_WB=[4][5]int64 {{0x6140602080C080,0x806080C08880C1,0x2000,0x0,0x0},{0xB53904088C4A85,0xAD2FA352DC6C36,0xDA436358868EDE,0x300120,0x0},{0x5ADCB204464583,0x5697D1A96E363B,0x6D21B1AC43476F,0x180090,0x0},{0x62412020814181,0x806080C0888141,0x2000,0x0,0x0}} -var CURVE_BB=[4][4][5]int64 {{{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x100C000008102,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}},{{0x100C000008102,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x806000004082,0x40,0x0,0x0,0x0},{0x2018000010202,0x100,0x0,0x0,0x0},{0x7476BE8D2FA00A,0xD43492B2CB35BA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x806000004082,0x40,0x0,0x0,0x0}}} -*/ - -// BNT2 Curve -/* -const CURVETYPE int=WEIERSTRASS -const CURVE_A int= 0 -var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0} -var CURVE_Order=[...]int64 {0xFB71A511AA2BF5,0x8DE127B73833D7,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482} -var CURVE_Bnx=[...]int64 {0x20100608205,0x40,0x0,0x0,0x0} -var CURVE_Cru=[...]int64 {0x5027444866BD33,0x5B773016470EFB,0xC3617BECF23675,0x480006,0x0} -var CURVE_Fra=[...]int64 {0xB268C973AEF062,0xC69B33C3BCE492,0xF67FA37F195BBC,0x29E8CAB6BD0A41,0x124E0B8D} -var CURVE_Frb=[...]int64 {0x736240B1B429,0xCD48F52D196D56,0x18BBE650E72612,0x17268FF6FA43DE,0x11B1F8F5} -var CURVE_Pxa=[...]int64 {0xCC92399F40A3C8,0xCDA4E96611784A,0x7B056961706B35,0x9693C6318279D7,0x16FC17CF} -var CURVE_Pxb=[...]int64 {0x557A8AD8549540,0x6F7BE6F6510610,0x565907A95D17DB,0xBD5975909C8188,0x1EB5B500} -var CURVE_Pya=[...]int64 {0x7BECC514220513,0x4A78860E737B14,0x51B83935F12684,0x761422AA9D4DFA,0x1E8EE498} -var CURVE_Pyb=[...]int64 {0xB9328F577CE78E,0xB746E26FA5781F,0xA93DBC1FB8E27E,0xBAE33BDBA29D76,0x23CEF4CD} -var CURVE_Gx =[...]int64 {0xB2DC2BB460A48A,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482} -var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0} -var CURVE_W=[2][5]int64 {{0xB76282A1347083,0x60301399E1D10,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}} -var CURVE_SB=[2][2][5]int64 {{{0xB76684A1F5748C,0x60301399E1D90,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0x440F227075BB72,0x87DE267D9A16C7,0xF3B89CFFFC1CF,0x410F5AADB74E20,0x24000482}}} -var CURVE_WB=[4][5]int64 {{0x9272D48A70A224,0x20100688A0945,0x2000,0x0,0x0},{0x5A572CF030EF19,0x9651763543721D,0x8240FD48A1B9A3,0x300004,0x0},{0xAD2C96F848B88F,0xCB28BB1AA1B92E,0x41207EA450DCD1,0x180002,0x0},{0x9276D68B31A62D,0x20100688A09C5,0x2000,0x0,0x0}} -var CURVE_BB=[4][4][5]int64 {{{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x40200C1040A,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}},{{0x40200C1040A,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x20100608206,0x40,0x0,0x0,0x0},{0x80401820812,0x100,0x0,0x0,0x0},{0xFB6DA310E927EA,0x8DE127B7383357,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x20100608206,0x40,0x0,0x0,0x0}}} -*/ - -const USE_GLV bool = true -const USE_GS_G2 bool = true -const USE_GS_GT bool = true -const GT_STRONG bool = true http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/RSA.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/RSA.go b/go/amcl-go/RSA.go deleted file mode 100644 index 5b1cf5b..0000000 --- a/go/amcl-go/RSA.go +++ /dev/null @@ -1,373 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* RSA API high-level functions */ - -package amcl - -import "fmt" - -const RSA_RFS int = int(MODBYTES) * FFLEN - -type rsa_private_key struct { - p, q, dp, dq, c *FF -} - -func New_rsa_private_key(n int) *rsa_private_key { - SK := new(rsa_private_key) - SK.p = NewFFint(n) - SK.q = NewFFint(n) - SK.dp = NewFFint(n) - SK.dq = NewFFint(n) - SK.c = NewFFint(n) - return SK -} - -type rsa_public_key struct { - e int - n *FF -} - -func New_rsa_public_key(m int) *rsa_public_key { - PK := new(rsa_public_key) - PK.e = 0 - PK.n = NewFFint(m) - return PK -} - -func RSA_KEY_PAIR(rng *RAND, e int, PRIV *rsa_private_key, PUB *rsa_public_key) { /* IEEE1363 A16.11/A16.12 more or less */ - n := PUB.n.getlen() / 2 - t := NewFFint(n) - p1 := NewFFint(n) - q1 := NewFFint(n) - - for true { - PRIV.p.random(rng) - for PRIV.p.lastbits(2) != 3 { - PRIV.p.inc(1) - } - for !prime(PRIV.p, rng) { - PRIV.p.inc(4) - } - - p1.copy(PRIV.p) - p1.dec(1) - - if p1.cfactor(e) { - continue - } - break - } - - for true { - PRIV.q.random(rng) - for PRIV.q.lastbits(2) != 3 { - PRIV.q.inc(1) - } - for !prime(PRIV.q, rng) { - PRIV.q.inc(4) - } - - q1.copy(PRIV.q) - q1.dec(1) - - if q1.cfactor(e) { - continue - } - - break - } - - PUB.n = ff_mul(PRIV.p, PRIV.q) - PUB.e = e - - t.copy(p1) - t.shr() - PRIV.dp.set(e) - PRIV.dp.invmodp(t) - if PRIV.dp.parity() == 0 { - PRIV.dp.add(t) - } - PRIV.dp.norm() - - t.copy(q1) - t.shr() - PRIV.dq.set(e) - PRIV.dq.invmodp(t) - if PRIV.dq.parity() == 0 { - PRIV.dq.add(t) - } - PRIV.dq.norm() - - PRIV.c.copy(PRIV.p) - PRIV.c.invmodp(PRIV.q) - -} - -/* Mask Generation Function */ - -func RSA_MGF1(Z []byte, olen int, K []byte) { - H := NewHASH() - hlen := 32 - - var k int = 0 - for i := 0; i < len(K); i++ { - K[i] = 0 - } - - cthreshold := olen / hlen - if olen%hlen != 0 { - cthreshold++ - } - for counter := 0; counter < cthreshold; counter++ { - H.Process_array(Z) - H.Process_num(int32(counter)) - B := H.Hash() - - if k+hlen > olen { - for i := 0; i < olen%hlen; i++ { - K[k] = B[i] - k++ - } - } else { - for i := 0; i < hlen; i++ { - K[k] = B[i] - k++ - } - } - } -} - -func RSA_printBinary(array []byte) { - for i := 0; i < len(array); i++ { - fmt.Printf("%02x", array[i]) - } - fmt.Printf("\n") -} - -/* OAEP Message Encoding for Encryption */ -func RSA_OAEP_ENCODE(m []byte, rng *RAND, p []byte) []byte { - olen := RSA_RFS - 1 - mlen := len(m) - var f [RSA_RFS]byte - - H := NewHASH() - hlen := 32 - var SEED [32]byte - seedlen := hlen - if mlen > olen-hlen-seedlen-1 { - return nil - } - - var DBMASK [RSA_RFS - 1 - 32]byte - - if p != nil { - H.Process_array(p) - } - h := H.Hash() - for i := 0; i < hlen; i++ { - f[i] = h[i] - } - - slen := olen - mlen - hlen - seedlen - 1 - - for i := 0; i < slen; i++ { - f[hlen+i] = 0 - } - f[hlen+slen] = 1 - for i := 0; i < mlen; i++ { - f[hlen+slen+1+i] = m[i] - } - - for i := 0; i < seedlen; i++ { - SEED[i] = rng.GetByte() - } - RSA_MGF1(SEED[:], olen-seedlen, DBMASK[:]) - - for i := 0; i < olen-seedlen; i++ { - DBMASK[i] ^= f[i] - } - RSA_MGF1(DBMASK[:], seedlen, f[:]) - - for i := 0; i < seedlen; i++ { - f[i] ^= SEED[i] - } - - for i := 0; i < olen-seedlen; i++ { - f[i+seedlen] = DBMASK[i] - } - - /* pad to length RFS */ - d := 1 - for i := RSA_RFS - 1; i >= d; i-- { - f[i] = f[i-d] - } - for i := d - 1; i >= 0; i-- { - f[i] = 0 - } - return f[:] -} - -/* OAEP Message Decoding for Decryption */ -func RSA_OAEP_DECODE(p []byte, f []byte) []byte { - olen := RSA_RFS - 1 - - H := NewHASH() - hlen := 32 - var SEED [32]byte - seedlen := hlen - var CHASH [32]byte - - if olen < seedlen+hlen+1 { - return nil - } - var DBMASK [RSA_RFS - 1 - 32]byte - for i := 0; i < olen-seedlen; i++ { - DBMASK[i] = 0 - } - - if len(f) < RSA_RFS { - d := RSA_RFS - len(f) - for i := RSA_RFS - 1; i >= d; i-- { - f[i] = f[i-d] - } - for i := d - 1; i >= 0; i-- { - f[i] = 0 - } - } - - if p != nil { - H.Process_array(p) - } - h := H.Hash() - for i := 0; i < hlen; i++ { - CHASH[i] = h[i] - } - - x := f[0] - - for i := seedlen; i < olen; i++ { - DBMASK[i-seedlen] = f[i+1] - } - - RSA_MGF1(DBMASK[:], seedlen, SEED[:]) - for i := 0; i < seedlen; i++ { - SEED[i] ^= f[i+1] - } - RSA_MGF1(SEED[:], olen-seedlen, f) - for i := 0; i < olen-seedlen; i++ { - DBMASK[i] ^= f[i] - } - - comp := true - for i := 0; i < hlen; i++ { - if CHASH[i] != DBMASK[i] { - comp = false - } - } - - for i := 0; i < olen-seedlen-hlen; i++ { - DBMASK[i] = DBMASK[i+hlen] - } - - for i := 0; i < hlen; i++ { - SEED[i] = 0 - CHASH[i] = 0 - } - - var k int - for k = 0; ; k++ { - if k >= olen-seedlen-hlen { - return nil - } - if DBMASK[k] != 0 { - break - } - } - - t := DBMASK[k] - if !comp || x != 0 || t != 0x01 { - for i := 0; i < olen-seedlen; i++ { - DBMASK[i] = 0 - } - return nil - } - - var r = make([]byte, olen-seedlen-hlen-k-1) - - for i := 0; i < olen-seedlen-hlen-k-1; i++ { - r[i] = DBMASK[i+k+1] - } - - for i := 0; i < olen-seedlen; i++ { - DBMASK[i] = 0 - } - - return r -} - -/* destroy the Private Key structure */ -func RSA_PRIVATE_KEY_KILL(PRIV *rsa_private_key) { - PRIV.p.zero() - PRIV.q.zero() - PRIV.dp.zero() - PRIV.dq.zero() - PRIV.c.zero() -} - -/* RSA encryption with the public key */ -func RSA_ENCRYPT(PUB *rsa_public_key, F []byte, G []byte) { - n := PUB.n.getlen() - f := NewFFint(n) - - ff_fromBytes(f, F) - f.power(PUB.e, PUB.n) - f.toBytes(G) -} - -/* RSA decryption with the private key */ -func RSA_DECRYPT(PRIV *rsa_private_key, G []byte, F []byte) { - n := PRIV.p.getlen() - g := NewFFint(2 * n) - - ff_fromBytes(g, G) - jp := g.dmod(PRIV.p) - jq := g.dmod(PRIV.q) - - jp.skpow(PRIV.dp, PRIV.p) - jq.skpow(PRIV.dq, PRIV.q) - - g.zero() - g.dscopy(jp) - jp.mod(PRIV.q) - if ff_comp(jp, jq) > 0 { - jq.add(PRIV.q) - } - jq.sub(jp) - jq.norm() - - t := ff_mul(PRIV.c, jq) - jq = t.dmod(PRIV.q) - - t = ff_mul(jq, PRIV.p) - g.add(t) - g.norm() - - g.toBytes(F) -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/UTILS.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/UTILS.go b/go/amcl-go/UTILS.go deleted file mode 100644 index b9b9ecb..0000000 --- a/go/amcl-go/UTILS.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -package amcl - -// Generate random six digit value -func GENERATE_OTP(rng *RAND) int { - OTP := 0 - mult := 1 - for i := 0; i < 6; i++ { - val := int(rng.GetByte()) - if val < 0 { - val = -val - } - val = val % 10 - OTP = val*mult + OTP - mult = mult * 10 - } - return OTP -} - -// Generate a random byte array -func GENERATE_RANDOM(rng *RAND, randomLen int) []byte { - random := make([]byte, randomLen) - for i := 0; i < randomLen; i++ { - random[i] = rng.GetByte() - } - return random -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/UTILS_test.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/UTILS_test.go b/go/amcl-go/UTILS_test.go deleted file mode 100644 index 17058cc..0000000 --- a/go/amcl-go/UTILS_test.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -package amcl - -import ( - "encoding/hex" - "fmt" - "testing" -) - -func TestGENERATE_OTP(t *testing.T) { - cases := []int{751847, 625436, 628111, 611804, 148564, 202193, 794783, 631944, 544480, 384313} - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate the one time passwords - for _, want := range cases { - got := GENERATE_OTP(rng) - if got != want { - t.Errorf("One Time Passord %d != %d", got, want) - } - } -} - -func TestGENERATE_RANDOM(t *testing.T) { - cases := []string{"57d662d39b1b245da469e89c", "155babf8de4204e68a656f42", "727e1980e01f996d977a0a34", "7b6c39221d89546895153f10", "32e40e9ad6f50dab3f5ec63f", "f6962a1fc5add13277900871", "93ae541acd6dc3264c19a12a", "faf196291d0820c611d3fcd4", "ba0602f0f6df1908dbcffe5b", "9e93cf35ccd5141e367cf2fd"} - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate the one time passwords - for _, want := range cases { - val := GENERATE_RANDOM(rng, 12) - got := hex.EncodeToString(val) - if got != want { - t.Errorf("One Time Passord %s != %s", got, want) - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/crypto.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/crypto.go b/go/amcl-go/crypto.go deleted file mode 100644 index e2b8bbb..0000000 --- a/go/amcl-go/crypto.go +++ /dev/null @@ -1,222 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -package amcl - -const EAS int = 16 -const EGS int = int(MODBYTES) -const EFS int = int(MODBYTES) -const HASH_BYTES int = 32 -const IVS int = 12 -const G1S = 2*EFS + 1 -const G2S = 4 * EFS -const GTS = 12 * EFS - -/* create random secret S. Use GO RNG */ -func MPIN_RANDOM_GENERATE_WRAP(RNG *RAND) (int, []byte) { - var S [EGS]byte - errorCode := MPIN_RANDOM_GENERATE(RNG, S[:]) - return errorCode, S[:] -} - -/* Extract Server Secret SS=S*Q where Q is fixed generator in G2 and S is master secret */ -func MPIN_GET_SERVER_SECRET_WRAP(S []byte) (int, []byte) { - var SS [G2S]byte - errorCode := MPIN_GET_SERVER_SECRET(S[:], SS[:]) - return errorCode, SS[:] -} - -/* R=R1+R2 in group G1 */ -func MPIN_RECOMBINE_G1_WRAP(R1 []byte, R2 []byte) (int, []byte) { - var R [G1S]byte - errorCode := MPIN_RECOMBINE_G1(R1[:], R2[:], R[:]) - return errorCode, R[:] -} - -/* W=W1+W2 in group G2 */ -func MPIN_RECOMBINE_G2_WRAP(W1 []byte, W2 []byte) (int, []byte) { - var W [G2S]byte - errorCode := MPIN_RECOMBINE_G2(W1[:], W2[:], W[:]) - return errorCode, W[:] -} - -/* Client secret CS=S*H(ID) where ID is client ID and S is master secret */ -/* CID is hashed externally */ -func MPIN_GET_CLIENT_SECRET_WRAP(S []byte, ID []byte) (int, []byte) { - var CS [G1S]byte - errorCode := MPIN_GET_CLIENT_SECRET(S[:], ID[:], CS[:]) - return errorCode, CS[:] -} - -/* Time Permit TP=S*(date|H(ID)) where S is master secret */ -func MPIN_GET_CLIENT_PERMIT_WRAP(date int, S []byte, ID []byte) (int, []byte) { - var TP [G1S]byte - errorCode := MPIN_GET_CLIENT_PERMIT(date, S[:], ID[:], TP[:]) - return errorCode, TP[:] -} - -/* Extract PIN from CS for identity CID to form TOKEN */ -func MPIN_EXTRACT_PIN_WRAP(ID []byte, PIN int, CS []byte) (int, []byte) { - CSIn := make([]byte, G1S) - copy(CSIn, CS) - errorCode := MPIN_EXTRACT_PIN(ID[:], PIN, CSIn[:]) - return errorCode, CSIn[:] -} - -/* One pass MPIN Client. Using GO RNG */ -func MPIN_CLIENT_WRAP(date, TimeValue, PIN int, RNG *RAND, ID, X, TOKEN, TP, MESSAGE []byte) (int, []byte, []byte, []byte, []byte, []byte) { - var Y [EGS]byte - var SEC [G1S]byte - var U [G1S]byte - var UT [G1S]byte - errorCode := MPIN_CLIENT(date, ID, RNG, X[:], PIN, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, TimeValue, Y[:]) - return errorCode, X[:], Y[:], SEC[:], U[:], UT[:] -} - -// Precompute values for use by the client side of M-Pin Full -func MPIN_PRECOMPUTE_WRAP(TOKEN []byte, ID []byte) (int, []byte, []byte) { - var GT1 [GTS]byte - var GT2 [GTS]byte - errorCode := MPIN_PRECOMPUTE(TOKEN[:], ID[:], GT1[:], GT2[:]) - return errorCode, GT1[:], GT2[:] -} - -/* - W=x*H(G); - if RNG == NULL then X is passed in - if RNG != NULL the X is passed out - if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve - Use GO RNG -*/ -func MPIN_GET_G1_MULTIPLE_WRAP(RNG *RAND, typ int, X, G []byte) (int, []byte, []byte) { - var Z [G1S]byte - errorCode := MPIN_GET_G1_MULTIPLE(RNG, typ, X[:], G[:], Z[:]) - return errorCode, X[:], Z[:] -} - -/* One pass MPIN Server */ -func MPIN_SERVER_WRAP(date int, TimeValue int, SS, U, UT, V, ID, MESSAGE []byte) (int, []byte, []byte, []byte, []byte, []byte) { - var HID [G1S]byte - var HTID [G1S]byte - var Y [EGS]byte - var E [GTS]byte - var F [GTS]byte - - errorCode := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:], E[:], F[:], ID[:], MESSAGE[:], TimeValue) - - return errorCode, HID[:], HTID[:], Y[:], E[:], F[:] -} - -/* calculate common key on server side */ -/* Z=r.A - no time permits involved */ -func MPIN_SERVER_KEY_WRAP(Z, SS, W, U, UT []byte) (int, []byte) { - var SK [EAS]byte - errorCode := MPIN_SERVER_KEY(Z[:], SS[:], W[:], U[:], UT[:], SK[:]) - return errorCode, SK[:] -} - -/* calculate common key on client side */ -/* wCID = w.(A+AT) */ -func MPIN_CLIENT_KEY_WRAP(PIN int, GT1, GT2, R, X, T []byte) (int, []byte) { - var CK [EAS]byte - errorCode := MPIN_CLIENT_KEY(GT1[:], GT2[:], PIN, R[:], X[:], T[:], CK[:]) - return errorCode, CK[:] -} - -/* Extract big type PIN.hash(ID) from CS to form TOKEN */ -func MPIN_EXTRACT_BIG_PIN_WRAP(ID, PIN, CS []byte) (int, []byte) { - TOKEN := make([]byte, G1S) - pin := fromBytes(PIN) - P := ECP_fromBytes(CS) - if P.is_infinity() { - return MPIN_INVALID_POINT, TOKEN[:] - } - h := Hashit(0, ID) - R := mapit(h) - - R = R.mul(pin) - P.sub(R) - - P.toBytes(TOKEN) - - return 0, TOKEN[:] -} - -/* Add big type PIN.hash(ID) to TOKEN for identity ID to form CS */ -func MPIN_ADD_BIG_PIN_WRAP(ID, PIN, TOKEN []byte) (int, []byte) { - CS := make([]byte, G1S) - pin := fromBytes(PIN) - P := ECP_fromBytes(TOKEN) - if P.is_infinity() { - return MPIN_INVALID_POINT, CS[:] - } - h := Hashit(0, ID) - R := mapit(h) - - R = R.mul(pin) - P.add(R) - - P.toBytes(CS) - - return 0, CS[:] -} - -/* dst = a ^ b ^ c */ -func XORBytes(a, b, c []byte) ([]byte, int) { - n := len(a) - dst := make([]byte, n) - if (len(b) != n) || (len(c) != n) { - return dst[:], 1 - } - for i := 0; i < n; i++ { - dst[i] = a[i] ^ b[i] ^ c[i] - } - return dst[:], 0 -} - -/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */ -func MPIN_SERVER_1_WRAP(date int, ID []byte) ([]byte, []byte) { - var HID [G1S]byte - var HTID [G1S]byte - MPIN_SERVER_1(date, ID, HID[:], HTID[:]) - return HID[:], HTID[:] -} - -/* Implement step 2 of MPin protocol on server side */ -func MPIN_SERVER_2_WRAP(date int, HID []byte, HTID []byte, Y []byte, SS []byte, U []byte, UT []byte, V []byte) (int, []byte, []byte) { - var E [12 * EFS]byte - var F [12 * EFS]byte - errorCode := MPIN_SERVER_2(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:], E[:], F[:]) - return errorCode, E[:], F[:] -} - -/* Implement step 1 on client side of MPin protocol */ -func MPIN_CLIENT_1_WRAP(date int, ID []byte, rng *RAND, X []byte, PIN int, TOKEN []byte, TP []byte) (int, []byte, []byte, []byte, []byte) { - var SEC [G1S]byte - var U [G1S]byte - var UT [G1S]byte - errorCode := MPIN_CLIENT_1(date, ID[:], rng, X[:], PIN, TOKEN[:], SEC[:], U[:], UT[:], TP[:]) - return errorCode, X[:], SEC[:], U[:], UT[:] -} - -/* Implement step 2 on client side of MPin protocol */ -func MPIN_CLIENT_2_WRAP(X []byte, Y []byte, SEC []byte) (int, []byte) { - errorCode := MPIN_CLIENT_2(X[:], Y[:], SEC[:]) - return errorCode, SEC[:] -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/crypto_test.go ---------------------------------------------------------------------- diff --git a/go/amcl-go/crypto_test.go b/go/amcl-go/crypto_test.go deleted file mode 100644 index 710204e..0000000 --- a/go/amcl-go/crypto_test.go +++ /dev/null @@ -1,1194 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -package amcl - -import ( - "crypto/rand" - "encoding/hex" - "fmt" - mathrand "math/rand" - "testing" - - "github.com/stretchr/testify/assert" -) - -const nIter int = 1000 - -func TestCryptoGoodPIN(t *testing.T) { - want := 0 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Message to sign - var MESSAGE []byte - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoBadPIN(t *testing.T) { - want := -19 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1235 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Message to sign - var MESSAGE []byte - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - ////// Client ////// - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - ////// Server ////// - got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoBadToken(t *testing.T) { - want := -19 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Message to sign - var MESSAGE []byte - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, _, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - // Send UT as V to model bad token - got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], ID[:], MESSAGE[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoRandom(t *testing.T) { - want := 0 - - for i := 0; i < nIter; i++ { - - // Seed value for Random Number Generator (RNG) - seed := make([]byte, 16) - rand.Read(seed) - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Epoch time in days - date := MPIN_today() - - // Epoch time in seconds - timeValue := MPIN_GET_TIME() - - // PIN variable to create token - PIN1 := mathrand.Intn(10000) - // PIN variable to authenticate - PIN2 := PIN1 - - // Assign the End-User a random ID - ID := make([]byte, 16) - rand.Read(ID) - - // Message to sign - var MESSAGE []byte - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - assert.Equal(t, want, got, "Should be equal") - } -} - -func TestCryptoGoodSignature(t *testing.T) { - want := 0 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Message to sign - MESSAGE := []byte("test message to sign") - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - // Authenticate - got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoSignatureExpired(t *testing.T) { - want := -19 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Message to sign - MESSAGE := []byte("test message to sign") - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - timeValue += 10 - // Authenticate - got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoBadSignature(t *testing.T) { - want := -19 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Message to sign - MESSAGE := []byte("test message to sign") - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - // Authenticate - MESSAGE[0] = 00 - got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoPINError(t *testing.T) { - want := 1 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1235 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Message to sign - var MESSAGE []byte - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - _, _, _, _, E, F := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - - got := MPIN_KANGAROO(E[:], F[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoMPINFull(t *testing.T) { - want := "0afc948b03b2733a0663571f86411a07" - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // Epoch time in seconds - timeValue := 1439465203 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Message to sign - var MESSAGE []byte - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Precomputation - _, G1, G2 := MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID) - - // Send U, UT, V, timeValue and Message to server - var X [EGS]byte - _, XOut, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:]) - - // Send Z=r.ID to Server - var R [EGS]byte - _, ROut, Z := MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:]) - - // Authenticate - _, _, HTID, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:]) - - // send T=w.ID to client - var W [EGS]byte - _, WOut, T := MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:]) - - _, AES_KEY_SERVER := MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], U[:], UT[:]) - got := hex.EncodeToString(AES_KEY_SERVER[:]) - if got != want { - t.Errorf("%s != %s", want, got) - } - - _, AES_KEY_CLIENT := MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], T[:]) - got = hex.EncodeToString(AES_KEY_CLIENT[:]) - assert.Equal(t, want, got, "Should be equal") -} - -// Subtract a 256 bit PIN -func TestCrypoSubBigPIN(t *testing.T) { - want := "042182235070802ebc33633e70e6628f48fd896e86dfc40c81227caa2792367a581d461dbba6efa30896c71f427df335885142cc6fb64ba082ff9573b9276475c0" - - IDHex := "7465737455736572406365727469766f782e636f6d" - ID, err := hex.DecodeString(IDHex) - assert.Equal(t, nil, err, "Should be equal") - - TOKENHex := "0422a522b5c05d06cde3a65872656ab596e111c4ea7c0c349bac26f0bdaf7d5f0a1ea8a0cab99d06677cfbc3c8d667e7b0af33b9ed4df007b0ccc8c2b77353bbe6" - TOKEN, err := hex.DecodeString(TOKENHex) - assert.Equal(t, nil, err, "Should be equal") - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - assert.Equal(t, nil, err, "Should be equal") - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate big PIN - 256 bits - errorCode, PIN := MPIN_RANDOM_GENERATE_WRAP(rng) - assert.Equal(t, 0, errorCode, "Should be equal") - - // Extract big PIN - errorCode, TK := MPIN_EXTRACT_BIG_PIN_WRAP(ID[:], PIN[:], TOKEN[:]) - assert.Equal(t, 0, errorCode, "Should be equal") - got := hex.EncodeToString(TK[:]) - assert.Equal(t, want, got, "Should be equal") -} - -// Add a 256 bit PIN -func TestCrypoAddBigPIN(t *testing.T) { - want := "0422a522b5c05d06cde3a65872656ab596e111c4ea7c0c349bac26f0bdaf7d5f0a1ea8a0cab99d06677cfbc3c8d667e7b0af33b9ed4df007b0ccc8c2b77353bbe6" - - IDHex := "7465737455736572406365727469766f782e636f6d" - ID, err := hex.DecodeString(IDHex) - assert.Equal(t, nil, err, "Should be equal") - - TOKENHex := "042182235070802ebc33633e70e6628f48fd896e86dfc40c81227caa2792367a581d461dbba6efa30896c71f427df335885142cc6fb64ba082ff9573b9276475c0" - TOKEN, err := hex.DecodeString(TOKENHex) - assert.Equal(t, nil, err, "Should be equal") - - PINHex := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3" - PIN, err := hex.DecodeString(PINHex) - assert.Equal(t, nil, err, "Should be equal") - - // Extract big PIN - errorCode, TK := MPIN_ADD_BIG_PIN_WRAP(ID[:], PIN[:], TOKEN[:]) - assert.Equal(t, 0, errorCode, "Should be equal") - got := hex.EncodeToString(TK[:]) - assert.Equal(t, want, got, "Should be equal") -} - -// Split key -func TestCryptoSplitKey(t *testing.T) { - want := "64b36b7a0395e61350de8839adb019d5ae2134052b8533e7c4bbab3965e0af1b" - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - assert.Equal(t, nil, err, "Should be equal") - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate big PIN - 256 bits - errorCode, PIN := MPIN_RANDOM_GENERATE_WRAP(rng) - assert.Equal(t, 0, errorCode, "Should be equal") - PINHex := hex.EncodeToString(PIN[:]) - PINGoldHex := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3" - assert.Equal(t, PINGoldHex, PINHex, "Should be equal") - - n := len(PIN) - // Split key by C = PIN ^ A ^ B - A := GENERATE_RANDOM(rng, n) - - B := GENERATE_RANDOM(rng, n) - - C, errorCode := XORBytes(PIN[:], A[:], B[:]) - assert.Equal(t, 0, errorCode, "Should be equal") - got := hex.EncodeToString(C[:]) - assert.Equal(t, want, got, "Should be equal") -} - -// Combine key shares -func TestCryptoCombineKey(t *testing.T) { - want := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3" - - CHex := "64b36b7a0395e61350de8839adb019d5ae2134052b8533e7c4bbab3965e0af1b" - C, err := hex.DecodeString(CHex) - assert.Equal(t, nil, err, "Should be equal") - - AHex := "c5add1327790087193ae541acd6dc3264c19a12afaf196291d0820c611d3fcd4" - A, err := hex.DecodeString(AHex) - assert.Equal(t, nil, err, "Should be equal") - - BHex := "ba0602f0f6df1908dbcffe5b9e93cf35ccd5141e367cf2fdac4e0a573563477c" - B, err := hex.DecodeString(BHex) - assert.Equal(t, nil, err, "Should be equal") - - // Combine key shares PIN = A ^ B ^ C - PIN, errorCode := XORBytes(C[:], A[:], B[:]) - assert.Equal(t, 0, errorCode, "Should be equal") - got := hex.EncodeToString(PIN[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoTwoPassGoodPIN(t *testing.T) { - want := 0 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Client Pass 1 - var X [EGS]byte - _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) - - // Server Pass 1 - HID, HTID := MPIN_SERVER_1_WRAP(date, ID) - _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Client Pass 2 - _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) - - // Server Pass 2 - got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoTwoPassBadPIN(t *testing.T) { - want := -19 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1235 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Client Pass 1 - var X [EGS]byte - _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) - - // Server Pass 1 - HID, HTID := MPIN_SERVER_1_WRAP(date, ID) - _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Client Pass 2 - _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) - - // Server Pass 2 - got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoTwoPassBadToken(t *testing.T) { - want := -19 - // Assign the End-User an ID - IDstr := "[email protected]" - ID := []byte(IDstr) - - // Epoch time in days - date := 16660 - - // PIN variable to create token - PIN1 := 1234 - // PIN variable to authenticate - PIN2 := 1234 - - // Seed value for Random Number Generator (RNG) - seedHex := "9e8b4178790cd57a5761c4a6f164ba72" - seed, err := hex.DecodeString(seedHex) - if err != nil { - fmt.Println("Error decoding seed value") - return - } - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Client Pass 1 - var X [EGS]byte - _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) - - // Server Pass 1 - HID, HTID := MPIN_SERVER_1_WRAP(date, ID) - _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Client Pass 2 - _, _ = MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) - - // Server Pass 2 - // Send UT as V to model bad token - got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], UT[:]) - assert.Equal(t, want, got, "Should be equal") -} - -func TestCryptoRandomTwoPass(t *testing.T) { - want := 0 - - for i := 0; i < nIter; i++ { - - // Seed value for Random Number Generator (RNG) - seed := make([]byte, 16) - rand.Read(seed) - rng := NewRAND() - rng.Seed(len(seed), seed) - - // Epoch time in days - date := MPIN_today() - - // PIN variable to create token - PIN1 := mathrand.Intn(10000) - // PIN variable to authenticate - PIN2 := PIN1 - - // Assign the End-User a random ID - ID := make([]byte, 16) - rand.Read(ID) - - // Generate Master Secret Share 1 - _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Generate Master Secret Share 2 - _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Either Client or TA calculates Hash(ID) - HCID := MPIN_HASH_ID(ID) - - // Generate server secret share 1 - _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:]) - - // Generate server secret share 2 - _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:]) - - // Combine server secret shares - _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:]) - - // Generate client secret share 1 - _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID) - - // Generate client secret share 2 - _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID) - - // Combine client secret shares - CS := make([]byte, G1S) - _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:]) - - // Generate time permit share 1 - _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID) - - // Generate time permit share 2 - _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID) - - // Combine time permit shares - _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:]) - - // Create token - _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:]) - - // Client Pass 1 - var X [EGS]byte - _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:]) - - // Server Pass 1 - HID, HTID := MPIN_SERVER_1_WRAP(date, ID) - _, Y := MPIN_RANDOM_GENERATE_WRAP(rng) - - // Client Pass 2 - _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:]) - - // Server Pass 2 - got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:]) - assert.Equal(t, want, got, "Should be equal") - - } -}
