This is an automated email from the ASF dual-hosted git repository. kmccusker pushed a commit to branch update-code in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto.git
commit cd3086fb8a103a6d9c549157f4c8d4141c288206 Author: Kealan McCusker <[email protected]> AuthorDate: Thu Nov 24 11:54:12 2016 +0000 fixed bug in MPIN.js --- js/MPIN.js | 10 +- js/MPINAuth.js | 1 - js/ROM.js | 38 +- js/tests/BNCX.json | 1 + js/tests/BNCXOnePass.json | 1 + js/tests/MPIN.js | 799 ------------------------------ js/tests/README.md | 25 + js/tests/README.txt | 111 ----- js/tests/TestMPIN.js | 151 ------ js/tests/TestMPINAuth.js | 161 ------ js/tests/TestMPINAuthOnePass.js | 149 ------ js/tests/{config.js_local => config.js} | 21 - js/tests/config.js_qa | 41 -- js/tests/genVectorFixed.py | 260 ---------- js/tests/genVectors.py | 416 ---------------- js/tests/genVectorsOnePass.py | 412 --------------- js/tests/getClientSecret.js | 112 ----- js/tests/getTimePermit.js | 115 ----- js/tests/run_headless_tests.sh | 63 --- js/tests/{run_js_tests.sh => run_test.sh} | 42 +- js/tests/test_add_shares.js | 3 - js/tests/test_bad_PIN_AJAX.js | 388 --------------- js/tests/test_bad_PIN_WS.js | 326 ------------ js/tests/test_good_PIN_AJAX.js | 387 --------------- js/tests/test_good_PIN_WS.js | 325 ------------ js/tests/test_onepass.js | 5 +- js/tests/test_pass1.js | 3 - js/tests/test_pass2.js | 3 - js/tests/test_randomX.js | 2 - js/tests/test_sha256.js | 2 - js/tests/test_token.js | 3 - 31 files changed, 85 insertions(+), 4291 deletions(-) diff --git a/js/MPIN.js b/js/MPIN.js index 5a3d825..837b4fd 100755 --- a/js/MPIN.js +++ b/js/MPIN.js @@ -633,12 +633,18 @@ var MPIN = { SERVER: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F,CID,TimeValue) { var rtn=0; + var pID; + if (date == 0) { + pID = xID; + } else { + pID = xCID; + } this.SERVER_1(date,CID,HID,HTID); - this.GET_Y(TimeValue,xCID,Y); + this.GET_Y(TimeValue,pID,Y); - rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F); + rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F); if (rtn != 0) return rtn; diff --git a/js/MPINAuth.js b/js/MPINAuth.js index 1733fe6..7cacb65 100755 --- a/js/MPINAuth.js +++ b/js/MPINAuth.js @@ -291,7 +291,6 @@ MPINAuth.pass1Request = function (mpin_id_hex, token_hex, timePermit_hex, PIN, e token_bytes = MPINAuth.hextobytes(token_hex); timePermit_bytes = MPINAuth.hextobytes(timePermit_hex); - if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request date: " + date); } error_code = MPIN.CLIENT_1(epoch_days, mpin_id_bytes, MPINAuth.rng, MPINAuth.X, PIN, token_bytes, MPINAuth.SEC, U, UT, timePermit_bytes); if (error_code !== 0) { console.log("MPINAuth.pass1Request error_code: " + error_code); diff --git a/js/ROM.js b/js/ROM.js index 575cc5a..7a91844 100755 --- a/js/ROM.js +++ b/js/ROM.js @@ -36,10 +36,10 @@ var ROM={ EDWARDS: 1, MONTGOMERY: 2, - USE_GLV: true, - USE_GS_G2: true, + USE_GLV: false, + USE_GS_G2: false, USE_GS_GT: true, - GT_STRONG: true, + GT_STRONG: false, /* Finite field support - for RSA, DH etc. */ FF_BITS: 2048, /* Finite Field Size in bits - must be 256.2^n */ @@ -297,10 +297,34 @@ var ROM={ CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616], CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], CURVE_Gy :[0x1], - CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60],[0x802561,0x7,0x8000]], - CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60],[0x802561,0x7,0x8000]],[[0x802561,0x7,0x8000],[0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]], - CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20],[0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000],[0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000],[0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20]], - CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],[0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],[0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],[0x802562,0x7,0x8000]],[[0x802561,0x7,0x8000],[0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63 [...] + +// Arrays must be padded! + + CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]], + CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0], + [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0], + [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0], + [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]], + CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]], + [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]], + [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0], + [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400], + [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]], /* BNT Curve */ /* diff --git a/js/tests/BNCX.json b/js/tests/BNCX.json new file mode 100644 index 0000000..7cf034b --- /dev/null +++ b/js/tests/BNCX.json @@ -0,0 +1 @@ +[{"SS1": "1520a952de349f533b6aafdf89373840c6cedb5d80c10cbb77fd2977d1260f261bc1aab33387ea29d5a229d03b86b755a1cd958b5465b765789d45d69394254309dbeca19eb8d87e2b68b3b3313d518da6af44cbf7dc99db73345236e0f69ffb049ae528f8ea5f1f431e5292b50206951e0869e471140dbd044533d74c8f35bc", "SS2": "0b5dc395464513d1b8456fb4b1e131855a171693043115db8b9213fc5cb6ab060706ddf77a2d716129f095627102642c916f0528abc8c613dc4e3efc3685407206502735e18685ca4870db8dfaa6bcf65c0ca58426841ce84686b495a2a07f61167068abb790a36d2bd624a [...] \ No newline at end of file diff --git a/js/tests/BNCXOnePass.json b/js/tests/BNCXOnePass.json new file mode 100644 index 0000000..4556b1c --- /dev/null +++ b/js/tests/BNCXOnePass.json @@ -0,0 +1 @@ +[{"TimeValue": 1437055594, "SS1": "082fc0a0f340a1d18b51be28d0fc1c14210361ee9cd89e33bbfbaceaf91b0ef90d00773c9450f6db74a254f4bdcdb0bd501a30de15975b47c82e284d5bd42f1c23e5780693e63da58f50535b2c012f89392df1ed33b476e0b516e78489726edb0002284e932e4a13a0e6e838be28ab8973a5fa9a60760e5682a0d29a8b5dc6cf", "SS2": "2387f35da03b890e44669846486d5d55abb85eb13f6f2929a5f4d65d1953cb670b8eca87941c87a1bc9965b71b023a6bcc5af324c0824789c8b9b45ec38fda1604257638e754f2b7b6ca3b62e6b3478ac5dfc8854aed61366a52febbf4ec47 [...] \ No newline at end of file diff --git a/js/tests/MPIN.js b/js/tests/MPIN.js deleted file mode 100755 index f91c691..0000000 --- a/js/tests/MPIN.js +++ /dev/null @@ -1,799 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -/* MPIN API Functions */ - -MPIN = { - BAD_PARAMS:-11, - INVALID_POINT:-14, - WRONG_ORDER:-18, - BAD_PIN:-19, -/* configure PIN here */ - MAXPIN:10000, /* max PIN */ - PBLEN:14, /* MAXPIN length in bits */ - TS:10, /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */ - TRAP:200, /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */ - EFS:ROM.MODBYTES, - EGS:ROM.MODBYTES, - PAS:16, - -/* return time in slots since epoch */ - today: function() { - var now=new Date(); - return Math.floor(now.getTime()/(60000*1440)); // for daily tokens - }, - - bytestostring: function(b) - { - var s=""; - var len=b.length; - var ch; - - for (var i=0;i<len;i++) - { - ch=b[i]; - s+=((ch>>>4)&15).toString(16); - s+=(ch&15).toString(16); - - } - return s; - }, - - stringtobytes: function(s) - { - var b=[]; - for (var i=0;i<s.length;i++) - b.push(s.charCodeAt(i)); - return b; - }, - - comparebytes: function(a,b) - { - if (a.length!=b.length) return false; - for (var i=0;i<a.length;i++) - { - if (a[i]!=b[i]) return false; - } - return true; - }, - - -/* Hash number (optional) and string to point on curve */ - - hashit: function(n,ID) - { - var H=new HASH(); - if (n!==0) H.process_num(n); - H.process_array(ID); - return H.hash(); - }, - - mapit: function(h) - { - var q=new BIG(0); q.rcopy(ROM.Modulus); - var x=BIG.fromBytes(h); - x.mod(q); - var P=new ECP(); - while (true) - { - P.setxi(x,0); - if (!P.is_infinity()) break; - x.inc(1); x.norm(); - } - return P; - }, - -/* needed for SOK */ - mapit2: function(h) - { - var q=new BIG(0); q.rcopy(ROM.Modulus); - var x=BIG.fromBytes(h); - var one=new BIG(1); - x.mod(q); - var Q,T,K,X; - while (true) - { - X=new FP2(one,x); - Q=new ECP2(); Q.setx(X); - if (!Q.is_infinity()) break; - x.inc(1); x.norm(); - } -/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */ - - var Fa=new BIG(0); Fa.rcopy(ROM.CURVE_Fra); - var Fb=new BIG(0); Fb.rcopy(ROM.CURVE_Frb); - X=new FP2(Fa,Fb); - x=new BIG(0); x.rcopy(ROM.CURVE_Bnx); - - T=new ECP2(); T.copy(Q); - T.mul(x); T.neg(); - K=new ECP2(); K.copy(T); - K.dbl(); K.add(T); K.affine(); - - K.frob(X); - Q.frob(X); Q.frob(X); Q.frob(X); - Q.add(T); Q.add(K); - T.frob(X); T.frob(X); - Q.add(T); - Q.affine(); - return Q; - - }, - -/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */ -/* maps a random u to a point on the curve */ - map: function(u,cb) - { - var P=new ECP(); - var x=new BIG(u); - var p=new BIG(0); p.rcopy(ROM.Modulus); - x.mod(p); - while (true) - { - P.setxi(x,cb); - if (!P.is_infinity()) break; - x.inc(1); x.norm(); - } - return P; - }, - -/* returns u derived from P. Random value in range 1 to return value should then be added to u */ - unmap: function(u,P) - { - var s=P.getS(); - var R=new ECP(); - var r=0; - var x=P.getX(); - u.copy(x); - while (true) - { - u.dec(1); u.norm(); - r++; - R.setxi(u,s); //=new ECP(u,s); - if (!R.is_infinity()) break; - } - return r; - }, - -/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */ -/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */ -/* Note that u and v are indistinguisible from random strings */ - ENCODING: function(rng,E) - { - var i,rn,m,su,sv; - var T=[]; - - for (i=0;i<this.EFS;i++) T[i]=E[i+1]; - var u=BIG.fromBytes(T); - for (i=0;i<this.EFS;i++) T[i]=E[i+this.EFS+1]; - var v=BIG.fromBytes(T); - - var P=new ECP(0); P.setxy(u,v); - if (P.is_infinity()) return this.INVALID_POINT; - - var p=new BIG(0); p.rcopy(ROM.Modulus); - u=BIG.randomnum(p,rng); - - su=rng.getByte(); if (su<0) su=-su; su%=2; - - var W=this.map(u,su); - P.sub(W); - sv=P.getS(); - rn=this.unmap(v,P); - m=rng.getByte(); if (m<0) m=-m; m%=rn; - v.inc(m+1); - E[0]=(su+2*sv); - u.toBytes(T); - for (i=0;i<this.EFS;i++) E[i+1]=T[i]; - v.toBytes(T); - for (i=0;i<this.EFS;i++) E[i+this.EFS+1]=T[i]; - - return 0; - }, - - DECODING: function(D) - { - var i,su,sv; - var T=[]; - - if ((D[0]&0x04)!==0) return this.INVALID_POINT; - - for (i=0;i<this.EFS;i++) T[i]=D[i+1]; - var u=BIG.fromBytes(T); - for (i=0;i<this.EFS;i++) T[i]=D[i+this.EFS+1]; - var v=BIG.fromBytes(T); - - su=D[0]&1; - sv=(D[0]>>1)&1; - var W=this.map(u,su); - var P=this.map(v,sv); - P.add(W); - u=P.getX(); - v=P.getY(); - D[0]=0x04; - u.toBytes(T); - for (i=0;i<this.EFS;i++) D[i+1]=T[i]; - v.toBytes(T); - for (i=0;i<this.EFS;i++) D[i+this.EFS+1]=T[i]; - - return 0; - }, - -/* R=R1+R2 in group G1 */ - RECOMBINE_G1: function(R1,R2,R) - { - var P=ECP.fromBytes(R1); - var Q=ECP.fromBytes(R2); - - if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT; - - P.add(Q); - - P.toBytes(R); - return 0; - }, - -/* W=W1+W2 in group G2 */ - RECOMBINE_G2: function(W1,W2,W) - { - var P=ECP2.fromBytes(W1); - var Q=ECP2.fromBytes(W2); - - if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT; - - P.add(Q); - - P.toBytes(W); - return 0; - }, - - HASH_ID: function(ID) - { - return this.hashit(0,ID); - }, - -/* create random secret S */ - RANDOM_GENERATE: function(rng,S) - { - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - var s=BIG.randomnum(r,rng); - - s.toBytes(S); - return 0; - }, - -/* Extract PIN from TOKEN for identity CID */ - EXTRACT_PIN: function(CID,pin,TOKEN) - { - var P=ECP.fromBytes(TOKEN); - if (P.is_infinity()) return this.INVALID_POINT; - var h=this.hashit(0,CID); - var R=this.mapit(h); - - pin%=this.MAXPIN; - - R=R.pinmul(pin,this.PBLEN); - P.sub(R); - - P.toBytes(TOKEN); - - return 0; - }, - -/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */ - GET_SERVER_SECRET: function(S,SST) - { - - var A=new BIG(0); - var B=new BIG(0); - A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); - var QX=new FP2(0); QX.bset(A,B); - A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); - var QY=new FP2(0); QY.bset(A,B); - - var Q=new ECP2(); - Q.setxy(QX,QY); - - var s=BIG.fromBytes(S); - Q=PAIR.G2mul(Q,s); - Q.toBytes(SST); - return 0; - }, - - -/* - W=x*H(G); - if RNG == NULL then X is passed in - if RNG != NULL the X is passed out - if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve -*/ - GET_G1_MULTIPLE: function(rng,type,X,G,W) - { - var x; - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - - if (rng!=null) - { - x=BIG.randomnum(r,rng); - x.toBytes(X); - } - else - { - x=BIG.fromBytes(X); - } - var P; - if (type==0) - { - P=ECP.fromBytes(G); - if (P.is_infinity()) return INVALID_POINT; - } - else - P=this.mapit(G); - - PAIR.G1mul(P,x).toBytes(W); - return 0; - }, - - -/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */ - GET_CLIENT_SECRET: function(S,CID,CST) - { - return this.GET_G1_MULTIPLE(null,1,S,CID,CST); - }, - -/* Time Permit CTT=S*(date|H(CID)) where S is master secret */ - GET_CLIENT_PERMIT: function(date,S,CID,CTT) - { - var h=this.hashit(date,CID); - var P=this.mapit(h); - - var s=BIG.fromBytes(S); - P=PAIR.G1mul(P,s); - P.toBytes(CTT); - return 0; - }, - -/* Implement step 1 on client side of MPin protocol */ - CLIENT_1: function(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT) - { - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - var q=new BIG(0); q.rcopy(ROM.Modulus); - var x; - if (rng!==null) - { - x=BIG.randomnum(r,rng); - x.toBytes(X); - } - else - { - x=BIG.fromBytes(X); - } - var P,T,W; - - var h=this.hashit(0,CLIENT_ID); - P=this.mapit(h); - T=ECP.fromBytes(TOKEN); - if (T.is_infinity()) return this.INVALID_POINT; - - pin%=this.MAXPIN; - W=P.pinmul(pin,this.PBLEN); - T.add(W); - - if (date!=0) - { - W=ECP.fromBytes(PERMIT); - if (W.is_infinity()) return this.INVALID_POINT; - T.add(W); - h=this.hashit(date,h); - W=this.mapit(h); - if (xID!=null) - { - P=PAIR.G1mul(P,x); - P.toBytes(xID); - W=PAIR.G1mul(W,x); - P.add(W); - } - else - { - P.add(W); - P=PAIR.G1mul(P,x); - } - if (xCID!=null) P.toBytes(xCID); - } - else - { - if (xID!=null) - { - P=PAIR.G1mul(P,x); - P.toBytes(xID); - } - } - - T.toBytes(SEC); - return 0; - }, - -/* Implement step 2 on client side of MPin protocol */ - CLIENT_2: function(X,Y,SEC) - { - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - var P=ECP.fromBytes(SEC); - if (P.is_infinity()) return this.INVALID_POINT; - - var px=BIG.fromBytes(X); - var py=BIG.fromBytes(Y); - px.add(py); - px.mod(r); - px.rsub(r); - - PAIR.G1mul(P,px).toBytes(SEC); - return 0; - }, - -/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */ - SERVER_1: function(date,CID,HID,HTID) - { - var h=this.hashit(0,CID); - var R,P=this.mapit(h); - - if (date!==0) - { - if (HID!=null) P.toBytes(HID); - h=this.hashit(date,h); - R=this.mapit(h); - P.add(R); - P.toBytes(HTID); - } - else P.toBytes(HID); - }, - -/* Implement step 1 of MPin protocol on server side */ - SERVER_2: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F) - { - var A=new BIG(0); - var B=new BIG(0); - A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); - var QX=new FP2(0); QX.bset(A,B); - A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); - var QY=new FP2(0); QY.bset(A,B); - - var Q=new ECP2(); - Q.setxy(QX,QY); - - var sQ=ECP2.fromBytes(SST); - if (sQ.is_infinity()) return this.INVALID_POINT; - - var R; - if (date!==0) - R=ECP.fromBytes(xCID); - else - { - if (xID==null) return this.BAD_PARAMS; - R=ECP.fromBytes(xID); - } - if (R.is_infinity()) return this.INVALID_POINT; - - var y=BIG.fromBytes(Y); - var P; - - if (date!=0) P=ECP.fromBytes(HTID); - else - { - if (HID==null) return this.BAD_PARAMS; - P=ECP.fromBytes(HID); - } - if (P.is_infinity()) return this.INVALID_POINT; - - P=PAIR.G1mul(P,y); - P.add(R); - R=ECP.fromBytes(mSEC); - if (R.is_infinity()) return this.INVALID_POINT; - - var g=PAIR.ate2(Q,R,sQ,P); - g=PAIR.fexp(g); - - if (!g.isunity()) - { - if (HID!=null && xID!=null && E!=null && F!=null) - { - g.toBytes(E); - if (date!==0) - { - P=ECP.fromBytes(HID); - if (P.is_infinity()) return this.INVALID_POINT; - R=ECP.fromBytes(xID); - if (R.is_infinity()) return this.INVALID_POINT; - - P=PAIR.G1mul(P,y); - P.add(R); - } - g=PAIR.ate(Q,P); - g=PAIR.fexp(g); - - g.toBytes(F); - } - return this.BAD_PIN; - } - return 0; - }, - -/* Pollards kangaroos used to return PIN error */ - KANGAROO: function(E,F) - { - var ge=FP12.fromBytes(E); - var gf=FP12.fromBytes(F); - var distance = []; - var t=new FP12(gf); - var table=[]; - var i,j,m,s,dn,dm,res,steps; - - s=1; - for (m=0;m<this.TS;m++) - { - distance[m]=s; - table[m]=new FP12(t); - s*=2; - t.usqr(); - } - t.one(); - dn=0; - for (j=0;j<this.TRAP;j++) - { - i=t.geta().geta().getA().lastbits(8)%this.TS; - t.mul(table[i]); - dn+=distance[i]; - } - gf.copy(t); gf.conj(); - steps=0; dm=0; - res=0; - while (dm-dn<this.MAXPIN) - { - steps++; - if (steps>4*this.TRAP) break; - i=ge.geta().geta().getA().lastbits(8)%this.TS; - ge.mul(table[i]); - dm+=distance[i]; - if (ge.equals(t)) - { - res=dm-dn; - break; - } - if (ge.equals(gf)) - { - res=dn-dm; - break; - } - - } - if (steps>4*this.TRAP || dm-dn>=this.MAXPIN) {res=0; } // Trap Failed - probable invalid token - return res; - }, - - /* return time since epoch */ - GET_TIME: function() { - var now=new Date(); - return Math.floor(now.getTime()/(1000)); - }, - - /* y = H(time,xCID) */ - GET_Y: function(TimeValue,xCID,Y) - { - var q=new BIG(0); - q.rcopy(ROM.CURVE_Order); - var h=this.hashit(TimeValue,xCID); - var y=BIG.fromBytes(h); - y.mod(q); - y.toBytes(Y); - return 0; - }, - - /* One pass MPIN Client */ - CLIENT: function(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT,TimeValue,Y) - { - - var rtn=0; - var pID; - if (date == 0) { - pID = xID; - } else { - pID = xCID; - } - - rtn = this.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT); - if (rtn != 0) - return rtn; - - this.GET_Y(TimeValue,pID,Y); - - rtn = this.CLIENT_2(X,Y,SEC); - if (rtn != 0) - return rtn; - - return 0; - }, - - /* One pass MPIN Server */ - SERVER: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F,CID,TimeValue) - { - var rtn=0; - var pID; - if (date == 0) { - pID = xID; - } else { - pID = xCID; - } - - this.SERVER_1(date,CID,HID,HTID); - - this.GET_Y(TimeValue,pID,Y); - - rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F); - if (rtn != 0) - return rtn; - - return 0; - }, - -/* Functions to support M-Pin Full */ - - PRECOMPUTE: function(TOKEN,CID,G1,G2) - { - var P,T; - var g; - - T=ECP.fromBytes(TOKEN); - if (T.is_infinity()) return INVALID_POINT; - - P=this.mapit(CID); - - var A=new BIG(0); - var B=new BIG(0); - A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb); - var QX=new FP2(0); QX.bset(A,B); - A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb); - var QY=new FP2(0); QY.bset(A,B); - - var Q=new ECP2(); - Q.setxy(QX,QY); - - g=PAIR.ate(Q,T); - g=PAIR.fexp(g); - g.toBytes(G1); - - g=PAIR.ate(Q,P); - g=PAIR.fexp(g); - g.toBytes(G2); - - return 0; - }, - -/* calculate common key on client side */ -/* wCID = w.(A+AT) */ - CLIENT_KEY: function(G1,G2,pin,R,X,wCID,CK) - { - var H=new HASH(); - var t=[]; - - var g1=FP12.fromBytes(G1); - var g2=FP12.fromBytes(G2); - var z=BIG.fromBytes(R); - var x=BIG.fromBytes(X); - - var W=ECP.fromBytes(wCID); - if (W.is_infinity()) return INVALID_POINT; - - W=PAIR.G1mul(W,x); - - var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra); - var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb); - var f=new FP2(fa,fb); //f.bset(fa,fb); - - var r=new BIG(0); r.rcopy(ROM.CURVE_Order); - var q=new BIG(0); q.rcopy(ROM.Modulus); - - var m=new BIG(q); - m.mod(r); - - var a=new BIG(z); - a.mod(m); - - var b=new BIG(z); - b.div(m); - - g2.pinpow(pin,this.PBLEN); - g1.mul(g2); - - var c=g1.trace(); - g2.copy(g1); - g2.frob(f); - var cp=g2.trace(); - g1.conj(); - g2.mul(g1); - var cpm1=g2.trace(); - g2.mul(g1); - var cpm2=g2.trace(); - - c=c.xtr_pow2(cp,cpm1,cpm2,a,b); - - c.geta().getA().toBytes(t); - H.process_array(t); - c.geta().getB().toBytes(t); - H.process_array(t); - c.getb().getA().toBytes(t); - H.process_array(t); - c.getb().getB().toBytes(t); - H.process_array(t); - - W.getX().toBytes(t); - H.process_array(t); - W.getY().toBytes(t); - H.process_array(t); - - t=H.hash(); - for (var i=0;i<this.PAS;i++) CK[i]=t[i]; - - return 0; - }, - -/* calculate common key on server side */ -/* Z=r.A - no time permits involved */ - - SERVER_KEY: function(Z,SST,W,xID,xCID,SK) - { - var H=new HASH(); - var t=[]; - - var sQ=ECP2.fromBytes(SST); - if (sQ.is_infinity()) return INVALID_POINT; - var R=ECP.fromBytes(Z); - if (R.is_infinity()) return INVALID_POINT; - - var U; - if (xCID!=null) - U=ECP.fromBytes(xCID); - else - U=ECP.fromBytes(xID); - if (U.is_infinity()) return INVALID_POINT; - - var w=BIG.fromBytes(W); - U=PAIR.G1mul(U,w); - var g=PAIR.ate(sQ,R); - g=PAIR.fexp(g); - - var c=g.trace(); - c.geta().getA().toBytes(t); - H.process_array(t); - c.geta().getB().toBytes(t); - H.process_array(t); - c.getb().getA().toBytes(t); - H.process_array(t); - c.getb().getB().toBytes(t); - H.process_array(t); - - U.getX().toBytes(t); - H.process_array(t); - U.getY().toBytes(t); - H.process_array(t); - - t=H.hash(); - for (var i=0;i<this.PAS;i++) SK[i]=t[i]; - - return 0; - } -}; diff --git a/js/tests/README.md b/js/tests/README.md new file mode 100644 index 0000000..477e136 --- /dev/null +++ b/js/tests/README.md @@ -0,0 +1,25 @@ +# JavaScript tests + +## Description + +These tests read test vector files that have been generated from the C code +implementation of MPin. There are two test vector files; BNCX.json for three pass +and BNCSOnePass.json for one pass. The only curve tested in BNCX. + +### Dependencies + +Install the following node.js modules to run the tests + +npm install assert +npm install fs +npm install crypto + +### Configuration + +If required set DEBUG = true in config.js to enable more verbose output. + +### Run tests + +./run_test.sh + +To run individual tests look inside the script for guidance. diff --git a/js/tests/README.txt b/js/tests/README.txt deleted file mode 100644 index e1fc730..0000000 --- a/js/tests/README.txt +++ /dev/null @@ -1,111 +0,0 @@ -The directory above contains the file MPINAuth.js -which is example of how to use the AMCL -JavaScript in order to authenticate with an -M-Pin server. An example of how to use these -functions in given in TestMPINAuth.js and can -be run like so; - -ln -s config.js_local config.js -node TestMPINAuth.js - -or - -node TestMPINAuthOnePass.js - -nb Insert your app_id and app_key into config.js - -for one pass M-Pin - -In this directory there are also two sets of -tests. One will test the interaction between the -JavaScript and C code using test vectors; the -other tests this interaction using the web -services. - -################################################ - -Test Vectors: - -1. Install these node.js modules; - - npm install ws - npm install assert - npm install http - npm install fs - npm install crypto - -2. Configuration file - - Set DEBUG = true in config.js to enable - more verbose output, if required - -3. Run a number of test vectors. - - Copy test vector file to this directory; - - cp ../../testVectors/mpin/BNCX.json testVectors.json - cp ../../testVectors/mpin/BNCXOnePass.json testVectorsOnePass.json - - These files can be created using the generator - scripts as long as the libraries are installed. - - ./genVectors.py [successful authentication] [failed authentication] [epoch days in future] - ./genVectorsOnePass.py [successful authentication] [failed authentication] [epoch days in future] - - The JavaScript tests are then run using this script; - - ./run_js_tests.sh - - To run individual tests look inside the script for guidance. - -################################################ - -Headless: - -In order to run these tests the MIRACL D-TA, -Customer D-TA, D-TA Proxy, M-Pin Auth and -RPS Model servers are required. - -1. Start MIRACL D-TA - - cd mpin/webService/dtaCert - ln -s config/config.py_encrypted config.py - ln -s mss_backup/backup.json_encrypted backup.json - ./dta.py - -2. Start D-TA Proxy - - n.b. Make sure MySQL is running and 8c63aa9f7639f15bf46f142a84fedc82 has been added - to the Applications table - - cd mpin/webService/dtaProxy - ln -s config.py_paid_tier_no_sqs config.py - ln -s keys.json_test keys.json - ./dtaProxy.py - -3. Start Customer D-TA - - cd mpin/webService/dtaCust - ln -s mpin-backend/servers/dta/dta.py . - ln -s ./mss_backup/backup.json_encrypted backup.json - ln -s ./config/config.py_encrypted config.py - ln -s ./credentials.json_test credentials.json - ./dta.py - -4. Start the M-Pin server - - cd mpin/webService/mpinAuth - ln mpin-backend/servers/mpin/mpinAuth.py . - ln -s credentials.json_test credentials.json - ln -s config.py_test config.py - ./mpinAuth.py - -5. Start the RPS model server - - cd mpin/webService/mpinAuth/rpsModel - ./rps.py - -6. Run tests. - - ./run_headless_tests.sh [nWS_good] [nWS_bad] [nAJAX_good] [nAJAX_bad] - diff --git a/js/tests/TestMPIN.js b/js/tests/TestMPIN.js deleted file mode 100755 index 0903704..0000000 --- a/js/tests/TestMPIN.js +++ /dev/null @@ -1,151 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("JavaScript Test MPIN Example"); -var fs = require('fs'); - -eval(fs.readFileSync('../DBIG.js')+''); -eval(fs.readFileSync('../BIG.js')+''); -eval(fs.readFileSync('../FP.js')+''); -eval(fs.readFileSync('../ROM.js')+''); -eval(fs.readFileSync('../HASH.js')+''); -eval(fs.readFileSync('../RAND.js')+''); -eval(fs.readFileSync('../AES.js')+''); -eval(fs.readFileSync('../GCM.js')+''); -eval(fs.readFileSync('../ECP.js')+''); -eval(fs.readFileSync('../FP2.js')+''); -eval(fs.readFileSync('../ECP2.js')+''); -eval(fs.readFileSync('../FP4.js')+''); -eval(fs.readFileSync('../FP12.js')+''); -eval(fs.readFileSync('../PAIR.js')+''); -eval(fs.readFileSync('../MPIN.js')+''); - -var i,res; -var result; - -var EGS=MPIN.EGS; -var EFS=MPIN.EFS; -var EAS=16; - -var rng=new RAND(); -rng.clean(); - -var RAW=[]; -for (i=0;i<100;i++) RAW[i]=i; -rng.seed(100,RAW); - -var G1S=2*EFS+1; /* Group 1 Size */ -var G2S=4*EFS; /* Group 2 Size */ - -var S=[]; -var SST=[]; -var TOKEN = []; -var TOKEN_bytes = []; -var PERMIT = []; -var SEC = []; -var U = []; -var UT = []; -var X= []; -var Y= []; -var E=[]; -var F=[]; -var HID= []; -var HTID = []; - -var PIN_setup = 1234 -var PIN_authenticate = 1234 - - -/* Trusted Authority set-up */ -MPIN.RANDOM_GENERATE(rng,S); -console.log("Master Secret s: 0x"+MPIN.bytestostring(S)); - -var IDstr = "[email protected]"; -var CLIENT_ID = MPIN.stringtobytes(IDstr); -var hash_CLIENT_ID=[]; -var hash_CLIENT_ID = MPIN.HASH_ID(CLIENT_ID) - -/* Client and Server are issued secrets by DTA */ -MPIN.GET_SERVER_SECRET(S,SST); -console.log("Server Secret SS: 0x"+MPIN.bytestostring(SST)); - -MPIN.GET_CLIENT_SECRET(S,hash_CLIENT_ID,TOKEN); -console.log("Client Secret CS: 0x"+MPIN.bytestostring(TOKEN)); - -/* Client extracts PIN from secret to create Token */ -var rtn=MPIN.EXTRACT_PIN(CLIENT_ID,PIN_setup,TOKEN); -if (rtn != 0) - console.log("Failed to extract PIN "); - -TOKEN_hex=MPIN.bytestostring(TOKEN) -console.log("Client Token TK: 0x"+TOKEN_hex); - -var date=MPIN.today(); - -/* Get "Time Token" permit from DTA */ -MPIN.GET_CLIENT_PERMIT(date,S,hash_CLIENT_ID,PERMIT); -console.log("Time Permit TP: 0x"+MPIN.bytestostring(PERMIT)); - -/* Elligator squared */ -// MPIN.ENCODING(rng,PERMIT); -// console.log("Encoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT)); -// MPIN.DECODING(PERMIT); -// console.log("Decoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT)); - - -/* Set date=0 and PERMIT=NULL if time permits not in use - -Client First pass: Inputs CLIENT_ID, optional RNG, PIN_authenicate, TOKEN and PERMIT. Output x.H(CLIENT_ID) and re-combined secret SEC -If PERMITS are is use, then date!=0 and PERMIT is added to secret and UT = x.(H(CLIENT_ID)+H_T(date|CLIENT_ID)) -Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG - -Note that if Time Permits are in use U is *only* required to help calculate the PIN error. So if PIN error is -not of interest, it could be set to NULL. - -*/ -rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,PIN_authenticate,TOKEN,SEC,U,UT,PERMIT); - -if (rtn != 0) - console.log("FAILURE: CLIENT_1 rtn: " + rtn); - -/* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ -MPIN.SERVER_1(date,CLIENT_ID,HID,HTID); - -/* Server generates Random number Y and sends it to Client */ -MPIN.RANDOM_GENERATE(rng,Y); - -/* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ -rtn=MPIN.CLIENT_2(X,Y,SEC); -if (rtn != 0) - console.log("FAILURE: CLIENT_2 rtn: " + rtn); - -/* Server Second pass. Inputs client id, random Y, -(x+y)*SEC, U and UT and Server secret SST. E and F help kangaroos to find error. */ -/* If PIN error not required, set U, E and F = NULL */ -rtn=MPIN.SERVER_2(date,HID,HTID,Y,SST,U,UT,SEC,E,F); -if (rtn != 0) - console.log("FAILURE: SERVER_2 rtn: " + rtn); - -if (rtn != 0) -{ - console.log("Server Error:"); - var err=MPIN.KANGAROO(E,F); - if (err==0) console.log("Client probably does not have a valid Token!"); - else console.log("(Client PIN is out by "+err); -} -else console.log("Server says - PIN is good! You really are "+IDstr); diff --git a/js/tests/TestMPINAuth.js b/js/tests/TestMPINAuth.js deleted file mode 100755 index 4db9650..0000000 --- a/js/tests/TestMPINAuth.js +++ /dev/null @@ -1,161 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("JavaScript Test MPIN Example using MPINAuth"); -var fs = require('fs'); - -eval(fs.readFileSync('../DBIG.js')+''); -eval(fs.readFileSync('../BIG.js')+''); -eval(fs.readFileSync('../FP.js')+''); -eval(fs.readFileSync('../ROM.js')+''); -eval(fs.readFileSync('../HASH.js')+''); -eval(fs.readFileSync('../RAND.js')+''); -eval(fs.readFileSync('../AES.js')+''); -eval(fs.readFileSync('../GCM.js')+''); -eval(fs.readFileSync('../ECP.js')+''); -eval(fs.readFileSync('../FP2.js')+''); -eval(fs.readFileSync('../ECP2.js')+''); -eval(fs.readFileSync('../FP4.js')+''); -eval(fs.readFileSync('../FP12.js')+''); -eval(fs.readFileSync('../PAIR.js')+''); -eval(fs.readFileSync('./MPIN.js')+''); -eval(fs.readFileSync('../MPINAuth.js')+''); - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -var i,res; -var result; - -var EGS=MPIN.EGS; -var EFS=MPIN.EFS; -var EAS=16; - -var RAW=[]; -for (i=0;i<100;i++) RAW[i]=i; -var RAW_hex = MPIN.bytestostring(RAW); - - -var G1S=2*EFS+1; /* Group 1 Size */ -var G2S=4*EFS; /* Group 2 Size */ - -var S=[]; -var server_secret_bytes=[]; -var client_secret_bytes = []; -var token_bytes = []; -var time_permit_bytes = []; -var SEC = []; -var V = []; -var U = []; -var UT = []; -var X= []; -var Y= []; -var E=[]; -var F=[]; -var HID= []; -var HTID = []; - -var PIN_setup = 1234; -var PIN_authenticate = 1234; - -// Set OTP switch -var requestOTP = 1; -// Set WID -var accessNumber = 123456; - -// Turn on debug statements by setting value in config.js -MPINAuth.DEBUG = DEBUG; - -// Initiaize RNG -MPINAuth.initializeRNG(RAW_hex); - -/* Trusted Authority set-up */ -MPIN.RANDOM_GENERATE(MPINAuth.rng,S); -console.log("Master Secret s: 0x"+MPIN.bytestostring(S)); - -var IDstr = "[email protected]"; -var mpin_id_bytes =MPIN.stringtobytes(IDstr); - -var hash_mpin_id_bytes=[]; -hash_mpin_id_bytes = MPIN.HASH_ID(mpin_id_bytes) - -/* Client and Server are issued secrets by DTA */ -MPIN.GET_SERVER_SECRET(S,server_secret_bytes); -console.log("Server Secret SS: 0x"+MPIN.bytestostring(server_secret_bytes)); - -MPIN.GET_CLIENT_SECRET(S,hash_mpin_id_bytes, client_secret_bytes); -console.log("Client Secret CS: 0x"+MPIN.bytestostring(client_secret_bytes)); - -// Client extracts PIN from secret to create Token -var mpin_id_hex = MPIN.bytestostring(mpin_id_bytes); -var client_secret_hex = MPIN.bytestostring(client_secret_bytes); -var token_hex = MPINAuth.calculateMPinToken(mpin_id_hex, PIN_setup, client_secret_hex); -token_bytes = MPINAuth.hextobytes(token_hex); -if (token_hex < 0) - console.log("Failed to extract PIN "); - -console.log("Client Token TK: 0x"+token_hex); - -var date=MPIN.today(); - -/* Get "Time Token" permit from DTA */ -MPIN.GET_CLIENT_PERMIT(date,S,hash_mpin_id_bytes, time_permit_bytes); -timePermit_hex = MPIN.bytestostring(time_permit_bytes); -console.log("Time Permit TP: 0x"+timePermit_hex); - -// Client First pass -request = MPINAuth.pass1Request(mpin_id_hex, token_hex, timePermit_hex, PIN_authenticate, date, null); -if (request < 0) - console.log("ERROR MPINAuth.pass1Request error_code: " + request); -UT_hex = request.UT; -U_hex = request.U; -UT_bytes = MPINAuth.hextobytes(UT_hex); -U_bytes = MPINAuth.hextobytes(U_hex); - -/* Server generates Random number Y and sends it to Client */ -MPIN.RANDOM_GENERATE(MPINAuth.rng,Y); -y_hex = MPIN.bytestostring(Y); - -/* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ -request = MPINAuth.pass2Request(y_hex, requestOTP, accessNumber); -if (request < 0) - console.log("ERROR MPINAuth.pass2Request error_code: " + request); -console.log("PASS 2 Request: "); -console.dir(request) - -V_hex = request.V; -V_bytes = MPINAuth.hextobytes(V_hex); -console.log("V_hex: "+V_hex); - -/* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ -MPIN.SERVER_1(date,mpin_id_bytes,HID,HTID); - -// Server Second pass -rtn=MPIN.SERVER_2(date,HID,HTID,Y,server_secret_bytes, U_bytes, UT_bytes, V_bytes,E,F); -if (rtn != 0) - console.log("FAILURE: SERVER_1 rtn: " + rtn); - -if (rtn != 0){ - console.log("Server Error:"); - var err=MPIN.KANGAROO(E,F); - if (err==0) console.log("Client probably does not have a valid Token!"); - else console.log("(Client PIN is out by "+err); - } else { - console.log("Server says - PIN is good! You really are "+IDstr); - } diff --git a/js/tests/TestMPINAuthOnePass.js b/js/tests/TestMPINAuthOnePass.js deleted file mode 100755 index b9fec8e..0000000 --- a/js/tests/TestMPINAuthOnePass.js +++ /dev/null @@ -1,149 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("JavaScript Test MPIN Example using MPINAuth in One Pass mode"); -var fs = require('fs'); - -eval(fs.readFileSync('../DBIG.js')+''); -eval(fs.readFileSync('../BIG.js')+''); -eval(fs.readFileSync('../FP.js')+''); -eval(fs.readFileSync('../ROM.js')+''); -eval(fs.readFileSync('../HASH.js')+''); -eval(fs.readFileSync('../RAND.js')+''); -eval(fs.readFileSync('../AES.js')+''); -eval(fs.readFileSync('../GCM.js')+''); -eval(fs.readFileSync('../ECP.js')+''); -eval(fs.readFileSync('../FP2.js')+''); -eval(fs.readFileSync('../ECP2.js')+''); -eval(fs.readFileSync('../FP4.js')+''); -eval(fs.readFileSync('../FP12.js')+''); -eval(fs.readFileSync('../PAIR.js')+''); -eval(fs.readFileSync('./MPIN.js')+''); -eval(fs.readFileSync('../MPINAuth.js')+''); - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -var i,res; -var result; - -var EGS=MPIN.EGS; -var EFS=MPIN.EFS; -var EAS=16; - -var RAW=[]; -for (i=0;i<100;i++) RAW[i]=i; -var RAW_hex = MPIN.bytestostring(RAW); - - -var G1S=2*EFS+1; /* Group 1 Size */ -var G2S=4*EFS; /* Group 2 Size */ - -var S=[]; -var server_secret_bytes=[]; -var client_secret_bytes = []; -var token_bytes = []; -var time_permit_bytes = []; -var SEC = []; -var V = []; -var U = []; -var UT = []; -var X= []; -var Y= []; -var E=[]; -var F=[]; -var HID= []; -var HTID = []; - -var PIN_setup = 1234; -var PIN_authenticate = 1234; - -// Set OTP switch -var requestOTP = 1; -// Set WID -var accessNumber = 123456; - -// Turn on debug statements by setting value in config.js -MPINAuth.DEBUG = DEBUG; - -// Initiaize RNG -MPINAuth.initializeRNG(RAW_hex); - -/* Trusted Authority set-up */ -MPIN.RANDOM_GENERATE(MPINAuth.rng,S); -console.log("Master Secret s: 0x"+MPIN.bytestostring(S)); - -var IDstr = "[email protected]"; -var mpin_id_bytes =MPIN.stringtobytes(IDstr); - -var hash_mpin_id_bytes=[]; -hash_mpin_id_bytes = MPIN.HASH_ID(mpin_id_bytes) - -/* Client and Server are issued secrets by DTA */ -MPIN.GET_SERVER_SECRET(S,server_secret_bytes); -console.log("Server Secret SS: 0x"+MPIN.bytestostring(server_secret_bytes)); - -MPIN.GET_CLIENT_SECRET(S,hash_mpin_id_bytes, client_secret_bytes); -console.log("Client Secret CS: 0x"+MPIN.bytestostring(client_secret_bytes)); - -// Client extracts PIN from secret to create Token -var mpin_id_hex = MPIN.bytestostring(mpin_id_bytes); -var client_secret_hex = MPIN.bytestostring(client_secret_bytes); -var token_hex = MPINAuth.calculateMPinToken(mpin_id_hex, PIN_setup, client_secret_hex); -token_bytes = MPINAuth.hextobytes(token_hex); -if (token_hex < 0) - console.log("Failed to extract PIN "); - -console.log("Client Token TK: 0x"+token_hex); - -var date=MPIN.today(); - -/* Get "Time Token" permit from DTA */ -MPIN.GET_CLIENT_PERMIT(date,S,hash_mpin_id_bytes, time_permit_bytes); -timePermit_hex = MPIN.bytestostring(time_permit_bytes); -console.log("Time Permit TP: 0x"+timePermit_hex); - -// Client pass -timeValue = MPIN.GET_TIME(); -date = MPIN.today(); -request = MPINAuth.passRequest(mpin_id_hex, token_hex, timePermit_hex, PIN_authenticate, requestOTP, accessNumber, date, timeValue, null); -if (request < 0) - console.log("ERROR MPINAuth.passSingleRequest error_code: " + request); -UT_hex = request.UT; -U_hex = request.U; -V_hex = request.V; -UT_bytes = MPINAuth.hextobytes(UT_hex); -U_bytes = MPINAuth.hextobytes(U_hex); -V_bytes = MPINAuth.hextobytes(V_hex); -console.log("V_hex: "+V_hex); - -// Server pass -rtn=MPIN.SERVER(date,HID,HTID,Y,server_secret_bytes, U_bytes, UT_bytes, V_bytes,E,F,mpin_id_bytes,timeValue); -if (MPINAuth.DEBUG) {console.log("MPIN.SERVER Y: " + MPIN.bytestostring(Y)); } -if (rtn != 0) - console.log("FAILURE: SERVER rtn: " + rtn); - -if (rtn != 0){ - console.log("Server Error:"); - var err=MPIN.KANGAROO(E,F); - if (err==0) console.log("Client probably does not have a valid Token!"); - else console.log("(Client PIN is out by "+err); - } else { - console.log("Server says - PIN is good! You really are "+IDstr); - } diff --git a/js/tests/config.js_local b/js/tests/config.js similarity index 57% rename from js/tests/config.js_local rename to js/tests/config.js index eb51721..818bdc1 100755 --- a/js/tests/config.js_local +++ b/js/tests/config.js @@ -17,25 +17,4 @@ specific language governing permissions and limitations under the License. */ -var MPinAuthenticationURL = "ws://127.0.0.1:8003/authenticationToken"; -var baseURL = "127.0.0.1"; -var DTA_proxy = "8000"; -var MPinAuthenticationServer = "8003"; -var MPinRPS = "8011"; - -// Time for which signatures are valid -var SIGNATURE_EXPIRES_OFFSET_SECONDS = 60; - -// App credentials -var app_id = -var app_key = - -// Fixed Seed -seedValueHex = "3ade3d4a5c698e8910bf92f25d97ceeb7c25ed838901a5cb5db2cf25434c1fe76c7f79b7af2e5e1e4988e4294dbd9bd9fa3960197fb7aec373609fb890d74b16a4b14b2ae7e23b75f15d36c21791272372863c4f8af39980283ae69a79cf4e48e908f9e0"; - var DEBUG = false; -//var DEBUG = true; - -TLS = false - - diff --git a/js/tests/config.js_qa b/js/tests/config.js_qa deleted file mode 100755 index 15406ac..0000000 --- a/js/tests/config.js_qa +++ /dev/null @@ -1,41 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -var MPinAuthenticationURL = "ws://127.0.0.1:8003/authenticationToken"; -var baseURL = "mpinapi-qa.miracl.org"; -var DTA_proxy = "443"; -var MPinAuthenticationServer = "8003"; -var MPinRPS = "8011"; - -// Time for which signatures are valid -var SIGNATURE_EXPIRES_OFFSET_SECONDS = 60; - -// App credentials -var app_id = -var app_key = - -// Fixed Seed -seedValueHex = "3ade3d4a5c698e8910bf92f25d97ceeb7c25ed838901a5cb5db2cf25434c1fe76c7f79b7af2e5e1e4988e4294dbd9bd9fa3960197fb7aec373609fb890d74b16a4b14b2ae7e23b75f15d36c21791272372863c4f8af39980283ae69a79cf4e48e908f9e0"; - -var DEBUG = false; -//var DEBUG = true; - -var TLS = true; - - diff --git a/js/tests/genVectorFixed.py b/js/tests/genVectorFixed.py deleted file mode 100755 index d823bb1..0000000 --- a/js/tests/genVectorFixed.py +++ /dev/null @@ -1,260 +0,0 @@ -#!/usr/bin/env python - -""" -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -""" - - -""" - Generates the same test vector for today. The output file is - testVectors.json. This uses a fixed seed and MPIN ID - - usage: genVectorFixed.py -""" - -import sys -import json -import os -import datetime -import json -import random -from mpin import * - -# Initialize M-Pin Domain parameters -mpdom = ffi.new("mpin_domain*") -rtn = libmpin.MPIN_DOMAIN_INIT_NEW(mpdom) -if rtn != 0: - print "initialization failed: Error %s" % rtn - -# Seed -seed_hex = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f60616263" -seed = seed_hex.decode("hex") - -# Assign a seed value -RAW = ffi.new("octet*") -RAWval = ffi.new("char [%s]" % len(seed), seed) -RAW[0].val = RAWval -RAW[0].len = len(seed) -RAW[0].max = len(seed) - -# random number generator -RNG = ffi.new("csprng*") -libmpin.CREATE_CSPRNG(RNG,RAW) - -# Master Secret Shares -MS1 = ffi.new("octet*") -MS1val = ffi.new("char []", PGS) -MS1[0].val = MS1val -MS1[0].max = PGS -MS1[0].len = PGS - -# Generate master secret shares -rtn = libmpin.MPIN_RANDOM_GENERATE(mpdom,RNG,MS1) -if rtn != 0: - print "libmpin.MPIN_RANDOM_GENERATE(mpdom,RNG,MS1) Error %s", rtn - -# Hash value of MPIN_ID -HASH_MPIN_ID = ffi.new("octet*") -HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES) -HASH_MPIN_ID[0].val = HASH_MPIN_IDval -HASH_MPIN_ID[0].max = HASH_BYTES -HASH_MPIN_ID[0].len = HASH_BYTES - -SERVER_SECRET = ffi.new("octet*") -SERVER_SECRETval = ffi.new("char []", G2) -SERVER_SECRET[0].val = SERVER_SECRETval -SERVER_SECRET[0].max = G2 -SERVER_SECRET[0].len = G2 - - -TIME_PERMIT = ffi.new("octet*") -TIME_PERMITval = ffi.new("char []", G1) -TIME_PERMIT[0].val = TIME_PERMITval -TIME_PERMIT[0].max = G1 -TIME_PERMIT[0].len = G1 - -CLIENT_SECRET = ffi.new("octet*") -CLIENT_SECRETval = ffi.new("char []", G1) -CLIENT_SECRET[0].val = CLIENT_SECRETval -CLIENT_SECRET[0].max = G1 -CLIENT_SECRET[0].len = G1 - -# Token stored on computer -TOKEN = ffi.new("octet*") -TOKEN[0].val = ffi.new("char []", G1) -TOKEN[0].max = G1 -TOKEN[0].len = G1 - -UT = ffi.new("octet*") -UTval = ffi.new("char []", G1) -UT[0].val = UTval -UT[0].max = G1 -UT[0].len = G1 - -U = ffi.new("octet*") -Uval = ffi.new("char []", G1) -U[0].val = Uval -U[0].max = G1 -U[0].len = G1 - -X = ffi.new("octet*") -Xval = ffi.new("char []", PGS) -X[0].val = Xval -X[0].max = PGS -X[0].len = PGS - -Y = ffi.new("octet*") -Yval = ffi.new("char []", PGS) -Y[0].val = Yval -Y[0].max = PGS -Y[0].len = PGS - -lenEF = 12 * PFS -E = ffi.new("octet*") -Eval = ffi.new("char []", lenEF) -E[0].val = Eval -E[0].max = lenEF -E[0].len = lenEF - -F = ffi.new("octet*") -Fval = ffi.new("char []", lenEF) -F[0].val = Fval -F[0].max = lenEF -F[0].len = lenEF - -def genVector(mpin_id, date, PIN1, PIN2, test_no): - """Generate a single test vector - - Use mpin_id and date to generate a - valid Client Secret and Time Permit - - Args:: - - mpin_id: The M-Pin ID - date: The date of M-Pin Authentication - PIN1: PIN for generating token - PIN2: PIN for authenticating - test_no: Test vector identifier - - Returns: - vector: A test vector - - Raises: - Exception - """ - vector = {} - - vector['test_no'] = test_no - vector['mpin_id'] = mpin_id - - # Generate server secret shares - print "MS1 ", toHex(MS1) - rtn = libmpin.MPIN_GET_SERVER_SECRET(mpdom,MS1,SERVER_SECRET) - if rtn != 0: - print "libmpin.MPIN_GET_SERVER_SECRET(mpdom,MS1,SS1) Error %s" % rtn - vector['SERVER_SECRET'] = toHex(SERVER_SECRET) - print "SERVER_SECRET ", toHex(SERVER_SECRET) - - # Identity - MPIN_ID = ffi.new("octet*") - MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id) - MPIN_ID[0].val = MPIN_IDval - MPIN_ID[0].max = len(mpin_id) - MPIN_ID[0].len = len(mpin_id) - vector['MPIN_ID_HEX'] = toHex(MPIN_ID) - print "mpin_id ", mpin_id - print "MPIN_ID_HEX ", toHex(MPIN_ID) - - # Hash MPIN_ID - libmpin.hash(ffi.NULL, -1, MPIN_ID, ffi.NULL, HASH_MPIN_ID); - vector['HASH_MPIN_ID_HEX'] = toHex(HASH_MPIN_ID) - print "HASH_MPIN_ID_HEX ", toHex(HASH_MPIN_ID) - - # Generate client secret shares - rtn = libmpin.MPIN_GET_CLIENT_MULTIPLE(mpdom,MS1,HASH_MPIN_ID,TOKEN) - assert rtn is 0, "CS1" - vector['CLIENT_SECRET'] = toHex(TOKEN) - print "HASH_MPIN_ID ", toHex(HASH_MPIN_ID) - print "CLIENT_SECRET ", toHex(TOKEN) - - - # Generate Time Permit shares - rtn = libmpin.MPIN_GET_CLIENT_PERMIT(mpdom,date,MS1,HASH_MPIN_ID,TIME_PERMIT) - assert rtn is 0, "TP1" - vector['TIME_PERMIT'] = toHex(TIME_PERMIT) - vector['DATE'] = date - print "TIME_PERMIT", TIME_PERMIT - print "DATE", date - - # Client extracts PIN from secret to create Token - rtn = libmpin.MPIN_EXTRACT_PIN(mpdom, MPIN_ID, PIN1, TOKEN) - assert rtn is 0, "TOKEN" - vector['PIN1'] = PIN1 - vector['TOKEN'] = toHex(TOKEN) - print "TOKEN ", toHex(TOKEN) - - # Client first pass - rtn = libmpin.MPIN_CLIENT_1(mpdom,date,MPIN_ID,RNG,X,PIN2,TOKEN, CLIENT_SECRET,U,TIME_PERMIT,UT,ffi.NULL,ffi.NULL); - assert rtn is 0, "MPIN_CLIENT_1" - vector['PIN2'] = PIN2 - vector['X'] = toHex(X) - vector['U'] = toHex(U) - vector['UT'] = toHex(UT) - vector['SEC'] = toHex(CLIENT_SECRET) - print 'PIN2 ', PIN2 - print 'X ', toHex(X) - print 'U ', toHex(U) - print 'UT ', toHex(UT) - print 'SEC', toHex(CLIENT_SECRET) - - # Server generates Random number Y and sends it to Client - rtn = libmpin.MPIN_RANDOM_GENERATE(mpdom,RNG,Y) - assert rtn is 0, "MPIN_RANDOM_GENERATE" - vector['Y'] = toHex(Y) - print 'Y', toHex(Y) - - # Client second pass - rtn = libmpin.MPIN_CLIENT_2(mpdom,X,Y,CLIENT_SECRET) - assert rtn is 0, "MPIN_CLIENT_2" - vector['V'] = toHex(CLIENT_SECRET) - print 'V ', toHex(CLIENT_SECRET) - - # Server second pass - rtn = libmpin.MPIN_MINI_SERVER(mpdom, date, MPIN_ID, Y, SERVER_SECRET, U,UT,CLIENT_SECRET,E,F) - if PIN1 == PIN2: - assert rtn == 0, "successful authentication" - else: - assert rtn == -19, "failed authentication" - return vector - -if __name__ == '__main__': - - # List of test vectors - vectors = [] - - # Today's date in epoch days - date = libmpin.today() - - mpin_id = "[email protected]" - PIN1 = 1234 - PIN2 = PIN1 - vector = genVector(mpin_id, date, PIN1, PIN2, 0) - vectors.append(vector) - - # Write to JSON file - json.dump(vectors, open("testVectors.json", "w")) diff --git a/js/tests/genVectors.py b/js/tests/genVectors.py deleted file mode 100755 index 25742ce..0000000 --- a/js/tests/genVectors.py +++ /dev/null @@ -1,416 +0,0 @@ -#!/usr/bin/env python - -""" -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -""" - - - -""" - Generates a set of test vectors for testing the JavaScript. The output file is - testVectors.json. This script uses the AMCL library. - - usage: genVectors.py [success authentication] [failed authentication] [epoch days test] [DEBUG} -""" - -import sys -import json -import os -import datetime -import json -import random -import mpin - -if len(sys.argv) == 5: - nPos = int(sys.argv[1]) - nNeg = int(sys.argv[2]) - nEpoch = int(sys.argv[3]) - if (sys.argv[4] == "DEBUG"): - DEBUG = True -elif len(sys.argv) == 4: - nPos = int(sys.argv[1]) - nNeg = int(sys.argv[2]) - nEpoch = int(sys.argv[3]) - DEBUG = False -else: - print "Usage: genVectors.py [success authentication] [failed authentication] [epoch days test] [DEBUG]" - sys.exit(1) -print "Generate nPos = %s nNeg = %s nEpoch = %s" % (nPos, nNeg, nEpoch) - -# Seed -seed = os.urandom(32) - -# Assign a seed value -RAW = mpin.ffi.new("octet*") -RAWval = mpin.ffi.new("char [%s]" % len(seed), seed) -RAW[0].val = RAWval -RAW[0].len = len(seed) -RAW[0].max = len(seed) - -# random number generator -RNG = mpin.ffi.new("csprng*") -mpin.libmpin.CREATE_CSPRNG(RNG,RAW) - -# Master Secret Shares -MS1 = mpin.ffi.new("octet*") -MS1val = mpin.ffi.new("char []", mpin.PGS) -MS1[0].val = MS1val -MS1[0].max = mpin.PGS -MS1[0].len = mpin.PGS - -MS2 = mpin.ffi.new("octet*") -MS2val = mpin.ffi.new("char []", mpin.PGS) -MS2[0].val = MS2val -MS2[0].max = mpin.PGS -MS2[0].len = mpin.PGS - -# Hash value of MPIN_ID -HASH_MPIN_ID = mpin.ffi.new("octet*") -HASH_MPIN_IDval = mpin.ffi.new("char []", mpin.HASH_BYTES) -HASH_MPIN_ID[0].val = HASH_MPIN_IDval -HASH_MPIN_ID[0].max = mpin.HASH_BYTES -HASH_MPIN_ID[0].len = mpin.HASH_BYTES - -# Server secret and shares -SS1 = mpin.ffi.new("octet*") -SS1val = mpin.ffi.new("char []", mpin.G2) -SS1[0].val = SS1val -SS1[0].max = mpin.G2 -SS1[0].len = mpin.G2 - -SS2 = mpin.ffi.new("octet*") -SS2val = mpin.ffi.new("char []", mpin.G2) -SS2[0].val = SS2val -SS2[0].max = mpin.G2 -SS2[0].len = mpin.G2 - -SERVER_SECRET = mpin.ffi.new("octet*") -SERVER_SECRETval = mpin.ffi.new("char []", mpin.G2) -SERVER_SECRET[0].val = SERVER_SECRETval -SERVER_SECRET[0].max = mpin.G2 -SERVER_SECRET[0].len = mpin.G2 - -# Time Permit and shares -TP1 = mpin.ffi.new("octet*") -TP1val = mpin.ffi.new("char []", mpin.G1) -TP1[0].val = TP1val -TP1[0].max = mpin.G1 -TP1[0].len = mpin.G1 - -TP2 = mpin.ffi.new("octet*") -TP2val = mpin.ffi.new("char []", mpin.G1) -TP2[0].val = TP2val -TP2[0].max = mpin.G1 -TP2[0].len = mpin.G1 - -TIME_PERMIT = mpin.ffi.new("octet*") -TIME_PERMITval = mpin.ffi.new("char []", mpin.G1) -TIME_PERMIT[0].val = TIME_PERMITval -TIME_PERMIT[0].max = mpin.G1 -TIME_PERMIT[0].len = mpin.G1 - -# Client Secret -CS1 = mpin.ffi.new("octet*") -CS1val = mpin.ffi.new("char []", mpin.G1) -CS1[0].val = CS1val -CS1[0].max = mpin.G1 -CS1[0].len = mpin.G1 - -CS2 = mpin.ffi.new("octet*") -CS2val = mpin.ffi.new("char []", mpin.G1) -CS2[0].val = CS2val -CS2[0].max = mpin.G1 -CS2[0].len = mpin.G1 - -SEC = mpin.ffi.new("octet*") -SECval = mpin.ffi.new("char []", mpin.G1) -SEC[0].val = SECval -SEC[0].max = mpin.G1 -SEC[0].len = mpin.G1 - -# Token stored on computer -TOKEN = mpin.ffi.new("octet*") -TOKEN[0].val = mpin.ffi.new("char []", mpin.G1) -TOKEN[0].max = mpin.G1 -TOKEN[0].len = mpin.G1 - -UT = mpin.ffi.new("octet*") -UTval = mpin.ffi.new("char []", mpin.G1) -UT[0].val = UTval -UT[0].max = mpin.G1 -UT[0].len = mpin.G1 - -U = mpin.ffi.new("octet*") -Uval = mpin.ffi.new("char []", mpin.G1) -U[0].val = Uval -U[0].max = mpin.G1 -U[0].len = mpin.G1 - -X = mpin.ffi.new("octet*") -Xval = mpin.ffi.new("char []", mpin.PGS) -X[0].val = Xval -X[0].max = mpin.PGS -X[0].len = mpin.PGS - -Y = mpin.ffi.new("octet*") -Yval = mpin.ffi.new("char []", mpin.PGS) -Y[0].val = Yval -Y[0].max = mpin.PGS -Y[0].len = mpin.PGS - -lenEF = 12 * mpin.PFS -E = mpin.ffi.new("octet*") -Eval = mpin.ffi.new("char []", lenEF) -E[0].val = Eval -E[0].max = lenEF -E[0].len = lenEF - -F = mpin.ffi.new("octet*") -Fval = mpin.ffi.new("char []", lenEF) -F[0].val = Fval -F[0].max = lenEF -F[0].len = lenEF - -# H(ID) -HID = mpin.ffi.new("octet*") -HIDval = mpin.ffi.new("char []", mpin.G1) -HID[0].val = HIDval -HID[0].max = mpin.G1 -HID[0].len = mpin.G1 - -# H(T|H(ID)) -HTID = mpin.ffi.new("octet*") -HTIDval = mpin.ffi.new("char []", mpin.G1) -HTID[0].val = HTIDval -HTID[0].max = mpin.G1 -HTID[0].len = mpin.G1 - -def genVector(mpin_id, date, PIN1, PIN2, test_no): - """Generate a single test vector - - Use mpin_id and date to generate a - valid Client Secret and Time Permit - - Args:: - - mpin_id: The M-Pin ID - date: The date of M-Pin Authentication - PIN1: PIN for generating token - PIN2: PIN for authenticating - test_no: Test vector identifier - - Returns: - vector: A test vector - - Raises: - Exception - """ - vector = {} - - if DEBUG: - print test_no - - vector['test_no'] = test_no - vector['mpin_id'] = mpin_id - - # Generate master secret shares - rtn = mpin.libmpin.MPIN_RANDOM_GENERATE(RNG,MS1) - assert rtn is 0, "MS1" - vector['MS1'] = mpin.toHex(MS1) - rtn = mpin.libmpin.MPIN_RANDOM_GENERATE(RNG,MS2) - assert rtn is 0, "MS2" - vector['MS2'] = mpin.toHex(MS2) - - # Generate server secret shares - rtn = mpin.libmpin.MPIN_GET_SERVER_SECRET(MS1,SS1) - assert rtn is 0, "SS1" - vector['SS1'] = mpin.toHex(SS1) - rtn = mpin.libmpin.MPIN_GET_SERVER_SECRET(MS2,SS2) - assert rtn is 0, "SS2" - vector['SS2'] = mpin.toHex(SS2) - - # Combine server secret shares - rtn = mpin.libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET) - assert rtn is 0, "SERVER_SECRET" - vector['SERVER_SECRET'] = mpin.toHex(SERVER_SECRET) - - # Identity - MPIN_ID = mpin.ffi.new("octet*") - MPIN_IDval = mpin.ffi.new("char [%s]" % len(mpin_id), mpin_id) - MPIN_ID[0].val = MPIN_IDval - MPIN_ID[0].max = len(mpin_id) - MPIN_ID[0].len = len(mpin_id) - vector['MPIN_ID_HEX'] = mpin.toHex(MPIN_ID) - - # Hash MPIN_ID - mpin.libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID) - vector['HASH_MPIN_ID_HEX'] = mpin.toHex(HASH_MPIN_ID) - - # Generate client secret shares - rtn = mpin.libmpin.MPIN_GET_CLIENT_SECRET(MS1,HASH_MPIN_ID,CS1) - assert rtn is 0, "CS1" - vector['CS1'] = mpin.toHex(CS1) - rtn = mpin.libmpin.MPIN_GET_CLIENT_SECRET(MS2,HASH_MPIN_ID,CS2) - assert rtn is 0, "CS2" - vector['CS2'] = mpin.toHex(CS2) - - # Combine client secret shares : TOKEN is the full client secret - rtn = mpin.libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN) - assert rtn is 0, "CS1+CS2" - vector['CLIENT_SECRET'] = mpin.toHex(TOKEN) - - # Generate Time Permit shares - rtn = mpin.libmpin.MPIN_GET_CLIENT_PERMIT(date,MS1,HASH_MPIN_ID,TP1) - assert rtn is 0, "TP1" - vector['TP1'] = mpin.toHex(TP1) - vector['DATE'] = date - rtn = mpin.libmpin.MPIN_GET_CLIENT_PERMIT(date,MS2,HASH_MPIN_ID,TP2) - assert rtn is 0, "TP2" - vector['TP2'] = mpin.toHex(TP2) - - # Combine Time Permit shares - rtn = mpin.libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT) - assert rtn is 0, "TP1+TP2" - vector['TIME_PERMIT'] = mpin.toHex(TIME_PERMIT) - - # Client extracts PIN from secret to create Token - rtn = mpin.libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN1, TOKEN) - assert rtn is 0, "TOKEN" - vector['PIN1'] = PIN1 - vector['TOKEN'] = mpin.toHex(TOKEN) - - # Client first pass - rtn = mpin.libmpin.MPIN_CLIENT_1(date, MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT) - assert rtn is 0, "MPIN_CLIENT_1" - vector['PIN2'] = PIN2 - vector['X'] = mpin.toHex(X) - vector['U'] = mpin.toHex(U) - vector['UT'] = mpin.toHex(UT) - vector['SEC'] = mpin.toHex(SEC) - - # Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), - # and maps them to points on the curve HID and HTID resp. - mpin.libmpin.MPIN_SERVER_1(date, MPIN_ID, HID, HTID) - - # Server generates Random number Y and sends it to Client - rtn = mpin.libmpin.MPIN_RANDOM_GENERATE(RNG,Y) - assert rtn is 0, "MPIN_RANDOM_GENERATE" - vector['Y'] = mpin.toHex(Y) - - # Client second pass - rtn = mpin.libmpin.MPIN_CLIENT_2(X,Y,SEC) - assert rtn is 0, "MPIN_CLIENT_2" - vector['V'] = mpin.toHex(SEC) - - # Server second pass - rtn = mpin.libmpin.MPIN_SERVER_2(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F) - vector['SERVER_OUTPUT'] = rtn - if PIN1 == PIN2: - assert rtn == 0, "successful authentication" - else: - assert rtn == -19, "failed authentication" - return vector - -if __name__ == '__main__': - # List of test vectors - vectors = [] - - # Today's date in epoch days - date = mpin.libmpin.today() - - # Generate test vectors for successful authentication - for i in range(0,nPos): - # Assign the User an ID - name = os.urandom(16).encode("hex") - userID = name + "@miracl.com" - issued = datetime.datetime.utcnow().isoformat("T").split(".")[0] + "Z" - # userID = "[email protected]" - # issued = "2014-01-30T19:17:48Z" - mobile = 1 - salt = os.urandom(16).encode("hex") - - # Form MPin ID - endUserdata = { - "issued": issued, - "userID": userID, - "mobile": mobile, - "salt": salt - } - mpin_id = json.dumps(endUserdata) - - PIN1 = random.randint(0,10000) - PIN2 = PIN1 - vector = genVector(mpin_id, date, PIN1, PIN2, i) - vectors.append(vector) - # print i - - # Generate test vectors for failed authentication - for i in range(0,nNeg): - # Assign the User an ID - name = os.urandom(16).encode("hex") - userID = name + "@miracl.com" - issued = datetime.datetime.utcnow().isoformat("T").split(".")[0] + "Z" - # userID = "[email protected]" - # issued = "2014-01-30T19:17:48Z" - mobile = 1 - salt = os.urandom(8).encode("hex") - - # Form MPin ID - endUserdata = { - "issued": issued, - "userID": userID, - "mobile": mobile, - "salt": salt - } - mpin_id = json.dumps(endUserdata) - - PIN1 = random.randint(0,10000) - PIN2 = PIN1 - 1 - test_no = nPos + i - vector = genVector(mpin_id, date, PIN1, PIN2, test_no) - vectors.append(vector) - # print i - - # Generate test vectors for days in future - # Assign the User an ID - name = os.urandom(16).encode("hex") - userID = name + "@miracl.com" - issued = datetime.datetime.utcnow().isoformat("T").split(".")[0] + "Z" - # userID = "[email protected]" - # issued = "2014-01-30T19:17:48Z" - mobile = 1 - salt = os.urandom(8).encode("hex") - - # Form MPin ID - endUserdata = { - "issued": issued, - "userID": userID, - "mobile": mobile, - "salt": salt - } - mpin_id = json.dumps(endUserdata) - PIN1 = random.randint(0,10000) - PIN2 = PIN1 - for i in range(0,nEpoch): - test_no = nPos + nNeg + i - vector = genVector(mpin_id, date, PIN1, PIN2, test_no) - vectors.append(vector) - date = date + 1 - - # Write to JSON file - json.dump(vectors, open("testVectors.json", "w")) diff --git a/js/tests/genVectorsOnePass.py b/js/tests/genVectorsOnePass.py deleted file mode 100755 index 60b0b11..0000000 --- a/js/tests/genVectorsOnePass.py +++ /dev/null @@ -1,412 +0,0 @@ -#!/usr/bin/env python - -""" -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -""" - - - -""" - Generates a set of test vectors for testing the JavaScript. The output file is - testVectors.json. This script uses the AMCL library. - - usage: genVectorsOnePass.py [success authentication] [failed authentication] [epoch days test] [DEBUG} -""" - -import sys -import json -import os -import datetime -import json -import random -import mpin - -if len(sys.argv) == 5: - nPos = int(sys.argv[1]) - nNeg = int(sys.argv[2]) - nEpoch = int(sys.argv[3]) - if (sys.argv[4] == "DEBUG"): - DEBUG = True -elif len(sys.argv) == 4: - nPos = int(sys.argv[1]) - nNeg = int(sys.argv[2]) - nEpoch = int(sys.argv[3]) - DEBUG = False -else: - print "Usage: genVectorsOnePass.py [success authentication] [failed authentication] [epoch days test] [DEBUG]" - sys.exit(1) -print "Generate nPos = %s nNeg = %s nEpoch = %s" % (nPos, nNeg, nEpoch) - -# Seed -seed = os.urandom(32) - -# Assign a seed value -RAW = mpin.ffi.new("octet*") -RAWval = mpin.ffi.new("char [%s]" % len(seed), seed) -RAW[0].val = RAWval -RAW[0].len = len(seed) -RAW[0].max = len(seed) - -# random number generator -RNG = mpin.ffi.new("csprng*") -mpin.libmpin.CREATE_CSPRNG(RNG,RAW) - -# Master Secret Shares -MS1 = mpin.ffi.new("octet*") -MS1val = mpin.ffi.new("char []", mpin.PGS) -MS1[0].val = MS1val -MS1[0].max = mpin.PGS -MS1[0].len = mpin.PGS - -MS2 = mpin.ffi.new("octet*") -MS2val = mpin.ffi.new("char []", mpin.PGS) -MS2[0].val = MS2val -MS2[0].max = mpin.PGS -MS2[0].len = mpin.PGS - -# Hash value of MPIN_ID -HASH_MPIN_ID = mpin.ffi.new("octet*") -HASH_MPIN_IDval = mpin.ffi.new("char []", mpin.HASH_BYTES) -HASH_MPIN_ID[0].val = HASH_MPIN_IDval -HASH_MPIN_ID[0].max = mpin.HASH_BYTES -HASH_MPIN_ID[0].len = mpin.HASH_BYTES - -# Server secret and shares -SS1 = mpin.ffi.new("octet*") -SS1val = mpin.ffi.new("char []", mpin.G2) -SS1[0].val = SS1val -SS1[0].max = mpin.G2 -SS1[0].len = mpin.G2 - -SS2 = mpin.ffi.new("octet*") -SS2val = mpin.ffi.new("char []", mpin.G2) -SS2[0].val = SS2val -SS2[0].max = mpin.G2 -SS2[0].len = mpin.G2 - -SERVER_SECRET = mpin.ffi.new("octet*") -SERVER_SECRETval = mpin.ffi.new("char []", mpin.G2) -SERVER_SECRET[0].val = SERVER_SECRETval -SERVER_SECRET[0].max = mpin.G2 -SERVER_SECRET[0].len = mpin.G2 - -# Time Permit and shares -TP1 = mpin.ffi.new("octet*") -TP1val = mpin.ffi.new("char []", mpin.G1) -TP1[0].val = TP1val -TP1[0].max = mpin.G1 -TP1[0].len = mpin.G1 - -TP2 = mpin.ffi.new("octet*") -TP2val = mpin.ffi.new("char []", mpin.G1) -TP2[0].val = TP2val -TP2[0].max = mpin.G1 -TP2[0].len = mpin.G1 - -TIME_PERMIT = mpin.ffi.new("octet*") -TIME_PERMITval = mpin.ffi.new("char []", mpin.G1) -TIME_PERMIT[0].val = TIME_PERMITval -TIME_PERMIT[0].max = mpin.G1 -TIME_PERMIT[0].len = mpin.G1 - -# Client Secret -CS1 = mpin.ffi.new("octet*") -CS1val = mpin.ffi.new("char []", mpin.G1) -CS1[0].val = CS1val -CS1[0].max = mpin.G1 -CS1[0].len = mpin.G1 - -CS2 = mpin.ffi.new("octet*") -CS2val = mpin.ffi.new("char []", mpin.G1) -CS2[0].val = CS2val -CS2[0].max = mpin.G1 -CS2[0].len = mpin.G1 - -SEC = mpin.ffi.new("octet*") -SECval = mpin.ffi.new("char []", mpin.G1) -SEC[0].val = SECval -SEC[0].max = mpin.G1 -SEC[0].len = mpin.G1 - -# Token stored on computer -TOKEN = mpin.ffi.new("octet*") -TOKEN[0].val = mpin.ffi.new("char []", mpin.G1) -TOKEN[0].max = mpin.G1 -TOKEN[0].len = mpin.G1 - -UT = mpin.ffi.new("octet*") -UTval = mpin.ffi.new("char []", mpin.G1) -UT[0].val = UTval -UT[0].max = mpin.G1 -UT[0].len = mpin.G1 - -U = mpin.ffi.new("octet*") -Uval = mpin.ffi.new("char []", mpin.G1) -U[0].val = Uval -U[0].max = mpin.G1 -U[0].len = mpin.G1 - -X = mpin.ffi.new("octet*") -Xval = mpin.ffi.new("char []", mpin.PGS) -X[0].val = Xval -X[0].max = mpin.PGS -X[0].len = mpin.PGS - -Y1 = mpin.ffi.new("octet*") -Y1val = mpin.ffi.new("char []", mpin.PGS) -Y1[0].val = Y1val -Y1[0].max = mpin.PGS -Y1[0].len = mpin.PGS - -Y2 = mpin.ffi.new("octet*") -Y2val = mpin.ffi.new("char []", mpin.PGS) -Y2[0].val = Y2val -Y2[0].max = mpin.PGS -Y2[0].len = mpin.PGS - -lenEF = 12 * mpin.PFS -E = mpin.ffi.new("octet*") -Eval = mpin.ffi.new("char []", lenEF) -E[0].val = Eval -E[0].max = lenEF -E[0].len = lenEF - -F = mpin.ffi.new("octet*") -Fval = mpin.ffi.new("char []", lenEF) -F[0].val = Fval -F[0].max = lenEF -F[0].len = lenEF - -# H(ID) -HID = mpin.ffi.new("octet*") -HIDval = mpin.ffi.new("char []", mpin.G1) -HID[0].val = HIDval -HID[0].max = mpin.G1 -HID[0].len = mpin.G1 - -# H(T|H(ID)) -HTID = mpin.ffi.new("octet*") -HTIDval = mpin.ffi.new("char []", mpin.G1) -HTID[0].val = HTIDval -HTID[0].max = mpin.G1 -HTID[0].len = mpin.G1 - -def genVector(mpin_id, date, PIN1, PIN2, test_no): - """Generate a single test vector - - Use mpin_id and date to generate a - valid Client Secret and Time Permit - - Args:: - - mpin_id: The M-Pin ID - date: The date of M-Pin Authentication - PIN1: PIN for generating token - PIN2: PIN for authenticating - test_no: Test vector identifier - - Returns: - vector: A test vector - - Raises: - Exception - """ - vector = {} - - if DEBUG: - print test_no - - vector['test_no'] = test_no - vector['mpin_id'] = mpin_id - - # Generate master secret shares - rtn = mpin.libmpin.MPIN_RANDOM_GENERATE(RNG,MS1) - assert rtn is 0, "MS1" - vector['MS1'] = mpin.toHex(MS1) - rtn = mpin.libmpin.MPIN_RANDOM_GENERATE(RNG,MS2) - assert rtn is 0, "MS2" - vector['MS2'] = mpin.toHex(MS2) - - # Generate server secret shares - rtn = mpin.libmpin.MPIN_GET_SERVER_SECRET(MS1,SS1) - assert rtn is 0, "SS1" - vector['SS1'] = mpin.toHex(SS1) - rtn = mpin.libmpin.MPIN_GET_SERVER_SECRET(MS2,SS2) - assert rtn is 0, "SS2" - vector['SS2'] = mpin.toHex(SS2) - - # Combine server secret shares - rtn = mpin.libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET) - assert rtn is 0, "SERVER_SECRET" - vector['SERVER_SECRET'] = mpin.toHex(SERVER_SECRET) - - # Identity - MPIN_ID = mpin.ffi.new("octet*") - MPIN_IDval = mpin.ffi.new("char [%s]" % len(mpin_id), mpin_id) - MPIN_ID[0].val = MPIN_IDval - MPIN_ID[0].max = len(mpin_id) - MPIN_ID[0].len = len(mpin_id) - vector['MPIN_ID_HEX'] = mpin.toHex(MPIN_ID) - - # Hash MPIN_ID - mpin.libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID) - vector['HASH_MPIN_ID_HEX'] = mpin.toHex(HASH_MPIN_ID) - - # Generate client secret shares - rtn = mpin.libmpin.MPIN_GET_CLIENT_SECRET(MS1,HASH_MPIN_ID,CS1) - assert rtn is 0, "CS1" - vector['CS1'] = mpin.toHex(CS1) - rtn = mpin.libmpin.MPIN_GET_CLIENT_SECRET(MS2,HASH_MPIN_ID,CS2) - assert rtn is 0, "CS2" - vector['CS2'] = mpin.toHex(CS2) - - # Combine client secret shares : TOKEN is the full client secret - rtn = mpin.libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN) - assert rtn is 0, "CS1+CS2" - vector['CLIENT_SECRET'] = mpin.toHex(TOKEN) - - # Generate Time Permit shares - rtn = mpin.libmpin.MPIN_GET_CLIENT_PERMIT(date,MS1,HASH_MPIN_ID,TP1) - assert rtn is 0, "TP1" - vector['TP1'] = mpin.toHex(TP1) - vector['DATE'] = date - rtn = mpin.libmpin.MPIN_GET_CLIENT_PERMIT(date,MS2,HASH_MPIN_ID,TP2) - assert rtn is 0, "TP2" - vector['TP2'] = mpin.toHex(TP2) - - # Combine Time Permit shares - rtn = mpin.libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT) - assert rtn is 0, "TP1+TP2" - vector['TIME_PERMIT'] = mpin.toHex(TIME_PERMIT) - - # Client extracts PIN from secret to create Token - rtn = mpin.libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN1, TOKEN) - assert rtn is 0, "TOKEN" - vector['PIN1'] = PIN1 - vector['TOKEN'] = mpin.toHex(TOKEN) - - # Client pass - TimeValue = mpin.libmpin.MPIN_GET_TIME() - rtn = mpin.libmpin.MPIN_CLIENT(date, MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT, TimeValue, Y1) - assert rtn is 0, "MPIN_CLIENT" - vector['PIN2'] = PIN2 - vector['X'] = mpin.toHex(X) - vector['U'] = mpin.toHex(U) - vector['UT'] = mpin.toHex(UT) - vector['SEC'] = mpin.toHex(SEC) - vector['TimeValue'] = TimeValue - vector['Y'] = mpin.toHex(Y1) - - # Server pass - rtn = mpin.libmpin.MPIN_SERVER(date, HID, HTID, Y2, SERVER_SECRET, U, UT, SEC, E, F, MPIN_ID, TimeValue) - assert mpin.toHex(Y1) == mpin.toHex(Y2), "Y equal" - vector['SERVER_OUTPUT'] = rtn - if PIN1 == PIN2: - assert rtn == 0, "successful authentication" - else: - assert rtn == -19, "failed authentication" - return vector - -if __name__ == '__main__': - # List of test vectors - vectors = [] - - # Today's date in epoch days - date = mpin.libmpin.today() - - # Generate test vectors for successful authentication - for i in range(0,nPos): - # Assign the User an ID - name = os.urandom(16).encode("hex") - userID = name + "@miracl.com" - issued = datetime.datetime.utcnow().isoformat("T").split(".")[0] + "Z" - # userID = "[email protected]" - # issued = "2014-01-30T19:17:48Z" - mobile = 1 - salt = os.urandom(16).encode("hex") - - # Form MPin ID - endUserdata = { - "issued": issued, - "userID": userID, - "mobile": mobile, - "salt": salt - } - mpin_id = json.dumps(endUserdata) - - PIN1 = random.randint(0,10000) - PIN2 = PIN1 - vector = genVector(mpin_id, date, PIN1, PIN2, i) - vectors.append(vector) - # print i - - # Generate test vectors for failed authentication - for i in range(0,nNeg): - # Assign the User an ID - name = os.urandom(16).encode("hex") - userID = name + "@miracl.com" - issued = datetime.datetime.utcnow().isoformat("T").split(".")[0] + "Z" - # userID = "[email protected]" - # issued = "2014-01-30T19:17:48Z" - mobile = 1 - salt = os.urandom(8).encode("hex") - - # Form MPin ID - endUserdata = { - "issued": issued, - "userID": userID, - "mobile": mobile, - "salt": salt - } - mpin_id = json.dumps(endUserdata) - - PIN1 = random.randint(0,10000) - PIN2 = PIN1 - 1 - test_no = nPos + i - vector = genVector(mpin_id, date, PIN1, PIN2, test_no) - vectors.append(vector) - # print i - - # Generate test vectors for days in future - # Assign the User an ID - name = os.urandom(16).encode("hex") - userID = name + "@miracl.com" - issued = datetime.datetime.utcnow().isoformat("T").split(".")[0] + "Z" - # userID = "[email protected]" - # issued = "2014-01-30T19:17:48Z" - mobile = 1 - salt = os.urandom(8).encode("hex") - - # Form MPin ID - endUserdata = { - "issued": issued, - "userID": userID, - "mobile": mobile, - "salt": salt - } - mpin_id = json.dumps(endUserdata) - PIN1 = random.randint(0,10000) - PIN2 = PIN1 - for i in range(0,nEpoch): - test_no = nPos + nNeg + i - vector = genVector(mpin_id, date, PIN1, PIN2, test_no) - vectors.append(vector) - date = date + 1 - - # Write to JSON file - json.dump(vectors, open("testVectorsOnePass.json", "w")) diff --git a/js/tests/getClientSecret.js b/js/tests/getClientSecret.js deleted file mode 100755 index f339e39..0000000 --- a/js/tests/getClientSecret.js +++ /dev/null @@ -1,112 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("Get client secret"); -var assert = require('assert'); -var http = require('http'); -var fs = require('fs'); -var crypto = require('crypto'); - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -var mpin = {}; -var body = ""; - -// Data for mpin_id -var randomUser = crypto.randomBytes(50); -// var userID = randomUser.toString("hex"); -var userID = '[email protected]'; -var issued = '2014-01-30T19:17:48Z'; - -// Form MPin ID -var endUserdata = { - "issued": issued, - "userID": userID, - "mobile": 1 -}; -var mpin_id = JSON.stringify(endUserdata); -hash_mpin_id_hex = crypto.createHash('sha256').update(mpin_id).digest('hex'); -console.log("mpin_id: "+mpin_id); -console.log("hash_mpin_id_hex: " + hash_mpin_id_hex); - -// Request expiry -var expires = '2020-11-26T13:28:44Z'; - -// String to be signed -var path = "clientSecret" -message = path + app_id + hash_mpin_id_hex + expires; -console.log("message: "+message); - -var hmac = crypto.createHmac('sha256', app_key); -hmac.setEncoding('hex'); -// write in the text that you want the hmac digest for -hmac.write(message); -// you can't read from the stream until you call end() -hmac.end(); -// read out hmac digest -var signature = hmac.read(); -console.log("signature " + signature); - -var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&expires=" + expires + "&hash_mpin_id=" + hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; -console.log("urlParam: "+urlParam); - -// options for GET -var options_get = { - host : '127.0.0.1', - port : DTA_proxy, - path : urlParam, - method : 'GET' -}; - -console.info('Options prepared:'); -console.info(options_get); - -// do the GET request -var reqGet = http.request(options_get, function(res) { - console.log("statusCode: ", res.statusCode); - // uncomment it for header details - console.log("headers: ", res.headers); - - res.on('data', function(data) { - console.info('GET result:\n'); - process.stdout.write(data); - body = data; - console.info('\n\nCall completed'); - }); - - res.on('end', function () { - console.log('Body : ' + body); - display(body); - }); - -}); - -reqGet.end(); -reqGet.on('error', function(e) { - console.error(e); -}); - -function display(data) -{ - console.info('body '+data); - var response = JSON.parse(data); - mpin.clientSecretShare1=response.clientSecret; - console.info('Client Secret '+mpin.clientSecretShare1); -} diff --git a/js/tests/getTimePermit.js b/js/tests/getTimePermit.js deleted file mode 100755 index fcf1ac5..0000000 --- a/js/tests/getTimePermit.js +++ /dev/null @@ -1,115 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("Get time permit"); -var assert = require('assert'); -var https = require('https'); -var http = require('http'); -var fs = require('fs'); -var crypto = require('crypto'); - - - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -if (TLS) {http = https} - -var mpin = {}; -var body = ""; - -// Data for mpin_id -var randomUser = crypto.randomBytes(50); -// var userID = randomUser.toString("hex"); -var userID = '[email protected]'; -var issued = '2014-01-30T19:17:48Z'; - -// Form MPin ID -var endUserdata = { - "issued": issued, - "userID": userID, - "mobile": 1 -}; -var mpin_id = JSON.stringify(endUserdata); -hash_mpin_id_hex = crypto.createHash('sha256').update(mpin_id).digest('hex'); -console.log("mpin_id: "+mpin_id); -console.log("hash_mpin_id_hex: " + hash_mpin_id_hex); - - -// String to be signed -var path = "timePermit" -message = hash_mpin_id_hex; -console.log("message: "+message); - -var hmac = crypto.createHmac('sha256', app_key); -hmac.setEncoding('hex'); -// write in the text that you want the hmac digest for -hmac.write(message); -// you can't read from the stream until you call end() -hmac.end(); -// read out hmac digest -var signature = hmac.read(); -console.log("signature " + signature); - -var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&hash_mpin_id=" + hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; -console.log("urlParam: "+urlParam); - -// options for GET -var options_get = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' -}; - -console.info('Options prepared:'); -console.info(options_get); - -// do the GET request -var reqGet = http.request(options_get, function(res) { - console.log("statusCode: ", res.statusCode); - // uncomment it for header details - console.log("headers: ", res.headers); - - res.on('data', function(data) { - console.info('GET result:\n'); - process.stdout.write(data); - body = data; - console.info('\n\nCall completed'); - }); - - res.on('end', function () { - console.log('Body : ' + body); - display(body); - }); - -}); - -reqGet.end(); -reqGet.on('error', function(e) { - console.error(e); -}); - -function display(data) -{ - console.info('body '+data); - var response = JSON.parse(data); - mpin.timePermitShare1=response.timePermit; - console.info('Time Permit '+mpin.timePermitShare1); -} diff --git a/js/tests/run_headless_tests.sh b/js/tests/run_headless_tests.sh deleted file mode 100755 index 23b9db2..0000000 --- a/js/tests/run_headless_tests.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/sh -# Run headless JavaScript client tests -# -# This script runs a number of successful and then -# unsuccessful authentications for WS and AJAX -# -# usage: ./run_headless_tests.sh [nWS_good] [nWS_bad] [nAJAX_good] [nAJAX_bad] - -output_file="test_log_headless.txt" - -echo "Run $1 headless JavaScript client tests for WS successful authentication" -echo "Run $1 headless JavaScript client tests for WS successful authentication" > $output_file -for (( c=1; c<=$1; c++ )) -do - echo "node test_good_PIN_WS.js iter $c" - echo "node test_good_PIN_WS.js iter=$c" >> $output_file - node test_good_PIN_WS.js >> $output_file 2>&1 - if [ -n "$failed" ]; then - echo "A TEST HAS FAILED. Please review ${output_file}" - exit 1 - fi -done - -echo "Run $2 headless JavaScript client tests for WS failed authentication" -echo "Run $2 headless JavaScript client tests for WS failed authentication" >> $output_file -for (( c=1; c<=$2; c++ )) -do - echo "node test_bad_PIN_WS.js iter $c" - echo "node test_bad_PIN_WS.js iter=$c" >> $output_file - node test_bad_PIN_WS.js >> $output_file 2>&1 - if [ -n "$failed" ]; then - echo "A TEST HAS FAILED. Please review ${output_file}" - exit 1 - fi -done - -echo "Run $3 headless JavaScript client tests for AJAX successful authentication" -echo "Run $3 headless JavaScript client tests for AJAX successful authentication" >> $output_file -for (( c=1; c<=$3; c++ )) -do - echo "node test_good_PIN_AJAX.js iter $c" - echo "node test_good_PIN_AJAX.js iter=$c" >> $output_file - node test_good_PIN_AJAX.js >> $output_file 2>&1 - if [ -n "$failed" ]; then - echo "A TEST HAS FAILED. Please review ${output_file}" - exit 1 - fi -done - -echo "Run $4 headless JavaScript client tests for AJAX failed authentication" -echo "Run $4 headless JavaScript client tests for AJAX failed authentication" >> $output_file -for (( c=1; c<=$4; c++ )) -do - echo "node test_bad_PIN_AJAX.js iter $c" - echo "node test_bad_PIN_AJAX.js iter=$c" >> $output_file - node test_bad_PIN_AJAX.js >> $output_file 2>&1 - if [ -n "$failed" ]; then - echo "A TEST HAS FAILED. Please review ${output_file}" - exit 1 - fi -done - -echo "ALL TESTS PASSED" diff --git a/js/tests/run_js_tests.sh b/js/tests/run_test.sh similarity index 71% rename from js/tests/run_js_tests.sh rename to js/tests/run_test.sh index b40a8ef..5e6c2e8 100755 --- a/js/tests/run_js_tests.sh +++ b/js/tests/run_test.sh @@ -2,33 +2,19 @@ # javascript tests # # This script runs tests that compares the js -# with the expected output from the c code which -# is interfaced through the python wrapper. +# with the expected output from the c code # -# usage: ./run_js_tests.sh [success authentication] [failed authentication] [epoch days test] +# usage: ./run_js_tests.sh -output_file="test_log_js.txt" +output_file="log.txt" +rm $output_file -# Generate vectors. -# ./genVectors.py $1 $2 $3 +ln -s BNCX.json testVectors.json +ln -s BNCXOnePass.json testVectorsOnePass.json -file="testVectors.json" -if [ -f "$file" ] -then - echo "$file found." -else - echo "$file not found." - exit 1 -fi - -file="testVectorsOnePass.json" -if [ -f "$file" ] -then - echo "$file found." -else - echo "$file not found." - exit 1 -fi +echo "cp ../MPIN.js ." +cp ../MPIN.js . +sed -i 's/var MPIN/MPIN/' MPIN.js echo "TEST 1: node test_add_shares.js" echo "TEST 1: node test_add_shares.js" > $output_file @@ -60,10 +46,18 @@ echo "TEST 7: node test_onepass.js" >> $output_file node test_onepass.js >> $output_file 2>&1 failed=$(grep FAILED "${output_file}" ) -if [ -n "$failed" ]; then +if [[ -n "$failed" ]]; then echo "A TEST HAS FAILED. Please review ${output_file}" echo "A TEST HAS FAILED. Please review ${output_file}" >> $output_file else echo "ALL TESTS PASSED" echo "ALL TESTS PASSED" >> $output_file fi + +error=$(grep -i error "${output_file}" ) +if [[ -n "$error" ]]; then + echo "ERROR. Please review ${output_file}" +fi + +rm testVectors.json +rm testVectorsOnePass.json diff --git a/js/tests/test_add_shares.js b/js/tests/test_add_shares.js index 8a403a9..8d97ac6 100755 --- a/js/tests/test_add_shares.js +++ b/js/tests/test_add_shares.js @@ -18,11 +18,8 @@ under the License. */ console.log("Testing addition of shares"); -var WebSocket = require('ws'); var assert = require('assert'); -var http = require('http'); var fs = require('fs'); -var crypto = require('crypto'); // Javascript files from the PIN pad are included here: eval(fs.readFileSync('../DBIG.js')+''); diff --git a/js/tests/test_bad_PIN_AJAX.js b/js/tests/test_bad_PIN_AJAX.js deleted file mode 100755 index e45e562..0000000 --- a/js/tests/test_bad_PIN_AJAX.js +++ /dev/null @@ -1,388 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("Testing response for an End-User who has an invalid PIN using AJAX"); -var WebSocket = require('ws'); -var assert = require('assert'); -var http = require('http'); -var fs = require('fs'); -var crypto = require('crypto'); - -// Javascript files from the PIN pad are included here: -eval(fs.readFileSync('../DBIG.js')+''); -eval(fs.readFileSync('../BIG.js')+''); -eval(fs.readFileSync('../FP.js')+''); -eval(fs.readFileSync('../ROM.js')+''); -eval(fs.readFileSync('../HASH.js')+''); -eval(fs.readFileSync('../RAND.js')+''); -eval(fs.readFileSync('../AES.js')+''); -eval(fs.readFileSync('../GCM.js')+''); -eval(fs.readFileSync('../ECP.js')+''); -eval(fs.readFileSync('../FP2.js')+''); -eval(fs.readFileSync('../ECP2.js')+''); -eval(fs.readFileSync('../FP4.js')+''); -eval(fs.readFileSync('../FP12.js')+''); -eval(fs.readFileSync('../PAIR.js')+''); -eval(fs.readFileSync('./MPIN.js')+''); -eval(fs.readFileSync('../MPINAuth.js')+''); - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -var fail = 0; -var mpin = {}; -var body = ""; - -// Data for mpin_id -var randomUser = crypto.randomBytes(32); -var userID = randomUser.toString("hex"); -var cur_date = new Date(); -var issued = cur_date.toISOString(); -var salt = crypto.randomBytes(16); -var salt_hex = salt.toString("hex"); -// var userID = '[email protected]'; -// var issued = '2014-01-30T19:17:48Z'; - -if (DEBUG){console.log(issued);} - -// Form MPin ID -var endUserdata = { - "issued": issued, - "userID": userID, - "mobile": 1, - "salt": salt_hex -}; -var mpin_id = JSON.stringify(endUserdata); -var mpin_id_bytes = MPIN.stringtobytes(mpin_id); -hash_mpin_id_bytes = MPIN.HASH_ID(mpin_id_bytes) - -mpin.mpin_id_hex = MPIN.bytestostring(mpin_id_bytes); -mpin.hash_mpin_id_hex = MPIN.bytestostring(hash_mpin_id_bytes); -if (DEBUG){console.dir(mpin);} - -// Request expiry -cur_date.setSeconds(cur_date.getSeconds() + SIGNATURE_EXPIRES_OFFSET_SECONDS); -var expires = cur_date.toISOString(); - -// Fixed Seed -// mpin.seedValueHex = seedValueHex; -// Random Seed -var randomSeedValue = crypto.randomBytes(100); - -// Turn on debug statements by setting value in config.js -MPINAuth.DEBUG = DEBUG; - -// Initiaize RNG -MPINAuth.initializeRNG(randomSeedValue); - -//////////////// /clientSecret (GET) ////////////////////////////// - -// String to be signed -var path = "clientSecret" -message = path + app_id + mpin.hash_mpin_id_hex + expires; -if (DEBUG){console.log("message: "+message);} - -var hmac = crypto.createHmac('sha256', app_key); -hmac.setEncoding('hex'); -// write in the text that you want the hmac digest for -hmac.write(message); -// you can't read from the stream until you call end() -hmac.end(); -// read out hmac digest -var signature = hmac.read(); -if (DEBUG){console.log("signature " + signature);} - - -var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&expires=" + expires + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; -if (DEBUG){console.log("urlParam: "+urlParam);} - -// options for MIRACL's Client Secret -var optionsCS1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' -}; -var dataCS1; -var requestCS1 = http.request(optionsCS1, function(res) { - try - { - assert.equal('200', res.statusCode, "Client Secret Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - // uncomment for header details - // console.log("headers: ", res.headers); - res.on('data', function(data) { - if (DEBUG){console.log("client secret data: "+data);} - dataCS1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataCS1); - mpin.cs1=response.clientSecret; - mpin.cs2=response.clientSecret; - time_permits(); - }); -}); - -requestCS1.end(); -requestCS1.on('error', function(e) { - console.error(e); -}); - - -//////////////// /timePermit (GET) ////////////////////////////// - -function time_permits() -{ - if (DEBUG){console.log("Request Time Permit");} - - var path = "timePermit" - // String to be signed - message = mpin.hash_mpin_id_hex; - if (DEBUG){console.log("message: "+message);} - - var hmac = crypto.createHmac('sha256', app_key); - hmac.setEncoding('hex'); - // write in the text that you want the hmac digest for - hmac.write(message); - // you can't read from the stream until you call end() - hmac.end(); - // read out hmac digest - var signature = hmac.read(); - if (DEBUG){console.log("signature " + signature);} - - var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; - if (DEBUG){console.log("urlParam: "+urlParam);} - - // options for GET - var optionsTP1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' - }; - var dataTP1; - var requestTP1 = http.request(optionsTP1, function(res) { - try - { - assert.equal('200', res.statusCode, "Time Permit Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - res.on('data', function(data) { - dataTP1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataTP1); - mpin.tp1=response.timePermit; - mpin.tp2=response.timePermit; - pass1(); - }); - - }); - - requestTP1.end(); - requestTP1.on('error', function(e) { - console.error(e); - }); -} - -// Pass one request to M-Pin Auth server -function pass1() -{ - if (DEBUG){console.log("Perform Pass One");} - - // Add client secret shares - mpin.client_secret_hex = MPINAuth.addShares(mpin.cs1, mpin.cs2); - - // Add time permit shares - mpin.time_permit_hex = MPINAuth.addShares(mpin.tp1, mpin.tp2); - - // Create MPin Token - var PIN1 = 1234; - mpin.token_hex = MPINAuth.calculateMPinToken(mpin.mpin_id_hex, PIN1, mpin.client_secret_hex); - if (DEBUG){console.log("mpin.token_hex " + mpin.token_hex);} - - var date=MPIN.today(); - var PIN2 = 1235; - var request = MPINAuth.pass1Request(mpin.mpin_id_hex, mpin.token_hex, mpin.time_permit_hex, PIN2, date, null); - - // PASS1 REQUEST - body = JSON.stringify(request); - if (DEBUG){console.log("PASS 1 Request" + body);} - - var path = "/pass1" - - // prepare the header - var postHeaders = { - 'Content-Type' : 'application/json', - 'Content-Length' : Buffer.byteLength(body, 'utf8') - }; - - // options - var optionsPass1 = { - host : baseURL, - port : MPinAuthenticationServer, - path : path, - method : 'POST', - headers : postHeaders - }; - - var data; - var requestPass1 = http.request(optionsPass1, function(res) { - - res.on('data', function(data) { - dataPass1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataPass1); - if (DEBUG){console.log("PASS 1 Response: " + dataPass1);} - pass2(response.y); - }); - - }); - - requestPass1.write(body); - requestPass1.end(); - requestPass1.on('error', function(e) { - console.error(e); - }); -} - - -// Pass two request to M-Pin Auth server -function pass2(y) -{ - if (DEBUG){console.log("Perform Pass Two");} - - var path = "/pass2" - - // Compute PASS2 request - // Set OTP switch - var requestOTP = 1; - // Set WID - var accessNumber = 123456; - PIN2 = 1234; - var request = MPINAuth.pass2Request(y, requestOTP, accessNumber); - request.mpin_id = mpin.mpin_id_hex; - - // PASS2 REQUEST - body = JSON.stringify(request); - if (DEBUG){console.log("PASS 2 Request" + body);} - - - // prepare the header - var postHeaders = { - 'Content-Type' : 'application/json', - 'Content-Length' : Buffer.byteLength(body, 'utf8') - }; - - // options - var optionsPass2 = { - host : baseURL, - port : MPinAuthenticationServer, - path : path, - method : 'POST', - headers : postHeaders - }; - - var data; - var requestPass2 = http.request(optionsPass2, function(res) { - - res.on('data', function(data) { - dataPass2 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataPass2); - // PASS2 RESPONSE - if (DEBUG){console.log("PASS 2 Response: " + dataPass2);} - verify(response); - }); - - }); - - requestPass2.write(body); - requestPass2.end(); - requestPass2.on('error', function(e) { - console.error(e); - }); -} - - -function verify(response) -{ - if (DEBUG){console.log("Request an auth token from RPS");} - if (DEBUG){console.dir(response);} - var path = "/token"; - var urlParam = path + "?mpin_id_hex=" + mpin.mpin_id_hex; - if (DEBUG){console.log("urlParam: "+urlParam)}; - - // options for GET - var optionsToken = { - host : baseURL, - port : MPinRPS, - path : urlParam, - method : 'GET' - }; - var dataToken; - var requestToken = http.request(optionsToken, function(res) { - - res.on('data', function(data) { - dataToken = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataToken); - if (DEBUG){console.dir(response); }; - try - { - assert.equal('-19', response.token.successCode, "Authentication Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - console.log("TEST PASSED"); - }); - - }); - - requestToken.end(); - requestToken.on('error', function(e) { - console.error(e); - }); -} diff --git a/js/tests/test_bad_PIN_WS.js b/js/tests/test_bad_PIN_WS.js deleted file mode 100755 index 9de86e3..0000000 --- a/js/tests/test_bad_PIN_WS.js +++ /dev/null @@ -1,326 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("Testing response for an End-User who has an invalid PIN using webSockets"); -var WebSocket = require('ws'); -var assert = require('assert'); -var http = require('http'); -var fs = require('fs'); -var crypto = require('crypto'); - -// Javascript files from the PIN pad are included here: -eval(fs.readFileSync('../DBIG.js')+''); -eval(fs.readFileSync('../BIG.js')+''); -eval(fs.readFileSync('../FP.js')+''); -eval(fs.readFileSync('../ROM.js')+''); -eval(fs.readFileSync('../HASH.js')+''); -eval(fs.readFileSync('../RAND.js')+''); -eval(fs.readFileSync('../AES.js')+''); -eval(fs.readFileSync('../GCM.js')+''); -eval(fs.readFileSync('../ECP.js')+''); -eval(fs.readFileSync('../FP2.js')+''); -eval(fs.readFileSync('../ECP2.js')+''); -eval(fs.readFileSync('../FP4.js')+''); -eval(fs.readFileSync('../FP12.js')+''); -eval(fs.readFileSync('../PAIR.js')+''); -eval(fs.readFileSync('./MPIN.js')+''); -eval(fs.readFileSync('../MPINAuth.js')+''); - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -var fail = 0; -var mpin = {}; -var body = ""; - -// Data for mpin_id -var randomUser = crypto.randomBytes(32); -var userID = randomUser.toString("hex"); -var cur_date = new Date(); -var issued = cur_date.toISOString(); -var salt = crypto.randomBytes(16); -var salt_hex = salt.toString("hex"); -// var userID = '[email protected]'; -// var issued = '2014-01-30T19:17:48Z'; - -if (DEBUG){console.log(issued);} - -// Form MPin ID -var endUserdata = { - "issued": issued, - "userID": userID, - "mobile": 1, - "salt": salt_hex -}; -var mpin_id = JSON.stringify(endUserdata); -var mpin_id_bytes = MPIN.stringtobytes(mpin_id); -hash_mpin_id_bytes = MPIN.HASH_ID(mpin_id_bytes) - -mpin.mpin_id_hex = MPIN.bytestostring(mpin_id_bytes); -mpin.hash_mpin_id_hex = MPIN.bytestostring(hash_mpin_id_bytes); -if (DEBUG){console.dir(mpin);} - -// Request expiry -cur_date.setSeconds(cur_date.getSeconds() + SIGNATURE_EXPIRES_OFFSET_SECONDS); -var expires = cur_date.toISOString(); - -// Fixed Seed -// mpin.seedValueHex = seedValueHex; -// Random Seed -var randomSeedValue = crypto.randomBytes(100); - -// Turn on debug statements by setting value in config.js -MPINAuth.DEBUG = DEBUG; - -// Initiaize RNG -MPINAuth.initializeRNG(randomSeedValue); - -//////////////// /clientSecret (GET) ////////////////////////////// - -// String to be signed -var path = "clientSecret" -message = path + app_id + mpin.hash_mpin_id_hex + expires; -if (DEBUG){console.log("message: "+message);} - -var hmac = crypto.createHmac('sha256', app_key); -hmac.setEncoding('hex'); -// write in the text that you want the hmac digest for -hmac.write(message); -// you can't read from the stream until you call end() -hmac.end(); -// read out hmac digest -var signature = hmac.read(); -if (DEBUG){console.log("signature " + signature);} - - -var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&expires=" + expires + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; -if (DEBUG){console.log("urlParam: "+urlParam);} - -// options for MIRACL's Client Secret -var optionsCS1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' -}; -var dataCS1; -var requestCS1 = http.request(optionsCS1, function(res) { - try - { - assert.equal('200', res.statusCode, "Client Secret Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - // uncomment for header details - // console.log("headers: ", res.headers); - res.on('data', function(data) { - if (DEBUG){console.log("client secret data: "+data);} - dataCS1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataCS1); - mpin.cs1=response.clientSecret; - mpin.cs2=response.clientSecret; - time_permits(); - }); -}); - -requestCS1.end(); -requestCS1.on('error', function(e) { - console.error(e); -}); - - -//////////////// /timePermit (GET) ////////////////////////////// - -function time_permits() -{ - if (DEBUG){console.log("Request Time Permit");} - - var path = "timePermit" - // String to be signed - message = mpin.hash_mpin_id_hex; - if (DEBUG){console.log("message: "+message);} - - var hmac = crypto.createHmac('sha256', app_key); - hmac.setEncoding('hex'); - // write in the text that you want the hmac digest for - hmac.write(message); - // you can't read from the stream until you call end() - hmac.end(); - // read out hmac digest - var signature = hmac.read(); - if (DEBUG){console.log("signature " + signature);} - - var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; - if (DEBUG){console.log("urlParam: "+urlParam);} - - // options for GET - var optionsTP1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' - }; - var dataTP1; - var requestTP1 = http.request(optionsTP1, function(res) { - try - { - assert.equal('200', res.statusCode, "Time Permit Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - res.on('data', function(data) { - dataTP1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataTP1); - mpin.tp1=response.timePermit; - mpin.tp2=response.timePermit; - authenticate(); - }); - - }); - - requestTP1.end(); - requestTP1.on('error', function(e) { - console.error(e); - }); -} - - -function authenticate() -{ - if (DEBUG){console.log("Perform M-Pin authentication");} - - // Add client secret shares - mpin.client_secret_hex = MPINAuth.addShares(mpin.cs1, mpin.cs2); - - // Add time permit shares - mpin.time_permit_hex = MPINAuth.addShares(mpin.tp1, mpin.tp2); - - // Create MPin Token - var PIN1 = 1234; - mpin.token_hex = MPINAuth.calculateMPinToken(mpin.mpin_id_hex, PIN1, mpin.client_secret_hex); - if (DEBUG){console.log("mpin.token_hex " + mpin.token_hex);} - - // Open websocket. - var authServerSocket = new WebSocket(MPinAuthenticationURL); - - authServerSocket.on('open', function() { - if (DEBUG){console.log("websocket connection open");} - var date=MPIN.today(); - var PIN2 = 1235 - var request = MPINAuth.pass1Request(mpin.mpin_id_hex, mpin.token_hex, mpin.time_permit_hex, PIN2, date, null); - // PASS1 REQUEST - authServerSocket.send(JSON.stringify(request)); - }); - - authServerSocket.on('message', function(message) { - // PASS1 RESPONSE - var response = JSON.parse(message); - if (response.pass == 1) - { - if (DEBUG){console.log("PASS: "+response.pass+" message: "+message);} - - // Set OTP switch - var requestOTP = 1; - // Set WID - var accessNumber = 123456; - - // Compute PASS2 request - var request = MPINAuth.pass2Request(response.y, requestOTP, accessNumber); - if (DEBUG){console.dir(request);} - - // PASS2 REQUEST - authServerSocket.send(JSON.stringify(request)); - } - else if(response.pass == 2) - { - // PASS2 RESPONSE - if (DEBUG){console.log("PASS: "+response.pass+" message: "+message);} - authServerSocket.close(); - verify(response); - } - else - { - console.error("Error: Invalid Passcode"); - return; - } - }); -} - -function verify(response) -{ - if (DEBUG){console.log("Request an auth token from RPS");} - if (DEBUG){console.dir(response);} - var path = "/token"; - var urlParam = path + "?mpin_id_hex=" + mpin.mpin_id_hex; - if (DEBUG){console.log("urlParam: "+urlParam)}; - - // options for GET - var optionsToken = { - host : baseURL, - port : MPinRPS, - path : urlParam, - method : 'GET' - }; - var dataToken; - var requestToken = http.request(optionsToken, function(res) { - - res.on('data', function(data) { - dataToken = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataToken); - if (DEBUG){console.dir(response); }; - try - { - assert.equal('-19', response.token.successCode, "Authentication Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - console.log("TEST PASSED"); - }); - - }); - - requestToken.end(); - requestToken.on('error', function(e) { - console.error(e); - }); -} diff --git a/js/tests/test_good_PIN_AJAX.js b/js/tests/test_good_PIN_AJAX.js deleted file mode 100755 index 20a66f6..0000000 --- a/js/tests/test_good_PIN_AJAX.js +++ /dev/null @@ -1,387 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("Testing response for an End-User who has a valid PIN using AJAX"); -var WebSocket = require('ws'); -var assert = require('assert'); -var http = require('http'); -var fs = require('fs'); -var crypto = require('crypto'); - -// Javascript files from the PIN pad are included here: -eval(fs.readFileSync('../DBIG.js')+''); -eval(fs.readFileSync('../BIG.js')+''); -eval(fs.readFileSync('../FP.js')+''); -eval(fs.readFileSync('../ROM.js')+''); -eval(fs.readFileSync('../HASH.js')+''); -eval(fs.readFileSync('../RAND.js')+''); -eval(fs.readFileSync('../AES.js')+''); -eval(fs.readFileSync('../GCM.js')+''); -eval(fs.readFileSync('../ECP.js')+''); -eval(fs.readFileSync('../FP2.js')+''); -eval(fs.readFileSync('../ECP2.js')+''); -eval(fs.readFileSync('../FP4.js')+''); -eval(fs.readFileSync('../FP12.js')+''); -eval(fs.readFileSync('../PAIR.js')+''); -eval(fs.readFileSync('./MPIN.js')+''); -eval(fs.readFileSync('../MPINAuth.js')+''); - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -var fail = 0; -var mpin = {}; -var body = ""; - -// Data for mpin_id -var randomUser = crypto.randomBytes(32); -var userID = randomUser.toString("hex"); -var cur_date = new Date(); -var issued = cur_date.toISOString(); -var salt = crypto.randomBytes(16); -var salt_hex = salt.toString("hex"); -// var userID = '[email protected]'; -// var issued = '2014-01-30T19:17:48Z'; - -if (DEBUG){console.log(issued);} - -// Form MPin ID -var endUserdata = { - "issued": issued, - "userID": userID, - "mobile": 1, - "salt": salt_hex -}; -var mpin_id = JSON.stringify(endUserdata); -var mpin_id_bytes = MPIN.stringtobytes(mpin_id); -hash_mpin_id_bytes = MPIN.HASH_ID(mpin_id_bytes) - -mpin.mpin_id_hex = MPIN.bytestostring(mpin_id_bytes); -mpin.hash_mpin_id_hex = MPIN.bytestostring(hash_mpin_id_bytes); -if (DEBUG){console.dir(mpin);} - -// Request expiry -cur_date.setSeconds(cur_date.getSeconds() + SIGNATURE_EXPIRES_OFFSET_SECONDS); -var expires = cur_date.toISOString(); - -// Fixed Seed -// mpin.seedValueHex = seedValueHex; -// Random Seed -var randomSeedValue = crypto.randomBytes(100); - -// Turn on debug statements by setting value in config.js -MPINAuth.DEBUG = DEBUG; - -// Initiaize RNG -MPINAuth.initializeRNG(randomSeedValue); - -//////////////// /clientSecret (GET) ////////////////////////////// - -// String to be signed -var path = "clientSecret" -message = path + app_id + mpin.hash_mpin_id_hex + expires; -if (DEBUG){console.log("message: "+message);} - -var hmac = crypto.createHmac('sha256', app_key); -hmac.setEncoding('hex'); -// write in the text that you want the hmac digest for -hmac.write(message); -// you can't read from the stream until you call end() -hmac.end(); -// read out hmac digest -var signature = hmac.read(); -if (DEBUG){console.log("signature " + signature);} - - -var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&expires=" + expires + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; -if (DEBUG){console.log("urlParam: "+urlParam);} - -// options for MIRACL's Client Secret -var optionsCS1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' -}; -var dataCS1; -var requestCS1 = http.request(optionsCS1, function(res) { - try - { - assert.equal('200', res.statusCode, "Client Secret Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - // uncomment for header details - // console.log("headers: ", res.headers); - res.on('data', function(data) { - if (DEBUG){console.log("client secret data: "+data);} - dataCS1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataCS1); - mpin.cs1=response.clientSecret; - mpin.cs2=response.clientSecret; - time_permits(); - }); -}); - -requestCS1.end(); -requestCS1.on('error', function(e) { - console.error(e); -}); - - -//////////////// /timePermit (GET) ////////////////////////////// - -function time_permits() -{ - if (DEBUG){console.log("Request Time Permit");} - - var path = "timePermit" - // String to be signed - message = mpin.hash_mpin_id_hex; - if (DEBUG){console.log("message: "+message);} - - var hmac = crypto.createHmac('sha256', app_key); - hmac.setEncoding('hex'); - // write in the text that you want the hmac digest for - hmac.write(message); - // you can't read from the stream until you call end() - hmac.end(); - // read out hmac digest - var signature = hmac.read(); - if (DEBUG){console.log("signature " + signature);} - - var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; - if (DEBUG){console.log("urlParam: "+urlParam);} - - // options for GET - var optionsTP1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' - }; - var dataTP1; - var requestTP1 = http.request(optionsTP1, function(res) { - try - { - assert.equal('200', res.statusCode, "Time Permit Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - res.on('data', function(data) { - dataTP1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataTP1); - mpin.tp1=response.timePermit; - mpin.tp2=response.timePermit; - pass1(); - }); - - }); - - requestTP1.end(); - requestTP1.on('error', function(e) { - console.error(e); - }); -} - -// Pass one request to M-Pin Auth server -function pass1() -{ - if (DEBUG){console.log("Perform Pass One");} - - // Add client secret shares - mpin.client_secret_hex = MPINAuth.addShares(mpin.cs1, mpin.cs2); - - // Add time permit shares - mpin.time_permit_hex = MPINAuth.addShares(mpin.tp1, mpin.tp2); - - // Create MPin Token - var PIN = 1234; - mpin.token_hex = MPINAuth.calculateMPinToken(mpin.mpin_id_hex, PIN, mpin.client_secret_hex); - if (DEBUG){console.log("mpin.token_hex " + mpin.token_hex);} - - var date=MPIN.today(); - var request = MPINAuth.pass1Request(mpin.mpin_id_hex, mpin.token_hex, mpin.time_permit_hex, PIN, date, null); - - // PASS1 REQUEST - body = JSON.stringify(request); - if (DEBUG){console.log("PASS 1 Request" + body);} - - var path = "/pass1" - - // prepare the header - var postHeaders = { - 'Content-Type' : 'application/json', - 'Content-Length' : Buffer.byteLength(body, 'utf8') - }; - - // options - var optionsPass1 = { - host : baseURL, - port : MPinAuthenticationServer, - path : path, - method : 'POST', - headers : postHeaders - }; - - var data; - var requestPass1 = http.request(optionsPass1, function(res) { - - res.on('data', function(data) { - dataPass1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataPass1); - if (DEBUG){console.log("PASS 1 Response: " + dataPass1);} - pass2(response.y); - }); - - }); - - requestPass1.write(body); - requestPass1.end(); - requestPass1.on('error', function(e) { - console.error(e); - }); -} - - -// Pass two request to M-Pin Auth server -function pass2(y) -{ - if (DEBUG){console.log("Perform Pass Two");} - - var path = "/pass2" - - // Compute PASS2 request - // Set OTP switch - var requestOTP = 1; - // Set WID - var accessNumber = 123456; - PIN2 = 1234; - var request = MPINAuth.pass2Request(y, requestOTP, accessNumber); - request.mpin_id = mpin.mpin_id_hex; - - // PASS2 REQUEST - body = JSON.stringify(request); - if (DEBUG){console.log("PASS 2 Request" + body);} - - - // prepare the header - var postHeaders = { - 'Content-Type' : 'application/json', - 'Content-Length' : Buffer.byteLength(body, 'utf8') - }; - - // options - var optionsPass2 = { - host : baseURL, - port : MPinAuthenticationServer, - path : path, - method : 'POST', - headers : postHeaders - }; - - var data; - var requestPass2 = http.request(optionsPass2, function(res) { - - res.on('data', function(data) { - dataPass2 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataPass2); - // PASS2 RESPONSE - if (DEBUG){console.log("PASS 2 Response: " + dataPass2);} - verify(response); - }); - - }); - - requestPass2.write(body); - requestPass2.end(); - requestPass2.on('error', function(e) { - console.error(e); - }); -} - - -function verify(response) -{ - if (DEBUG){console.log("Request an auth token from RPS");} - if (DEBUG){console.dir(response);} - var path = "/token"; - var urlParam = path + "?mpin_id_hex=" + mpin.mpin_id_hex; - if (DEBUG){console.log("urlParam: "+urlParam)}; - - // options for GET - var optionsToken = { - host : baseURL, - port : MPinRPS, - path : urlParam, - method : 'GET' - }; - var dataToken; - var requestToken = http.request(optionsToken, function(res) { - - res.on('data', function(data) { - dataToken = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataToken); - if (DEBUG){console.dir(response); }; - try - { - assert.equal('0', response.token.successCode, "Authentication Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - console.log("TEST PASSED"); - }); - - }); - - requestToken.end(); - requestToken.on('error', function(e) { - console.error(e); - }); -} diff --git a/js/tests/test_good_PIN_WS.js b/js/tests/test_good_PIN_WS.js deleted file mode 100755 index 7f4b326..0000000 --- a/js/tests/test_good_PIN_WS.js +++ /dev/null @@ -1,325 +0,0 @@ -/* -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, -software distributed under the License is distributed on an -"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -KIND, either express or implied. See the License for the -specific language governing permissions and limitations -under the License. -*/ - -console.log("Testing response for an End-User who has a valid PIN using webSockets"); -var WebSocket = require('ws'); -var assert = require('assert'); -var http = require('http'); -var fs = require('fs'); -var crypto = require('crypto'); - -// Javascript files from the PIN pad are included here: -eval(fs.readFileSync('../DBIG.js')+''); -eval(fs.readFileSync('../BIG.js')+''); -eval(fs.readFileSync('../FP.js')+''); -eval(fs.readFileSync('../ROM.js')+''); -eval(fs.readFileSync('../HASH.js')+''); -eval(fs.readFileSync('../RAND.js')+''); -eval(fs.readFileSync('../AES.js')+''); -eval(fs.readFileSync('../GCM.js')+''); -eval(fs.readFileSync('../ECP.js')+''); -eval(fs.readFileSync('../FP2.js')+''); -eval(fs.readFileSync('../ECP2.js')+''); -eval(fs.readFileSync('../FP4.js')+''); -eval(fs.readFileSync('../FP12.js')+''); -eval(fs.readFileSync('../PAIR.js')+''); -eval(fs.readFileSync('./MPIN.js')+''); -eval(fs.readFileSync('../MPINAuth.js')+''); - -// Configuration file -eval(fs.readFileSync('./config.js')+''); - -var fail = 0; -var mpin = {}; -var body = ""; - -// Data for mpin_id -var randomUser = crypto.randomBytes(32); -var userID = randomUser.toString("hex"); -var cur_date = new Date(); -var issued = cur_date.toISOString(); -var salt = crypto.randomBytes(16); -var salt_hex = salt.toString("hex"); -// var userID = '[email protected]'; -// var issued = '2014-01-30T19:17:48Z'; - -if (DEBUG){console.log(issued);} - -// Form MPin ID -var endUserdata = { - "issued": issued, - "userID": userID, - "mobile": 1, - "salt": salt_hex -}; -var mpin_id = JSON.stringify(endUserdata); -var mpin_id_bytes = MPIN.stringtobytes(mpin_id); -hash_mpin_id_bytes = MPIN.HASH_ID(mpin_id_bytes) - -mpin.mpin_id_hex = MPIN.bytestostring(mpin_id_bytes); -mpin.hash_mpin_id_hex = MPIN.bytestostring(hash_mpin_id_bytes); -if (DEBUG){console.dir(mpin);} - -// Request expiry -cur_date.setSeconds(cur_date.getSeconds() + SIGNATURE_EXPIRES_OFFSET_SECONDS); -var expires = cur_date.toISOString(); - -// Fixed Seed -// mpin.seedValueHex = seedValueHex; -// Random Seed -var randomSeedValue = crypto.randomBytes(100); - -// Turn on debug statements by setting value in config.js -MPINAuth.DEBUG = DEBUG; - -// Initiaize RNG -MPINAuth.initializeRNG(randomSeedValue); - -//////////////// /clientSecret (GET) ////////////////////////////// - -// String to be signed -var path = "clientSecret" -message = path + app_id + mpin.hash_mpin_id_hex + expires; -if (DEBUG){console.log("message: "+message);} - -var hmac = crypto.createHmac('sha256', app_key); -hmac.setEncoding('hex'); -// write in the text that you want the hmac digest for -hmac.write(message); -// you can't read from the stream until you call end() -hmac.end(); -// read out hmac digest -var signature = hmac.read(); -if (DEBUG){console.log("signature " + signature);} - - -var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&expires=" + expires + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; -if (DEBUG){console.log("urlParam: "+urlParam);} - -// options for MIRACL's Client Secret -var optionsCS1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' -}; -var dataCS1; -var requestCS1 = http.request(optionsCS1, function(res) { - try - { - assert.equal('200', res.statusCode, "Client Secret Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - // uncomment for header details - // console.log("headers: ", res.headers); - res.on('data', function(data) { - if (DEBUG){console.log("client secret data: "+data);} - dataCS1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataCS1); - mpin.cs1=response.clientSecret; - mpin.cs2=response.clientSecret; - time_permits(); - }); -}); - -requestCS1.end(); -requestCS1.on('error', function(e) { - console.error(e); -}); - - -//////////////// /timePermit (GET) ////////////////////////////// - -function time_permits() -{ - if (DEBUG){console.log("Request Time Permit");} - - var path = "timePermit" - // String to be signed - message = mpin.hash_mpin_id_hex; - if (DEBUG){console.log("message: "+message);} - - var hmac = crypto.createHmac('sha256', app_key); - hmac.setEncoding('hex'); - // write in the text that you want the hmac digest for - hmac.write(message); - // you can't read from the stream until you call end() - hmac.end(); - // read out hmac digest - var signature = hmac.read(); - if (DEBUG){console.log("signature " + signature);} - - var urlParam = "/v0.3/" + path + "?app_id=" + app_id + "&hash_mpin_id=" + mpin.hash_mpin_id_hex + "&signature=" + signature + "&mobile=1"; - if (DEBUG){console.log("urlParam: "+urlParam);} - - // options for GET - var optionsTP1 = { - host : baseURL, - port : DTA_proxy, - path : urlParam, - method : 'GET' - }; - var dataTP1; - var requestTP1 = http.request(optionsTP1, function(res) { - try - { - assert.equal('200', res.statusCode, "Time Permit Request Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - res.on('data', function(data) { - dataTP1 = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataTP1); - mpin.tp1=response.timePermit; - mpin.tp2=response.timePermit; - authenticate(); - }); - - }); - - requestTP1.end(); - requestTP1.on('error', function(e) { - console.error(e); - }); -} - - -function authenticate() -{ - if (DEBUG){console.log("Perform M-Pin authentication");} - - // Add client secret shares - mpin.client_secret_hex = MPINAuth.addShares(mpin.cs1, mpin.cs2); - - // Add time permit shares - mpin.time_permit_hex = MPINAuth.addShares(mpin.tp1, mpin.tp2); - - // Create MPin Token - var PIN = 1234; - mpin.token_hex = MPINAuth.calculateMPinToken(mpin.mpin_id_hex, PIN, mpin.client_secret_hex); - if (DEBUG){console.log("mpin.token_hex " + mpin.token_hex);} - - // Open websocket. - var authServerSocket = new WebSocket(MPinAuthenticationURL); - - authServerSocket.on('open', function() { - if (DEBUG){console.log("websocket connection open");} - var date=MPIN.today(); - var request = MPINAuth.pass1Request(mpin.mpin_id_hex, mpin.token_hex, mpin.time_permit_hex, PIN, date, null); - // PASS1 REQUEST - authServerSocket.send(JSON.stringify(request)); - }); - - authServerSocket.on('message', function(message) { - // PASS1 RESPONSE - var response = JSON.parse(message); - if (response.pass == 1) - { - if (DEBUG){console.log("PASS: "+response.pass+" message: "+message);} - - // Set OTP switch - var requestOTP = 1; - // Set WID - var accessNumber = 123456; - - // Compute PASS2 request - var request = MPINAuth.pass2Request(response.y, requestOTP, accessNumber); - if (DEBUG){console.dir(request);} - - // PASS2 REQUEST - authServerSocket.send(JSON.stringify(request)); - } - else if(response.pass == 2) - { - // PASS2 RESPONSE - if (DEBUG){console.log("PASS: "+response.pass+" message: "+message);} - authServerSocket.close(); - verify(response); - } - else - { - console.error("Error: Invalid Passcode"); - return; - } - }); -} - -function verify(response) -{ - if (DEBUG){console.log("Request an auth token from RPS");} - if (DEBUG){console.dir(response);} - var path = "/token"; - var urlParam = path + "?mpin_id_hex=" + mpin.mpin_id_hex; - if (DEBUG){console.log("urlParam: "+urlParam)}; - - // options for GET - var optionsToken = { - host : baseURL, - port : MPinRPS, - path : urlParam, - method : 'GET' - }; - var dataToken; - var requestToken = http.request(optionsToken, function(res) { - - res.on('data', function(data) { - dataToken = data; - }); - - res.on('end', function () { - var response = JSON.parse(dataToken); - if (DEBUG){console.dir(response); }; - try - { - assert.equal('0', response.token.successCode, "Authentication Failed"); - } - catch(err) - { - txt="Error description: " + err.message; - console.error(txt); - console.log("TEST FAILED"); - return; - } - console.log("TEST PASSED"); - }); - - }); - - requestToken.end(); - requestToken.on('error', function(e) { - console.error(e); - }); -} diff --git a/js/tests/test_onepass.js b/js/tests/test_onepass.js index 912ccfa..6304cdb 100755 --- a/js/tests/test_onepass.js +++ b/js/tests/test_onepass.js @@ -18,11 +18,8 @@ under the License. */ console.log("Testing client request generation"); -var WebSocket = require('ws'); var assert = require('assert'); -var http = require('http'); var fs = require('fs'); -var crypto = require('crypto'); // Javascript files from the PIN pad are included here: eval(fs.readFileSync('../DBIG.js')+''); @@ -81,7 +78,7 @@ for(var vector in vectors) if (DEBUG){console.dir("passSingle "+passSingle);} try { - assert.equal(passSingle.U, vectors[vector].U, "U generation failed"); + if (!vectors[vector].DATE){assert.equal(passSingle.U, vectors[vector].U, "U generation failed");} assert.equal(passSingle.UT, vectors[vector].UT, "UT generation failed"); assert.equal(passSingle.V, vectors[vector].SEC, "V generation failed"); } diff --git a/js/tests/test_pass1.js b/js/tests/test_pass1.js index 3a3648a..5258087 100755 --- a/js/tests/test_pass1.js +++ b/js/tests/test_pass1.js @@ -18,11 +18,8 @@ under the License. */ console.log("Testing pass one request generation"); -var WebSocket = require('ws'); var assert = require('assert'); -var http = require('http'); var fs = require('fs'); -var crypto = require('crypto'); // Javascript files from the PIN pad are included here: eval(fs.readFileSync('../DBIG.js')+''); diff --git a/js/tests/test_pass2.js b/js/tests/test_pass2.js index e646230..09a27d4 100755 --- a/js/tests/test_pass2.js +++ b/js/tests/test_pass2.js @@ -18,11 +18,8 @@ under the License. */ console.log("Testing pass two request generation"); -var WebSocket = require('ws'); var assert = require('assert'); -var http = require('http'); var fs = require('fs'); -var crypto = require('crypto'); // Javascript files from the PIN pad are included here: eval(fs.readFileSync('../DBIG.js')+''); diff --git a/js/tests/test_randomX.js b/js/tests/test_randomX.js index 61c3ed7..9c7e8bb 100755 --- a/js/tests/test_randomX.js +++ b/js/tests/test_randomX.js @@ -18,9 +18,7 @@ under the License. */ console.log("Testing randomX"); -var WebSocket = require('ws'); var assert = require('assert'); -var http = require('http'); var fs = require('fs'); var crypto = require('crypto'); diff --git a/js/tests/test_sha256.js b/js/tests/test_sha256.js index 308f9a5..ceabd4b 100755 --- a/js/tests/test_sha256.js +++ b/js/tests/test_sha256.js @@ -18,9 +18,7 @@ under the License. */ console.log("Testing sha256"); -var WebSocket = require('ws'); var assert = require('assert'); -var http = require('http'); var fs = require('fs'); var crypto = require('crypto'); diff --git a/js/tests/test_token.js b/js/tests/test_token.js index d35fe9d..c82ffc5 100755 --- a/js/tests/test_token.js +++ b/js/tests/test_token.js @@ -18,11 +18,8 @@ under the License. */ console.log("Testing token generation"); -var WebSocket = require('ws'); var assert = require('assert'); -var http = require('http'); var fs = require('fs'); -var crypto = require('crypto'); // Javascript files from the PIN pad are included here: eval(fs.readFileSync('../DBIG.js')+'');
