This is an automated email from the ASF dual-hosted git repository. kmccusker pushed a commit to branch issue7 in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-js.git
commit 36004222bd841fd345bd7b6d7acac7350464a771 Author: Kealan McCusker <[email protected]> AuthorDate: Wed Jun 26 14:37:18 2019 +0100 moved examples to BLS381 curve --- examples/browser/example_BLS.html | 2 +- ...ple_DVS_BLS383.html => example_DVS_BLS381.html} | 2 +- ...IST521.html => example_ECC_BLS381_NIST521.html} | 4 +- ...e_MPIN_BLS383.html => example_MPIN_BLS381.html} | 2 +- ...L_BLS383.html => example_MPIN_FULL_BLS381.html} | 2 +- ...S383.html => example_MPIN_ONE_PASS_BLS381.html} | 2 +- ..._TP_BLS383.html => example_MPIN_TP_BLS381.html} | 2 +- examples/browser/example_all.html | 1276 ++++++++++++++++++++ ...example_DVS_BLS383.js => example_DVS_BLS381.js} | 2 +- ...83_NIST521.js => example_ECC_BLS381_NIST521.js} | 4 +- ...ample_MPIN_BLS383.js => example_MPIN_BLS381.js} | 2 +- ..._FULL_BLS383.js => example_MPIN_FULL_BLS381.js} | 2 +- ...S_BLS383.js => example_MPIN_ONE_PASS_BLS381.js} | 2 +- 13 files changed, 1290 insertions(+), 14 deletions(-) diff --git a/examples/browser/example_BLS.html b/examples/browser/example_BLS.html index 67418e3..ab8cbf4 100644 --- a/examples/browser/example_BLS.html +++ b/examples/browser/example_BLS.html @@ -46,7 +46,7 @@ <p><a id="myLink4" href="#" onclick="location.reload(false);bn254();">BN254 254-bit k=12 Pairing-Friendly BN Curve Boneh-Lynn-Shacham</a></p> -<p><a id="myLink5" href="#" onclick="location.reload(false);bls383();">BLS381 381-bit k=12 Pairing-Friendly BLS Curve Boneh-Lynn-Shacham</a></p> +<p><a id="myLink5" href="#" onclick="location.reload(false);bls381();">BLS381 381-bit k=12 Pairing-Friendly BLS Curve Boneh-Lynn-Shacham</a></p> <p><a id="myLink6" href="#" onclick="location.reload(false);bls24();">BLS24 479-bit k=24 Pairing-Friendly BLS Curve Boneh-Lynn-Shacham</a></p> <p><a id="myLink7" href="#" onclick="location.reload(false);bls48();">BLS48 556-bit k=48 Pairing-Friendly BLS Curve Boneh-Lynn-Shacham</a></p> diff --git a/examples/browser/example_DVS_BLS383.html b/examples/browser/example_DVS_BLS381.html similarity index 99% rename from examples/browser/example_DVS_BLS383.html rename to examples/browser/example_DVS_BLS381.html index d5c0183..ad11117 100644 --- a/examples/browser/example_DVS_BLS383.html +++ b/examples/browser/example_DVS_BLS381.html @@ -55,7 +55,7 @@ under the License. /* Test DVS - test driver and function exerciser for Designated Verifier Signature API Functions */ -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); var RAW = []; var rng = new ctx.RAND(); diff --git a/examples/browser/example_ECC_BLS383_NIST521.html b/examples/browser/example_ECC_BLS381_NIST521.html similarity index 98% rename from examples/browser/example_ECC_BLS383_NIST521.html rename to examples/browser/example_ECC_BLS381_NIST521.html index ea61f8e..43a4057 100644 --- a/examples/browser/example_ECC_BLS383_NIST521.html +++ b/examples/browser/example_ECC_BLS381_NIST521.html @@ -56,10 +56,10 @@ under the License. /* Test ECC - test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */ -var ctx1 = new CTX("BLS383"); +var ctx1 = new CTX("BLS381"); var ctx2 = new CTX("NIST521"); -console.log("Start testing BLS383"); +console.log("Start testing BLS381"); var pp = "M0ng00se", res, diff --git a/examples/browser/example_MPIN_BLS383.html b/examples/browser/example_MPIN_BLS381.html similarity index 99% rename from examples/browser/example_MPIN_BLS383.html rename to examples/browser/example_MPIN_BLS381.html index 6ca6b73..08d54cd 100644 --- a/examples/browser/example_MPIN_BLS383.html +++ b/examples/browser/example_MPIN_BLS381.html @@ -55,7 +55,7 @@ under the License. /* Test MPIN - test driver and function exerciser for MPIN API Functions */ -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); /* Test M-Pin */ diff --git a/examples/browser/example_MPIN_FULL_BLS383.html b/examples/browser/example_MPIN_FULL_BLS381.html similarity index 99% rename from examples/browser/example_MPIN_FULL_BLS383.html rename to examples/browser/example_MPIN_FULL_BLS381.html index 9a572bb..d95979f 100644 --- a/examples/browser/example_MPIN_FULL_BLS383.html +++ b/examples/browser/example_MPIN_FULL_BLS381.html @@ -55,7 +55,7 @@ under the License. /* Test MPIN - test driver and function exerciser for MPIN API Functions */ -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); /* Test M-Pin */ diff --git a/examples/browser/example_MPIN_ONE_PASS_BLS383.html b/examples/browser/example_MPIN_ONE_PASS_BLS381.html similarity index 99% rename from examples/browser/example_MPIN_ONE_PASS_BLS383.html rename to examples/browser/example_MPIN_ONE_PASS_BLS381.html index a798a31..9d43ab6 100644 --- a/examples/browser/example_MPIN_ONE_PASS_BLS383.html +++ b/examples/browser/example_MPIN_ONE_PASS_BLS381.html @@ -55,7 +55,7 @@ under the License. /* Test MPIN - test driver and function exerciser for MPIN API Functions */ -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); /* Test M-Pin */ diff --git a/examples/browser/example_MPIN_TP_BLS383.html b/examples/browser/example_MPIN_TP_BLS381.html similarity index 99% rename from examples/browser/example_MPIN_TP_BLS383.html rename to examples/browser/example_MPIN_TP_BLS381.html index 8f8c1d2..c29c250 100644 --- a/examples/browser/example_MPIN_TP_BLS383.html +++ b/examples/browser/example_MPIN_TP_BLS381.html @@ -55,7 +55,7 @@ under the License. /* Test MPIN - test driver and function exerciser for MPIN API Functions */ -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); /* Test M-Pin */ diff --git a/examples/browser/example_all.html b/examples/browser/example_all.html new file mode 100644 index 0000000..9c96ad9 --- /dev/null +++ b/examples/browser/example_all.html @@ -0,0 +1,1276 @@ +<!DOCTYPE HTML> +<html> +<head> +<title>JavaScript Test ALL</title> +</head> +<body> +<h1>JavaScript Test All Examples</h1> +<script src="src/rand.js"></script> +<script src="src/rom_curve.js"></script> +<script src="src/rom_field.js"></script> +<script src="src/uint64.js"></script> +<script src="src/aes.js"></script> +<script src="src/big.js"></script> +<script src="src/gcm.js"></script> +<script src="src/hash256.js"></script> +<script src="src/hash384.js"></script> +<script src="src/hash512.js"></script> +<script src="src/sha3.js"></script> +<script src="src/nhs.js"></script> +<script src="src/fp.js"></script> +<script src="src/fp2.js"></script> +<script src="src/fp4.js"></script> +<script src="src/fp12.js"></script> +<script src="src/ff.js"></script> +<script src="src/rsa.js"></script> +<script src="src/ecp.js"></script> +<script src="src/ecp2.js"></script> +<script src="src/ecdh.js"></script> +<script src="src/pair.js"></script> +<script src="src/bls.js"></script> +<script src="src/mpin.js"></script> +<script src="src/ctx.js"></script> + +<script src="src/fp8.js"></script> +<script src="src/fp16.js"></script> +<script src="src/fp24.js"></script> +<script src="src/fp48.js"></script> +<script src="src/ecp4.js"></script> +<script src="src/ecp8.js"></script> +<script src="src/pair192.js"></script> +<script src="src/pair256.js"></script> +<script src="src/mpin192.js"></script> +<script src="src/mpin256.js"></script> +<script src="src/bls192.js"></script> +<script src="src/bls256.js"></script> + + +<p><a id="myLink1" href="#" onclick="location.reload(false);ed25519();">ED25519 255-bit Edwards Elliptic Curve ECDH/ECIES/ECDSA</a></p> +<p><a id="myLink2" href="#" onclick="location.reload(false);nist256();">NIST256 256-bit Weierstrass Elliptic Curve ECDH/ECIES/ECDSA</a></p> +<p><a id="myLink3" href="#" onclick="location.reload(false);goldilocks();">GOLDILOCKS 448-bit Edwards Elliptic Curve ECDH/ECIES/ECDSA</a></p> +<p><a id="myLink5" href="#" onclick="location.reload(false);bls381();">BLS381 381-bit k=12 Pairing-Friendly BLS Curve MPIN</a></p> +<p><a id="myLink6" href="#" onclick="location.reload(false);bls24();">BLS24 479-bit k=24 Pairing-Friendly BLS Curve MPIN</a></p> +<p><a id="myLink7" href="#" onclick="location.reload(false);bls48();">BLS48 556-bit k=48 Pairing-Friendly BLS Curve MPIN</a></p> +<p><a id="myLink8" href="#" onclick="location.reload(false);rsa2048();">RSA2048 2048-bit RSA Key generation/Encryption/Decryption</a></p> + + +<script> + +/* Test ECC */ +/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */ + +// ED25519 context +function ed25519() { + var ctx = new CTX('ED25519'); + + mywindow=window.open(); + + mywindow.document.write("<br> ED25519 Curve "+ "<br>"); + + var i,j=0,res; + var result; + var pp="M0ng00se"; + + var EGS=ctx.ECDH.EGS; + var EFS=ctx.ECDH.EFS; + var EAS=ctx.ECP.AESKEY; + var sha=ctx.ECP.HASH_TYPE; + + var S1=[]; + var W0=[]; + var W1=[]; + var Z0=[]; + var Z1=[]; + var RAW=[]; + var SALT=[]; + var P1=[]; + var P2=[]; + var V=[]; + var M=[]; + var T=new Array(12); // must specify required length + var CS=[]; + var DS=[]; + + var rng=new ctx.RAND(); + + rng.clean(); + for (i=0;i<100;i++) RAW[i]=i; + + rng.seed(100,RAW); + + for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt + + mywindow.document.write("Alice's Passphrase= " + pp + "<br>"); + + var PW=ctx.ECDH.stringtobytes(pp); +/* private key S0 of size EGS bytes derived from Password and Salt */ + var S0=ctx.ECDH.PBKDF2(sha,PW,SALT,1000,EGS); + + mywindow.document.write("Alice's private key= 0x"+ctx.ECDH.bytestostring(S0)+ "<br>"); +/* Generate Key pair S/W */ + ctx.ECDH.KEY_PAIR_GENERATE(null,S0,W0); + + mywindow.document.write("Alice's public key= 0x"+ctx.ECDH.bytestostring(W0)+ "<br>"); + + res=ctx.ECDH.PUBLIC_KEY_VALIDATE(W0); + if (res!=0) + alert("ECP Public Key is invalid!"); +/* Random private key for other party */ + ctx.ECDH.KEY_PAIR_GENERATE(rng,S1,W1); + + mywindow.document.write("Servers private key= 0x"+ctx.ECDH.bytestostring(S1)+ "<br>"); + mywindow.document.write("Servers public key= 0x"+ctx.ECDH.bytestostring(W1)+ "<br>"); + + res=ctx.ECDH.PUBLIC_KEY_VALIDATE(W1); + if (res!=0) + alert("ECP Public Key is invalid!"); + + +/* Calculate common key using DH - IEEE 1363 method */ + + ctx.ECDH.ECPSVDP_DH(S0,W1,Z0); + ctx.ECDH.ECPSVDP_DH(S1,W0,Z1); + + var same=true; + for (i=0;i<ctx.ECDH.EFS;i++) + if (Z0[i]!=Z1[i]) same=false; + + if (!same) + alert("*** ECPSVDP-DH Failed"); + + var KEY=ctx.ECDH.KDF2(sha,Z0,null,ctx.ECP.AESKEY); + + mywindow.document.write("Alice's ECDH Key= 0x"+ctx.ECDH.bytestostring(KEY)+ "<br>"); + mywindow.document.write("Servers ECDH Key= 0x"+ctx.ECDH.bytestostring(KEY)+ "<br>"); + + if (ctx.ECP.CURVETYPE!=ctx.ECP.MONTGOMERY) + { + mywindow.document.write("Testing ECIES"+ "<br>"); + + P1[0]=0x0; P1[1]=0x1; P1[2]=0x2; + P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3; + + for (i=0;i<=16;i++) M[i]=i; + + var C=ctx.ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,V,T); + + mywindow.document.write("Ciphertext= "+ "<br>"); + mywindow.document.write("V= 0x"+ctx.ECDH.bytestostring(V)+ "<br>"); + mywindow.document.write("C= 0x"+ctx.ECDH.bytestostring(C)+ "<br>"); + mywindow.document.write("T= 0x"+ctx.ECDH.bytestostring(T)+ "<br>"); + + + M=ctx.ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1); + if (M.length==0) + alert("*** ECIES Decryption Failed "); + else mywindow.document.write("Decryption succeeded"+ "<br>"); + + mywindow.document.write("Message is 0x"+ctx.ECDH.bytestostring(M)+ "<br>"); + + mywindow.document.write("Testing ECDSA"+ "<br>"); + + if (ctx.ECDH.ECPSP_DSA(sha,rng,S0,M,CS,DS)!=0) + alert("***ECDSA Signature Failed"); + + mywindow.document.write("Signature= "+ "<br>"); + mywindow.document.write("C= 0x"+ctx.ECDH.bytestostring(CS)+ "<br>"); + mywindow.document.write("D= 0x"+ctx.ECDH.bytestostring(DS)+ "<br>"); + + if (ctx.ECDH.ECPVP_DSA(sha,W0,M,CS,DS)!=0) + alert("***ECDSA Verification Failed"); + else mywindow.document.write("ECDSA Signature/Verification succeeded "+ "<br>"); + } + +} +// NIST256 context + +function nist256() { + var ctx = new CTX('NIST256'); + mywindow=window.open(); + + mywindow.document.write("<br> NIST256 Curve "+ "<br>"); + var i,j=0,res; + var result; + var pp="M0ng00se"; + + var EGS=ctx.ECDH.EGS; + var EFS=ctx.ECDH.EFS; + var EAS=ctx.ECP.AESKEY; + var sha=ctx.ECP.HASH_TYPE; + + var S1=[]; + var W0=[]; + var W1=[]; + var Z0=[]; + var Z1=[]; + var RAW=[]; + var SALT=[]; + var P1=[]; + var P2=[]; + var V=[]; + var M=[]; + var T=new Array(12); // must specify required length + var CS=[]; + var DS=[]; + + var rng=new ctx.RAND(); + + rng.clean(); + for (i=0;i<100;i++) RAW[i]=i; + + rng.seed(100,RAW); + + + for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt + + mywindow.document.write("Alice's Passphrase= " + pp + "<br>"); + + var PW=ctx.ECDH.stringtobytes(pp); +/* private key S0 of size EGS bytes derived from Password and Salt */ + var S0=ctx.ECDH.PBKDF2(sha,PW,SALT,1000,EGS); + + mywindow.document.write("Alice's private key= 0x"+ctx.ECDH.bytestostring(S0)+ "<br>"); +/* Generate Key pair S/W */ + ctx.ECDH.KEY_PAIR_GENERATE(null,S0,W0); + + mywindow.document.write("Alice's public key= 0x"+ctx.ECDH.bytestostring(W0)+ "<br>"); + + res=ctx.ECDH.PUBLIC_KEY_VALIDATE(W0); + if (res!=0) + alert("ECP Public Key is invalid!"); +/* Random private key for other party */ + ctx.ECDH.KEY_PAIR_GENERATE(rng,S1,W1); + + mywindow.document.write("Servers private key= 0x"+ctx.ECDH.bytestostring(S1)+ "<br>"); + mywindow.document.write("Servers public key= 0x"+ctx.ECDH.bytestostring(W1)+ "<br>"); + + res=ctx.ECDH.PUBLIC_KEY_VALIDATE(W1); + if (res!=0) + alert("ECP Public Key is invalid!"); + + +/* Calculate common key using DH - IEEE 1363 method */ + + ctx.ECDH.ECPSVDP_DH(S0,W1,Z0); + ctx.ECDH.ECPSVDP_DH(S1,W0,Z1); + + var same=true; + for (i=0;i<ctx.ECDH.EFS;i++) + if (Z0[i]!=Z1[i]) same=false; + + if (!same) + alert("*** ECPSVDP-DH Failed"); + + var KEY=ctx.ECDH.KDF2(sha,Z0,null,ctx.ECP.AESKEY); + + mywindow.document.write("Alice's ECDH Key= 0x"+ctx.ECDH.bytestostring(KEY)+ "<br>"); + mywindow.document.write("Servers ECDH Key= 0x"+ctx.ECDH.bytestostring(KEY)+ "<br>"); + + if (ctx.ECP.CURVETYPE!=ctx.ECP.MONTGOMERY) + { + mywindow.document.write("Testing ECIES"+ "<br>"); + + P1[0]=0x0; P1[1]=0x1; P1[2]=0x2; + P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3; + + for (i=0;i<=16;i++) M[i]=i; + + var C=ctx.ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,V,T); + + mywindow.document.write("Ciphertext= "+ "<br>"); + mywindow.document.write("V= 0x"+ctx.ECDH.bytestostring(V)+ "<br>"); + mywindow.document.write("C= 0x"+ctx.ECDH.bytestostring(C)+ "<br>"); + mywindow.document.write("T= 0x"+ctx.ECDH.bytestostring(T)+ "<br>"); + + + M=ctx.ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1); + if (M.length==0) + alert("*** ECIES Decryption Failed "); + else mywindow.document.write("Decryption succeeded"+ "<br>"); + + mywindow.document.write("Message is 0x"+ctx.ECDH.bytestostring(M)+ "<br>"); + + mywindow.document.write("Testing ECDSA"+ "<br>"); + + if (ctx.ECDH.ECPSP_DSA(sha,rng,S0,M,CS,DS)!=0) + alert("***ECDSA Signature Failed"); + + mywindow.document.write("Signature= "+ "<br>"); + mywindow.document.write("C= 0x"+ctx.ECDH.bytestostring(CS)+ "<br>"); + mywindow.document.write("D= 0x"+ctx.ECDH.bytestostring(DS)+ "<br>"); + + if (ctx.ECDH.ECPVP_DSA(sha,W0,M,CS,DS)!=0) + alert("***ECDSA Verification Failed"); + else mywindow.document.write("ECDSA Signature/Verification succeeded "+ "<br>"); + } + +} + + +// GOLDILOCKS context +function goldilocks() { + var ctx = new CTX('GOLDILOCKS'); + mywindow=window.open(); + + mywindow.document.write("<br> GOLDILOCKS Curve "+ "<br>"); + + var i,j=0,res; + var result; + var pp="M0ng00se"; + + var EGS=ctx.ECDH.EGS; + var EFS=ctx.ECDH.EFS; + var EAS=ctx.ECP.AESKEY; + var sha=ctx.ECP.HASH_TYPE; + + var S1=[]; + var W0=[]; + var W1=[]; + var Z0=[]; + var Z1=[]; + + var SALT=[]; + var P1=[]; + var P2=[]; + var V=[]; + var M=[]; + var T=new Array(12); // must specify required length + var CS=[]; + var DS=[]; + + var RAW=[]; + var rng=new ctx.RAND(); + + rng.clean(); + for (i=0;i<100;i++) RAW[i]=i; + + rng.seed(100,RAW); + + + for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt + + mywindow.document.write("Alice's Passphrase= " + pp + "<br>"); + + var PW=ctx.ECDH.stringtobytes(pp); +/* private key S0 of size EGS bytes derived from Password and Salt */ + var S0=ctx.ECDH.PBKDF2(sha,PW,SALT,1000,EGS); + + mywindow.document.write("Alice's private key= 0x"+ctx.ECDH.bytestostring(S0)+ "<br>"); +/* Generate Key pair S/W */ + ctx.ECDH.KEY_PAIR_GENERATE(null,S0,W0); + + mywindow.document.write("Alice's public key= 0x"+ctx.ECDH.bytestostring(W0)+ "<br>"); + + res=ctx.ECDH.PUBLIC_KEY_VALIDATE(W0); + if (res!=0) + alert("ECP Public Key is invalid!"); +/* Random private key for other party */ + ctx.ECDH.KEY_PAIR_GENERATE(rng,S1,W1); + + mywindow.document.write("Servers private key= 0x"+ctx.ECDH.bytestostring(S1)+ "<br>"); + mywindow.document.write("Servers public key= 0x"+ctx.ECDH.bytestostring(W1)+ "<br>"); + + res=ctx.ECDH.PUBLIC_KEY_VALIDATE(W1); + if (res!=0) + alert("ECP Public Key is invalid!"); + + +/* Calculate common key using DH - IEEE 1363 method */ + + ctx.ECDH.ECPSVDP_DH(S0,W1,Z0); + ctx.ECDH.ECPSVDP_DH(S1,W0,Z1); + + var same=true; + for (i=0;i<ctx.ECDH.EFS;i++) + if (Z0[i]!=Z1[i]) same=false; + + if (!same) + alert("*** ECPSVDP-DH Failed"); + + var KEY=ctx.ECDH.KDF2(sha,Z0,null,ctx.ECP.AESKEY); + + mywindow.document.write("Alice's ECDH Key= 0x"+ctx.ECDH.bytestostring(KEY)+ "<br>"); + mywindow.document.write("Servers ECDH Key= 0x"+ctx.ECDH.bytestostring(KEY)+ "<br>"); + + if (ctx.ECP.CURVETYPE!=ctx.ECP.MONTGOMERY) + { + mywindow.document.write("Testing ECIES"+ "<br>"); + + P1[0]=0x0; P1[1]=0x1; P1[2]=0x2; + P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3; + + for (i=0;i<=16;i++) M[i]=i; + + var C=ctx.ECDH.ECIES_ENCRYPT(sha,P1,P2,rng,W1,M,V,T); + + mywindow.document.write("Ciphertext= "+ "<br>"); + mywindow.document.write("V= 0x"+ctx.ECDH.bytestostring(V)+ "<br>"); + mywindow.document.write("C= 0x"+ctx.ECDH.bytestostring(C)+ "<br>"); + mywindow.document.write("T= 0x"+ctx.ECDH.bytestostring(T)+ "<br>"); + + + M=ctx.ECDH.ECIES_DECRYPT(sha,P1,P2,V,C,T,S1); + if (M.length==0) + alert("*** ECIES Decryption Failed "); + else mywindow.document.write("Decryption succeeded"+ "<br>"); + + mywindow.document.write("Message is 0x"+ctx.ECDH.bytestostring(M)+ "<br>"); + + mywindow.document.write("Testing ECDSA"+ "<br>"); + + if (ctx.ECDH.ECPSP_DSA(sha,rng,S0,M,CS,DS)!=0) + alert("***ECDSA Signature Failed"); + + mywindow.document.write("Signature= "+ "<br>"); + mywindow.document.write("C= 0x"+ctx.ECDH.bytestostring(CS)+ "<br>"); + mywindow.document.write("D= 0x"+ctx.ECDH.bytestostring(DS)+ "<br>"); + + if (ctx.ECDH.ECPVP_DSA(sha,W0,M,CS,DS)!=0) + alert("***ECDSA Verification Failed"); + else mywindow.document.write("ECDSA Signature/Verification succeeded "+ "<br>"); + } +} + + +/* Test RSA */ +/* test driver and function exerciser for RSA API Functions */ + + +// RSA2048 context +function rsa2048() { + var ctx = new CTX('RSA2048'); + + var i,j=0,res; + var result; + + var sha=ctx.RSA.HASH_TYPE; + + var message="Hello World\n"; + + var pub=new ctx.rsa_public_key(ctx.FF.FFLEN); + var priv=new ctx.rsa_private_key(ctx.FF.HFLEN); + + var ML=[]; + var C=[]; + var S=[]; + + var RAW=[]; + var rng=new ctx.RAND(); + + rng.clean(); + for (i=0;i<100;i++) RAW[i]=i; + + rng.seed(100,RAW); + + mywindow=window.open(); + + var start,end,time; + start=new Date().getTime(); + mywindow.document.write("<br> Generating RSA public/private key pair (slow!) <br>"); + ctx.RSA.KEY_PAIR(rng,65537,priv,pub); + end=new Date().getTime(); + time=end-start; + mywindow.document.write("Time in ms= "+time+"<br>"); + + var M=ctx.RSA.stringtobytes(message); + mywindow.document.write("Encrypting test string <br>"); + + var E=ctx.RSA.OAEP_ENCODE(sha,M,rng,null); /* OAEP encode message m to e */ + mywindow.document.write("Encoding= 0x" + ctx.RSA.bytestohex(E) + "<br>"); + + mywindow.document.write("Public key= 0x"+pub.n.toString() + "<br>"); + + start=new Date().getTime(); + ctx.RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */ + end=new Date().getTime(); + time=end-start; + mywindow.document.write("Time in ms= "+time+"<br>"); + + mywindow.document.write("Ciphertext= 0x" + ctx.RSA.bytestohex(C) + "<br>"); + + mywindow.document.write("Decrypting test string <br>"); + start=new Date().getTime(); + ctx.RSA.DECRYPT(priv,C,ML); + end=new Date().getTime(); + time=end-start; + mywindow.document.write("Time in ms= "+time+"<br>"); + + var cmp=true; + if (E.length!=ML.length) cmp=false; + else + { + for (var j=0;j<E.length;j++) + if (E[j]!=ML[j]) cmp=false; + } + if (cmp) mywindow.document.write("Decryption is OK <br>"); + else mywindow.document.write("Decryption Failed <br>"); + + var MS=ctx.RSA.OAEP_DECODE(sha,null,ML); /* OAEP decode message */ + mywindow.document.write("Decoding= 0x" + ctx.RSA.bytestohex(MS) + "<br>"); + + mywindow.document.write("message= "+ctx.RSA.bytestostring(MS) + "<br>"); + + + mywindow.document.write("Signing message <br>"); + ctx.RSA.PKCS15(sha,M,C); + + ctx.RSA.DECRYPT(priv,C,S); /* create signature in S */ + + mywindow.document.write("Signature= 0x" + ctx.RSA.bytestohex(S) + "<br>"); + + ctx.RSA.ENCRYPT(pub,S,ML); + + cmp=true; + if (C.length!=ML.length) cmp=false; + else + { + for (var j=0;j<C.length;j++) + if (C[j]!=ML[j]) cmp=false; + } + if (cmp) mywindow.document.write("Signature is valid <br>"); + else mywindow.document.write("Signature is INVALID <br>"); + + ctx.RSA.PRIVATE_KEY_KILL(priv); + + +} + +/* Test M-Pin */ + +// BLS381 context +function bls381() { + var ctx = new CTX('BLS381'); + mywindow=window.open(); + + mywindow.document.write("<br> BLS381 Pairing-Friendly Curve "+ "<br>"); + + var i,res; + var result; + + var EGS=ctx.MPIN.EGS; + var EFS=ctx.MPIN.EFS; + var EAS=ctx.ECP.AESKEY; + + var sha=ctx.ECP.HASH_TYPE; + + var G1S=2*EFS+1; /* Group 1 Size */ + var G2S=4*EFS; /* Group 2 Size */ + + var S=[]; + var SST=[]; + var TOKEN = []; + var PERMIT = []; + var SEC = []; + var xID = []; + var xCID = []; + var X= []; + var Y= []; + var E=[]; + var F=[]; + var HCID=[]; + var HID=[]; + var HTID=[]; + + var G1=[]; + var G2=[]; + var R=[]; + var Z=[]; + var W=[]; + var T=[]; + var CK=[]; + var SK=[]; + + var HSID=[]; + +/* Set configuration */ + var PERMITS=true; + var PINERROR=true; + var FULL=true; + var ONE_PASS=false; + + var RAW=[]; + var rng=new ctx.RAND(); + + rng.clean(); + for (i=0;i<100;i++) RAW[i]=i; + + rng.seed(100,RAW); + + +/* Trusted Authority set-up */ + ctx.MPIN.RANDOM_GENERATE(rng,S); + mywindow.document.write("M-Pin Master Secret s: 0x"+ctx.MPIN.bytestostring(S) + "<br>"); + + /* Create Client Identity */ + var IDstr = "[email protected]"; + var CLIENT_ID = ctx.MPIN.stringtobytes(IDstr); + HCID=ctx.MPIN.HASH_ID(sha,CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */ + + mywindow.document.write("Client ID= "+ctx.MPIN.bytestostring(CLIENT_ID) + "<br>"); + +/* Client and Server are issued secrets by DTA */ + ctx.MPIN.GET_SERVER_SECRET(S,SST); + mywindow.document.write("Server Secret SS: 0x"+ctx.MPIN.bytestostring(SST) + "<br>"); + + ctx.MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN); + mywindow.document.write("Client Secret CS: 0x"+ctx.MPIN.bytestostring(TOKEN) + "<br>"); + +/* Client extracts PIN from secret to create Token */ + var pin=1234; + mywindow.document.write("Client extracts PIN= "+pin + "<br>"); + var rtn=ctx.MPIN.EXTRACT_PIN(sha,CLIENT_ID,pin,TOKEN); + if (rtn != 0) + mywindow.document.write("Failed to extract PIN " + "<br>"); + + mywindow.document.write("Client Token TK: 0x"+ctx.MPIN.bytestostring(TOKEN) + "<br>"); + + if (FULL) + { + ctx.MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2); + } + + var date; + if (PERMITS) + { + date=ctx.MPIN.today(); +/* Client gets "Time Token" permit from DTA */ + ctx.MPIN.GET_CLIENT_PERMIT(sha,date,S,HCID,PERMIT); + mywindow.document.write("Time Permit TP: 0x"+ctx.MPIN.bytestostring(PERMIT) + "<br>"); + +/* This encoding makes Time permit look random - Elligator squared */ + ctx.MPIN.ENCODING(rng,PERMIT); + mywindow.document.write("Encoded Time Permit TP: 0x"+ctx.MPIN.bytestostring(PERMIT) + "<br>"); + ctx.MPIN.DECODING(PERMIT); + mywindow.document.write("Decoded Time Permit TP: 0x"+ctx.MPIN.bytestostring(PERMIT) + "<br>"); + } + else date=0; + + pin=parseInt(mywindow.prompt("Enter PIN= ")); + +/* Set date=0 and PERMIT=null if time permits not in use + +Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC +If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID))) +Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG + +If Time Permits OFF set xCID = null, HTID=null and use xID and HID only +If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required +If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only. + + +*/ + var pxID=xID; + var pxCID=xCID; + var pHID=HID; + var pHTID=HTID; + var pE=E; + var pF=F; + var pPERMIT=PERMIT; + var prHID; + + if (date!=0) + { + prHID=pHTID; + if (!PINERROR) + { + pxID=null; + // pHID=null; + } + } + else + { + prHID=pHID; + pPERMIT=null; + pxCID=null; + pHTID=null; + } + if (!PINERROR) + { + pE=null; + pF=null; + } + + if (ONE_PASS) + { + mywindow.document.write("MPIN Single Pass " + "<br>"); + timeValue = ctx.MPIN.GET_TIME(); + mywindow.document.write("Epoch " + timeValue + "<br>"); + + rtn=ctx.MPIN.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y); + + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>"); + + if (FULL) + { + HCID=ctx.MPIN.HASH_ID(sha,CLIENT_ID); + ctx.MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ + } + + rtn=ctx.MPIN.SERVER(sha,date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue); + if (rtn != 0) + mywindow.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>"); + + if (FULL) + { + HSID=ctx.MPIN.HASH_ID(sha,CLIENT_ID); + ctx.MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ + } + } + else + { + mywindow.document.write("MPIN Multi Pass " + "<br>"); + rtn=ctx.MPIN.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT); + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>"); + + if (FULL) + { + HCID=ctx.MPIN.HASH_ID(sha,CLIENT_ID); + ctx.MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ + } + + /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ + ctx.MPIN.SERVER_1(sha,date,CLIENT_ID,pHID,pHTID); + + /* Server generates Random number Y and sends it to Client */ + ctx.MPIN.RANDOM_GENERATE(rng,Y); + + if (FULL) + { + HSID=ctx.MPIN.HASH_ID(sha,CLIENT_ID); + ctx.MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ + } + + /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + rtn=ctx.MPIN.CLIENT_2(X,Y,SEC); + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>"); + /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ + /* If PIN error not required, set E and F = NULL */ + rtn=ctx.MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF); + + if (rtn != 0) + mywindow.document.write("FAILURE: SERVER_2 rtn: " + rtn+ "<br>"); + + } + + + if (rtn == ctx.MPIN.BAD_PIN) + { + mywindow.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>"); + if (PINERROR) + { + var err=ctx.MPIN.KANGAROO(E,F); + if (err!=0) mywindow.document.write("(Client PIN is out by "+err + ")<br>"); + } + } + else + { + mywindow.document.write("Server says - PIN is good! You really are "+IDstr + "<br>"); + if (FULL) + { + H=ctx.MPIN.HASH_ALL(sha,HCID,pxID,pxCID,SEC,Y,Z,T); + ctx.MPIN.CLIENT_KEY(sha,G1,G2,pin,R,X,H,T,CK); + + mywindow.document.write("Client Key = 0x"+ctx.MPIN.bytestostring(CK) + "<br>"); + H=ctx.MPIN.HASH_ALL(sha,HSID,pxID,pxCID,SEC,Y,Z,T); + ctx.MPIN.SERVER_KEY(sha,Z,SST,W,H,pHID,pxID,pxCID,SK); + mywindow.document.write("Server Key = 0x"+ctx.MPIN.bytestostring(SK) + "<br>"); + } + } + +} + + + +// BLS24 context +function bls24() { + var ctx = new CTX('BLS24'); + mywindow=window.open(); + + mywindow.document.write("<br> BLS24 Pairing-Friendly Curve "+ "<br>"); + + var i,res; + var result; + + var EGS=ctx.MPIN192.EGS; + var EFS=ctx.MPIN192.EFS; + var EAS=ctx.ECP.AESKEY; + + var sha=ctx.ECP.HASH_TYPE; + + var G1S=2*EFS+1; /* Group 1 Size */ + var G2S=8*EFS; /* Group 2 Size */ /**/ + + var S=[]; + var SST=[]; + var TOKEN = []; + var PERMIT = []; + var SEC = []; + var xID = []; + var xCID = []; + var X= []; + var Y= []; + var E=[]; + var F=[]; + var HCID=[]; + var HID=[]; + var HTID=[]; + + var G1=[]; + var G2=[]; + var R=[]; + var Z=[]; + var W=[]; + var T=[]; + var CK=[]; + var SK=[]; + + var HSID=[]; + +/* Set configuration */ + var PERMITS=true; + var PINERROR=true; + var FULL=true; + var ONE_PASS=false; + + var RAW=[]; + var rng=new ctx.RAND(); + + rng.clean(); + for (i=0;i<100;i++) RAW[i]=i; + + rng.seed(100,RAW); + +/* Trusted Authority set-up */ + ctx.MPIN192.RANDOM_GENERATE(rng,S); + mywindow.document.write("M-Pin Master Secret s: 0x"+ctx.MPIN192.bytestostring(S) + "<br>"); + + /* Create Client Identity */ + var IDstr = "[email protected]"; + var CLIENT_ID = ctx.MPIN192.stringtobytes(IDstr); + HCID=ctx.MPIN192.HASH_ID(sha,CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */ + + mywindow.document.write("Client ID= "+ctx.MPIN192.bytestostring(CLIENT_ID) + "<br>"); + +/* Client and Server are issued secrets by DTA */ + ctx.MPIN192.GET_SERVER_SECRET(S,SST); + mywindow.document.write("Server Secret SS: 0x"+ctx.MPIN192.bytestostring(SST) + "<br>"); + + ctx.MPIN192.GET_CLIENT_SECRET(S,HCID,TOKEN); + mywindow.document.write("Client Secret CS: 0x"+ctx.MPIN192.bytestostring(TOKEN) + "<br>"); + +/* Client extracts PIN from secret to create Token */ + var pin=1234; + mywindow.document.write("Client extracts PIN= "+pin + "<br>"); + var rtn=ctx.MPIN192.EXTRACT_PIN(sha,CLIENT_ID,pin,TOKEN); + if (rtn != 0) + mywindow.document.write("Failed to extract PIN " + "<br>"); + + mywindow.document.write("Client Token TK: 0x"+ctx.MPIN192.bytestostring(TOKEN) + "<br>"); + + if (FULL) + { + ctx.MPIN192.PRECOMPUTE(TOKEN,HCID,G1,G2); + } + + var date; + if (PERMITS) + { + date=ctx.MPIN192.today(); +/* Client gets "Time Token" permit from DTA */ + ctx.MPIN192.GET_CLIENT_PERMIT(sha,date,S,HCID,PERMIT); + mywindow.document.write("Time Permit TP: 0x"+ctx.MPIN192.bytestostring(PERMIT) + "<br>"); + +/* This encoding makes Time permit look random - Elligator squared */ + ctx.MPIN192.ENCODING(rng,PERMIT); + mywindow.document.write("Encoded Time Permit TP: 0x"+ctx.MPIN192.bytestostring(PERMIT) + "<br>"); + ctx.MPIN192.DECODING(PERMIT); + mywindow.document.write("Decoded Time Permit TP: 0x"+ctx.MPIN192.bytestostring(PERMIT) + "<br>"); + } + else date=0; + + pin=parseInt(mywindow.prompt("Enter PIN= ")); + +/* Set date=0 and PERMIT=null if time permits not in use + +Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC +If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID))) +Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG + +If Time Permits OFF set xCID = null, HTID=null and use xID and HID only +If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required +If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only. + + +*/ + var pxID=xID; + var pxCID=xCID; + var pHID=HID; + var pHTID=HTID; + var pE=E; + var pF=F; + var pPERMIT=PERMIT; + var prHID; + + if (date!=0) + { + prHID=pHTID; + if (!PINERROR) + { + pxID=null; + // pHID=null; + } + } + else + { + prHID=pHID; + pPERMIT=null; + pxCID=null; + pHTID=null; + } + if (!PINERROR) + { + pE=null; + pF=null; + } + + if (ONE_PASS) + { + mywindow.document.write("MPIN Single Pass " + "<br>"); + timeValue = ctx.MPIN192.GET_TIME(); + mywindow.document.write("Epoch " + timeValue + "<br>"); + + rtn=ctx.MPIN192.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y); + + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>"); + + if (FULL) + { + HCID=ctx.MPIN192.HASH_ID(sha,CLIENT_ID); + ctx.MPIN192.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ + } + + rtn=ctx.MPIN192.SERVER(sha,date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue); + if (rtn != 0) + mywindow.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>"); + + if (FULL) + { + HSID=ctx.MPIN192.HASH_ID(sha,CLIENT_ID); + ctx.MPIN192.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ + } + } + else + { + mywindow.document.write("MPIN Multi Pass " + "<br>"); + rtn=ctx.MPIN192.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT); + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>"); + + if (FULL) + { + HCID=ctx.MPIN192.HASH_ID(sha,CLIENT_ID); + ctx.MPIN192.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */ + } + + /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */ + ctx.MPIN192.SERVER_1(sha,date,CLIENT_ID,pHID,pHTID); + + /* Server generates Random number Y and sends it to Client */ + ctx.MPIN192.RANDOM_GENERATE(rng,Y); + + if (FULL) + { + HSID=ctx.MPIN192.HASH_ID(sha,CLIENT_ID); + ctx.MPIN192.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */ + } + + /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */ + rtn=ctx.MPIN192.CLIENT_2(X,Y,SEC); + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>"); + /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */ + /* If PIN error not required, set E and F = NULL */ + rtn=ctx.MPIN192.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF); + + if (rtn != 0) + mywindow.document.write("FAILURE: SERVER_2 rtn: " + rtn+ "<br>"); + + } + + + if (rtn == ctx.MPIN192.BAD_PIN) + { + mywindow.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>"); + if (PINERROR) + { + var err=ctx.MPIN192.KANGAROO(E,F); + if (err!=0) mywindow.document.write("(Client PIN is out by "+err + ")<br>"); + } + } + else + { + mywindow.document.write("Server says - PIN is good! You really are "+IDstr + "<br>"); + if (FULL) + { + H=ctx.MPIN192.HASH_ALL(sha,HCID,pxID,pxCID,SEC,Y,Z,T); + ctx.MPIN192.CLIENT_KEY(sha,G1,G2,pin,R,X,H,T,CK); + + mywindow.document.write("Client Key = 0x"+ctx.MPIN192.bytestostring(CK) + "<br>"); + H=ctx.MPIN192.HASH_ALL(sha,HSID,pxID,pxCID,SEC,Y,Z,T); + ctx.MPIN192.SERVER_KEY(sha,Z,SST,W,H,pHID,pxID,pxCID,SK); + mywindow.document.write("Server Key = 0x"+ctx.MPIN192.bytestostring(SK) + "<br>"); + } + } + +} + +// BLS48 context +function bls48() { + var ctx = new CTX('BLS48'); + mywindow=window.open(); + + mywindow.document.write("<br> BLS48 Pairing-Friendly Curve "+ "<br>"); + + var i,res; + var result; + + var EGS=ctx.MPIN256.EGS; + var EFS=ctx.MPIN256.EFS; + var EAS=ctx.ECP.AESKEY; + + var sha=ctx.ECP.HASH_TYPE; + + var G1S=2*EFS+1; // Group 1 Size + var G2S=16*EFS; // Group 2 Size ** + + var S=[]; + var SST=[]; + var TOKEN = []; + var PERMIT = []; + var SEC = []; + var xID = []; + var xCID = []; + var X= []; + var Y= []; + var E=[]; + var F=[]; + var HCID=[]; + var HID=[]; + var HTID=[]; + + var G1=[]; + var G2=[]; + var R=[]; + var Z=[]; + var W=[]; + var T=[]; + var CK=[]; + var SK=[]; + + var HSID=[]; + +// Set configuration + var PERMITS=true; + var PINERROR=true; + var FULL=true; + var ONE_PASS=false; + + var RAW=[]; + var rng=new ctx.RAND(); + + rng.clean(); + for (i=0;i<100;i++) RAW[i]=i; + + rng.seed(100,RAW); + +// Trusted Authority set-up + ctx.MPIN256.RANDOM_GENERATE(rng,S); + + mywindow.document.write("M-Pin Master Secret s: 0x"+ctx.MPIN256.bytestostring(S) + "<br>"); + // Create Client Identity + var IDstr = "[email protected]"; + var CLIENT_ID = ctx.MPIN256.stringtobytes(IDstr); + HCID=ctx.MPIN256.HASH_ID(sha,CLIENT_ID); // Either Client or TA calculates Hash(ID) - you decide! + + mywindow.document.write("Client ID= "+ctx.MPIN256.bytestostring(CLIENT_ID) + "<br>"); + +// Client and Server are issued secrets by DTA + ctx.MPIN256.GET_SERVER_SECRET(S,SST); + mywindow.document.write("Server Secret SS: 0x"+ctx.MPIN256.bytestostring(SST) + "<br>"); + + ctx.MPIN256.GET_CLIENT_SECRET(S,HCID,TOKEN); + mywindow.document.write("Client Secret CS: 0x"+ctx.MPIN256.bytestostring(TOKEN) + "<br>"); + +// Client extracts PIN from secret to create Token + var pin=1234; + mywindow.document.write("Client extracts PIN= "+pin + "<br>"); + var rtn=ctx.MPIN256.EXTRACT_PIN(sha,CLIENT_ID,pin,TOKEN); + if (rtn != 0) + mywindow.document.write("Failed to extract PIN " + "<br>"); + + mywindow.document.write("Client Token TK: 0x"+ctx.MPIN256.bytestostring(TOKEN) + "<br>"); + + if (FULL) + { + ctx.MPIN256.PRECOMPUTE(TOKEN,HCID,G1,G2); + } + + var date; + if (PERMITS) + { + date=ctx.MPIN256.today(); +// Client gets "Time Token" permit from DTA + ctx.MPIN256.GET_CLIENT_PERMIT(sha,date,S,HCID,PERMIT); + mywindow.document.write("Time Permit TP: 0x"+ctx.MPIN256.bytestostring(PERMIT) + "<br>"); + +// This encoding makes Time permit look random - Elligator squared + ctx.MPIN256.ENCODING(rng,PERMIT); + mywindow.document.write("Encoded Time Permit TP: 0x"+ctx.MPIN256.bytestostring(PERMIT) + "<br>"); + ctx.MPIN256.DECODING(PERMIT); + mywindow.document.write("Decoded Time Permit TP: 0x"+ctx.MPIN256.bytestostring(PERMIT) + "<br>"); + } + else date=0; + + pin=parseInt(mywindow.prompt("Enter PIN= ")); + +// Set date=0 and PERMIT=null if time permits not in use + +//Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC +//If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID))) +//Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG + +//If Time Permits OFF set xCID = null, HTID=null and use xID and HID only +//If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required +//If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only. + + + var pxID=xID; + var pxCID=xCID; + var pHID=HID; + var pHTID=HTID; + var pE=E; + var pF=F; + var pPERMIT=PERMIT; + var prHID; + + if (date!=0) + { + prHID=pHTID; + if (!PINERROR) + { + pxID=null; + // pHID=null; + } + } + else + { + prHID=pHID; + pPERMIT=null; + pxCID=null; + pHTID=null; + } + if (!PINERROR) + { + pE=null; + pF=null; + } + + if (ONE_PASS) + { + mywindow.document.write("MPIN Single Pass " + "<br>"); + timeValue = ctx.MPIN256.GET_TIME(); + mywindow.document.write("Epoch " + timeValue + "<br>"); + + rtn=ctx.MPIN256.CLIENT(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y); + + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>"); + + if (FULL) + { + HCID=ctx.MPIN256.HASH_ID(sha,CLIENT_ID); + ctx.MPIN256.GET_G1_MULTIPLE(rng,1,R,HCID,Z); // Also Send Z=r.ID to Server, remember random r + } + + rtn=ctx.MPIN256.SERVER(sha,date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue); + if (rtn != 0) + mywindow.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>"); + + if (FULL) + { + HSID=ctx.MPIN256.HASH_ID(sha,CLIENT_ID); + ctx.MPIN256.GET_G1_MULTIPLE(rng,0,W,prHID,T); // Also send T=w.ID to client, remember random w + } + } + else + { + mywindow.document.write("MPIN Multi Pass " + "<br>"); + rtn=ctx.MPIN256.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT); + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>"); + + if (FULL) + { + HCID=ctx.MPIN256.HASH_ID(sha,CLIENT_ID); + ctx.MPIN256.GET_G1_MULTIPLE(rng,1,R,HCID,Z); // Also Send Z=r.ID to Server, remember random r + } + + // Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. + ctx.MPIN256.SERVER_1(sha,date,CLIENT_ID,pHID,pHTID); + + // Server generates Random number Y and sends it to Client + ctx.MPIN256.RANDOM_GENERATE(rng,Y); + + if (FULL) + { + HSID=ctx.MPIN256.HASH_ID(sha,CLIENT_ID); + ctx.MPIN256.GET_G1_MULTIPLE(rng,0,W,prHID,T); // Also send T=w.ID to client, remember random w + } + + // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC + rtn=ctx.MPIN256.CLIENT_2(X,Y,SEC); + if (rtn != 0) + mywindow.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>"); + // Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. + // If PIN error not required, set E and F = NULL + rtn=ctx.MPIN256.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF); + + if (rtn != 0) + mywindow.document.write("FAILURE: SERVER_2 rtn: " + rtn+ "<br>"); + + } + + + if (rtn == ctx.MPIN256.BAD_PIN) + { + mywindow.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>"); + if (PINERROR) + { + var err=ctx.MPIN256.KANGAROO(E,F); + if (err!=0) mywindow.document.write("(Client PIN is out by "+err + ")<br>"); + } + } + else + { + mywindow.document.write("Server says - PIN is good! You really are "+IDstr + "<br>"); + if (FULL) + { + H=ctx.MPIN256.HASH_ALL(sha,HCID,pxID,pxCID,SEC,Y,Z,T); + ctx.MPIN256.CLIENT_KEY(sha,G1,G2,pin,R,X,H,T,CK); + + mywindow.document.write("Client Key = 0x"+ctx.MPIN256.bytestostring(CK) + "<br>"); + H=ctx.MPIN256.HASH_ALL(sha,HSID,pxID,pxCID,SEC,Y,Z,T); + ctx.MPIN256.SERVER_KEY(sha,Z,SST,W,H,pHID,pxID,pxCID,SK); + mywindow.document.write("Server Key = 0x"+ctx.MPIN256.bytestostring(SK) + "<br>"); + } + } + +} + +</script> +</body> +</html> diff --git a/examples/node/example_DVS_BLS383.js b/examples/node/example_DVS_BLS381.js similarity index 99% rename from examples/node/example_DVS_BLS383.js rename to examples/node/example_DVS_BLS381.js index d407427..416892c 100644 --- a/examples/node/example_DVS_BLS383.js +++ b/examples/node/example_DVS_BLS381.js @@ -21,7 +21,7 @@ under the License. var CTX = require("../../index"); -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); var RAW = []; var rng = new ctx.RAND(); diff --git a/examples/node/example_ECC_BLS383_NIST521.js b/examples/node/example_ECC_BLS381_NIST521.js similarity index 98% rename from examples/node/example_ECC_BLS383_NIST521.js rename to examples/node/example_ECC_BLS381_NIST521.js index 6a5e82f..9849b78 100644 --- a/examples/node/example_ECC_BLS383_NIST521.js +++ b/examples/node/example_ECC_BLS381_NIST521.js @@ -22,10 +22,10 @@ under the License. var CTX = require("../../index"); -var ctx1 = new CTX("BLS383"); +var ctx1 = new CTX("BLS381"); var ctx2 = new CTX("NIST521"); -console.log("Start testing BLS383"); +console.log("Start testing BLS381"); var pp = "M0ng00se", res, diff --git a/examples/node/example_MPIN_BLS383.js b/examples/node/example_MPIN_BLS381.js similarity index 99% rename from examples/node/example_MPIN_BLS383.js rename to examples/node/example_MPIN_BLS381.js index 14d7fe5..11e2b78 100644 --- a/examples/node/example_MPIN_BLS383.js +++ b/examples/node/example_MPIN_BLS381.js @@ -21,7 +21,7 @@ under the License. var CTX = require("../../index"); -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); /* Test M-Pin */ diff --git a/examples/node/example_MPIN_FULL_BLS383.js b/examples/node/example_MPIN_FULL_BLS381.js similarity index 99% rename from examples/node/example_MPIN_FULL_BLS383.js rename to examples/node/example_MPIN_FULL_BLS381.js index c7f37df..0e9f9a3 100644 --- a/examples/node/example_MPIN_FULL_BLS383.js +++ b/examples/node/example_MPIN_FULL_BLS381.js @@ -21,7 +21,7 @@ under the License. var CTX = require("../../index"); -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); /* Test M-Pin */ diff --git a/examples/node/example_MPIN_ONE_PASS_BLS383.js b/examples/node/example_MPIN_ONE_PASS_BLS381.js similarity index 99% rename from examples/node/example_MPIN_ONE_PASS_BLS383.js rename to examples/node/example_MPIN_ONE_PASS_BLS381.js index 112b868..9de9ba6 100644 --- a/examples/node/example_MPIN_ONE_PASS_BLS383.js +++ b/examples/node/example_MPIN_ONE_PASS_BLS381.js @@ -21,7 +21,7 @@ under the License. var CTX = require("../../index"); -var ctx = new CTX("BLS383"); +var ctx = new CTX("BLS381"); /* Test M-Pin */
