You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2016/09/01 07:25:39 UTC
[11/12] incubator-milagro-crypto git commit: MILAGRO-14.Updating
package name with apache git
MILAGRO-14.Updating package name with apache git
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/commit/85fabaa6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/tree/85fabaa6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/diff/85fabaa6
Branch: refs/heads/master
Commit: 85fabaa62b4aa6dda91aff8eefb5b7df25900cf4
Parents: b55e613
Author: ajanthan <aj...@wso2.com>
Authored: Fri Aug 12 16:25:56 2016 -0700
Committer: ajanthan <aj...@wso2.com>
Committed: Fri Aug 12 16:25:56 2016 -0700
----------------------------------------------------------------------
go/amcl-cgo/README.txt | 9 +
go/amcl-cgo/crypto.go | 828 ++++++++++++
go/amcl-cgo/crypto_test.go | 1175 +++++++++++++++++
go/amcl-go/AES.go | 634 ++++++++++
go/amcl-go/BIG.go | 956 ++++++++++++++
go/amcl-go/DBIG.go | 260 ++++
go/amcl-go/ECDH.go | 657 ++++++++++
go/amcl-go/ECP.go | 1076 ++++++++++++++++
go/amcl-go/ECP2.go | 672 ++++++++++
go/amcl-go/FF.go | 926 ++++++++++++++
go/amcl-go/FP.go | 288 +++++
go/amcl-go/FP12.go | 654 ++++++++++
go/amcl-go/FP2.go | 324 +++++
go/amcl-go/FP4.go | 522 ++++++++
go/amcl-go/GCM.go | 472 +++++++
go/amcl-go/HASH.go | 215 ++++
go/amcl-go/MPIN.go | 807 ++++++++++++
go/amcl-go/MPIN_test.go | 898 +++++++++++++
go/amcl-go/PAIR.go | 541 ++++++++
go/amcl-go/RAND.go | 187 +++
go/amcl-go/ROM.go | 353 ++++++
go/amcl-go/RSA.go | 373 ++++++
go/amcl-go/UTILS.go | 45 +
go/amcl-go/UTILS_test.go | 71 ++
go/amcl-go/crypto.go | 222 ++++
go/amcl-go/crypto_test.go | 1194 ++++++++++++++++++
go/examples-cgo/README.txt | 5 +
go/examples-cgo/mpin.go | 221 ++++
go/examples-cgo/mpinTwoPass.go | 227 ++++
go/examples-cgo/mpinfull.go | 293 +++++
go/examples-cgo/mpinfullAnon.go | 295 +++++
go/examples-cgo/timempin.go | 84 ++
go/examples-go/ecdh.go | 180 +++
go/examples-go/generateRandom.go | 48 +
go/examples-go/mpin.go | 248 ++++
go/examples-go/mpinTwoPass.go | 207 +++
go/examples-go/mpinTwoPassWrap.go | 228 ++++
go/examples-go/mpinfull.go | 269 ++++
go/examples-go/mpinfullWrap.go | 293 +++++
go/examples-go/otp.go | 48 +
go/examples-go/pbkdf2.go | 88 ++
go/examples-go/rsa.go | 71 ++
go/examples-go/timempin.go | 96 ++
go/examples-go/timempinWrap.go | 84 ++
go/readme.txt | 6 +-
go/src/github.com/miracl/amcl-cgo/README.txt | 9 -
go/src/github.com/miracl/amcl-cgo/crypto.go | 828 ------------
.../github.com/miracl/amcl-cgo/crypto_test.go | 1175 -----------------
go/src/github.com/miracl/amcl-go/AES.go | 634 ----------
go/src/github.com/miracl/amcl-go/BIG.go | 956 --------------
go/src/github.com/miracl/amcl-go/DBIG.go | 260 ----
go/src/github.com/miracl/amcl-go/ECDH.go | 657 ----------
go/src/github.com/miracl/amcl-go/ECP.go | 1076 ----------------
go/src/github.com/miracl/amcl-go/ECP2.go | 672 ----------
go/src/github.com/miracl/amcl-go/FF.go | 926 --------------
go/src/github.com/miracl/amcl-go/FP.go | 288 -----
go/src/github.com/miracl/amcl-go/FP12.go | 654 ----------
go/src/github.com/miracl/amcl-go/FP2.go | 324 -----
go/src/github.com/miracl/amcl-go/FP4.go | 522 --------
go/src/github.com/miracl/amcl-go/GCM.go | 472 -------
go/src/github.com/miracl/amcl-go/HASH.go | 215 ----
go/src/github.com/miracl/amcl-go/MPIN.go | 807 ------------
go/src/github.com/miracl/amcl-go/MPIN_test.go | 898 -------------
go/src/github.com/miracl/amcl-go/PAIR.go | 541 --------
go/src/github.com/miracl/amcl-go/RAND.go | 187 ---
go/src/github.com/miracl/amcl-go/ROM.go | 353 ------
go/src/github.com/miracl/amcl-go/RSA.go | 373 ------
go/src/github.com/miracl/amcl-go/UTILS.go | 45 -
go/src/github.com/miracl/amcl-go/UTILS_test.go | 71 --
go/src/github.com/miracl/amcl-go/crypto.go | 222 ----
go/src/github.com/miracl/amcl-go/crypto_test.go | 1194 ------------------
.../github.com/miracl/examples-cgo/README.txt | 5 -
go/src/github.com/miracl/examples-cgo/mpin.go | 221 ----
.../miracl/examples-cgo/mpinTwoPass.go | 227 ----
.../github.com/miracl/examples-cgo/mpinfull.go | 293 -----
.../miracl/examples-cgo/mpinfullAnon.go | 295 -----
.../github.com/miracl/examples-cgo/timempin.go | 84 --
go/src/github.com/miracl/examples-go/ecdh.go | 180 ---
.../miracl/examples-go/generateRandom.go | 48 -
go/src/github.com/miracl/examples-go/mpin.go | 248 ----
.../miracl/examples-go/mpinTwoPass.go | 207 ---
.../miracl/examples-go/mpinTwoPassWrap.go | 228 ----
.../github.com/miracl/examples-go/mpinfull.go | 269 ----
.../miracl/examples-go/mpinfullWrap.go | 293 -----
go/src/github.com/miracl/examples-go/otp.go | 48 -
go/src/github.com/miracl/examples-go/pbkdf2.go | 88 --
go/src/github.com/miracl/examples-go/rsa.go | 71 --
.../github.com/miracl/examples-go/timempin.go | 96 --
.../miracl/examples-go/timempinWrap.go | 84 --
89 files changed, 17347 insertions(+), 17347 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-cgo/README.txt
----------------------------------------------------------------------
diff --git a/go/amcl-cgo/README.txt b/go/amcl-cgo/README.txt
new file mode 100644
index 0000000..79b1cee
--- /dev/null
+++ b/go/amcl-cgo/README.txt
@@ -0,0 +1,9 @@
+When the library is built with;
+
+-D USE_ANONYMOUS=on
+
+then set
+
+const USE_ANONYMOUS = true
+
+in crypto_test.go
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-cgo/crypto.go
----------------------------------------------------------------------
diff --git a/go/amcl-cgo/crypto.go b/go/amcl-cgo/crypto.go
new file mode 100644
index 0000000..db5a6b1
--- /dev/null
+++ b/go/amcl-cgo/crypto.go
@@ -0,0 +1,828 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+package amcl
+
+/*
+#cgo CFLAGS: -std=c99 -O3 -I/opt/amcl/include
+#cgo LDFLAGS: -L/opt/amcl/lib -lmpin -lamcl -lm
+#include <stdio.h>
+#include <stdlib.h>
+#include "amcl.h"
+#include "mpin.h"
+#include "utils.h"
+*/
+import "C"
+import (
+ "encoding/hex"
+ "fmt"
+ "unsafe"
+
+ amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
+)
+
+const EAS int = int(C.PAS)
+const EGS int = int(C.PGS)
+const EFS int = int(C.PFS)
+const HASH_BYTES int = int(C.HASH_BYTES)
+const IVS int = 12
+const G1S = 2*EFS + 1
+const G2S = 4 * EFS
+const GTS = 12 * EFS
+
+var RNG C.csprng
+
+func OCT_free(valOctet *C.octet) {
+ C.free(unsafe.Pointer(valOctet.val))
+}
+
+func GetOctetZero(lenStr int) C.octet {
+ valBytes := make([]byte, lenStr)
+ val := string(valBytes)
+ valCS := C.CString(val)
+ lenCS := C.int(lenStr)
+ octetVal := C.octet{lenCS, lenCS, valCS}
+ return octetVal
+}
+
+func GetOctet(valStr string) C.octet {
+ valCS := C.CString(valStr)
+ lenCS := C.int(len(valStr))
+ octetVal := C.octet{lenCS, lenCS, valCS}
+ return octetVal
+}
+
+func GetOctetHex(valHex string) C.octet {
+ valBytes, err := hex.DecodeString(valHex)
+ if err != nil {
+ octetVal := GetOctetZero(0)
+ return octetVal
+ }
+ valStr := string(valBytes)
+ octetVal := GetOctet(valStr)
+ return octetVal
+}
+
+func OCT_len(valOctet *C.octet) int {
+ return int(valOctet.len)
+}
+
+// Convert an octet to a string
+func OCT_toStr(valOct *C.octet) string {
+ dstLen := OCT_len(valOct)
+ dstBytes := make([]byte, dstLen)
+ dstStr := string(dstBytes)
+ dst := C.CString(dstStr)
+ C.OCT_toStr(valOct, dst)
+ dstStr = C.GoStringN(dst, valOct.len)
+ C.free(unsafe.Pointer(dst))
+ return dstStr
+}
+
+// Convert an octet to bytes
+func OCT_toBytes(valOct *C.octet) []byte {
+ dstLen := OCT_len(valOct)
+ dstBytes := make([]byte, dstLen)
+ dstStr := string(dstBytes)
+ dst := C.CString(dstStr)
+ C.OCT_toStr(valOct, dst)
+ dstStr = C.GoStringN(dst, valOct.len)
+ C.free(unsafe.Pointer(dst))
+ dstBytes = []byte(dstStr)
+ return dstBytes
+}
+
+// Convert an octet to a hex string
+func OCT_toHex(valOctet *C.octet) string {
+ dstLen := OCT_len(valOctet)
+ dstBytes := make([]byte, hex.EncodedLen(dstLen))
+ dstStr := string(dstBytes)
+ dst := C.CString(dstStr)
+ C.OCT_toHex(valOctet, dst)
+ dstStr = C.GoString(dst)
+ C.free(unsafe.Pointer(dst))
+ return dstStr
+}
+
+/* return time in slots since epoch */
+func MPIN_today() int {
+ date := C.MPIN_today()
+ return int(date)
+}
+
+/* return time since epoch */
+func MPIN_GET_TIME() int {
+ timeValue := C.MPIN_GET_TIME()
+ return int(timeValue)
+}
+
+func MPIN_CREATE_CSPRNG(RNG *C.csprng, SEED []byte) {
+ // Form Octet
+ SEEDStr := string(SEED)
+ SEEDOct := GetOctet(SEEDStr)
+ defer OCT_free(&SEEDOct)
+ C.MPIN_CREATE_CSPRNG(RNG, &SEEDOct)
+}
+
+func MPIN_HASH_ID(ID []byte) (HASHID []byte) {
+ // Form Octets
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+ HASHIDOct := GetOctetZero(HASH_BYTES)
+ defer OCT_free(&HASHIDOct)
+
+ // Hash MPIN_ID
+ C.MPIN_HASH_ID(&IDOct, &HASHIDOct)
+
+ // Convert octet to bytes
+ HASHID = OCT_toBytes(&HASHIDOct)
+
+ return
+}
+
+/* create random secret S. Use GO RNG */
+func MPIN_RANDOM_GENERATE_WRAP(RNG *amcl.RAND) (int, []byte) {
+ var S [EGS]byte
+ errorCode := amcl.MPIN_RANDOM_GENERATE(RNG, S[:])
+ return errorCode, S[:]
+}
+
+/* create random secret S. Use C RNG */
+func MPIN_RANDOM_GENERATE_C(RNG *C.csprng) (errorCode int, S []byte) {
+ // Form Octet
+ SOct := GetOctetZero(EGS)
+ defer OCT_free(&SOct)
+
+ rtn := C.MPIN_RANDOM_GENERATE(RNG, &SOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ S = OCT_toBytes(&SOct)
+
+ return
+}
+
+/* Extract Server Secret SS=S*Q where Q is fixed generator in G2 and S is master secret */
+func MPIN_GET_SERVER_SECRET_WRAP(S []byte) (errorCode int, SS []byte) {
+ // Form Octets
+ SStr := string(S)
+ SOct := GetOctet(SStr)
+ defer OCT_free(&SOct)
+ SSOct := GetOctetZero(G2S)
+ defer OCT_free(&SSOct)
+
+ rtn := C.MPIN_GET_SERVER_SECRET(&SOct, &SSOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ SS = OCT_toBytes(&SSOct)
+
+ return
+}
+
+/* R=R1+R2 in group G1 */
+func MPIN_RECOMBINE_G1_WRAP(R1 []byte, R2 []byte) (errorCode int, R []byte) {
+ // Form Octets
+ R1Str := string(R1)
+ R1Oct := GetOctet(R1Str)
+ defer OCT_free(&R1Oct)
+ R2Str := string(R2)
+ R2Oct := GetOctet(R2Str)
+ defer OCT_free(&R2Oct)
+ ROct := GetOctetZero(G1S)
+ defer OCT_free(&ROct)
+
+ rtn := C.MPIN_RECOMBINE_G1(&R1Oct, &R2Oct, &ROct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ R = OCT_toBytes(&ROct)
+
+ return
+}
+
+/* W=W1+W2 in group G2 */
+func MPIN_RECOMBINE_G2_WRAP(W1 []byte, W2 []byte) (errorCode int, W []byte) {
+ // Form Octets
+ W1Str := string(W1)
+ W1Oct := GetOctet(W1Str)
+ defer OCT_free(&W1Oct)
+ W2Str := string(W2)
+ W2Oct := GetOctet(W2Str)
+ defer OCT_free(&W2Oct)
+ WOct := GetOctetZero(G2S)
+ defer OCT_free(&WOct)
+
+ rtn := C.MPIN_RECOMBINE_G2(&W1Oct, &W2Oct, &WOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ W = OCT_toBytes(&WOct)
+
+ return
+}
+
+/* Client secret CS=S*H(ID) where ID is client ID and S is master secret */
+/* CID is hashed externally */
+func MPIN_GET_CLIENT_SECRET_WRAP(S []byte, ID []byte) (errorCode int, CS []byte) {
+ // Form Octets
+ SStr := string(S)
+ SOct := GetOctet(SStr)
+ defer OCT_free(&SOct)
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+ CSOct := GetOctetZero(G1S)
+ defer OCT_free(&CSOct)
+
+ rtn := C.MPIN_GET_CLIENT_SECRET(&SOct, &IDOct, &CSOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ CS = OCT_toBytes(&CSOct)
+
+ return
+}
+
+/* Time Permit TP=S*(date|H(ID)) where S is master secret */
+func MPIN_GET_CLIENT_PERMIT_WRAP(date int, S, ID []byte) (errorCode int, TP []byte) {
+ // Form Octets
+ SStr := string(S)
+ SOct := GetOctet(SStr)
+ defer OCT_free(&SOct)
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+ TPOct := GetOctetZero(G1S)
+ defer OCT_free(&TPOct)
+
+ rtn := C.MPIN_GET_CLIENT_PERMIT(C.int(date), &SOct, &IDOct, &TPOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ TP = OCT_toBytes(&TPOct)
+
+ return
+}
+
+/* Extract PIN from CS for identity CID to form TOKEN */
+func MPIN_EXTRACT_PIN_WRAP(ID []byte, PIN int, CS []byte) (errorCode int, TOKEN []byte) {
+ // Form Octets
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+ CSStr := string(CS)
+ CSOct := GetOctet(CSStr)
+ defer OCT_free(&CSOct)
+
+ rtn := C.MPIN_EXTRACT_PIN(&IDOct, C.int(PIN), &CSOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ TOKEN = OCT_toBytes(&CSOct)
+
+ return
+}
+
+/* One pass MPIN Client. Using GO RNG */
+func MPIN_CLIENT_WRAP(date, TimeValue, PIN int, RNG *amcl.RAND, ID, X, TOKEN, TP, MESSAGE []byte) (errorCode int, XOut, Y, SEC, U, UT []byte) {
+ amcl.MPIN_RANDOM_GENERATE(RNG, X[:])
+ errorCode, XOut, Y, SEC, U, UT = MPIN_CLIENT_C(date, ID[:], nil, X[:], PIN, TOKEN[:], TP[:], MESSAGE[:], TimeValue)
+ return
+}
+
+/* One pass MPIN Client. Using C RNG */
+func MPIN_CLIENT_C(date int, ID []byte, RNG *C.csprng, X []byte, PIN int, TOKEN []byte, TP []byte, MESSAGE []byte, TimeValue int) (errorCode int, XOut, Y, SEC, U, UT []byte) {
+ // Form Octets
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+ XStr := string(X)
+ XOct := GetOctet(XStr)
+ defer OCT_free(&XOct)
+ TOKENStr := string(TOKEN)
+ TOKENOct := GetOctet(TOKENStr)
+ defer OCT_free(&TOKENOct)
+ TPStr := string(TP)
+ TPOct := GetOctet(TPStr)
+ defer OCT_free(&TPOct)
+ MESSAGEStr := string(MESSAGE)
+ MESSAGEOct := GetOctet(MESSAGEStr)
+ defer OCT_free(&MESSAGEOct)
+
+ SECOct := GetOctetZero(G1S)
+ defer OCT_free(&SECOct)
+ UOct := GetOctetZero(G1S)
+ defer OCT_free(&UOct)
+ UTOct := GetOctetZero(G1S)
+ defer OCT_free(&UTOct)
+ YOct := GetOctetZero(EGS)
+ defer OCT_free(&YOct)
+
+ rtn := C.MPIN_CLIENT(C.int(date), &IDOct, RNG, &XOct, C.int(PIN), &TOKENOct, &SECOct, &UOct, &UTOct, &TPOct, &MESSAGEOct, C.int(TimeValue), &YOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ XOut = OCT_toBytes(&XOct)
+ SEC = OCT_toBytes(&SECOct)
+ U = OCT_toBytes(&UOct)
+ UT = OCT_toBytes(&UTOct)
+ Y = OCT_toBytes(&YOct)
+
+ return
+}
+
+// Precompute values for use by the client side of M-Pin Full
+func MPIN_PRECOMPUTE_WRAP(TOKEN []byte, ID []byte) (errorCode int, GT1 []byte, GT2 []byte) {
+ // Form Octets
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+ TOKENStr := string(TOKEN)
+ TOKENOct := GetOctet(TOKENStr)
+ defer OCT_free(&TOKENOct)
+
+ GT1Oct := GetOctetZero(GTS)
+ defer OCT_free(>1Oct)
+ GT2Oct := GetOctetZero(GTS)
+ defer OCT_free(>2Oct)
+
+ rtn := C.MPIN_PRECOMPUTE(&TOKENOct, &IDOct, >1Oct, >2Oct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ GT1 = OCT_toBytes(>1Oct)
+ GT2 = OCT_toBytes(>2Oct)
+
+ return
+}
+
+/*
+ W=x*H(G);
+ if RNG == NULL then X is passed in
+ if RNG != NULL the X is passed out
+ if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
+ Use GO RNG
+*/
+func MPIN_GET_G1_MULTIPLE_WRAP(RNG *amcl.RAND, typ int, X, G []byte) (errorCode int, XOut, W []byte) {
+ amcl.MPIN_RANDOM_GENERATE(RNG, X[:])
+ errorCode, XOut, W = MPIN_GET_G1_MULTIPLE_C(nil, typ, X[:], G[:])
+ return
+}
+
+/*
+ W=x*H(G);
+ if RNG == NULL then X is passed in
+ if RNG != NULL the X is passed out
+ if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
+ Use C RNG
+*/
+func MPIN_GET_G1_MULTIPLE_C(RNG *C.csprng, typ int, X []byte, G []byte) (errorCode int, XOut, W []byte) {
+ XStr := string(X)
+ XOct := GetOctet(XStr)
+ defer OCT_free(&XOct)
+ GStr := string(G)
+ GOct := GetOctet(GStr)
+ defer OCT_free(&GOct)
+
+ WOct := GetOctetZero(G1S)
+ defer OCT_free(&WOct)
+
+ rtn := C.MPIN_GET_G1_MULTIPLE(RNG, C.int(typ), &XOct, &GOct, &WOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ XOut = OCT_toBytes(&XOct)
+ W = OCT_toBytes(&WOct)
+
+ return
+}
+
+/* One pass MPIN Server */
+func MPIN_SERVER_WRAP(date, TimeValue int, SS, U, UT, V, ID, MESSAGE []byte) (errorCode int, HID, HTID, Y, E, F []byte) {
+ SSStr := string(SS)
+ SSOct := GetOctet(SSStr)
+ defer OCT_free(&SSOct)
+ UStr := string(U)
+ UOct := GetOctet(UStr)
+ defer OCT_free(&UOct)
+ UTStr := string(UT)
+ UTOct := GetOctet(UTStr)
+ defer OCT_free(&UTOct)
+ VStr := string(V)
+ VOct := GetOctet(VStr)
+ defer OCT_free(&VOct)
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+ MESSAGEStr := string(MESSAGE)
+ MESSAGEOct := GetOctet(MESSAGEStr)
+ defer OCT_free(&MESSAGEOct)
+
+ HIDOct := GetOctetZero(G1S)
+ defer OCT_free(&HIDOct)
+ HTIDOct := GetOctetZero(G1S)
+ defer OCT_free(&HTIDOct)
+ YOct := GetOctetZero(EGS)
+ defer OCT_free(&YOct)
+ EOct := GetOctetZero(GTS)
+ defer OCT_free(&EOct)
+ FOct := GetOctetZero(GTS)
+ defer OCT_free(&FOct)
+
+ rtn := C.MPIN_SERVER(C.int(date), &HIDOct, &HTIDOct, &YOct, &SSOct, &UOct, &UTOct, &VOct, &EOct, &FOct, &IDOct, &MESSAGEOct, C.int(TimeValue))
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ HID = OCT_toBytes(&HIDOct)
+ HTID = OCT_toBytes(&HTIDOct)
+ Y = OCT_toBytes(&YOct)
+ E = OCT_toBytes(&EOct)
+ F = OCT_toBytes(&FOct)
+
+ return
+}
+
+/* Pollards kangaroos used to return PIN error */
+func MPIN_KANGAROO(E []byte, F []byte) (PINError int) {
+ EStr := string(E)
+ EOct := GetOctet(EStr)
+ defer OCT_free(&EOct)
+ FStr := string(F)
+ FOct := GetOctet(FStr)
+ defer OCT_free(&FOct)
+
+ rtn := C.MPIN_KANGAROO(&EOct, &FOct)
+ PINError = int(rtn)
+ return
+}
+
+/* calculate common key on server side */
+/* Z=r.A - no time permits involved */
+func MPIN_SERVER_KEY_WRAP(Z, SS, W, P, I, U, UT []byte) (errorCode int, SK []byte) {
+ ZStr := string(Z)
+ ZOct := GetOctet(ZStr)
+ defer OCT_free(&ZOct)
+ SSStr := string(SS)
+ SSOct := GetOctet(SSStr)
+ defer OCT_free(&SSOct)
+ WStr := string(W)
+ WOct := GetOctet(WStr)
+ defer OCT_free(&WOct)
+ PStr := string(P)
+ POct := GetOctet(PStr)
+ defer OCT_free(&POct)
+ IStr := string(I)
+ IOct := GetOctet(IStr)
+ defer OCT_free(&IOct)
+ UStr := string(U)
+ UOct := GetOctet(UStr)
+ defer OCT_free(&UOct)
+ UTStr := string(UT)
+ UTOct := GetOctet(UTStr)
+ defer OCT_free(&UTOct)
+
+ SKOct := GetOctetZero(EAS)
+ defer OCT_free(&SKOct)
+
+ rtn := C.MPIN_SERVER_KEY(&ZOct, &SSOct, &WOct, &POct, &IOct, &UOct, &UTOct, &SKOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ SK = OCT_toBytes(&SKOct)
+
+ return
+}
+
+/* calculate common key on client side */
+/* wCID = w.(A+AT) */
+func MPIN_CLIENT_KEY_WRAP(PIN int, GT1, GT2, R, X, P, T []byte) (errorCode int, CK []byte) {
+ GT1Str := string(GT1)
+ GT1Oct := GetOctet(GT1Str)
+ defer OCT_free(>1Oct)
+ GT2Str := string(GT2)
+ GT2Oct := GetOctet(GT2Str)
+ defer OCT_free(>2Oct)
+ RStr := string(R)
+ ROct := GetOctet(RStr)
+ defer OCT_free(&ROct)
+ XStr := string(X)
+ XOct := GetOctet(XStr)
+ defer OCT_free(&XOct)
+ PStr := string(P)
+ POct := GetOctet(PStr)
+ defer OCT_free(&POct)
+ TStr := string(T)
+ TOct := GetOctet(TStr)
+ defer OCT_free(&TOct)
+
+ CKOct := GetOctetZero(EAS)
+ defer OCT_free(&CKOct)
+
+ rtn := C.MPIN_CLIENT_KEY(>1Oct, >2Oct, C.int(PIN), &ROct, &XOct, &POct, &TOct, &CKOct)
+ errorCode = int(rtn)
+
+ // Convert octet to bytes
+ CK = OCT_toBytes(&CKOct)
+
+ return
+}
+
+// Generate a random byte array
+func GENERATE_RANDOM_C(RNG *C.csprng, randomLen int) (random []byte) {
+ randomOct := GetOctetZero(randomLen)
+ defer OCT_free(&randomOct)
+
+ C.generateRandom(RNG, &randomOct)
+
+ // Convert octet to bytes
+ random = OCT_toBytes(&randomOct)
+
+ return
+}
+
+// Generate random six digit value
+func GENERATE_OTP_C(RNG *C.csprng) int {
+ rtn := C.generateOTP(RNG)
+ return int(rtn)
+}
+
+/* AES-GCM Encryption:
+ K is key, H is header, IV is initialization vector and P is plaintext.
+ Returns cipthertext and tag (MAC) */
+func MPIN_AES_GCM_ENCRYPT(K, IV, H, P []byte) ([]byte, []byte) {
+ KStr := string(K)
+ KOct := GetOctet(KStr)
+ defer OCT_free(&KOct)
+ IVStr := string(IV)
+ IVOct := GetOctet(IVStr)
+ defer OCT_free(&IVOct)
+ HStr := string(H)
+ HOct := GetOctet(HStr)
+ defer OCT_free(&HOct)
+ PStr := string(P)
+ POct := GetOctet(PStr)
+ defer OCT_free(&POct)
+
+ TOct := GetOctetZero(16)
+ defer OCT_free(&TOct)
+ lenC := len(PStr)
+ COct := GetOctetZero(lenC)
+ defer OCT_free(&COct)
+
+ C.MPIN_AES_GCM_ENCRYPT(&KOct, &IVOct, &HOct, &POct, &COct, &TOct)
+
+ // Convert octet to bytes
+ C := OCT_toBytes(&COct)
+ T := OCT_toBytes(&TOct)
+
+ return C, T[:]
+}
+
+/* AES-GCM Deryption:
+ K is key, H is header, IV is initialization vector and P is plaintext.
+ Returns cipthertext and tag (MAC) */
+func MPIN_AES_GCM_DECRYPT(K, IV, H, C []byte) ([]byte, []byte) {
+ KStr := string(K)
+ KOct := GetOctet(KStr)
+ defer OCT_free(&KOct)
+ IVStr := string(IV)
+ IVOct := GetOctet(IVStr)
+ defer OCT_free(&IVOct)
+ HStr := string(H)
+ HOct := GetOctet(HStr)
+ defer OCT_free(&HOct)
+ CStr := string(C)
+ COct := GetOctet(CStr)
+ defer OCT_free(&COct)
+
+ TOct := GetOctetZero(16)
+ defer OCT_free(&TOct)
+ lenP := len(CStr)
+ POct := GetOctetZero(lenP)
+ defer OCT_free(&POct)
+
+ C.MPIN_AES_GCM_DECRYPT(&KOct, &IVOct, &HOct, &COct, &POct, &TOct)
+
+ // Convert octet to bytes
+ P := OCT_toBytes(&POct)
+ T := OCT_toBytes(&TOct)
+
+ return P, T[:]
+}
+
+/* Password based Key Derivation Function */
+/* Input password p, salt s, and repeat count */
+/* Output key of length olen */
+func MPIN_PBKDF2(Pass, Salt []byte, rep, olen int) (Key []byte) {
+ PassStr := string(Pass)
+ PassOct := GetOctet(PassStr)
+ defer OCT_free(&PassOct)
+ SaltStr := string(Salt)
+ SaltOct := GetOctet(SaltStr)
+ defer OCT_free(&SaltOct)
+
+ KeyOct := GetOctetZero(olen)
+ defer OCT_free(&KeyOct)
+
+ C.MPIN_PBKDF2(&PassOct, &SaltOct, C.int(rep), C.int(olen), &KeyOct)
+
+ // Convert octet to bytes
+ Key = OCT_toBytes(&KeyOct)
+
+ return
+}
+
+func MPIN_printBinary(array []byte) {
+ for i := 0; i < len(array); i++ {
+ fmt.Printf("%02x", array[i])
+ }
+ fmt.Printf("\n")
+}
+
+/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
+func MPIN_SERVER_1_WRAP(date int, ID []byte) (HID, HTID []byte) {
+ // Form Octets
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+
+ HIDOct := GetOctetZero(G1S)
+ defer OCT_free(&HIDOct)
+ HTIDOct := GetOctetZero(G1S)
+ defer OCT_free(&HTIDOct)
+
+ C.MPIN_SERVER_1(C.int(date), &IDOct, &HIDOct, &HTIDOct)
+
+ // Convert octet to bytes
+ HID = OCT_toBytes(&HIDOct)
+ HTID = OCT_toBytes(&HTIDOct)
+
+ return
+}
+
+/* Implement step 2 of MPin protocol on server side */
+func MPIN_SERVER_2_WRAP(date int, HID []byte, HTID []byte, Y []byte, SS []byte, U []byte, UT []byte, V []byte) (errorCode int, E, F []byte) {
+ // Form Octets
+ HIDStr := string(HID)
+ HIDOct := GetOctet(HIDStr)
+ defer OCT_free(&HIDOct)
+ HTIDStr := string(HTID)
+ HTIDOct := GetOctet(HTIDStr)
+ defer OCT_free(&HTIDOct)
+ YStr := string(Y)
+ YOct := GetOctet(YStr)
+ defer OCT_free(&YOct)
+ SSStr := string(SS)
+ SSOct := GetOctet(SSStr)
+ defer OCT_free(&SSOct)
+ UStr := string(U)
+ UOct := GetOctet(UStr)
+ defer OCT_free(&UOct)
+ UTStr := string(UT)
+ UTOct := GetOctet(UTStr)
+ defer OCT_free(&UTOct)
+ VStr := string(V)
+ VOct := GetOctet(VStr)
+ defer OCT_free(&VOct)
+
+ EOct := GetOctetZero(GTS)
+ defer OCT_free(&EOct)
+ FOct := GetOctetZero(GTS)
+ defer OCT_free(&FOct)
+ rtn := C.MPIN_SERVER_2(C.int(date), &HIDOct, &HTIDOct, &YOct, &SSOct, &UOct, &UTOct, &VOct, &EOct, &FOct)
+
+ errorCode = int(rtn)
+ E = OCT_toBytes(&EOct)
+ F = OCT_toBytes(&FOct)
+
+ return
+}
+
+/* Implement step 1 on client side of MPin protocol. Use GO code to generate random X */
+func MPIN_CLIENT_1_WRAP(date int, ID []byte, RNG *amcl.RAND, X []byte, PIN int, TOKEN []byte, TP []byte) (errorCode int, XOut, SEC, U, UT []byte) {
+ amcl.MPIN_RANDOM_GENERATE(RNG, X[:])
+ errorCode, XOut, SEC, U, UT = MPIN_CLIENT_1_C(date, ID[:], nil, X[:], PIN, TOKEN[:], TP[:])
+ return
+}
+
+/* Implement step 1 on client side of MPin protocol
+ When rng=nil the X value is externally generated
+*/
+func MPIN_CLIENT_1_C(date int, ID []byte, rng *C.csprng, X []byte, PIN int, TOKEN []byte, TP []byte) (errorCode int, XOut, SEC, U, UT []byte) {
+ // Form Octets
+ IDStr := string(ID)
+ IDOct := GetOctet(IDStr)
+ defer OCT_free(&IDOct)
+
+ XStr := string(X)
+ XOct := GetOctet(XStr)
+ defer OCT_free(&XOct)
+
+ TOKENStr := string(TOKEN)
+ TOKENOct := GetOctet(TOKENStr)
+ defer OCT_free(&TOKENOct)
+
+ TPStr := string(TP)
+ TPOct := GetOctet(TPStr)
+ defer OCT_free(&TPOct)
+
+ SECOct := GetOctetZero(G1S)
+ defer OCT_free(&SECOct)
+ UOct := GetOctetZero(G1S)
+ defer OCT_free(&UOct)
+ UTOct := GetOctetZero(G1S)
+ defer OCT_free(&UTOct)
+
+ rtn := C.MPIN_CLIENT_1(C.int(date), &IDOct, rng, &XOct, C.int(PIN), &TOKENOct, &SECOct, &UOct, &UTOct, &TPOct)
+
+ errorCode = int(rtn)
+ // Convert octet to bytes
+ XOut = OCT_toBytes(&XOct)
+ SEC = OCT_toBytes(&SECOct)
+ U = OCT_toBytes(&UOct)
+ UT = OCT_toBytes(&UTOct)
+
+ return
+}
+
+/* Implement step 2 on client side of MPin protocol */
+func MPIN_CLIENT_2_WRAP(X []byte, Y []byte, SEC []byte) (errorCode int, V []byte) {
+ // Form Octets
+ XStr := string(X)
+ XOct := GetOctet(XStr)
+ defer OCT_free(&XOct)
+ YStr := string(Y)
+ YOct := GetOctet(YStr)
+ defer OCT_free(&YOct)
+ SECStr := string(SEC)
+ SECOct := GetOctet(SECStr)
+ defer OCT_free(&SECOct)
+
+ rtn := C.MPIN_CLIENT_2(&XOct, &YOct, &SECOct)
+
+ errorCode = int(rtn)
+ // Convert octet to bytes
+ V = OCT_toBytes(&SECOct)
+
+ return
+}
+
+func MPIN_HASH_ALL_WRAP(I, U, UT, Y, V, R, W []byte) (HM []byte) {
+ // Form Octets
+ IStr := string(I)
+ IOct := GetOctet(IStr)
+ defer OCT_free(&IOct)
+
+ UStr := string(U)
+ UOct := GetOctet(UStr)
+ defer OCT_free(&UOct)
+
+ UTStr := string(UT)
+ UTOct := GetOctet(UTStr)
+ defer OCT_free(&UTOct)
+
+ YStr := string(Y)
+ YOct := GetOctet(YStr)
+ defer OCT_free(&YOct)
+
+ VStr := string(V)
+ VOct := GetOctet(VStr)
+ defer OCT_free(&VOct)
+
+ RStr := string(R)
+ ROct := GetOctet(RStr)
+ defer OCT_free(&ROct)
+
+ WStr := string(W)
+ WOct := GetOctet(WStr)
+ defer OCT_free(&WOct)
+
+ HMOct := GetOctetZero(HASH_BYTES)
+ defer OCT_free(&HMOct)
+
+ // Hash values
+ C.MPIN_HASH_ALL(&IOct, &UOct, &UTOct, &YOct, &VOct, &ROct, &WOct, &HMOct)
+
+ // Convert octet to bytes
+ HM = OCT_toBytes(&HMOct)
+
+ return
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-cgo/crypto_test.go
----------------------------------------------------------------------
diff --git a/go/amcl-cgo/crypto_test.go b/go/amcl-cgo/crypto_test.go
new file mode 100644
index 0000000..0fa7c78
--- /dev/null
+++ b/go/amcl-cgo/crypto_test.go
@@ -0,0 +1,1175 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+package amcl
+
+import (
+ "crypto/rand"
+ "encoding/hex"
+ "fmt"
+ mathrand "math/rand"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+
+ amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
+)
+
+const nIter int = 100
+
+// Set to true if library built with "-D USE_ANONYMOUS=on"
+const USE_ANONYMOUS = false
+
+func TestGoodPIN(t *testing.T) {
+ want := 0
+ var got int
+
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Message to sign
+ var MESSAGE []byte
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ if USE_ANONYMOUS {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestBadPIN(t *testing.T) {
+ want := -19
+ var got int
+
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1235
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Message to sign
+ var MESSAGE []byte
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ ////// Client //////
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ ////// Server //////
+ if USE_ANONYMOUS {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestBadToken(t *testing.T) {
+ want := -19
+ var got int
+
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Message to sign
+ var MESSAGE []byte
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, _, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ // Send UT as V to model bad token
+ if USE_ANONYMOUS {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], HCID[:], MESSAGE[:])
+ } else {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], ID[:], MESSAGE[:])
+ }
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestRandom(t *testing.T) {
+ want := 0
+ var got int
+
+ for i := 0; i < nIter; i++ {
+
+ // Seed value for Random Number Generator (RNG)
+ seed := make([]byte, 16)
+ rand.Read(seed)
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Epoch time in days
+ date := MPIN_today()
+
+ // Epoch time in seconds
+ timeValue := MPIN_GET_TIME()
+
+ // PIN variable to create token
+ PIN1 := mathrand.Intn(10000)
+ // PIN variable to authenticate
+ PIN2 := PIN1
+
+ // Assign the End-User a random ID
+ ID := make([]byte, 16)
+ rand.Read(ID)
+
+ // Message to sign
+ var MESSAGE []byte
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ if USE_ANONYMOUS {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+ assert.Equal(t, want, got, "Should be equal")
+ }
+}
+
+func TestGoodSignature(t *testing.T) {
+ want := 0
+ var got int
+
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Message to sign
+ MESSAGE := []byte("test message to sign")
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ // Authenticate
+ if USE_ANONYMOUS {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestSignatureExpired(t *testing.T) {
+ want := -19
+ var got int
+
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Message to sign
+ MESSAGE := []byte("test message to sign")
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ timeValue += 10
+ // Authenticate
+ if USE_ANONYMOUS {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestBadSignature(t *testing.T) {
+ want := -19
+ var got int
+
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Message to sign
+ MESSAGE := []byte("test message to sign")
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ // Authenticate
+ MESSAGE[0] = 00
+ if USE_ANONYMOUS {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestPINError(t *testing.T) {
+ want := 1001
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 2235
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Message to sign
+ var MESSAGE []byte
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ var E []byte
+ var F []byte
+ if USE_ANONYMOUS {
+ _, _, _, _, E, F = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ _, _, _, _, E, F = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+
+ got := MPIN_KANGAROO(E[:], F[:])
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestMPINFull(t *testing.T) {
+ want := "4e0317c9962dc2944c121ec41c800e16"
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // Epoch time in seconds
+ timeValue := 1439465203
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Message to sign
+ var MESSAGE []byte
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Precomputation
+ _, G1, G2 := MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID)
+
+ // Send U, UT, V, timeValue and Message to server
+ var X [EGS]byte
+ _, XOut, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
+
+ // Send Z=r.ID to Server
+ var R [EGS]byte
+ _, ROut, Z := MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:])
+
+ // Authenticate
+ var HID []byte
+ var HTID []byte
+ var Y []byte
+ if USE_ANONYMOUS {
+ _, HID, HTID, Y, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
+ } else {
+ _, HID, HTID, Y, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
+ }
+
+ // send T=w.ID to client
+ var W [EGS]byte
+ _, WOut, T := MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:])
+
+ // Hash all values
+ HM := MPIN_HASH_ALL_WRAP(HCID[:], U[:], UT[:], Y[:], V[:], Z[:], T[:])
+
+ _, AES_KEY_SERVER := MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], HM[:], HID[:], U[:], UT[:])
+ got := hex.EncodeToString(AES_KEY_SERVER[:])
+ if got != want {
+ t.Errorf("%s != %s", want, got)
+ }
+
+ _, AES_KEY_CLIENT := MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], HM[:], T[:])
+ got = hex.EncodeToString(AES_KEY_CLIENT[:])
+
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestTwoPassGoodPIN(t *testing.T) {
+ want := 0
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Client Pass 1
+ var X [EGS]byte
+ _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
+
+ // Server Pass 1
+ var HID []byte
+ var HTID []byte
+ if USE_ANONYMOUS {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
+ } else {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
+ }
+ _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Client Pass 2
+ _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
+
+ // Server Pass 2
+ got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestTwoPassBadPIN(t *testing.T) {
+ want := -19
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1235
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Client Pass 1
+ var X [EGS]byte
+ _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
+
+ // Server Pass 1
+ var HID []byte
+ var HTID []byte
+ if USE_ANONYMOUS {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
+ } else {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
+ }
+ _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Client Pass 2
+ _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
+
+ // Server Pass 2
+ got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestTwoPassBadToken(t *testing.T) {
+ want := -19
+ // Assign the End-User an ID
+ IDstr := "testUser@miracl.com"
+ ID := []byte(IDstr)
+
+ // Epoch time in days
+ date := 16660
+
+ // PIN variable to create token
+ PIN1 := 1234
+ // PIN variable to authenticate
+ PIN2 := 1234
+
+ // Seed value for Random Number Generator (RNG)
+ seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
+ seed, err := hex.DecodeString(seedHex)
+ if err != nil {
+ fmt.Println("Error decoding seed value")
+ return
+ }
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Client Pass 1
+ var X [EGS]byte
+ _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
+
+ // Server Pass 1
+ var HID []byte
+ var HTID []byte
+ if USE_ANONYMOUS {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
+ } else {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
+ }
+ _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Client Pass 2
+ _, _ = MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
+
+ // Server Pass 2
+ // Send UT as V to model bad token
+ got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], UT[:])
+ assert.Equal(t, want, got, "Should be equal")
+}
+
+func TestRandomTwoPass(t *testing.T) {
+ want := 0
+
+ for i := 0; i < nIter; i++ {
+
+ // Seed value for Random Number Generator (RNG)
+ seed := make([]byte, 16)
+ rand.Read(seed)
+ rng := amclgo.NewRAND()
+ rng.Seed(len(seed), seed)
+
+ // Epoch time in days
+ date := MPIN_today()
+
+ // PIN variable to create token
+ PIN1 := mathrand.Intn(10000)
+ // PIN variable to authenticate
+ PIN2 := PIN1
+
+ // Assign the End-User a random ID
+ ID := make([]byte, 16)
+ rand.Read(ID)
+
+ // Generate Master Secret Share 1
+ _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Generate Master Secret Share 2
+ _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Either Client or TA calculates Hash(ID)
+ HCID := MPIN_HASH_ID(ID)
+
+ // Generate server secret share 1
+ _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
+
+ // Generate server secret share 2
+ _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
+
+ // Combine server secret shares
+ _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
+
+ // Generate client secret share 1
+ _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
+
+ // Generate client secret share 2
+ _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
+
+ // Combine client secret shares
+ CS := make([]byte, G1S)
+ _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
+
+ // Generate time permit share 1
+ _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
+
+ // Generate time permit share 2
+ _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
+
+ // Combine time permit shares
+ _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
+
+ // Create token
+ _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
+
+ // Client Pass 1
+ var X [EGS]byte
+ _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
+
+ // Server Pass 1
+ var HID []byte
+ var HTID []byte
+ if USE_ANONYMOUS {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
+ } else {
+ HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
+ }
+ _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
+
+ // Client Pass 2
+ _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
+
+ // Server Pass 2
+ got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
+ assert.Equal(t, want, got, "Should be equal")
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/85fabaa6/go/amcl-go/AES.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/AES.go b/go/amcl-go/AES.go
new file mode 100644
index 0000000..598d408
--- /dev/null
+++ b/go/amcl-go/AES.go
@@ -0,0 +1,634 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AES Encryption */
+
+package amcl
+
+//import "fmt"
+
+const aes_ECB int = 0
+const aes_CBC int = 1
+const aes_CFB1 int = 2
+const aes_CFB2 int = 3
+const aes_CFB4 int = 5
+const aes_OFB1 int = 14
+const aes_OFB2 int = 15
+const aes_OFB4 int = 17
+const aes_OFB8 int = 21
+const aes_OFB16 int = 29
+
+var aes_InCo = [...]byte{0xB, 0xD, 0x9, 0xE} /* Inverse Coefficients */
+
+var aes_ptab = [...]byte{
+ 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
+ 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
+ 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
+ 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
+ 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
+ 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
+ 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
+ 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
+ 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
+ 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
+ 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
+ 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
+ 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
+ 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
+ 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
+ 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1}
+
+var aes_ltab = [...]byte{
+ 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
+ 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
+ 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
+ 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
+ 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
+ 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
+ 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
+ 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
+ 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
+ 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
+ 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
+ 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
+ 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
+ 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
+ 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
+ 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7}
+
+var aes_fbsub = [...]byte{
+ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
+ 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
+ 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
+ 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
+ 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
+ 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
+ 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
+ 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
+ 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
+ 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
+ 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
+ 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
+ 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
+ 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
+ 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
+ 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22}
+
+var aes_rbsub = [...]byte{
+ 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
+ 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
+ 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
+ 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
+ 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
+ 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
+ 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
+ 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
+ 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
+ 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
+ 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
+ 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
+ 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
+ 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
+ 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
+ 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125}
+
+var aes_rco = [...]byte{1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216, 171, 77, 154, 47}
+
+var aes_ftable = [...]uint32{
+ 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0xdf2f2ff, 0xbd6b6bd6,
+ 0xb16f6fde, 0x54c5c591, 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56,
+ 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f,
+ 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb,
+ 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453,
+ 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+ 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551,
+ 0x34e5e5d1, 0x8f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+ 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637,
+ 0xf05050a, 0xb59a9a2f, 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+ 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d,
+ 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+ 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd,
+ 0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1,
+ 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d,
+ 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+ 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a,
+ 0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe,
+ 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d,
+ 0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1,
+ 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5,
+ 0xef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+ 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755,
+ 0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+ 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54,
+ 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+ 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264,
+ 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8,
+ 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531,
+ 0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+ 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac,
+ 0x7f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+ 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657,
+ 0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+ 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c,
+ 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c,
+ 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199,
+ 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+ 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c,
+ 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+ 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7,
+ 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+ 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c}
+
+var aes_rtable = [...]uint32{
+ 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f,
+ 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
+ 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25,
+ 0x980eea45, 0xe1c0fe5d, 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
+ 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458,
+ 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
+ 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5,
+ 0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
+ 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72,
+ 0x578f1fe3, 0x2aab5566, 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3,
+ 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7,
+ 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
+ 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040,
+ 0x69f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
+ 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6,
+ 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
+ 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0, 0x83868009, 0x48ed2b32,
+ 0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
+ 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0xfe75793,
+ 0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
+ 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0xb0d090e, 0xadc78bf2,
+ 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
+ 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb,
+ 0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
+ 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc,
+ 0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
+ 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9,
+ 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
+ 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890,
+ 0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
+ 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x97826cd, 0xf418596e,
+ 0x1b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef,
+ 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a,
+ 0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
+ 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43,
+ 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
+ 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92,
+ 0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
+ 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255,
+ 0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
+ 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0xc25e2bc,
+ 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
+ 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0}
+
+type AES struct {
+ mode int
+ fkey [44]uint32
+ rkey [44]uint32
+ f [16]byte
+}
+
+/* Rotates 32-bit word left by 1, 2 or 3 byte */
+
+func aes_ROTL8(x uint32) uint32 {
+ return (((x) << 8) | ((x) >> 24))
+}
+
+func aes_ROTL16(x uint32) uint32 {
+ return (((x) << 16) | ((x) >> 16))
+}
+
+func aes_ROTL24(x uint32) uint32 {
+ return (((x) << 24) | ((x) >> 8))
+}
+
+func aes_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */
+ return ((uint32(b[3]) & 0xff) << 24) | ((uint32(b[2]) & 0xff) << 16) | ((uint32(b[1]) & 0xff) << 8) | (uint32(b[0]) & 0xff)
+}
+
+func aes_unpack(a uint32) [4]byte { /* unpack bytes from a word */
+ var b = [4]byte{byte(a & 0xff), byte((a >> 8) & 0xff), byte((a >> 16) & 0xff), byte((a >> 24) & 0xff)}
+ return b
+}
+
+func aes_bmul(x byte, y byte) byte { /* x.y= AntiLog(Log(x) + Log(y)) */
+
+ ix := int(x) & 0xff
+ iy := int(y) & 0xff
+ lx := int(aes_ltab[ix]) & 0xff
+ ly := int(aes_ltab[iy]) & 0xff
+
+ if x != 0 && y != 0 {
+ return aes_ptab[(lx+ly)%255]
+ } else {
+ return byte(0)
+ }
+}
+
+func aes_SubByte(a uint32) uint32 {
+ b := aes_unpack(a)
+ b[0] = aes_fbsub[int(b[0])]
+ b[1] = aes_fbsub[int(b[1])]
+ b[2] = aes_fbsub[int(b[2])]
+ b[3] = aes_fbsub[int(b[3])]
+ return aes_pack(b)
+}
+
+func aes_product(x uint32, y uint32) byte { /* dot product of two 4-byte arrays */
+ xb := aes_unpack(x)
+ yb := aes_unpack(y)
+
+ return (aes_bmul(xb[0], yb[0]) ^ aes_bmul(xb[1], yb[1]) ^ aes_bmul(xb[2], yb[2]) ^ aes_bmul(xb[3], yb[3]))
+}
+
+func aes_InvMixCol(x uint32) uint32 { /* matrix Multiplication */
+ var b [4]byte
+ m := aes_pack(aes_InCo)
+ b[3] = aes_product(m, x)
+ m = aes_ROTL24(m)
+ b[2] = aes_product(m, x)
+ m = aes_ROTL24(m)
+ b[1] = aes_product(m, x)
+ m = aes_ROTL24(m)
+ b[0] = aes_product(m, x)
+ var y = aes_pack(b)
+ return y
+}
+
+/* reset cipher */
+func (A *AES) Reset(m int, iv []byte) { /* reset mode, or reset iv */
+ A.mode = m
+ for i := 0; i < 16; i++ {
+ A.f[i] = 0
+ }
+ if (A.mode != aes_ECB) && (iv != nil) {
+ for i := 0; i < 16; i++ {
+ A.f[i] = iv[i]
+ }
+ }
+}
+
+func (A *AES) Init(m int, key []byte, iv []byte) { /* Key=16 bytes */
+ /* Key Scheduler. Create expanded encryption key */
+ var CipherKey [4]uint32
+ var b [4]byte
+ nk := 4
+ A.Reset(m, iv)
+ N := 44
+
+ j := 0
+ for i := 0; i < nk; i++ {
+ for k := 0; k < 4; k++ {
+ b[k] = key[j+k]
+ }
+ CipherKey[i] = aes_pack(b)
+ j += 4
+ }
+ for i := 0; i < nk; i++ {
+ A.fkey[i] = CipherKey[i]
+ }
+ j = nk
+ for k := 0; j < N; k++ {
+ A.fkey[j] = A.fkey[j-nk] ^ aes_SubByte(aes_ROTL24(A.fkey[j-1])) ^ uint32(aes_rco[k])
+ for i := 1; i < nk && (i+j) < N; i++ {
+ A.fkey[i+j] = A.fkey[i+j-nk] ^ A.fkey[i+j-1]
+ }
+ j += nk
+ }
+
+ /* now for the expanded decrypt key in reverse order */
+
+ for j := 0; j < 4; j++ {
+ A.rkey[j+N-4] = A.fkey[j]
+ }
+ for i := 4; i < N-4; i += 4 {
+ k := N - 4 - i
+ for j := 0; j < 4; j++ {
+ A.rkey[k+j] = aes_InvMixCol(A.fkey[i+j])
+ }
+ }
+ for j := N - 4; j < N; j++ {
+ A.rkey[j-N+4] = A.fkey[j]
+ }
+}
+
+func NewAES() *AES {
+ var A = new(AES)
+ return A
+}
+
+func (A *AES) Getreg() [16]byte {
+ var ir [16]byte
+ for i := 0; i < 16; i++ {
+ ir[i] = A.f[i]
+ }
+ return ir
+}
+
+/* Encrypt a single block */
+func (A *AES) ecb_encrypt(buff []byte) {
+ var b [4]byte
+ var p [4]uint32
+ var q [4]uint32
+
+ j := 0
+ for i := 0; i < 4; i++ {
+ for k := 0; k < 4; k++ {
+ b[k] = buff[j+k]
+ }
+ p[i] = aes_pack(b)
+ p[i] ^= A.fkey[i]
+ j += 4
+ }
+
+ k := 4
+
+ /* State alternates between p and q */
+ for i := 1; i < 10; i++ {
+ q[0] = A.fkey[k] ^ aes_ftable[int(p[0]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[1]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[2]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[3]>>24)&0xff)])
+
+ q[1] = A.fkey[k+1] ^ aes_ftable[int(p[1]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[2]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[3]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[0]>>24)&0xff)])
+
+ q[2] = A.fkey[k+2] ^ aes_ftable[int(p[2]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[3]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[0]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[1]>>24)&0xff)])
+
+ q[3] = A.fkey[k+3] ^ aes_ftable[int(p[3]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[0]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[1]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[2]>>24)&0xff)])
+
+ k += 4
+ for j = 0; j < 4; j++ {
+ t := p[j]
+ p[j] = q[j]
+ q[j] = t
+ }
+ }
+
+ /* Last Round */
+
+ q[0] = A.fkey[k] ^ uint32(aes_fbsub[int(p[0]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[1]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[2]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[3]>>24)&0xff)]))
+
+ q[1] = A.fkey[k+1] ^ uint32(aes_fbsub[int(p[1]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[2]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[3]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[0]>>24)&0xff)]))
+
+ q[2] = A.fkey[k+2] ^ uint32(aes_fbsub[int(p[2]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[3]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[0]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[1]>>24)&0xff)]))
+
+ q[3] = A.fkey[k+3] ^ uint32(aes_fbsub[int(p[3]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[0]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[1]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[2]>>24)&0xff)]))
+
+ j = 0
+ for i := 0; i < 4; i++ {
+ b = aes_unpack(q[i])
+ for k = 0; k < 4; k++ {
+ buff[j+k] = b[k]
+ }
+ j += 4
+ }
+}
+
+/* Decrypt a single block */
+func (A *AES) ecb_decrypt(buff []byte) {
+ var b [4]byte
+ var p [4]uint32
+ var q [4]uint32
+
+ j := 0
+ for i := 0; i < 4; i++ {
+ for k := 0; k < 4; k++ {
+ b[k] = buff[j+k]
+ }
+ p[i] = aes_pack(b)
+ p[i] ^= A.rkey[i]
+ j += 4
+ }
+
+ k := 4
+
+ /* State alternates between p and q */
+ for i := 1; i < 10; i++ {
+
+ q[0] = A.rkey[k] ^ aes_rtable[int(p[0]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[3]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[2]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[1]>>24)&0xff)])
+
+ q[1] = A.rkey[k+1] ^ aes_rtable[int(p[1]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[0]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[3]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[2]>>24)&0xff)])
+
+ q[2] = A.rkey[k+2] ^ aes_rtable[int(p[2]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[1]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[0]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[3]>>24)&0xff)])
+
+ q[3] = A.rkey[k+3] ^ aes_rtable[int(p[3]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[2]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[1]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[0]>>24)&0xff)])
+
+ k += 4
+ for j := 0; j < 4; j++ {
+ t := p[j]
+ p[j] = q[j]
+ q[j] = t
+ }
+ }
+
+ /* Last Round */
+
+ q[0] = A.rkey[k] ^ uint32(aes_rbsub[int(p[0]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[3]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[2]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[1]>>24)&0xff)]))
+
+ q[1] = A.rkey[k+1] ^ uint32(aes_rbsub[int(p[1]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[0]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[3]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[2]>>24)&0xff)]))
+
+ q[2] = A.rkey[k+2] ^ uint32(aes_rbsub[int(p[2]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[1]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[0]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[3]>>24)&0xff)]))
+
+ q[3] = A.rkey[k+3] ^ uint32(aes_rbsub[int((p[3])&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[2]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[1]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[0]>>24)&0xff)]))
+
+ j = 0
+ for i := 0; i < 4; i++ {
+ b = aes_unpack(q[i])
+ for k := 0; k < 4; k++ {
+ buff[j+k] = b[k]
+ }
+ j += 4
+ }
+}
+
+/* Encrypt using selected mode of operation */
+func (A *AES) Encrypt(buff []byte) uint32 {
+ var st [16]byte
+
+ // Supported Modes of Operation
+
+ var fell_off uint32 = 0
+ switch A.mode {
+ case aes_ECB:
+ A.ecb_encrypt(buff)
+ return 0
+ case aes_CBC:
+ for j := 0; j < 16; j++ {
+ buff[j] ^= A.f[j]
+ }
+ A.ecb_encrypt(buff)
+ for j := 0; j < 16; j++ {
+ A.f[j] = buff[j]
+ }
+ return 0
+
+ case aes_CFB1:
+ fallthrough
+ case aes_CFB2:
+ fallthrough
+ case aes_CFB4:
+ bytes := A.mode - aes_CFB1 + 1
+ for j := 0; j < bytes; j++ {
+ fell_off = (fell_off << 8) | uint32(A.f[j])
+ }
+ for j := 0; j < 16; j++ {
+ st[j] = A.f[j]
+ }
+ for j := bytes; j < 16; j++ {
+ A.f[j-bytes] = A.f[j]
+ }
+ A.ecb_encrypt(st[:])
+ for j := 0; j < bytes; j++ {
+ buff[j] ^= st[j]
+ A.f[16-bytes+j] = buff[j]
+ }
+ return fell_off
+
+ case aes_OFB1:
+ fallthrough
+ case aes_OFB2:
+ fallthrough
+ case aes_OFB4:
+ fallthrough
+ case aes_OFB8:
+ fallthrough
+ case aes_OFB16:
+
+ bytes := A.mode - aes_OFB1 + 1
+ A.ecb_encrypt(A.f[:])
+ for j := 0; j < bytes; j++ {
+ buff[j] ^= A.f[j]
+ }
+ return 0
+
+ default:
+ return 0
+ }
+}
+
+/* Decrypt using selected mode of operation */
+func (A *AES) Decrypt(buff []byte) uint32 {
+
+ var st [16]byte
+
+ // Supported Modes of Operation
+
+ var fell_off uint32 = 0
+ switch A.mode {
+ case aes_ECB:
+ A.ecb_decrypt(buff)
+ return 0
+ case aes_CBC:
+ for j := 0; j < 16; j++ {
+ st[j] = A.f[j]
+ A.f[j] = buff[j]
+ }
+ A.ecb_decrypt(buff)
+ for j := 0; j < 16; j++ {
+ buff[j] ^= st[j]
+ st[j] = 0
+ }
+ return 0
+ case aes_CFB1:
+ fallthrough
+ case aes_CFB2:
+ fallthrough
+ case aes_CFB4:
+ bytes := A.mode - aes_CFB1 + 1
+ for j := 0; j < bytes; j++ {
+ fell_off = (fell_off << 8) | uint32(A.f[j])
+ }
+ for j := 0; j < 16; j++ {
+ st[j] = A.f[j]
+ }
+ for j := bytes; j < 16; j++ {
+ A.f[j-bytes] = A.f[j]
+ }
+ A.ecb_encrypt(st[:])
+ for j := 0; j < bytes; j++ {
+ A.f[16-bytes+j] = buff[j]
+ buff[j] ^= st[j]
+ }
+ return fell_off
+ case aes_OFB1:
+ fallthrough
+ case aes_OFB2:
+ fallthrough
+ case aes_OFB4:
+ fallthrough
+ case aes_OFB8:
+ fallthrough
+ case aes_OFB16:
+ bytes := A.mode - aes_OFB1 + 1
+ A.ecb_encrypt(A.f[:])
+ for j := 0; j < bytes; j++ {
+ buff[j] ^= A.f[j]
+ }
+ return 0
+
+ default:
+ return 0
+ }
+}
+
+/* Clean up and delete left-overs */
+func (A *AES) End() { // clean up
+ for i := 0; i < 44; i++ {
+ A.fkey[i] = 0
+ A.rkey[i] = 0
+ }
+ for i := 0; i < 16; i++ {
+ A.f[i] = 0
+ }
+}
+
+/*
+func main() {
+ var key [16]byte
+ var block [16]byte
+ var iv [16]byte
+
+ for i:=0;i<16;i++ {key[i]=0}
+ key[0]=1
+ for i:=0;i<16;i++ {iv[i]=byte(i)}
+ for i:=0;i<16;i++ {block[i]=byte(i)}
+
+ a:=NewAES()
+
+ a.Init(aes_CBC,key[:],iv[:])
+ fmt.Printf("Plain= \n")
+ for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
+ fmt.Printf("\n")
+
+ a.Encrypt(block[:])
+
+ fmt.Printf("Encrypt= \n")
+ for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
+ fmt.Printf("\n")
+
+ a.Reset(aes_CBC,iv[:])
+ a.Decrypt(block[:])
+
+ fmt.Printf("Decrypt= \n")
+ for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
+ fmt.Printf("\n")
+
+ a.End();
+}
+*/