You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:50:08 UTC
[31/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/PAIR.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/PAIR.go b/go/amcl-go/PAIR.go
deleted file mode 100644
index 8a7de9f..0000000
--- a/go/amcl-go/PAIR.go
+++ /dev/null
@@ -1,541 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve Pairing functions */
-
-package amcl
-
-//import "fmt"
-
-/* Line function */
-func line(A *ECP2, B *ECP2, Qx *FP, Qy *FP) *FP12 {
- P := NewECP2()
-
- P.copy(A)
- ZZ := NewFP2copy(P.getz())
- ZZ.sqr()
- var D int
- if A == B {
- D = A.dbl()
- } else {
- D = A.add(B)
- }
-
- if D < 0 {
- return NewFP12int(1)
- }
-
- Z3 := NewFP2copy(A.getz())
-
- var a *FP4
- var b *FP4
- c := NewFP4int(0)
-
- if D == 0 { /* Addition */
- X := NewFP2copy(B.getx())
- Y := NewFP2copy(B.gety())
- T := NewFP2copy(P.getz())
- T.mul(Y)
- ZZ.mul(T)
-
- NY := NewFP2copy(P.gety())
- NY.neg()
- ZZ.add(NY)
- Z3.pmul(Qy)
- T.mul(P.getx())
- X.mul(NY)
- T.add(X)
- a = NewFP4fp2s(Z3, T)
- ZZ.neg()
- ZZ.pmul(Qx)
- b = NewFP4fp2(ZZ)
- } else { /* Doubling */
- X := NewFP2copy(P.getx())
- Y := NewFP2copy(P.gety())
- T := NewFP2copy(P.getx())
- T.sqr()
- T.imul(3)
-
- Y.sqr()
- Y.add(Y)
- Z3.mul(ZZ)
- Z3.pmul(Qy)
-
- X.mul(T)
- X.sub(Y)
- a = NewFP4fp2s(Z3, X)
- T.neg()
- ZZ.mul(T)
- ZZ.pmul(Qx)
- b = NewFP4fp2(ZZ)
- }
- return NewFP12fp4s(a, b, c)
-}
-
-/* Optimal R-ate pairing */
-func ate(P *ECP2, Q *ECP) *FP12 {
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- x := NewBIGints(CURVE_Bnx)
- n := NewBIGcopy(x)
- K := NewECP2()
- var lv *FP12
- n.pmul(6)
- n.dec(2)
- n.norm()
- P.affine()
- Q.affine()
- Qx := NewFPcopy(Q.getx())
- Qy := NewFPcopy(Q.gety())
-
- A := NewECP2()
- r := NewFP12int(1)
-
- A.copy(P)
- nb := n.nbits()
-
- for i := nb - 2; i >= 1; i-- {
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
-
- if n.bit(i) == 1 {
- lv = line(A, P, Qx, Qy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
-
- /* R-ate fixup */
-
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
-
- return r
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-func ate2(P *ECP2, Q *ECP, R *ECP2, S *ECP) *FP12 {
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- x := NewBIGints(CURVE_Bnx)
- n := NewBIGcopy(x)
- K := NewECP2()
- var lv *FP12
- n.pmul(6)
- n.dec(2)
- n.norm()
- P.affine()
- Q.affine()
- R.affine()
- S.affine()
-
- Qx := NewFPcopy(Q.getx())
- Qy := NewFPcopy(Q.gety())
- Sx := NewFPcopy(S.getx())
- Sy := NewFPcopy(S.gety())
-
- A := NewECP2()
- B := NewECP2()
- r := NewFP12int(1)
-
- A.copy(P)
- B.copy(R)
- nb := n.nbits()
-
- for i := nb - 2; i >= 1; i-- {
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
- lv = line(B, B, Sx, Sy)
- r.smul(lv)
-
- if n.bit(i) == 1 {
- lv = line(A, P, Qx, Qy)
- r.smul(lv)
- lv = line(B, R, Sx, Sy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
-
- lv = line(B, B, Sx, Sy)
- r.smul(lv)
-
- /* R-ate fixup */
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
-
- K.copy(R)
- K.frob(f)
- B.neg()
- lv = line(B, K, Sx, Sy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv = line(B, K, Sx, Sy)
- r.smul(lv)
-
- return r
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-func fexp(m *FP12) *FP12 {
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- x := NewBIGints(CURVE_Bnx)
- r := NewFP12copy(m)
-
- /* Easy part of final exp */
- lv := NewFP12copy(r)
- lv.inverse()
- r.conj()
-
- r.mul(lv)
- lv.copy(r)
- r.frob(f)
- r.frob(f)
- r.mul(lv)
- /* Hard part of final exp */
- lv.copy(r)
- lv.frob(f)
- x0 := NewFP12copy(lv)
- x0.frob(f)
- lv.mul(r)
- x0.mul(lv)
- x0.frob(f)
- x1 := NewFP12copy(r)
- x1.conj()
- x4 := r.pow(x)
-
- x3 := NewFP12copy(x4)
- x3.frob(f)
-
- x2 := x4.pow(x)
-
- x5 := NewFP12copy(x2)
- x5.conj()
- lv = x2.pow(x)
-
- x2.frob(f)
- r.copy(x2)
- r.conj()
-
- x4.mul(r)
- x2.frob(f)
-
- r.copy(lv)
- r.frob(f)
- lv.mul(r)
-
- lv.usqr()
- lv.mul(x4)
- lv.mul(x5)
- r.copy(x3)
- r.mul(x5)
- r.mul(lv)
- lv.mul(x2)
- r.usqr()
- r.mul(lv)
- r.usqr()
- lv.copy(r)
- lv.mul(x1)
- r.mul(x0)
- lv.usqr()
- r.mul(lv)
- r.reduce()
- return r
-}
-
-/* GLV method */
-func glv(e *BIG) []*BIG {
- t := NewBIGint(0)
- q := NewBIGints(CURVE_Order)
- var u []*BIG
- var v []*BIG
-
- for i := 0; i < 2; i++ {
- t.copy(NewBIGints(CURVE_W[i])) // why not just t=new BIG(ROM.CURVE_W[i]);
- d := mul(t, e)
- v = append(v, NewBIGcopy(d.div(q)))
- u = append(u, NewBIGint(0))
- }
- u[0].copy(e)
- for i := 0; i < 2; i++ {
- for j := 0; j < 2; j++ {
- t.copy(NewBIGints(CURVE_SB[j][i]))
- t.copy(modmul(v[j], t, q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
-}
-
-/* Galbraith & Scott Method */
-func gs(e *BIG) []*BIG {
- t := NewBIGint(0)
- q := NewBIGints(CURVE_Order)
- var u []*BIG
- var v []*BIG
- for i := 0; i < 4; i++ {
- t.copy(NewBIGints(CURVE_WB[i]))
- d := mul(t, e)
- v = append(v, NewBIGcopy(d.div(q)))
- u = append(u, NewBIGint(0))
- }
- u[0].copy(e)
- for i := 0; i < 4; i++ {
- for j := 0; j < 4; j++ {
- t.copy(NewBIGints(CURVE_BB[j][i]))
- t.copy(modmul(v[j], t, q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
-}
-
-/* Multiply P by e in group G1 */
-func G1mul(P *ECP, e *BIG) *ECP {
- var R *ECP
- if USE_GLV {
- P.affine()
- R = NewECP()
- R.copy(P)
- Q := NewECP()
- Q.copy(P)
- q := NewBIGints(CURVE_Order)
- cru := NewFPbig(NewBIGints(CURVE_Cru))
- t := NewBIGint(0)
- u := glv(e)
- Q.getx().mul(cru)
-
- np := u[0].nbits()
- t.copy(modneg(u[0], q))
- nn := t.nbits()
- if nn < np {
- u[0].copy(t)
- R.neg()
- }
-
- np = u[1].nbits()
- t.copy(modneg(u[1], q))
- nn = t.nbits()
- if nn < np {
- u[1].copy(t)
- Q.neg()
- }
-
- R = R.mul2(u[0], Q, u[1])
-
- } else {
- R = P.mul(e)
- }
- return R
-}
-
-/* Multiply P by e in group G2 */
-func G2mul(P *ECP2, e *BIG) *ECP2 {
- var R *ECP2
- if USE_GS_G2 {
- var Q []*ECP2
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- q := NewBIGints(CURVE_Order)
- u := gs(e)
-
- t := NewBIGint(0)
- P.affine()
- Q = append(Q, NewECP2())
- Q[0].copy(P)
- for i := 1; i < 4; i++ {
- Q = append(Q, NewECP2())
- Q[i].copy(Q[i-1])
- Q[i].frob(f)
- }
- for i := 0; i < 4; i++ {
- np := u[i].nbits()
- t.copy(modneg(u[i], q))
- nn := t.nbits()
- if nn < np {
- u[i].copy(t)
- Q[i].neg()
- }
- }
- R = mul4(Q, u)
-
- } else {
- R = P.mul(e)
- }
- return R
-}
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
-func GTpow(d *FP12, e *BIG) *FP12 {
- var r *FP12
- if USE_GS_GT {
- var g []*FP12
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- q := NewBIGints(CURVE_Order)
- t := NewBIGint(0)
-
- u := gs(e)
-
- g = append(g, NewFP12copy(d))
- for i := 1; i < 4; i++ {
- g = append(g, NewFP12int(0))
- g[i].copy(g[i-1])
- g[i].frob(f)
- }
- for i := 0; i < 4; i++ {
- np := u[i].nbits()
- t.copy(modneg(u[i], q))
- nn := t.nbits()
- if nn < np {
- u[i].copy(t)
- g[i].conj()
- }
- }
- r = pow4(g, u)
- } else {
- r = d.pow(e)
- }
- return r
-}
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-func GTmember(m *FP12) bool {
- if m.isunity() {
- return false
- }
- r := NewFP12copy(m)
- r.conj()
- r.mul(m)
- if !r.isunity() {
- return false
- }
-
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
-
- r.copy(m)
- r.frob(f)
- r.frob(f)
- w := NewFP12copy(r)
- w.frob(f)
- w.frob(f)
- w.mul(m)
- if !GT_STRONG {
- if !w.equals(r) {
- return false
- }
- x := NewBIGints(CURVE_Bnx)
- r.copy(m)
- w = r.pow(x)
- w = w.pow(x)
- r.copy(w)
- r.sqr()
- r.mul(w)
- r.sqr()
- w.copy(m)
- w.frob(f)
- }
- return w.equals(r)
-}
-
-/*
-func main() {
-
- Q:=NewECPbigs(NewBIGints(CURVE_Gx),NewBIGints(CURVE_Gy))
- P:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb)))
-
- r:=NewBIGints(CURVE_Order)
- xa:=NewBIGints(CURVE_Pxa)
-
- fmt.Printf("P= "+P.toString())
- fmt.Printf("\n");
- fmt.Printf("Q= "+Q.toString());
- fmt.Printf("\n");
-
- //m:=NewBIGint(17)
-
- e:=ate(P,Q)
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-
- e=fexp(e)
- // e=GTpow(e,m);
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n");
- GLV:=glv(r)
-
- fmt.Printf("GLV[0]= "+GLV[0].toString())
- fmt.Printf("\n")
-
- fmt.Printf("GLV[0]= "+GLV[1].toString())
- fmt.Printf("\n")
-
- G:=NewECP(); G.copy(Q)
- R:=NewECP2(); R.copy(P)
-
-
- e=ate(R,Q)
- e=fexp(e)
-
- e=GTpow(e,xa)
- fmt.Printf("\ne= "+e.toString());
- fmt.Printf("\n")
-
- R=G2mul(R,xa)
- e=ate(R,G)
- e=fexp(e)
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-
- G=G1mul(G,xa)
- e=ate(P,G)
- e=fexp(e)
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/RAND.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/RAND.go b/go/amcl-go/RAND.go
deleted file mode 100644
index eb92107..0000000
--- a/go/amcl-go/RAND.go
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-package amcl
-
-import (
- "sync"
-)
-
-//import "fmt"
-
-const rand_NK int = 21
-const rand_NJ int = 6
-const rand_NV int = 8
-
-type RAND struct {
- sync.Mutex
- ira [rand_NK]uint32 /* random number... */
- rndptr int
- borrow uint32
- pool_ptr int
- pool [32]byte
-}
-
-/* Terminate and clean up */
-func (R *RAND) Clean() { /* kill internal state */
- R.pool_ptr = 0
- R.rndptr = 0
- for i := 0; i < 32; i++ {
- R.pool[i] = 0
- }
- for i := 0; i < rand_NK; i++ {
- R.ira[i] = 0
- }
- R.borrow = 0
-}
-
-func NewRAND() *RAND {
- R := new(RAND)
- R.Clean()
- return R
-}
-
-func (R *RAND) sbrand() uint32 { /* Marsaglia & Zaman random number generator */
- R.rndptr++
- if R.rndptr < rand_NK {
- return R.ira[R.rndptr]
- }
- R.rndptr = 0
- k := rand_NK - rand_NJ
- for i := 0; i < rand_NK; i++ { /* calculate next NK values */
- if k == rand_NK {
- k = 0
- }
- t := R.ira[k]
- pdiff := t - R.ira[i] - R.borrow
- if pdiff < t {
- R.borrow = 0
- }
- if pdiff > t {
- R.borrow = 1
- }
- R.ira[i] = pdiff
- k++
- }
-
- return R.ira[0]
-}
-
-func (R *RAND) sirand(seed uint32) {
- var m uint32 = 1
- R.borrow = 0
- R.rndptr = 0
- R.ira[0] ^= seed
- for i := 1; i < rand_NK; i++ { /* fill initialisation vector */
- in := (rand_NV * i) % rand_NK
- R.ira[in] ^= m /* note XOR */
- t := m
- m = seed - m
- seed = t
- }
-
- for i := 0; i < 10000; i++ {
- R.sbrand()
- } /* "warm-up" & stir the generator */
-}
-
-func (R *RAND) fill_pool() {
-
- sh := NewHASH()
- for i := 0; i < 128; i++ {
- sh.Process(byte(R.sbrand() & 0xff))
- }
- R.pool = sh.Hash()
- R.pool_ptr = 0
-}
-
-func pack(b [4]byte) uint32 { /* pack 4 bytes into a 32-bit Word */
- return (((uint32(b[3])) & 0xff) << 24) | ((uint32(b[2]) & 0xff) << 16) | ((uint32(b[1]) & 0xff) << 8) | (uint32(b[0]) & 0xff)
-}
-
-/* Initialize RNG with some real entropy from some external source */
-func (R *RAND) Seed(rawlen int, raw []byte) { /* initialise from at least 128 byte string of raw random entropy */
- var b [4]byte
- sh := NewHASH()
- R.pool_ptr = 0
-
- for i := 0; i < rand_NK; i++ {
- R.ira[i] = 0
- }
-
- if rawlen > 0 {
- for i := 0; i < rawlen; i++ {
- sh.Process(raw[i])
- }
- digest := sh.Hash()
-
- /* initialise PRNG from distilled randomness */
-
- for i := 0; i < 8; i++ {
- b[0] = digest[4*i]
- b[1] = digest[4*i+1]
- b[2] = digest[4*i+2]
- b[3] = digest[4*i+3]
- R.sirand(pack(b))
- }
- }
- R.fill_pool()
-}
-
-/* get random byte */
-func (R *RAND) GetByte() byte {
- R.Lock()
- defer R.Unlock()
-
- r := R.pool[R.pool_ptr]
- R.pool_ptr++
-
- if R.pool_ptr >= 32 {
- R.fill_pool()
- }
- return byte(r & 0xff)
-}
-
-/* test main program */
-/*
-func main() {
- var raw [100]byte
- rng:=NewRAND()
-
- rng.Clean()
- for i:=0;i<100;i++ {raw[i]=byte(i)}
-
- rng.Seed(100,raw[:])
-
- for i:=0;i<1000;i++ {
- fmt.Printf("%03d ",rng.GetByte())
- }
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/ROM.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/ROM.go b/go/amcl-go/ROM.go
deleted file mode 100644
index 0a4ceb9..0000000
--- a/go/amcl-go/ROM.go
+++ /dev/null
@@ -1,353 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-package amcl
-
-const NOT_SPECIAL int = 0
-const PSEUDO_MERSENNE int = 1
-const MONTGOMERY_FRIENDLY int = 2
-const WEIERSTRASS int = 0
-const EDWARDS int = 1
-const MONTGOMERY int = 2
-
-const NLEN int = 5
-const DNLEN int = 2 * NLEN
-const CHUNK int = 64
-const MODBYTES uint = 32
-
-/*** Enter Some Field details here ***/
-// Curve 25519
-//const MODBITS uint=255
-//const MOD8 uint=5
-// NIST256 or Brainpool
-//const MODBITS uint=256
-//const MOD8 uint=7
-// MF254
-//const MODBITS uint=254
-//const MOD8 uint=7
-// MS255
-//const MODBITS uint= 255
-//const MOD8 uint= 3
-// MF256
-//const MODBITS uint=256
-//const MOD8 uint=7
-// MS256
-//const MODBITS uint= 256
-//const MOD8 uint= 3
-// ANSSI
-//const MODBITS uint= 256
-//const MOD8 uint= 3
-// BN Curve
-const MODBITS uint = 254 /* Number of bits in Modulus */
-const MOD8 uint = 3 /* Modulus mod 8 */
-
-/* Don't Modify from here... */
-const MASK int64 = ((int64(1) << BASEBITS) - 1)
-const BASEBITS uint = 56
-const OMASK int64 = ((int64(-1)) << (MODBITS % BASEBITS))
-const HBITS uint = (BASEBITS / 2)
-const HMASK int64 = ((int64(1) << HBITS) - 1)
-const TBITS uint = MODBITS % BASEBITS // Number of active bits in top word
-const TMASK int64 = (int64(1) << TBITS) - 1
-const FF_BITS int = 2048 /* Finite Field Size in bits - must be 256.2^n */
-const FFLEN int = (FF_BITS / 256)
-const HFLEN int = (FFLEN / 2) /* Useful for half-size RSA private key operations */
-
-const NEXCESS int = (1 << (uint(CHUNK) - BASEBITS - 1))
-const FEXCESS int64 = (int64(1) << (BASEBITS*uint(NLEN) - MODBITS))
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-//const MODTYPE int=PSEUDO_MERSENNE
-//var Modulus = [...]int64 {0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//const MConst int64=0x13
-// NIST-256 Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus = [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFF,0x0,0x1000000,0xFFFFFFFF}
-//const MConst int64=0x1
-// MF254 Modulus
-//const MODTYPE int=MONTGOMERY_FRIENDLY
-//var Modulus= [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-//const MConst int64=0x3F810000
-// MS255 Modulus
-//const MODTYPE int= 1
-//var Modulus= [...]int64 {0xFFFFFFFFFFFD03,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//const MConst int64=0x2FD
-// MF256 Modulus
-//const MODTYPE int= 2
-//var Modulus= [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFA7FFFF}
-//const MConst int64=0xFFA80000
-// MS256 Modulus
-//const MODTYPE int= 1
-//var Modulus= [...]int64 {0xFFFFFFFFFFFF43,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFF}
-//const MConst int64=0xBD
-// Brainpool
-//const MODTYPE int= NOT_SPECIAL
-//var Modulus= [...]int64 {0x13481D1F6E5377,0xF623D526202820,0x909D838D726E3B,0xA1EEA9BC3E660A,0xA9FB57DB}
-//const MConst int64 =0xA75590CEFD89B9
-// ANSSI
-//const MODTYPE int= 0
-//var Modulus= [...]int64{0xFCF353D86E9C03,0xADBCABC8CA6DE8,0xE8CE42435B3961,0xB3AD58F10126D,0xF1FD178C}
-//const MConst int64=0x97483A164E1155
-// BNCX Curve Modulus
-const MODTYPE int = NOT_SPECIAL
-
-var Modulus = [...]int64{0x6623EF5C1B55B3, 0xD6EE18093EE1BE, 0x647A6366D3243F, 0x8702A0DB0BDDF, 0x24000000}
-
-const MConst int64 = 0x4E205BF9789E85
-
-// BN Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]int64 {0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482}
-//const MConst int64=0x435E50D79435E5
-// BNT Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]int64 {0x9DBBFEEEB4A713,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB}
-//const MConst int64=0xC5A872D914C4E5
-// BNT2 Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]int64 {0xB2DC2BB460A48B,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482}
-//const MConst int64=0xFE6A47A6505CDD
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-//const CURVETYPE int=EDWARDS
-//const CURVE_A int = -1
-//var CURVE_B = [...]int64 {0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE}
-//var CURVE_Order = [...]int64 {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000}
-//var CURVE_Gx = [...]int64 {0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3}
-//var CURVE_Gy = [...]int64 {0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666}
-
-// NIST-256 Curve
-//const CURVETYPE int=WEIERSTRASS
-//const CURVE_A int = -3
-//var CURVE_B = [...]int64 {0xCE3C3E27D2604B,0x6B0CC53B0F63B,0x55769886BC651D,0xAA3A93E7B3EBBD,0x5AC635D8}
-//var CURVE_Order = [...]int64 {0xB9CAC2FC632551,0xFAADA7179E84F3,0xFFFFFFFFFFBCE6,0xFFFFFF,0xFFFFFFFF}
-//var CURVE_Gx =[...]int64 {0xA13945D898C296,0x7D812DEB33A0F4,0xE563A440F27703,0xE12C4247F8BCE6,0x6B17D1F2}
-//var CURVE_Gy =[...]int64 {0xB6406837BF51F5,0x33576B315ECECB,0x4A7C0F9E162BCE,0xFE1A7F9B8EE7EB,0x4FE342E2}
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//const CURVETYPE int= 0
-//const CURVE_A int = -3
-//var CURVE_B = [...]int64 {0xFFFFFFFFFFD08D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-//var CURVE_Order=[...]int64 {0xA419C4AF8DF83F,0x8BEA0DA375C06F,0xFFFFFFFFFFEB81,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-//var CURVE_Gx =[...]int64 {0x2,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x65DF37F90D4EBC,0x38E3F8511931AD,0x75BD778AEBDFB7,0x3B2E56014AE15A,0x140E3FD3}
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64 {0x367B,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x52D0FDAF2701E5,0x9A840E3212187C,0xD502363F4E3632,0xD6A4C335951D00,0x19F0E690}
-
-// MF254 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int= -55790
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-//var CURVE_Order=[...]int64 {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF}
-//var CURVE_Gx =[...]int64 {0x3,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-
-// MS255 Modulus, Weierstrass Curve
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0xFFFFFFFFFFAB46,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//var CURVE_Order=[...]int64 {0x8FAC983C594AEB,0x38283AD2B3DFAB,0xFFFFFFFFFF864A,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0};
-//var CURVE_Gy =[...]int64 {0x33FF6769CB44BA,0xC78CDDFDA60D17,0xF9B2FF7D177DB6,0xEDBA7833921EBF,0x6F7A6AC0}
-
-// MS255 Modulus, Edwards Curve
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64{0xEA97,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64{0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF}
-//var CURVE_Gx =[...]int64{0x4,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64{0x2A255BD08736A0,0x4B8AED445A45BA,0xDD8E0C47E55291,0x4A7BB545EC254C,0x26CB7853}
-
-// MS255 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int=-240222
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF}
-//var CURVE_Gx =[...]int64 {0x4,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0};
-
-// MF256 Modulus, Weierstrass Curve
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0x14E6A,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0x10C5E1A79857EB,0x7513E6E5074B9D,0xFFFFFFFFFFFC51,0xFFFFFFFFFFFFFF,0xFFA7FFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x7954C2B724D2A,0x47EB8D94DC6610,0x26123DAE289569,0xBE1808CE7BABBA,0x20887C87}
-
-// MF256, Edwards Curve
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64 {0x350A,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0xEAA722F2F3C908,0x5E648DFEA68D7D,0xF3DB2C1AACA0C0,0xF8CC4D5AEAEBEE,0xDAD8D4F8}
-
-// MF256 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int= -54314
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-//var CURVE_Order=[...]int64 {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF}
-//var CURVE_Gx =[...]int64 {0x8,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-
-// MS256, Weierstrass Curve
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0x25581,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xAB20294751A825,0x8275EA265C6020,0xFFFFFFFFFFE43C,0xFFFFFFFFFFFFFF,0xFFFFFFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0xF46306C2B56C77,0x2F9375894EC10B,0x6CCEEEDD6BD02C,0xC1E466D7FC82C9,0x696F1853}
-
-// MS256, Edwards Curve
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64 {0x3BEE,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF}
-//var CURVE_Gx =[...]int64 {0xD,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x7F6FB5331CADBA,0x6D63824D303F70,0xB39FA046BFBE2A,0x2A1276DBA3D330,0x7D0AB41E}
-
-// MS256 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int=-61370
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-//var CURVE_Order= [...]int64 {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF}
-//var CURVE_Gx = [...]int64 {0xb,0x0,0x0,0x0,0x0}
-//var CURVE_Gy = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-
-// Brainpool
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0xE58101FEE92B04,0xEBC4AF2F49256A,0x733D0B76B7BF93,0x30D84EA4FE66A7,0x662C61C4}
-//var CURVE_Order= [...]int64 {0x1E0E82974856A7,0x7AA3B561A6F790,0x909D838D718C39,0xA1EEA9BC3E660A,0xA9FB57DB}
-//var CURVE_Gx = [...]int64 {0xA191562E1305F4,0x42C47AAFBC2B79,0xB23A656149AFA1,0xC1CFE7B7732213,0xA3E8EB3C}
-//var CURVE_Gy = [...]int64 {0xABE8F35B25C9BE,0xB6DE39D027001D,0xE14644417E69BC,0x3439C56D7F7B22,0x2D996C82}
-
-// ANSSI
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0x75ED967B7BB73F,0xC9AE4B1A18030,0x754A44C00FDFEC,0x5428A9300D4ABA,0xEE353FCA}
-//var CURVE_Order=[...]int64 {0xFDD459C6D655E1,0x67E140D2BF941F,0xE8CE42435B53DC,0xB3AD58F10126D,0xF1FD178C}
-//var CURVE_Gx =[...]int64 {0xC97A2DD98F5CFF,0xD2DCAF98B70164,0x4749D423958C27,0x56C139EB31183D,0xB6B3D4C3}
-//var CURVE_Gy =[...]int64 {0x115A1554062CFB,0xC307E8E4C9E183,0xF0F3ECEF8C2701,0xC8B204911F9271,0x6142E0F7}
-
-// BNCX Curve
-
-const CURVETYPE int = WEIERSTRASS
-const CURVE_A int = 0
-
-var CURVE_B = [...]int64{0x2, 0x0, 0x0, 0x0, 0x0}
-var CURVE_Order = [...]int64{0x11C0A636EB1F6D, 0xD6EE0CC906CEBE, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}
-var CURVE_Bnx = [...]int64{0x3C012B1, 0x40, 0x0, 0x0, 0x0}
-var CURVE_Cru = [...]int64{0xE0931794235C97, 0xDF6471EF875631, 0xCA83F1440BD, 0x480000, 0x0}
-var CURVE_Fra = [...]int64{0xD9083355C80EA3, 0x7326F173F8215B, 0x8AACA718986867, 0xA63A0164AFE18B, 0x1359082F}
-var CURVE_Frb = [...]int64{0x8D1BBC06534710, 0x63C7269546C062, 0xD9CDBC4E3ABBD8, 0x623628A900DC53, 0x10A6F7D0}
-var CURVE_Pxa = [...]int64{0x851CEEE4D2EC74, 0x85BFA03E2726C0, 0xF5C34BBB907C, 0x7053B256358B25, 0x19682D2C}
-var CURVE_Pxb = [...]int64{0xA58E8B2E29CFE1, 0x97B0C209C30F47, 0x37A8E99743F81B, 0x3E19F64AA011C9, 0x1466B9EC}
-var CURVE_Pya = [...]int64{0xFBFCEBCF0BE09F, 0xB33D847EC1B30C, 0x157DAEE2096361, 0x72332B8DD81E22, 0xA79EDD9}
-var CURVE_Pyb = [...]int64{0x904B228898EE9D, 0x4EA569D2EDEBED, 0x512D8D3461C286, 0xECC4C09035C6E4, 0x6160C39}
-var CURVE_Gx = [...]int64{0x6623EF5C1B55B2, 0xD6EE18093EE1BE, 0x647A6366D3243F, 0x8702A0DB0BDDF, 0x24000000}
-var CURVE_Gy = [...]int64{0x1, 0x0, 0x0, 0x0, 0x0}
-var CURVE_W = [2][5]int64{{0x546349162FEB83, 0xB40381200, 0x6000, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}
-var CURVE_SB = [2][2][5]int64{{{0x5463491DB010E4, 0xB40381280, 0x6000, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}, {{0x7802561, 0x80, 0x0, 0x0, 0x0}, {0xBD5D5D20BB33EA, 0xD6EE0188CEBCBD, 0x647A6366D2643F, 0x8702A0DB0BDDF, 0x24000000}}}
-var CURVE_WB = [4][5]int64{{0x1C2118567A84B0, 0x3C012B040, 0x2000, 0x0, 0x0}, {0xCDF995BE220475, 0x94EDA8CA7F9A36, 0x8702A0DC07E, 0x300000, 0x0}, {0x66FCCAE0F10B93, 0x4A76D4653FCD3B, 0x4381506E03F, 0x180000, 0x0}, {0x1C21185DFAAA11, 0x3C012B0C0, 0x2000, 0x0, 0x0}}
-var CURVE_BB = [4][4][5]int64{{{0x11C0A6332B0CBD, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x7802562, 0x80, 0x0, 0x0, 0x0}}, {{0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBD, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}}, {{0x7802562, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}, {{0x3C012B2, 0x40, 0x0, 0x0, 0x0}, {0xF004AC2, 0x100, 0x0, 0x0, 0x0}, {0x11C0A62F6AFA0A, 0xD6EE0CC906CE3E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x3C012B2, 0x40, 0x0, 0x0, 0x0}}}
-
-// BN Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_A int= 0
-var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]int64 {0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482}
-var CURVE_Bnx=[...]int64 {0x80000000000001,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]int64 {0x80000000000007,0x6CD,0x40000000024909,0x49B362,0x0}
-var CURVE_Fra=[...]int64 {0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619}
-var CURVE_Frb=[...]int64 {0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69}
-var CURVE_Pxa=[...]int64 {0xAB2C7935FD0CB4,0xE319E4FCC57C2B,0x24F6DF763B05A5,0xF55EA7EA335FB7,0x95B04D4}
-var CURVE_Pxb=[...]int64 {0xA07D0790962455,0x86BE3D27AA5E38,0x89E05747F39D6D,0xC08347B49D42BF,0x5D4D8A7}
-var CURVE_Pya=[...]int64 {0xADCE687A08A46C,0x2B30E98A4191F9,0x4C3784B1F16908,0x25E5313FA16D1C,0xABF2ABF}
-var CURVE_Pyb=[...]int64 {0xDF88D405F306EC,0x82076ADD13A0E6,0x1E47819D6A5C04,0xE679DABDB38627,0x18769A87}
-var CURVE_Gx =[...]int64 {0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482}
-var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]int64{{0x3,0x80000000000204,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]int64 {{{0x4,0x80000000000285,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482}}}
-var CURVE_WB=[4][5]int64 {{0x80000000000000,0x80000000000040,0x2080,0x0,0x0},{0x80000000000005,0x54A,0x8000000001C707,0x312241,0x0},{0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120,0x0},{0x80000000000001,0x800000000000C1,0x2080,0x0,0x0}}
-var CURVE_BB=[4][4][5]int64 {{{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x2,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482}},{{0x2,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x80000000000002,0x40,0x0,0x0,0x0},{0x2,0x102,0x0,0x0,0x0},{0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x80000000000002,0x40,0x0,0x0,0x0}}}
-*/
-
-// BNT Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_A int= 0
-var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]int64 {0x75777E8D30210D,0xD43492B2CB363A,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}
-var CURVE_Bnx=[...]int64 {0x806000004081,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]int64 {0xEB53D5AB4FCD87,0x82A5F2BAB11FAD,0x47651504C9764C,0x4801B1,0x0}
-var CURVE_Fra=[...]int64 {0xF5D14EADC80022,0x4904D6FACCE359,0xF190A13211BE6C,0xC9BBC4394F6509,0x1328A292}
-var CURVE_Frb=[...]int64 {0xA7EAB040ECA6F1,0xC513DF997D764,0x450657A3DEB01E,0x9B5B3D15AAA6A1,0x10D87E48}
-var CURVE_Pxa=[...]int64 {0x8987E2288E65BB,0xAD1CAA6313BE,0x325041548B7CCC,0x4C1339EBCC055,0x14483FCD}
-var CURVE_Pxb=[...]int64 {0x67888808DBE2C0,0x7FE1F81E34853A,0xA631A51B57B95,0x384EC302DA3FC5,0x87F46B3}
-var CURVE_Pya=[...]int64 {0x202C47E020CA1D,0xB4167E8399F36C,0xC6E5439F72C94C,0x102B0BD74A2C69,0x14E8C29C}
-var CURVE_Pyb=[...]int64 {0xD8437C716628F2,0x27E167BCB7DC6B,0xA82C7572681D0A,0x62454BD1EDEC18,0x17AFE2A4}
-var CURVE_Gx =[...]int64 {0x9DBBFEEEB4A712,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB}
-var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]int64{{0x26430061838403,0x81218241998384,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]int64 {{{0x2743C061840504,0x81218241998404,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x4F347E2BAC9D0A,0x5313107131B2B6,0x3696F8D5EFAE87,0x6517014EFA0BAB,0x240120DB}}}
-var CURVE_WB=[4][5]int64 {{0x6140602080C080,0x806080C08880C1,0x2000,0x0,0x0},{0xB53904088C4A85,0xAD2FA352DC6C36,0xDA436358868EDE,0x300120,0x0},{0x5ADCB204464583,0x5697D1A96E363B,0x6D21B1AC43476F,0x180090,0x0},{0x62412020814181,0x806080C0888141,0x2000,0x0,0x0}}
-var CURVE_BB=[4][4][5]int64 {{{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x100C000008102,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}},{{0x100C000008102,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x806000004082,0x40,0x0,0x0,0x0},{0x2018000010202,0x100,0x0,0x0,0x0},{0x7476BE8D2FA00A,0xD43492B2CB35BA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x806000004082,0x40,0x0,0x0,0x0}}}
-*/
-
-// BNT2 Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_A int= 0
-var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]int64 {0xFB71A511AA2BF5,0x8DE127B73833D7,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}
-var CURVE_Bnx=[...]int64 {0x20100608205,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]int64 {0x5027444866BD33,0x5B773016470EFB,0xC3617BECF23675,0x480006,0x0}
-var CURVE_Fra=[...]int64 {0xB268C973AEF062,0xC69B33C3BCE492,0xF67FA37F195BBC,0x29E8CAB6BD0A41,0x124E0B8D}
-var CURVE_Frb=[...]int64 {0x736240B1B429,0xCD48F52D196D56,0x18BBE650E72612,0x17268FF6FA43DE,0x11B1F8F5}
-var CURVE_Pxa=[...]int64 {0xCC92399F40A3C8,0xCDA4E96611784A,0x7B056961706B35,0x9693C6318279D7,0x16FC17CF}
-var CURVE_Pxb=[...]int64 {0x557A8AD8549540,0x6F7BE6F6510610,0x565907A95D17DB,0xBD5975909C8188,0x1EB5B500}
-var CURVE_Pya=[...]int64 {0x7BECC514220513,0x4A78860E737B14,0x51B83935F12684,0x761422AA9D4DFA,0x1E8EE498}
-var CURVE_Pyb=[...]int64 {0xB9328F577CE78E,0xB746E26FA5781F,0xA93DBC1FB8E27E,0xBAE33BDBA29D76,0x23CEF4CD}
-var CURVE_Gx =[...]int64 {0xB2DC2BB460A48A,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482}
-var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]int64 {{0xB76282A1347083,0x60301399E1D10,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]int64 {{{0xB76684A1F5748C,0x60301399E1D90,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0x440F227075BB72,0x87DE267D9A16C7,0xF3B89CFFFC1CF,0x410F5AADB74E20,0x24000482}}}
-var CURVE_WB=[4][5]int64 {{0x9272D48A70A224,0x20100688A0945,0x2000,0x0,0x0},{0x5A572CF030EF19,0x9651763543721D,0x8240FD48A1B9A3,0x300004,0x0},{0xAD2C96F848B88F,0xCB28BB1AA1B92E,0x41207EA450DCD1,0x180002,0x0},{0x9276D68B31A62D,0x20100688A09C5,0x2000,0x0,0x0}}
-var CURVE_BB=[4][4][5]int64 {{{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x40200C1040A,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}},{{0x40200C1040A,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x20100608206,0x40,0x0,0x0,0x0},{0x80401820812,0x100,0x0,0x0,0x0},{0xFB6DA310E927EA,0x8DE127B7383357,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x20100608206,0x40,0x0,0x0,0x0}}}
-*/
-
-const USE_GLV bool = true
-const USE_GS_G2 bool = true
-const USE_GS_GT bool = true
-const GT_STRONG bool = true
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/RSA.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/RSA.go b/go/amcl-go/RSA.go
deleted file mode 100644
index 5b1cf5b..0000000
--- a/go/amcl-go/RSA.go
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-package amcl
-
-import "fmt"
-
-const RSA_RFS int = int(MODBYTES) * FFLEN
-
-type rsa_private_key struct {
- p, q, dp, dq, c *FF
-}
-
-func New_rsa_private_key(n int) *rsa_private_key {
- SK := new(rsa_private_key)
- SK.p = NewFFint(n)
- SK.q = NewFFint(n)
- SK.dp = NewFFint(n)
- SK.dq = NewFFint(n)
- SK.c = NewFFint(n)
- return SK
-}
-
-type rsa_public_key struct {
- e int
- n *FF
-}
-
-func New_rsa_public_key(m int) *rsa_public_key {
- PK := new(rsa_public_key)
- PK.e = 0
- PK.n = NewFFint(m)
- return PK
-}
-
-func RSA_KEY_PAIR(rng *RAND, e int, PRIV *rsa_private_key, PUB *rsa_public_key) { /* IEEE1363 A16.11/A16.12 more or less */
- n := PUB.n.getlen() / 2
- t := NewFFint(n)
- p1 := NewFFint(n)
- q1 := NewFFint(n)
-
- for true {
- PRIV.p.random(rng)
- for PRIV.p.lastbits(2) != 3 {
- PRIV.p.inc(1)
- }
- for !prime(PRIV.p, rng) {
- PRIV.p.inc(4)
- }
-
- p1.copy(PRIV.p)
- p1.dec(1)
-
- if p1.cfactor(e) {
- continue
- }
- break
- }
-
- for true {
- PRIV.q.random(rng)
- for PRIV.q.lastbits(2) != 3 {
- PRIV.q.inc(1)
- }
- for !prime(PRIV.q, rng) {
- PRIV.q.inc(4)
- }
-
- q1.copy(PRIV.q)
- q1.dec(1)
-
- if q1.cfactor(e) {
- continue
- }
-
- break
- }
-
- PUB.n = ff_mul(PRIV.p, PRIV.q)
- PUB.e = e
-
- t.copy(p1)
- t.shr()
- PRIV.dp.set(e)
- PRIV.dp.invmodp(t)
- if PRIV.dp.parity() == 0 {
- PRIV.dp.add(t)
- }
- PRIV.dp.norm()
-
- t.copy(q1)
- t.shr()
- PRIV.dq.set(e)
- PRIV.dq.invmodp(t)
- if PRIV.dq.parity() == 0 {
- PRIV.dq.add(t)
- }
- PRIV.dq.norm()
-
- PRIV.c.copy(PRIV.p)
- PRIV.c.invmodp(PRIV.q)
-
-}
-
-/* Mask Generation Function */
-
-func RSA_MGF1(Z []byte, olen int, K []byte) {
- H := NewHASH()
- hlen := 32
-
- var k int = 0
- for i := 0; i < len(K); i++ {
- K[i] = 0
- }
-
- cthreshold := olen / hlen
- if olen%hlen != 0 {
- cthreshold++
- }
- for counter := 0; counter < cthreshold; counter++ {
- H.Process_array(Z)
- H.Process_num(int32(counter))
- B := H.Hash()
-
- if k+hlen > olen {
- for i := 0; i < olen%hlen; i++ {
- K[k] = B[i]
- k++
- }
- } else {
- for i := 0; i < hlen; i++ {
- K[k] = B[i]
- k++
- }
- }
- }
-}
-
-func RSA_printBinary(array []byte) {
- for i := 0; i < len(array); i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
-
-/* OAEP Message Encoding for Encryption */
-func RSA_OAEP_ENCODE(m []byte, rng *RAND, p []byte) []byte {
- olen := RSA_RFS - 1
- mlen := len(m)
- var f [RSA_RFS]byte
-
- H := NewHASH()
- hlen := 32
- var SEED [32]byte
- seedlen := hlen
- if mlen > olen-hlen-seedlen-1 {
- return nil
- }
-
- var DBMASK [RSA_RFS - 1 - 32]byte
-
- if p != nil {
- H.Process_array(p)
- }
- h := H.Hash()
- for i := 0; i < hlen; i++ {
- f[i] = h[i]
- }
-
- slen := olen - mlen - hlen - seedlen - 1
-
- for i := 0; i < slen; i++ {
- f[hlen+i] = 0
- }
- f[hlen+slen] = 1
- for i := 0; i < mlen; i++ {
- f[hlen+slen+1+i] = m[i]
- }
-
- for i := 0; i < seedlen; i++ {
- SEED[i] = rng.GetByte()
- }
- RSA_MGF1(SEED[:], olen-seedlen, DBMASK[:])
-
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] ^= f[i]
- }
- RSA_MGF1(DBMASK[:], seedlen, f[:])
-
- for i := 0; i < seedlen; i++ {
- f[i] ^= SEED[i]
- }
-
- for i := 0; i < olen-seedlen; i++ {
- f[i+seedlen] = DBMASK[i]
- }
-
- /* pad to length RFS */
- d := 1
- for i := RSA_RFS - 1; i >= d; i-- {
- f[i] = f[i-d]
- }
- for i := d - 1; i >= 0; i-- {
- f[i] = 0
- }
- return f[:]
-}
-
-/* OAEP Message Decoding for Decryption */
-func RSA_OAEP_DECODE(p []byte, f []byte) []byte {
- olen := RSA_RFS - 1
-
- H := NewHASH()
- hlen := 32
- var SEED [32]byte
- seedlen := hlen
- var CHASH [32]byte
-
- if olen < seedlen+hlen+1 {
- return nil
- }
- var DBMASK [RSA_RFS - 1 - 32]byte
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] = 0
- }
-
- if len(f) < RSA_RFS {
- d := RSA_RFS - len(f)
- for i := RSA_RFS - 1; i >= d; i-- {
- f[i] = f[i-d]
- }
- for i := d - 1; i >= 0; i-- {
- f[i] = 0
- }
- }
-
- if p != nil {
- H.Process_array(p)
- }
- h := H.Hash()
- for i := 0; i < hlen; i++ {
- CHASH[i] = h[i]
- }
-
- x := f[0]
-
- for i := seedlen; i < olen; i++ {
- DBMASK[i-seedlen] = f[i+1]
- }
-
- RSA_MGF1(DBMASK[:], seedlen, SEED[:])
- for i := 0; i < seedlen; i++ {
- SEED[i] ^= f[i+1]
- }
- RSA_MGF1(SEED[:], olen-seedlen, f)
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] ^= f[i]
- }
-
- comp := true
- for i := 0; i < hlen; i++ {
- if CHASH[i] != DBMASK[i] {
- comp = false
- }
- }
-
- for i := 0; i < olen-seedlen-hlen; i++ {
- DBMASK[i] = DBMASK[i+hlen]
- }
-
- for i := 0; i < hlen; i++ {
- SEED[i] = 0
- CHASH[i] = 0
- }
-
- var k int
- for k = 0; ; k++ {
- if k >= olen-seedlen-hlen {
- return nil
- }
- if DBMASK[k] != 0 {
- break
- }
- }
-
- t := DBMASK[k]
- if !comp || x != 0 || t != 0x01 {
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] = 0
- }
- return nil
- }
-
- var r = make([]byte, olen-seedlen-hlen-k-1)
-
- for i := 0; i < olen-seedlen-hlen-k-1; i++ {
- r[i] = DBMASK[i+k+1]
- }
-
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] = 0
- }
-
- return r
-}
-
-/* destroy the Private Key structure */
-func RSA_PRIVATE_KEY_KILL(PRIV *rsa_private_key) {
- PRIV.p.zero()
- PRIV.q.zero()
- PRIV.dp.zero()
- PRIV.dq.zero()
- PRIV.c.zero()
-}
-
-/* RSA encryption with the public key */
-func RSA_ENCRYPT(PUB *rsa_public_key, F []byte, G []byte) {
- n := PUB.n.getlen()
- f := NewFFint(n)
-
- ff_fromBytes(f, F)
- f.power(PUB.e, PUB.n)
- f.toBytes(G)
-}
-
-/* RSA decryption with the private key */
-func RSA_DECRYPT(PRIV *rsa_private_key, G []byte, F []byte) {
- n := PRIV.p.getlen()
- g := NewFFint(2 * n)
-
- ff_fromBytes(g, G)
- jp := g.dmod(PRIV.p)
- jq := g.dmod(PRIV.q)
-
- jp.skpow(PRIV.dp, PRIV.p)
- jq.skpow(PRIV.dq, PRIV.q)
-
- g.zero()
- g.dscopy(jp)
- jp.mod(PRIV.q)
- if ff_comp(jp, jq) > 0 {
- jq.add(PRIV.q)
- }
- jq.sub(jp)
- jq.norm()
-
- t := ff_mul(PRIV.c, jq)
- jq = t.dmod(PRIV.q)
-
- t = ff_mul(jq, PRIV.p)
- g.add(t)
- g.norm()
-
- g.toBytes(F)
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/UTILS.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/UTILS.go b/go/amcl-go/UTILS.go
deleted file mode 100644
index b9b9ecb..0000000
--- a/go/amcl-go/UTILS.go
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-// Generate random six digit value
-func GENERATE_OTP(rng *RAND) int {
- OTP := 0
- mult := 1
- for i := 0; i < 6; i++ {
- val := int(rng.GetByte())
- if val < 0 {
- val = -val
- }
- val = val % 10
- OTP = val*mult + OTP
- mult = mult * 10
- }
- return OTP
-}
-
-// Generate a random byte array
-func GENERATE_RANDOM(rng *RAND, randomLen int) []byte {
- random := make([]byte, randomLen)
- for i := 0; i < randomLen; i++ {
- random[i] = rng.GetByte()
- }
- return random
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/UTILS_test.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/UTILS_test.go b/go/amcl-go/UTILS_test.go
deleted file mode 100644
index 17058cc..0000000
--- a/go/amcl-go/UTILS_test.go
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-import (
- "encoding/hex"
- "fmt"
- "testing"
-)
-
-func TestGENERATE_OTP(t *testing.T) {
- cases := []int{751847, 625436, 628111, 611804, 148564, 202193, 794783, 631944, 544480, 384313}
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate the one time passwords
- for _, want := range cases {
- got := GENERATE_OTP(rng)
- if got != want {
- t.Errorf("One Time Passord %d != %d", got, want)
- }
- }
-}
-
-func TestGENERATE_RANDOM(t *testing.T) {
- cases := []string{"57d662d39b1b245da469e89c", "155babf8de4204e68a656f42", "727e1980e01f996d977a0a34", "7b6c39221d89546895153f10", "32e40e9ad6f50dab3f5ec63f", "f6962a1fc5add13277900871", "93ae541acd6dc3264c19a12a", "faf196291d0820c611d3fcd4", "ba0602f0f6df1908dbcffe5b", "9e93cf35ccd5141e367cf2fd"}
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate the one time passwords
- for _, want := range cases {
- val := GENERATE_RANDOM(rng, 12)
- got := hex.EncodeToString(val)
- if got != want {
- t.Errorf("One Time Passord %s != %s", got, want)
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/crypto.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/crypto.go b/go/amcl-go/crypto.go
deleted file mode 100644
index e2b8bbb..0000000
--- a/go/amcl-go/crypto.go
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-const EAS int = 16
-const EGS int = int(MODBYTES)
-const EFS int = int(MODBYTES)
-const HASH_BYTES int = 32
-const IVS int = 12
-const G1S = 2*EFS + 1
-const G2S = 4 * EFS
-const GTS = 12 * EFS
-
-/* create random secret S. Use GO RNG */
-func MPIN_RANDOM_GENERATE_WRAP(RNG *RAND) (int, []byte) {
- var S [EGS]byte
- errorCode := MPIN_RANDOM_GENERATE(RNG, S[:])
- return errorCode, S[:]
-}
-
-/* Extract Server Secret SS=S*Q where Q is fixed generator in G2 and S is master secret */
-func MPIN_GET_SERVER_SECRET_WRAP(S []byte) (int, []byte) {
- var SS [G2S]byte
- errorCode := MPIN_GET_SERVER_SECRET(S[:], SS[:])
- return errorCode, SS[:]
-}
-
-/* R=R1+R2 in group G1 */
-func MPIN_RECOMBINE_G1_WRAP(R1 []byte, R2 []byte) (int, []byte) {
- var R [G1S]byte
- errorCode := MPIN_RECOMBINE_G1(R1[:], R2[:], R[:])
- return errorCode, R[:]
-}
-
-/* W=W1+W2 in group G2 */
-func MPIN_RECOMBINE_G2_WRAP(W1 []byte, W2 []byte) (int, []byte) {
- var W [G2S]byte
- errorCode := MPIN_RECOMBINE_G2(W1[:], W2[:], W[:])
- return errorCode, W[:]
-}
-
-/* Client secret CS=S*H(ID) where ID is client ID and S is master secret */
-/* CID is hashed externally */
-func MPIN_GET_CLIENT_SECRET_WRAP(S []byte, ID []byte) (int, []byte) {
- var CS [G1S]byte
- errorCode := MPIN_GET_CLIENT_SECRET(S[:], ID[:], CS[:])
- return errorCode, CS[:]
-}
-
-/* Time Permit TP=S*(date|H(ID)) where S is master secret */
-func MPIN_GET_CLIENT_PERMIT_WRAP(date int, S []byte, ID []byte) (int, []byte) {
- var TP [G1S]byte
- errorCode := MPIN_GET_CLIENT_PERMIT(date, S[:], ID[:], TP[:])
- return errorCode, TP[:]
-}
-
-/* Extract PIN from CS for identity CID to form TOKEN */
-func MPIN_EXTRACT_PIN_WRAP(ID []byte, PIN int, CS []byte) (int, []byte) {
- CSIn := make([]byte, G1S)
- copy(CSIn, CS)
- errorCode := MPIN_EXTRACT_PIN(ID[:], PIN, CSIn[:])
- return errorCode, CSIn[:]
-}
-
-/* One pass MPIN Client. Using GO RNG */
-func MPIN_CLIENT_WRAP(date, TimeValue, PIN int, RNG *RAND, ID, X, TOKEN, TP, MESSAGE []byte) (int, []byte, []byte, []byte, []byte, []byte) {
- var Y [EGS]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- errorCode := MPIN_CLIENT(date, ID, RNG, X[:], PIN, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, TimeValue, Y[:])
- return errorCode, X[:], Y[:], SEC[:], U[:], UT[:]
-}
-
-// Precompute values for use by the client side of M-Pin Full
-func MPIN_PRECOMPUTE_WRAP(TOKEN []byte, ID []byte) (int, []byte, []byte) {
- var GT1 [GTS]byte
- var GT2 [GTS]byte
- errorCode := MPIN_PRECOMPUTE(TOKEN[:], ID[:], GT1[:], GT2[:])
- return errorCode, GT1[:], GT2[:]
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
- Use GO RNG
-*/
-func MPIN_GET_G1_MULTIPLE_WRAP(RNG *RAND, typ int, X, G []byte) (int, []byte, []byte) {
- var Z [G1S]byte
- errorCode := MPIN_GET_G1_MULTIPLE(RNG, typ, X[:], G[:], Z[:])
- return errorCode, X[:], Z[:]
-}
-
-/* One pass MPIN Server */
-func MPIN_SERVER_WRAP(date int, TimeValue int, SS, U, UT, V, ID, MESSAGE []byte) (int, []byte, []byte, []byte, []byte, []byte) {
- var HID [G1S]byte
- var HTID [G1S]byte
- var Y [EGS]byte
- var E [GTS]byte
- var F [GTS]byte
-
- errorCode := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:], E[:], F[:], ID[:], MESSAGE[:], TimeValue)
-
- return errorCode, HID[:], HTID[:], Y[:], E[:], F[:]
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-func MPIN_SERVER_KEY_WRAP(Z, SS, W, U, UT []byte) (int, []byte) {
- var SK [EAS]byte
- errorCode := MPIN_SERVER_KEY(Z[:], SS[:], W[:], U[:], UT[:], SK[:])
- return errorCode, SK[:]
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-func MPIN_CLIENT_KEY_WRAP(PIN int, GT1, GT2, R, X, T []byte) (int, []byte) {
- var CK [EAS]byte
- errorCode := MPIN_CLIENT_KEY(GT1[:], GT2[:], PIN, R[:], X[:], T[:], CK[:])
- return errorCode, CK[:]
-}
-
-/* Extract big type PIN.hash(ID) from CS to form TOKEN */
-func MPIN_EXTRACT_BIG_PIN_WRAP(ID, PIN, CS []byte) (int, []byte) {
- TOKEN := make([]byte, G1S)
- pin := fromBytes(PIN)
- P := ECP_fromBytes(CS)
- if P.is_infinity() {
- return MPIN_INVALID_POINT, TOKEN[:]
- }
- h := Hashit(0, ID)
- R := mapit(h)
-
- R = R.mul(pin)
- P.sub(R)
-
- P.toBytes(TOKEN)
-
- return 0, TOKEN[:]
-}
-
-/* Add big type PIN.hash(ID) to TOKEN for identity ID to form CS */
-func MPIN_ADD_BIG_PIN_WRAP(ID, PIN, TOKEN []byte) (int, []byte) {
- CS := make([]byte, G1S)
- pin := fromBytes(PIN)
- P := ECP_fromBytes(TOKEN)
- if P.is_infinity() {
- return MPIN_INVALID_POINT, CS[:]
- }
- h := Hashit(0, ID)
- R := mapit(h)
-
- R = R.mul(pin)
- P.add(R)
-
- P.toBytes(CS)
-
- return 0, CS[:]
-}
-
-/* dst = a ^ b ^ c */
-func XORBytes(a, b, c []byte) ([]byte, int) {
- n := len(a)
- dst := make([]byte, n)
- if (len(b) != n) || (len(c) != n) {
- return dst[:], 1
- }
- for i := 0; i < n; i++ {
- dst[i] = a[i] ^ b[i] ^ c[i]
- }
- return dst[:], 0
-}
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
-func MPIN_SERVER_1_WRAP(date int, ID []byte) ([]byte, []byte) {
- var HID [G1S]byte
- var HTID [G1S]byte
- MPIN_SERVER_1(date, ID, HID[:], HTID[:])
- return HID[:], HTID[:]
-}
-
-/* Implement step 2 of MPin protocol on server side */
-func MPIN_SERVER_2_WRAP(date int, HID []byte, HTID []byte, Y []byte, SS []byte, U []byte, UT []byte, V []byte) (int, []byte, []byte) {
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- errorCode := MPIN_SERVER_2(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:], E[:], F[:])
- return errorCode, E[:], F[:]
-}
-
-/* Implement step 1 on client side of MPin protocol */
-func MPIN_CLIENT_1_WRAP(date int, ID []byte, rng *RAND, X []byte, PIN int, TOKEN []byte, TP []byte) (int, []byte, []byte, []byte, []byte) {
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- errorCode := MPIN_CLIENT_1(date, ID[:], rng, X[:], PIN, TOKEN[:], SEC[:], U[:], UT[:], TP[:])
- return errorCode, X[:], SEC[:], U[:], UT[:]
-}
-
-/* Implement step 2 on client side of MPin protocol */
-func MPIN_CLIENT_2_WRAP(X []byte, Y []byte, SEC []byte) (int, []byte) {
- errorCode := MPIN_CLIENT_2(X[:], Y[:], SEC[:])
- return errorCode, SEC[:]
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/crypto_test.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/crypto_test.go b/go/amcl-go/crypto_test.go
deleted file mode 100644
index 710204e..0000000
--- a/go/amcl-go/crypto_test.go
+++ /dev/null
@@ -1,1194 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-import (
- "crypto/rand"
- "encoding/hex"
- "fmt"
- mathrand "math/rand"
- "testing"
-
- "github.com/stretchr/testify/assert"
-)
-
-const nIter int = 1000
-
-func TestCryptoGoodPIN(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoBadPIN(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- ////// Client //////
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- ////// Server //////
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoBadToken(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, _, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Send UT as V to model bad token
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoRandom(t *testing.T) {
- want := 0
-
- for i := 0; i < nIter; i++ {
-
- // Seed value for Random Number Generator (RNG)
- seed := make([]byte, 16)
- rand.Read(seed)
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Epoch time in days
- date := MPIN_today()
-
- // Epoch time in seconds
- timeValue := MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := mathrand.Intn(10000)
- // PIN variable to authenticate
- PIN2 := PIN1
-
- // Assign the End-User a random ID
- ID := make([]byte, 16)
- rand.Read(ID)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
- }
-}
-
-func TestCryptoGoodSignature(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Authenticate
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoSignatureExpired(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- timeValue += 10
- // Authenticate
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoBadSignature(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Authenticate
- MESSAGE[0] = 00
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoPINError(t *testing.T) {
- want := 1
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- _, _, _, _, E, F := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
-
- got := MPIN_KANGAROO(E[:], F[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoMPINFull(t *testing.T) {
- want := "0afc948b03b2733a0663571f86411a07"
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Precomputation
- _, G1, G2 := MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID)
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, XOut, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Send Z=r.ID to Server
- var R [EGS]byte
- _, ROut, Z := MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:])
-
- // Authenticate
- _, _, HTID, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
-
- // send T=w.ID to client
- var W [EGS]byte
- _, WOut, T := MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:])
-
- _, AES_KEY_SERVER := MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], U[:], UT[:])
- got := hex.EncodeToString(AES_KEY_SERVER[:])
- if got != want {
- t.Errorf("%s != %s", want, got)
- }
-
- _, AES_KEY_CLIENT := MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], T[:])
- got = hex.EncodeToString(AES_KEY_CLIENT[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Subtract a 256 bit PIN
-func TestCrypoSubBigPIN(t *testing.T) {
- want := "042182235070802ebc33633e70e6628f48fd896e86dfc40c81227caa2792367a581d461dbba6efa30896c71f427df335885142cc6fb64ba082ff9573b9276475c0"
-
- IDHex := "7465737455736572406365727469766f782e636f6d"
- ID, err := hex.DecodeString(IDHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- TOKENHex := "0422a522b5c05d06cde3a65872656ab596e111c4ea7c0c349bac26f0bdaf7d5f0a1ea8a0cab99d06677cfbc3c8d667e7b0af33b9ed4df007b0ccc8c2b77353bbe6"
- TOKEN, err := hex.DecodeString(TOKENHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- assert.Equal(t, nil, err, "Should be equal")
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate big PIN - 256 bits
- errorCode, PIN := MPIN_RANDOM_GENERATE_WRAP(rng)
- assert.Equal(t, 0, errorCode, "Should be equal")
-
- // Extract big PIN
- errorCode, TK := MPIN_EXTRACT_BIG_PIN_WRAP(ID[:], PIN[:], TOKEN[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(TK[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Add a 256 bit PIN
-func TestCrypoAddBigPIN(t *testing.T) {
- want := "0422a522b5c05d06cde3a65872656ab596e111c4ea7c0c349bac26f0bdaf7d5f0a1ea8a0cab99d06677cfbc3c8d667e7b0af33b9ed4df007b0ccc8c2b77353bbe6"
-
- IDHex := "7465737455736572406365727469766f782e636f6d"
- ID, err := hex.DecodeString(IDHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- TOKENHex := "042182235070802ebc33633e70e6628f48fd896e86dfc40c81227caa2792367a581d461dbba6efa30896c71f427df335885142cc6fb64ba082ff9573b9276475c0"
- TOKEN, err := hex.DecodeString(TOKENHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- PINHex := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3"
- PIN, err := hex.DecodeString(PINHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- // Extract big PIN
- errorCode, TK := MPIN_ADD_BIG_PIN_WRAP(ID[:], PIN[:], TOKEN[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(TK[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Split key
-func TestCryptoSplitKey(t *testing.T) {
- want := "64b36b7a0395e61350de8839adb019d5ae2134052b8533e7c4bbab3965e0af1b"
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- assert.Equal(t, nil, err, "Should be equal")
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate big PIN - 256 bits
- errorCode, PIN := MPIN_RANDOM_GENERATE_WRAP(rng)
- assert.Equal(t, 0, errorCode, "Should be equal")
- PINHex := hex.EncodeToString(PIN[:])
- PINGoldHex := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3"
- assert.Equal(t, PINGoldHex, PINHex, "Should be equal")
-
- n := len(PIN)
- // Split key by C = PIN ^ A ^ B
- A := GENERATE_RANDOM(rng, n)
-
- B := GENERATE_RANDOM(rng, n)
-
- C, errorCode := XORBytes(PIN[:], A[:], B[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(C[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Combine key shares
-func TestCryptoCombineKey(t *testing.T) {
- want := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3"
-
- CHex := "64b36b7a0395e61350de8839adb019d5ae2134052b8533e7c4bbab3965e0af1b"
- C, err := hex.DecodeString(CHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- AHex := "c5add1327790087193ae541acd6dc3264c19a12afaf196291d0820c611d3fcd4"
- A, err := hex.DecodeString(AHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- BHex := "ba0602f0f6df1908dbcffe5b9e93cf35ccd5141e367cf2fdac4e0a573563477c"
- B, err := hex.DecodeString(BHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- // Combine key shares PIN = A ^ B ^ C
- PIN, errorCode := XORBytes(C[:], A[:], B[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(PIN[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoTwoPassGoodPIN(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoTwoPassBadPIN(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoTwoPassBadToken(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, _ = MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- // Send UT as V to model bad token
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], UT[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoRandomTwoPass(t *testing.T) {
- want := 0
-
- for i := 0; i < nIter; i++ {
-
- // Seed value for Random Number Generator (RNG)
- seed := make([]byte, 16)
- rand.Read(seed)
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Epoch time in days
- date := MPIN_today()
-
- // PIN variable to create token
- PIN1 := mathrand.Intn(10000)
- // PIN variable to authenticate
- PIN2 := PIN1
-
- // Assign the End-User a random ID
- ID := make([]byte, 16)
- rand.Read(ID)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-
- }
-}