You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by km...@apache.org on 2020/03/31 08:54:45 UTC
[incubator-milagro-crypto-rust] 30/31: Fix comments and tests and
bug in nist521
This is an automated email from the ASF dual-hosted git repository.
kmccusker pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-rust.git
commit 4a058c38b803c85e961b16f327bc92fa8d8de05d
Author: Kirk Baird <ba...@outlook.com>
AuthorDate: Tue Mar 31 11:36:43 2020 +1100
Fix comments and tests and bug in nist521
Signed-off-by: Kirk Baird <ba...@outlook.com>
---
src/bls.rs | 1 -
src/bls192.rs | 1 -
src/bls256.rs | 3 +-
src/ecdh.rs | 28 ++++++------
src/mpin.rs | 134 ++++++++++++++++++++++++++------------------------------
src/mpin192.rs | 135 ++++++++++++++++++++++++++-------------------------------
src/mpin256.rs | 135 ++++++++++++++++++++++++++-------------------------------
7 files changed, 198 insertions(+), 239 deletions(-)
diff --git a/src/bls.rs b/src/bls.rs
index 98c9a8b..1bc71cb 100644
--- a/src/bls.rs
+++ b/src/bls.rs
@@ -20,7 +20,6 @@ under the License.
use super::ecp::ECP;
use super::ecp2::ECP2;
use std::str;
-//use super::fp12::FP12;
use super::big;
use super::big::Big;
use super::pair;
diff --git a/src/bls192.rs b/src/bls192.rs
index 1f262a7..3381106 100644
--- a/src/bls192.rs
+++ b/src/bls192.rs
@@ -38,7 +38,6 @@ pub const BLS_OK: isize = 0;
pub const BLS_FAIL: isize = -1;
// hash a message to an ECP point, using SHA3
-
#[allow(non_snake_case)]
fn bls_hashit(m: &str) -> ECP {
let mut sh = SHA3::new(SHAKE256);
diff --git a/src/bls256.rs b/src/bls256.rs
index adad0da..11fb5a1 100644
--- a/src/bls256.rs
+++ b/src/bls256.rs
@@ -20,7 +20,6 @@ under the License.
use super::ecp::ECP;
use super::ecp8::ECP8;
use std::str;
-//use super::fp48::FP48;
use super::big;
use super::big::Big;
use super::pair256;
@@ -60,7 +59,7 @@ pub fn key_pair_generate(mut rng: &mut RAND, s: &mut [u8], w: &mut [u8]) -> isiz
BLS_OK
}
-// Sign message m using private key s to produce signature sig
+/// Sign message m using private key s to produce signature sig
pub fn sign(sig: &mut [u8], m: &str, s: &[u8]) -> isize {
let d = bls_hashit(m);
let mut sc = Big::frombytes(&s);
diff --git a/src/ecdh.rs b/src/ecdh.rs
index 7a84d6b..934ea82 100644
--- a/src/ecdh.rs
+++ b/src/ecdh.rs
@@ -215,7 +215,7 @@ pub fn pbkdf2(sha: usize, pass: &[u8], salt: &[u8], rep: usize, olen: usize, k:
}
}
for j in 0..EFS {
- if kp < olen {
+ if kp < olen && kp < f.len() {
k[kp] = f[j]
}
kp += 1
@@ -225,10 +225,10 @@ pub fn pbkdf2(sha: usize, pass: &[u8], salt: &[u8], rep: usize, olen: usize, k:
/// Calculate HMAC of m using key k. HMAC is tag of length olen (which is length of tag)
pub fn hmac(sha: usize, m: &[u8], k: &[u8], olen: usize, tag: &mut [u8]) -> bool {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- let mut b: [u8; 64] = [0; 64]; /* Not good */
+ // Input is from an octet m
+ // olen is requested output length in bytes. k is the key
+ // The output is the calculated tag
+ let mut b: [u8; 64] = [0; 64]; // Not good
let mut k0: [u8; 128] = [0; 128];
if olen < 4 {
@@ -270,9 +270,9 @@ pub fn hmac(sha: usize, m: &[u8], k: &[u8], olen: usize, tag: &mut [u8]) -> bool
/// AES encryption/decryption. Encrypt byte array m using key k and returns ciphertext c
pub fn cbc_iv0_encrypt(k: &[u8], m: &[u8]) -> Vec<u8> {
- /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string m, output is to an octet string c */
- /* Input is padded as necessary to make up a full final block */
+ // AES CBC encryption, with Null IV and key K
+ // Input is from an octet string m, output is to an octet string c
+ // Input is padded as necessary to make up a full final block
let mut a = AES::new();
let mut fin = false;
let mut c: Vec<u8> = Vec::new();
@@ -304,7 +304,7 @@ pub fn cbc_iv0_encrypt(k: &[u8], m: &[u8]) -> Vec<u8> {
}
}
- /* last block, filled up to i-th index */
+ // last block, filled up to i-th index
let padlen = 16 - i;
for j in i..16 {
@@ -322,7 +322,7 @@ pub fn cbc_iv0_encrypt(k: &[u8], m: &[u8]) -> Vec<u8> {
/// Returns plaintext if all consistent, else returns null string
pub fn cbc_iv0_decrypt(k: &[u8], c: &[u8]) -> Option<Vec<u8>> {
- /* padding is removed */
+ // padding is removed
let mut a = AES::new();
let mut fin = false;
let mut m: Vec<u8> = Vec::new();
@@ -500,7 +500,7 @@ pub fn ecpsp_dsa(
let r = Big::new_ints(&rom::CURVE_ORDER);
- let sc = Big::frombytes(s); /* s or &s? */
+ let sc = Big::frombytes(s); // s or &s?
let fb = Big::frombytes(&b);
let mut cb = Big::new();
@@ -510,7 +510,7 @@ pub fn ecpsp_dsa(
while db.iszilch() {
let mut u = Big::randomnum(&r, rng);
- let w = Big::randomnum(&r, rng); /* side channel masking */
+ let w = Big::randomnum(&r, rng); // side channel masking
V.copy(&G);
V = V.mul(&u);
@@ -559,8 +559,8 @@ pub fn ecpvp_dsa(sha: usize, w: &[u8], f: &[u8], c: &[u8], d: &[u8]) -> isize {
let r = Big::new_ints(&rom::CURVE_ORDER);
- let cb = Big::frombytes(c); /* c or &c ? */
- let mut db = Big::frombytes(d); /* d or &d ? */
+ let cb = Big::frombytes(c); // c or &c ?
+ let mut db = Big::frombytes(d); // d or &d ?
let mut fb = Big::frombytes(&b);
let mut tb = Big::new();
diff --git a/src/mpin.rs b/src/mpin.rs
index 795fc50..23b46a2 100644
--- a/src/mpin.rs
+++ b/src/mpin.rs
@@ -35,10 +35,9 @@ use hash384::HASH384;
use hash512::HASH512;
use rand::RAND;
-/* MPIN API Functions */
-
-/* Configure mode of operation */
+// MPIN API Functions
+// Configure mode of operation
pub const EFS: usize = big::MODBYTES as usize;
pub const EGS: usize = big::MODBYTES as usize;
pub const BAD_PARAMS: isize = -11;
@@ -49,12 +48,11 @@ pub const SHA256: usize = 32;
pub const SHA384: usize = 48;
pub const SHA512: usize = 64;
-/* Configure your PIN here */
-
-pub const MAXPIN: i32 = 10000; /* PIN less than this */
-pub const PBLEN: i32 = 14; /* Number of bits in PIN */
-pub const TS: usize = 10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
-pub const TRAP: usize = 200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
+// Configure your PIN here
+pub const MAXPIN: i32 = 10000; // PIN less than this
+pub const PBLEN: i32 = 14; // Number of bits in PIN
+pub const TS: usize = 10; // 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN)
+pub const TRAP: usize = 200; // 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN)
#[allow(non_snake_case)]
fn hash(sha: usize, c: &mut FP4, U: &mut ECP, r: &mut [u8]) -> bool {
@@ -117,8 +115,7 @@ fn hash(sha: usize, c: &mut FP4, U: &mut ECP, r: &mut [u8]) -> bool {
return false;
}
-/* Hash number (optional) and string to point on curve */
-
+/// Hash number (optional) and string to point on curve
fn hashit(sha: usize, n: usize, id: &[u8], w: &mut [u8]) -> bool {
let mut r: [u8; 64] = [0; 64];
let mut didit = false;
@@ -180,7 +177,7 @@ fn hashit(sha: usize, n: usize, id: &[u8], w: &mut [u8]) -> bool {
return true;
}
-/* return time in slots since epoch */
+/// Return time in slots since epoch
pub fn today() -> usize {
return (SystemTime::now()
.duration_since(UNIX_EPOCH)
@@ -189,8 +186,8 @@ pub fn today() -> usize {
/ (60 * 1440)) as usize;
}
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
+// these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043
+/// Maps a random u to a point on the curve
#[allow(non_snake_case)]
fn emap(u: &Big, cb: isize) -> ECP {
let mut P: ECP;
@@ -208,7 +205,7 @@ fn emap(u: &Big, cb: isize) -> ECP {
return P;
}
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
+/// Returns u derived from P. Random value in range 1 to return value should then be added to u
#[allow(non_snake_case)]
fn unmap(u: &mut Big, P: &mut ECP) -> isize {
let s = P.gets();
@@ -232,9 +229,9 @@ pub fn hash_id(sha: usize, id: &[u8], w: &mut [u8]) -> bool {
return hashit(sha, 0, id, w);
}
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
+// These next two functions implement elligator squared - http://eprint.iacr.org/2014/043
+// Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v}
+// Note that u and v are indistinguisible from random strings
#[allow(non_snake_case)]
pub fn encoding(rng: &mut RAND, e: &mut [u8]) -> isize {
let mut t: [u8; EFS] = [0; EFS];
@@ -316,7 +313,7 @@ pub fn decoding(d: &mut [u8]) -> isize {
return 0;
}
-/* R=R1+R2 in group G1 */
+/// R=R1+R2 in group G1
#[allow(non_snake_case)]
pub fn recombine_g1(r1: &[u8], r2: &[u8], r: &mut [u8]) -> isize {
let mut P = ECP::frombytes(&r1);
@@ -332,7 +329,7 @@ pub fn recombine_g1(r1: &[u8], r2: &[u8], r: &mut [u8]) -> isize {
return 0;
}
-/* W=W1+W2 in group G2 */
+/// W=W1+W2 in group G2
#[allow(non_snake_case)]
pub fn recombine_g2(w1: &[u8], w2: &[u8], w: &mut [u8]) -> isize {
let mut P = ECP2::frombytes(&w1);
@@ -348,7 +345,7 @@ pub fn recombine_g2(w1: &[u8], w2: &[u8], w: &mut [u8]) -> isize {
return 0;
}
-/* create random secret S */
+/// create random secret S
pub fn random_generate(rng: &mut RAND, s: &mut [u8]) -> isize {
let r = Big::new_ints(&rom::CURVE_ORDER);
let sc = Big::randomnum(&r, rng);
@@ -356,7 +353,7 @@ pub fn random_generate(rng: &mut RAND, s: &mut [u8]) -> isize {
return 0;
}
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
+/// Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret
#[allow(non_snake_case)]
pub fn get_server_secret(s: &[u8], sst: &mut [u8]) -> isize {
let mut Q = ECP2::generator();
@@ -367,12 +364,10 @@ pub fn get_server_secret(s: &[u8], sst: &mut [u8]) -> isize {
return 0;
}
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
+/// W=x*H(G);
+/// if RNG == NULL then X is passed in
+/// if RNG != NULL the X is passed out
+/// if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
#[allow(non_snake_case)]
pub fn get_g1_multiple(
rng: Option<&mut RAND>,
@@ -405,19 +400,19 @@ pub fn get_g1_multiple(
return 0;
}
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
+/// Client secret CST=S*H(CID) where CID is client ID and S is master secret
+/// CID is hashed externally
pub fn get_client_secret(s: &mut [u8], cid: &[u8], cst: &mut [u8]) -> isize {
return get_g1_multiple(None, 1, s, cid, cst);
}
-/* Extract PIN from TOKEN for identity CID */
+/// Extract PIN from TOKEN for identity CID
#[allow(non_snake_case)]
pub fn extract_pin(sha: usize, cid: &[u8], pin: i32, token: &mut [u8]) -> isize {
return extract_factor(sha, cid, pin % MAXPIN, PBLEN, token);
}
-/* Extract factor from TOKEN for identity CID */
+/// Extract factor from TOKEN for identity CID
#[allow(non_snake_case)]
pub fn extract_factor(
sha: usize,
@@ -443,7 +438,7 @@ pub fn extract_factor(
return 0;
}
-/* Restore factor to TOKEN for identity CID */
+/// Restore factor to TOKEN for identity CID
#[allow(non_snake_case)]
pub fn restore_factor(
sha: usize,
@@ -469,7 +464,7 @@ pub fn restore_factor(
return 0;
}
-/* Functions to support M-Pin Full */
+/// Functions to support M-Pin Full
#[allow(non_snake_case)]
pub fn precompute(token: &[u8], cid: &[u8], g1: &mut [u8], g2: &mut [u8]) -> isize {
let T = ECP::frombytes(&token);
@@ -492,7 +487,7 @@ pub fn precompute(token: &[u8], cid: &[u8], g1: &mut [u8], g2: &mut [u8]) -> isi
return 0;
}
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
+/// Time Permit CTT=S*(date|H(CID)) where S is master secret
#[allow(non_snake_case)]
pub fn get_client_permit(sha: usize, date: usize, s: &[u8], cid: &[u8], ctt: &mut [u8]) -> isize {
const RM: usize = big::MODBYTES as usize;
@@ -505,7 +500,7 @@ pub fn get_client_permit(sha: usize, date: usize, s: &[u8], cid: &[u8], ctt: &mu
return 0;
}
-/* Implement step 1 on client side of MPin protocol */
+/// Implement step 1 on client side of MPin protocol
#[allow(non_snake_case)]
pub fn client_1(
sha: usize,
@@ -578,7 +573,7 @@ pub fn client_1(
return 0;
}
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
+/// Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID
#[allow(non_snake_case)]
pub fn server_1(sha: usize, date: usize, cid: &[u8], hid: &mut [u8], htid: Option<&mut [u8]>) {
const RM: usize = big::MODBYTES as usize;
@@ -600,7 +595,7 @@ pub fn server_1(sha: usize, date: usize, cid: &[u8], hid: &mut [u8], htid: Optio
}
}
-/* Implement step 2 on client side of MPin protocol */
+/// Implement step 2 on client side of MPin protocol
#[allow(non_snake_case)]
pub fn client_2(x: &[u8], y: &[u8], sec: &mut [u8]) -> isize {
let r = Big::new_ints(&rom::CURVE_ORDER);
@@ -621,7 +616,7 @@ pub fn client_2(x: &[u8], y: &[u8], sec: &mut [u8]) -> isize {
return 0;
}
-/* return time since epoch */
+/// return time since epoch
pub fn get_time() -> usize {
return (SystemTime::now()
.duration_since(UNIX_EPOCH)
@@ -629,7 +624,7 @@ pub fn get_time() -> usize {
.as_secs()) as usize;
}
-/* Generate Y = H(epoch, xCID/xID) */
+/// Generate Y = H(epoch, xCID/xID)
pub fn get_y(sha: usize, timevalue: usize, xcid: &[u8], y: &mut [u8]) {
const RM: usize = big::MODBYTES as usize;
let mut h: [u8; RM] = [0; RM];
@@ -642,7 +637,7 @@ pub fn get_y(sha: usize, timevalue: usize, xcid: &[u8], y: &mut [u8]) {
sy.tobytes(y);
}
-/* Implement step 2 of MPin protocol on server side */
+/// Implement step 2 of MPin protocol on server side
#[allow(non_snake_case)]
pub fn server_2(
date: usize,
@@ -739,7 +734,7 @@ pub fn server_2(
return 0;
}
-/* Pollards kangaroos used to return PIN error */
+/// Pollards kangaroos used to return PIN error
pub fn kangaroo(e: &[u8], f: &[u8]) -> isize {
let mut ge = FP12::frombytes(e);
let mut gf = FP12::frombytes(f);
@@ -790,8 +785,7 @@ pub fn kangaroo(e: &[u8], f: &[u8]) -> isize {
return res;
}
-/* Hash the M-Pin transcript - new */
-
+/// Hash the M-Pin transcript - new
pub fn hash_all(
sha: usize,
hid: &[u8],
@@ -847,8 +841,8 @@ pub fn hash_all(
return hashit(sha, 0, &t, h);
}
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
+/// Calculate common key on client side
+/// wCID = w.(A+AT)
#[allow(non_snake_case)]
pub fn client_key(
sha: usize,
@@ -889,8 +883,8 @@ pub fn client_key(
return 0;
}
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
+/// calculate common key on server side
+/// Z=r.A - no time permits involved
#[allow(non_snake_case)]
pub fn server_key(
sha: usize,
@@ -947,10 +941,9 @@ pub fn server_key(
mod tests {
use super::*;
use crate::test_utils::*;
- use std::io;
#[test]
- fn test_mpin() {
+ fn test_mpin_valid() {
let mut rng = create_rng();
pub const PERMITS: bool = true;
@@ -962,8 +955,8 @@ mod tests {
let mut hcid: [u8; RM] = [0; RM];
let mut hsid: [u8; RM] = [0; RM];
- const G1S: usize = 2 * EFS + 1; /* Group 1 Size */
- const G2S: usize = 4 * EFS; /* Group 2 Size */
+ const G1S: usize = 2 * EFS + 1; // Group 1 Size
+ const G2S: usize = 4 * EFS; // Group 2 Size
const EAS: usize = ecp::AESKEY;
let mut sst: [u8; G2S] = [0; G2S];
@@ -992,22 +985,22 @@ mod tests {
let sha = ecp::HASH_TYPE;
println!("\nTesting MPIN - PIN is 1234");
- /* Trusted Authority set-up */
+ // Trusted Authority set-up
random_generate(&mut rng, &mut s);
print!("Master Secret s: 0x");
printbinary(&s);
- /* Create Client Identity */
+ // Create Client Identity
let name = "testUser@miracl.com";
let client_id = name.as_bytes();
print!("Client ID= ");
printbinary(&client_id);
- hash_id(sha, &client_id, &mut hcid); /* Either Client or TA calculates Hash(ID) - you decide! */
+ hash_id(sha, &client_id, &mut hcid); // Either Client or TA calculates Hash(ID) - you decide!
- /* Client and Server are issued secrets by DTA */
+ // Client and Server are issued secrets by DTA
get_server_secret(&s, &mut sst);
print!("Server Secret SS: 0x");
printbinary(&sst);
@@ -1016,7 +1009,7 @@ mod tests {
print!("Client Secret CS: 0x");
printbinary(&token);
- /* Client extracts PIN from secret to create Token */
+ // Client extracts PIN from secret to create Token
let pin: i32 = 1234;
println!("Client extracts PIN= {}", pin);
let mut rtn = extract_pin(sha, &client_id, pin, &mut token);
@@ -1034,13 +1027,13 @@ mod tests {
let mut date = 0;
if PERMITS {
date = today();
- /* Client gets "Time Token" permit from DTA */
+ // Client gets "Time Token" permit from DTA
get_client_permit(sha, date, &s, &hcid, &mut permit);
print!("Time Permit TP: 0x");
printbinary(&permit);
- /* This encoding makes Time permit look random - Elligator squared */
+ // This encoding makes Time permit look random - Elligator squared
encoding(&mut rng, &mut permit);
print!("Encoded Time Permit TP: 0x");
printbinary(&permit);
@@ -1049,15 +1042,10 @@ mod tests {
printbinary(&permit);
}
- print!("\nPIN= ");
- let _ = io::Write::flush(&mut io::stdout());
- let mut input_text = String::new();
- let _ = io::stdin().read_line(&mut input_text);
-
- let pin = input_text.trim().parse::<usize>().unwrap();
+ let pin = 1234;
println!("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
+ // Send U=x.ID to server, and recreate secret from token and pin
rtn = client_1(
sha,
date,
@@ -1077,10 +1065,10 @@ mod tests {
if FULL {
hash_id(sha, &client_id, &mut hcid);
- get_g1_multiple(Some(&mut rng), 1, &mut r, &hcid, &mut z); /* Also Send Z=r.ID to Server, remember random r */
+ get_g1_multiple(Some(&mut rng), 1, &mut r, &hcid, &mut z); // Also Send Z=r.ID to Server, remember random r
}
- /* Server calculates H(ID) and H(T|H(ID)) (if time PERMITS enabled), and maps them to points on the curve HID and HTID resp. */
+ // Server calculates H(ID) and H(T|H(ID)) (if time PERMITS enabled), and maps them to points on the curve HID and HTID resp.
server_1(sha, date, &client_id, &mut hid, Some(&mut htid[..]));
@@ -1090,22 +1078,22 @@ mod tests {
rhid.clone_from_slice(&hid[..]);
}
- /* Server generates Random number Y and sends it to Client */
+ // Server generates Random number Y and sends it to Client
random_generate(&mut rng, &mut y);
if FULL {
hash_id(sha, &client_id, &mut hsid);
- get_g1_multiple(Some(&mut rng), 0, &mut w, &rhid, &mut t); /* Also send T=w.ID to client, remember random w */
+ get_g1_multiple(Some(&mut rng), 0, &mut w, &rhid, &mut t); // Also send T=w.ID to client, remember random w
}
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
+ // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
rtn = client_2(&x, &y, &mut sec);
if rtn != 0 {
println!("FAILURE: CLIENT_2 rtn: {}", rtn);
}
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
+ // Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
+ // If PIN error not required, set E and F = null
if !PINERROR {
rtn = server_2(
diff --git a/src/mpin192.rs b/src/mpin192.rs
index d2ed7b9..a8a40b0 100644
--- a/src/mpin192.rs
+++ b/src/mpin192.rs
@@ -35,10 +35,9 @@ use hash384::HASH384;
use hash512::HASH512;
use rand::RAND;
-/* MPIN API Functions */
-
-/* Configure mode of operation */
+// MPIN API Functions
+// Configure mode of operation
pub const EFS: usize = big::MODBYTES as usize;
pub const EGS: usize = big::MODBYTES as usize;
pub const BAD_PARAMS: isize = -11;
@@ -49,12 +48,11 @@ pub const SHA256: usize = 32;
pub const SHA384: usize = 48;
pub const SHA512: usize = 64;
-/* Configure your PIN here */
-
-pub const MAXPIN: i32 = 10000; /* PIN less than this */
-pub const PBLEN: i32 = 14; /* Number of bits in PIN */
-pub const TS: usize = 10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
-pub const TRAP: usize = 200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
+// Configure your PIN here
+pub const MAXPIN: i32 = 10000; // PIN less than this
+pub const PBLEN: i32 = 14; // Number of bits in PIN
+pub const TS: usize = 10; // 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN)
+pub const TRAP: usize = 200; // 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN)
#[allow(non_snake_case)]
fn hash(sha: usize, c: &mut FP8, U: &mut ECP, r: &mut [u8]) -> bool {
@@ -133,8 +131,7 @@ fn hash(sha: usize, c: &mut FP8, U: &mut ECP, r: &mut [u8]) -> bool {
return false;
}
-/* Hash number (optional) and string to point on curve */
-
+/// Hash number (optional) and string to point on curve
fn hashit(sha: usize, n: usize, id: &[u8], w: &mut [u8]) -> bool {
let mut r: [u8; 64] = [0; 64];
let mut didit = false;
@@ -196,7 +193,7 @@ fn hashit(sha: usize, n: usize, id: &[u8], w: &mut [u8]) -> bool {
return true;
}
-/* return time in slots since epoch */
+/// return time in slots since epoch
pub fn today() -> usize {
return (SystemTime::now()
.duration_since(UNIX_EPOCH)
@@ -205,8 +202,8 @@ pub fn today() -> usize {
/ (60 * 1440)) as usize;
}
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
+// these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043
+/// Maps a random u to a point on the curve
#[allow(non_snake_case)]
fn emap(u: &Big, cb: isize) -> ECP {
let mut P: ECP;
@@ -224,7 +221,7 @@ fn emap(u: &Big, cb: isize) -> ECP {
return P;
}
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
+/// Returns u derived from P. Random value in range 1 to return value should then be added to u
#[allow(non_snake_case)]
fn unmap(u: &mut Big, P: &mut ECP) -> isize {
let s = P.gets();
@@ -248,9 +245,9 @@ pub fn hash_id(sha: usize, id: &[u8], w: &mut [u8]) -> bool {
return hashit(sha, 0, id, w);
}
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
+// these next two functions implement elligator squared - http://eprint.iacr.org/2014/043
+// Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v}
+// Note that u and v are indistinguisible from random strings
#[allow(non_snake_case)]
pub fn encoding(rng: &mut RAND, e: &mut [u8]) -> isize {
let mut t: [u8; EFS] = [0; EFS];
@@ -332,7 +329,7 @@ pub fn decoding(d: &mut [u8]) -> isize {
return 0;
}
-/* R=R1+R2 in group G1 */
+/// R=R1+R2 in group G1
#[allow(non_snake_case)]
pub fn recombine_g1(r1: &[u8], r2: &[u8], r: &mut [u8]) -> isize {
let mut P = ECP::frombytes(&r1);
@@ -348,7 +345,7 @@ pub fn recombine_g1(r1: &[u8], r2: &[u8], r: &mut [u8]) -> isize {
return 0;
}
-/* W=W1+W2 in group G2 */
+/// W=W1+W2 in group G2
#[allow(non_snake_case)]
pub fn recombine_g2(w1: &[u8], w2: &[u8], w: &mut [u8]) -> isize {
let mut P = ECP4::frombytes(&w1);
@@ -364,7 +361,7 @@ pub fn recombine_g2(w1: &[u8], w2: &[u8], w: &mut [u8]) -> isize {
return 0;
}
-/* create random secret S */
+/// Create random secret S
pub fn random_generate(rng: &mut RAND, s: &mut [u8]) -> isize {
let r = Big::new_ints(&rom::CURVE_ORDER);
let sc = Big::randomnum(&r, rng);
@@ -372,7 +369,7 @@ pub fn random_generate(rng: &mut RAND, s: &mut [u8]) -> isize {
return 0;
}
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
+/// Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret
#[allow(non_snake_case)]
pub fn get_server_secret(s: &[u8], sst: &mut [u8]) -> isize {
let mut Q = ECP4::generator();
@@ -382,12 +379,10 @@ pub fn get_server_secret(s: &[u8], sst: &mut [u8]) -> isize {
return 0;
}
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
+/// W=x*H(G);
+/// if RNG == NULL then X is passed in
+/// if RNG != NULL the X is passed out
+/// if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
#[allow(non_snake_case)]
pub fn get_g1_multiple(
rng: Option<&mut RAND>,
@@ -420,19 +415,19 @@ pub fn get_g1_multiple(
return 0;
}
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
+/// Client secret CST=S*H(CID) where CID is client ID and S is master secret
+/// CID is hashed externally
pub fn get_client_secret(s: &mut [u8], cid: &[u8], cst: &mut [u8]) -> isize {
return get_g1_multiple(None, 1, s, cid, cst);
}
-/* Extract PIN from TOKEN for identity CID */
+/// Extract PIN from TOKEN for identity CID
#[allow(non_snake_case)]
pub fn extract_pin(sha: usize, cid: &[u8], pin: i32, token: &mut [u8]) -> isize {
return extract_factor(sha, cid, pin % MAXPIN, PBLEN, token);
}
-/* Extract factor from TOKEN for identity CID */
+/// Extract factor from TOKEN for identity CID
#[allow(non_snake_case)]
pub fn extract_factor(
sha: usize,
@@ -458,7 +453,7 @@ pub fn extract_factor(
return 0;
}
-/* Restore factor to TOKEN for identity CID */
+/// Restore factor to TOKEN for identity CID
#[allow(non_snake_case)]
pub fn restore_factor(
sha: usize,
@@ -484,7 +479,7 @@ pub fn restore_factor(
return 0;
}
-/* Functions to support M-Pin Full */
+/// Functions to support M-Pin Full
#[allow(non_snake_case)]
pub fn precompute(token: &[u8], cid: &[u8], g1: &mut [u8], g2: &mut [u8]) -> isize {
let T = ECP::frombytes(&token);
@@ -507,7 +502,7 @@ pub fn precompute(token: &[u8], cid: &[u8], g1: &mut [u8], g2: &mut [u8]) -> isi
return 0;
}
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
+/// Time Permit CTT=S*(date|H(CID)) where S is master secret
#[allow(non_snake_case)]
pub fn get_client_permit(sha: usize, date: usize, s: &[u8], cid: &[u8], ctt: &mut [u8]) -> isize {
const RM: usize = big::MODBYTES as usize;
@@ -520,7 +515,7 @@ pub fn get_client_permit(sha: usize, date: usize, s: &[u8], cid: &[u8], ctt: &mu
return 0;
}
-/* Implement step 1 on client side of MPin protocol */
+/// Implement step 1 on client side of MPin protocol
#[allow(non_snake_case)]
pub fn client_1(
sha: usize,
@@ -593,7 +588,7 @@ pub fn client_1(
return 0;
}
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
+/// Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID
#[allow(non_snake_case)]
pub fn server_1(sha: usize, date: usize, cid: &[u8], hid: &mut [u8], htid: Option<&mut [u8]>) {
const RM: usize = big::MODBYTES as usize;
@@ -615,7 +610,7 @@ pub fn server_1(sha: usize, date: usize, cid: &[u8], hid: &mut [u8], htid: Optio
}
}
-/* Implement step 2 on client side of MPin protocol */
+/// Implement step 2 on client side of MPin protocol
#[allow(non_snake_case)]
pub fn client_2(x: &[u8], y: &[u8], sec: &mut [u8]) -> isize {
let mut r = Big::new_ints(&rom::CURVE_ORDER);
@@ -636,7 +631,7 @@ pub fn client_2(x: &[u8], y: &[u8], sec: &mut [u8]) -> isize {
return 0;
}
-/* return time since epoch */
+/// return time since epoch
pub fn get_time() -> usize {
return (SystemTime::now()
.duration_since(UNIX_EPOCH)
@@ -644,7 +639,7 @@ pub fn get_time() -> usize {
.as_secs()) as usize;
}
-/* Generate Y = H(epoch, xCID/xID) */
+/// Generate Y = H(epoch, xCID/xID)
pub fn get_y(sha: usize, timevalue: usize, xcid: &[u8], y: &mut [u8]) {
const RM: usize = big::MODBYTES as usize;
let mut h: [u8; RM] = [0; RM];
@@ -657,7 +652,7 @@ pub fn get_y(sha: usize, timevalue: usize, xcid: &[u8], y: &mut [u8]) {
sy.tobytes(y);
}
-/* Implement step 2 of MPin protocol on server side */
+/// Implement step 2 of MPin protocol on server side
#[allow(non_snake_case)]
pub fn server_2(
date: usize,
@@ -754,7 +749,7 @@ pub fn server_2(
return 0;
}
-/* Pollards kangaroos used to return PIN error */
+/// Pollards kangaroos used to return PIN error
pub fn kangaroo(e: &[u8], f: &[u8]) -> isize {
let mut ge = FP24::frombytes(e);
let mut gf = FP24::frombytes(f);
@@ -805,8 +800,7 @@ pub fn kangaroo(e: &[u8], f: &[u8]) -> isize {
return res;
}
-/* Hash the M-Pin transcript - new */
-
+/// Hash the M-Pin transcript - new
pub fn hash_all(
sha: usize,
hid: &[u8],
@@ -862,8 +856,8 @@ pub fn hash_all(
return hashit(sha, 0, &t, h);
}
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
+/// calculate common key on client side
+/// wCID = w.(A+AT)
#[allow(non_snake_case)]
pub fn client_key(
sha: usize,
@@ -904,8 +898,8 @@ pub fn client_key(
return 0;
}
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
+/// Calculate common key on server side
+/// Z=r.A - no time permits involved
#[allow(non_snake_case)]
pub fn server_key(
sha: usize,
@@ -962,24 +956,22 @@ pub fn server_key(
mod tests {
use super::*;
use crate::test_utils::*;
- use std::io;
#[test]
- fn test_mpin192() {
+ fn test_mpin192_valid() {
let mut rng = create_rng();
pub const PERMITS: bool = true;
pub const PINERROR: bool = true;
pub const FULL: bool = true;
- //pub const SINGLE_PASS:bool=false;
let mut s: [u8; EGS] = [0; EGS];
const RM: usize = EFS as usize;
let mut hcid: [u8; RM] = [0; RM];
let mut hsid: [u8; RM] = [0; RM];
- const G1S: usize = 2 * EFS + 1; /* Group 1 Size */
- const G2S: usize = 16 * EFS; /* Group 2 Size */
+ const G1S: usize = 2 * EFS + 1; // Group 1 Size
+ const G2S: usize = 16 * EFS; // Group 2 Size
const EAS: usize = ecp::AESKEY;
let mut sst: [u8; G2S] = [0; G2S];
@@ -1008,22 +1000,22 @@ mod tests {
let sha = ecp::HASH_TYPE;
println!("\nTesting MPIN - PIN is 1234");
- /* Trusted Authority set-up */
+ // Trusted Authority set-up
random_generate(&mut rng, &mut s);
print!("Master Secret s: 0x");
printbinary(&s);
- /* Create Client Identity */
+ // Create Client Identity
let name = "testUser@miracl.com";
let client_id = name.as_bytes();
print!("Client ID= ");
printbinary(&client_id);
- hash_id(sha, &client_id, &mut hcid); /* Either Client or TA calculates Hash(ID) - you decide! */
+ hash_id(sha, &client_id, &mut hcid); // Either Client or TA calculates Hash(ID) - you decide!
- /* Client and Server are issued secrets by DTA */
+ // Client and Server are issued secrets by DTA
get_server_secret(&s, &mut sst);
print!("Server Secret SS: 0x");
printbinary(&sst);
@@ -1032,7 +1024,7 @@ mod tests {
print!("Client Secret CS: 0x");
printbinary(&token);
- /* Client extracts PIN from secret to create Token */
+ // Client extracts PIN from secret to create Token
let pin: i32 = 1234;
println!("Client extracts PIN= {}", pin);
let mut rtn = extract_pin(sha, &client_id, pin, &mut token);
@@ -1050,13 +1042,13 @@ mod tests {
let mut date = 0;
if PERMITS {
date = today();
- /* Client gets "Time Token" permit from DTA */
+ // Client gets "Time Token" permit from DTA
get_client_permit(sha, date, &s, &hcid, &mut permit);
print!("Time Permit TP: 0x");
printbinary(&permit);
- /* This encoding makes Time permit look random - Elligator squared */
+ // This encoding makes Time permit look random - Elligator squared
encoding(&mut rng, &mut permit);
print!("Encoded Time Permit TP: 0x");
printbinary(&permit);
@@ -1065,15 +1057,10 @@ mod tests {
printbinary(&permit);
}
- print!("\nPIN= ");
- let _ = io::Write::flush(&mut io::stdout());
- let mut input_text = String::new();
- let _ = io::stdin().read_line(&mut input_text);
-
- let pin = input_text.trim().parse::<usize>().unwrap();
+ let pin = 1234;
println!("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
+ // Send U=x.ID to server, and recreate secret from token and pin
rtn = client_1(
sha,
date,
@@ -1093,10 +1080,10 @@ mod tests {
if FULL {
hash_id(sha, &client_id, &mut hcid);
- get_g1_multiple(Some(&mut rng), 1, &mut r, &hcid, &mut z); /* Also Send Z=r.ID to Server, remember random r */
+ get_g1_multiple(Some(&mut rng), 1, &mut r, &hcid, &mut z); // Also Send Z=r.ID to Server, remember random r
}
- /* Server calculates H(ID) and H(T|H(ID)) (if time PERMITS enabled), and maps them to points on the curve HID and HTID resp. */
+ // Server calculates H(ID) and H(T|H(ID)) (if time PERMITS enabled), and maps them to points on the curve HID and HTID resp.
server_1(sha, date, &client_id, &mut hid, Some(&mut htid[..]));
@@ -1106,22 +1093,22 @@ mod tests {
rhid.clone_from_slice(&hid[..]);
}
- /* Server generates Random number Y and sends it to Client */
+ // Server generates Random number Y and sends it to Client
random_generate(&mut rng, &mut y);
if FULL {
hash_id(sha, &client_id, &mut hsid);
- get_g1_multiple(Some(&mut rng), 0, &mut w, &rhid, &mut t); /* Also send T=w.ID to client, remember random w */
+ get_g1_multiple(Some(&mut rng), 0, &mut w, &rhid, &mut t); // Also send T=w.ID to client, remember random w
}
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
+ // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
rtn = client_2(&x, &y, &mut sec);
if rtn != 0 {
println!("FAILURE: CLIENT_2 rtn: {}", rtn);
}
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
+ // Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
+ // If PIN error not required, set E and F = null
if !PINERROR {
rtn = server_2(
diff --git a/src/mpin256.rs b/src/mpin256.rs
index 65a06d9..22db48e 100644
--- a/src/mpin256.rs
+++ b/src/mpin256.rs
@@ -35,10 +35,9 @@ use hash384::HASH384;
use hash512::HASH512;
use rand::RAND;
-/* MPIN API Functions */
-
-/* Configure mode of operation */
+// MPIN API Functions
+// Configure mode of operation
pub const EFS: usize = big::MODBYTES as usize;
pub const EGS: usize = big::MODBYTES as usize;
pub const BAD_PARAMS: isize = -11;
@@ -49,12 +48,11 @@ pub const SHA256: usize = 32;
pub const SHA384: usize = 48;
pub const SHA512: usize = 64;
-/* Configure your PIN here */
-
-pub const MAXPIN: i32 = 10000; /* PIN less than this */
-pub const PBLEN: i32 = 14; /* Number of bits in PIN */
-pub const TS: usize = 10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
-pub const TRAP: usize = 200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
+// Configure your PIN here
+pub const MAXPIN: i32 = 10000; // PIN less than this
+pub const PBLEN: i32 = 14; // Number of bits in PIN
+pub const TS: usize = 10; // 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN)
+pub const TRAP: usize = 200; // 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN)
#[allow(non_snake_case)]
fn hash(sha: usize, c: &mut FP16, U: &mut ECP, r: &mut [u8]) -> bool {
@@ -166,8 +164,7 @@ fn hash(sha: usize, c: &mut FP16, U: &mut ECP, r: &mut [u8]) -> bool {
return false;
}
-/* Hash number (optional) and string to point on curve */
-
+/// Hash number (optional) and string to point on curve
fn hashit(sha: usize, n: usize, id: &[u8], w: &mut [u8]) -> bool {
let mut r: [u8; 64] = [0; 64];
let mut didit = false;
@@ -229,7 +226,7 @@ fn hashit(sha: usize, n: usize, id: &[u8], w: &mut [u8]) -> bool {
return true;
}
-/* return time in slots since epoch */
+/// Return time in slots since epoch
pub fn today() -> usize {
return (SystemTime::now()
.duration_since(UNIX_EPOCH)
@@ -238,8 +235,8 @@ pub fn today() -> usize {
/ (60 * 1440)) as usize;
}
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
+/// these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043
+/// maps a random u to a point on the curve
#[allow(non_snake_case)]
fn emap(u: &Big, cb: isize) -> ECP {
let mut P: ECP;
@@ -257,7 +254,7 @@ fn emap(u: &Big, cb: isize) -> ECP {
return P;
}
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
+/// returns u derived from P. Random value in range 1 to return value should then be added to u
#[allow(non_snake_case)]
fn unmap(u: &mut Big, P: &mut ECP) -> isize {
let s = P.gets();
@@ -281,9 +278,9 @@ pub fn hash_id(sha: usize, id: &[u8], w: &mut [u8]) -> bool {
return hashit(sha, 0, id, w);
}
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
+// these next two functions implement elligator squared - http://eprint.iacr.org/2014/043
+// Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v}
+// Note that u and v are indistinguisible from random strings
#[allow(non_snake_case)]
pub fn encoding(rng: &mut RAND, e: &mut [u8]) -> isize {
let mut t: [u8; EFS] = [0; EFS];
@@ -365,7 +362,7 @@ pub fn decoding(d: &mut [u8]) -> isize {
return 0;
}
-/* R=R1+R2 in group G1 */
+/// R=R1+R2 in group G1
#[allow(non_snake_case)]
pub fn recombine_g1(r1: &[u8], r2: &[u8], r: &mut [u8]) -> isize {
let mut P = ECP::frombytes(&r1);
@@ -381,7 +378,7 @@ pub fn recombine_g1(r1: &[u8], r2: &[u8], r: &mut [u8]) -> isize {
return 0;
}
-/* W=W1+W2 in group G2 */
+/// W=W1+W2 in group G2
#[allow(non_snake_case)]
pub fn recombine_g2(w1: &[u8], w2: &[u8], w: &mut [u8]) -> isize {
let mut P = ECP8::frombytes(&w1);
@@ -397,7 +394,7 @@ pub fn recombine_g2(w1: &[u8], w2: &[u8], w: &mut [u8]) -> isize {
return 0;
}
-/* create random secret S */
+/// Create random secret S
pub fn random_generate(rng: &mut RAND, s: &mut [u8]) -> isize {
let r = Big::new_ints(&rom::CURVE_ORDER);
let sc = Big::randomnum(&r, rng);
@@ -405,7 +402,7 @@ pub fn random_generate(rng: &mut RAND, s: &mut [u8]) -> isize {
return 0;
}
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
+/// Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret
#[allow(non_snake_case)]
pub fn get_server_secret(s: &[u8], sst: &mut [u8]) -> isize {
let mut Q = ECP8::generator();
@@ -416,12 +413,10 @@ pub fn get_server_secret(s: &[u8], sst: &mut [u8]) -> isize {
return 0;
}
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
+/// W=x*H(G);
+/// if RNG == NULL then X is passed in
+/// if RNG != NULL the X is passed out
+// if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
#[allow(non_snake_case)]
pub fn get_g1_multiple(
rng: Option<&mut RAND>,
@@ -454,19 +449,19 @@ pub fn get_g1_multiple(
return 0;
}
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
+/// Client secret CST=S*H(CID) where CID is client ID and S is master secret
+/// CID is hashed externally
pub fn get_client_secret(s: &mut [u8], cid: &[u8], cst: &mut [u8]) -> isize {
return get_g1_multiple(None, 1, s, cid, cst);
}
-/* Extract PIN from TOKEN for identity CID */
+/// Extract PIN from TOKEN for identity CID
#[allow(non_snake_case)]
pub fn extract_pin(sha: usize, cid: &[u8], pin: i32, token: &mut [u8]) -> isize {
return extract_factor(sha, cid, pin % MAXPIN, PBLEN, token);
}
-/* Extract factor from TOKEN for identity CID */
+/// Extract factor from TOKEN for identity CID
#[allow(non_snake_case)]
pub fn extract_factor(
sha: usize,
@@ -492,7 +487,7 @@ pub fn extract_factor(
return 0;
}
-/* Restore factor to TOKEN for identity CID */
+/// Restore factor to TOKEN for identity CID
#[allow(non_snake_case)]
pub fn restore_factor(
sha: usize,
@@ -518,7 +513,7 @@ pub fn restore_factor(
return 0;
}
-/* Functions to support M-Pin Full */
+/// Functions to support M-Pin Full
#[allow(non_snake_case)]
pub fn precompute(token: &[u8], cid: &[u8], g1: &mut [u8], g2: &mut [u8]) -> isize {
let T = ECP::frombytes(&token);
@@ -541,7 +536,7 @@ pub fn precompute(token: &[u8], cid: &[u8], g1: &mut [u8], g2: &mut [u8]) -> isi
return 0;
}
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
+/// Time Permit CTT=S*(date|H(CID)) where S is master secret
#[allow(non_snake_case)]
pub fn get_client_permit(sha: usize, date: usize, s: &[u8], cid: &[u8], ctt: &mut [u8]) -> isize {
const RM: usize = big::MODBYTES as usize;
@@ -554,7 +549,7 @@ pub fn get_client_permit(sha: usize, date: usize, s: &[u8], cid: &[u8], ctt: &mu
return 0;
}
-/* Implement step 1 on client side of MPin protocol */
+/// Implement step 1 on client side of MPin protocol
#[allow(non_snake_case)]
pub fn client_1(
sha: usize,
@@ -627,7 +622,7 @@ pub fn client_1(
return 0;
}
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
+/// Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID
#[allow(non_snake_case)]
pub fn server_1(sha: usize, date: usize, cid: &[u8], hid: &mut [u8], htid: Option<&mut [u8]>) {
const RM: usize = big::MODBYTES as usize;
@@ -649,7 +644,7 @@ pub fn server_1(sha: usize, date: usize, cid: &[u8], hid: &mut [u8], htid: Optio
}
}
-/* Implement step 2 on client side of MPin protocol */
+/// Implement step 2 on client side of MPin protocol
#[allow(non_snake_case)]
pub fn client_2(x: &[u8], y: &[u8], sec: &mut [u8]) -> isize {
let mut r = Big::new_ints(&rom::CURVE_ORDER);
@@ -670,7 +665,7 @@ pub fn client_2(x: &[u8], y: &[u8], sec: &mut [u8]) -> isize {
return 0;
}
-/* return time since epoch */
+/// Return time since epoch
pub fn get_time() -> usize {
return (SystemTime::now()
.duration_since(UNIX_EPOCH)
@@ -678,7 +673,7 @@ pub fn get_time() -> usize {
.as_secs()) as usize;
}
-/* Generate Y = H(epoch, xCID/xID) */
+/// Generate Y = H(epoch, xCID/xID)
pub fn get_y(sha: usize, timevalue: usize, xcid: &[u8], y: &mut [u8]) {
const RM: usize = big::MODBYTES as usize;
let mut h: [u8; RM] = [0; RM];
@@ -691,7 +686,7 @@ pub fn get_y(sha: usize, timevalue: usize, xcid: &[u8], y: &mut [u8]) {
sy.tobytes(y);
}
-/* Implement step 2 of MPin protocol on server side */
+/// Implement step 2 of MPin protocol on server side
#[allow(non_snake_case)]
pub fn server_2(
date: usize,
@@ -788,7 +783,7 @@ pub fn server_2(
return 0;
}
-/* Pollards kangaroos used to return PIN error */
+/// Pollards kangaroos used to return PIN error
pub fn kangaroo(e: &[u8], f: &[u8]) -> isize {
let mut ge = FP48::frombytes(e);
let mut gf = FP48::frombytes(f);
@@ -839,8 +834,7 @@ pub fn kangaroo(e: &[u8], f: &[u8]) -> isize {
return res;
}
-/* Hash the M-Pin transcript - new */
-
+/// Hash the M-Pin transcript - new
pub fn hash_all(
sha: usize,
hid: &[u8],
@@ -896,8 +890,8 @@ pub fn hash_all(
return hashit(sha, 0, &t, h);
}
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
+/// Calculate common key on client side
+/// wCID = w.(A+AT)
#[allow(non_snake_case)]
pub fn client_key(
sha: usize,
@@ -938,8 +932,8 @@ pub fn client_key(
return 0;
}
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
+/// Calculate common key on server side
+/// Z=r.A - no time permits involved
#[allow(non_snake_case)]
pub fn server_key(
sha: usize,
@@ -996,24 +990,22 @@ pub fn server_key(
mod tests {
use super::*;
use crate::test_utils::*;
- use std::io;
#[test]
- fn test_mpin256() {
+ fn test_mpin256_valid() {
let mut rng = create_rng();
pub const PERMITS: bool = true;
pub const PINERROR: bool = true;
pub const FULL: bool = true;
- //pub const SINGLE_PASS:bool=false;
let mut s: [u8; EGS] = [0; EGS];
const RM: usize = EFS as usize;
let mut hcid: [u8; RM] = [0; RM];
let mut hsid: [u8; RM] = [0; RM];
- const G1S: usize = 2 * EFS + 1; /* Group 1 Size */
- const G2S: usize = 16 * EFS; /* Group 2 Size */
+ const G1S: usize = 2 * EFS + 1; // Group 1 Size
+ const G2S: usize = 16 * EFS; // Group 2 Size
const EAS: usize = ecp::AESKEY;
let mut sst: [u8; G2S] = [0; G2S];
@@ -1042,22 +1034,22 @@ mod tests {
let sha = ecp::HASH_TYPE;
println!("\nTesting MPIN - PIN is 1234");
- /* Trusted Authority set-up */
+ // Trusted Authority set-up
random_generate(&mut rng, &mut s);
print!("Master Secret s: 0x");
printbinary(&s);
- /* Create Client Identity */
+ // Create Client Identity
let name = "testUser@miracl.com";
let client_id = name.as_bytes();
print!("Client ID= ");
printbinary(&client_id);
- hash_id(sha, &client_id, &mut hcid); /* Either Client or TA calculates Hash(ID) - you decide! */
+ hash_id(sha, &client_id, &mut hcid); // Either Client or TA calculates Hash(ID) - you decide!
- /* Client and Server are issued secrets by DTA */
+ // Client and Server are issued secrets by DTA
get_server_secret(&s, &mut sst);
print!("Server Secret SS: 0x");
printbinary(&sst);
@@ -1066,7 +1058,7 @@ mod tests {
print!("Client Secret CS: 0x");
printbinary(&token);
- /* Client extracts PIN from secret to create Token */
+ // Client extracts PIN from secret to create Token
let pin: i32 = 1234;
println!("Client extracts PIN= {}", pin);
let mut rtn = extract_pin(sha, &client_id, pin, &mut token);
@@ -1084,13 +1076,13 @@ mod tests {
let mut date = 0;
if PERMITS {
date = today();
- /* Client gets "Time Token" permit from DTA */
+ // Client gets "Time Token" permit from DTA
get_client_permit(sha, date, &s, &hcid, &mut permit);
print!("Time Permit TP: 0x");
printbinary(&permit);
- /* This encoding makes Time permit look random - Elligator squared */
+ // This encoding makes Time permit look random - Elligator squared
encoding(&mut rng, &mut permit);
print!("Encoded Time Permit TP: 0x");
printbinary(&permit);
@@ -1099,15 +1091,10 @@ mod tests {
printbinary(&permit);
}
- print!("\nPIN= ");
- let _ = io::Write::flush(&mut io::stdout());
- let mut input_text = String::new();
- let _ = io::stdin().read_line(&mut input_text);
-
- let pin = input_text.trim().parse::<usize>().unwrap();
+ let pin = 1234;
println!("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
+ // Send U=x.ID to server, and recreate secret from token and pin
rtn = client_1(
sha,
date,
@@ -1127,10 +1114,10 @@ mod tests {
if FULL {
hash_id(sha, &client_id, &mut hcid);
- get_g1_multiple(Some(&mut rng), 1, &mut r, &hcid, &mut z); /* Also Send Z=r.ID to Server, remember random r */
+ get_g1_multiple(Some(&mut rng), 1, &mut r, &hcid, &mut z); // Also Send Z=r.ID to Server, remember random r
}
- /* Server calculates H(ID) and H(T|H(ID)) (if time PERMITS enabled), and maps them to points on the curve HID and HTID resp. */
+ // Server calculates H(ID) and H(T|H(ID)) (if time PERMITS enabled), and maps them to points on the curve HID and HTID resp.
server_1(sha, date, &client_id, &mut hid, Some(&mut htid[..]));
@@ -1140,22 +1127,22 @@ mod tests {
rhid.clone_from_slice(&hid[..]);
}
- /* Server generates Random number Y and sends it to Client */
+ // Server generates Random number Y and sends it to Client
random_generate(&mut rng, &mut y);
if FULL {
hash_id(sha, &client_id, &mut hsid);
- get_g1_multiple(Some(&mut rng), 0, &mut w, &rhid, &mut t); /* Also send T=w.ID to client, remember random w */
+ get_g1_multiple(Some(&mut rng), 0, &mut w, &rhid, &mut t); // Also send T=w.ID to client, remember random w
}
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
+ // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
rtn = client_2(&x, &y, &mut sec);
if rtn != 0 {
println!("FAILURE: CLIENT_2 rtn: {}", rtn);
}
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
+ // Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
+ // If PIN error not required, set E and F = null
if !PINERROR {
rtn = server_2(