src/mpin192.c.in [386:478]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return res; } /* Client secret CST=s*H(CID) where CID is client ID and s is master secret */ /* CID is hashed externally */ int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST) { return MPIN_ZZZ_GET_G1_MULTIPLE(NULL,1,S,CID,CST); } /* Implement step 1 on client side of MPin protocol */ int MPIN_ZZZ_CLIENT_1(int sha,int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT) { BIG_XXX r,x; ECP_ZZZ P,T,W; int res=0; char h[MODBYTES_XXX]; octet H= {0,sizeof(h),h}; BIG_XXX_rcopy(r,CURVE_Order_ZZZ); if (RNG!=NULL) { BIG_XXX_randomnum(x,r,RNG); #ifdef AES_S BIG_XXX_mod2m(x,2*AES_S); #endif X->len=MODBYTES_XXX; BIG_XXX_toBytes(X->val,x); } else BIG_XXX_fromBytes(x,X->val); mhashit(sha,-1,CLIENT_ID,&H); ECP_ZZZ_mapit(&P,&H); if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT; if (res==0) { pin%=MAXPIN; ECP_ZZZ_copy(&W,&P); // W=H(ID) ECP_ZZZ_pinmul(&W,pin,PBLEN); // W=alpha.H(ID) ECP_ZZZ_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID) if (date) { if (PERMIT!=NULL) { if (!ECP_ZZZ_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT; ECP_ZZZ_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID) } mhashit(sha,date,&H,&H); ECP_ZZZ_mapit(&W,&H); if (xID!=NULL) { PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID) ECP_ZZZ_toOctet(xID,&P,false); // xID PAIR_ZZZ_G1mul(&W,x); // W=x.H(T|ID) ECP_ZZZ_add(&P,&W); } else { ECP_ZZZ_add(&P,&W); PAIR_ZZZ_G1mul(&P,x); } if (xCID!=NULL) ECP_ZZZ_toOctet(xCID,&P,false); // U } else { if (xID!=NULL) { PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID) ECP_ZZZ_toOctet(xID,&P,false); // xID } } } if (res==0) { ECP_ZZZ_toOctet(SEC,&T,false); // V } return res; } /* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */ int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SST) { BIG_XXX r,s; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/mpin256.c.in [409:501]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return res; } /* Client secret CST=s*H(CID) where CID is client ID and s is master secret */ /* CID is hashed externally */ int MPIN_ZZZ_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST) { return MPIN_ZZZ_GET_G1_MULTIPLE(NULL,1,S,CID,CST); } /* Implement step 1 on client side of MPin protocol */ int MPIN_ZZZ_CLIENT_1(int sha,int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT) { BIG_XXX r,x; ECP_ZZZ P,T,W; int res=0; char h[MODBYTES_XXX]; octet H= {0,sizeof(h),h}; BIG_XXX_rcopy(r,CURVE_Order_ZZZ); if (RNG!=NULL) { BIG_XXX_randomnum(x,r,RNG); #ifdef AES_S BIG_XXX_mod2m(x,2*AES_S); #endif X->len=MODBYTES_XXX; BIG_XXX_toBytes(X->val,x); } else BIG_XXX_fromBytes(x,X->val); mhashit(sha,-1,CLIENT_ID,&H); ECP_ZZZ_mapit(&P,&H); if (!ECP_ZZZ_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT; if (res==0) { pin%=MAXPIN; ECP_ZZZ_copy(&W,&P); // W=H(ID) ECP_ZZZ_pinmul(&W,pin,PBLEN); // W=alpha.H(ID) ECP_ZZZ_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID) if (date) { if (PERMIT!=NULL) { if (!ECP_ZZZ_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT; ECP_ZZZ_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID) } mhashit(sha,date,&H,&H); ECP_ZZZ_mapit(&W,&H); if (xID!=NULL) { PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID) ECP_ZZZ_toOctet(xID,&P,false); // xID PAIR_ZZZ_G1mul(&W,x); // W=x.H(T|ID) ECP_ZZZ_add(&P,&W); } else { ECP_ZZZ_add(&P,&W); PAIR_ZZZ_G1mul(&P,x); } if (xCID!=NULL) ECP_ZZZ_toOctet(xCID,&P,false); // U } else { if (xID!=NULL) { PAIR_ZZZ_G1mul(&P,x); // P=x.H(ID) ECP_ZZZ_toOctet(xID,&P,false); // xID } } } if (res==0) { ECP_ZZZ_toOctet(SEC,&T,false); // V } return res; } /* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */ int MPIN_ZZZ_GET_SERVER_SECRET(octet *S,octet *SST) { BIG_XXX r,s; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -