src/mpin192.c.in [219:358]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return res; } /* create random secret S */ int MPIN_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S) { BIG_XXX r,s; BIG_XXX_rcopy(r,CURVE_Order_ZZZ); BIG_XXX_randomnum(s,r,RNG); #ifdef AES_S BIG_XXX_mod2m(s,2*AES_S); #endif BIG_XXX_toBytes(S->val,s); S->len=MODBYTES_XXX; return 0; } /* Extract PIN from TOKEN for identity CID */ int MPIN_ZZZ_EXTRACT_PIN(int sha,octet *CID,int pin,octet *TOKEN) { pin%=MAXPIN; return MPIN_ZZZ_EXTRACT_FACTOR(sha,CID,pin,PBLEN,TOKEN); } /* Extract a factor < 32 bits for identity CID */ int MPIN_ZZZ_EXTRACT_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN) { ECP_ZZZ P,R; int res=0; char h[MODBYTES_XXX]; octet H= {0,sizeof(h),h}; if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT; if (res==0) { mhashit(sha,-1,CID,&H); ECP_ZZZ_mapit(&R,&H); ECP_ZZZ_pinmul(&R,factor,facbits); ECP_ZZZ_sub(&P,&R); ECP_ZZZ_toOctet(TOKEN,&P,false); } return res; } /* Extract a factor < 32 bits for identity CID */ int MPIN_ZZZ_RESTORE_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN) { ECP_ZZZ P,R; int res=0; char h[MODBYTES_XXX]; octet H= {0,sizeof(h),h}; if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT; if (res==0) { mhashit(sha,-1,CID,&H); ECP_ZZZ_mapit(&R,&H); ECP_ZZZ_pinmul(&R,factor,facbits); ECP_ZZZ_add(&P,&R); ECP_ZZZ_toOctet(TOKEN,&P,false); } return res; } /* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */ int MPIN_ZZZ_CLIENT_2(octet *X,octet *Y,octet *SEC) { BIG_XXX px,py,r; ECP_ZZZ P; int res=0; BIG_XXX_rcopy(r,CURVE_Order_ZZZ); if (!ECP_ZZZ_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT; if (res==0) { BIG_XXX_fromBytes(px,X->val); BIG_XXX_fromBytes(py,Y->val); BIG_XXX_add(px,px,py); BIG_XXX_mod(px,r); PAIR_ZZZ_G1mul(&P,px); ECP_ZZZ_neg(&P); ECP_ZZZ_toOctet(SEC,&P,false); } return res; } /* W=x*H(G); if RNG == NULL then X is passed in if RNG != NULL the X is passed out if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve */ int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W) { ECP_ZZZ P; BIG_XXX r,x; int res=0; if (RNG!=NULL) { BIG_XXX_rcopy(r,CURVE_Order_ZZZ); BIG_XXX_randomnum(x,r,RNG); #ifdef AES_S BIG_XXX_mod2m(x,2*AES_S); #endif X->len=MODBYTES_XXX; BIG_XXX_toBytes(X->val,x); } else BIG_XXX_fromBytes(x,X->val); if (type==0) { if (!ECP_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT; } else { ECP_ZZZ_mapit(&P,G); } if (res==0) { PAIR_ZZZ_G1mul(&P,x); ECP_ZZZ_toOctet(W,&P,false); } return res; } /* if RNG == NULL then X is passed in if RNG != NULL the X is passed out W=x*G where G is point on the curve if type==1 W=(x^-1)G */ int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/mpin256.c.in [242:381]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - return res; } /* create random secret S */ int MPIN_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S) { BIG_XXX r,s; BIG_XXX_rcopy(r,CURVE_Order_ZZZ); BIG_XXX_randomnum(s,r,RNG); #ifdef AES_S BIG_XXX_mod2m(s,2*AES_S); #endif BIG_XXX_toBytes(S->val,s); S->len=MODBYTES_XXX; return 0; } /* Extract PIN from TOKEN for identity CID */ int MPIN_ZZZ_EXTRACT_PIN(int sha,octet *CID,int pin,octet *TOKEN) { pin%=MAXPIN; return MPIN_ZZZ_EXTRACT_FACTOR(sha,CID,pin,PBLEN,TOKEN); } /* Extract a factor < 32 bits for identity CID */ int MPIN_ZZZ_EXTRACT_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN) { ECP_ZZZ P,R; int res=0; char h[MODBYTES_XXX]; octet H= {0,sizeof(h),h}; if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT; if (res==0) { mhashit(sha,-1,CID,&H); ECP_ZZZ_mapit(&R,&H); ECP_ZZZ_pinmul(&R,factor,facbits); ECP_ZZZ_sub(&P,&R); ECP_ZZZ_toOctet(TOKEN,&P,false); } return res; } /* Extract a factor < 32 bits for identity CID */ int MPIN_ZZZ_RESTORE_FACTOR(int sha,octet *CID,int factor,int facbits,octet *TOKEN) { ECP_ZZZ P,R; int res=0; char h[MODBYTES_XXX]; octet H= {0,sizeof(h),h}; if (!ECP_ZZZ_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT; if (res==0) { mhashit(sha,-1,CID,&H); ECP_ZZZ_mapit(&R,&H); ECP_ZZZ_pinmul(&R,factor,facbits); ECP_ZZZ_add(&P,&R); ECP_ZZZ_toOctet(TOKEN,&P,false); } return res; } /* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */ int MPIN_ZZZ_CLIENT_2(octet *X,octet *Y,octet *SEC) { BIG_XXX px,py,r; ECP_ZZZ P; int res=0; BIG_XXX_rcopy(r,CURVE_Order_ZZZ); if (!ECP_ZZZ_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT; if (res==0) { BIG_XXX_fromBytes(px,X->val); BIG_XXX_fromBytes(py,Y->val); BIG_XXX_add(px,px,py); BIG_XXX_mod(px,r); PAIR_ZZZ_G1mul(&P,px); ECP_ZZZ_neg(&P); ECP_ZZZ_toOctet(SEC,&P,false); } return res; } /* W=x*H(G); if RNG == NULL then X is passed in if RNG != NULL the X is passed out if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve */ int MPIN_ZZZ_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W) { ECP_ZZZ P; BIG_XXX r,x; int res=0; if (RNG!=NULL) { BIG_XXX_rcopy(r,CURVE_Order_ZZZ); BIG_XXX_randomnum(x,r,RNG); #ifdef AES_S BIG_XXX_mod2m(x,2*AES_S); #endif X->len=MODBYTES_XXX; BIG_XXX_toBytes(X->val,x); } else BIG_XXX_fromBytes(x,X->val); if (type==0) { if (!ECP_ZZZ_fromOctet(&P,G)) res=MPIN_INVALID_POINT; } else { ECP_ZZZ_mapit(&P,G); } if (res==0) { PAIR_ZZZ_G1mul(&P,x); ECP_ZZZ_toOctet(W,&P,false); } return res; } /* if RNG == NULL then X is passed in if RNG != NULL the X is passed out W=x*G where G is point on the curve if type==1 W=(x^-1)G */ int MPIN_ZZZ_GET_G2_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -