/* W=W1+W2 in group G2 */ public static int RECOMBINE_G2(sbyte[] W1, sbyte[] W2, sbyte[] W) { ECP2 P = ECP2.fromBytes(W1); ECP2 Q = ECP2.fromBytes(W2); if (P.is_infinity() || Q.is_infinity()) { return(INVALID_POINT); } P.add(Q); P.toBytes(W); return(0); }
/* calculate common key on server side */ /* Z=r.A - no time permits involved */ public static int SERVER_KEY(sbyte[] Z, sbyte[] SST, sbyte[] W, sbyte[] xID, sbyte[] xCID, sbyte[] SK) { HASH H = new HASH(); sbyte[] t = new sbyte[EFS]; ECP2 sQ = ECP2.fromBytes(SST); if (sQ.is_infinity()) { return(INVALID_POINT); } ECP R = ECP.fromBytes(Z); if (R.is_infinity()) { return(INVALID_POINT); } ECP U; if (xCID != null) { U = ECP.fromBytes(xCID); } else { U = ECP.fromBytes(xID); } if (U.is_infinity()) { return(INVALID_POINT); } BIG w = BIG.fromBytes(W); U = PAIR.G1mul(U, w); FP12 g = PAIR.ate(sQ, R); g = PAIR.fexp(g); FP4 c = g.trace(); c.geta().A.toBytes(t); H.process_array(t); c.geta().B.toBytes(t); H.process_array(t); c.getb().A.toBytes(t); H.process_array(t); c.getb().B.toBytes(t); H.process_array(t); U.X.toBytes(t); H.process_array(t); U.Y.toBytes(t); H.process_array(t); t = H.hash(); for (int i = 0; i < PAS; i++) { SK[i] = t[i]; } return(0); }
/* Implement step 2 of MPin protocol on server side */ public static int SERVER_2(int date, sbyte[] HID, sbyte[] HTID, sbyte[] Y, sbyte[] SST, sbyte[] xID, sbyte[] xCID, sbyte[] mSEC, sbyte[] E, sbyte[] F) { BIG q = new BIG(ROM.Modulus); ECP2 Q = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa), new BIG(ROM.CURVE_Pxb)), new FP2(new BIG(ROM.CURVE_Pya), new BIG(ROM.CURVE_Pyb))); ECP2 sQ = ECP2.fromBytes(SST); if (sQ.is_infinity()) { return(INVALID_POINT); } ECP R; if (date != 0) { R = ECP.fromBytes(xCID); } else { if (xID == null) { return(BAD_PARAMS); } R = ECP.fromBytes(xID); } if (R.is_infinity()) { return(INVALID_POINT); } BIG y = BIG.fromBytes(Y); ECP P; if (date != 0) { P = ECP.fromBytes(HTID); } else { if (HID == null) { return(BAD_PARAMS); } P = ECP.fromBytes(HID); } if (P.is_infinity()) { return(INVALID_POINT); } P = PAIR.G1mul(P, y); P.add(R); R = ECP.fromBytes(mSEC); if (R.is_infinity()) { return(INVALID_POINT); } FP12 g; // FP12 g1=new FP12(0); g = PAIR.ate2(Q, R, sQ, P); g = PAIR.fexp(g); if (!g.isunity()) { if (HID != null && xID != null && E != null && F != null) { g.toBytes(E); if (date != 0) { P = ECP.fromBytes(HID); if (P.is_infinity()) { return(INVALID_POINT); } R = ECP.fromBytes(xID); if (R.is_infinity()) { return(INVALID_POINT); } P = PAIR.G1mul(P, y); P.add(R); } g = PAIR.ate(Q, P); g = PAIR.fexp(g); g.toBytes(F); } return(BAD_PIN); } return(0); }