예제 #1
0
/* Pollards kangaroos used to return PIN error */
    public static int KANGAROO(sbyte[] E, sbyte[] F)
    {
        FP12 ge = FP12.fromBytes(E);
        FP12 gf = FP12.fromBytes(F);

        int[] distance = new int[TS];
        FP12  t        = new FP12(gf);

        FP12[] table = new FP12[TS];
        int    i, j, m, s, dn, dm, res, steps;

        s = 1;
        for (m = 0; m < TS; m++)
        {
            distance[m] = s;
            table[m]    = new FP12(t);
            s          *= 2;
            t.usqr();
        }
        t.one();
        dn = 0;
        for (j = 0; j < TRAP; j++)
        {
            i = t.geta().geta().A.lastbits(8) % TS;
            t.mul(table[i]);
            dn += distance[i];
        }
        gf.copy(t);
        gf.conj();
        steps = 0;
        dm    = 0;
        res   = 0;
        while (dm - dn < MAXPIN)
        {
            steps++;
            if (steps > 4 * TRAP)
            {
                break;
            }
            i = ge.geta().geta().A.lastbits(8) % TS;
            ge.mul(table[i]);
            dm += distance[i];
            if (ge.Equals(t))
            {
                res = dm - dn;
                break;
            }
            if (ge.Equals(gf))
            {
                res = dn - dm;
                break;
            }
        }
        if (steps > 4 * TRAP || dm - dn >= MAXPIN)
        {
            res = 0;
        }         // Trap Failed  - probable invalid token
        return(res);
    }
예제 #2
0
/* calculate common key on client side */
/* wCID = w.(A+AT) */
    public static int CLIENT_KEY(sbyte[] G1, sbyte[] G2, int pin, sbyte[] R, sbyte[] X, sbyte[] wCID, sbyte[] CK)
    {
        HASH H = new HASH();

        sbyte[] t = new sbyte[EFS];

        FP12 g1 = FP12.fromBytes(G1);
        FP12 g2 = FP12.fromBytes(G2);
        BIG  z  = BIG.fromBytes(R);
        BIG  x  = BIG.fromBytes(X);

        ECP W = ECP.fromBytes(wCID);

        if (W.is_infinity())
        {
            return(INVALID_POINT);
        }

        W = PAIR.G1mul(W, x);

        FP2 f = new FP2(new BIG(ROM.CURVE_Fra), new BIG(ROM.CURVE_Frb));
        BIG r = new BIG(ROM.CURVE_Order);
        BIG q = new BIG(ROM.Modulus);

        BIG m = new BIG(q);

        m.mod(r);

        BIG a = new BIG(z);

        a.mod(m);

        BIG b = new BIG(z);

        b.div(m);

        g2.pinpow(pin, PBLEN);
        g1.mul(g2);

        FP4 c = g1.trace();

        g2.copy(g1);
        g2.frob(f);
        FP4 cp = g2.trace();

        g1.conj();
        g2.mul(g1);
        FP4 cpm1 = g2.trace();

        g2.mul(g1);
        FP4 cpm2 = g2.trace();

        c = c.xtr_pow2(cp, cpm1, cpm2, a, b);

        c.geta().A.toBytes(t);
        H.process_array(t);
        c.geta().B.toBytes(t);
        H.process_array(t);
        c.getb().A.toBytes(t);
        H.process_array(t);
        c.getb().B.toBytes(t);
        H.process_array(t);

        W.X.toBytes(t);
        H.process_array(t);
        W.Y.toBytes(t);
        H.process_array(t);

        t = H.hash();
        for (int i = 0; i < PAS; i++)
        {
            CK[i] = t[i];
        }

        return(0);
    }