def verify(SIG, m, W):
HM = BLS_H(m)
D = ECp()
D.fromBytes(SIG)
if D.isinf():
return False
if not (curve.r * D).isinf():
return False
D = -D
PK = ECp2()
PK.fromBytes(W)
# Use new multi-pairing mechanism
r = pair.initmp()
pair.another_pc(r, G2_TAB, D)
pair.another(r, PK, HM)
v = pair.miller(r)
#.. or alternatively
# G=ecp2.generator()
# if G.isinf() :
# return False
# v = pair.double_ate(G, D, PK, HM)
v = pair.fexp(v)
if v.isone():
return True
return False
def BLS_H(m):
h = hashlib.shake_256()
h.update(bytes(m, 'utf-8'))
hm = big.from_bytes(h.digest(curve.EFS))
HM = ECp()
while not HM.set(hm):
hm = hm + 1
HM = curve.CurveCof * HM
return HM
def H(mpin_id):
p = curve.p
h = hashlib.new(curve.SHA)
h.update(bytes(mpin_id, 'utf-8'))
x = big.from_bytes(h.digest())
x %= p
P = ECp()
while not P.set(x):
x = x + 1
P = curve.CurveCof * P
return P
def add_G1(A, B):
""" Add two points in G1: C = A + B """
A1 = ECp()
B1 = ECp()
if not A1.fromBytes(A):
return None
if not B1.fromBytes(B):
return None
A1.add(B1)
return A1.toBytes(False)
def server(ID, Y, SS, U, V):
P = H(ID)
y = big.from_bytes(Y)
Q = ecp2.generator()
P = y * P
sQ = ECp2()
if not sQ.fromBytes(SS):
return (False, Fp12(), Fp12())
TU = ECp()
if not TU.fromBytes(U):
return (False, bytearray(0), bytearray(0))
TV = ECp()
if not TV.fromBytes(V):
return (False, bytearray(0), bytearray(0))
TU.add(P)
# TU.affine()
r = pair.double_ate(Q, TV, sQ, TU)
r = pair.fexp(r)
if r.isone():
return (True, bytearray(0), bytearray(0))
# failed - diagnose it
E = r.toBytes()
r = pair.e(Q, TU)
F = r.toBytes()
return (False, E, F)
def ECP_SvdpDH(S, W):
s = big.from_bytes(S)
WP = ECp()
if not WP.fromBytes(W):
return ECDH_ERROR
r = curve.r
s %= r
WP = s * WP
if WP.isinf():
return ECDH_ERROR
x = WP.getx()
K = big.to_bytes(x)
return K
def extract_pin(ID, PIN, SK):
P = H(ID)
P = -(PIN * P)
S = ECp()
if not S.fromBytes(SK):
return bytearray(0)
S.add(P)
# S.affine()
return S.toBytes(False)
def ECP_SvDSA(P, F, C, D):
FS = curve.EFS
G = generator()
m = hashlib.new(curve.SHA)
m.update(F)
H = m.digest()
HS = m.digest_size
if HS >= FS:
B = H[0:FS]
else:
B = bytearray(FS)
for i in range(0, HS):
B[i + FS - HS] = H[i]
c = big.from_bytes(C)
d = big.from_bytes(D)
f = big.from_bytes(B)
r = curve.r
if c == 0 or c >= r or d == 0 or d >= r:
return False
d = big.invmodp(d, r)
f = big.modmul(f, d, r)
h2 = big.modmul(c, d, r)
WP = ECp()
if not WP.fromBytes(P):
return False
P = mul(WP, h2, G, f)
if P.isinf():
return False
d = P.getx() % r
if c != d:
return False
return True
def client_2(X, Y, ID, PIN, TK):
P = H(ID)
S = ECp()
if not S.fromBytes(TK):
return bytearray(0)
x = big.from_bytes(X)
y = big.from_bytes(Y)
x = (x + y) % curve.r
x = curve.r - x
S.add(PIN * P)
S = x * S
return S.toBytes(False)
def ECP_PublicKeyValidate(W):
r = curve.r
p = curve.p
WP = ECp()
if not WP.fromBytes(W):
return ECDH_INVALID_PUBLIC_KEY
nb = p.bit_length()
k = 1
k = k << (nb + 4) // 2
k += p
k //= r
while k % 2 == 0:
WP.dbl()
k //= 2
if k != 1:
WP = k * WP
if WP.isinf():
return ECDH_INVALID_PUBLIC_KEY
return 0