def test_5(self):
"""test_5 Make sure all client secret are unique"""
# random number generator
RNG = ffi.new("csprng*")
libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
# Generate master secret share
rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
self.assertEqual(rtn, 0)
s = set()
match = 0
for i in range(1, 1000):
rand_val = os.urandom(32)
HASH_MPIN_ID = ffi.new("octet*")
HASH_MPIN_IDval = ffi.new("char [%s]" % HASH_BYTES, rand_val)
HASH_MPIN_ID[0].val = HASH_MPIN_IDval
HASH_MPIN_ID[0].max = HASH_BYTES
HASH_MPIN_ID[0].len = HASH_BYTES
# Generate client secret shares
rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
self.assertEqual(rtn, 0)
cs1Hex = toHex(CS1)
if cs1Hex in s:
match = 1
self.assertEqual(match, 0)
s.add(cs1Hex)
rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
if rtn != 0:
print "libmpin.MPIN_GET_SERVER_SECRET(MS2,SS2) Error %s" % rtn
if DEBUG:
print "SS1: %s" % toHex(SS1)
print "SS2: %s" % toHex(SS2)
# Combine server secret shares
rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
if rtn != 0:
print "libmpin.MPIN_RECOMBINE_G2( SS1, SS2, SERVER_SECRET) Error %s" % rtn
if DEBUG:
print "SERVER_SECRET: %s" % toHex(SERVER_SECRET)
# Generate client secret shares
rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
if rtn != 0:
print "libmpin.MPIN_GET_CLIENT_SECRET(MS1,HASH_MPIN_ID,CS1) Error %s" % rtn
rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, HASH_MPIN_ID, CS2)
if rtn != 0:
print "libmpin.MPIN_GET_CLIENT_SECRET(MS2,HASH_MPIN_ID,CS2) Error %s" % rtn
if DEBUG:
print "CS1: %s" % toHex(CS1)
print "CS2: %s" % toHex(CS2)
# Combine client secret shares : TOKEN is the full client secret
rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
if rtn != 0:
print "libmpin.MPIN_RECOMBINE_G1( CS1, CS2, TOKEN) Error %s" % rtn
print "Client Secret: %s" % toHex(TOKEN)
def test_3(self):
"""test_3 Good PIN and bad token"""
PIN1 = 1234
PIN2 = 1234
# random number generator
RNG = ffi.new("csprng*")
libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
# Generate Client master secret share for MIRACL and Customer
rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
self.assertEqual(rtn, 0)
rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
self.assertEqual(rtn, 0)
# Generate server secret shares
rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
self.assertEqual(rtn, 0)
rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
self.assertEqual(rtn, 0)
# Combine server secret shares
rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
self.assertEqual(rtn, 0)
# Generate client secret shares
rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, self.HASH_MPIN_ID, CS1)
self.assertEqual(rtn, 0)
rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, self.HASH_MPIN_ID, CS2)
self.assertEqual(rtn, 0)
# Combine client secret shares : TOKEN is the full client secret
rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
self.assertEqual(rtn, 0)
# Generate Time Permit shares
rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS1, self.HASH_MPIN_ID, TP1)
self.assertEqual(rtn, 0)
rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS2, self.HASH_MPIN_ID, TP2)
self.assertEqual(rtn, 0)
# Combine Time Permit shares
rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
self.assertEqual(rtn, 0)
# Client extracts PIN from secret to create Token
PIN1 = 1234
rtn = libmpin.MPIN_EXTRACT_PIN(self.MPIN_ID, PIN1, TOKEN)
self.assertEqual(rtn, 0)
# Client first pass
rtn = libmpin.MPIN_CLIENT_1(self.date, self.MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
self.assertEqual(rtn, 0)
# Server calculates H(ID) and H(T|H(ID))
libmpin.MPIN_SERVER_1(self.date, self.HASH_MPIN_ID, HID, HTID)
# Server generates Random number Y and sends it to Client
rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
self.assertEqual(rtn, 0)
# Client second pass
rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
self.assertEqual(rtn, 0)
# Server second pass
# clientSecret aka V is equal to UT to model a bad token
rtn = libmpin.MPIN_SERVER_2(self.date, HID, HTID, Y, SERVER_SECRET, U, UT, UT, E, F)
self.assertEqual(rtn, -19)
def test_1(self):
"""test_1 Good PIN and good token"""
vectors = json.load(open("./MPINTestVectors.json", "r"))
for vector in vectors:
print "Test vector {}".format(vector['test_no'])
PIN1 = vector['PIN1']
PIN2 = vector['PIN2']
date = vector['DATE']
# random number generator
RNG = ffi.new("csprng*")
libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
MS1_HEX = vector['MS1']
MS2_HEX = vector['MS2']
ms1_bin = MS1_HEX.decode("hex")
MS1 = ffi.new("octet*")
MS1val = ffi.new("char [%s]" % len(ms1_bin), ms1_bin)
MS1[0].val = MS1val
MS1[0].max = PGS
MS1[0].len = PGS
ms2_bin = MS2_HEX.decode("hex")
MS2 = ffi.new("octet*")
MS2val = ffi.new("char [%s]" % len(ms2_bin), ms2_bin)
MS2[0].val = MS2val
MS2[0].max = PGS
MS2[0].len = PGS
# Generate server secret shares
rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
self.assertEqual(rtn, 0)
self.assertEqual(vector['SS1'], toHex(SS1))
rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
self.assertEqual(rtn, 0)
self.assertEqual(vector['SS2'], toHex(SS2))
# Combine server secret shares
rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
self.assertEqual(rtn, 0)
self.assertEqual(vector['SERVER_SECRET'], toHex(SERVER_SECRET))
mpin_id = vector['MPIN_ID_HEX'].decode("hex")
MPIN_ID = ffi.new("octet*")
MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id)
MPIN_ID[0].val = MPIN_IDval
MPIN_ID[0].max = len(mpin_id)
MPIN_ID[0].len = len(mpin_id)
# Hash value of MPIN_ID
HASH_MPIN_ID = ffi.new("octet*")
HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
HASH_MPIN_ID[0].val = HASH_MPIN_IDval
HASH_MPIN_ID[0].max = HASH_BYTES
HASH_MPIN_ID[0].len = HASH_BYTES
libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
self.assertEqual(vector['HASH_MPIN_ID_HEX'], toHex(HASH_MPIN_ID))
# Generate client secret shares
rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
self.assertEqual(rtn, 0)
self.assertEqual(vector['CS1'], toHex(CS1))
rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, HASH_MPIN_ID, CS2)
self.assertEqual(rtn, 0)
self.assertEqual(vector['CS2'], toHex(CS2))
# Combine client secret shares : TOKEN is the full client secret
rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
self.assertEqual(rtn, 0)
self.assertEqual(vector['CLIENT_SECRET'], toHex(TOKEN))
# Generate Time Permit shares
rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS1, HASH_MPIN_ID, TP1)
self.assertEqual(rtn, 0)
self.assertEqual(vector['TP1'], toHex(TP1))
rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS2, HASH_MPIN_ID, TP2)
self.assertEqual(rtn, 0)
self.assertEqual(vector['TP2'], toHex(TP2))
# Combine Time Permit shares
rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
self.assertEqual(rtn, 0)
self.assertEqual(vector['TIME_PERMIT'], toHex(TIME_PERMIT))
# Client extracts PIN from secret to create Token
rtn = libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN1, TOKEN)
self.assertEqual(rtn, 0)
self.assertEqual(vector['TOKEN'], toHex(TOKEN))
x = vector['X'].decode("hex")
X = ffi.new("octet*")
Xval = ffi.new("char [%s]" % PGS, x)
X[0].val = Xval
X[0].max = PGS
X[0].len = PGS
# Client first pass. Use X value from test vectors
rtn = libmpin.MPIN_CLIENT_1(date, MPIN_ID, ffi.NULL, X, PIN2,
TOKEN, SEC, U, UT, TIME_PERMIT)
self.assertEqual(rtn, 0)
self.assertEqual(vector['X'], toHex(X))
self.assertEqual(vector['U'], toHex(U))
self.assertEqual(vector['UT'], toHex(UT))
self.assertEqual(vector['SEC'], toHex(SEC))
# Server calculates H(ID) and H(T|H(ID))
libmpin.MPIN_SERVER_1(date, HASH_MPIN_ID, HID, HTID)
# Server generates Random number Y and sends it to Client
# rtn = libmpin.MPIN_RANDOM_GENERATE(RNG,Y)
# self.assertEqual(rtn, 0)
# Use Y value from test vectors
y = vector['Y'].decode("hex")
Y = ffi.new("octet*")
Yval = ffi.new("char [%s]" % PGS, y)
Y[0].val = Yval
Y[0].max = PGS
Y[0].len = PGS
# Client second pass
rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
self.assertEqual(rtn, 0)
self.assertEqual(vector['V'], toHex(SEC))
# Server second pass
rtn = libmpin.MPIN_SERVER_2(date, HID, HTID, Y, SERVER_SECRET, U,
UT, SEC, E, F)
self.assertEqual(rtn, vector['SERVER_OUTPUT'])