blob: fa5e0658b9cf4ca70a4a0686d7edba159c2efb35 [file] [log] [blame] [view]
<a name="MPIN"></a>
## MPIN
**Kind**: global class
**this**: <code>{MPIN}</code>
* [MPIN](#MPIN)
* [new MPIN()](#new_MPIN_new)
* [.today()](#MPIN.today) ⇒
* [.bytestostring(b)](#MPIN.bytestostring) ⇒
* [.stringtobytes(s)](#MPIN.stringtobytes) ⇒
* [.comparebytes(a, b)](#MPIN.comparebytes) ⇒
* [.mpin_hash(c, U)](#MPIN.mpin_hash) ⇒
* [.hashit(sha, n, B)](#MPIN.hashit) ⇒
* [.map(u, cb)](#MPIN.map) ⇒
* [.unmap(u, P)](#MPIN.unmap) ⇒
* [.RECOMBINE_G1(R1, R2, R)](#MPIN.RECOMBINE_G1) ⇒
* [.RECOMBINE_G2(W1, W2, W)](#MPIN.RECOMBINE_G2) ⇒
* [.HASH_ID(sha, ID)](#MPIN.HASH_ID) ⇒
* [.RANDOM_GENERATE(rng, S)](#MPIN.RANDOM_GENERATE) ⇒
* [.EXTRACT_PIN()](#MPIN.EXTRACT_PIN) ⇒
* [.EXTRACT_FACTOR()](#MPIN.EXTRACT_FACTOR) ⇒
* [.RESTORE_FACTOR()](#MPIN.RESTORE_FACTOR) ⇒
* [.GET_SERVER_SECRET(S, SST)](#MPIN.GET_SERVER_SECRET) ⇒
* [.GET_G1_MULTIPLE(type, x, G, W)](#MPIN.GET_G1_MULTIPLE) ⇒
* [.GET_CLIENT_SECRET(S, CID, CST)](#MPIN.GET_CLIENT_SECRET) ⇒
* [.GET_CLIENT_PERMIT(sha, date, S, CID, CTT)](#MPIN.GET_CLIENT_PERMIT) ⇒
* [.CLIENT_1(sha, date, CLIENT_ID, rng, X, pin, TOKEN, SEC, xID, xCID, PERMIT)](#MPIN.CLIENT_1) ⇒
* [.CLIENT_2(X, Y, SEC)](#MPIN.CLIENT_2) ⇒
* [.SERVER_1(sha, date, CID, HID, HTID)](#MPIN.SERVER_1) ⇒
* [.SERVER_2(date, HID, HTID, Y, SST, xID, xCID, mSEC, E, F, Pa)](#MPIN.SERVER_2) ⇒
* [.KANGAROO(E, F)](#MPIN.KANGAROO) ⇒
* [.GET_TIME()](#MPIN.GET_TIME) ⇒
* [.GET_Y(sha, TimeValue, xCID, Y)](#MPIN.GET_Y) ⇒
* [.CLIENT(sha, date, CLIENT_ID, rng, X, pin, TOKEN, SEC, xID, xCID, PERMIT, TimeValue, Y, Message)](#MPIN.CLIENT) ⇒
* [.SERVER(sha, date, HID, HTID, Y, SST, xID, xCID, mSEC, E, F, CID, TimeValue, MESSAGE, Pa)](#MPIN.SERVER) ⇒
* [.PRECOMPUTE(TOKEN, CID, G1, G2)](#MPIN.PRECOMPUTE) ⇒
* [.HASH_ALL(sha, HID, xID, xCID, SEC, Y, R, W)](#MPIN.HASH_ALL) ⇒
* [.CLIENT_KEY(sha, G1, G2, pin, R, X, H, wCID, CK)](#MPIN.CLIENT_KEY) ⇒
* [.SERVER_KEY(h, Z, SST, W, H, HID, xID, xCID, SK)](#MPIN.SERVER_KEY) ⇒
* [.GET_DVS_KEYPAIR(rng, Z, Pa)](#MPIN.GET_DVS_KEYPAIR) ⇒
<a name="new_MPIN_new"></a>
### new MPIN()
Creates an instance of MPIN
<a name="MPIN.today"></a>
### MPIN.today() ⇒
Get epoch time for today
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: time in slots since epoch
**this**: <code>{MPIN}</code>
<a name="MPIN.bytestostring"></a>
### MPIN.bytestostring(b) ⇒
Convert byte array to string
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: s string
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| b | byte array |
<a name="MPIN.stringtobytes"></a>
### MPIN.stringtobytes(s) ⇒
Convert a string to byte array
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: b byte array
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| s | string |
<a name="MPIN.comparebytes"></a>
### MPIN.comparebytes(a, b) ⇒
Convert byte arrays
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: true if equal
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| a | byte array |
| b | byte array |
<a name="MPIN.mpin_hash"></a>
### MPIN.mpin\_hash(c, U) ⇒
Hash values
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: R hash value
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| c | FP8 instance |
| U | ECP unstancebyte array |
<a name="MPIN.hashit"></a>
### MPIN.hashit(sha, n, B) ⇒
General purpose hash function
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: R hash value
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| n | Integer |
| B | byte array |
<a name="MPIN.map"></a>
### MPIN.map(u, cb) ⇒
maps a random u to a point on the curve
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: P ECP pointhash value
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| u | BIG numberInteger |
| cb | an integer representing the "sign" of y, in fact its least significant bit. |
<a name="MPIN.unmap"></a>
### MPIN.unmap(u, P) ⇒
returns u derived from P. Random value in range 1 to return value should then be added to u
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: r Value that should be added to u to derive P
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| u | BIG numberInteger |
| P | ECP pointhash value |
<a name="MPIN.RECOMBINE_G1"></a>
### MPIN.RECOMBINE\_G1(R1, R2, R) ⇒
Add two members from the group G1
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: 0 or an error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| R1 | Input member of G1 |
| R2 | Input member of G1 |
| R | Output member of G1. R=R1+R2 |
<a name="MPIN.RECOMBINE_G2"></a>
### MPIN.RECOMBINE\_G2(W1, W2, W) ⇒
Add two members from the group G2
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: 0 or an error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| W1 | Input member of G2 |
| W2 | Input member of G2 |
| W | Output member of G2. W=W1+W2 |
<a name="MPIN.HASH_ID"></a>
### MPIN.HASH\_ID(sha, ID) ⇒
Hash the identity
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: hash value
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| ID | Identity as byte array |
<a name="MPIN.RANDOM_GENERATE"></a>
### MPIN.RANDOM\_GENERATE(rng, S) ⇒
Create random secret
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| rng | cryptographically secure random number generator |
| S | Random secret value |
<a name="MPIN.EXTRACT_PIN"></a>
### MPIN.EXTRACT\_PIN() ⇒
Extract a PIN number from a client secret
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: token
**this**: <code>{MPIN}</code>
**Parameter**: sha hash type
**Parameter**: CID Client identity
**Parameter**: pin PIN value
**Parameter**: TOKEN Client secret
<a name="MPIN.EXTRACT_FACTOR"></a>
### MPIN.EXTRACT\_FACTOR() ⇒
Extract factor from TOKEN for identity CID
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: token
**this**: <code>{MPIN}</code>
**Parameter**: sha hash type
**Parameter**: CID Client identity
**Parameter**: factor Value to extract
**Parameter**: facbits Number of bits in factor
**Parameter**: TOKEN Token value
<a name="MPIN.RESTORE_FACTOR"></a>
### MPIN.RESTORE\_FACTOR() ⇒
Restore factor to TOKEN for identity CID
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: token
**this**: <code>{MPIN}</code>
**Parameter**: sha hash type
**Parameter**: CID Client identity
**Parameter**: factor Value to extract
**Parameter**: facbits Number of bits in factor
**Parameter**: TOKEN Token value
<a name="MPIN.GET_SERVER_SECRET"></a>
### MPIN.GET\_SERVER\_SECRET(S, SST) ⇒
Create a server secret in G2 from a master secret
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| S | Master secret |
| SST | Server secret = s.Q where Q is a fixed generator of G2 |
<a name="MPIN.GET_G1_MULTIPLE"></a>
### MPIN.GET\_G1\_MULTIPLE(type, x, G, W) ⇒
Find a random multiple of a point in G1
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
**Parameter**: rng cryptographically secure random number generator
| Param | Description |
| --- | --- |
| type | determines type of action to be taken |
| x | an output internally randomly generated if R!=NULL, otherwise must be provided as an input |
| G | if type=0 a point in G1, else an octet to be mapped to G1 |
| W | the output =x.G or x.M(G), where M(.) is a mapping |
<a name="MPIN.GET_CLIENT_SECRET"></a>
### MPIN.GET\_CLIENT\_SECRET(S, CID, CST) ⇒
Create a client secret in G1 from a master secret and the client ID
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| S | is an input master secret |
| CID | is the input client identity |
| CST | is the full client secret = s.H(ID) |
<a name="MPIN.GET_CLIENT_PERMIT"></a>
### MPIN.GET\_CLIENT\_PERMIT(sha, date, S, CID, CTT) ⇒
Create a Time Permit in G1 from a master secret and the client ID
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| date | is input date, in days since the epoch. |
| S | is an input master secret |
| CID | is the input client identity |
| CTT | is a Time Permit for the given date = s.H(d|H(ID)) |
<a name="MPIN.CLIENT_1"></a>
### MPIN.CLIENT\_1(sha, date, CLIENT_ID, rng, X, pin, TOKEN, SEC, xID, xCID, PERMIT) ⇒
Perform first pass of the client side of the 3-pass version of the M-Pin protocol
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| date | is input date, in days since the epoch. Set to 0 if Time permits disabled |
| CLIENT_ID | is the input client identity |
| rng | is a pointer to a cryptographically secure random number generator |
| X | an output internally randomly generated if R!=NULL, otherwise must be provided as an input |
| pin | is the input PIN number |
| TOKEN | is the input M-Pin token (the client secret with PIN portion removed) |
| SEC | is output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit |
| xID | is output = x.H(ID) |
| xCID | is output = x.(H(ID)+H(d|H(ID))) |
| PERMIT | is the input time permit |
<a name="MPIN.CLIENT_2"></a>
### MPIN.CLIENT\_2(X, Y, SEC) ⇒
Perform second pass of the client side of the 3-pass version of the M-Pin protocol
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| X | an input, a locally generated random number |
| Y | an input random challenge from the server |
| SEC | on output = -(x+y).V |
<a name="MPIN.SERVER_1"></a>
### MPIN.SERVER\_1(sha, date, CID, HID, HTID) ⇒
Perform first pass of the server side of the 3-pass version of the M-Pin protocol
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| date | is input date, in days since the epoch. Set to 0 if Time permits disabled |
| CID | is the input claimed client identity |
| HID | is output H(ID), a hash of the client ID |
| HTID | is output H(ID)+H(d|H(ID)) |
<a name="MPIN.SERVER_2"></a>
### MPIN.SERVER\_2(date, HID, HTID, Y, SST, xID, xCID, mSEC, E, F, Pa) ⇒
Perform third pass on the server side of the 3-pass version of the M-Pin protocol
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| date | is input date, in days since the epoch. Set to 0 if Time permits disabled |
| HID | is input H(ID), a hash of the client ID |
| HTID | is input H(ID)+H(d|H(ID)) |
| Y | is the input server's randomly generated challenge |
| SST | is the input server secret |
| xID | is input from the client = x.H(ID) |
| xCID | is input from the client= x.(H(ID)+H(d|H(ID))) |
| mSEC | is an input from the client |
| E | is an output to help the Kangaroos to find the PIN error, or NULL if not required |
| F | is an output to help the Kangaroos to find the PIN error, or NULL if not required |
| Pa | is the input public key from the client, z.Q or NULL if the client uses regular mpin |
<a name="MPIN.KANGAROO"></a>
### MPIN.KANGAROO(E, F) ⇒
Use Kangaroos to find PIN error
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: 0 if Kangaroos failed, or the PIN error e
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| E | a member of the group GT |
| F | a member of the group GT = E^e |
<a name="MPIN.GET_TIME"></a>
### MPIN.GET\_TIME() ⇒
Time since epoch
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: time since epoch
**this**: <code>{MPIN}</code>
<a name="MPIN.GET_Y"></a>
### MPIN.GET\_Y(sha, TimeValue, xCID, Y) ⇒
Generate Y=H(s,O), where s is epoch time, O is a byte array, and H(.) is a hash function
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| TimeValue | is epoch time in seconds |
| xCID | input bytearray is an input octet |
| Y | output value |
<a name="MPIN.CLIENT"></a>
### MPIN.CLIENT(sha, date, CLIENT_ID, rng, X, pin, TOKEN, SEC, xID, xCID, PERMIT, TimeValue, Y, Message) ⇒
Perform client side of the one-pass version of the M-Pin protocol
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| date | is input date, in days since the epoch. Set to 0 if Time permits disabled |
| CLIENT_ID | is the input client identity |
| rng | is a pointer to a cryptographically secure random number generator |
| X | an output internally randomly generated if R!=NULL, otherwise must be provided as an input |
| pin | is the input PIN number |
| TOKEN | is the input M-Pin token (the client secret with PIN portion removed) |
| SEC | is output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit |
| xID | is output = x.H(ID) |
| xCID | is output = x.(H(ID)+H(d|H(ID))) |
| PERMIT | is the input time permit |
| TimeValue | is input epoch time in seconds - a timestamp |
| Y | is output H(t|U) or H(t|UT) if Time Permits enabled |
| Message | is the message to be signed |
<a name="MPIN.SERVER"></a>
### MPIN.SERVER(sha, date, HID, HTID, Y, SST, xID, xCID, mSEC, E, F, CID, TimeValue, MESSAGE, Pa) ⇒
Perform server side of the one-pass version of the M-Pin protocol
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| date | is input date, in days since the epoch. Set to 0 if Time permits disabled |
| HID | is output H(ID), a hash of the client ID |
| HTID | is output H(ID)+H(d|H(ID)) |
| Y | is output H(t|U) or H(t|UT) if Time Permits enabled |
| SST | is the input server secret |
| xID | is input from the client = x.H(ID) |
| xCID | is input from the client= x.(H(ID)+H(d|H(ID))) |
| mSEC | is an input from the client |
| E | is an output to help the Kangaroos to find the PIN error, or NULL if not required |
| F | is an output to help the Kangaroos to find the PIN error, or NULL if not required |
| CID | is the input claimed client identity |
| TimeValue | is input epoch time in seconds - a timestamp |
| MESSAGE | is the message to be signed |
| Pa | is input from the client z.Q or NULL if the key-escrow less scheme is not used |
<a name="MPIN.PRECOMPUTE"></a>
### MPIN.PRECOMPUTE(TOKEN, CID, G1, G2) ⇒
Precompute values for use by the client side of M-Pin Full
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: O for success or else error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| TOKEN | is the input M-Pin token (the client secret with PIN portion removed) |
| CID | is the input client identity |
| G1 | precomputed output |
| G2 | precomputed output |
<a name="MPIN.HASH_ALL"></a>
### MPIN.HASH\_ALL(sha, HID, xID, xCID, SEC, Y, R, W) ⇒
Hash the session transcript
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: H the output is the hash of all of the above that apply
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| HID | is the hashed input client ID = H(ID) |
| xID | is the client output = x.H(ID) |
| xCID | is the client output = x.(H(ID)+H(T|H(ID))) |
| SEC | is the client part response |
| Y | is the server challenge |
| R | is the client part response |
| W | is the server part response |
<a name="MPIN.CLIENT_KEY"></a>
### MPIN.CLIENT\_KEY(sha, G1, G2, pin, R, X, H, wCID, CK) ⇒
Calculate Key on Client side for M-Pin Full
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: 0 or an error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| sha | is the hash type |
| G1 | precomputed input |
| G2 | precomputed input |
| pin | is the input PIN number |
| R | is an input, a locally generated random number |
| X | is an input, a locally generated random number |
| H | is an input, hash of the protocol transcript |
| wCID | is the input Server-side Diffie-Hellman component |
| CK | is the output calculated shared key |
<a name="MPIN.SERVER_KEY"></a>
### MPIN.SERVER\_KEY(h, Z, SST, W, H, HID, xID, xCID, SK) ⇒
Calculate Key on Server side for M-Pin Full
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: 0 or an error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| h | is the hash type |
| Z | is the input Client-side Diffie-Hellman component |
| SST | is the input server secret |
| W | is an input random number generated by the server |
| H | is an input, hash of the protocol transcript |
| HID | is the hashed input client ID = H(ID) |
| xID | is input from the client = x.H(ID) |
| xCID | is input from the client= x.(H(ID)+H(d|H(ID))) |
| SK | is the output calculated shared key |
<a name="MPIN.GET_DVS_KEYPAIR"></a>
### MPIN.GET\_DVS\_KEYPAIR(rng, Z, Pa) ⇒
Generates a random public key for the client z.Q
**Kind**: static method of [<code>MPIN</code>](#MPIN)
**Returns**: 0 or an error code
**this**: <code>{MPIN}</code>
| Param | Description |
| --- | --- |
| rng | cryptographically secure random number generator |
| Z | an output internally randomly generated if R!=NULL, otherwise it must be provided as an input |
| Pa | the output public key for the client |