You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:49:39 UTC
[02/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/rsa.c
----------------------------------------------------------------------
diff --git a/version22/c/rsa.c b/version22/c/rsa.c
new file mode 100644
index 0000000..d5898bd
--- /dev/null
+++ b/version22/c/rsa.c
@@ -0,0 +1,394 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* RSA Functions - see main program below */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "rsa.h"
+
+#define ROUNDUP(a,b) ((a)-1)/(b)+1
+
+/* general purpose hash function w=hash(p|n|x|y) */
+static int hashit(int sha,octet *p,int n,octet *w)
+{
+ int i,c[4],hlen;
+ hash256 sha256;
+ hash512 sha512;
+ char hh[64];
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_init(&sha256);
+ break;
+ case SHA384:
+ HASH384_init(&sha512);
+ break;
+ case SHA512:
+ HASH512_init(&sha512);
+ break;
+ }
+
+ hlen=sha;
+
+ if (p!=NULL) for (i=0; i<p->len; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,p->val[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,p->val[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,p->val[i]);
+ break;
+ }
+ }
+ if (n>=0)
+ {
+ c[0]=(n>>24)&0xff;
+ c[1]=(n>>16)&0xff;
+ c[2]=(n>>8)&0xff;
+ c[3]=(n)&0xff;
+ for (i=0; i<4; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,c[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,c[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,c[i]);
+ break;
+ }
+ }
+ }
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_hash(&sha256,hh);
+ break;
+ case SHA384:
+ HASH384_hash(&sha512,hh);
+ break;
+ case SHA512:
+ HASH512_hash(&sha512,hh);
+ break;
+ }
+
+ OCT_empty(w);
+ OCT_jbytes(w,hh,hlen);
+ for (i=0; i<hlen; i++) hh[i]=0;
+
+ return hlen;
+}
+
+/* generate an RSA key pair */
+void RSA_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key *PRIV,rsa_public_key *PUB,octet *P, octet* Q)
+{
+ /* IEEE1363 A16.11/A16.12 more or less */
+ BIG t[HFLEN],p1[HFLEN],q1[HFLEN];
+
+ if (RNG!=NULL)
+ {
+
+ for (;;)
+ {
+
+ FF_random(PRIV->p,RNG,HFLEN);
+ while (FF_lastbits(PRIV->p,2)!=3) FF_inc(PRIV->p,1,HFLEN);
+ while (!FF_prime(PRIV->p,RNG,HFLEN))
+ FF_inc(PRIV->p,4,HFLEN);
+
+ FF_copy(p1,PRIV->p,HFLEN);
+ FF_dec(p1,1,HFLEN);
+
+ if (FF_cfactor(p1,e,HFLEN)) continue;
+ break;
+ }
+
+ for (;;)
+ {
+ FF_random(PRIV->q,RNG,HFLEN);
+ while (FF_lastbits(PRIV->q,2)!=3) FF_inc(PRIV->q,1,HFLEN);
+ while (!FF_prime(PRIV->q,RNG,HFLEN))
+ FF_inc(PRIV->q,4,HFLEN);
+
+ FF_copy(q1,PRIV->q,HFLEN);
+ FF_dec(q1,1,HFLEN);
+ if (FF_cfactor(q1,e,HFLEN)) continue;
+
+ break;
+ }
+
+ }
+ else
+ {
+ FF_fromOctet(PRIV->p,P,HFLEN);
+ FF_fromOctet(PRIV->q,Q,HFLEN);
+
+ FF_copy(p1,PRIV->p,HFLEN);
+ FF_dec(p1,1,HFLEN);
+
+ FF_copy(q1,PRIV->q,HFLEN);
+ FF_dec(q1,1,HFLEN);
+ }
+
+ FF_mul(PUB->n,PRIV->p,PRIV->q,HFLEN);
+ PUB->e=e;
+
+ FF_copy(t,p1,HFLEN);
+ FF_shr(t,HFLEN);
+ FF_init(PRIV->dp,e,HFLEN);
+ FF_invmodp(PRIV->dp,PRIV->dp,t,HFLEN);
+ if (FF_parity(PRIV->dp)==0) FF_add(PRIV->dp,PRIV->dp,t,HFLEN);
+ FF_norm(PRIV->dp,HFLEN);
+
+ FF_copy(t,q1,HFLEN);
+ FF_shr(t,HFLEN);
+ FF_init(PRIV->dq,e,HFLEN);
+ FF_invmodp(PRIV->dq,PRIV->dq,t,HFLEN);
+ if (FF_parity(PRIV->dq)==0) FF_add(PRIV->dq,PRIV->dq,t,HFLEN);
+ FF_norm(PRIV->dq,HFLEN);
+
+ FF_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN);
+
+ return;
+}
+
+/* Mask Generation Function */
+
+void MGF1(int sha,octet *z,int olen,octet *mask)
+{
+ char h[64];
+ octet H= {0,sizeof(h),h};
+ int hlen=sha;
+ int counter,cthreshold;
+
+ OCT_empty(mask);
+
+ cthreshold=ROUNDUP(olen,hlen);
+ for (counter=0; counter<cthreshold; counter++)
+ {
+ hashit(sha,z,counter,&H);
+ if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen);
+ else OCT_joctet(mask,&H);
+ }
+ OCT_clear(&H);
+}
+
+/* SHAXXX identifier strings */
+const char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
+const char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
+const char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
+
+/* PKCS 1.5 padding of a message to be signed */
+/* NOTE: length of output encoded in w->max */
+
+int PKCS15(int sha,octet *m,octet *w)
+{
+ int olen=w->max;
+ int hlen=sha;
+ int idlen=19;
+ char h[64];
+ octet H= {0,sizeof(h),h};
+
+ if (olen<idlen+hlen+10) return 0;
+ hashit(sha,m,-1,&H);
+
+ OCT_empty(w);
+ OCT_jbyte(w,0x00,1);
+ OCT_jbyte(w,0x01,1);
+ OCT_jbyte(w,0xff,olen-idlen-hlen-3);
+ OCT_jbyte(w,0x00,1);
+
+ if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen);
+ if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen);
+ if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen);
+
+ OCT_joctet(w,&H);
+
+ return 1;
+}
+
+/* OAEP Message Encoding for Encryption */
+/* NOTE: length of output encoded in f->max */
+
+int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f)
+{
+ int slen,olen=f->max-1;
+ int mlen=m->len;
+ int hlen,seedlen;
+ char dbmask[MAX_RSA_BYTES],seed[64];
+ octet DBMASK= {0,sizeof(dbmask),dbmask};
+ octet SEED= {0,sizeof(seed),seed};
+
+ hlen=seedlen=sha;
+ if (mlen>olen-hlen-seedlen-1) return 0;
+ if (m==f) return 0; /* must be distinct octets */
+
+ hashit(sha,p,-1,f);
+
+ slen=olen-mlen-hlen-seedlen-1;
+
+ OCT_jbyte(f,0,slen);
+ OCT_jbyte(f,0x1,1);
+ OCT_joctet(f,m);
+
+ OCT_rand(&SEED,RNG,seedlen);
+
+ MGF1(sha,&SEED,olen-seedlen,&DBMASK);
+
+ OCT_xor(&DBMASK,f);
+ MGF1(sha,&DBMASK,seedlen,f);
+
+ OCT_xor(f,&SEED);
+
+ OCT_joctet(f,&DBMASK);
+
+ OCT_pad(f,f->max);
+ OCT_clear(&SEED);
+ OCT_clear(&DBMASK);
+
+ return 1;
+}
+
+/* OAEP Message Decoding for Decryption */
+
+int OAEP_DECODE(int sha,octet *p,octet *f)
+{
+ int comp,x,t;
+ int i,k,olen=f->max-1;
+ int hlen,seedlen;
+ char dbmask[MAX_RSA_BYTES],seed[64],chash[64];
+ octet DBMASK= {0,sizeof(dbmask),dbmask};
+ octet SEED= {0,sizeof(seed),seed};
+ octet CHASH= {0,sizeof(chash),chash};
+
+ seedlen=hlen=sha;
+ if (olen<seedlen+hlen+1) return 0;
+ if (!OCT_pad(f,olen+1)) return 0;
+ hashit(sha,p,-1,&CHASH);
+
+ x=f->val[0];
+ for (i=seedlen; i<olen; i++)
+ DBMASK.val[i-seedlen]=f->val[i+1];
+ DBMASK.len=olen-seedlen;
+
+ MGF1(sha,&DBMASK,seedlen,&SEED);
+ for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1];
+ MGF1(sha,&SEED,olen-seedlen,f);
+ OCT_xor(&DBMASK,f);
+
+ comp=OCT_ncomp(&CHASH,&DBMASK,hlen);
+
+ OCT_shl(&DBMASK,hlen);
+
+ OCT_clear(&SEED);
+ OCT_clear(&CHASH);
+
+ for (k=0;; k++)
+ {
+ if (k>=DBMASK.len)
+ {
+ OCT_clear(&DBMASK);
+ return 0;
+ }
+ if (DBMASK.val[k]!=0) break;
+ }
+
+ t=DBMASK.val[k];
+ if (!comp || x!=0 || t!=0x01)
+ {
+ OCT_clear(&DBMASK);
+ return 0;
+ }
+
+ OCT_shl(&DBMASK,k+1);
+ OCT_copy(f,&DBMASK);
+ OCT_clear(&DBMASK);
+
+ return 1;
+}
+
+/* destroy the Private Key structure */
+void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV)
+{
+ FF_zero(PRIV->p,HFLEN);
+ FF_zero(PRIV->q,HFLEN);
+ FF_zero(PRIV->dp,HFLEN);
+ FF_zero(PRIV->dq,HFLEN);
+ FF_zero(PRIV->c,HFLEN);
+}
+
+/* RSA encryption with the public key */
+void RSA_ENCRYPT(rsa_public_key *PUB,octet *F,octet *G)
+{
+ BIG f[FFLEN];
+ FF_fromOctet(f,F,FFLEN);
+
+ FF_power(f,f,PUB->e,PUB->n,FFLEN);
+
+ FF_toOctet(G,f,FFLEN);
+}
+
+/* RSA decryption with the private key */
+void RSA_DECRYPT(rsa_private_key *PRIV,octet *G,octet *F)
+{
+ BIG g[FFLEN],t[FFLEN],jp[HFLEN],jq[HFLEN];
+
+ FF_fromOctet(g,G,FFLEN);
+
+ FF_dmod(jp,g,PRIV->p,HFLEN);
+ FF_dmod(jq,g,PRIV->q,HFLEN);
+
+ FF_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN);
+ FF_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN);
+
+
+ FF_zero(g,FFLEN);
+ FF_copy(g,jp,HFLEN);
+ FF_mod(jp,PRIV->q,HFLEN);
+ if (FF_comp(jp,jq,HFLEN)>0)
+ FF_add(jq,jq,PRIV->q,HFLEN);
+ FF_sub(jq,jq,jp,HFLEN);
+ FF_norm(jq,HFLEN);
+
+ FF_mul(t,PRIV->c,jq,HFLEN);
+ FF_dmod(jq,t,PRIV->q,HFLEN);
+
+ FF_mul(t,jq,PRIV->p,HFLEN);
+ FF_add(g,t,g,FFLEN);
+ FF_norm(g,FFLEN);
+
+ FF_toOctet(F,g,FFLEN);
+
+ return;
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/rsa.h
----------------------------------------------------------------------
diff --git a/version22/c/rsa.h b/version22/c/rsa.h
new file mode 100644
index 0000000..b2c6ea0
--- /dev/null
+++ b/version22/c/rsa.h
@@ -0,0 +1,99 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/**
+ * @file rsa.h
+ * @author Mike Scott and Kealan McCusker
+ * @date 2nd June 2015
+ * @brief RSA Header file for implementation of RSA protocol
+ *
+ * declares functions
+ *
+ */
+
+#ifndef RSA_H
+#define RSA_H
+
+#include "amcl.h"
+
+#define MAX_RSA_BYTES 512 // Maximum of 4096
+#define HASH_TYPE_RSA SHA256 /**< Chosen Hash algorithm */
+#define RFS MODBYTES*FFLEN /**< RSA Public Key Size in bytes */
+
+/* RSA Auxiliary Functions */
+
+/** @brief RSA Key Pair Generator
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param e the encryption exponent
+ @param PRIV the output RSA private key
+ @param PUB the output RSA public key
+ @param P Input prime number. Used when R is equal to NULL for testing
+ @param Q Inpuy prime number. Used when R is equal to NULL for testing
+ */
+extern void RSA_KEY_PAIR(csprng *R,sign32 e,rsa_private_key* PRIV,rsa_public_key* PUB,octet *P, octet* Q);
+/** @brief PKCS V1.5 padding of a message prior to RSA signature
+ *
+ @param h is the hash type
+ @param M is the input message
+ @param W is the output encoding, ready for RSA signature
+ @return 1 if OK, else 0
+ */
+extern int PKCS15(int h,octet *M,octet *W);
+/** @brief OAEP padding of a message prior to RSA encryption
+ *
+ @param h is the hash type
+ @param M is the input message
+ @param R is a pointer to a cryptographically secure random number generator
+ @param P are input encoding parameter string (could be NULL)
+ @param F is the output encoding, ready for RSA encryption
+ @return 1 if OK, else 0
+ */
+extern int OAEP_ENCODE(int h,octet *M,csprng *R,octet *P,octet *F);
+/** @brief OAEP unpadding of a message after RSA decryption
+ *
+ Unpadding is done in-place
+ @param h is the hash type
+ @param P are input encoding parameter string (could be NULL)
+ @param F is input padded message, unpadded on output
+ @return 1 if OK, else 0
+ */
+extern int OAEP_DECODE(int h,octet *P,octet *F);
+/** @brief RSA encryption of suitably padded plaintext
+ *
+ @param PUB the input RSA public key
+ @param F is input padded message
+ @param G is the output ciphertext
+ */
+extern void RSA_ENCRYPT(rsa_public_key* PUB,octet *F,octet *G);
+/** @brief RSA decryption of ciphertext
+ *
+ @param PRIV the input RSA private key
+ @param G is the input ciphertext
+ @param F is output plaintext (requires unpadding)
+
+ */
+extern void RSA_DECRYPT(rsa_private_key* PRIV,octet *G,octet *F);
+/** @brief Destroy an RSA private Key
+ *
+ @param PRIV the input RSA private key. Destroyed on output.
+ */
+extern void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV);
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/testecdh.c
----------------------------------------------------------------------
diff --git a/version22/c/testecdh.c b/version22/c/testecdh.c
new file mode 100644
index 0000000..31e4944
--- /dev/null
+++ b/version22/c/testecdh.c
@@ -0,0 +1,207 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "ecdh.h"
+#include "randapi.h"
+
+int ecdh(csprng *RNG)
+{
+ int i,res;
+ char *pp="M0ng00se";
+ /* These octets are automatically protected against buffer overflow attacks */
+ /* Note salt must be big enough to include an appended word */
+ /* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
+ /* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
+ char s0[2*EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],key[EAS],salt[40],pw[40];
+ octet S0= {0,sizeof(s0),s0};
+ octet S1= {0,sizeof(s1),s1};
+ octet W0= {0,sizeof(w0),w0};
+ octet W1= {0,sizeof(w1),w1};
+ octet Z0= {0,sizeof(z0),z0};
+ octet Z1= {0,sizeof(z1),z1};
+ octet KEY= {0,sizeof(key),key};
+ octet SALT= {0,sizeof(salt),salt};
+ octet PW= {0,sizeof(pw),pw};
+
+ SALT.len=8;
+ for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
+
+ printf("Alice's Passphrase= %s\n",pp);
+
+ OCT_empty(&PW);
+ OCT_jstring(&PW,pp); // set Password from string
+
+ /* private key S0 of size EGS bytes derived from Password and Salt */
+
+ PBKDF2(HASH_TYPE_ECC,&PW,&SALT,1000,EGS,&S0);
+
+ printf("Alices private key= 0x");
+ OCT_output(&S0);
+
+ /* Generate Key pair S/W */
+
+ ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
+ printf("Alices public key= 0x");
+ OCT_output(&W0);
+
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
+ if (res!=0)
+ {
+ printf("ECP Public Key is invalid!\n");
+ return 0;
+ }
+
+ /* Random private key for other party */
+ ECP_KEY_PAIR_GENERATE(RNG,&S1,&W1);
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
+ if (res!=0)
+ {
+ printf("ECP Public Key is invalid!\n");
+ return 0;
+ }
+ printf("Servers private key= 0x");
+ OCT_output(&S1);
+ printf("Servers public key= 0x");
+ OCT_output(&W1);
+
+ /* Calculate common key using DH - IEEE 1363 method */
+
+ ECPSVDP_DH(&S0,&W1,&Z0);
+ ECPSVDP_DH(&S1,&W0,&Z1);
+
+ if (!OCT_comp(&Z0,&Z1))
+ {
+ printf("*** ECPSVDP-DH Failed\n");
+ return 0;
+ }
+
+ KDF2(HASH_TYPE_ECC,&Z0,NULL,EAS,&KEY);
+
+ printf("Alice's DH Key= 0x");
+ OCT_output(&KEY);
+ printf("Servers DH Key= 0x");
+ OCT_output(&KEY);
+
+#if CURVETYPE != MONTGOMERY
+
+ char ds[EGS],p1[30],p2[30],v[2*EFS+1],m[32],c[64],t[32],cs[EGS];
+ octet DS= {0,sizeof(ds),ds};
+ octet CS= {0,sizeof(cs),cs};
+ octet P1= {0,sizeof(p1),p1};
+ octet P2= {0,sizeof(p2),p2};
+ octet V= {0,sizeof(v),v};
+ octet M= {0,sizeof(m),m};
+ octet C= {0,sizeof(c),c};
+ octet T= {0,sizeof(t),t};
+
+ printf("Testing ECIES\n");
+
+ P1.len=3;
+ P1.val[0]=0x0;
+ P1.val[1]=0x1;
+ P1.val[2]=0x2;
+ P2.len=4;
+ P2.val[0]=0x0;
+ P2.val[1]=0x1;
+ P2.val[2]=0x2;
+ P2.val[3]=0x3;
+
+ M.len=17;
+ for (i=0; i<=16; i++) M.val[i]=i;
+
+ ECP_ECIES_ENCRYPT(HASH_TYPE_ECC,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
+
+ printf("Ciphertext= \n");
+ printf("V= 0x");
+ OCT_output(&V);
+ printf("C= 0x");
+ OCT_output(&C);
+ printf("T= 0x");
+ OCT_output(&T);
+
+ if (!ECP_ECIES_DECRYPT(HASH_TYPE_ECC,&P1,&P2,&V,&C,&T,&S1,&M))
+ {
+ printf("*** ECIES Decryption Failed\n");
+ return 0;
+ }
+ else printf("Decryption succeeded\n");
+
+ printf("Message is 0x");
+ OCT_output(&M);
+
+
+ printf("Testing ECDSA\n");
+
+ if (ECPSP_DSA(HASH_TYPE_ECC,RNG,NULL,&S0,&M,&CS,&DS)!=0)
+ {
+ printf("***ECDSA Signature Failed\n");
+ return 0;
+ }
+
+ printf("Signature C = 0x");
+ OCT_output(&CS);
+ printf("Signature D = 0x");
+ OCT_output(&DS);
+
+ if (ECPVP_DSA(HASH_TYPE_ECC,&W0,&M,&CS,&DS)!=0)
+ {
+ printf("***ECDSA Verification Failed\n");
+ return 0;
+ }
+ else
+ {
+ printf("ECDSA Signature/Verification succeeded\n");
+ }
+
+#endif
+
+ return 0;
+}
+
+int main()
+{
+ int i;
+ unsigned long ran;
+
+ char raw[100];
+ octet RAW= {0,sizeof(raw),raw};
+ csprng RNG; /* Crypto Strong RNG */
+
+ time((time_t *)&ran);
+
+ RAW.len=100; /* fake random seed source */
+ RAW.val[0]=ran;
+ RAW.val[1]=ran>>8;
+ RAW.val[2]=ran>>16;
+ RAW.val[3]=ran>>24;
+ for (i=0; i<100; i++) RAW.val[i]=i+1;
+
+ CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
+
+ ecdh(&RNG);
+
+ KILL_CSPRNG(&RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/testmpin.c
----------------------------------------------------------------------
diff --git a/version22/c/testmpin.c b/version22/c/testmpin.c
new file mode 100644
index 0000000..f3ba165
--- /dev/null
+++ b/version22/c/testmpin.c
@@ -0,0 +1,313 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* test driver and function exerciser for MPIN Functions */
+/* Version 3.0 - supports Time Permits */
+
+/* Build executible after installation:
+
+ gcc -std=c99 -g ./testmpin.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl -lmpin -o testmpin
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "mpin.h"
+#include "randapi.h"
+
+#define PERMITS /* for time permits ON or OFF */
+#define PINERROR /* For PIN ERROR detection ON or OFF */
+#define FULL /* for M-Pin Full or M-Pin regular */
+//#define SINGLE_PASS /* SINGLE PASS M-Pin */
+
+int mpin(csprng *RNG)
+{
+ int pin,rtn,err;
+#ifdef PERMITS
+ int date=MPIN_today();
+#else
+ int date=0;
+#endif
+ char x[PGS],s[PGS],y[PGS],client_id[100],sst[4*PFS],token[2*PFS+1],sec[2*PFS+1],permit[2*PFS+1],xcid[2*PFS+1],xid[2*PFS+1],e[12*PFS],f[12*PFS];
+ char hcid[PFS],hsid[PFS],hid[2*PFS+1],htid[2*PFS+1],h[PGS];
+#ifdef FULL
+ char r[PGS],z[2*PFS+1],w[PGS],t[2*PFS+1];
+ char g1[12*PFS],g2[12*PFS];
+ char ck[PAS],sk[PAS];
+#endif
+ octet S= {0,sizeof(s),s};
+ octet X= {0,sizeof(x),x};
+ octet Y= {0,sizeof(y),y};
+ octet H= {0,sizeof(h),h};
+ octet CLIENT_ID= {0,sizeof(client_id),client_id};
+ octet SST= {0,sizeof(sst),sst};
+ octet TOKEN= {0,sizeof(token),token};
+ octet SEC= {0,sizeof(sec),sec};
+ octet PERMIT= {0,sizeof(permit),permit};
+ octet xCID= {0,sizeof(xcid),xcid};
+ octet xID= {0,sizeof(xid),xid};
+ octet HCID= {0,sizeof(hcid),hcid};
+ octet HSID= {0,sizeof(hsid),hsid};
+ octet HID= {0,sizeof(hid),hid};
+ octet HTID= {0,sizeof(htid),htid};
+ octet E= {0,sizeof(e),e};
+ octet F= {0,sizeof(f),f};
+#ifdef FULL
+ octet R= {0,sizeof(r),r};
+ octet Z= {0,sizeof(z),z};
+ octet W= {0,sizeof(w),w};
+ octet T= {0,sizeof(t),t};
+ octet G1= {0,sizeof(g1),g1};
+ octet G2= {0,sizeof(g2),g2};
+ octet SK= {0,sizeof(sk),sk};
+ octet CK= {0,sizeof(ck),ck};
+#endif
+ octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
+ char idhex[100];
+
+ /* Trusted Authority set-up */
+ MPIN_RANDOM_GENERATE(RNG,&S);
+ printf("Master Secret= ");
+ OCT_output(&S);
+
+ /* Create Client Identity */
+ OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HCID); /* Either Client or TA calculates Hash(ID) - you decide! */
+
+ printf("Client ID Hash= ");
+ OCT_output(&HCID);
+ printf("\n");
+
+ OCT_toHex(&CLIENT_ID,idhex);
+ printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
+
+ /* Client and Server are issued secrets by DTA */
+ MPIN_GET_SERVER_SECRET(&S,&SST);
+ printf("Server Secret= ");
+ OCT_output(&SST);
+
+ MPIN_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
+ printf("Client Secret= ");
+ OCT_output(&TOKEN);
+
+ /* Client extracts PIN from secret to create Token */
+ pin=1234;
+ printf("Client extracts PIN= %d\n",pin);
+ MPIN_EXTRACT_PIN(HASH_TYPE_MPIN,&CLIENT_ID,pin,&TOKEN);
+ printf("Client Token= ");
+ OCT_output(&TOKEN);
+
+#ifdef FULL
+ MPIN_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
+#endif
+
+#ifdef PERMITS
+ /* Client gets "Time Permit" from DTA */
+ printf("Client gets Time Permit\n");
+
+ MPIN_GET_CLIENT_PERMIT(HASH_TYPE_MPIN,date,&S,&HCID,&PERMIT);
+ printf("Time Permit= ");
+ OCT_output(&PERMIT);
+
+ /* This encoding makes Time permit look random */
+ if (MPIN_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
+ /* printf("Encoded Time Permit= "); OCT_output(&PERMIT); */
+ if (MPIN_DECODING(&PERMIT)!=0) printf("Decoding error\n");
+ /* printf("Decoded Time Permit= "); OCT_output(&PERMIT); */
+#endif
+
+ /* MPin Protocol */
+
+ /* Client enters PIN */
+ printf("\nPIN= ");
+ if(scanf("%d",&pin)) {};
+ /* to avoid silly compile error */
+ getchar();
+
+ /* Set date=0 and PERMIT=NULL if time permits not in use
+
+ Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
+ If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
+ Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
+
+ HSID - hashed client ID as calculated by the server
+ HCID - hashed client ID as calculated by the client
+
+ IMPORTANT: To save space and time..
+ If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
+ If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
+ If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
+
+ */
+
+ pxID=&xID;
+ pxCID=&xCID;
+ pHID=&HID;
+ pHTID=&HTID;
+ pE=&E;
+ pF=&F;
+ pPERMIT=&PERMIT;
+
+#ifdef PERMITS
+ prHID=pHTID;
+#ifndef PINERROR
+ pxID=NULL;
+// pHID=NULL; //new
+#endif
+#else
+ prHID=pHID;
+ pPERMIT=NULL;
+ pxCID=NULL;
+ pHTID=NULL;
+#endif
+#ifndef PINERROR
+ pE=NULL;
+ pF=NULL;
+#endif
+
+ /* When set only send hashed IDs to server */
+ octet *pID;
+#ifdef USE_ANONYMOUS
+ pID = &HCID;
+#else
+ pID = &CLIENT_ID;
+#endif
+
+#ifdef SINGLE_PASS
+ int timeValue;
+ printf("MPIN Single Pass\n");
+ timeValue = MPIN_GET_TIME();
+
+ rtn=MPIN_CLIENT(HASH_TYPE_MPIN,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
+
+ if (rtn != 0)
+ {
+ printf("MPIN_CLIENT ERROR %d\n", rtn);
+ return 1;
+ }
+
+#ifdef FULL
+ MPIN_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */
+#endif
+
+
+ rtn=MPIN_SERVER(HASH_TYPE_MPIN,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue);
+
+#ifdef FULL
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HSID); // new
+ MPIN_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w */
+#endif
+
+#else // SINGLE_PASS
+ printf("MPIN Multi Pass\n");
+ if (MPIN_CLIENT_1(HASH_TYPE_MPIN,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
+ {
+ printf("Error from Client side - First Pass\n");
+ return 0;
+ }
+
+ /* Send U=x.ID to server, and recreate secret from token and pin */
+
+#ifdef FULL
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HCID);
+ MPIN_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r, DH component */
+#endif
+
+ /* Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
+ MPIN_SERVER_1(HASH_TYPE_MPIN,date,pID,pHID,pHTID);
+
+ /* Server generates Random number Y and sends it to Client */
+ MPIN_RANDOM_GENERATE(RNG,&Y);
+
+#ifdef FULL
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HSID); //new
+ MPIN_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w, DH component */
+#endif
+
+ /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
+ if (MPIN_CLIENT_2(&X,&Y,&SEC)!=0)
+ {
+ printf("Error from Client side - Second Pass\n");
+ return 1;
+ }
+
+ /* Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
+ /* If PIN error not required, set E and F = NULL */
+ rtn=MPIN_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF);
+#endif // SINGLE_PASS
+
+ if (rtn!=0)
+ {
+ printf("Server says - Bad Pin.\n");
+#ifdef PINERROR
+
+ err=MPIN_KANGAROO(&E,&F);
+ if (err) printf("(Client PIN is out by %d)\n",err);
+
+#endif
+ return 1;
+ }
+ else
+ {
+ printf("Server says - PIN is good! You really are ");
+ OCT_output_string(&CLIENT_ID);
+ printf(".\n");
+ }
+
+#ifdef FULL
+ MPIN_HASH_ALL(HASH_TYPE_MPIN,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
+ MPIN_CLIENT_KEY(HASH_TYPE_MPIN,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
+ printf("Client Key = ");
+ OCT_output(&CK);
+
+ MPIN_HASH_ALL(HASH_TYPE_MPIN,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
+ MPIN_SERVER_KEY(HASH_TYPE_MPIN,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
+ printf("Server Key = ");
+ OCT_output(&SK);
+#endif
+ return 0;
+}
+
+int main()
+{
+ int i;
+ unsigned long ran;
+
+ char raw[100];
+ octet RAW= {0,sizeof(raw),raw};
+ csprng RNG; /* Crypto Strong RNG */
+
+ time((time_t *)&ran);
+
+ RAW.len=100; /* fake random seed source */
+ RAW.val[0]=ran;
+ RAW.val[1]=ran>>8;
+ RAW.val[2]=ran>>16;
+ RAW.val[3]=ran>>24;
+ for (i=0; i<100; i++) RAW.val[i]=i+1;
+
+ CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
+
+ mpin(&RNG);
+
+ KILL_CSPRNG(&RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/testrsa.c
----------------------------------------------------------------------
diff --git a/version22/c/testrsa.c b/version22/c/testrsa.c
new file mode 100644
index 0000000..247ba97
--- /dev/null
+++ b/version22/c/testrsa.c
@@ -0,0 +1,104 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* test driver and function exerciser for RSA API Functions */
+
+#include <stdio.h>
+#include <time.h>
+#include "rsa.h"
+#include "randapi.h"
+
+int rsa(csprng *RNG)
+{
+ char m[RFS],ml[RFS],c[RFS],e[RFS],s[RFS];
+ rsa_public_key pub;
+ rsa_private_key priv;
+
+ octet M= {0,sizeof(m),m};
+ octet ML= {0,sizeof(ml),ml};
+ octet C= {0,sizeof(c),c};
+ octet E= {0,sizeof(e),e};
+ octet S= {0,sizeof(s),s};
+
+ printf("Generating public/private key pair\n");
+ RSA_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL);
+
+ printf("Encrypting test string\n");
+ OCT_jstring(&M,(char *)"Hello World\n");
+
+ OAEP_ENCODE(HASH_TYPE_RSA,&M,RNG,NULL,&E); /* OAEP encode message m to e */
+
+ RSA_ENCRYPT(&pub,&E,&C); /* encrypt encoded message */
+ printf("Ciphertext= ");
+ OCT_output(&C);
+
+ printf("Decrypting test string\n");
+ RSA_DECRYPT(&priv,&C,&ML); /* ... and then decrypt it */
+
+ OAEP_DECODE(HASH_TYPE_RSA,NULL,&ML); /* decode it */
+ OCT_output_string(&ML);
+
+ printf("Signing message\n");
+ PKCS15(HASH_TYPE_RSA,&M,&C);
+
+ RSA_DECRYPT(&priv,&C,&S); /* create signature in S */
+
+ printf("Signature= ");
+ OCT_output(&S);
+
+ RSA_ENCRYPT(&pub,&S,&ML);
+
+ if (OCT_comp(&C,&ML)) printf("Signature is valid\n");
+ else printf("Signature is INVALID\n");
+
+ RSA_PRIVATE_KEY_KILL(&priv);
+
+ OCT_clear(&M);
+ OCT_clear(&ML); /* clean up afterwards */
+ OCT_clear(&C);
+ OCT_clear(&E);
+
+ return 0;
+}
+
+int main()
+{
+ int i;
+ unsigned long ran;
+
+ char raw[100];
+ octet RAW= {0,sizeof(raw),raw};
+ csprng RNG; /* Crypto Strong RNG */
+
+ time((time_t *)&ran);
+
+ RAW.len=100; /* fake random seed source */
+ RAW.val[0]=ran;
+ RAW.val[1]=ran>>8;
+ RAW.val[2]=ran>>16;
+ RAW.val[3]=ran>>24;
+ for (i=0; i<100; i++) RAW.val[i]=i+1;
+
+ CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
+
+ rsa(&RNG);
+
+ KILL_CSPRNG(&RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/x509.c
----------------------------------------------------------------------
diff --git a/version22/c/x509.c b/version22/c/x509.c
new file mode 100644
index 0000000..6a59294
--- /dev/null
+++ b/version22/c/x509.c
@@ -0,0 +1,1079 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL X.509 Functions */
+
+// To run test program, define HAS_MAIN
+// gcc x509.c ecdh.c rsa.c amcl.a -o x509.exe
+
+#define HAS_MAIN
+
+#include <stdio.h>
+#include "ecdh.h"
+#include "rsa.h"
+#include "x509.h"
+
+// ASN.1 tags
+
+#define ANY 0x00
+#define SEQ 0x30
+#define OID 0x06
+#define INT 0x02
+#define NUL 0x05
+#define ZER 0x00
+#define UTF 0x0C
+#define UTC 0x17
+#define LOG 0x01
+#define BIT 0x03
+#define OCT 0x04
+#define STR 0x13
+#define SET 0x31
+#define IA5 0x16
+
+// Supported Encryption Methods
+
+#define ECC 1
+#define RSA 2
+#define ECC_H256 11
+#define ECC_H384 12
+#define ECC_H512 13
+#define RSA_H256 21
+#define RSA_H384 22
+#define RSA_H512 23
+
+// return xxxxxxxxxxxxxxxx | xxxx | xxxx
+// 2048 | 2 | 3 -> 2048-bit RSA with SHA512
+
+#define H256 2
+#define H384 3
+#define H512 4
+
+// Define some OIDs
+
+// Elliptic Curve with SHA256
+static char eccsha256[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02};
+static octet ECCSHA256= {8,sizeof(eccsha256),eccsha256};
+
+// Elliptic Curve with SHA384
+static char eccsha384[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x03};
+static octet ECCSHA384= {8,sizeof(eccsha384),eccsha384};
+
+// Elliptic Curve with SHA512
+static char eccsha512[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x04};
+static octet ECCSHA512= {8,sizeof(eccsha512),eccsha512};
+
+// EC Public Key
+static char ecpk[7]= {0x2a,0x86,0x48,0xce,0x3d,0x02,0x01};
+static octet ECPK= {7,sizeof(ecpk),ecpk};
+
+// C25519 curve
+static char prime25519[9]= {0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01}; /*****/
+static octet PRIME25519= {9,sizeof(prime25519),prime25519};
+
+// NIST256 curve
+static char prime256v1[8]= {0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07};
+static octet PRIME256V1= {8,sizeof(prime256v1),prime256v1};
+
+// NIST384 curve
+static char secp384r1[5]= {0x2B,0x81,0x04,0x00,0x22};
+static octet SECP384R1= {5,sizeof(secp384r1),secp384r1};
+
+// NIST521 curve
+static char secp521r1[5]= {0x2B,0x81,0x04,0x00,0x23};
+static octet SECP521R1= {5,sizeof(secp521r1),secp521r1};
+
+// RSA Public Key
+static char rsapk[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01};
+static octet RSAPK= {9,sizeof(rsapk),rsapk};
+
+// RSA with SHA256
+static char rsasha256[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b};
+static octet RSASHA256= {9,sizeof(rsasha256),rsasha256};
+
+// RSA with SHA384
+static char rsasha384[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0c};
+static octet RSASHA384= {9,sizeof(rsasha384),rsasha384};
+
+// RSA with SHA512
+static char rsasha512[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0d};
+static octet RSASHA512= {9,sizeof(rsasha512),rsasha512};
+
+#ifdef HAS_MAIN
+// countryName
+static char cn[3]= {0x55,0x04,0x06};
+static octet CN= {3,sizeof(cn),cn};
+
+// stateName
+// static char sn[3]= {0x55,0x04,0x08};
+// static octet SN= {3,sizeof(sn),sn};
+
+// localName
+// static char ln[3]= {0x55,0x04,0x07};
+// static octet LN= {3,sizeof(ln),ln};
+
+// orgName
+static char on[3]= {0x55,0x04,0x0A};
+static octet ON= {3,sizeof(on),on};
+
+// unitName
+// static char un[3]= {0x55,0x04,0x0B};
+// static octet UN= {3,sizeof(un),un};
+
+// myName
+// static char mn[3]= {0x55,0x04,0x03};
+// static octet MN= {3,sizeof(mn),mn};
+
+// emailName
+static char en[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01};
+static octet EN= {9,sizeof(en),en};
+#endif // HAS_MAIN
+
+/* Check expected TAG and return ASN.1 field length. If tag=0 skip check. */
+static int getalen(int tag,char *b,int j)
+{
+ int len;
+
+ if (tag!=0 && (unsigned char)b[j]!=tag) return -1; // not a valid tag
+ j++;
+
+ if ((unsigned char)b[j]==0x81)
+ {
+ j++;
+ len=(unsigned char)b[j];
+ }
+ else if ((unsigned char)b[j]==0x82)
+ {
+ j++;
+ len=256*b[j++];
+ len+=(unsigned char)b[j];
+ }
+ else
+ {
+ len=(unsigned char)b[j];
+ if (len>127) return -1;
+ }
+ return len;
+}
+
+/* jump over length field */
+static int skip(int len)
+{
+ if (len<128) return 2;
+ if (len>=128 && len<256) return 3;
+ return 4;
+}
+
+/* round length up to nearest 8-byte length */
+static int bround(int len)
+{
+ if (len%8==0) return len;
+ return len+(8-len%8);
+
+}
+
+// Input signed cert as octet, and extract signature
+// Return 0 for failure, ECC for Elliptic Curve signature, RSA for RSA signature
+// Note that signature type is not provided here - its the type of the public key that
+// is used to verify it that matters, and which determines for example the curve to be used!
+
+pktype X509_extract_cert_sig(octet *sc,octet *sig)
+{
+ int i,j,k,fin,len,rlen,sj,ex;
+ char soid[9];
+ octet SOID= {0,sizeof(soid),soid};
+ pktype ret;
+
+ ret.type=0;
+ ret.hash=0;
+
+ j=0;
+
+ len=getalen(SEQ,sc->val,j); // Check for expected SEQ clause, and get length
+ if (len<0) return ret; // if not a SEQ clause, there is a problem, exit
+ j+=skip(len); // skip over length to clause contents. Add len to skip clause
+
+ if (len+j!=sc->len) return ret;
+
+ len=getalen(SEQ,sc->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // jump over cert to signature OID
+
+ len=getalen(SEQ,sc->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ sj=j+len; // Needed to jump over signature OID
+
+// dive in to extract OID
+ len=getalen(OID,sc->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ fin=j+len;
+ SOID.len=len;
+ for (i=0; j<fin; j++)
+ SOID.val[i++]= sc->val[j];
+
+ // check OID here..
+
+ if (OCT_comp(&ECCSHA256,&SOID))
+ {
+ ret.type=ECC;
+ ret.hash=H256;
+ }
+ if (OCT_comp(&ECCSHA384,&SOID))
+ {
+ ret.type=ECC;
+ ret.hash=H384;
+ }
+ if (OCT_comp(&ECCSHA512,&SOID))
+ {
+ ret.type=ECC;
+ ret.hash=H512;
+ }
+ if (OCT_comp(&RSASHA256,&SOID))
+ {
+ ret.type=RSA;
+ ret.hash=H256;
+ }
+ if (OCT_comp(&RSASHA384,&SOID))
+ {
+ ret.type=RSA;
+ ret.hash=H384;
+ }
+ if (OCT_comp(&RSASHA512,&SOID))
+ {
+ ret.type=RSA;
+ ret.hash=H512;
+ }
+
+ if (ret.type==0) return ret; // unsupported type
+
+ j=sj; // jump out to signature
+
+ len=getalen(BIT,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+ j++;
+ len--; // skip bit shift (hopefully 0!)
+
+ if (ret.type==ECC)
+ {
+ // signature in the form (r,s)
+ len=getalen(SEQ,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ // pick up r part of signature
+ len=getalen(INT,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ if (sc->val[j]==0)
+ {
+ // skip leading zero
+ j++;
+ len--;
+ }
+ rlen=bround(len);
+
+ ex=rlen-len;
+ sig->len=2*rlen;
+
+ i=0;
+ for (k=0; k<ex; k++)
+ sig->val[i++]=0;
+
+ fin=j+len;
+ for (; j<fin; j++)
+ sig->val[i++]= sc->val[j];
+
+ // pick up s part of signature
+ len=getalen(INT,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ if (sc->val[j]==0)
+ {
+ // skip leading zeros
+ j++;
+ len--;
+ }
+ rlen=bround(len);
+ ex=rlen-len;
+ for (k=0; k<ex; k++)
+ sig->val[i++]=0;
+
+ fin=j+len;
+ for (; j<fin; j++)
+ sig->val[i++]= sc->val[j];
+
+ }
+ if (ret.type==RSA)
+ {
+ rlen=bround(len);
+ ex=rlen-len;
+
+ sig->len=rlen;
+ i=0;
+ for (k=0; k<ex; k++)
+ sig->val[i++]=0;
+
+ fin=j+len;
+ for (; j<fin; j++)
+ sig->val[i++]= sc->val[j];
+
+ }
+ if (ret.hash==H256) ret.curve=NIST256;
+ if (ret.hash==H384) ret.curve=NIST384;
+ if (ret.hash==H512) ret.curve=NIST521;
+
+ return ret;
+}
+
+// Extract certificate from signed cert
+int X509_extract_cert(octet *sc,octet *cert)
+{
+ int i,j,fin,len,k;
+
+ j=0;
+ len=getalen(SEQ,sc->val,j);
+
+ if (len<0) return 0;
+ j+=skip(len);
+
+ k=j;
+
+ len=getalen(SEQ,sc->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ fin=j+len;
+ cert->len=fin-k;
+ for (i=k; i<fin; i++) cert->val[i-k]=sc->val[i];
+
+ return 1;
+}
+
+// Extract Public Key from inside Certificate
+pktype X509_extract_public_key(octet *c,octet *key)
+{
+ int i,j,fin,len,sj;
+ char koid[12]; /*****/
+ octet KOID= {0,sizeof(koid),koid};
+ pktype ret;
+
+ ret.type=ret.hash=0;
+ ret.curve=-1;
+
+ j=0;
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ if (len+j!=c->len) return ret;
+
+ len=getalen(0,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; //jump over version clause
+
+ len=getalen(INT,c->val,j);
+
+ if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // jump over signature algorithm
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // skip issuer
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // skip validity
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // skip subject
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len); //
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+// ** Maybe dive in and check Public Key OIDs here?
+// ecpublicKey & prime256v1, secp384r1 or secp521r1 for ECC
+// rsapublicKey for RSA
+
+ sj=j+len;
+
+ len=getalen(OID,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ fin=j+len;
+ KOID.len=len;
+ for (i=0; j<fin; j++)
+ KOID.val[i++]= c->val[j];
+
+ ret.type=0;
+ if (OCT_comp(&ECPK,&KOID)) ret.type=ECC;
+ if (OCT_comp(&RSAPK,&KOID)) ret.type=RSA;
+
+ if (ret.type==0) return ret;
+
+ if (ret.type==ECC)
+ {
+ // which elliptic curve?
+ len=getalen(OID,c->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ fin=j+len;
+ KOID.len=len;
+ for (i=0; j<fin; j++)
+ KOID.val[i++]= c->val[j];
+
+ if (OCT_comp(&PRIME25519,&KOID)) ret.curve=C25519; /*****/
+ if (OCT_comp(&PRIME256V1,&KOID)) ret.curve=NIST256;
+ if (OCT_comp(&SECP384R1,&KOID)) ret.curve=NIST384;
+ if (OCT_comp(&SECP521R1,&KOID)) ret.curve=NIST521;
+ }
+
+ j=sj; // skip to actual Public Key
+
+ len=getalen(BIT,c->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len); //
+ j++;
+ len--; // skip bit shift (hopefully 0!)
+
+// extract key
+ if (ret.type==ECC)
+ {
+ key->len=len;
+ fin=j+len;
+ for (i=0; j<fin; j++)
+ key->val[i++]= c->val[j];
+
+ }
+ if (ret.type==RSA)
+ {
+ // Key is (modulus,exponent) - assume exponent is 65537
+ len=getalen(SEQ,c->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len); //
+
+ len=getalen(INT,c->val,j); // get modulus
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len); //
+ if (c->val[j]==0)
+ {
+ j++;
+ len--; // remove leading zero
+ }
+
+ key->len=len;
+ fin=j+len;
+ for (i=0; j<fin; j++)
+ key->val[i++]= c->val[j];
+
+ }
+ return ret;
+}
+
+// Find pointer to main sections of cert, before extracting individual field
+// Find index to issuer in cert
+int X509_find_issuer(octet *c)
+{
+ int j,len;
+ j=0;
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ if (len+j!=c->len) return 0;
+
+ len=getalen(0,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; //jump over version clause
+
+ len=getalen(INT,c->val,j);
+
+ if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; // jump over signature algorithm
+
+ return j;
+}
+
+// Find index to validity period
+int X509_find_validity(octet *c)
+{
+ int j,len;
+ j=X509_find_issuer(c);
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; // skip issuer
+
+ return j;
+}
+
+// Find index to subject in cert
+int X509_find_subject(octet *c)
+{
+ int j,len;
+ j=X509_find_validity(c);
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; // skip validity
+
+ return j;
+}
+
+// NOTE: When extracting cert information, we actually return just an index to the data inside the cert, and maybe its length
+// So no memory is assigned to store cert info. It is the callers responsibility to allocate such memory if required, and copy
+// cert information into it.
+
+// Find entity property indicated by SOID, given start of issuer or subject field. Return index in cert, flen=length of field
+
+int X509_find_entity_property(octet *c,octet *SOID,int start,int *flen)
+{
+ int i,j,k,fin,len,tlen;
+ char foid[50]; /*****/
+ octet FOID= {0,sizeof(foid),foid};
+
+ j=start;
+
+ tlen=getalen(SEQ,c->val,j);
+ if (tlen<0) return 0;
+ j+=skip(tlen);
+
+ for (k=j; j<k+tlen;)
+ {
+ // search for Owner OID
+ len=getalen(SET,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ len=getalen(OID,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ fin=j+len; // extract OID
+ FOID.len=len;
+ for (i=0; j<fin; j++)
+ FOID.val[i++]= c->val[j];
+ len=getalen(ANY,c->val,j); // get text, could be any type
+ if (len<0) return 0;
+
+ j+=skip(len);
+ if (OCT_comp(&FOID,SOID))
+ {
+ // if its the right one return
+ *flen=len;
+ return j;
+ }
+ j+=len; // skip over it
+ }
+ *flen=0; /*****/
+ return 0;
+}
+
+// Find start date of certificate validity period
+int X509_find_start_date(octet *c,int start)
+{
+ int j,len;
+ j=start;
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ len=getalen(UTC,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ return j;
+}
+
+// Find expiry date of certificate validity period
+int X509_find_expiry_date(octet *c,int start)
+{
+ int j,len;
+ j=start;
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ len=getalen(UTC,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len;
+
+ len=getalen(UTC,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ return j;
+}
+
+void print_out(char *des,octet *c,int index,int len)
+{
+ int i;
+ printf("%s [",des);
+ for (i=0; i<len; i++)
+ printf("%c",c->val[index+i]);
+ printf("]\n");
+}
+
+void print_date(char *des,octet *c,int index)
+{
+ int i=index;
+ printf("%s [",des);
+ if (i==0) printf("]\n");
+ else printf("20%c%c-%c%c-%c%c %c%c:%c%c:%c%c]\n",c->val[i],c->val[i+1],c->val[i+2],c->val[i+3],c->val[i+4],c->val[i+5],c->val[i+6],c->val[i+7],c->val[i+8],c->val[i+9],c->val[i+10],c->val[i+11]);
+}
+
+
+#ifdef HAS_MAIN
+
+/* test driver program */
+// Sample Certs. Uncomment one CA cert and one example cert. Note that AMCL library must be built to support given curve.
+// Sample Certs all created using OpenSSL - see http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
+// Note - SSL currently only supports NIST curves. Howevever version 1.1.0 of OpenSSL now supports C25519
+
+#if CHOICE==C25519
+// ** CA is RSA 2048-bit based - for use with C25519 build of the library - assumes use of SHA256 in Certs
+
+char ca_b64[]="MIID6zCCAtOgAwIBAgIJALJxywTGMUA7MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTAeFw0xNjA2MzAxNzQyNDFaFw0yMTA2MzAxNzQyNDFaMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPCTPcPWgiI0ka5Czd0ZzW+gTaMEe9QW7FGu5+9fS6ALrCpdbxdwDX8+OQXZuQJpLYEAIq1pDh3fVQguH/jUM9gQQrS2Lmz3KhXC/J3yv85FRotCGv13ztapMedTy2IxzbtPvoQQc+IAlUPX6DtD8JqBoAstrlQUnkMChKztMGR2OERdjNzXmXm+KMMPlZzk+EvRwCornVA+SB5QAWj7y/3ISFo0y1WG8ewoQEx3HQYrjXbQP1VTdiLW7dHPQP86XKoTMtTBEYWuFhKB9ClCeu4Qqqxqa9UPIVfdro7SoZScCt+OX4KhzLnOCFupoLxE+yTDhDpYcCcmI1yglCv9DpMCAwEAAaNQME4wHQYDVR0OBBYEFFH18YEMoxms7121N/nQ+Wm3b5smMB8GA1UdIwQYMBaAFFH18YEMoxms7121N/nQ+Wm3b5smMAwGA1UdEwQFMAMBAf8wDQYJKo
ZIhvcNAQELBQADggEBALCUob0y2O4DSzsqG76yrtCxXWxDdgjSkHKzwFK62BzZK5EuCDJrVgCyoLX0SvYvoT9x0wtS+bxJ7TNEGn7Rkp5/iSQCUSF7sVRoHqzErk70xVKKDy5FS+zre8k08nJrtRg2u1PmY95NO1SE96BtUVLs+8rQuqEX283tqlmqE/SF2+lxOb0WaVrya4oCJfj/XT83pRTcd5w9i7huWltMbKbagkmlQ/5q9Ayp/Jh1lLXmxr+/xEbZ2xEop/y+mgVF0vLxap7R5toBA0Yk7vvirlYv0hZGqGi5lBc9VeUqm1H/7XCi5xRU3AtJ4QRk4Z1xUa4qAPKfiqlPKd1dVe3Ah3w=";
+
+// an ECC 255-bit CA-signed cert
+char cert_b64[]="MIICqjCCAZICCQCk9jKdJYtnjDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARsYWJzMRMwEQYDVQQDDApNaWtlIFNjb3R0MSQwIgYJKoZIhvcNAQkBFhVtaWtlLnNjb3R0QG1pcmFjbC5jb20wHhcNMTYwNjMwMTc0NjQ4WhcNMTYwNzMwMTc0NjQ4WjCBjDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARsYWJzMRgwFgYDVQQDDA9LZWFsYW4gTWNDdXNrZXIxIDAeBgkqhkiG9w0BCQEWEWtlYWxhbkBtaXJhY2wuY29tMDkwFAYHKoZIzj0CAQYJKwYBBAHaRw8BAyEASiRQmhO9PP+SqodOhXYrnSlcyAOog63E6a4KLDFvAzEwDQYJKoZIhvcNAQELBQADggEBALByfCM/EhdqWBrEnDHtH2/U8xr1eSylHdcfnDSDR+X6KXH5rIJ/397lZQMHB6QSsEiVrWzfFDFPPjDN3xEDsZw09ZTT+L8Wi5P3UKR1gtawQCx3ciKEywAU1CU2dV05gvyebqIsbFUyH7jOlj6/1hIx9zaiLcoEex6D55MYQuWo664HF3CNdJFk1k4HF+fclRhyl4iryp0F9p0Wl5vyn96kg0NwaBZG860oCWDHZsjRq1JeSSaRf9CKNXWbQwjByeEcDphpprqmoVcI60cC0TvZZm1x4y7vjCXLD6uCDw3P7fnSp40yce64+IKUr8/cS+QYus58KHdLaLXsojZHL3c=";
+#endif
+
+#if CHOICE==NIST256
+
+// ** CA is RSA 2048-bit based - for use with NIST256 build of library - assumes use of SHA256 in Certs
+// RSA 2048 Self-Signed CA cert
+char ca_b64[]="MIIDuzCCAqOgAwIBAgIJAP44jcM1MOROMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTExMjYwOTUwMzlaFw0yMDExMjUwOTUwMzlaMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUs7/nri9J8zw8rW8JVszXP0ZqeLoQJaq2X28ebm8x5VT3okr9rnBjFjpx0YKQCAFQf8iSOOYuNpDvtZ/YpsjPbk2rg5sLY9G0eUMqrTuZ7moPSxnrXS5evizjD9Z9HqaqeNEYD3sPouPg+lhU1oAUQjUTJVFhEr1x0EnSEYbbrWtY9ZDSuZv+d4NIeqqPOYFd1yZc+LYZyQbAAQqwRLNPZH/rnIykLa6I7w7mGT7H6SBz2O09BtgpTHhalL40ecXa4ZOEze0xwzlc+mEFIrnmdadg3vQrJt42RVbo3LN6RfDIqUZOMOtQW/53pUR1lIpCwVWJTiOpmSEIEqhhjFq0CAwEAAaNQME4wHQYDVR0OBBYEFJrz6LHeT6FcjRahpUC3hAMxKRTCMB8GA1UdIwQYMBaAFJrz6LHeT6FcjRahpUC3hAMxKRTCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADqkqCYVa3X8XO9Ufu6XIUoZafFPRjSeJXvEIWqlbm7ixJ
Z2FPOvf2eMc5RCZYigNKhsxru5Ojw0lPcpa8DDmEsdZDf7p0vlmf7T7xH9gtoInh4DzgI8HRHFc8R/z2/jLX7nlLoopKX5yp7F1gRACg0pd4tGpQ6EnBNcYZZghFH9UIRDmx+vDlwDCu8vyRPt35orrEiI4XGq/QkvxxAb5YWxQ4i06064ULfyCI7suu3KoobdM1aAaA8zhpOOBXKbq+Wi9IGFe/wiEMHLmfHdt9CBTjIWb//IHji4RT05kCmTVrx97pb7EHafuL3L10mM5cpTyBWKnb4kMFtx9yw+S2U=";
+// an RSA 2048 CA-signed cert
+//char cert_b64[]="MIIDcjCCAloCAQEwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEwMzQzMFoXDTE3MTEyNTEwMzQzMFowgYkxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpVm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARNSUtFMSYwJAYJKoZIhvcNAQkBFhdtaWtlLnNjb3R0QGNlcnRpdm94LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIoxaQHFQzfyNChrw+3i7FjRFMHZ4zspkjkAcJW21LdBCqrxU+sdjyBoSFlrlafQOHshbrEP93AKX1bfaYbuV4fzq7OlRaLxaK+b+xrOJdewMI2WZ5OwEzj3onZATISogIoB6dTdzJ41NuxuMqQ/DqOnVrRA0SoIespbQhB8FGHBLw0hJATBzUk+bqOIt0HmnMp2EbYgtuG4lYINU/lD3Qt16SunUukWRLtxqJkioie+dkhP2zm+bOlSVmeQb4Wp8AI14OKkTfkdYC8qCxb5eabg90Q33rQUhNwRQHhHwopZwD/BgodasoSrPfwUlj0awh6y87eMGcik5Q/mjkCk5MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFrd7R/67ClkbLhpiX++6QTOa47siUAB9v+Qil9hZfhPNeeM589ixYkD4zH5pOK2B0ea+CXEKkanQ6lXx9KV86yS7fq6Yww7wO0diecusHd0+P82i46Tq0nm8nlsnAuhYoFRUGa2m2D
kB1HSsB0ts8DjzFLySonFjSSLHDU0ox9/uFbJMzipy3ijAA4XM0N4jRrUfrmxpA7DOOsbEbGkvvB7VK9+s9PHE/4dJTwhSteplUnhxVFkkDo/JwaLx4/IEQRlCF3KEQ5s3AwRHnbrIjOY2yONxHBtJEp7QN5aOHruwvMNRNheCBPiQJyLitUsFGr4voANmobkrFgYtu0tRMQ==";
+// an ECC 256 CA-signed cert
+char cert_b64[]="MIICojCCAYoCAQMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEzNDcyOVoXDTE3MTEyNTEzNDcyOVowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATO2iZiQZsXxzwBKnufKfZcsctNXZ4PmfJm638PmX9DQ3Xdb+nD5VxiOakNcB9xf5im8CriiOF5Z/7yPGyzUMbdMA0GCSqGSIb3DQEBCwUAA4IBAQAK5fMgGCCiPts8hMUZvYDpu8hd7qtPKPBc10QUccHb7PGrhqf/Ex2Gpj1aaURmx7SGZG0HX97LtkdW8KQpEoyaa60r7cjVA589TznxXKSGg5ggVoFJNpuZUm7VcolLjwIgTxtGbPzrvVMiZ4cl4PwFePXVKTl4f8XkOFX5gLmVSuCf729lEBmpx3IzqGmTjmnBixaApUElOKVeL7hiUKP3TqMUxZN+QNJBq4Mh9K9h4Sks2oneLwBwhMqQvpmcOb/7SucJn5N0IgJoGaMbfX0oCJJID1NSbagUSbFD1XciR2Ng9VtvnRP+htmEQ7jtww8phFdrWt5M5zPGOHUppqDx";
+
+// ** CA is ECC 256 based - for use with NIST256 build of library
+// ECC 256 Self-Signed CA cert
+//char ca_b64[]="MIIB7TCCAZOgAwIBAgIJANp4nGS/VYj2MAoGCCqGSM49BAMCMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNTExMjYxMzI0MTBaFw0yMDExMjUxMzI0MTBaMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPb6IjYNKyfbEtL1aafzW1jrn6ALn3PnGm7AyX+pcvwG0GKmb3Z/uHzhT4GysNE0/GB1n4Y/mrORQIm2X98rRs6jUDBOMB0GA1UdDgQWBBSfXUNkgJVklIhuXq4DCnVYhsdzwDAfBgNVHSMEGDAWgBSfXUNkgJVklIhuXq4DCnVYhsdzwDAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIQDrZJ1tshwTl/jabU2i49EOgbWe0ZgE3QZywJclf5IVwwIgVmz79AAf7e098lyrOKYAqbwjHVyMZGfmkNNGIuIhp/Q=";
+// an ECC 256 CA-signed cert
+//char cert_b64[]="MIIBvjCCAWQCAQEwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMjc1N1oXDTE3MTEyNTEzMjc1N1owgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY42H52TfWMLueKB1o2Sq8uKaKErbHJ2GRAxrnJdNxex0hxZF5FUx7664BbPUolKhpvKTnJxDq5/gMqXzpKgR6DAKBggqhkjOPQQDAgNIADBFAiEA0ew08Xg32g7BwheslVKwXo9XRRx4kygYha1+cn0tvaUCIEKCEwnosZlAckjcZt8aHN5zslE9K9Y7XxTErTstthKc";
+// an RSA 2048 CA-signed cert
+//char cert_b64[]="MIICiDCCAi4CAQIwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMzcwNVoXDTE3MTEyNTEzMzcwNVowgYExCzAJBgNVBAYTAklFMQ8wDQYDVQQIDAZJZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjPBVwmPg8Gwx0+8xekmomptA0BDwS7NUfBetqDqNMNyji0bSe8LAfpciU7NW/HWfUE1lndCqSDDwnMJmwC5e3GAl/Bus+a+z8ruEhWGbn95xrHXFkOawbRlXuS7UcEQCvPr8KQHhNsg4cyV7Hn527CPUl27n+WN8/pANo01cTN/dQaK87naU0Mid09vktlMKSN0zyJOnc5CsaTLs+vCRKJ9sUL3d4IQIA2y7gvrTe+iY/QI26nqhGpNWYyFkAdy9PdHUEnDI6JsfF7jFh37yG7XEgDDA3asp/oi1T1+ZoASj2boL++opdqCzDndeWwzDWAWuvJ9wULd80ti6x737ZAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIgCDwgl98+9moBo+etaLt8MvB/z5Ti6i9neRTZkvoFl7YCIQDq//M3OB757fepErRzIQo3aFAFYjOooi6WdSqP3XqGIg==";
+
+#endif
+
+#if CHOICE==NIST384
+
+// ** CA is RSA 3072-bit based - for use with NIST384 build of library - assumes use of SHA384 in Certs
+// RSA 3072 Self-Signed CA cert
+char ca_b64[]="MIIElzCCAv+gAwIBAgIJAJA+8OyEeK4FMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTAeFw0xNTExMjYxNDQ0MDBaFw0yMDExMjUxNDQ0MDBaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANvNO8ahsanxzqwkp3A3bujwObJoP3xpOiAAxwGbW867wx4EqBjPRZP+Wcm9Du6e4Fx9U7tHrOLocIUUBcRrmxUJ7Z375hX0cV9yuoYPNv0o2klJhB8+i4YXddkOrSmDLV4r46Ytt1/gjImziat6ZJALdd/uIuhaXwjzy1fFqSEBpkzhrFwFP9MG+5CgbRQed+YxZ10l/rjk+h3LKq9UFsxRCMPYhBFgmEKAVTMnbTfNNxawTRCKtK7nxxruGvAEM+k0ge5rvybERQ0NxtizefBSsB3Q6QVZOsRJiyC0HQhE6ZBHn4h3A5nHUZwPeh71KShw3uMPPB3Kp1pb/1Euq8azyXSshEMPivvgcGJSlm2b/xqsyrT1tie82MqB0APYAtbx3i5q8p+rD143NiNO8fzCq/J+EV82rVyvqDxf7AaTdJqDbZmnFRbIcrLcQdigWZdSjc+WxrCeOtebRmRknuUmetsCUPVzGv71PLMUNQ2qEiq8KGWmnMBJYVMl96bPxwIDAQABo1AwTjAdBgNVHQ4EFgQUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwHwYDVR0jBB
gwFoAUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAYEADlnC1gYIHpVf4uSuBpYNHMO324hhGajHNraHYQAoYc0bW4OcKi0732ib5CHDrV3LCxjxF4lxZVo61gatg5LnfJYldXc0vP0GQRcaqC6lXlLb8ZJ0O3oPgZkAqpzc+AQxYW1wFxbzX8EJU0stSwAuxkgs9bwg8tTxIhDutrcjQl3osnAqGDyM+7VAG5QLRMzxiZumyD7s/xBUOa+L6OKXf4QRr/SH/rPU8H+ENaNkv4PApSVzCgTBPOFBIzqEuO4hcQI0laUopsp2kK1w6wYB5oY/rR/O6lNNfB2WEtfdIhdbQru4cUE3boKerM8Mjd21RuerAuK4X8cbDudHIFsaopGSNuzZwPo/bu0OsmZkORxvdjahHJ0G3/6jM6nEDoIy6mXUCGOUOMhGQKCa8TYlZdPKz29QIxk6HA1wCA38MxUo/29Z7oYw27Mx3x8Gcr+UA4vc+oBN3IEzRmhRZKAYQ10MhYPx3NmYGZBDqHvT06oG5hysTCtlVzx0Tm+o01JQ";
+// an RSA 3072 CA-signed cert
+//char cert_b64[]="MIIEWzCCAsMCAQYwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE0NDY0MloXDTE3MTEyNTE0NDY0MlowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC6SrDiE4BpTEks1YpX209q8iH0dfvhGO8hi1rGYFYnz+eeiOvPdXiCdIPVPbGwxQGMEnZQV1X0KupYJw3LR2EsXhN4LZBxnQZmDvUXsTU+Ft/CKZUxVoXpNMxzwl70RC6XeUpPxvdPXa78AnfLL/DsOKsxCfNaKYZZ6G53L6Y69+HrCbyM7g2KrZ9/K/FXS1veMpRj9EbA6Mcdv1TUDNK2fTDV952AQO3kC3+PqywdVgPvntraAoQomrni+tcFW7UXe2Sk7DRcF/acBSuo2UtP3m9UWNL+8HOXvtRqmhns55Vj4DxKuPln759UBS7WZ11apCvC3BvCHR/k3WRf9PQWnW2cmT73/kEShvTRi8h7F9RWvYTEF1MuwSVy+l51q8O3rJU4XxnLm/YbtIGXZUf5Rqb0985zQkA+6rip/OSc8X5a3OV3kp38U7tXJ5sqBMg9RdIIz42cmiRLG5NYSj0/T6zjYEdwj3SYEBoPN/7UGSmhu8fdxS7JYPNpOsgeiu8CAwEAATANBgkqhkiG9w0BAQwFAAOCAY
EAyxxEg0hWLFuN2fiukX6vqzSDx5Ac8w1JI4W/bamRd7iDZfHQYqyPDZi9s07I2PcGbByj2oqoyGiIEBLbsljdIEF4D229h2kisn1gA9O+0IM44EgjhBTUoNDgC+SbfJrXlU2GZ1XI3OWjbK7+1wiv0NaBShbbiPgSdjQBP8S+9W7lyyIrZEM1J7maBdepie1BS//DUDmpQzEi0UlB1J+HmQpyZsnT97J9uIPKsK4t2/+iOiknl6iS4GzAQKMLqj2yIBRf/O44ZZ6UZIKLtI4PCVS/8H5Lrg3AC0kr4ZkPAXzefUiTwyLVkqYSxSSTvtb3BpgOxIbmA6juFid0rvUyjN4fuDQkxl3PZyQwIHjpz33HyKrmo4BZ8Dg4JT8LCsQgd0AaD3r0QOS5FdLhkb+rD8EMSsCoOCEtPI6lqLJCrGOQWj7zbcUdPOEsczWMI9hSfK3u/P9+gOUBUFkb0gBIn3WvNuHifIHpsZ5bzbR+SGtu5Tgc7CCCPyNgz1Beb247";
+// an ECC 384 CA-signed cert
+char cert_b64[]="MIIDCDCCAXACAQcwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE1MzU1M1oXDTE3MTEyNTE1MzU1M1owYDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VydGl2bzENMAsGA1UECwwETGFiczENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ1J+FT5mxxYEM4aYKM0CvZHmh8JFXzoBmzibabrvyTz79+1QOrR+6MEEsKtmJIYPJi+GsQ0PmjF2HmJncM1zeQh7DQYJf2Xc8p5Vjd8//6YREBVfN3UIyrl87MSucy+mjANBgkqhkiG9w0BAQwFAAOCAYEAmuwa64+K1qlCELpcnCyWwMhSb+Zsw0Hh6q/BfxalZhsX1UFEwE9nHoVJcokaEEYF4u4AYXU5rdysRHxYBfgMbohguTT7sJwCfve2JqpqvhQOkGDG1DB4Ho4y7NPPYB2+UMd7JMD0TOcHXdgQ8FtAE0ClD8VkW0gAC0lCrbQbynfLoUjIWqg3w2g79hvdZPgRt208nFiHuezynOaEFePoXl8CxHInsxAnMaJn2fEs5/QH67pwD65mPdNFsvlr0zdzYcceqEmEHpRAXFOQAJtffGjWAGGX/CsghLuqlpdCiTGA1B53XoXKJvArr/kHpTNMsU1NnkQIHZ5n4USCo4QgL6n9nwem7U2mYBYjmxPi5Y3JJnTZz4zUnv0bD0vSwoivnFZox9H6qTAkeIX1ojJ2ujxWHNOMvOFb6nU2gqNZj2vYcO38OIrK9gwM9lm4FF20YBuf
h+WOzQthrHJv0YuQt3NuDQEMkvz+23YvzZlr+e2XqDlMhyR01Kk0MXeLGGcv";
+
+// ** CA is ECC 384 based - - for use with NIST384 build of library - assumes use of SHA384 in Certs
+// ECC 384 Self-Signed CA Cert
+//char ca_b64[]="MIICSTCCAc6gAwIBAgIJAIwHpOFSZLXnMAoGCCqGSM49BAMDMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTAeFw0xNTExMjYxNTQ0NTlaFw0yMDExMjUxNTQ0NTlaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABOEPMYBqzIn1hJAMZ0aEVxQ08gBF2aSfWtEJtmKj64014w7VfWdeFQSIMP9SjmhatFbAvxep8xgcwbeAobGTqCgUp+0EdFZR1ktKSND/S+UDU1YSNCFRvlNTJ6YmXUkW36NQME4wHQYDVR0OBBYEFDQxIZoKNniNuW91UMJ1KWEjs045MB8GA1UdIwQYMBaAFDQxIZoKNniNuW91UMJ1KWEjs045MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwMDaQAwZgIxANbml6sp5A92qQiCM/OtBf+TbXpSpIO83TuNP9V2lsphp0CEX3KwAuqBXB95m9/xWAIxAOXAT2LqieSbUh4fpxcdaeY01RoGtD2AQch1a6BuIugcQqTfqLcXy7D51R70R729sA==";
+// an ECC 384 CA-signed cert
+//char cert_b64[]="MIICCjCCAZACAQgwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE1NTIxMFoXDTE3MTEyNTE1NTIxMFowgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEf2Qm6jH2U+vhAApsMqH9gzGCH8rk+mUwFSD3Uud4NiyPBqrJRC1eetVvr3cYb6ucDTa15km6QKvZZrsRW+Z4ZpryoEE6esmD4XPLrtrOtoxtxFNRhiMmT/M9zcrfMJC5MAoGCCqGSM49BAMDA2gAMGUCMF0x6PAvvnJR3riZdUPC4OWFC2K3eiz3QuLCdFOZVIqX7mkLftdS8BtzusXWMMgFCQIxALJNMKLs39P9wYQHu1C+v9ieltQr20C+WVYxqUvgL/KTdxd9dzc3wseZRDT1CydqOA==";
+// an RSA 3072 CA-signed cert
+//char cert_b64[]="MIIDFjCCAp4CAQkwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE2MTYwNloXDTE3MTEyNTE2MTYwNlowYzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBGxhYnMxDzANBgNVBAMMBmtlYWxhbjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAK5QhVjR+UGt3ZWPSGicpviqaOhxXmmvOepdl5Seqr+Iweb3IuEDgtHGwrw/EEgWlKPfS/2LW9ncptdNbVQh7+2rojj7ZtedrAK5p7I9b22f2U3sSHIqjtTT0BjqzL0qEwy/ATqbf93Tcr3yT0Ygh3yzbvn4zodrWQZK8kkN3PQKkiHBCuIxo+8MlTs8d99dl1hbJ84MYZuPmhrkB4oLEAt8+srtL+a4Yd0wPhuCYrLjBnYkD9TlcWLWWh8/iwXiznrY8gQsXSveQNzQjcmHilZrTlTL2dnyI2v7BAXXHSwo6UeES0n064fnYTr3JB0GArMcty6RD3E7xr64HNzzTE2+8cDxufNvU0tq2Z72oZ9cAReHUL5P6mLfORI+AhtCHrXGJch/F07ZX9h8UFpzok8NK5++Q7lHKuezTYRRPlDL5hDB3BUpBwvILdqujcbNil04cuLRBNT/WgqRXEBRjlHLgZaLChFV2VSJ9Z1Uke2lfm5X2O0XPQLhjMSiuvr4HwIDAQABMAoGCCqGSM49BAMDA2YAMGMCLxHSQAYP2EsuIpR4TzDDSIlsw4BBsD7W0ZfH91v9J0j5UWQJD/
yNjMtyA2Qlkq/0AjB+SJQbLgycNJH5SnR/X5wx26/62ln9s0swUtlCYVtNzyEQ3YRHSZbmTbh16RUT7Ak=";
+
+#endif
+
+#if CHOICE==NIST521
+
+// ** CA is ECC 521 based - - for use with NIST521 build of library - assumes use of SHA512 in Certs
+// ECC 521 Self-Signed CA Cert
+char ca_b64[]="MIIC+TCCAlqgAwIBAgIJAKlppiHsRpY8MAoGCCqGSM49BAMEMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTEyMDExMzE5MjZaFw0yMDExMzAxMzE5MjZaMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKUj6Qa4Vr1vyango8XHlLIIEzY9IVppdpGUrMlNfo0Spu+AXGhnluwJTZXOYLi8jSIPEAL7vuwS5H6uPPIz1QWXALRETVYAQfK0pIfPHq+edTHVTXMcAUpdNla2d4LwYO7HpkSQFHd7aaDN3yVhSL2J0LBLgy0wGkEHuyK1O2r0xNu6o1AwTjAdBgNVHQ4EFgQU966PLshKffU/NRCivMmNq8RiRkAwHwYDVR0jBBgwFoAU966PLshKffU/NRCivMmNq8RiRkAwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgHkLczeTWXq5BfY0bsTOSNU8bYy39OhiQ8wr5rlXY0zOg0fDyokueL4dhkXp8FjbIyUfQBY5OMxjtcn2p+cXU+6MwJCAci61REgxZvjpf1X8pGeSsOKa7GhfsfVnbQm+LQmjVmhMHbVRk
Q4h93CENN4MH/86XNozO9USh+ydTislAcXvCb0";
+// an ECC 521 CA-signed cert
+char cert_b64[]="MIICZjCCAccCAQMwCgYIKoZIzj0EAwQwgZQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECwwETGFiczEPMA0GA1UEAwwGbXNjb3R0MR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTIwMTEzMjkxN1oXDTE3MTEzMDEzMjkxN1owYTELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGlWb3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAAva/N4kP2LMSGJZ5tvULlfdNx2M/+xYeCrQkuFmY8sG+mdcUAaSx819fztn2jz1nfdTJnuj79AhfUOL8hlTW14BwErp3DnqWa7Y/rpSJP+AsnJ2bZg4yGUDfVy/Q0AQychSzJm2oGRfdliyBIc+2SoQJ/Rf0ZVKVJ5FfRbWUUiKqYUqjAKBggqhkjOPQQDBAOBjAAwgYgCQgFE1Y7d9aBdxpZqROtkdVNG8XBCTSlMX0fISWkSM8ZEiQfYf7YgXzLjk8wHnv04Mv6kmAuV0V1AHs2M0/753CYEfAJCAPZo801McsGe+3jYALrFFw9Wj7KQC/sFEJ7/I+PYyJtrlfTTqmV0IFKdJzjEsk7ic+Gd4Nbs6kIe1GyYbrcyC4wT";
+
+#endif
+
+char io[5000];
+octet IO= {0,sizeof(io),io};
+
+#define MAXMODBYTES 72
+#define MAXFFLEN 16
+
+char sig[MAXMODBYTES*MAXFFLEN];
+octet SIG= {0,sizeof(sig),sig};
+
+char r[MAXMODBYTES];
+octet R= {0,sizeof(r),r};
+
+char s[MAXMODBYTES];
+octet S= {0,sizeof(s),s};
+
+char cakey[MAXMODBYTES*MAXFFLEN];
+octet CAKEY= {0,sizeof(cakey),cakey};
+
+char certkey[MAXMODBYTES*MAXFFLEN];
+octet CERTKEY= {0,sizeof(certkey),certkey};
+
+char h[5000];
+octet H= {0,sizeof(h),h};
+
+char hh[5000];
+octet HH= {0,sizeof(hh),hh};
+
+char hp[RFS];
+octet HP= {0,sizeof(hp),hp};
+
+
+int main()
+{
+ int res,len,sha;
+ int c,ic;
+ rsa_public_key PK;
+ pktype st,ca,pt;
+
+ printf("First check signature on self-signed cert and extract CA public key\n");
+ OCT_frombase64(&IO,ca_b64);
+ printf("CA Self-Signed Cert= \n");
+ OCT_output(&IO);
+ printf("\n");
+
+ st=X509_extract_cert_sig(&IO,&SIG); // returns signature type
+
+ if (st.type==0)
+ {
+ printf("Unable to extract cert signature\n");
+ return 0;
+ }
+
+ if (st.type==ECC)
+ {
+ OCT_chop(&SIG,&S,SIG.len/2);
+ OCT_copy(&R,&SIG);
+ printf("ECC SIG= \n");
+ OCT_output(&R);
+ OCT_output(&S);
+ printf("\n");
+ }
+
+ if (st.type==RSA)
+ {
+ printf("RSA SIG= \n");
+ OCT_output(&SIG);
+ printf("\n");
+ }
+
+ if (st.hash==H256) printf("Hashed with SHA256\n");
+ if (st.hash==H384) printf("Hashed with SHA384\n");
+ if (st.hash==H512) printf("Hashed with SHA512\n");
+
+// Extract Cert from signed Cert
+
+ c=X509_extract_cert(&IO,&H);
+
+ printf("\nCert= \n");
+ OCT_output(&H);
+ printf("\n");
+
+// show some details
+ printf("Issuer Details\n");
+ ic=X509_find_issuer(&H);
+ c=X509_find_entity_property(&H,&ON,ic,&len);
+ print_out("owner=",&H,c,len);
+ c=X509_find_entity_property(&H,&CN,ic,&len);
+ print_out("country=",&H,c,len);
+ c=X509_find_entity_property(&H,&EN,ic,&len);
+ print_out("email=",&H,c,len);
+ printf("\n");
+
+ ca=X509_extract_public_key(&H,&CAKEY);
+
+ if (ca.type==0)
+ {
+ printf("Not supported by library\n");
+ return 0;
+ }
+ if (ca.type!=st.type)
+ {
+ printf("Not self-signed\n");
+ }
+
+ if (ca.type==ECC)
+ {
+ printf("EXTRACTED ECC PUBLIC KEY= \n");
+ OCT_output(&CAKEY);
+ }
+ if (ca.type==RSA)
+ {
+ printf("EXTRACTED RSA PUBLIC KEY= \n");
+ OCT_output(&CAKEY);
+ }
+ printf("\n");
+
+// Cert is self-signed - so check signature
+
+ printf("Checking Self-Signed Signature\n");
+ if (ca.type==ECC)
+ {
+ if (ca.curve!=CHOICE)
+ {
+ printf("Curve is not supported\n");
+ return 0;
+ }
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
+ if (res!=0)
+ {
+ printf("ECP Public Key is invalid!\n");
+ return 0;
+ }
+ else printf("ECP Public Key is Valid\n");
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+
+ if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
+ {
+ printf("***ECDSA Verification Failed\n");
+ return 0;
+ }
+ else
+ printf("ECDSA Signature/Verification succeeded \n");
+ }
+
+ if (ca.type==RSA)
+ {
+ PK.e=65537; // assuming this!
+ FF_fromOctet(PK.n,&CAKEY,FFLEN);
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+ PKCS15(sha,&H,&HP);
+
+ RSA_ENCRYPT(&PK,&SIG,&HH);
+
+ if (OCT_comp(&HP,&HH))
+ printf("RSA Signature/Verification succeeded \n");
+ else
+ {
+ printf("***RSA Verification Failed\n");
+ return 0;
+ }
+ }
+
+ printf("\nNext check CA signature on cert, and extract public key\n");
+
+ OCT_frombase64(&IO,cert_b64);
+ printf("Example Cert= \n");
+ OCT_output(&IO);
+ printf("\n");
+
+ st=X509_extract_cert_sig(&IO,&SIG);
+
+ if (st.type==0)
+ {
+ printf("Unable to check cert signature\n");
+ return 0;
+ }
+
+ if (st.type==ECC)
+ {
+ OCT_chop(&SIG,&S,SIG.len/2);
+ OCT_copy(&R,&SIG);
+ printf("SIG= \n");
+ OCT_output(&R);
+
+ OCT_output(&S);
+
+ printf("\n");
+ }
+
+ if (st.type==RSA)
+ {
+ printf("SIG= \n");
+ OCT_output(&SIG);
+ printf("\n");
+ }
+
+ c=X509_extract_cert(&IO,&H);
+
+ printf("Cert= \n");
+ OCT_output(&H);
+ printf("\n");
+
+ printf("Subject Details\n");
+ ic=X509_find_subject(&H);
+ c=X509_find_entity_property(&H,&ON,ic,&len);
+ print_out("owner=",&H,c,len);
+ c=X509_find_entity_property(&H,&CN,ic,&len);
+ print_out("country=",&H,c,len);
+ c=X509_find_entity_property(&H,&EN,ic,&len);
+ print_out("email=",&H,c,len);
+ printf("\n");
+
+ ic=X509_find_validity(&H);
+ c=X509_find_start_date(&H,ic);
+ print_date("start date= ",&H,c);
+ c=X509_find_expiry_date(&H,ic);
+ print_date("expiry date=",&H,c);
+ printf("\n");
+
+ pt=X509_extract_public_key(&H,&CERTKEY);
+
+ if (pt.type==0)
+ {
+ printf("Not supported by library\n");
+ return 0;
+ }
+
+ if (pt.type==ECC)
+ {
+ printf("EXTRACTED ECC PUBLIC KEY= \n");
+ OCT_output(&CERTKEY);
+ }
+ if (pt.type==RSA)
+ {
+ printf("EXTRACTED RSA PUBLIC KEY= \n");
+ OCT_output(&CERTKEY);
+ }
+
+ printf("\n");
+
+ /* Check CA signature */
+
+ if (ca.type==ECC)
+ {
+ printf("Checking CA's ECC Signature on Cert\n");
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
+ if (res!=0)
+ printf("ECP Public Key is invalid!\n");
+ else printf("ECP Public Key is Valid\n");
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+
+ if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
+ printf("***ECDSA Verification Failed\n");
+ else
+ printf("ECDSA Signature/Verification succeeded \n");
+ }
+
+ if (ca.type==RSA)
+ {
+ printf("Checking CA's RSA Signature on Cert\n");
+ PK.e=65537; // assuming this!
+ FF_fromOctet(PK.n,&CAKEY,FFLEN);
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+ PKCS15(sha,&H,&HP);
+
+ RSA_ENCRYPT(&PK,&SIG,&HH);
+
+ if (OCT_comp(&HP,&HH))
+ printf("RSA Signature/Verification succeeded \n");
+ else
+ printf("***RSA Verification Failed\n");
+
+ }
+
+ return 0;
+}
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/x509.h
----------------------------------------------------------------------
diff --git a/version22/c/x509.h b/version22/c/x509.h
new file mode 100644
index 0000000..b0f0941
--- /dev/null
+++ b/version22/c/x509.h
@@ -0,0 +1,113 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL x509 header file */
+
+/**
+ * @file x509.h
+ * @author Mike Scott and Kealan McCusker
+ * @date 19th May 2015
+ * @brief X509 function Header File
+ *
+ * defines structures
+ * declares functions
+ *
+ */
+
+#ifndef X509_H
+#define X509_H
+
+/**
+ * @brief Public key type
+ */
+typedef struct
+{
+ int type; /**< signature type (ECC or RSA) */
+ int hash; /**< hash type */
+ int curve; /**< elliptic curve used */
+} pktype;
+
+
+/* X.509 functions */
+/** @brief Extract certificate signature
+ *
+ @param c an X.509 certificate
+ @param s the extracted signature
+ @return 0 on failure, or indicator of signature type (ECC or RSA)
+
+*/
+extern pktype X509_extract_cert_sig(octet *c,octet *s);
+/** @brief
+ *
+ @param sc a signed certificate
+ @param c the extracted certificate
+ @return 0 on failure
+*/
+extern int X509_extract_cert(octet *sc,octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param k the extracted key
+ @return 0 on failure, or indicator of public key type (ECC or RSA)
+*/
+extern pktype X509_extract_public_key(octet *c,octet *k);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @return 0 on failure, or pointer to issuer field in cert
+*/
+extern int X509_find_issuer(octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @return 0 on failure, or pointer to validity field in cert
+*/
+extern int X509_find_validity(octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @return 0 on failure, or pointer to subject field in cert
+*/
+extern int X509_find_subject(octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param S is OID of property we are looking for
+ @param s is a pointer to the section of interest in the cert
+ @param f is pointer to the length of the property
+ @return 0 on failure, or pointer to the property
+*/
+extern int X509_find_entity_property(octet *c,octet *S,int s,int *f);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param s is a pointer to the start of the validity field
+ @return 0 on failure, or pointer to the start date
+*/
+extern int X509_find_start_date(octet *c,int s);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param s is a pointer to the start of the validity field
+ @return 0 on failure, or pointer to the expiry date
+*/
+extern int X509_find_expiry_date(octet *c,int s);
+
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/check.cpp
----------------------------------------------------------------------
diff --git a/version22/check.cpp b/version22/check.cpp
new file mode 100644
index 0000000..f0a31d9
--- /dev/null
+++ b/version22/check.cpp
@@ -0,0 +1,100 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* Utility to recommend best choice for BASEBITS
+
+(MINGW build)
+
+g++ -O2 check.cpp big.cpp miracl.a -o check.exe */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "big.h"
+
+using namespace std;
+
+Miracl precision=20;
+
+int main(int argc, char *argv[])
+{
+ int p,w,b,n,s,t,e,ex;
+ Big lhs,rhs;
+
+ argc--; argv++;
+
+ if (argc!=2)
+ {
+ printf("Bad arguments\n");
+ printf("check wordlength modulus-length\n");
+ printf("Wordlength can be 16, 32 or 64 (or 26 for Javascript)\n");
+ printf("Example:\n");
+ printf("check 32 256\n");
+ printf("Outputs choices for BASEBITS, number of words per Big, and number of spare bits\n");
+ printf("Normally choose for minimum words per Big, and maximum spare bits\n");
+ printf("(But >= 12 spare bits is enough, and tidier if BASEBITS =0 mod 4) \n");
+ exit(0);
+ }
+
+ n=atoi(argv[0]);
+ p=atoi(argv[1]); // Number of bits in prime modulus
+
+ if (n!=16 && n!=26 && n!=32 && n!=64)
+ {
+ printf("wordlength must be 16, 32 or 64\n");
+ return 0;
+ }
+
+ rhs=pow((Big)2,2*n-1);
+ e=3; // need at least 3 bits to allow adds and subtracts without normalisation
+ if (n==26)
+ {
+ rhs*=2; // no sign bit to worry about in Javascript
+ e=1; // not an issue for Javascript
+ }
+
+ for (b=n-e;b>=n-8;b--)
+ {
+ if (n==64 && b%2!=0) continue; // insist on even values for 64-bit builds
+ w=p/b; if (p%b!=0) w++;
+ s=w*b-p;
+
+ lhs=(w+2)*pow((Big)2,2*b); // sum of products plus carry plus one for redc
+
+ if (lhs>=rhs) {printf("Stability violation for BASEBITS= %d\n",b); continue;}
+ ex=1;
+ while (lhs<rhs)
+ {
+ ex*=2; lhs*=2;
+ }
+ ex/=2;
+
+
+// Top bits of Modulus must appear in top word of representation. Also at least 4 bits spare needed for field excess.
+ if (s<4 || s>=b) {printf("Not enough Fp spare for BASEBITS= %d\n",b); continue;}
+// At least 2 spare bits needed for FF excess
+ t=b*(1+(p-1)/b) - 8*(1+(p-1)/8);
+ if (t<2 || t>=b) {printf("Not enough FF spare for BASEBITS= %d\n",b);}
+
+ printf("Solution for BASEBITS= %d, Words Per Big=%d, Fp spare bits= %d, FF spare bits= %d (%d)\n",b,w,s,t,ex);
+ //break;
+ }
+
+ return 0;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/cs/readme.txt
----------------------------------------------------------------------
diff --git a/version22/cs/readme.txt b/version22/cs/readme.txt
new file mode 100644
index 0000000..de1039d
--- /dev/null
+++ b/version22/cs/readme.txt
@@ -0,0 +1,36 @@
+AMCL is very simple to build for C#.
+
+NOTE: The C# code is automatically generated from the Java code using
+the Java to C# Converter from Tangible Software Solutions. We noted a few minor
+fix-ups that were required when we tried the current version of the Converter.
+
+
+** In HASH384.cs and HASH512.cs change long to ulong. Remove castes in S() and R(). Add (ulong) caste
+in process()
+** Comment out debug "main" programs in files other than Test***.cs
+** In BIG.cs function mod() change "checked" to "unchecked"
+** In BIG.cs in modmul() change BIG.mod(m);BIG.mod(m) to a.mod(m);b.mod(m). Same in modsqr() and modneg()
+** In BIG.cs in jacobi() change BIG.mod(p) to x.mod(p) and BIG.mod(m) to t.mod(m)
+** In TestMPIN.java change line Scanner ...; pin=scan.next(); to pin = int.Parse(Console.ReadLine());
+
+
+Three example API files will be generated, MPIN.cs which
+supports our M-Pin (tm) protocol, ECDH.cs which supports elliptic
+curve key exchange, digital signature and public key crypto, and RSA.cs
+which supports the RSA method.
+
+In the ROM.cs file you must provide the curve constants for the curve you want to use.
+Several examples are provided in the Java code, if you are willing to convert and use one of these.
+
+When the translation is complete, for a quick jumpstart:-
+
+csc TestMPIN.cs MPIN.cs FP.cs BIG.cs DBIG.cs AES.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs FP2.cs ECP2.cs FP4.cs FP12.cs PAIR.cs RectangularArrays.cs
+
+or
+
+csc TestECDH.cs ECDH.cs FP.cs BIG.cs DBIG.cs AES.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs
+
+or
+
+csc TestRSA.cs RSA.cs FF.cs BIG.cs DBIG.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/ecgen.cpp
----------------------------------------------------------------------
diff --git a/version22/ecgen.cpp b/version22/ecgen.cpp
new file mode 100644
index 0000000..8abf112
--- /dev/null
+++ b/version22/ecgen.cpp
@@ -0,0 +1,125 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* ECGEN - Helper MIRACL program to generate constants for EC curves
+
+(MINGW build)
+
+g++ -O3 ecgen.cpp ecn.cpp big.cpp miracl.a -o ecgen.exe
+
+
+*/
+
+#include <iostream>
+#include "big.h"
+#include "zzn2.h"
+#include "ecn2.h"
+
+using namespace std;
+
+Miracl precision(20,0);
+
+Big output(int chunk,int w,Big t,Big m)
+{
+ Big last,y=t;
+
+ cout << "{";
+ for (int i=0;i<w;i++)
+ {
+ last=y%m;
+ cout << "0x" << last;
+ y/=m;
+ if (i==w-1) break;
+ if (chunk==64) cout << "L,";
+ else cout << ",";
+ }
+
+ if (chunk==64) cout << "L}";
+ else cout << "}";
+ return last;
+}
+
+#define NOT_SPECIAL 0
+#define PSEUDO_MERSENNE 1
+#define GENERALISED_MERSENNE 2
+#define MONTGOMERY_FRIENDLY 3
+
+#define WEIERSTRASS 0
+#define EDWARDS 1
+#define MONTGOMERY 2
+
+/*** Set Modulus and Curve Type Here ***/
+
+/* Fill in this bit.... */
+
+#define CHUNK 64 /* processor word size */
+#define MBITS 336 /* Modulus size in bits */
+
+/* This next from output of check.cpp program */
+#define BASEBITS 60
+
+#define WORDS (1+((MBITS-1)/BASEBITS))
+#define MODTYPE PSEUDO_MERSENNE
+#define CURVETYPE EDWARDS
+#define CURVE_A 1 // like A parameter in CURVE: y^2=x^3+Ax+B
+
+/* .....to here */
+
+
+int main()
+{
+ miracl *mip=&precision;
+ Big p,q,R,B;
+ Big m,x,y,w,t,c,n,r,a,b,gx,gy,D,C,MC;
+ int i,A;
+
+
+/* Fill in this bit... */
+
+ p=pow((Big)2,MBITS)-3; // Modulus
+ mip->IOBASE=16;
+ r=(char *)"200000000000000000000000000000000000000000071415FA9850C0BD6B87F93BAA7B2F95973E9FA805"; // Group Order
+ B=11111; // B parameter of elliptic curve
+ gx=(char *)"C"; // generator point
+ gy=(char *)"C0DC616B56502E18E1C161D007853D1B14B46C3811C7EF435B6DB5D5650CA0365DB12BEC68505FE8632";
+
+/* .....to here */
+
+ cout << "MOD8 = " << p%8 << endl;
+
+ m=pow((Big)2,BASEBITS);
+
+ cout << "Modulus="; MC=output(CHUNK,WORDS,p,m); cout << ";" << endl;
+
+#if MODTYPE==NOT_SPECIAL
+ cout << "MConst=0x" << inverse(m-p%m,m) << ";" << endl;
+#endif
+#if MODTYPE==MONTGOMERY_FRIENDLY
+ cout << "MConst=0x" << MC+1 << ";" << endl;
+#endif
+#if MODTYPE==PSEUDO_MERSENNE
+ cout << "MConst=0x" << pow((Big)2,MBITS)-p << ";" << endl;
+#endif
+
+ cout << "Order="; output(CHUNK,WORDS,r,m); cout << ";" << endl;
+ cout << "CURVE_B="; output(CHUNK,WORDS,B,m); cout << ";" << endl;
+ cout << "CURVE_Gx="; output(CHUNK,WORDS,gx,m); cout << ";" << endl;
+ cout << "CURVE_Gy="; output(CHUNK,WORDS,gy,m); cout << ";" << endl;
+
+}