You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:12 UTC
[07/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS461.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BLS461.c b/version3/c/rom_field_BLS461.c
deleted file mode 100644
index c2e561a..0000000
--- a/version3/c/rom_field_BLS461.c
+++ /dev/null
@@ -1,31 +0,0 @@
-#include "arch.h"
-#include "fp_BLS461.h"
-
-/* Curve BLS461 - Pairing friendly BLS curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_464_28 Modulus_BLS461= {0xAAAAAAB,0xAC0000A,0x54AAAAA,0x5555,0x400020,0x91557F0,0xF26AA,0xFA5C1CC,0xB42A8DF,0x7B14848,0x8BACCA4,0x6F1E32D,0x4935FBD,0x55D6941,0xD5A555A,0x5545554,0x1555};
-const BIG_464_28 R2modp_BLS461= {0xC9B6A33,0x2ECD087,0x3CCB2B1,0xCD461FE,0x8CB5AB2,0xC5B9635,0x5312E92,0xB659F64,0x3B596FA,0x8679006,0xA92E2B3,0x3CE05E3,0x363550F,0x7C07A8E,0x382C083,0x6347FEA,0xBD};
-const chunk MConst_BLS461= 0xFFFFFFD;
-const BIG_464_28 Fra_BLS461= {0xB812A3A,0x7117BF9,0x99C400F,0xC6308A5,0x5BF8A1,0x510E075,0x45FA5A6,0xCE4858D,0x770B31A,0xBC2CB04,0xE2FC61E,0xD073588,0x4366190,0x4DFEFA8,0x69E55E2,0x504B7F,0x12E4};
-const BIG_464_28 Frb_BLS461= {0xF298071,0x3AE8410,0xBAE6A9B,0x39D4CAF,0xFE4077E,0x404777A,0xBAF8104,0x2C13C3E,0x3D1F5C5,0xBEE7D44,0xA8B0685,0x9EAADA4,0x5CFE2C,0x7D7999,0x6BBFF78,0x50409D5,0x271};
-
-#endif
-
-#if CHUNK==64
-// Base Bits=60
-const BIG_464_60 Modulus_BLS461= {0xAAC0000AAAAAAABL,0x20000555554AAAAL,0x6AA91557F004000L,0xA8DFFA5C1CC00F2L,0xACCA47B14848B42L,0x935FBD6F1E32D8BL,0xD5A555A55D69414L,0x15555545554L};
-const BIG_464_60 R2modp_BLS461= {0x96D08774614DDA8L,0xCD45F539225D5BDL,0xD712EB760C95AB1L,0xB3B687155F30B55L,0xC4E62A05C3F5B81L,0xBA1151676CA3CD0L,0x7EDD8A958F442BEL,0x12B89DD3F91L};
-const chunk MConst_BLS461= 0xC0005FFFFFFFDL;
-const BIG_464_60 Fra_BLS461= {0xF7117BF9B812A3AL,0xA1C6308A599C400L,0x5A6510E07505BF8L,0xB31ACE4858D45FAL,0xFC61EBC2CB04770L,0x366190D073588E2L,0x69E55E24DFEFA84L,0x12E40504B7FL};
-const BIG_464_60 Frb_BLS461= {0xB3AE8410F298071L,0x7E39D4CAFBAE6A9L,0x104404777AFE407L,0xF5C52C13C3EBAF8L,0xB0685BEE7D443D1L,0x5CFE2C9EAADA4A8L,0x6BBFF7807D79990L,0x27150409D5L};
-
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BLS48.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BLS48.c b/version3/c/rom_field_BLS48.c
deleted file mode 100644
index 5bf4488..0000000
--- a/version3/c/rom_field_BLS48.c
+++ /dev/null
@@ -1,32 +0,0 @@
-#include "arch.h"
-#include "fp_BLS48.h"
-
-/* Curve BLS48 - Pairing friendly BLS48 curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-// Base Bits= 29
-const BIG_560_29 Modulus_BLS48= {0x1CF6AC0B,0x17B7307F,0x19877E7B,0x12CE0134,0x14228402,0x1BD4C386,0x1DACBB04,0x40410D0,0x25A415,0x980B53E,0xDE6E250,0x15D9AAD6,0x5DA950,0x1029B7A,0x54AB351,0x14AD90CE,0x3729047,0x1FE7E2D9,0x145F610B,0x1F};
-const BIG_560_29 R2modp_BLS48= {0xD59D0FA,0x12F01FD0,0xDE8FD41,0x35AAEE1,0xB937F48,0x50700E8,0x1F50EFCE,0x1019B13C,0x3470A2F,0x11094115,0xF9FB72D,0x6AD10E2,0x1CFD9F8,0x44F4785,0x2B48793,0x1148ED3,0xF609E61,0x1EE34BC7,0x1735D29E,0x0};
-const chunk MConst_BLS48= 0x9DA805D;
-const BIG_560_29 Fra_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5};
-const BIG_560_29 Frb_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5};
-
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 58
-const BIG_560_58 Modulus_BLS48= {0x2F6E60FFCF6AC0BL,0x259C02699877E7BL,0x37A9870D4228402L,0x80821A1DACBB04L,0x13016A7C025A415L,0x2BB355ACDE6E250L,0x20536F405DA950L,0x295B219C54AB351L,0x3FCFC5B23729047L,0x3F45F610BL};
-const BIG_560_58 R2modp_BLS48= {0x25E03FA0D59D0FAL,0x6B55DC2DE8FD41L,0xA0E01D0B937F48L,0x20336279F50EFCEL,0x2212822A3470A2FL,0xD5A21C4F9FB72DL,0x89E8F0A1CFD9F8L,0x2291DA62B48793L,0x3DC6978EF609E61L,0x1735D29EL};
-const chunk MConst_BLS48= 0x21BFCBCA9DA805DL;
-const BIG_560_58 Fra_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL};
-const BIG_560_58 Frb_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL};
-
-#endif
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BN254.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BN254.c b/version3/c/rom_field_BN254.c
deleted file mode 100644
index c244a87..0000000
--- a/version3/c/rom_field_BN254.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include "arch.h"
-#include "fp_BN254.h"
-
-/* Curve BN254 - Pairing friendly BN curve */
-
-/* Nogami's fast curve */
-
-#if CHUNK==16
-
-// Base Bits= 13
-const BIG_256_13 Modulus_BN254= {0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG_256_13 R2modp_BN254= {0xF32,0x239,0x14DC,0xCE8,0x928,0x11B6,0x130F,0x1183,0x56E,0x1AEE,0x124F,0xD2A,0x7F8,0x1CE6,0x1B50,0x77C,0x3A,0x1A9E,0x1EFD,0x1C};
-const chunk MConst_BN254= 0x15E5;
-const BIG_256_13 Fra_BN254= {0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36};
-const BIG_256_13 Frb_BN254= {0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13};
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_BN254= {0x13,0x0,0x13A7,0x0,0x86121,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2};
-const BIG_256_28 R2modp_BN254= {0xF5E7E39,0x2F2A96F,0xB96F13C,0x64E8642,0xC7146,0x9926F7B,0x4DACD24,0x8321E7B,0xD127A2E,0x1};
-const chunk MConst_BN254= 0x79435E5;
-const BIG_256_28 Fra_BN254= {0xF2A6DE9,0x7DE6C06,0xF77C2E1,0x74924D3,0x53F8509,0x50A8469,0xCB6499B,0x212E7C8,0xB377619,0x1};
-const BIG_256_28 Frb_BN254= {0xD5922A,0x82193F9,0x8850C5,0x8B6DB2C,0xAC8DC17,0x2F57B96,0x503EAB2,0x1ED1837,0x9EBEE69,0x0};
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_BN254= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-const BIG_256_56 R2modp_BN254= {0x2F2A96FF5E7E39L,0x64E8642B96F13CL,0x9926F7B00C7146L,0x8321E7B4DACD24L,0x1D127A2EL};
-const chunk MConst_BN254= 0x435E50D79435E5L;
-const BIG_256_56 Fra_BN254= {0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L};
-const BIG_256_56 Frb_BN254= {0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BN254CX.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BN254CX.c b/version3/c/rom_field_BN254CX.c
deleted file mode 100644
index 1209f0c..0000000
--- a/version3/c/rom_field_BN254CX.c
+++ /dev/null
@@ -1,38 +0,0 @@
-#include "arch.h"
-#include "fp_BN254CX.h"
-
-/* Curve BN254CX - Pairing friendly BN curve */
-
-/* CertiVox BN curve/field */
-
-#if CHUNK==16
-
-// Base Bits= 13
-const BIG_256_13 Modulus_BN254CX= {0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG_256_13 R2modp_BN254CX= {0x1527,0x146B,0x12A7,0x1A60,0x1E0A,0x1382,0x2BC,0x1D3F,0xB30,0xA8,0xD19,0x11AB,0x1D40,0x1965,0xD6D,0x643,0x10FF,0x1BC7,0x1E61,0x31};
-const chunk MConst_BN254CX= 0x1E85;
-const BIG_256_13 Fra_BN254CX= {0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26};
-const BIG_256_13 Frb_BN254CX= {0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21};
-
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_BN254CX= {0xC1B55B3,0x6623EF5,0x93EE1BE,0xD6EE180,0x6D3243F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2};
-const BIG_256_28 R2modp_BN254CX= {0x8A0800A,0x466A061,0x43056A3,0x2B3A225,0x9C6600,0x148515B,0x6BDF50,0xEC9EA56,0xC992E66,0x1};
-const chunk MConst_BN254CX= 0x9789E85;
-const BIG_256_28 Fra_BN254CX= {0x5C80EA3,0xD908335,0x3F8215B,0x7326F17,0x8986867,0x8AACA71,0x4AFE18B,0xA63A016,0x359082F,0x1};
-const BIG_256_28 Frb_BN254CX= {0x6534710,0x8D1BBC0,0x546C062,0x63C7269,0xE3ABBD8,0xD9CDBC4,0x900DC53,0x623628A,0xA6F7D0,0x1};
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_BN254CX= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
-const BIG_256_56 R2modp_BN254CX= {0x466A0618A0800AL,0x2B3A22543056A3L,0x148515B09C6600L,0xEC9EA5606BDF50L,0x1C992E66L};
-const chunk MConst_BN254CX= 0x4E205BF9789E85L;
-const BIG_256_56 Fra_BN254CX= {0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL};
-const BIG_256_56 Frb_BN254CX= {0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L};
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_BRAINPOOL.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_BRAINPOOL.c b/version3/c/rom_field_BRAINPOOL.c
deleted file mode 100644
index bc73330..0000000
--- a/version3/c/rom_field_BRAINPOOL.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_BRAINPOOL.h"
-
-/* Brainpool Modulus */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_BRAINPOOL= {0xF6E5377,0x13481D1,0x6202820,0xF623D52,0xD726E3B,0x909D838,0xC3E660A,0xA1EEA9B,0x9FB57DB,0xA};
-const BIG_256_28 R2modp_BRAINPOOL= {0xB9A3787,0x9E04F49,0x8F3CF49,0x2931721,0xF1DBC89,0x54E8C3C,0xF7559CA,0xBB411A3,0x773E15F,0x9};
-const chunk MConst_BRAINPOOL= 0xEFD89B9;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_BRAINPOOL= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-const BIG_256_56 R2modp_BRAINPOOL= {0x9E04F49B9A3787L,0x29317218F3CF49L,0x54E8C3CF1DBC89L,0xBB411A3F7559CAL,0x9773E15FL};
-const chunk MConst_BRAINPOOL= 0xA75590CEFD89B9L;
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_C41417.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_C41417.c b/version3/c/rom_field_C41417.c
deleted file mode 100644
index e28f42c..0000000
--- a/version3/c/rom_field_C41417.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_C41417.h"
-
-/* Curve C41417 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_416_29 Modulus_C41417= {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF};
-const BIG_416_29 R2modp_C41417= {0x0,0x242000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_C41417= 0x11;
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-const BIG_416_60 Modulus_C41417= {0xFFFFFFFFFFFFFEFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFL};
-const BIG_416_60 R2modp_C41417= {0x121000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_C41417= 0x11L;
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_FP256BN.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_FP256BN.c b/version3/c/rom_field_FP256BN.c
deleted file mode 100644
index 8174955..0000000
--- a/version3/c/rom_field_FP256BN.c
+++ /dev/null
@@ -1,36 +0,0 @@
-#include "arch.h"
-#include "fp_FP256BN.h"
-
-/* Curve FP256BN - Pairing friendly BN curve */
-
-/* ISO fast curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-
-const BIG_256_28 Modulus_FP256BN= {0xED33013,0x292DDBA,0x80A82D3,0x65FB129,0x49F0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF};
-const BIG_256_28 R2modp_FP256BN= {0x3B9F8B,0xEDE3363,0xFEC54E8,0x92FFEE9,0x3C55F79,0x13C1C06,0xC0123FA,0xA12F2EA,0xE559B2A,0x8};
-const chunk MConst_FP256BN= 0x537E5E5;
-const BIG_256_28 Fra_FP256BN= {0xF943106,0x760328A,0xAB28F74,0x71511E3,0x7CF39A1,0x8DDB086,0x52D1A6E,0xCA786F3,0xD617662,0x3};
-const BIG_256_28 Frb_FP256BN= {0xF3EFF0D,0xB32AB2F,0xD57F35E,0xF4A9F45,0xCCFD33A,0xD113693,0x819CB83,0x3584819,0x29E899D,0xC};
-
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_256_56 Modulus_FP256BN= {0x292DDBAED33013L,0x65FB12980A82D3L,0x5EEE71A49F0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL};
-const BIG_256_56 R2modp_FP256BN= {0xEDE336303B9F8BL,0x92FFEE9FEC54E8L,0x13C1C063C55F79L,0xA12F2EAC0123FAL,0x8E559B2AL};
-const chunk MConst_FP256BN= 0x6C964E0537E5E5L;
-const BIG_256_56 Fra_FP256BN= {0x760328AF943106L,0x71511E3AB28F74L,0x8DDB0867CF39A1L,0xCA786F352D1A6EL,0x3D617662L};
-const BIG_256_56 Frb_FP256BN= {0xB32AB2FF3EFF0DL,0xF4A9F45D57F35EL,0xD113693CCFD33AL,0x3584819819CB83L,0xC29E899DL};
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_FP512BN.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_FP512BN.c b/version3/c/rom_field_FP512BN.c
deleted file mode 100644
index e88f66a..0000000
--- a/version3/c/rom_field_FP512BN.c
+++ /dev/null
@@ -1,38 +0,0 @@
-#include "arch.h"
-#include "fp_FP512BN.h"
-
-/* Curve FP512BN - Pairing friendly BN curve */
-
-/* ISO fast curve */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-
-const BIG_512_29 Modulus_FP512BN= {0x2ADEF33,0x7594049,0x131919ED,0x14AB9CBE,0x16FE1916,0x12EF5591,0x2E39231,0x3D597D3,0x55146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
-const BIG_512_29 R2modp_FP512BN= {0xFD68B47,0xFCF5D2C,0x437675A,0x1BBC3FBF,0x1411E413,0x13453559,0x10B5639,0x1C34CE79,0x6D476BF,0xFD05F2B,0x15D17C28,0x6C9F76E,0x1C2375B3,0x78CCE9B,0x15F0AB33,0x1960F32E,0x1A8D44E,0x57A38};
-const chunk MConst_FP512BN= 0x1CCC5C05;
-const BIG_512_29 Fra_FP512BN= {0x14B73AB2,0x4B0BD8F,0xABB47D,0x2A29EC4,0x18681E17,0x104069DE,0x12EED67D,0x1553D0A5,0x398E9F8,0x7971034,0xAC9AF23,0x52DEF23,0x14EA18A5,0x1463E345,0x6DE465A,0x17F212B4,0x1AA9CF5B,0xF7B8};
-const BIG_512_29 Frb_FP512BN= {0xDF6B481,0x2A882B9,0x126D6570,0x1208FDFA,0x1E95FAFF,0x2AEEBB2,0xFF4BBB4,0xE81C72D,0x1B85CD6,0xF67746,0x56549CD,0xC68B6EC,0x776A178,0x8925C3B,0x1921B9A5,0x80DED4B,0x55630A4,0x70847};
-
-
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-
-const BIG_512_60 Modulus_FP512BN= {0x4EB280922ADEF33L,0x6A55CE5F4C6467BL,0xC65DEAB236FE191L,0xCF1EACBE98B8E48L,0x3C111B0EF455146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_512_60 R2modp_FP512BN= {0x1FA6DCEF99812E9L,0xAB3452895A0B74EL,0xC53EA988C079E1EL,0x1E90E033BA630B9L,0xF1EA41C0714D8B0L,0xE72785387509E28L,0xD86794F834DAB00L,0x9757C2ACCD342A1L,0x44ECB079L};
-const chunk MConst_FP512BN= 0x692A189FCCC5C05L;
-const BIG_512_60 Fra_FP512BN= {0x49617B1F4B73AB2L,0x71514F6202AED1FL,0xF6080D3BD8681E1L,0xF8AA9E852CBBB59L,0xC8CF2E2068398E9L,0x8A5296F791AB26BL,0x196A8C7C68B4EA1L,0xCF5BBF9095A1B79L,0x1EF71AA9L};
-const BIG_512_60 Frb_FP512BN= {0x5510572DF6B481L,0xF9047EFD49B595CL,0xD055DD765E95FAFL,0xD6740E396BFD2EEL,0x7341ECEE8C1B85CL,0x1786345B7615952L,0xE695124B876776AL,0x30A4406F6A5E486L,0xE108E556L};
-
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_GOLDILOCKS.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_GOLDILOCKS.c b/version3/c/rom_field_GOLDILOCKS.c
deleted file mode 100644
index 2a1785e..0000000
--- a/version3/c/rom_field_GOLDILOCKS.c
+++ /dev/null
@@ -1,30 +0,0 @@
-#include "arch.h"
-#include "fp_GOLDILOCKS.h"
-
-/* Curve GOLDILOCKS */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-
-// Base Bits= 29
-const BIG_448_29 Modulus_GOLDILOCKS= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
-const BIG_448_29 R2modp_GOLDILOCKS= {0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0,0x3000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_GOLDILOCKS= 0x1;
-
-#endif
-
-#if CHUNK==64
-// Base Bits= 58
-const BIG_448_58 Modulus_GOLDILOCKS= {0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FBFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFL};
-const BIG_448_58 R2modp_GOLDILOCKS= {0x200000000L,0x0L,0x0L,0x0L,0x3000000L,0x0L,0x0L,0x0L};
-const chunk MConst_GOLDILOCKS= 0x1L;
-
-
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_HIFIVE.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_HIFIVE.c b/version3/c/rom_field_HIFIVE.c
deleted file mode 100644
index 097dcec..0000000
--- a/version3/c/rom_field_HIFIVE.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "arch.h"
-#include "fp_HIFIVE.h"
-
-/* Curve HIFIVE */
-
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_336_29 Modulus_HIFIVE= {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF};
-const BIG_336_29 R2modp_HIFIVE= {0x9000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_HIFIVE= 0x3;
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-const BIG_336_60 Modulus_HIFIVE= {0xFFFFFFFFFFFFFFDL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFL};
-const BIG_336_60 R2modp_HIFIVE= {0x9000000000000L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_HIFIVE= 0x3L;
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST256.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_NIST256.c b/version3/c/rom_field_NIST256.c
deleted file mode 100644
index b5a7187..0000000
--- a/version3/c/rom_field_NIST256.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "arch.h"
-#include "fp_NIST256.h"
-
-/* Curve NIST256 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_NIST256= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFF,0x0,0x0,0x1000000,0x0,0xFFFFFFF,0xF};
-const BIG_256_28 R2modp_NIST256= {0x50000,0x300000,0x0,0x0,0xFFFFFFA,0xFFFFFBF,0xFFFFEFF,0xFFFAFFF,0x2FFFF,0x0};
-const chunk MConst_NIST256= 0x1;
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 56
-const BIG_256_56 Modulus_NIST256= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL};
-const BIG_256_56 R2modp_NIST256= {0x3000000050000L,0x0L,0xFFFFFBFFFFFFFAL,0xFFFAFFFFFFFEFFL,0x2FFFFL};
-const chunk MConst_NIST256= 0x1L;
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST384.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_NIST384.c b/version3/c/rom_field_NIST384.c
deleted file mode 100644
index a739ae3..0000000
--- a/version3/c/rom_field_NIST384.c
+++ /dev/null
@@ -1,27 +0,0 @@
-#include "arch.h"
-#include "fp_NIST384.h"
-
-/* Curve NIST384 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 29
-const BIG_384_29 Modulus_NIST384= {0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
-const BIG_384_29 R2modp_NIST384= {0x0,0x8000,0x1FF80000,0x1FFFFF,0x2000000,0x0,0x0,0x1FFFFFFC,0xF,0x100,0x400,0x0,0x0,0x0};
-const chunk MConst_NIST384= 0x1;
-#endif
-
-#if CHUNK==64
-// Base Bits= 56
-const BIG_384_56 Modulus_NIST384= {0xFFFFFFFFL,0xFFFF0000000000L,0xFFFFFFFFFEFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
-const BIG_384_56 R2modp_NIST384= {0xFE000000010000L,0xFFFFFFL,0x2L,0xFFFFFFFE00L,0x1000000020000L,0x0L,0x0L};
-const chunk MConst_NIST384= 0x100000001L;
-
-#endif
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_NIST521.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_NIST521.c b/version3/c/rom_field_NIST521.c
deleted file mode 100644
index 048f9ac..0000000
--- a/version3/c/rom_field_NIST521.c
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "arch.h"
-#include "fp_NIST521.h"
-
-/* Curve NIST521 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_528_28 Modulus_NIST521= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
-const BIG_528_28 R2modp_NIST521= {0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_NIST521= 0x1;
-#endif
-
-#if CHUNK==64
-// Base Bits= 60
-const BIG_528_60 Modulus_NIST521= {0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL};
-const BIG_528_60 R2modp_NIST521= {0x4000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
-const chunk MConst_NIST521= 0x1L;
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rom_field_SECP256K1.c
----------------------------------------------------------------------
diff --git a/version3/c/rom_field_SECP256K1.c b/version3/c/rom_field_SECP256K1.c
deleted file mode 100644
index 4f80178..0000000
--- a/version3/c/rom_field_SECP256K1.c
+++ /dev/null
@@ -1,28 +0,0 @@
-#include "arch.h"
-#include "fp_SECP256K1.h"
-
-/* Curve SECP256K1 */
-
-#if CHUNK==16
-
-#error Not supported
-
-#endif
-
-#if CHUNK==32
-// Base Bits= 28
-const BIG_256_28 Modulus_SECP256K1= {0xFFFFC2F,0xFFFFFEF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF};
-const BIG_256_28 R2modp_SECP256K1= {0x0,0xA100000,0x2000E90,0x7A,0x1,0x0,0x0,0x0,0x0,0x0};
-const chunk MConst_SECP256K1= 0x2253531;
-
-#endif
-
-#if CHUNK==64
-
-// Base Bits= 56
-const BIG_256_56 Modulus_SECP256K1= {0xFFFFFEFFFFFC2FL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-const BIG_256_56 R2modp_SECP256K1= {0xA1000000000000L,0x7A2000E90L,0x1L,0x0L,0x0L};
-const chunk MConst_SECP256K1= 0x38091DD2253531L;
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa.c
----------------------------------------------------------------------
diff --git a/version3/c/rsa.c b/version3/c/rsa.c
deleted file mode 100644
index bbe41b2..0000000
--- a/version3/c/rsa.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "rsa_WWW.h"
-#include "rsa_support.h"
-
-/* generate an RSA key pair */
-void RSA_WWW_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key_WWW *PRIV,rsa_public_key_WWW *PUB,octet *P, octet* Q)
-{
- /* IEEE1363 A16.11/A16.12 more or less */
- BIG_XXX t[HFLEN_WWW],p1[HFLEN_WWW],q1[HFLEN_WWW];
-
- if (RNG!=NULL)
- {
-
- for (;;)
- {
-
- FF_WWW_random(PRIV->p,RNG,HFLEN_WWW);
- while (FF_WWW_lastbits(PRIV->p,2)!=3) FF_WWW_inc(PRIV->p,1,HFLEN_WWW);
- while (!FF_WWW_prime(PRIV->p,RNG,HFLEN_WWW))
- FF_WWW_inc(PRIV->p,4,HFLEN_WWW);
-
- FF_WWW_copy(p1,PRIV->p,HFLEN_WWW);
- FF_WWW_dec(p1,1,HFLEN_WWW);
-
- if (FF_WWW_cfactor(p1,e,HFLEN_WWW)) continue;
- break;
- }
-
- for (;;)
- {
- FF_WWW_random(PRIV->q,RNG,HFLEN_WWW);
- while (FF_WWW_lastbits(PRIV->q,2)!=3) FF_WWW_inc(PRIV->q,1,HFLEN_WWW);
- while (!FF_WWW_prime(PRIV->q,RNG,HFLEN_WWW))
- FF_WWW_inc(PRIV->q,4,HFLEN_WWW);
-
- FF_WWW_copy(q1,PRIV->q,HFLEN_WWW);
- FF_WWW_dec(q1,1,HFLEN_WWW);
- if (FF_WWW_cfactor(q1,e,HFLEN_WWW)) continue;
-
- break;
- }
-
- }
- else
- {
- FF_WWW_fromOctet(PRIV->p,P,HFLEN_WWW);
- FF_WWW_fromOctet(PRIV->q,Q,HFLEN_WWW);
-
- FF_WWW_copy(p1,PRIV->p,HFLEN_WWW);
- FF_WWW_dec(p1,1,HFLEN_WWW);
-
- FF_WWW_copy(q1,PRIV->q,HFLEN_WWW);
- FF_WWW_dec(q1,1,HFLEN_WWW);
- }
-
- FF_WWW_mul(PUB->n,PRIV->p,PRIV->q,HFLEN_WWW);
- PUB->e=e;
-
- FF_WWW_copy(t,p1,HFLEN_WWW);
- FF_WWW_shr(t,HFLEN_WWW);
- FF_WWW_init(PRIV->dp,e,HFLEN_WWW);
- FF_WWW_invmodp(PRIV->dp,PRIV->dp,t,HFLEN_WWW);
- if (FF_WWW_parity(PRIV->dp)==0) FF_WWW_add(PRIV->dp,PRIV->dp,t,HFLEN_WWW);
- FF_WWW_norm(PRIV->dp,HFLEN_WWW);
-
- FF_WWW_copy(t,q1,HFLEN_WWW);
- FF_WWW_shr(t,HFLEN_WWW);
- FF_WWW_init(PRIV->dq,e,HFLEN_WWW);
- FF_WWW_invmodp(PRIV->dq,PRIV->dq,t,HFLEN_WWW);
- if (FF_WWW_parity(PRIV->dq)==0) FF_WWW_add(PRIV->dq,PRIV->dq,t,HFLEN_WWW);
- FF_WWW_norm(PRIV->dq,HFLEN_WWW);
-
- FF_WWW_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN_WWW);
-
- return;
-}
-
-/* destroy the Private Key structure */
-void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV)
-{
- FF_WWW_zero(PRIV->p,HFLEN_WWW);
- FF_WWW_zero(PRIV->q,HFLEN_WWW);
- FF_WWW_zero(PRIV->dp,HFLEN_WWW);
- FF_WWW_zero(PRIV->dq,HFLEN_WWW);
- FF_WWW_zero(PRIV->c,HFLEN_WWW);
-}
-
-void RSA_WWW_fromOctet(BIG_XXX x[],octet *w)
-{
- FF_WWW_fromOctet(x,w,FFLEN_WWW);
-}
-
-/* RSA encryption with the public key */
-void RSA_WWW_ENCRYPT(rsa_public_key_WWW *PUB,octet *F,octet *G)
-{
- BIG_XXX f[FFLEN_WWW];
- FF_WWW_fromOctet(f,F,FFLEN_WWW);
-
- FF_WWW_power(f,f,PUB->e,PUB->n,FFLEN_WWW);
-
- FF_WWW_toOctet(G,f,FFLEN_WWW);
-}
-
-/* RSA decryption with the private key */
-void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F)
-{
- BIG_XXX g[FFLEN_WWW],t[FFLEN_WWW],jp[HFLEN_WWW],jq[HFLEN_WWW];
-
- FF_WWW_fromOctet(g,G,FFLEN_WWW);
-
- FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW);
- FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW);
-
- FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW);
- FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW);
-
-
- FF_WWW_zero(g,FFLEN_WWW);
- FF_WWW_copy(g,jp,HFLEN_WWW);
- FF_WWW_mod(jp,PRIV->q,HFLEN_WWW);
- if (FF_WWW_comp(jp,jq,HFLEN_WWW)>0)
- FF_WWW_add(jq,jq,PRIV->q,HFLEN_WWW);
- FF_WWW_sub(jq,jq,jp,HFLEN_WWW);
- FF_WWW_norm(jq,HFLEN_WWW);
-
- FF_WWW_mul(t,PRIV->c,jq,HFLEN_WWW);
- FF_WWW_dmod(jq,t,PRIV->q,HFLEN_WWW);
-
- FF_WWW_mul(t,jq,PRIV->p,HFLEN_WWW);
- FF_WWW_add(g,t,g,FFLEN_WWW);
- FF_WWW_norm(g,FFLEN_WWW);
-
- FF_WWW_toOctet(F,g,FFLEN_WWW);
-
- return;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa.h
----------------------------------------------------------------------
diff --git a/version3/c/rsa.h b/version3/c/rsa.h
deleted file mode 100644
index 4d4c3c1..0000000
--- a/version3/c/rsa.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file rsa.h
- * @author Mike Scott
- * @brief RSA Header file for implementation of RSA protocol
- *
- * declares functions
- *
- */
-
-#ifndef RSA_WWW_H
-#define RSA_WWW_H
-
-#include "ff_WWW.h"
-#include "rsa_support.h"
-
-/*** START OF USER CONFIGURABLE SECTION - ***/
-
-#define HASH_TYPE_RSA_WWW SHA256 /**< Chosen Hash algorithm */
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-#define RFS_WWW MODBYTES_XXX*FFLEN_WWW /**< RSA Public Key Size in bytes */
-
-
-/**
- @brief Integer Factorisation Public Key
-*/
-
-typedef struct
-{
- sign32 e; /**< RSA exponent (typically 65537) */
- BIG_XXX n[FFLEN_WWW]; /**< An array of BIGs to store public key */
-} rsa_public_key_WWW;
-
-/**
- @brief Integer Factorisation Private Key
-*/
-
-typedef struct
-{
- BIG_XXX p[FFLEN_WWW/2]; /**< secret prime p */
- BIG_XXX q[FFLEN_WWW/2]; /**< secret prime q */
- BIG_XXX dp[FFLEN_WWW/2]; /**< decrypting exponent mod (p-1) */
- BIG_XXX dq[FFLEN_WWW/2]; /**< decrypting exponent mod (q-1) */
- BIG_XXX c[FFLEN_WWW/2]; /**< 1/p mod q */
-} rsa_private_key_WWW;
-
-/* RSA Auxiliary Functions */
-
-/** @brief RSA Key Pair Generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param e the encryption exponent
- @param PRIV the output RSA private key
- @param PUB the output RSA public key
- @param P Input prime number. Used when R is equal to NULL for testing
- @param Q Inpuy prime number. Used when R is equal to NULL for testing
- */
-extern void RSA_WWW_KEY_PAIR(csprng *R,sign32 e,rsa_private_key_WWW* PRIV,rsa_public_key_WWW* PUB,octet *P, octet* Q);
-
-/** @brief RSA encryption of suitably padded plaintext
- *
- @param PUB the input RSA public key
- @param F is input padded message
- @param G is the output ciphertext
- */
-extern void RSA_WWW_ENCRYPT(rsa_public_key_WWW* PUB,octet *F,octet *G);
-/** @brief RSA decryption of ciphertext
- *
- @param PRIV the input RSA private key
- @param G is the input ciphertext
- @param F is output plaintext (requires unpadding)
-
- */
-extern void RSA_WWW_DECRYPT(rsa_private_key_WWW* PRIV,octet *G,octet *F);
-/** @brief Destroy an RSA private Key
- *
- @param PRIV the input RSA private key. Destroyed on output.
- */
-extern void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV);
-/** @brief Populates an RSA public key from an octet string
- *
- Creates RSA public key from big-endian base 256 form.
- @param x FF instance to be created from an octet string
- @param S input octet string
- */
-extern void RSA_WWW_fromOctet(BIG_XXX *x,octet *S);
-
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa_support.c
----------------------------------------------------------------------
diff --git a/version3/c/rsa_support.c b/version3/c/rsa_support.c
deleted file mode 100644
index a4cfdca..0000000
--- a/version3/c/rsa_support.c
+++ /dev/null
@@ -1,237 +0,0 @@
-#include "rsa_support.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-int hashit(int sha,octet *p,int n,octet *w)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- if (p!=NULL) for (i=0; i<p->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,p->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,p->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,p->val[i]);
- break;
- }
- }
- if (n>=0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
-
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
- OCT_jbytes(w,hh,hlen);
- for (i=0; i<hlen; i++) hh[i]=0;
-
- return hlen;
-}
-
-/* Mask Generation Function */
-
-static void MGF1(int sha,octet *z,int olen,octet *mask)
-{
- char h[64];
- octet H= {0,sizeof(h),h};
- int hlen=sha;
- int counter,cthreshold;
-
- OCT_empty(mask);
-
- cthreshold=ROUNDUP(olen,hlen);
- for (counter=0; counter<cthreshold; counter++)
- {
- hashit(sha,z,counter,&H);
- if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen);
- else OCT_joctet(mask,&H);
- }
- OCT_clear(&H);
-}
-
-/* SHAXXX identifier strings */
-const unsigned char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
-const unsigned char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
-const unsigned char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
-
-/* PKCS 1.5 padding of a message to be signed */
-
-int PKCS15(int sha,octet *m,octet *w)
-{
- int olen=w->max;
- int hlen=sha;
- int idlen=19;
- char h[64];
- octet H= {0,sizeof(h),h};
-
- if (olen<idlen+hlen+10) return 1;
- hashit(sha,m,-1,&H);
-
- OCT_empty(w);
- OCT_jbyte(w,0x00,1);
- OCT_jbyte(w,0x01,1);
- OCT_jbyte(w,0xff,olen-idlen-hlen-3);
- OCT_jbyte(w,0x00,1);
-
- if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen);
- if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen);
- if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen);
-
- OCT_joctet(w,&H);
-
- return 0;
-}
-
-/* OAEP Message Encoding for Encryption */
-
-int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f)
-{
- int slen,olen=f->max-1;
- int mlen=m->len;
- int hlen,seedlen;
- char dbmask[MAX_RSA_BYTES],seed[64];
- octet DBMASK= {0,sizeof(dbmask),dbmask};
- octet SEED= {0,sizeof(seed),seed};
-
- hlen=seedlen=sha;
- if (mlen>olen-hlen-seedlen-1) return 1;
- if (m==f) return 1; /* must be distinct octets */
-
- hashit(sha,p,-1,f);
-
- slen=olen-mlen-hlen-seedlen-1;
-
- OCT_jbyte(f,0,slen);
- OCT_jbyte(f,0x1,1);
- OCT_joctet(f,m);
-
- OCT_rand(&SEED,RNG,seedlen);
-
- MGF1(sha,&SEED,olen-seedlen,&DBMASK);
-
- OCT_xor(&DBMASK,f);
- MGF1(sha,&DBMASK,seedlen,f);
-
- OCT_xor(f,&SEED);
-
- OCT_joctet(f,&DBMASK);
-
- OCT_pad(f,f->max);
- OCT_clear(&SEED);
- OCT_clear(&DBMASK);
-
- return 0;
-}
-
-/* OAEP Message Decoding for Decryption */
-
-int OAEP_DECODE(int sha,octet *p,octet *f)
-{
- int comp,x,t;
- int i,k,olen=f->max-1;
- int hlen,seedlen;
- char dbmask[MAX_RSA_BYTES],seed[64],chash[64];
- octet DBMASK= {0,sizeof(dbmask),dbmask};
- octet SEED= {0,sizeof(seed),seed};
- octet CHASH= {0,sizeof(chash),chash};
-
- seedlen=hlen=sha;
- if (olen<seedlen+hlen+1) return 1;
- if (!OCT_pad(f,olen+1)) return 1;
- hashit(sha,p,-1,&CHASH);
-
- x=f->val[0];
- for (i=seedlen; i<olen; i++)
- DBMASK.val[i-seedlen]=f->val[i+1];
- DBMASK.len=olen-seedlen;
-
- MGF1(sha,&DBMASK,seedlen,&SEED);
- for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1];
- MGF1(sha,&SEED,olen-seedlen,f);
- OCT_xor(&DBMASK,f);
-
- comp=OCT_ncomp(&CHASH,&DBMASK,hlen);
-
- OCT_shl(&DBMASK,hlen);
-
- OCT_clear(&SEED);
- OCT_clear(&CHASH);
-
- for (k=0;; k++)
- {
- if (k>=DBMASK.len)
- {
- OCT_clear(&DBMASK);
- return 1;
- }
- if (DBMASK.val[k]!=0) break;
- }
-
- t=DBMASK.val[k];
- if (!comp || x!=0 || t!=0x01)
- {
- OCT_clear(&DBMASK);
- return 1;
- }
-
- OCT_shl(&DBMASK,k+1);
- OCT_copy(f,&DBMASK);
- OCT_clear(&DBMASK);
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/rsa_support.h
----------------------------------------------------------------------
diff --git a/version3/c/rsa_support.h b/version3/c/rsa_support.h
deleted file mode 100644
index 3bd495f..0000000
--- a/version3/c/rsa_support.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/**
- * @file rsa_support.h
- * @author Mike Scott
- * @brief RSA Support Header File
- *
- */
-
-#ifndef RSA_SUPPORT_H
-#define RSA_SUPPORT_H
-
-#include "amcl.h"
-
-#define MAX_RSA_BYTES 512 /**< Maximum of 4096 */
-
-/** @brief PKCS V1.5 padding of a message prior to RSA signature
- *
- @param h is the hash type
- @param M is the input message
- @param W is the output encoding, ready for RSA signature
- @return 1 if OK, else 0
- */
-extern int PKCS15(int h,octet *M,octet *W);
-/** @brief OAEP padding of a message prior to RSA encryption
- *
- @param h is the hash type
- @param M is the input message
- @param R is a pointer to a cryptographically secure random number generator
- @param P are input encoding parameter string (could be NULL)
- @param F is the output encoding, ready for RSA encryption
- @return 1 if OK, else 0
- */
-extern int OAEP_ENCODE(int h,octet *M,csprng *R,octet *P,octet *F);
-/** @brief OAEP unpadding of a message after RSA decryption
- *
- Unpadding is done in-place
- @param h is the hash type
- @param P are input encoding parameter string (could be NULL)
- @param F is input padded message, unpadded on output
- @return 1 if OK, else 0
- */
-extern int OAEP_DECODE(int h,octet *P,octet *F);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/testall.c
----------------------------------------------------------------------
diff --git a/version3/c/testall.c b/version3/c/testall.c
deleted file mode 100644
index 46b5a96..0000000
--- a/version3/c/testall.c
+++ /dev/null
@@ -1,1627 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "ecdh_ED25519.h"
-#include "mpin_BN254.h"
-#include "rsa_2048.h"
-#include "randapi.h"
-
-#if CHUNK==32 || CHUNK==64
-#include "ecdh_NIST256.h"
-#include "ecdh_GOLDILOCKS.h"
-#include "mpin_BLS383.h"
-#include "mpin192_BLS24.h"
-#include "mpin256_BLS48.h"
-#endif
-
-int ecdh_ED25519(csprng *RNG)
-{
- int i,res;
- unsigned long ran;
- char *pp="M0ng00se";
- // These octets are automatically protected against buffer overflow attacks
- // Note salt must be big enough to include an appended word
- // Note ECIES ciphertext C must be big enough to include at least 1 appended block
- // Recall EFS_ED25519 is field size in bytes. So EFS_ED25519=32 for 256-bit curve
- char s0[2*EGS_ED25519],s1[EGS_ED25519],w0[2*EFS_ED25519+1],w1[2*EFS_ED25519+1],z0[EFS_ED25519],z1[EFS_ED25519],key[AESKEY_ED25519],salt[40],pw[40];
- octet S0= {0,sizeof(s0),s0};
- octet S1= {0,sizeof(s1),s1};
- octet W0= {0,sizeof(w0),w0};
- octet W1= {0,sizeof(w1),w1};
- octet Z0= {0,sizeof(z0),z0};
- octet Z1= {0,sizeof(z1),z1};
- octet KEY= {0,sizeof(key),key};
- octet SALT= {0,sizeof(salt),salt};
- octet PW= {0,sizeof(pw),pw};
-
- SALT.len=8;
- for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- // private key S0 of size EGS_ED25519 bytes derived from Password and Salt
-
- PBKDF2(HASH_TYPE_ED25519,&PW,&SALT,1000,EGS_ED25519,&S0);
-
- printf("Alices private key= 0x");
- OCT_output(&S0);
-
- // Generate Key pair S/W
-
- ECP_ED25519_KEY_PAIR_GENERATE(NULL,&S0,&W0);
- printf("Alices public key= 0x");
- OCT_output(&W0);
-
- res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- // Random private key for other party
- ECP_ED25519_KEY_PAIR_GENERATE(RNG,&S1,&W1);
- res=ECP_ED25519_PUBLIC_KEY_VALIDATE(&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x");
- OCT_output(&S1);
- printf("Servers public key= 0x");
- OCT_output(&W1);
-
- // Calculate common key using DH - IEEE 1363 method
-
- ECP_ED25519_SVDP_DH(&S0,&W1,&Z0);
- ECP_ED25519_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- KDF2(HASH_TYPE_ED25519,&Z0,NULL,AESKEY_ED25519,&KEY);
-
- printf("Alice's DH Key= 0x");
- OCT_output(&KEY);
- printf("Servers DH Key= 0x");
- OCT_output(&KEY);
-
-#if CURVETYPE_ED25519 != MONTGOMERY
-
- char ds[EGS_ED25519],p1[30],p2[30],v[2*EFS_ED25519+1],m[32],c[64],t[32],cs[EGS_ED25519];
- octet DS= {0,sizeof(ds),ds};
- octet CS= {0,sizeof(cs),cs};
- octet P1= {0,sizeof(p1),p1};
- octet P2= {0,sizeof(p2),p2};
- octet V= {0,sizeof(v),v};
- octet M= {0,sizeof(m),m};
- octet C= {0,sizeof(c),c};
- octet T= {0,sizeof(t),t};
-
- printf("Testing ECIES\n");
-
- P1.len=3;
- P1.val[0]=0x0;
- P1.val[1]=0x1;
- P1.val[2]=0x2;
- P2.len=4;
- P2.val[0]=0x0;
- P2.val[1]=0x1;
- P2.val[2]=0x2;
- P2.val[3]=0x3;
-
- M.len=17;
- for (i=0; i<=16; i++) M.val[i]=i;
-
- ECP_ED25519_ECIES_ENCRYPT(HASH_TYPE_ED25519,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x");
- OCT_output(&V);
- printf("C= 0x");
- OCT_output(&C);
- printf("T= 0x");
- OCT_output(&T);
-
- if (!ECP_ED25519_ECIES_DECRYPT(HASH_TYPE_ED25519,&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x");
- OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECP_ED25519_SP_DSA(HASH_TYPE_ED25519,RNG,NULL,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x");
- OCT_output(&CS);
- printf("Signature D = 0x");
- OCT_output(&DS);
-
- if (ECP_ED25519_VP_DSA(HASH_TYPE_ED25519,&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- {
- printf("ECDSA Signature/Verification succeeded\n");
- }
-
-#endif
-
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-int ecdh_NIST256(csprng *RNG)
-{
- int i,res;
- unsigned long ran;
- char *pp="M0ng00se";
- // These octets are automatically protected against buffer overflow attacks
- // Note salt must be big enough to include an appended word
- // Note ECIES ciphertext C must be big enough to include at least 1 appended block
- // Recall EFS_NIST256 is field size in bytes. So EFS_NIST256=32 for 256-bit curve
- char s0[2*EGS_NIST256],s1[EGS_NIST256],w0[2*EFS_NIST256+1],w1[2*EFS_NIST256+1],z0[EFS_NIST256],z1[EFS_NIST256],key[AESKEY_NIST256],salt[40],pw[40];
- octet S0= {0,sizeof(s0),s0};
- octet S1= {0,sizeof(s1),s1};
- octet W0= {0,sizeof(w0),w0};
- octet W1= {0,sizeof(w1),w1};
- octet Z0= {0,sizeof(z0),z0};
- octet Z1= {0,sizeof(z1),z1};
- octet KEY= {0,sizeof(key),key};
- octet SALT= {0,sizeof(salt),salt};
- octet PW= {0,sizeof(pw),pw};
-
- SALT.len=8;
- for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- // private key S0 of size EGS_NIST256 bytes derived from Password and Salt
-
- PBKDF2(HASH_TYPE_NIST256,&PW,&SALT,1000,EGS_NIST256,&S0);
-
- printf("Alices private key= 0x");
- OCT_output(&S0);
-
- // Generate Key pair S/W
-
- ECP_NIST256_KEY_PAIR_GENERATE(NULL,&S0,&W0);
- printf("Alices public key= 0x");
- OCT_output(&W0);
-
- res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- // Random private key for other party
- ECP_NIST256_KEY_PAIR_GENERATE(RNG,&S1,&W1);
- res=ECP_NIST256_PUBLIC_KEY_VALIDATE(&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x");
- OCT_output(&S1);
- printf("Servers public key= 0x");
- OCT_output(&W1);
-
- // Calculate common key using DH - IEEE 1363 method
-
- ECP_NIST256_SVDP_DH(&S0,&W1,&Z0);
- ECP_NIST256_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- KDF2(HASH_TYPE_NIST256,&Z0,NULL,AESKEY_NIST256,&KEY);
-
- printf("Alice's DH Key= 0x");
- OCT_output(&KEY);
- printf("Servers DH Key= 0x");
- OCT_output(&KEY);
-
-#if CURVETYPE_NIST256 != MONTGOMERY
-
- char ds[EGS_NIST256],p1[30],p2[30],v[2*EFS_NIST256+1],m[32],c[64],t[32],cs[EGS_NIST256];
- octet DS= {0,sizeof(ds),ds};
- octet CS= {0,sizeof(cs),cs};
- octet P1= {0,sizeof(p1),p1};
- octet P2= {0,sizeof(p2),p2};
- octet V= {0,sizeof(v),v};
- octet M= {0,sizeof(m),m};
- octet C= {0,sizeof(c),c};
- octet T= {0,sizeof(t),t};
-
- printf("Testing ECIES\n");
-
- P1.len=3;
- P1.val[0]=0x0;
- P1.val[1]=0x1;
- P1.val[2]=0x2;
- P2.len=4;
- P2.val[0]=0x0;
- P2.val[1]=0x1;
- P2.val[2]=0x2;
- P2.val[3]=0x3;
-
- M.len=17;
- for (i=0; i<=16; i++) M.val[i]=i;
-
- ECP_NIST256_ECIES_ENCRYPT(HASH_TYPE_NIST256,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x");
- OCT_output(&V);
- printf("C= 0x");
- OCT_output(&C);
- printf("T= 0x");
- OCT_output(&T);
-
- if (!ECP_NIST256_ECIES_DECRYPT(HASH_TYPE_NIST256,&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x");
- OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECP_NIST256_SP_DSA(HASH_TYPE_NIST256,RNG,NULL,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x");
- OCT_output(&CS);
- printf("Signature D = 0x");
- OCT_output(&DS);
-
- if (ECP_NIST256_VP_DSA(HASH_TYPE_NIST256,&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- {
- printf("ECDSA Signature/Verification succeeded\n");
- }
-
-#endif
-
- return 0;
-}
-
-int ecdh_GOLDILOCKS(csprng *RNG)
-{
- int i,res;
- unsigned long ran;
- char *pp="M0ng00se";
- // These octets are automatically protected against buffer overflow attacks
- // Note salt must be big enough to include an appended word
- // Note ECIES ciphertext C must be big enough to include at least 1 appended block
- // Recall EFS_GOLDILOCKS is field size in bytes. So EFS_GOLDILOCKS=32 for 256-bit curve
- char s0[2*EGS_GOLDILOCKS],s1[EGS_GOLDILOCKS],w0[2*EFS_GOLDILOCKS+1],w1[2*EFS_GOLDILOCKS+1],z0[EFS_GOLDILOCKS],z1[EFS_GOLDILOCKS],key[AESKEY_GOLDILOCKS],salt[40],pw[40];
- octet S0= {0,sizeof(s0),s0};
- octet S1= {0,sizeof(s1),s1};
- octet W0= {0,sizeof(w0),w0};
- octet W1= {0,sizeof(w1),w1};
- octet Z0= {0,sizeof(z0),z0};
- octet Z1= {0,sizeof(z1),z1};
- octet KEY= {0,sizeof(key),key};
- octet SALT= {0,sizeof(salt),salt};
- octet PW= {0,sizeof(pw),pw};
-
- SALT.len=8;
- for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- // private key S0 of size EGS_GOLDILOCKS bytes derived from Password and Salt
-
- PBKDF2(HASH_TYPE_GOLDILOCKS,&PW,&SALT,1000,EGS_GOLDILOCKS,&S0);
-
- printf("Alices private key= 0x");
- OCT_output(&S0);
-
- // Generate Key pair S/W
-
- ECP_GOLDILOCKS_KEY_PAIR_GENERATE(NULL,&S0,&W0);
- printf("Alices public key= 0x");
- OCT_output(&W0);
-
- res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- // Random private key for other party
- ECP_GOLDILOCKS_KEY_PAIR_GENERATE(RNG,&S1,&W1);
- res=ECP_GOLDILOCKS_PUBLIC_KEY_VALIDATE(&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x");
- OCT_output(&S1);
- printf("Servers public key= 0x");
- OCT_output(&W1);
-
- // Calculate common key using DH - IEEE 1363 method
-
- ECP_GOLDILOCKS_SVDP_DH(&S0,&W1,&Z0);
- ECP_GOLDILOCKS_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- KDF2(HASH_TYPE_GOLDILOCKS,&Z0,NULL,AESKEY_GOLDILOCKS,&KEY);
-
- printf("Alice's DH Key= 0x");
- OCT_output(&KEY);
- printf("Servers DH Key= 0x");
- OCT_output(&KEY);
-
-#if CURVETYPE_GOLDILOCKS != MONTGOMERY
-
- char ds[EGS_GOLDILOCKS],p1[30],p2[30],v[2*EFS_GOLDILOCKS+1],m[32],c[64],t[32],cs[EGS_GOLDILOCKS];
- octet DS= {0,sizeof(ds),ds};
- octet CS= {0,sizeof(cs),cs};
- octet P1= {0,sizeof(p1),p1};
- octet P2= {0,sizeof(p2),p2};
- octet V= {0,sizeof(v),v};
- octet M= {0,sizeof(m),m};
- octet C= {0,sizeof(c),c};
- octet T= {0,sizeof(t),t};
-
- printf("Testing ECIES\n");
-
- P1.len=3;
- P1.val[0]=0x0;
- P1.val[1]=0x1;
- P1.val[2]=0x2;
- P2.len=4;
- P2.val[0]=0x0;
- P2.val[1]=0x1;
- P2.val[2]=0x2;
- P2.val[3]=0x3;
-
- M.len=17;
- for (i=0; i<=16; i++) M.val[i]=i;
-
- ECP_GOLDILOCKS_ECIES_ENCRYPT(HASH_TYPE_GOLDILOCKS,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x");
- OCT_output(&V);
- printf("C= 0x");
- OCT_output(&C);
- printf("T= 0x");
- OCT_output(&T);
-
- if (!ECP_GOLDILOCKS_ECIES_DECRYPT(HASH_TYPE_GOLDILOCKS,&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x");
- OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECP_GOLDILOCKS_SP_DSA(HASH_TYPE_GOLDILOCKS,RNG,NULL,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x");
- OCT_output(&CS);
- printf("Signature D = 0x");
- OCT_output(&DS);
-
- if (ECP_GOLDILOCKS_VP_DSA(HASH_TYPE_GOLDILOCKS,&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else
- {
- printf("ECDSA Signature/Verification succeeded\n");
- }
-
-#endif
-
- return 0;
-}
-#endif
-
-#define PERMITS // for time permits ON or OFF
-#define PINERROR // For PIN ERROR detection ON or OFF
-#define FULL // for M-Pin Full or M-Pin regular
-
-int mpin_BN254(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BN254],s[PGS_BN254],y[PGS_BN254],client_id[100],sst[4*PFS_BN254],token[2*PFS_BN254+1],sec[2*PFS_BN254+1],permit[2*PFS_BN254+1],xcid[2*PFS_BN254+1],xid[2*PFS_BN254+1],e[12*PFS_BN254],f[12*PFS_BN254];
- char hcid[PFS_BN254],hsid[PFS_BN254],hid[2*PFS_BN254+1],htid[2*PFS_BN254+1],h[PGS_BN254];
-#ifdef FULL
- char r[PGS_BN254],z[2*PFS_BN254+1],w[PGS_BN254],t[2*PFS_BN254+1];
- char g1[12*PFS_BN254],g2[12*PFS_BN254];
- char ck[AESKEY_BN254],sk[AESKEY_BN254];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BN254_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BN254_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BN254_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BN254_EXTRACT_PIN(HASH_TYPE_BN254,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BN254_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BN254_GET_CLIENT_PERMIT(HASH_TYPE_BN254,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BN254_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BN254_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BN254_GET_TIME();
-
- rtn=MPIN_BN254_CLIENT(HASH_TYPE_BN254,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BN254_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BN254_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BN254_SERVER(HASH_TYPE_BN254,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HSID); // new
- MPIN_BN254_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BN254_CLIENT_1(HASH_TYPE_BN254,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HCID);
- MPIN_BN254_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BN254_SERVER_1(HASH_TYPE_BN254,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BN254_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BN254,&CLIENT_ID,&HSID); //new
- MPIN_BN254_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BN254_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BN254_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BN254_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BN254,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BN254_CLIENT_KEY(HASH_TYPE_BN254,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BN254,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BN254_SERVER_KEY(HASH_TYPE_BN254,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-#if CHUNK==32 || CHUNK==64
-
-int mpin_BLS383(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BLS383],s[PGS_BLS383],y[PGS_BLS383],client_id[100],sst[4*PFS_BLS383],token[2*PFS_BLS383+1],sec[2*PFS_BLS383+1],permit[2*PFS_BLS383+1],xcid[2*PFS_BLS383+1],xid[2*PFS_BLS383+1],e[12*PFS_BLS383],f[12*PFS_BLS383];
- char hcid[PFS_BLS383],hsid[PFS_BLS383],hid[2*PFS_BLS383+1],htid[2*PFS_BLS383+1],h[PGS_BLS383];
-#ifdef FULL
- char r[PGS_BLS383],z[2*PFS_BLS383+1],w[PGS_BLS383],t[2*PFS_BLS383+1];
- char g1[12*PFS_BLS383],g2[12*PFS_BLS383];
- char ck[AESKEY_BLS383],sk[AESKEY_BLS383];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BLS383_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BLS383_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BLS383_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BLS383_EXTRACT_PIN(HASH_TYPE_BLS383,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BLS383_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BLS383_GET_CLIENT_PERMIT(HASH_TYPE_BLS383,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BLS383_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BLS383_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BLS383_GET_TIME();
-
- rtn=MPIN_BLS383_CLIENT(HASH_TYPE_BLS383,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BLS383_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BLS383_SERVER(HASH_TYPE_BLS383,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HSID); // new
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BLS383_CLIENT_1(HASH_TYPE_BLS383,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HCID);
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BLS383_SERVER_1(HASH_TYPE_BLS383,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BLS383_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS383,&CLIENT_ID,&HSID); //new
- MPIN_BLS383_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BLS383_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BLS383_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BLS383_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BLS383,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BLS383_CLIENT_KEY(HASH_TYPE_BLS383,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BLS383,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BLS383_SERVER_KEY(HASH_TYPE_BLS383,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-
-int mpin192_BLS24(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BLS24],s[PGS_BLS24],y[PGS_BLS24],client_id[100],sst[8*PFS_BLS24],token[2*PFS_BLS24+1],sec[2*PFS_BLS24+1],permit[2*PFS_BLS24+1],xcid[2*PFS_BLS24+1],xid[2*PFS_BLS24+1],e[24*PFS_BLS24],f[24*PFS_BLS24];
- char hcid[PFS_BLS24],hsid[PFS_BLS24],hid[2*PFS_BLS24+1],htid[2*PFS_BLS24+1],h[PGS_BLS24];
-#ifdef FULL
- char r[PGS_BLS24],z[2*PFS_BLS24+1],w[PGS_BLS24],t[2*PFS_BLS24+1];
- char g1[24*PFS_BLS24],g2[24*PFS_BLS24];
- char ck[AESKEY_BLS24],sk[AESKEY_BLS24];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BLS24_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BLS24_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BLS24_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BLS24_EXTRACT_PIN(HASH_TYPE_BLS24,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BLS24_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BLS24_GET_CLIENT_PERMIT(HASH_TYPE_BLS24,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BLS24_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BLS24_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BLS24_GET_TIME();
-
- rtn=MPIN_BLS24_CLIENT(HASH_TYPE_BLS24,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BLS24_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BLS24_SERVER(HASH_TYPE_BLS24,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HSID); // new
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BLS24_CLIENT_1(HASH_TYPE_BLS24,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HCID);
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BLS24_SERVER_1(HASH_TYPE_BLS24,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BLS24_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS24,&CLIENT_ID,&HSID); //new
- MPIN_BLS24_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BLS24_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BLS24_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BLS24_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BLS24,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BLS24_CLIENT_KEY(HASH_TYPE_BLS24,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BLS24,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BLS24_SERVER_KEY(HASH_TYPE_BLS24,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-
-int mpin256_BLS48(csprng *RNG)
-{
- int i,pin,rtn,err;
-#ifdef PERMITS
- int date=today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS_BLS48],s[PGS_BLS48],y[PGS_BLS48],client_id[100],sst[16*PFS_BLS48],token[2*PFS_BLS48+1],sec[2*PFS_BLS48+1],permit[2*PFS_BLS48+1],xcid[2*PFS_BLS48+1],xid[2*PFS_BLS48+1],e[48*PFS_BLS48],f[48*PFS_BLS48];
- char hcid[PFS_BLS48],hsid[PFS_BLS48],hid[2*PFS_BLS48+1],htid[2*PFS_BLS48+1],h[PGS_BLS48];
-#ifdef FULL
- char r[PGS_BLS48],z[2*PFS_BLS48+1],w[PGS_BLS48],t[2*PFS_BLS48+1];
- char g1[48*PFS_BLS48],g2[48*PFS_BLS48];
- char ck[AESKEY_BLS48],sk[AESKEY_BLS48];
-#endif
- octet S= {0,sizeof(s),s};
- octet X= {0,sizeof(x),x};
- octet Y= {0,sizeof(y),y};
- octet H= {0,sizeof(h),h};
- octet CLIENT_ID= {0,sizeof(client_id),client_id};
- octet SST= {0,sizeof(sst),sst};
- octet TOKEN= {0,sizeof(token),token};
- octet SEC= {0,sizeof(sec),sec};
- octet PERMIT= {0,sizeof(permit),permit};
- octet xCID= {0,sizeof(xcid),xcid};
- octet xID= {0,sizeof(xid),xid};
- octet HCID= {0,sizeof(hcid),hcid};
- octet HSID= {0,sizeof(hsid),hsid};
- octet HID= {0,sizeof(hid),hid};
- octet HTID= {0,sizeof(htid),htid};
- octet E= {0,sizeof(e),e};
- octet F= {0,sizeof(f),f};
-#ifdef FULL
- octet R= {0,sizeof(r),r};
- octet Z= {0,sizeof(z),z};
- octet W= {0,sizeof(w),w};
- octet T= {0,sizeof(t),t};
- octet G1= {0,sizeof(g1),g1};
- octet G2= {0,sizeof(g2),g2};
- octet SK= {0,sizeof(sk),sk};
- octet CK= {0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
- char idhex[100];
-
- // Trusted Authority set-up
- MPIN_BLS48_RANDOM_GENERATE(RNG,&S);
- printf("Master Secret= ");
- OCT_output(&S);
-
- // Create Client Identity
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HCID); // Either Client or TA calculates Hash(ID) - you decide!
-
- printf("Client ID Hash= ");
- OCT_output(&HCID);
- printf("\n");
-
- OCT_toHex(&CLIENT_ID,idhex);
- printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
-
- MPIN_BLS48_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= ");
- OCT_output(&TOKEN);
-
-// Client and Server are issued secrets by DTA
- MPIN_BLS48_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= ");
- OCT_output(&SST);
-
-
-
- // Client extracts PIN from secret to create Token
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_BLS48_EXTRACT_PIN(HASH_TYPE_BLS48,&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= ");
- OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_BLS48_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- // Client gets "Time Permit" from DTA
- printf("Client gets Time Permit\n");
-
- MPIN_BLS48_GET_CLIENT_PERMIT(HASH_TYPE_BLS48,date,&S,&HCID,&PERMIT);
- printf("Time Permit= ");
- OCT_output(&PERMIT);
-
- // This encoding makes Time permit look random
- if (MPIN_BLS48_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
- // printf("Encoded Time Permit= "); OCT_output(&PERMIT);
- if (MPIN_BLS48_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- // printf("Decoded Time Permit= "); OCT_output(&PERMIT);
-#endif
-
- // MPin Protocol
-
- // Client enters PIN
- printf("\nPIN= ");
- if(scanf("%d",&pin)) {};
- // to avoid silly compile error
- getchar();
-
- // Set date=0 and PERMIT=NULL if time permits not in use
-
- // Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- // If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- // Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- // HSID - hashed client ID as calculated by the server
- // HCID - hashed client ID as calculated by the client
-
- // IMPORTANT: To save space and time..
- // If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- // If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- // If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
-
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
-// pHID=NULL; //new
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
- // When set only send hashed IDs to server
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
-#ifdef SINGLE_PASS
- int timeValue;
- printf("MPIN Single Pass\n");
- timeValue = MPIN_BLS48_GET_TIME();
-
- rtn=MPIN_BLS48_CLIENT(HASH_TYPE_BLS48,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
-
- if (rtn != 0)
- {
- printf("MPIN_BLS48_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r
-#endif
-
-
- rtn=MPIN_BLS48_SERVER(HASH_TYPE_BLS48,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue,NULL);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HSID); // new
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
- if (MPIN_BLS48_CLIENT_1(HASH_TYPE_BLS48,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- // Send U=x.ID to server, and recreate secret from token and pin
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HCID);
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); // Also Send Z=r.ID to Server, remember random r, DH component
-#endif
-
- // Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp.
- MPIN_BLS48_SERVER_1(HASH_TYPE_BLS48,date,pID,pHID,pHTID);
-
- // Server generates Random number Y and sends it to Client
- MPIN_BLS48_RANDOM_GENERATE(RNG,&Y);
-
-#ifdef FULL
- HASH_ID(HASH_TYPE_BLS48,&CLIENT_ID,&HSID); //new
- MPIN_BLS48_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); // Also send T=w.ID to client, remember random w, DH component
-#endif
-
- // Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC
- if (MPIN_BLS48_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- // Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error.
- // If PIN error not required, set E and F = NULL
- rtn=MPIN_BLS48_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,NULL);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin.\n");
-#ifdef PINERROR
-
- err=MPIN_BLS48_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! You really are ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
-
- HASH_ALL(HASH_TYPE_BLS48,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
- MPIN_BLS48_CLIENT_KEY(HASH_TYPE_BLS48,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
- printf("Client Key = ");
- OCT_output(&CK);
-
- HASH_ALL(HASH_TYPE_BLS48,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_BLS48_SERVER_KEY(HASH_TYPE_BLS48,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
- printf("Server Key = ");
- OCT_output(&SK);
-#endif
- return 0;
-}
-
-
-#endif
-
-int rsa_2048(csprng *RNG)
-{
- int i;
- unsigned long ran;
- char m[RFS_2048],ml[RFS_2048],c[RFS_2048],e[RFS_2048],s[RFS_2048];
- rsa_public_key_2048 pub;
- rsa_private_key_2048 priv;
-
- octet M= {0,sizeof(m),m};
- octet ML= {0,sizeof(ml),ml};
- octet C= {0,sizeof(c),c};
- octet E= {0,sizeof(e),e};
- octet S= {0,sizeof(s),s};
-
- printf("Generating public/private key pair\n");
- RSA_2048_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL);
-
- printf("Encrypting test string\n");
- OCT_jstring(&M,(char *)"Hello World\n");
-
- OAEP_ENCODE(HASH_TYPE_RSA_2048,&M,RNG,NULL,&E); // OAEP encode message m to e
-
- RSA_2048_ENCRYPT(&pub,&E,&C); // encrypt encoded message
- printf("Ciphertext= ");
- OCT_output(&C);
-
- printf("Decrypting test string\n");
- RSA_2048_DECRYPT(&priv,&C,&ML); // ... and then decrypt it
-
- OAEP_DECODE(HASH_TYPE_RSA_2048,NULL,&ML); // decode it
- OCT_output_string(&ML);
-
- printf("Signing message\n");
- PKCS15(HASH_TYPE_RSA_2048,&M,&C);
-
- RSA_2048_DECRYPT(&priv,&C,&S); // create signature in S
-
- printf("Signature= ");
- OCT_output(&S);
-
- RSA_2048_ENCRYPT(&pub,&S,&ML);
-
- if (OCT_comp(&C,&ML)) printf("Signature is valid\n");
- else printf("Signature is INVALID\n");
-
- RSA_2048_PRIVATE_KEY_KILL(&priv);
-
- OCT_clear(&M);
- OCT_clear(&ML); // clean up afterwards
- OCT_clear(&C);
- OCT_clear(&E);
-
- return 0;
-}
-
-
-int main()
-{
- int i,res;
- unsigned long ran;
-
- char raw[100];
- octet RAW= {0,sizeof(raw),raw};
- csprng RNG; // Crypto Strong RNG
-
- time((time_t *)&ran);
-
- RAW.len=100; // fake random seed source
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=0; i<100; i++) RAW.val[i]=i;
-
- CREATE_CSPRNG(&RNG,&RAW); // initialise strong RNG
-
- printf("\nTesting MPIN protocols for curve BN254\n");
- mpin_BN254(&RNG);
-
-#if CHUNK!=16
- printf("\nTesting MPIN protocols for curve BLS383\n");
- mpin_BLS383(&RNG);
- printf("\nTesting MPIN protocols for curve BLS24\n");
- mpin192_BLS24(&RNG);
- printf("\nTesting MPIN protocols for curve BLS48\n");
- mpin256_BLS48(&RNG);
-#endif
-
-
- printf("\nTesting ECDH protocols for curve ED25519\n");
- ecdh_ED25519(&RNG);
-#if CHUNK!=16
- printf("\nTesting ECDH protocols for curve NIST256\n");
- ecdh_NIST256(&RNG);
- printf("\nTesting ECDH protocols for curve GOLDILOCKS\n");
- ecdh_GOLDILOCKS(&RNG);
-#endif
- printf("\nTesting RSA protocols for 2048-bit RSA\n");
- rsa_2048(&RNG);
-
- KILL_CSPRNG(&RNG);
-}
-