You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/08 00:12:52 UTC
[32/51] [partial] incubator-milagro-crypto-c git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_25519.c
----------------------------------------------------------------------
diff --git a/src/rom_field_25519.c b/src/rom_field_25519.c
new file mode 100644
index 0000000..08221dc
--- /dev/null
+++ b/src/rom_field_25519.c
@@ -0,0 +1,25 @@
+#include "arch.h"
+#include "fp_25519.h"
+
+/* Curve 25519 */
+
+#if CHUNK==16
+// Base Bits= 13
+const BIG_256_13 Modulus_25519= {0x1FED,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
+const BIG_256_13 R2modp_25519= {0x400,0x2D,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_25519= 0x13;
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_256_29 Modulus_25519= {0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
+const BIG_256_29 R2modp_25519= {0x169000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_25519= 0x13;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_25519= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
+const BIG_256_56 R2modp_25519= {0xA4000000000000L,0x5L,0x0L,0x0L,0x0L};
+const chunk MConst_25519= 0x13L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_256PME.c
----------------------------------------------------------------------
diff --git a/src/rom_field_256PME.c b/src/rom_field_256PME.c
new file mode 100644
index 0000000..49c3705
--- /dev/null
+++ b/src/rom_field_256PME.c
@@ -0,0 +1,25 @@
+#include "arch.h"
+#include "fp_256PME.h"
+
+/* NUMS 256-bit modulus */
+
+#if CHUNK==16
+// Base Bits= 13
+const BIG_256_13 Modulus_256PME= {0x1F43,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
+const BIG_256_13 R2modp_256PME= {0x900,0x45C,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_256PME= 0xBD;
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_256_29 Modulus_256PME= {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
+const BIG_256_29 R2modp_256PME= {0x22E2400,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_256PME= 0xBD;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_256PME= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
+const BIG_256_56 R2modp_256PME= {0x89000000000000L,0x8BL,0x0L,0x0L,0x0L};
+const chunk MConst_256PME= 0xBDL;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_256PMW.c
----------------------------------------------------------------------
diff --git a/src/rom_field_256PMW.c b/src/rom_field_256PMW.c
new file mode 100644
index 0000000..b4c46a2
--- /dev/null
+++ b/src/rom_field_256PMW.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_256PMW.h"
+
+/* NUMS 256-bit modulus */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_256PMW= {0xFFFFF43,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF};
+const BIG_256_28 R2modp_256PMW= {0x0,0x8900000,0x8B,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_256PMW= 0xBD;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_256PMW= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
+const BIG_256_56 R2modp_256PMW= {0x89000000000000L,0x8BL,0x0L,0x0L,0x0L};
+const chunk MConst_256PMW= 0xBDL;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_384PM.c
----------------------------------------------------------------------
diff --git a/src/rom_field_384PM.c b/src/rom_field_384PM.c
new file mode 100644
index 0000000..a9b79c9
--- /dev/null
+++ b/src/rom_field_384PM.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_384PM.h"
+
+/* NUMS 384-bit modulus */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_384_29 Modulus_384PM= {0x1FFFFEC3,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
+const BIG_384_29 R2modp_384PM= {0x0,0x4448000,0x6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_384PM= 0x13D;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_384_56 Modulus_384PM= {0xFFFFFFFFFFFEC3L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
+const BIG_384_56 R2modp_384PM= {0x188890000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const chunk MConst_384PM= 0x13DL;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_512PM.c
----------------------------------------------------------------------
diff --git a/src/rom_field_512PM.c b/src/rom_field_512PM.c
new file mode 100644
index 0000000..cbbbf29
--- /dev/null
+++ b/src/rom_field_512PM.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_512PM.h"
+
+/* NUMS 512-bit modulus */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_512_29 Modulus_512PM= {0x1FFFFDC7,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
+const BIG_512_29 R2modp_512PM= {0xB100000,0x278,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_512PM= 0x239;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_512_56 Modulus_512PM= {0xFFFFFFFFFFFDC7L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFL};
+const BIG_512_56 R2modp_512PM= {0x0L,0xF0B10000000000L,0x4L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const chunk MConst_512PM= 0x239L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_ANSSI.c
----------------------------------------------------------------------
diff --git a/src/rom_field_ANSSI.c b/src/rom_field_ANSSI.c
new file mode 100644
index 0000000..64aabc0
--- /dev/null
+++ b/src/rom_field_ANSSI.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_ANSSI.h"
+
+/* ANNSI Curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_ANSSI= {0x86E9C03,0xFCF353D,0x8CA6DE8,0xADBCABC,0x35B3961,0xE8CE424,0xF10126D,0xB3AD58,0x1FD178C,0xF};
+const BIG_256_28 R2modp_ANSSI= {0x288CC9C,0x18D2374,0x646BD2B,0x4929E67,0xD6F7F2D,0x220E6C1,0xABCE02E,0x751B1FD,0x7401B78,0xE};
+const chunk MConst_ANSSI= 0x64E1155;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_ANSSI= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL};
+const BIG_256_56 R2modp_ANSSI= {0x18D2374288CC9CL,0x4929E67646BD2BL,0x220E6C1D6F7F2DL,0x751B1FDABCE02EL,0xE7401B78L};
+const chunk MConst_ANSSI= 0x97483A164E1155L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS24.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BLS24.c b/src/rom_field_BLS24.c
new file mode 100644
index 0000000..6a44de8
--- /dev/null
+++ b/src/rom_field_BLS24.c
@@ -0,0 +1,28 @@
+#include "arch.h"
+#include "fp_BLS24.h"
+
+/* Curve BLS24 - Pairing friendly BLS24 curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_480_29 Modulus_BLS24= {0xA06152B,0x2260B3A,0xB4C36BE,0x5FFC5D0,0xBDB6A64,0x5B78E2E,0x1C1A28CA,0x10E6441B,0x1F244061,0xB4704F0,0x141E5CCD,0x9837504,0x3F2E77E,0xD763740,0x1316EA0E,0xF0079,0x555C};
+const BIG_480_29 R2modp_BLS24= {0x8533EA9,0x6A02789,0x183B24DE,0x1E45ECF8,0xC8F8F37,0x10CAD209,0x4C0C4B8,0x9B1FABD,0xDEBE4C0,0xDC353F9,0x18A18E26,0x10F489BB,0x31206A5,0x19673BBF,0x6BE69F9,0xB091169,0x9CD};
+const chunk MConst_BLS24= 0x95FE7D;
+const BIG_480_29 Fra_BLS24= {0x1BF96F1D,0xAE53A55,0x31BFEEB,0x183FF17A,0x6237469,0x12A4F4F1,0x12101FE3,0x16E79D94,0xFF59267,0x5EB4EB4,0x78CC49F,0x274BA33,0x149184F3,0x16C6DCBA,0x1C90B694,0x10F729CE,0x4BBC};
+const BIG_480_29 Frb_BLS24= {0xE0CA60E,0x1740D0E4,0x83037D2,0xDBFD456,0x5B7F5FA,0x1312993D,0xA0A08E6,0x19FEA687,0xF2EADF9,0x55BB63C,0xC91982E,0x70EBAD1,0xF61628B,0x16AF5A85,0x16863379,0xF17D6AA,0x99F};
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_480_56 Modulus_BLS24= {0x44C1674A06152BL,0xFFE2E82D30DAF8L,0x6F1C5CBDB6A642L,0x3220DF068A328BL,0xE09E1F24406187L,0xBA825079733568L,0x6E803F2E77E4C1L,0x3CCC5BA839AECL,0x555C0078L};
+const BIG_480_56 R2modp_BLS24= {0x6A4A1FE013DF5BL,0xE8E46D4D1BDE65L,0x1F841391F45C67L,0x9148A4516FB28L,0x4398524EDF4C88L,0x41C0E241B6DCE8L,0xE42C208C19411L,0xA7FE6FD73A7B1CL,0xFCCCA76L};
+const chunk MConst_BLS24= 0xBD5D7D8095FE7DL;
+const BIG_480_56 Fra_BLS24= {0x5CA74ABBF96F1DL,0x1FF8BD0C6FFBADL,0x49E9E26237469CL,0x3CECA48407F8E5L,0x69D68FF59267B7L,0x5D199E33127CBDL,0xB97549184F313AL,0x4E77242DA52D8DL,0x4BBC87B9L};
+const BIG_480_56 Frb_BLS24= {0xE81A1C8E0CA60EL,0xDFEA2B20C0DF4AL,0x25327A5B7F5FA6L,0xF5343A828239A6L,0x76C78F2EADF9CFL,0x5D68B24660B8ABL,0xB50AF61628B387L,0xB555A18CDE6D5EL,0x99F78BEL};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS381.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BLS381.c b/src/rom_field_BLS381.c
new file mode 100644
index 0000000..a31e5bf
--- /dev/null
+++ b/src/rom_field_BLS381.c
@@ -0,0 +1,28 @@
+#include "arch.h"
+#include "fp_BLS381.h"
+
+/* Curve BLS381 - Pairing friendly BLS curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_384_29 Modulus_BLS381= {0x1FFFAAAB,0xFF7FFFF,0x14FFFFEE,0x17FFFD62,0xF6241EA,0x9507B58,0xAFD9CC3,0x109E70A2,0x1764774B,0x121A5D66,0x12C6E9ED,0x12FFCD34,0x111EA3,0xD};
+const BIG_384_29 R2modp_BLS381= {0x15BEF7AE,0x1031CD0E,0x2DD93E8,0x9226323,0xE6E2CD2,0x11684DAA,0x1170E5DB,0x88E25B1,0x1B366399,0x1C536F47,0xD1F9CBC,0x278B67F,0x1EA66A2B,0xC};
+const chunk MConst_BLS381= 0x1FFCFFFD;
+const BIG_384_29 Fra_BLS381= {0x12235FB8,0x83BAF6C,0x19E04F63,0x1D4A7AC7,0xB9C4F67,0x1EBC25D,0x1D3DEC91,0x1FA797AB,0x1F0FD603,0x1016068,0x108C6FAD,0x5760CCF,0x104D3BF0,0xC};
+const BIG_384_29 Frb_BLS381= {0xDDC4AF3,0x7BC5093,0x1B1FB08B,0x1AB5829A,0x3C5F282,0x764B8FB,0xDBFB032,0x10F6D8F6,0x1854A147,0x1118FCFD,0x23A7A40,0xD89C065,0xFC3E2B3,0x0};
+#endif
+
+#if CHUNK==64
+// Base Bits= 58
+const BIG_384_58 Modulus_BLS381= {0x1FEFFFFFFFFAAABL,0x2FFFFAC54FFFFEEL,0x12A0F6B0F6241EAL,0x213CE144AFD9CC3L,0x2434BACD764774BL,0x25FF9A692C6E9EDL,0x1A0111EA3L};
+const BIG_384_58 R2modp_BLS381= {0x20639A1D5BEF7AEL,0x1244C6462DD93E8L,0x22D09B54E6E2CD2L,0x111C4B63170E5DBL,0x38A6DE8FB366399L,0x4F16CFED1F9CBCL,0x19EA66A2BL};
+const chunk MConst_BLS381= 0x1F3FFFCFFFCFFFDL;
+const BIG_384_58 Fra_BLS381= {0x10775ED92235FB8L,0x3A94F58F9E04F63L,0x3D784BAB9C4F67L,0x3F4F2F57D3DEC91L,0x202C0D1F0FD603L,0xAEC199F08C6FADL,0x1904D3BF0L};
+const BIG_384_58 Frb_BLS381= {0xF78A126DDC4AF3L,0x356B0535B1FB08BL,0xEC971F63C5F282L,0x21EDB1ECDBFB032L,0x2231F9FB854A147L,0x1B1380CA23A7A40L,0xFC3E2B3L};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS383.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BLS383.c b/src/rom_field_BLS383.c
new file mode 100644
index 0000000..04229cd
--- /dev/null
+++ b/src/rom_field_BLS383.c
@@ -0,0 +1,28 @@
+#include "arch.h"
+#include "fp_BLS383.h"
+
+/* Curve BLS383 - Pairing friendly BLS curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_384_29 Modulus_BLS383= {0x5AAB0AB,0x11B8EB24,0x19214AF6,0x187E5314,0x124F47A8,0x1C00B4B0,0x1446B0C6,0x59E6CB4,0x4A0AD46,0xFF5494,0x81B6B71,0x956DD6B,0x16556956,0x2A};
+const BIG_384_29 R2modp_BLS383= {0x116907F4,0x405B700,0x1752AC11,0x67A9E7C,0x1941C581,0x1AEA38C4,0xB1E4D22,0xCE841AE,0xA0FC49B,0xB4B1F48,0x13852312,0x1B3FDCED,0x1FECE397,0x26};
+const chunk MConst_BLS383= 0x73435FD;
+const BIG_384_29 Fra_BLS383= {0x1311DAC1,0x296B969,0x19DCF806,0x126901FC,0xD8C8A36,0x1A2572A8,0xA1A0959,0x1A47F743,0x110E4C6C,0x1608DA97,0xCE2E7F0,0x4FED178,0xACD5BF0,0x11};
+const BIG_384_29 Frb_BLS383= {0x1298D5EA,0xF2231BA,0x1F4452F0,0x6155117,0x4C2BD72,0x1DB4208,0xA2CA76D,0xB567571,0x139260D9,0xAF679FC,0x1B388380,0x4580BF2,0xB880D66,0x19};
+#endif
+
+#if CHUNK==64
+// Base Bits= 58
+const BIG_384_58 Modulus_BLS383= {0x2371D6485AAB0ABL,0x30FCA6299214AF6L,0x3801696124F47A8L,0xB3CD969446B0C6L,0x1FEA9284A0AD46L,0x12ADBAD681B6B71L,0x556556956L};
+const BIG_384_58 R2modp_BLS383= {0x80B6E0116907F4L,0xCF53CF9752AC11L,0x35D47189941C581L,0x19D0835CB1E4D22L,0x16963E90A0FC49BL,0x367FB9DB3852312L,0x4DFECE397L};
+const chunk MConst_BLS383= 0x1BC0571073435FDL;
+const BIG_384_58 Fra_BLS383= {0x52D72D3311DAC1L,0x24D203F99DCF806L,0x344AE550D8C8A36L,0x348FEE86A1A0959L,0x2C11B52F10E4C6CL,0x9FDA2F0CE2E7F0L,0x22ACD5BF0L};
+const BIG_384_58 Frb_BLS383= {0x1E446375298D5EAL,0xC2AA22FF4452F0L,0x3B684104C2BD72L,0x16ACEAE2A2CA76DL,0x15ECF3F939260D9L,0x8B017E5B388380L,0x32B880D66L};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS461.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BLS461.c b/src/rom_field_BLS461.c
new file mode 100644
index 0000000..26da22d
--- /dev/null
+++ b/src/rom_field_BLS461.c
@@ -0,0 +1,28 @@
+#include "arch.h"
+#include "fp_BLS461.h"
+
+/* Curve BLS461 - Pairing friendly BLS curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_464_28 Modulus_BLS461= {0xAAAAAAB,0xAC0000A,0x54AAAAA,0x5555,0x400020,0x91557F0,0xF26AA,0xFA5C1CC,0xB42A8DF,0x7B14848,0x8BACCA4,0x6F1E32D,0x4935FBD,0x55D6941,0xD5A555A,0x5545554,0x1555};
+const BIG_464_28 R2modp_BLS461= {0xC9B6A33,0x2ECD087,0x3CCB2B1,0xCD461FE,0x8CB5AB2,0xC5B9635,0x5312E92,0xB659F64,0x3B596FA,0x8679006,0xA92E2B3,0x3CE05E3,0x363550F,0x7C07A8E,0x382C083,0x6347FEA,0xBD};
+const chunk MConst_BLS461= 0xFFFFFFD;
+const BIG_464_28 Fra_BLS461= {0xB812A3A,0x7117BF9,0x99C400F,0xC6308A5,0x5BF8A1,0x510E075,0x45FA5A6,0xCE4858D,0x770B31A,0xBC2CB04,0xE2FC61E,0xD073588,0x4366190,0x4DFEFA8,0x69E55E2,0x504B7F,0x12E4};
+const BIG_464_28 Frb_BLS461= {0xF298071,0x3AE8410,0xBAE6A9B,0x39D4CAF,0xFE4077E,0x404777A,0xBAF8104,0x2C13C3E,0x3D1F5C5,0xBEE7D44,0xA8B0685,0x9EAADA4,0x5CFE2C,0x7D7999,0x6BBFF78,0x50409D5,0x271};
+#endif
+
+#if CHUNK==64
+// Base Bits=60
+const BIG_464_60 Modulus_BLS461= {0xAAC0000AAAAAAABL,0x20000555554AAAAL,0x6AA91557F004000L,0xA8DFFA5C1CC00F2L,0xACCA47B14848B42L,0x935FBD6F1E32D8BL,0xD5A555A55D69414L,0x15555545554L};
+const BIG_464_60 R2modp_BLS461= {0x96D08774614DDA8L,0xCD45F539225D5BDL,0xD712EB760C95AB1L,0xB3B687155F30B55L,0xC4E62A05C3F5B81L,0xBA1151676CA3CD0L,0x7EDD8A958F442BEL,0x12B89DD3F91L};
+const chunk MConst_BLS461= 0xC0005FFFFFFFDL;
+const BIG_464_60 Fra_BLS461= {0xF7117BF9B812A3AL,0xA1C6308A599C400L,0x5A6510E07505BF8L,0xB31ACE4858D45FAL,0xFC61EBC2CB04770L,0x366190D073588E2L,0x69E55E24DFEFA84L,0x12E40504B7FL};
+const BIG_464_60 Frb_BLS461= {0xB3AE8410F298071L,0x7E39D4CAFBAE6A9L,0x104404777AFE407L,0xF5C52C13C3EBAF8L,0xB0685BEE7D443D1L,0x5CFE2C9EAADA4A8L,0x6BBFF7807D79990L,0x27150409D5L};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BLS48.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BLS48.c b/src/rom_field_BLS48.c
new file mode 100644
index 0000000..2837928
--- /dev/null
+++ b/src/rom_field_BLS48.c
@@ -0,0 +1,28 @@
+#include "arch.h"
+#include "fp_BLS48.h"
+
+/* Curve BLS48 - Pairing friendly BLS48 curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_560_29 Modulus_BLS48= {0x1CF6AC0B,0x17B7307F,0x19877E7B,0x12CE0134,0x14228402,0x1BD4C386,0x1DACBB04,0x40410D0,0x25A415,0x980B53E,0xDE6E250,0x15D9AAD6,0x5DA950,0x1029B7A,0x54AB351,0x14AD90CE,0x3729047,0x1FE7E2D9,0x145F610B,0x1F};
+const BIG_560_29 R2modp_BLS48= {0xD59D0FA,0x12F01FD0,0xDE8FD41,0x35AAEE1,0xB937F48,0x50700E8,0x1F50EFCE,0x1019B13C,0x3470A2F,0x11094115,0xF9FB72D,0x6AD10E2,0x1CFD9F8,0x44F4785,0x2B48793,0x1148ED3,0xF609E61,0x1EE34BC7,0x1735D29E,0x0};
+const chunk MConst_BLS48= 0x9DA805D;
+const BIG_560_29 Fra_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5};
+const BIG_560_29 Frb_BLS48= {0x1325BF89,0x1311E7EC,0xCD0A56F,0x1A0FD46E,0xE83BCCA,0xCA97DD0,0x18D1D297,0x5F1E137,0x7AB9F2C,0x13FC255F,0x1C9DECEB,0x9DEF4A2,0x3C0F60B,0x1D9909E4,0x1FF27FF7,0x1DBF8208,0x89BB36C,0x40044E0,0x62E01EE,0x5};
+#endif
+
+#if CHUNK==64
+// Base Bits= 58
+const BIG_560_58 Modulus_BLS48= {0x2F6E60FFCF6AC0BL,0x259C02699877E7BL,0x37A9870D4228402L,0x80821A1DACBB04L,0x13016A7C025A415L,0x2BB355ACDE6E250L,0x20536F405DA950L,0x295B219C54AB351L,0x3FCFC5B23729047L,0x3F45F610BL};
+const BIG_560_58 R2modp_BLS48= {0x25E03FA0D59D0FAL,0x6B55DC2DE8FD41L,0xA0E01D0B937F48L,0x20336279F50EFCEL,0x2212822A3470A2FL,0xD5A21C4F9FB72DL,0x89E8F0A1CFD9F8L,0x2291DA62B48793L,0x3DC6978EF609E61L,0x1735D29EL};
+const chunk MConst_BLS48= 0x21BFCBCA9DA805DL;
+const BIG_560_58 Fra_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL};
+const BIG_560_58 Frb_BLS48= {0x2623CFD9325BF89L,0x341FA8DCCD0A56FL,0x1952FBA0E83BCCAL,0xBE3C26F8D1D297L,0x27F84ABE7AB9F2CL,0x13BDE945C9DECEBL,0x3B3213C83C0F60BL,0x3B7F0411FF27FF7L,0x80089C089BB36CL,0xA62E01EEL};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BN254.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BN254.c b/src/rom_field_BN254.c
new file mode 100644
index 0000000..6b06d32
--- /dev/null
+++ b/src/rom_field_BN254.c
@@ -0,0 +1,33 @@
+#include "arch.h"
+#include "fp_BN254.h"
+
+/* Curve BN254 - Pairing friendly BN curve */
+
+/* Nogami's fast curve */
+
+#if CHUNK==16
+// Base Bits= 13
+const BIG_256_13 Modulus_BN254= {0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
+const BIG_256_13 R2modp_BN254= {0xF32,0x239,0x14DC,0xCE8,0x928,0x11B6,0x130F,0x1183,0x56E,0x1AEE,0x124F,0xD2A,0x7F8,0x1CE6,0x1B50,0x77C,0x3A,0x1A9E,0x1EFD,0x1C};
+const chunk MConst_BN254= 0x15E5;
+const BIG_256_13 Fra_BN254= {0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36};
+const BIG_256_13 Frb_BN254= {0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13};
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_BN254= {0x13,0x0,0x13A7,0x0,0x86121,0x8000000,0x1BA344D,0x4000000,0x5236482,0x2};
+const BIG_256_28 R2modp_BN254= {0xF5E7E39,0x2F2A96F,0xB96F13C,0x64E8642,0xC7146,0x9926F7B,0x4DACD24,0x8321E7B,0xD127A2E,0x1};
+const chunk MConst_BN254= 0x79435E5;
+const BIG_256_28 Fra_BN254= {0xF2A6DE9,0x7DE6C06,0xF77C2E1,0x74924D3,0x53F8509,0x50A8469,0xCB6499B,0x212E7C8,0xB377619,0x1};
+const BIG_256_28 Frb_BN254= {0xD5922A,0x82193F9,0x8850C5,0x8B6DB2C,0xAC8DC17,0x2F57B96,0x503EAB2,0x1ED1837,0x9EBEE69,0x0};
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_BN254= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
+const BIG_256_56 R2modp_BN254= {0x2F2A96FF5E7E39L,0x64E8642B96F13CL,0x9926F7B00C7146L,0x8321E7B4DACD24L,0x1D127A2EL};
+const chunk MConst_BN254= 0x435E50D79435E5L;
+const BIG_256_56 Fra_BN254= {0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L};
+const BIG_256_56 Frb_BN254= {0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BN254CX.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BN254CX.c b/src/rom_field_BN254CX.c
new file mode 100644
index 0000000..9472edb
--- /dev/null
+++ b/src/rom_field_BN254CX.c
@@ -0,0 +1,33 @@
+#include "arch.h"
+#include "fp_BN254CX.h"
+
+/* Curve BN254CX - Pairing friendly BN curve */
+
+/* CertiVox BN curve/field */
+
+#if CHUNK==16
+// Base Bits= 13
+const BIG_256_13 Modulus_BN254CX= {0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
+const BIG_256_13 R2modp_BN254CX= {0x1527,0x146B,0x12A7,0x1A60,0x1E0A,0x1382,0x2BC,0x1D3F,0xB30,0xA8,0xD19,0x11AB,0x1D40,0x1965,0xD6D,0x643,0x10FF,0x1BC7,0x1E61,0x31};
+const chunk MConst_BN254CX= 0x1E85;
+const BIG_256_13 Fra_BN254CX= {0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26};
+const BIG_256_13 Frb_BN254CX= {0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21};
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_BN254CX= {0xC1B55B3,0x6623EF5,0x93EE1BE,0xD6EE180,0x6D3243F,0x647A636,0xDB0BDDF,0x8702A0,0x4000000,0x2};
+const BIG_256_28 R2modp_BN254CX= {0x8A0800A,0x466A061,0x43056A3,0x2B3A225,0x9C6600,0x148515B,0x6BDF50,0xEC9EA56,0xC992E66,0x1};
+const chunk MConst_BN254CX= 0x9789E85;
+const BIG_256_28 Fra_BN254CX= {0x5C80EA3,0xD908335,0x3F8215B,0x7326F17,0x8986867,0x8AACA71,0x4AFE18B,0xA63A016,0x359082F,0x1};
+const BIG_256_28 Frb_BN254CX= {0x6534710,0x8D1BBC0,0x546C062,0x63C7269,0xE3ABBD8,0xD9CDBC4,0x900DC53,0x623628A,0xA6F7D0,0x1};
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_BN254CX= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
+const BIG_256_56 R2modp_BN254CX= {0x466A0618A0800AL,0x2B3A22543056A3L,0x148515B09C6600L,0xEC9EA5606BDF50L,0x1C992E66L};
+const chunk MConst_BN254CX= 0x4E205BF9789E85L;
+const BIG_256_56 Fra_BN254CX= {0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL};
+const BIG_256_56 Frb_BN254CX= {0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_BRAINPOOL.c
----------------------------------------------------------------------
diff --git a/src/rom_field_BRAINPOOL.c b/src/rom_field_BRAINPOOL.c
new file mode 100644
index 0000000..eb4e7c3
--- /dev/null
+++ b/src/rom_field_BRAINPOOL.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_BRAINPOOL.h"
+
+/* Brainpool Modulus */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_BRAINPOOL= {0xF6E5377,0x13481D1,0x6202820,0xF623D52,0xD726E3B,0x909D838,0xC3E660A,0xA1EEA9B,0x9FB57DB,0xA};
+const BIG_256_28 R2modp_BRAINPOOL= {0xB9A3787,0x9E04F49,0x8F3CF49,0x2931721,0xF1DBC89,0x54E8C3C,0xF7559CA,0xBB411A3,0x773E15F,0x9};
+const chunk MConst_BRAINPOOL= 0xEFD89B9;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_BRAINPOOL= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL};
+const BIG_256_56 R2modp_BRAINPOOL= {0x9E04F49B9A3787L,0x29317218F3CF49L,0x54E8C3CF1DBC89L,0xBB411A3F7559CAL,0x9773E15FL};
+const chunk MConst_BRAINPOOL= 0xA75590CEFD89B9L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_C41417.c
----------------------------------------------------------------------
diff --git a/src/rom_field_C41417.c b/src/rom_field_C41417.c
new file mode 100644
index 0000000..01be04f
--- /dev/null
+++ b/src/rom_field_C41417.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_C41417.h"
+
+/* Curve C41417 */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_416_29 Modulus_C41417= {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF};
+const BIG_416_29 R2modp_C41417= {0x0,0x242000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_C41417= 0x11;
+#endif
+
+#if CHUNK==64
+// Base Bits= 60
+const BIG_416_60 Modulus_C41417= {0xFFFFFFFFFFFFFEFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFL};
+const BIG_416_60 R2modp_C41417= {0x121000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const chunk MConst_C41417= 0x11L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_FP256BN.c
----------------------------------------------------------------------
diff --git a/src/rom_field_FP256BN.c b/src/rom_field_FP256BN.c
new file mode 100644
index 0000000..77abe3a
--- /dev/null
+++ b/src/rom_field_FP256BN.c
@@ -0,0 +1,30 @@
+#include "arch.h"
+#include "fp_FP256BN.h"
+
+/* Curve FP256BN - Pairing friendly BN curve */
+
+/* ISO fast curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_FP256BN= {0xED33013,0x292DDBA,0x80A82D3,0x65FB129,0x49F0CDC,0x5EEE71A,0xD46E5F2,0xFFFCF0C,0xFFFFFFF,0xF};
+const BIG_256_28 R2modp_FP256BN= {0x3B9F8B,0xEDE3363,0xFEC54E8,0x92FFEE9,0x3C55F79,0x13C1C06,0xC0123FA,0xA12F2EA,0xE559B2A,0x8};
+const chunk MConst_FP256BN= 0x537E5E5;
+const BIG_256_28 Fra_FP256BN= {0xF943106,0x760328A,0xAB28F74,0x71511E3,0x7CF39A1,0x8DDB086,0x52D1A6E,0xCA786F3,0xD617662,0x3};
+const BIG_256_28 Frb_FP256BN= {0xF3EFF0D,0xB32AB2F,0xD57F35E,0xF4A9F45,0xCCFD33A,0xD113693,0x819CB83,0x3584819,0x29E899D,0xC};
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_FP256BN= {0x292DDBAED33013L,0x65FB12980A82D3L,0x5EEE71A49F0CDCL,0xFFFCF0CD46E5F2L,0xFFFFFFFFL};
+const BIG_256_56 R2modp_FP256BN= {0xEDE336303B9F8BL,0x92FFEE9FEC54E8L,0x13C1C063C55F79L,0xA12F2EAC0123FAL,0x8E559B2AL};
+const chunk MConst_FP256BN= 0x6C964E0537E5E5L;
+const BIG_256_56 Fra_FP256BN= {0x760328AF943106L,0x71511E3AB28F74L,0x8DDB0867CF39A1L,0xCA786F352D1A6EL,0x3D617662L};
+const BIG_256_56 Frb_FP256BN= {0xB32AB2FF3EFF0DL,0xF4A9F45D57F35EL,0xD113693CCFD33AL,0x3584819819CB83L,0xC29E899DL};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_FP512BN.c
----------------------------------------------------------------------
diff --git a/src/rom_field_FP512BN.c b/src/rom_field_FP512BN.c
new file mode 100644
index 0000000..fa6657f
--- /dev/null
+++ b/src/rom_field_FP512BN.c
@@ -0,0 +1,30 @@
+#include "arch.h"
+#include "fp_FP512BN.h"
+
+/* Curve FP512BN - Pairing friendly BN curve */
+
+/* ISO fast curve */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_512_29 Modulus_FP512BN= {0x2ADEF33,0x7594049,0x131919ED,0x14AB9CBE,0x16FE1916,0x12EF5591,0x2E39231,0x3D597D3,0x55146CF,0x88D877A,0x102EF8F0,0x1196A60F,0x1C60BA1D,0x1CF63F80,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFF};
+const BIG_512_29 R2modp_FP512BN= {0xFD68B47,0xFCF5D2C,0x437675A,0x1BBC3FBF,0x1411E413,0x13453559,0x10B5639,0x1C34CE79,0x6D476BF,0xFD05F2B,0x15D17C28,0x6C9F76E,0x1C2375B3,0x78CCE9B,0x15F0AB33,0x1960F32E,0x1A8D44E,0x57A38};
+const chunk MConst_FP512BN= 0x1CCC5C05;
+const BIG_512_29 Fra_FP512BN= {0x14B73AB2,0x4B0BD8F,0xABB47D,0x2A29EC4,0x18681E17,0x104069DE,0x12EED67D,0x1553D0A5,0x398E9F8,0x7971034,0xAC9AF23,0x52DEF23,0x14EA18A5,0x1463E345,0x6DE465A,0x17F212B4,0x1AA9CF5B,0xF7B8};
+const BIG_512_29 Frb_FP512BN= {0xDF6B481,0x2A882B9,0x126D6570,0x1208FDFA,0x1E95FAFF,0x2AEEBB2,0xFF4BBB4,0xE81C72D,0x1B85CD6,0xF67746,0x56549CD,0xC68B6EC,0x776A178,0x8925C3B,0x1921B9A5,0x80DED4B,0x55630A4,0x70847};
+#endif
+
+#if CHUNK==64
+// Base Bits= 60
+const BIG_512_60 Modulus_FP512BN= {0x4EB280922ADEF33L,0x6A55CE5F4C6467BL,0xC65DEAB236FE191L,0xCF1EACBE98B8E48L,0x3C111B0EF455146L,0xA1D8CB5307C0BBEL,0xFFFF9EC7F01C60BL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFL};
+const BIG_512_60 R2modp_FP512BN= {0x1FA6DCEF99812E9L,0xAB3452895A0B74EL,0xC53EA988C079E1EL,0x1E90E033BA630B9L,0xF1EA41C0714D8B0L,0xE72785387509E28L,0xD86794F834DAB00L,0x9757C2ACCD342A1L,0x44ECB079L};
+const chunk MConst_FP512BN= 0x692A189FCCC5C05L;
+const BIG_512_60 Fra_FP512BN= {0x49617B1F4B73AB2L,0x71514F6202AED1FL,0xF6080D3BD8681E1L,0xF8AA9E852CBBB59L,0xC8CF2E2068398E9L,0x8A5296F791AB26BL,0x196A8C7C68B4EA1L,0xCF5BBF9095A1B79L,0x1EF71AA9L};
+const BIG_512_60 Frb_FP512BN= {0x5510572DF6B481L,0xF9047EFD49B595CL,0xD055DD765E95FAFL,0xD6740E396BFD2EEL,0x7341ECEE8C1B85CL,0x1786345B7615952L,0xE695124B876776AL,0x30A4406F6A5E486L,0xE108E556L};
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_GOLDILOCKS.c
----------------------------------------------------------------------
diff --git a/src/rom_field_GOLDILOCKS.c b/src/rom_field_GOLDILOCKS.c
new file mode 100644
index 0000000..1ea0412
--- /dev/null
+++ b/src/rom_field_GOLDILOCKS.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_GOLDILOCKS.h"
+
+/* Curve GOLDILOCKS */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_448_29 Modulus_GOLDILOCKS= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
+const BIG_448_29 R2modp_GOLDILOCKS= {0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0,0x3000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_GOLDILOCKS= 0x1;
+#endif
+
+#if CHUNK==64
+// Base Bits= 58
+const BIG_448_58 Modulus_GOLDILOCKS= {0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FBFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFFFFFL,0x3FFFFFFFFFFL};
+const BIG_448_58 R2modp_GOLDILOCKS= {0x200000000L,0x0L,0x0L,0x0L,0x3000000L,0x0L,0x0L,0x0L};
+const chunk MConst_GOLDILOCKS= 0x1L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_HIFIVE.c
----------------------------------------------------------------------
diff --git a/src/rom_field_HIFIVE.c b/src/rom_field_HIFIVE.c
new file mode 100644
index 0000000..15b6d3f
--- /dev/null
+++ b/src/rom_field_HIFIVE.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_HIFIVE.h"
+
+/* Curve HIFIVE */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_336_29 Modulus_HIFIVE= {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF};
+const BIG_336_29 R2modp_HIFIVE= {0x9000000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_HIFIVE= 0x3;
+#endif
+
+#if CHUNK==64
+// Base Bits= 60
+const BIG_336_60 Modulus_HIFIVE= {0xFFFFFFFFFFFFFFDL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFL};
+const BIG_336_60 R2modp_HIFIVE= {0x9000000000000L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const chunk MConst_HIFIVE= 0x3L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_NIST256.c
----------------------------------------------------------------------
diff --git a/src/rom_field_NIST256.c b/src/rom_field_NIST256.c
new file mode 100644
index 0000000..f50d9f0
--- /dev/null
+++ b/src/rom_field_NIST256.c
@@ -0,0 +1,25 @@
+#include "arch.h"
+#include "fp_NIST256.h"
+
+/* Curve NIST256 */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_NIST256= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFF,0x0,0x0,0x1000000,0x0,0xFFFFFFF,0xF};
+const BIG_256_28 R2modp_NIST256= {0x50000,0x300000,0x0,0x0,0xFFFFFFA,0xFFFFFBF,0xFFFFEFF,0xFFFAFFF,0x2FFFF,0x0};
+const chunk MConst_NIST256= 0x1;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_NIST256= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL};
+const BIG_256_56 R2modp_NIST256= {0x3000000050000L,0x0L,0xFFFFFBFFFFFFFAL,0xFFFAFFFFFFFEFFL,0x2FFFFL};
+const chunk MConst_NIST256= 0x1L;
+#endif
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_NIST384.c
----------------------------------------------------------------------
diff --git a/src/rom_field_NIST384.c b/src/rom_field_NIST384.c
new file mode 100644
index 0000000..2a4d6d0
--- /dev/null
+++ b/src/rom_field_NIST384.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_NIST384.h"
+
+/* Curve NIST384 */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 29
+const BIG_384_29 Modulus_NIST384= {0x1FFFFFFF,0x7,0x0,0x1FFFFE00,0x1FFFEFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7F};
+const BIG_384_29 R2modp_NIST384= {0x0,0x8000,0x1FF80000,0x1FFFFF,0x2000000,0x0,0x0,0x1FFFFFFC,0xF,0x100,0x400,0x0,0x0,0x0};
+const chunk MConst_NIST384= 0x1;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_384_56 Modulus_NIST384= {0xFFFFFFFFL,0xFFFF0000000000L,0xFFFFFFFFFEFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFL};
+const BIG_384_56 R2modp_NIST384= {0xFE000000010000L,0xFFFFFFL,0x2L,0xFFFFFFFE00L,0x1000000020000L,0x0L,0x0L};
+const chunk MConst_NIST384= 0x100000001L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_NIST521.c
----------------------------------------------------------------------
diff --git a/src/rom_field_NIST521.c b/src/rom_field_NIST521.c
new file mode 100644
index 0000000..6eb67ac
--- /dev/null
+++ b/src/rom_field_NIST521.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_NIST521.h"
+
+/* Curve NIST521 */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_528_28 Modulus_NIST521= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
+const BIG_528_28 R2modp_NIST521= {0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_NIST521= 0x1;
+#endif
+
+#if CHUNK==64
+// Base Bits= 60
+const BIG_528_60 Modulus_NIST521= {0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFFL,0x1FFFFFFFFFFL};
+const BIG_528_60 R2modp_NIST521= {0x4000000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const chunk MConst_NIST521= 0x1L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rom_field_SECP256K1.c
----------------------------------------------------------------------
diff --git a/src/rom_field_SECP256K1.c b/src/rom_field_SECP256K1.c
new file mode 100644
index 0000000..4c1e72e
--- /dev/null
+++ b/src/rom_field_SECP256K1.c
@@ -0,0 +1,24 @@
+#include "arch.h"
+#include "fp_SECP256K1.h"
+
+/* Curve SECP256K1 */
+
+#if CHUNK==16
+
+#error Not supported
+
+#endif
+
+#if CHUNK==32
+// Base Bits= 28
+const BIG_256_28 Modulus_SECP256K1= {0xFFFFC2F,0xFFFFFEF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xF};
+const BIG_256_28 R2modp_SECP256K1= {0x0,0xA100000,0x2000E90,0x7A,0x1,0x0,0x0,0x0,0x0,0x0};
+const chunk MConst_SECP256K1= 0x2253531;
+#endif
+
+#if CHUNK==64
+// Base Bits= 56
+const BIG_256_56 Modulus_SECP256K1= {0xFFFFFEFFFFFC2FL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
+const BIG_256_56 R2modp_SECP256K1= {0xA1000000000000L,0x7A2000E90L,0x1L,0x0L,0x0L};
+const chunk MConst_SECP256K1= 0x38091DD2253531L;
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rsa.c.in
----------------------------------------------------------------------
diff --git a/src/rsa.c.in b/src/rsa.c.in
new file mode 100644
index 0000000..6e37231
--- /dev/null
+++ b/src/rsa.c.in
@@ -0,0 +1,159 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* RSA Functions - see main program below */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "rsa_WWW.h"
+#include "rsa_support.h"
+
+/* generate an RSA key pair */
+void RSA_WWW_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key_WWW *PRIV,rsa_public_key_WWW *PUB,octet *P, octet* Q)
+{
+ /* IEEE1363 A16.11/A16.12 more or less */
+ BIG_XXX t[HFLEN_WWW],p1[HFLEN_WWW],q1[HFLEN_WWW];
+
+ if (RNG!=NULL)
+ {
+
+ for (;;)
+ {
+ FF_WWW_random(PRIV->p,RNG,HFLEN_WWW);
+ while (FF_WWW_lastbits(PRIV->p,2)!=3) FF_WWW_inc(PRIV->p,1,HFLEN_WWW);
+ while (!FF_WWW_prime(PRIV->p,RNG,HFLEN_WWW))
+ FF_WWW_inc(PRIV->p,4,HFLEN_WWW);
+
+ FF_WWW_copy(p1,PRIV->p,HFLEN_WWW);
+ FF_WWW_dec(p1,1,HFLEN_WWW);
+
+ if (FF_WWW_cfactor(p1,e,HFLEN_WWW)) continue;
+ break;
+ }
+
+ for (;;)
+ {
+ FF_WWW_random(PRIV->q,RNG,HFLEN_WWW);
+ while (FF_WWW_lastbits(PRIV->q,2)!=3) FF_WWW_inc(PRIV->q,1,HFLEN_WWW);
+ while (!FF_WWW_prime(PRIV->q,RNG,HFLEN_WWW))
+ FF_WWW_inc(PRIV->q,4,HFLEN_WWW);
+
+ FF_WWW_copy(q1,PRIV->q,HFLEN_WWW);
+ FF_WWW_dec(q1,1,HFLEN_WWW);
+ if (FF_WWW_cfactor(q1,e,HFLEN_WWW)) continue;
+
+ break;
+ }
+ }
+ else
+ {
+ FF_WWW_fromOctet(PRIV->p,P,HFLEN_WWW);
+ FF_WWW_fromOctet(PRIV->q,Q,HFLEN_WWW);
+
+ FF_WWW_copy(p1,PRIV->p,HFLEN_WWW);
+ FF_WWW_dec(p1,1,HFLEN_WWW);
+
+ FF_WWW_copy(q1,PRIV->q,HFLEN_WWW);
+ FF_WWW_dec(q1,1,HFLEN_WWW);
+ }
+
+ FF_WWW_mul(PUB->n,PRIV->p,PRIV->q,HFLEN_WWW);
+ PUB->e=e;
+
+ FF_WWW_copy(t,p1,HFLEN_WWW);
+ FF_WWW_shr(t,HFLEN_WWW);
+ FF_WWW_init(PRIV->dp,e,HFLEN_WWW);
+ FF_WWW_invmodp(PRIV->dp,PRIV->dp,t,HFLEN_WWW);
+ if (FF_WWW_parity(PRIV->dp)==0) FF_WWW_add(PRIV->dp,PRIV->dp,t,HFLEN_WWW);
+ FF_WWW_norm(PRIV->dp,HFLEN_WWW);
+
+ FF_WWW_copy(t,q1,HFLEN_WWW);
+ FF_WWW_shr(t,HFLEN_WWW);
+ FF_WWW_init(PRIV->dq,e,HFLEN_WWW);
+ FF_WWW_invmodp(PRIV->dq,PRIV->dq,t,HFLEN_WWW);
+ if (FF_WWW_parity(PRIV->dq)==0) FF_WWW_add(PRIV->dq,PRIV->dq,t,HFLEN_WWW);
+ FF_WWW_norm(PRIV->dq,HFLEN_WWW);
+
+ FF_WWW_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN_WWW);
+
+ return;
+}
+
+/* destroy the Private Key structure */
+void RSA_WWW_PRIVATE_KEY_KILL(rsa_private_key_WWW *PRIV)
+{
+ FF_WWW_zero(PRIV->p,HFLEN_WWW);
+ FF_WWW_zero(PRIV->q,HFLEN_WWW);
+ FF_WWW_zero(PRIV->dp,HFLEN_WWW);
+ FF_WWW_zero(PRIV->dq,HFLEN_WWW);
+ FF_WWW_zero(PRIV->c,HFLEN_WWW);
+}
+
+void RSA_WWW_fromOctet(BIG_XXX x[],octet *w)
+{
+ FF_WWW_fromOctet(x,w,FFLEN_WWW);
+}
+
+/* RSA encryption with the public key */
+void RSA_WWW_ENCRYPT(rsa_public_key_WWW *PUB,octet *F,octet *G)
+{
+ BIG_XXX f[FFLEN_WWW];
+ FF_WWW_fromOctet(f,F,FFLEN_WWW);
+
+ FF_WWW_power(f,f,PUB->e,PUB->n,FFLEN_WWW);
+
+ FF_WWW_toOctet(G,f,FFLEN_WWW);
+}
+
+/* RSA decryption with the private key */
+void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F)
+{
+ BIG_XXX g[FFLEN_WWW],t[FFLEN_WWW],jp[HFLEN_WWW],jq[HFLEN_WWW];
+
+ FF_WWW_fromOctet(g,G,FFLEN_WWW);
+
+ FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW);
+ FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW);
+
+ FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW);
+ FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW);
+
+ FF_WWW_zero(g,FFLEN_WWW);
+ FF_WWW_copy(g,jp,HFLEN_WWW);
+ FF_WWW_mod(jp,PRIV->q,HFLEN_WWW);
+ if (FF_WWW_comp(jp,jq,HFLEN_WWW)>0)
+ FF_WWW_add(jq,jq,PRIV->q,HFLEN_WWW);
+ FF_WWW_sub(jq,jq,jp,HFLEN_WWW);
+ FF_WWW_norm(jq,HFLEN_WWW);
+
+ FF_WWW_mul(t,PRIV->c,jq,HFLEN_WWW);
+ FF_WWW_dmod(jq,t,PRIV->q,HFLEN_WWW);
+
+ FF_WWW_mul(t,jq,PRIV->p,HFLEN_WWW);
+ FF_WWW_add(g,t,g,FFLEN_WWW);
+ FF_WWW_norm(g,FFLEN_WWW);
+
+ FF_WWW_toOctet(F,g,FFLEN_WWW);
+
+ return;
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/rsa_support.c
----------------------------------------------------------------------
diff --git a/src/rsa_support.c b/src/rsa_support.c
new file mode 100644
index 0000000..a4cfdca
--- /dev/null
+++ b/src/rsa_support.c
@@ -0,0 +1,237 @@
+#include "rsa_support.h"
+
+#define ROUNDUP(a,b) ((a)-1)/(b)+1
+
+/* general purpose hash function w=hash(p|n|x|y) */
+int hashit(int sha,octet *p,int n,octet *w)
+{
+ int i,c[4],hlen;
+ hash256 sha256;
+ hash512 sha512;
+ char hh[64];
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_init(&sha256);
+ break;
+ case SHA384:
+ HASH384_init(&sha512);
+ break;
+ case SHA512:
+ HASH512_init(&sha512);
+ break;
+ }
+
+ hlen=sha;
+
+ if (p!=NULL) for (i=0; i<p->len; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,p->val[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,p->val[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,p->val[i]);
+ break;
+ }
+ }
+ if (n>=0)
+ {
+ c[0]=(n>>24)&0xff;
+ c[1]=(n>>16)&0xff;
+ c[2]=(n>>8)&0xff;
+ c[3]=(n)&0xff;
+ for (i=0; i<4; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,c[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,c[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,c[i]);
+ break;
+ }
+ }
+ }
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_hash(&sha256,hh);
+ break;
+ case SHA384:
+ HASH384_hash(&sha512,hh);
+ break;
+ case SHA512:
+ HASH512_hash(&sha512,hh);
+ break;
+ }
+
+ OCT_empty(w);
+ OCT_jbytes(w,hh,hlen);
+ for (i=0; i<hlen; i++) hh[i]=0;
+
+ return hlen;
+}
+
+/* Mask Generation Function */
+
+static void MGF1(int sha,octet *z,int olen,octet *mask)
+{
+ char h[64];
+ octet H= {0,sizeof(h),h};
+ int hlen=sha;
+ int counter,cthreshold;
+
+ OCT_empty(mask);
+
+ cthreshold=ROUNDUP(olen,hlen);
+ for (counter=0; counter<cthreshold; counter++)
+ {
+ hashit(sha,z,counter,&H);
+ if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen);
+ else OCT_joctet(mask,&H);
+ }
+ OCT_clear(&H);
+}
+
+/* SHAXXX identifier strings */
+const unsigned char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
+const unsigned char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
+const unsigned char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
+
+/* PKCS 1.5 padding of a message to be signed */
+
+int PKCS15(int sha,octet *m,octet *w)
+{
+ int olen=w->max;
+ int hlen=sha;
+ int idlen=19;
+ char h[64];
+ octet H= {0,sizeof(h),h};
+
+ if (olen<idlen+hlen+10) return 1;
+ hashit(sha,m,-1,&H);
+
+ OCT_empty(w);
+ OCT_jbyte(w,0x00,1);
+ OCT_jbyte(w,0x01,1);
+ OCT_jbyte(w,0xff,olen-idlen-hlen-3);
+ OCT_jbyte(w,0x00,1);
+
+ if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen);
+ if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen);
+ if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen);
+
+ OCT_joctet(w,&H);
+
+ return 0;
+}
+
+/* OAEP Message Encoding for Encryption */
+
+int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f)
+{
+ int slen,olen=f->max-1;
+ int mlen=m->len;
+ int hlen,seedlen;
+ char dbmask[MAX_RSA_BYTES],seed[64];
+ octet DBMASK= {0,sizeof(dbmask),dbmask};
+ octet SEED= {0,sizeof(seed),seed};
+
+ hlen=seedlen=sha;
+ if (mlen>olen-hlen-seedlen-1) return 1;
+ if (m==f) return 1; /* must be distinct octets */
+
+ hashit(sha,p,-1,f);
+
+ slen=olen-mlen-hlen-seedlen-1;
+
+ OCT_jbyte(f,0,slen);
+ OCT_jbyte(f,0x1,1);
+ OCT_joctet(f,m);
+
+ OCT_rand(&SEED,RNG,seedlen);
+
+ MGF1(sha,&SEED,olen-seedlen,&DBMASK);
+
+ OCT_xor(&DBMASK,f);
+ MGF1(sha,&DBMASK,seedlen,f);
+
+ OCT_xor(f,&SEED);
+
+ OCT_joctet(f,&DBMASK);
+
+ OCT_pad(f,f->max);
+ OCT_clear(&SEED);
+ OCT_clear(&DBMASK);
+
+ return 0;
+}
+
+/* OAEP Message Decoding for Decryption */
+
+int OAEP_DECODE(int sha,octet *p,octet *f)
+{
+ int comp,x,t;
+ int i,k,olen=f->max-1;
+ int hlen,seedlen;
+ char dbmask[MAX_RSA_BYTES],seed[64],chash[64];
+ octet DBMASK= {0,sizeof(dbmask),dbmask};
+ octet SEED= {0,sizeof(seed),seed};
+ octet CHASH= {0,sizeof(chash),chash};
+
+ seedlen=hlen=sha;
+ if (olen<seedlen+hlen+1) return 1;
+ if (!OCT_pad(f,olen+1)) return 1;
+ hashit(sha,p,-1,&CHASH);
+
+ x=f->val[0];
+ for (i=seedlen; i<olen; i++)
+ DBMASK.val[i-seedlen]=f->val[i+1];
+ DBMASK.len=olen-seedlen;
+
+ MGF1(sha,&DBMASK,seedlen,&SEED);
+ for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1];
+ MGF1(sha,&SEED,olen-seedlen,f);
+ OCT_xor(&DBMASK,f);
+
+ comp=OCT_ncomp(&CHASH,&DBMASK,hlen);
+
+ OCT_shl(&DBMASK,hlen);
+
+ OCT_clear(&SEED);
+ OCT_clear(&CHASH);
+
+ for (k=0;; k++)
+ {
+ if (k>=DBMASK.len)
+ {
+ OCT_clear(&DBMASK);
+ return 1;
+ }
+ if (DBMASK.val[k]!=0) break;
+ }
+
+ t=DBMASK.val[k];
+ if (!comp || x!=0 || t!=0x01)
+ {
+ OCT_clear(&DBMASK);
+ return 1;
+ }
+
+ OCT_shl(&DBMASK,k+1);
+ OCT_copy(f,&DBMASK);
+ OCT_clear(&DBMASK);
+
+ return 0;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/utils.c
----------------------------------------------------------------------
diff --git a/src/utils.c b/src/utils.c
new file mode 100644
index 0000000..1a103f5
--- /dev/null
+++ b/src/utils.c
@@ -0,0 +1,131 @@
+/**
+ * @file utils.c
+ * @author Mike Scott
+ * @author Kealan McCusker
+ * @date 28th July 2016
+ * @brief AMCL Support functions for M-Pin servers
+ *
+ * LICENSE
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/* AMCL Support functions for M-Pin servers */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "amcl.h"
+#include "utils.h"
+
+/* Decode hex value */
+void amcl_hex2bin(const char *src, char *dst, int src_len)
+{
+ int i;
+ char v,c;
+ for (i = 0; i < src_len/2; i++)
+ {
+ c = src[2*i];
+ if (c >= '0' && c <= '9')
+ {
+ v = c - '0';
+ }
+ else if (c >= 'A' && c <= 'F')
+ {
+ v = c - 'A' + 10;
+ }
+ else if (c >= 'a' && c <= 'f')
+ {
+ v = c - 'a' + 10;
+ }
+ else
+ {
+ v = 0;
+ }
+ v <<= 4;
+ c = src[2*i + 1];
+ if (c >= '0' && c <= '9')
+ {
+ v += c - '0';
+ }
+ else if (c >= 'A' && c <= 'F')
+ {
+ v += c - 'A' + 10;
+ }
+ else if (c >= 'a' && c <= 'f')
+ {
+ v += c - 'a' + 10;
+ }
+ else
+ {
+ v = 0;
+ }
+ dst[i] = v;
+ }
+}
+
+/* Encode binary string */
+void amcl_bin2hex(char *src, char *dst, int src_len)
+{
+ int i;
+ for (i = 0; i < src_len; i++)
+ {
+ sprintf(&dst[i*2],"%02x", (unsigned char) src[i]);
+ }
+}
+
+/* Print encoded binary string in hex */
+void amcl_print_hex(char *src, int src_len)
+{
+ int i;
+ for (i = 0; i < src_len; i++)
+ {
+ printf("%02x", (unsigned char) src[i]);
+ }
+ printf("\n");
+}
+
+/* Generates a random six digit one time password */
+int generateOTP(csprng* RNG)
+{
+ int OTP=0;
+
+ int i = 0;
+ int val = 0;
+ char byte[6] = {0};
+ int mult=1;
+
+ // Generate random 6 digit random value
+ for (i=0; i<6; i++)
+ {
+ byte[i]=RAND_byte(RNG);
+ val = byte[i];
+ OTP = ((abs(val) % 10) * mult) + OTP;
+ mult = mult * 10;
+ }
+
+ return OTP;
+}
+
+/* Generate a random Octet */
+void generateRandom(csprng *RNG,octet *randomValue)
+{
+ int i;
+ for (i=0; i<randomValue->len; i++)
+ randomValue->val[i]=RAND_byte(RNG);
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/version.c
----------------------------------------------------------------------
diff --git a/src/version.c b/src/version.c
new file mode 100644
index 0000000..e34fdc3
--- /dev/null
+++ b/src/version.c
@@ -0,0 +1,136 @@
+/**
+ * @file version.c
+ * @author Mike Scott
+ * @author Kealan McCusker
+ * @date 28th April 2016
+ * @brief AMCL version support function
+ *
+ * LICENSE
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "version.h"
+
+/* AMCL version support function */
+
+/* Print version number and information about the build */
+void amcl_version(void)
+{
+ printf("AMCL Version: %d.%d.%d\n", AMCL_VERSION_MAJOR, AMCL_VERSION_MINOR, AMCL_VERSION_PATCH);
+ printf("OS: %s\n", OS);
+ printf("CHUNK: %d\n", CHUNK);
+
+ /*
+ * Supported curves
+ * Current choice of Elliptic Curves:
+ * - NIST256
+ * - C25519
+ * - ED25519
+ * - BRAINPOOL
+ * - ANSSI
+ * - NUMS256E
+ * - NUMS256W
+ * - NUMS384E
+ * - NUMS384W
+ * - NUMS512E
+ * - NUMS512W
+ * - HIFIVE
+ * - GOLDILOCKS
+ * - NIST384
+ * - C41417
+ * - NIST521
+ * - BN254
+ * - BN254CX
+ * - BLS383
+ */
+ printf("\nSupported curves:\n");
+#ifdef NIST256_VER
+ printf("- NIST256\n");
+#endif
+#ifdef C25519_VER
+ printf("- C25519\n");
+#endif
+#ifdef ED25519_VER
+ printf("- ED25519\n");
+#endif
+#ifdef BRAINPOOL_VER
+ printf("- BRAINPOOL\n");
+#endif
+#ifdef ANSSI_VER
+ printf("- ANSSI\n");
+#endif
+#ifdef NUMS256E_VER
+ printf("- NUMS256E\n");
+#endif
+#ifdef NUMS256W_VER
+ printf("- NUMS256W\n");
+#endif
+#ifdef NUMS384E_VER
+ printf("- NUMS384E\n");
+#endif
+#ifdef NUMS384W_VER
+ printf("- NUMS384W\n");
+#endif
+#ifdef NUMS512E_VER
+ printf("- NUMS512E\n");
+#endif
+#ifdef NUMS512W_VER
+ printf("- NUMS512W\n");
+#endif
+#ifdef HIFIVE_VER
+ printf("- HIFIVE\n");
+#endif
+#ifdef GOLDILOCKS_VER
+ printf("- GOLDILOCKS\n");
+#endif
+#ifdef NIST384_VER
+ printf("- NIST384\n");
+#endif
+#ifdef C41417_VER
+ printf("- C41417\n");
+#endif
+#ifdef NIST521_VER
+ printf("- NIST521\n");
+#endif
+#ifdef BN254_VER
+ printf("- BN254\n");
+#endif
+#ifdef BN254CX_VER
+ printf("- BN254CX\n");
+#endif
+#ifdef BLS383_VER
+ printf("- BLS383\n");
+#endif
+
+ /*
+ * Supported RSA security levels
+ * Current choice of security levels: 2048, 3072, 4096
+ */
+ printf("\nRSA security levels:\n");
+#ifdef RSA_SECURITY_LEVEL_2048_VER
+ printf("- 2048\n");
+#endif
+#ifdef RSA_SECURITY_LEVEL_3072_VER
+ printf("- 3072\n");
+#endif
+#ifdef RSA_SECURITY_LEVEL_4096_VER
+ printf("- 4096\n");
+#endif
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/wcc.c.in
----------------------------------------------------------------------
diff --git a/src/wcc.c.in b/src/wcc.c.in
new file mode 100644
index 0000000..9dc7b80
--- /dev/null
+++ b/src/wcc.c.in
@@ -0,0 +1,343 @@
+/**
+ * @file wcc_ZZZ.c
+ * @author Mike Scott
+ * @author Kealan McCusker
+ * @date 28th April 2016
+ * @brief AMCL Wang / Chow Choo (WCC) definitions
+ *
+ * LICENSE
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "wcc_ZZZ.h"
+
+
+/* Perform sha256 of EC Points and Id. Map to an integer modulo the curve order. */
+void WCC_ZZZ_Hq(int sha, octet *A,octet *B,octet *C,octet *D,octet *h)
+{
+ BIG_XXX q,hs;
+ // hv has to store two points in G1, One in G2 and the Id length
+ char hv[2000];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[WCC_PFS_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+
+#ifdef DEBUG
+ printf("WCC_ZZZ_Hq: A: ");
+ OCT_output(A);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: B: ");
+ OCT_output(B);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: C: ");
+ OCT_output(C);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: D: ");
+ OCT_output(D);
+ printf("\n");
+#endif
+
+ OCT_joctet(&HV,A);
+ OCT_joctet(&HV,B);
+ OCT_joctet(&HV,C);
+ OCT_joctet(&HV,D);
+ mhashit(sha,0,&HV,&HT);
+
+ BIG_XXX_fromBytes(hs,HT.val);
+ BIG_XXX_mod(hs,q);
+ OCT_clear(&HT);
+ BIG_XXX_toBytes(h->val,hs);
+ h->len=WCC_PGS_ZZZ;
+}
+
+/* Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity */
+int WCC_ZZZ_GET_G1_MULTIPLE(octet *S,octet *HID,octet *VG1)
+{
+ BIG_XXX s;
+ ECP_ZZZ P;
+
+ ECP_ZZZ_mapit(&P,HID);
+
+ BIG_XXX_fromBytes(s,S->val);
+ PAIR_ZZZ_G1mul(&P,s);
+
+ ECP_ZZZ_toOctet(VG1,&P);
+ return 0;
+}
+
+/* Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity */
+int WCC_ZZZ_GET_G2_MULTIPLE(octet *S,octet *HID,octet *VG2)
+{
+ BIG_XXX s;
+ ECP2_ZZZ P;
+
+ ECP2_ZZZ_mapit(&P,HID);
+
+ BIG_XXX_fromBytes(s,S->val);
+ PAIR_ZZZ_G2mul(&P,s);
+
+ ECP2_ZZZ_toOctet(VG2,&P);
+ return 0;
+}
+
+/* Calculate the sender AES Key */
+int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *IdBOct, octet *AESKeyOct)
+{
+ ECP_ZZZ sAG1,PgG1;
+ ECP2_ZZZ BG2,PbG2;
+ char hv1[WCC_PFS_ZZZ];
+ octet HV1= {0,sizeof(hv1),hv1};
+
+ // Pairing outputs
+ FP12_YYY g;
+
+ FP4_YYY c;
+ BIG_XXX t,x,z,pia,pib;
+
+ char xpgg1[2*WCC_PFS_ZZZ+1];
+ octet xPgG1Oct= {0,sizeof(xpgg1), xpgg1};
+
+ char hv[6*WCC_PFS_ZZZ+1];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[AESKEY_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_fromBytes(x,xOct->val);
+ BIG_XXX_fromBytes(pia,piaOct->val);
+ BIG_XXX_fromBytes(pib,pibOct->val);
+
+ if (!ECP2_ZZZ_fromOctet(&PbG2,PbG2Oct))
+ {
+#ifdef DEBUG
+ printf("PbG2Oct Invalid Point: ");
+ OCT_output(PbG2Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct))
+ {
+#ifdef DEBUG
+ printf("PgG1Oct Invalid Point: ");
+ OCT_output(PgG1Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ mhashit(sha,0,IdBOct,&HV1);
+ ECP2_ZZZ_mapit(&BG2,&HV1);
+
+ if (!ECP_ZZZ_fromOctet(&sAG1,AKeyG1Oct))
+ {
+#ifdef DEBUG
+ printf("AKeyG1Oct Invalid Point: ");
+ OCT_output(AKeyG1Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ // z = x + pia
+ BIG_XXX_add(z,x,pia);
+
+ // (x+pia).AKeyG1
+ PAIR_ZZZ_G1mul(&sAG1,z);
+
+ // pib.BG2
+ PAIR_ZZZ_G2mul(&BG2,pib);
+
+ // pib.BG2+PbG2
+ ECP2_ZZZ_add(&BG2, &PbG2);
+
+ ECP2_ZZZ_affine(&BG2);
+ ECP_ZZZ_affine(&sAG1);
+
+ PAIR_ZZZ_ate(&g,&BG2,&sAG1);
+ PAIR_ZZZ_fexp(&g);
+ // printf("WCC_ZZZ_SENDER_KEY e(sAG1,BG2) = ");FP12_YYY_output(&g); printf("\n");
+
+ // x.PgG1
+ PAIR_ZZZ_G1mul(&PgG1,x);
+ ECP_ZZZ_toOctet(&xPgG1Oct,&PgG1);
+
+ // Generate AES Key : K=H(k,x.PgG1)
+ FP12_YYY_trace(&c,&g);
+
+ HV.len = 4*WCC_PFS_ZZZ;
+ FP_YYY_redc(t,&(c.a.a));
+ BIG_XXX_toBytes(&(HV.val[0]),t);
+
+ FP_YYY_redc(t,&(c.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t);
+
+ FP_YYY_redc(t,&(c.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t);
+
+ FP_YYY_redc(t,&(c.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t);
+
+ // Set HV.len to correct value
+ OCT_joctet(&HV,&xPgG1Oct);
+
+ mhashit(sha,0,&HV,&HT);
+
+ OCT_empty(AESKeyOct);
+ OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ);
+
+ return 0;
+}
+
+/* Calculate the receiver AES key */
+int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct, octet *IdAOct, octet *AESKeyOct)
+{
+ ECP_ZZZ AG1,PgG1,PaG1;
+ ECP2_ZZZ sBG2;
+ char hv1[WCC_PFS_ZZZ];
+ octet HV1= {0,sizeof(hv1),hv1};
+
+ // Pairing outputs
+ FP12_YYY g;
+
+ FP4_YYY c;
+ BIG_XXX t,w,y,pia,pib;;
+
+ char wpag1[2*WCC_PFS_ZZZ+1];
+ octet wPaG1Oct= {0,sizeof(wpag1), wpag1};
+
+ char hv[6*WCC_PFS_ZZZ+1];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[AESKEY_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_fromBytes(y,yOct->val);
+ BIG_XXX_fromBytes(w,wOct->val);
+ BIG_XXX_fromBytes(pia,piaOct->val);
+ BIG_XXX_fromBytes(pib,pibOct->val);
+
+ if (!ECP_ZZZ_fromOctet(&PaG1,PaG1Oct))
+ return WCC_INVALID_POINT;
+
+ if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct))
+ return WCC_INVALID_POINT;
+
+ mhashit(sha,0,IdAOct,&HV1);
+ ECP_ZZZ_mapit(&AG1,&HV1);
+
+ if (!ECP2_ZZZ_fromOctet(&sBG2,BKeyG2Oct))
+ return WCC_INVALID_POINT;
+
+ // y = y + pib
+ BIG_XXX_add(y,y,pib);
+
+ // (y+pib).BKeyG2
+ PAIR_ZZZ_G2mul(&sBG2,y);
+
+ // pia.AG1
+ PAIR_ZZZ_G1mul(&AG1,pia);
+
+ // pia.AG1+PaG1
+ ECP_ZZZ_add(&AG1, &PaG1);
+
+ ECP2_ZZZ_affine(&sBG2);
+ ECP_ZZZ_affine(&AG1);
+
+ PAIR_ZZZ_ate(&g,&sBG2,&AG1);
+ PAIR_ZZZ_fexp(&g);
+ // printf("WCC_ZZZ_RECEIVER_KEY e(AG1,sBG2) = ");FP12_YYY_output(&g); printf("\n");
+
+ // w.PaG1
+ PAIR_ZZZ_G1mul(&PaG1,w);
+ ECP_ZZZ_toOctet(&wPaG1Oct,&PaG1);
+
+ // Generate AES Key: K=H(k,w.PaG1)
+ FP12_YYY_trace(&c,&g);
+
+ HV.len = 4*WCC_PFS_ZZZ;
+ FP_YYY_redc(t,&(c.a.a));
+ BIG_XXX_toBytes(&(HV.val[0]),t);
+
+ FP_YYY_redc(t,&(c.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t);
+
+ FP_YYY_redc(t,&(c.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t);
+
+ FP_YYY_redc(t,&(c.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t);
+
+ // Set HV.len to correct value
+ OCT_joctet(&HV,&wPaG1Oct);
+
+ mhashit(sha,0,&HV,&HT);
+
+ OCT_empty(AESKeyOct);
+ OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ);
+
+ return 0;
+
+}
+
+/* Generate a random number modulus the group order */
+int WCC_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S)
+{
+ BIG_XXX r,s;
+ BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
+ BIG_XXX_randomnum(s,r,RNG);
+ BIG_XXX_toBytes(S->val,s);
+ S->len=WCC_PGS_ZZZ;
+ return 0;
+}
+
+/* Add two members from the group G1 */
+int WCC_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
+{
+ ECP_ZZZ P,T;
+ int res=0;
+ if (!ECP_ZZZ_fromOctet(&P,R1)) res=WCC_INVALID_POINT;
+ if (!ECP_ZZZ_fromOctet(&T,R2)) res=WCC_INVALID_POINT;
+ if (res==0)
+ {
+ ECP_ZZZ_add(&P,&T);
+ ECP_ZZZ_toOctet(R,&P);
+ }
+ return res;
+}
+
+/* Add two members from the group G2 */
+int WCC_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
+{
+ ECP2_ZZZ Q,T;
+ int res=0;
+ if (!ECP2_ZZZ_fromOctet(&Q,W1)) res=WCC_INVALID_POINT;
+ if (!ECP2_ZZZ_fromOctet(&T,W2)) res=WCC_INVALID_POINT;
+ if (res==0)
+ {
+ ECP2_ZZZ_add(&Q,&T);
+ ECP2_ZZZ_toOctet(W,&Q);
+ }
+ return res;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/wcc192.c.in
----------------------------------------------------------------------
diff --git a/src/wcc192.c.in b/src/wcc192.c.in
new file mode 100644
index 0000000..127edaa
--- /dev/null
+++ b/src/wcc192.c.in
@@ -0,0 +1,368 @@
+/**
+ * @file wcc192_ZZZ.c
+ * @author Mike Scott
+ * @author Kealan McCusker
+ * @date 28th April 2016
+ * @brief AMCL Wang / Chow Choo (WCC) definitions
+ *
+ * LICENSE
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "wcc192_ZZZ.h"
+
+
+/* Perform sha256 of EC Points and Id. Map to an integer modulo the curve order. */
+void WCC_ZZZ_Hq(int sha, octet *A,octet *B,octet *C,octet *D,octet *h)
+{
+ BIG_XXX q,hs;
+ // hv has to store two points in G1, One in G2 and the Id length
+ char hv[2000];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[WCC_PFS_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+
+#ifdef DEBUG
+ printf("WCC_ZZZ_Hq: A: ");
+ OCT_output(A);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: B: ");
+ OCT_output(B);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: C: ");
+ OCT_output(C);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: D: ");
+ OCT_output(D);
+ printf("\n");
+#endif
+
+ OCT_joctet(&HV,A);
+ OCT_joctet(&HV,B);
+ OCT_joctet(&HV,C);
+ OCT_joctet(&HV,D);
+ mhashit(sha,0,&HV,&HT);
+
+ BIG_XXX_fromBytes(hs,HT.val);
+ BIG_XXX_mod(hs,q);
+ OCT_clear(&HT);
+ BIG_XXX_toBytes(h->val,hs);
+ h->len=WCC_PGS_ZZZ;
+}
+
+/* Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity */
+int WCC_ZZZ_GET_G1_MULTIPLE(octet *S,octet *HID,octet *VG1)
+{
+ BIG_XXX s;
+ ECP_ZZZ P;
+
+ ECP_ZZZ_mapit(&P,HID);
+
+ BIG_XXX_fromBytes(s,S->val);
+ PAIR_ZZZ_G1mul(&P,s);
+
+ ECP_ZZZ_toOctet(VG1,&P);
+ return 0;
+}
+
+/* Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity */
+int WCC_ZZZ_GET_G2_MULTIPLE(octet *S,octet *HID,octet *VG2)
+{
+ BIG_XXX s;
+ ECP4_ZZZ P;
+
+ ECP4_ZZZ_mapit(&P,HID);
+
+ BIG_XXX_fromBytes(s,S->val);
+ PAIR_ZZZ_G2mul(&P,s);
+
+ ECP4_ZZZ_toOctet(VG2,&P);
+ return 0;
+}
+
+/* Calculate the sender AES Key */
+int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *IdBOct, octet *AESKeyOct)
+{
+ ECP_ZZZ sAG1,PgG1;
+ ECP4_ZZZ BG2,PbG2;
+ char hv1[WCC_PFS_ZZZ];
+ octet HV1= {0,sizeof(hv1),hv1};
+
+ // Pairing outputs
+ FP24_YYY g;
+
+ FP8_YYY c;
+ BIG_XXX t,x,z,pia,pib;
+
+ char xpgg1[2*WCC_PFS_ZZZ+1];
+ octet xPgG1Oct= {0,sizeof(xpgg1), xpgg1};
+
+ char hv[10*WCC_PFS_ZZZ+1];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[AESKEY_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_fromBytes(x,xOct->val);
+ BIG_XXX_fromBytes(pia,piaOct->val);
+ BIG_XXX_fromBytes(pib,pibOct->val);
+
+ if (!ECP4_ZZZ_fromOctet(&PbG2,PbG2Oct))
+ {
+#ifdef DEBUG
+ printf("PbG2Oct Invalid Point: ");
+ OCT_output(PbG2Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct))
+ {
+#ifdef DEBUG
+ printf("PgG1Oct Invalid Point: ");
+ OCT_output(PgG1Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ mhashit(sha,0,IdBOct,&HV1);
+ ECP4_ZZZ_mapit(&BG2,&HV1);
+
+ if (!ECP_ZZZ_fromOctet(&sAG1,AKeyG1Oct))
+ {
+#ifdef DEBUG
+ printf("AKeyG1Oct Invalid Point: ");
+ OCT_output(AKeyG1Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ // z = x + pia
+ BIG_XXX_add(z,x,pia);
+
+ // (x+pia).AKeyG1
+ PAIR_ZZZ_G1mul(&sAG1,z);
+
+ // pib.BG2
+ PAIR_ZZZ_G2mul(&BG2,pib);
+
+ // pib.BG2+PbG2
+ ECP4_ZZZ_add(&BG2, &PbG2);
+
+ ECP4_ZZZ_affine(&BG2);
+ ECP_ZZZ_affine(&sAG1);
+
+ PAIR_ZZZ_ate(&g,&BG2,&sAG1);
+ PAIR_ZZZ_fexp(&g);
+ // printf("WCC_ZZZ_SENDER_KEY e(sAG1,BG2) = ");FP24_YYY_output(&g); printf("\n");
+
+ // x.PgG1
+ PAIR_ZZZ_G1mul(&PgG1,x);
+ ECP_ZZZ_toOctet(&xPgG1Oct,&PgG1);
+
+ // Generate AES Key : K=H(k,x.PgG1)
+ FP24_YYY_trace(&c,&g);
+
+ HV.len = 8*WCC_PFS_ZZZ;
+ FP_YYY_redc(t,&(c.a.a.a));
+ BIG_XXX_toBytes(&(HV.val[0]),t);
+
+ FP_YYY_redc(t,&(c.a.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t);
+
+ FP_YYY_redc(t,&(c.a.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t);
+
+ FP_YYY_redc(t,&(c.a.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t);
+
+ FP_YYY_redc(t,&(c.b.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t);
+
+ FP_YYY_redc(t,&(c.b.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t);
+
+ FP_YYY_redc(t,&(c.b.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t);
+
+ FP_YYY_redc(t,&(c.b.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t);
+
+ // Set HV.len to correct value
+ OCT_joctet(&HV,&xPgG1Oct);
+
+ mhashit(sha,0,&HV,&HT);
+
+ OCT_empty(AESKeyOct);
+ OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ);
+
+ return 0;
+}
+
+/* Calculate the receiver AES key */
+int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct, octet *IdAOct, octet *AESKeyOct)
+{
+ ECP_ZZZ AG1,PgG1,PaG1;
+ ECP4_ZZZ sBG2;
+ char hv1[WCC_PFS_ZZZ];
+ octet HV1= {0,sizeof(hv1),hv1};
+
+ // Pairing outputs
+ FP24_YYY g;
+
+ FP8_YYY c;
+ BIG_XXX t,w,y,pia,pib;;
+
+ char wpag1[2*WCC_PFS_ZZZ+1];
+ octet wPaG1Oct= {0,sizeof(wpag1), wpag1};
+
+ char hv[10*WCC_PFS_ZZZ+1];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[AESKEY_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_fromBytes(y,yOct->val);
+ BIG_XXX_fromBytes(w,wOct->val);
+ BIG_XXX_fromBytes(pia,piaOct->val);
+ BIG_XXX_fromBytes(pib,pibOct->val);
+
+ if (!ECP_ZZZ_fromOctet(&PaG1,PaG1Oct))
+ return WCC_INVALID_POINT;
+
+ if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct))
+ return WCC_INVALID_POINT;
+
+ mhashit(sha,0,IdAOct,&HV1);
+ ECP_ZZZ_mapit(&AG1,&HV1);
+
+ if (!ECP4_ZZZ_fromOctet(&sBG2,BKeyG2Oct))
+ return WCC_INVALID_POINT;
+
+ // y = y + pib
+ BIG_XXX_add(y,y,pib);
+
+ // (y+pib).BKeyG2
+ PAIR_ZZZ_G2mul(&sBG2,y);
+
+ // pia.AG1
+ PAIR_ZZZ_G1mul(&AG1,pia);
+
+ // pia.AG1+PaG1
+ ECP_ZZZ_add(&AG1, &PaG1);
+
+ ECP4_ZZZ_affine(&sBG2);
+ ECP_ZZZ_affine(&AG1);
+
+ PAIR_ZZZ_ate(&g,&sBG2,&AG1);
+ PAIR_ZZZ_fexp(&g);
+ // printf("WCC_ZZZ_RECEIVER_KEY e(AG1,sBG2) = ");FP24_YYY_output(&g); printf("\n");
+
+ // w.PaG1
+ PAIR_ZZZ_G1mul(&PaG1,w);
+ ECP_ZZZ_toOctet(&wPaG1Oct,&PaG1);
+
+ // Generate AES Key: K=H(k,w.PaG1)
+ FP24_YYY_trace(&c,&g);
+
+ HV.len = 8*WCC_PFS_ZZZ;
+ FP_YYY_redc(t,&(c.a.a.a));
+ BIG_XXX_toBytes(&(HV.val[0]),t);
+
+ FP_YYY_redc(t,&(c.a.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t);
+
+ FP_YYY_redc(t,&(c.a.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t);
+
+ FP_YYY_redc(t,&(c.a.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t);
+
+ FP_YYY_redc(t,&(c.b.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t);
+
+ FP_YYY_redc(t,&(c.b.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t);
+
+ FP_YYY_redc(t,&(c.b.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t);
+
+ FP_YYY_redc(t,&(c.b.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t);
+
+
+ // Set HV.len to correct value
+ OCT_joctet(&HV,&wPaG1Oct);
+
+ mhashit(sha,0,&HV,&HT);
+
+ OCT_empty(AESKeyOct);
+ OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ);
+
+ return 0;
+
+}
+
+/* Generate a random number modulus the group order */
+int WCC_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S)
+{
+ BIG_XXX r,s;
+ BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
+ BIG_XXX_randomnum(s,r,RNG);
+ BIG_XXX_toBytes(S->val,s);
+ S->len=WCC_PGS_ZZZ;
+ return 0;
+}
+
+/* Add two members from the group G1 */
+int WCC_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
+{
+ ECP_ZZZ P,T;
+ int res=0;
+ if (!ECP_ZZZ_fromOctet(&P,R1)) res=WCC_INVALID_POINT;
+ if (!ECP_ZZZ_fromOctet(&T,R2)) res=WCC_INVALID_POINT;
+ if (res==0)
+ {
+ ECP_ZZZ_add(&P,&T);
+ ECP_ZZZ_toOctet(R,&P);
+ }
+ return res;
+}
+
+/* Add two members from the group G2 */
+int WCC_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
+{
+ ECP4_ZZZ Q,T;
+ int res=0;
+ if (!ECP4_ZZZ_fromOctet(&Q,W1)) res=WCC_INVALID_POINT;
+ if (!ECP4_ZZZ_fromOctet(&T,W2)) res=WCC_INVALID_POINT;
+ if (res==0)
+ {
+ ECP4_ZZZ_add(&Q,&T);
+ ECP4_ZZZ_toOctet(W,&Q);
+ }
+ return res;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/src/wcc256.c.in
----------------------------------------------------------------------
diff --git a/src/wcc256.c.in b/src/wcc256.c.in
new file mode 100644
index 0000000..74c6ed2
--- /dev/null
+++ b/src/wcc256.c.in
@@ -0,0 +1,413 @@
+/**
+ * @file wcc256_ZZZ.c
+ * @author Mike Scott
+ * @author Kealan McCusker
+ * @date 28th April 2016
+ * @brief AMCL Wang / Chow Choo (WCC) definitions
+ *
+ * LICENSE
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "wcc256_ZZZ.h"
+
+
+/* Perform sha256 of EC Points and Id. Map to an integer modulo the curve order. */
+void WCC_ZZZ_Hq(int sha, octet *A,octet *B,octet *C,octet *D,octet *h)
+{
+ BIG_XXX q,hs;
+ // hv has to store two points in G1, One in G2 and the Id length
+ char hv[4000];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[WCC_PFS_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_rcopy(q,CURVE_Order_ZZZ);
+
+#ifdef DEBUG
+ printf("WCC_ZZZ_Hq: A: ");
+ OCT_output(A);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: B: ");
+ OCT_output(B);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: C: ");
+ OCT_output(C);
+ printf("\n");
+ printf("WCC_ZZZ_Hq: D: ");
+ OCT_output(D);
+ printf("\n");
+#endif
+
+ OCT_joctet(&HV,A);
+ OCT_joctet(&HV,B);
+ OCT_joctet(&HV,C);
+ OCT_joctet(&HV,D);
+ mhashit(sha,0,&HV,&HT);
+
+ BIG_XXX_fromBytes(hs,HT.val);
+ BIG_XXX_mod(hs,q);
+ OCT_clear(&HT);
+ BIG_XXX_toBytes(h->val,hs);
+ h->len=WCC_PGS_ZZZ;
+}
+
+/* Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity */
+int WCC_ZZZ_GET_G1_MULTIPLE(octet *S,octet *HID,octet *VG1)
+{
+ BIG_XXX s;
+ ECP_ZZZ P;
+
+ ECP_ZZZ_mapit(&P,HID);
+
+ BIG_XXX_fromBytes(s,S->val);
+ PAIR_ZZZ_G1mul(&P,s);
+
+ ECP_ZZZ_toOctet(VG1,&P);
+ return 0;
+}
+
+/* Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity */
+int WCC_ZZZ_GET_G2_MULTIPLE(octet *S,octet *HID,octet *VG2)
+{
+ BIG_XXX s;
+ ECP8_ZZZ P;
+
+ ECP8_ZZZ_mapit(&P,HID);
+
+ BIG_XXX_fromBytes(s,S->val);
+ PAIR_ZZZ_G2mul(&P,s);
+
+ ECP8_ZZZ_toOctet(VG2,&P);
+ return 0;
+}
+
+/* Calculate the sender AES Key */
+int WCC_ZZZ_SENDER_KEY(int sha, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *IdBOct, octet *AESKeyOct)
+{
+ ECP_ZZZ sAG1,PgG1;
+ ECP8_ZZZ BG2,PbG2;
+ char hv1[WCC_PFS_ZZZ];
+ octet HV1= {0,sizeof(hv1),hv1};
+
+ // Pairing outputs
+ FP48_YYY g;
+
+ FP16_YYY c;
+ BIG_XXX t,x,z,pia,pib;
+
+ char xpgg1[2*WCC_PFS_ZZZ+1];
+ octet xPgG1Oct= {0,sizeof(xpgg1), xpgg1};
+
+ char hv[18*WCC_PFS_ZZZ+1];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[AESKEY_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_fromBytes(x,xOct->val);
+ BIG_XXX_fromBytes(pia,piaOct->val);
+ BIG_XXX_fromBytes(pib,pibOct->val);
+
+ if (!ECP8_ZZZ_fromOctet(&PbG2,PbG2Oct))
+ {
+#ifdef DEBUG
+ printf("PbG2Oct Invalid Point: ");
+ OCT_output(PbG2Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct))
+ {
+#ifdef DEBUG
+ printf("PgG1Oct Invalid Point: ");
+ OCT_output(PgG1Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ mhashit(sha,0,IdBOct,&HV1);
+ ECP8_ZZZ_mapit(&BG2,&HV1);
+
+ if (!ECP_ZZZ_fromOctet(&sAG1,AKeyG1Oct))
+ {
+#ifdef DEBUG
+ printf("AKeyG1Oct Invalid Point: ");
+ OCT_output(AKeyG1Oct);
+ printf("\n");
+#endif
+ return WCC_INVALID_POINT;
+ }
+
+ // z = x + pia
+ BIG_XXX_add(z,x,pia);
+
+ // (x+pia).AKeyG1
+ PAIR_ZZZ_G1mul(&sAG1,z);
+
+ // pib.BG2
+ PAIR_ZZZ_G2mul(&BG2,pib);
+
+ // pib.BG2+PbG2
+ ECP8_ZZZ_add(&BG2, &PbG2);
+
+ ECP8_ZZZ_affine(&BG2);
+ ECP_ZZZ_affine(&sAG1);
+
+ PAIR_ZZZ_ate(&g,&BG2,&sAG1);
+ PAIR_ZZZ_fexp(&g);
+
+ // x.PgG1
+ PAIR_ZZZ_G1mul(&PgG1,x);
+ ECP_ZZZ_toOctet(&xPgG1Oct,&PgG1);
+
+ // Generate AES Key : K=H(k,x.PgG1)
+ FP48_YYY_trace(&c,&g);
+
+ HV.len = 16*WCC_PFS_ZZZ;
+ FP_YYY_redc(t,&(c.a.a.a.a));
+ BIG_XXX_toBytes(&(HV.val[0]),t);
+
+ FP_YYY_redc(t,&(c.a.a.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t);
+
+ FP_YYY_redc(t,&(c.a.a.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t);
+
+ FP_YYY_redc(t,&(c.a.a.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t);
+
+ FP_YYY_redc(t,&(c.a.b.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t);
+
+ FP_YYY_redc(t,&(c.a.b.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t);
+
+ FP_YYY_redc(t,&(c.a.b.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t);
+
+ FP_YYY_redc(t,&(c.a.b.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t);
+
+ FP_YYY_redc(t,&(c.b.a.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*8]),t);
+
+ FP_YYY_redc(t,&(c.b.a.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*9]),t);
+
+ FP_YYY_redc(t,&(c.b.a.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*10]),t);
+
+ FP_YYY_redc(t,&(c.b.a.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*11]),t);
+
+ FP_YYY_redc(t,&(c.b.b.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*12]),t);
+
+ FP_YYY_redc(t,&(c.b.b.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*13]),t);
+
+ FP_YYY_redc(t,&(c.b.b.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*14]),t);
+
+ FP_YYY_redc(t,&(c.b.b.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*15]),t);
+
+ // Set HV.len to correct value
+ OCT_joctet(&HV,&xPgG1Oct);
+
+ mhashit(sha,0,&HV,&HT);
+
+ OCT_empty(AESKeyOct);
+ OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ);
+
+ return 0;
+}
+
+/* Calculate the receiver AES key */
+int WCC_ZZZ_RECEIVER_KEY(int sha, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct, octet *IdAOct, octet *AESKeyOct)
+{
+ ECP_ZZZ AG1,PgG1,PaG1;
+ ECP8_ZZZ sBG2;
+ char hv1[WCC_PFS_ZZZ];
+ octet HV1= {0,sizeof(hv1),hv1};
+
+ // Pairing outputs
+ FP48_YYY g;
+
+ FP16_YYY c;
+ BIG_XXX t,w,y,pia,pib;;
+
+ char wpag1[2*WCC_PFS_ZZZ+1];
+ octet wPaG1Oct= {0,sizeof(wpag1), wpag1};
+
+ char hv[18*WCC_PFS_ZZZ+1];
+ octet HV= {0,sizeof(hv),hv};
+ char ht[AESKEY_ZZZ];
+ octet HT= {0,sizeof(ht),ht};
+
+ BIG_XXX_fromBytes(y,yOct->val);
+ BIG_XXX_fromBytes(w,wOct->val);
+ BIG_XXX_fromBytes(pia,piaOct->val);
+ BIG_XXX_fromBytes(pib,pibOct->val);
+
+ if (!ECP_ZZZ_fromOctet(&PaG1,PaG1Oct))
+ return WCC_INVALID_POINT;
+
+ if (!ECP_ZZZ_fromOctet(&PgG1,PgG1Oct))
+ return WCC_INVALID_POINT;
+
+ mhashit(sha,0,IdAOct,&HV1);
+ ECP_ZZZ_mapit(&AG1,&HV1);
+
+ if (!ECP8_ZZZ_fromOctet(&sBG2,BKeyG2Oct))
+ return WCC_INVALID_POINT;
+
+ // y = y + pib
+ BIG_XXX_add(y,y,pib);
+
+ // (y+pib).BKeyG2
+ PAIR_ZZZ_G2mul(&sBG2,y);
+
+ // pia.AG1
+ PAIR_ZZZ_G1mul(&AG1,pia);
+
+ // pia.AG1+PaG1
+ ECP_ZZZ_add(&AG1, &PaG1);
+
+ ECP8_ZZZ_affine(&sBG2);
+ ECP_ZZZ_affine(&AG1);
+
+ PAIR_ZZZ_ate(&g,&sBG2,&AG1);
+ PAIR_ZZZ_fexp(&g);
+
+ // w.PaG1
+ PAIR_ZZZ_G1mul(&PaG1,w);
+ ECP_ZZZ_toOctet(&wPaG1Oct,&PaG1);
+
+ // Generate AES Key: K=H(k,w.PaG1)
+ FP48_YYY_trace(&c,&g);
+
+ HV.len = 16*WCC_PFS_ZZZ;
+ FP_YYY_redc(t,&(c.a.a.a.a));
+ BIG_XXX_toBytes(&(HV.val[0]),t);
+
+ FP_YYY_redc(t,&(c.a.a.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ]),t);
+
+ FP_YYY_redc(t,&(c.a.a.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*2]),t);
+
+ FP_YYY_redc(t,&(c.a.a.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*3]),t);
+
+ FP_YYY_redc(t,&(c.a.b.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*4]),t);
+
+ FP_YYY_redc(t,&(c.a.b.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*5]),t);
+
+ FP_YYY_redc(t,&(c.a.b.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*6]),t);
+
+ FP_YYY_redc(t,&(c.a.b.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*7]),t);
+
+ FP_YYY_redc(t,&(c.b.a.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*8]),t);
+
+ FP_YYY_redc(t,&(c.b.a.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*9]),t);
+
+ FP_YYY_redc(t,&(c.b.a.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*10]),t);
+
+ FP_YYY_redc(t,&(c.b.a.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*11]),t);
+
+ FP_YYY_redc(t,&(c.b.b.a.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*12]),t);
+
+ FP_YYY_redc(t,&(c.b.b.a.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*13]),t);
+
+ FP_YYY_redc(t,&(c.b.b.b.a));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*14]),t);
+
+ FP_YYY_redc(t,&(c.b.b.b.b));
+ BIG_XXX_toBytes(&(HV.val[WCC_PFS_ZZZ*15]),t);
+
+ // Set HV.len to correct value
+ OCT_joctet(&HV,&wPaG1Oct);
+
+ mhashit(sha,0,&HV,&HT);
+
+ OCT_empty(AESKeyOct);
+ OCT_jbytes(AESKeyOct,HT.val,AESKEY_ZZZ);
+
+ return 0;
+
+}
+
+/* Generate a random number modulus the group order */
+int WCC_ZZZ_RANDOM_GENERATE(csprng *RNG,octet* S)
+{
+ BIG_XXX r,s;
+ BIG_XXX_rcopy(r,CURVE_Order_ZZZ);
+ BIG_XXX_randomnum(s,r,RNG);
+ BIG_XXX_toBytes(S->val,s);
+ S->len=WCC_PGS_ZZZ;
+ return 0;
+}
+
+/* Add two members from the group G1 */
+int WCC_ZZZ_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
+{
+ ECP_ZZZ P,T;
+ int res=0;
+ if (!ECP_ZZZ_fromOctet(&P,R1)) res=WCC_INVALID_POINT;
+ if (!ECP_ZZZ_fromOctet(&T,R2)) res=WCC_INVALID_POINT;
+ if (res==0)
+ {
+ ECP_ZZZ_add(&P,&T);
+ ECP_ZZZ_toOctet(R,&P);
+ }
+ return res;
+}
+
+/* Add two members from the group G2 */
+int WCC_ZZZ_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
+{
+ ECP8_ZZZ Q,T;
+ int res=0;
+ if (!ECP8_ZZZ_fromOctet(&Q,W1)) res=WCC_INVALID_POINT;
+ if (!ECP8_ZZZ_fromOctet(&T,W2)) res=WCC_INVALID_POINT;
+ if (res==0)
+ {
+ ECP8_ZZZ_add(&Q,&T);
+ ECP8_ZZZ_toOctet(W,&Q);
+ }
+ return res;
+}