You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:49:38 UTC
[01/51] [partial] incubator-milagro-crypto git commit: update code
Repository: incubator-milagro-crypto
Updated Branches:
refs/heads/master c8ca57b4d -> 70e3a3a36
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/go/AES.go
----------------------------------------------------------------------
diff --git a/version22/go/AES.go b/version22/go/AES.go
new file mode 100644
index 0000000..1aeb6d7
--- /dev/null
+++ b/version22/go/AES.go
@@ -0,0 +1,634 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AES Encryption */
+
+package main
+
+//import "fmt"
+
+const aes_ECB int=0
+const aes_CBC int=1
+const aes_CFB1 int=2
+const aes_CFB2 int=3
+const aes_CFB4 int=5
+const aes_OFB1 int=14
+const aes_OFB2 int=15
+const aes_OFB4 int=17
+const aes_OFB8 int=21
+const aes_OFB16 int=29
+const aes_CTR1 int=30
+const aes_CTR2 int=31
+const aes_CTR4 int=33
+const aes_CTR8 int=37
+const aes_CTR16 int=45
+
+var aes_InCo = [...]byte {0xB,0xD,0x9,0xE} /* Inverse Coefficients */
+
+var aes_ptab = [...]byte {
+ 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
+ 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
+ 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
+ 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
+ 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
+ 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
+ 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
+ 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
+ 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
+ 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
+ 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
+ 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
+ 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
+ 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
+ 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
+ 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1}
+
+var aes_ltab = [...]byte {
+ 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
+ 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
+ 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
+ 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
+ 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
+ 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
+ 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
+ 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
+ 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
+ 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
+ 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
+ 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
+ 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
+ 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
+ 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
+ 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7}
+
+
+var aes_fbsub = [...]byte {
+ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
+ 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
+ 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
+ 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
+ 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
+ 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
+ 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
+ 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
+ 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
+ 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
+ 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
+ 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
+ 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
+ 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
+ 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
+ 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22}
+
+var aes_rbsub = [...]byte {
+ 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
+ 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
+ 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
+ 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
+ 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
+ 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
+ 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
+ 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
+ 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
+ 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
+ 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
+ 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
+ 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
+ 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
+ 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
+ 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125}
+
+
+var aes_rco = [...]byte {1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47}
+
+var aes_ftable = [...]uint32 {
+ 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
+ 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
+ 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
+ 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
+ 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
+ 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
+ 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
+ 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
+ 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
+ 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
+ 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
+ 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
+ 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
+ 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
+ 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
+ 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
+ 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
+ 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
+ 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
+ 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
+ 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
+ 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
+ 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
+ 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
+ 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
+ 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
+ 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
+ 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
+ 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
+ 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
+ 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
+ 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
+ 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
+ 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
+ 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
+ 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
+ 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
+ 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
+ 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
+ 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
+ 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
+ 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
+ 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c}
+
+var aes_rtable = [...]uint32 {
+ 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
+ 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
+ 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
+ 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
+ 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
+ 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
+ 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
+ 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
+ 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
+ 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
+ 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
+ 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
+ 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
+ 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
+ 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
+ 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
+ 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
+ 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
+ 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
+ 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
+ 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
+ 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
+ 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
+ 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
+ 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
+ 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
+ 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
+ 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
+ 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
+ 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
+ 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
+ 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
+ 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
+ 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
+ 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
+ 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
+ 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
+ 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
+ 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
+ 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
+ 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
+ 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
+ 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0}
+
+type AES struct {
+ Nk int
+ Nr int
+ mode int
+ fkey [60]uint32
+ rkey [60]uint32
+ f [16]byte
+}
+
+/* Rotates 32-bit word left by 1, 2 or 3 byte */
+
+func aes_ROTL8(x uint32) uint32 {
+ return (((x)<<8)|((x)>>24))
+}
+
+func aes_ROTL16(x uint32) uint32 {
+ return (((x)<<16)|((x)>>16))
+}
+
+func aes_ROTL24(x uint32) uint32 {
+ return (((x)<<24)|((x)>>8))
+}
+
+func aes_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */
+ return ((uint32(b[3])&0xff)<<24)|((uint32(b[2])&0xff)<<16)|((uint32(b[1])&0xff)<<8)|(uint32(b[0])&0xff)
+}
+
+func aes_unpack(a uint32) [4]byte { /* unpack bytes from a word */
+ var b=[4]byte{byte(a&0xff),byte((a>>8)&0xff),byte((a>>16)&0xff),byte((a>>24)&0xff)}
+ return b;
+}
+
+func aes_bmul(x byte,y byte) byte { /* x.y= AntiLog(Log(x) + Log(y)) */
+
+ ix:=int(x)&0xff
+ iy:=int(y)&0xff
+ lx:=int(aes_ltab[ix])&0xff
+ ly:=int(aes_ltab[iy])&0xff
+
+ if x != 0 && y != 0 {
+ return aes_ptab[(lx+ly)%255]
+ } else {return byte(0)}
+}
+
+func aes_SubByte(a uint32) uint32 {
+ b:=aes_unpack(a)
+ b[0]=aes_fbsub[int(b[0])]
+ b[1]=aes_fbsub[int(b[1])]
+ b[2]=aes_fbsub[int(b[2])]
+ b[3]=aes_fbsub[int(b[3])]
+ return aes_pack(b);
+}
+
+func aes_product(x uint32,y uint32) byte { /* dot product of two 4-byte arrays */
+ xb:=aes_unpack(x)
+ yb:=aes_unpack(y)
+
+ return (aes_bmul(xb[0],yb[0])^aes_bmul(xb[1],yb[1])^aes_bmul(xb[2],yb[2])^aes_bmul(xb[3],yb[3]))
+}
+
+func aes_InvMixCol(x uint32) uint32 { /* matrix Multiplication */
+ var b [4]byte
+ m:=aes_pack(aes_InCo)
+ b[3]=aes_product(m,x)
+ m=aes_ROTL24(m)
+ b[2]=aes_product(m,x)
+ m=aes_ROTL24(m)
+ b[1]=aes_product(m,x)
+ m=aes_ROTL24(m)
+ b[0]=aes_product(m,x)
+ var y=aes_pack(b)
+ return y
+}
+
+func aes_increment(f []byte) {
+ for i:=0;i<16;i++ {
+ f[i]++
+ if f[i]!=0 {break}
+ }
+}
+
+/* reset cipher */
+func (A *AES) Reset(m int,iv []byte) { /* reset mode, or reset iv */
+ A.mode=m;
+ for i:=0;i<16;i++ {A.f[i]=0}
+ if (A.mode != aes_ECB) && (iv != nil) {
+ for i:=0;i<16;i++ {A.f[i]=iv[i]}
+ }
+}
+
+func (A *AES) Init(m int,nk int,key []byte,iv []byte) bool {
+/* Key Scheduler. Create expanded encryption key */
+ var CipherKey [8]uint32
+ var b [4]byte
+ nk/=4
+ if nk!=4 && nk!=6 && nk!=8 {return false}
+ nr:=6+nk
+ A.Nk=nk
+ A.Nr=nr
+ A.Reset(m,iv);
+ N:=4*(nr+1)
+
+ j:=0
+ for i:=0;i<nk;i++ {
+ for k:=0;k<4;k++ {b[k]=key[j+k]}
+ CipherKey[i]=aes_pack(b);
+ j+=4;
+ }
+ for i:=0;i<nk;i++ {A.fkey[i]=CipherKey[i]}
+ j=nk
+ for k:=0;j<N;k++ {
+ A.fkey[j]=A.fkey[j-nk]^aes_SubByte(aes_ROTL24(A.fkey[j-1]))^uint32(aes_rco[k])
+ for i:=1;i<nk && (i+j)<N;i++ {
+ A.fkey[i+j]=A.fkey[i+j-nk]^A.fkey[i+j-1]
+ }
+ j+=nk
+ }
+
+ /* now for the expanded decrypt key in reverse order */
+
+ for j:=0;j<4;j++ {A.rkey[j+N-4]=A.fkey[j]}
+ for i:=4;i<N-4;i+=4 {
+ k:=N-4-i;
+ for j:=0;j<4;j++ {A.rkey[k+j]=aes_InvMixCol(A.fkey[i+j])}
+ }
+ for j:=N-4;j<N;j++ {A.rkey[j-N+4]=A.fkey[j]}
+ return true
+}
+
+func NewAES() *AES {
+ var A=new(AES)
+ return A
+}
+
+func (A *AES) Getreg() [16]byte {
+ var ir [16]byte
+ for i:=0;i<16;i++ {ir[i]=A.f[i]}
+ return ir
+}
+
+ /* Encrypt a single block */
+func (A *AES) ecb_encrypt(buff []byte) {
+ var b [4]byte
+ var p [4]uint32
+ var q [4]uint32
+
+ j:=0
+ for i:=0;i<4;i++ {
+ for k:=0;k<4;k++ {b[k]=buff[j+k]}
+ p[i]=aes_pack(b)
+ p[i]^=A.fkey[i]
+ j+=4
+ }
+
+ k:=4
+
+ /* State alternates between p and q */
+ for i:=1;i<A.Nr;i++ {
+ q[0]=A.fkey[k]^aes_ftable[int(p[0]&0xff)]^aes_ROTL8(aes_ftable[int((p[1]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[2]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[3]>>24)&0xff)])
+
+ q[1]=A.fkey[k+1]^aes_ftable[int(p[1]&0xff)]^aes_ROTL8(aes_ftable[int((p[2]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[3]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[0]>>24)&0xff)])
+
+ q[2]=A.fkey[k+2]^aes_ftable[int(p[2]&0xff)]^aes_ROTL8(aes_ftable[int((p[3]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[0]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[1]>>24)&0xff)])
+
+ q[3]=A.fkey[k+3]^aes_ftable[int(p[3]&0xff)]^aes_ROTL8(aes_ftable[int((p[0]>>8)&0xff)])^aes_ROTL16(aes_ftable[int((p[1]>>16)&0xff)])^aes_ROTL24(aes_ftable[int((p[2]>>24)&0xff)])
+
+ k+=4;
+ for j=0;j<4;j++ {
+ t:=p[j]; p[j]=q[j]; q[j]=t
+ }
+ }
+
+ /* Last Round */
+
+ q[0]=A.fkey[k]^uint32(aes_fbsub[int(p[0]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[1]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[2]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[3]>>24)&0xff)]))
+
+ q[1]=A.fkey[k+1]^uint32(aes_fbsub[int(p[1]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[2]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[3]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[0]>>24)&0xff)]))
+
+ q[2]=A.fkey[k+2]^uint32(aes_fbsub[int(p[2]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[3]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[0]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[1]>>24)&0xff)]))
+
+ q[3]=A.fkey[k+3]^uint32(aes_fbsub[int(p[3]&0xff)])^aes_ROTL8(uint32(aes_fbsub[int((p[0]>>8)&0xff)]))^aes_ROTL16(uint32(aes_fbsub[int((p[1]>>16)&0xff)]))^aes_ROTL24(uint32(aes_fbsub[int((p[2]>>24)&0xff)]))
+
+ j=0
+ for i:=0;i<4;i++ {
+ b=aes_unpack(q[i])
+ for k=0;k<4;k++ {buff[j+k]=b[k]}
+ j+=4
+ }
+}
+
+ /* Decrypt a single block */
+func (A *AES) ecb_decrypt(buff []byte) {
+ var b [4]byte
+ var p [4]uint32
+ var q [4]uint32
+
+ j:=0
+ for i:=0;i<4;i++ {
+ for k:=0;k<4;k++ {b[k]=buff[j+k]}
+ p[i]=aes_pack(b)
+ p[i]^=A.rkey[i]
+ j+=4
+ }
+
+ k:=4
+
+ /* State alternates between p and q */
+ for i:=1;i<A.Nr;i++ {
+
+ q[0]=A.rkey[k]^aes_rtable[int(p[0]&0xff)]^aes_ROTL8(aes_rtable[int((p[3]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[2]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[1]>>24)&0xff)])
+
+ q[1]=A.rkey[k+1]^aes_rtable[int(p[1]&0xff)]^aes_ROTL8(aes_rtable[int((p[0]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[3]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[2]>>24)&0xff)])
+
+
+ q[2]=A.rkey[k+2]^aes_rtable[int(p[2]&0xff)]^aes_ROTL8(aes_rtable[int((p[1]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[0]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[3]>>24)&0xff)])
+
+ q[3]=A.rkey[k+3]^aes_rtable[int(p[3]&0xff)]^aes_ROTL8(aes_rtable[int((p[2]>>8)&0xff)])^aes_ROTL16(aes_rtable[int((p[1]>>16)&0xff)])^aes_ROTL24(aes_rtable[int((p[0]>>24)&0xff)])
+
+
+ k+=4;
+ for j:=0;j<4;j++ {
+ t:=p[j]; p[j]=q[j]; q[j]=t
+ }
+ }
+
+ /* Last Round */
+
+ q[0]=A.rkey[k]^uint32(aes_rbsub[int(p[0]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[3]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[2]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[1]>>24)&0xff)]))
+
+ q[1]=A.rkey[k+1]^uint32(aes_rbsub[int(p[1]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[0]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[3]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[2]>>24)&0xff)]))
+
+
+ q[2]=A.rkey[k+2]^uint32(aes_rbsub[int(p[2]&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[1]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[0]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[3]>>24)&0xff)]))
+
+ q[3]=A.rkey[k+3]^uint32(aes_rbsub[int((p[3])&0xff)])^aes_ROTL8(uint32(aes_rbsub[int((p[2]>>8)&0xff)]))^aes_ROTL16(uint32(aes_rbsub[int((p[1]>>16)&0xff)]))^aes_ROTL24(uint32(aes_rbsub[int((p[0]>>24)&0xff)]))
+
+ j=0
+ for i:=0;i<4;i++ {
+ b=aes_unpack(q[i]);
+ for k:=0;k<4;k++ {buff[j+k]=b[k]}
+ j+=4
+ }
+}
+
+/* Encrypt using selected mode of operation */
+func (A *AES) Encrypt(buff []byte) uint32 {
+ var st [16]byte
+
+ // Supported Modes of Operation
+
+ var fell_off uint32=0
+ switch A.mode {
+ case aes_ECB:
+ A.ecb_encrypt(buff)
+ return 0
+ case aes_CBC:
+ for j:=0;j<16;j++ {buff[j]^=A.f[j]}
+ A.ecb_encrypt(buff)
+ for j:=0;j<16;j++ {A.f[j]=buff[j]}
+ return 0
+
+ case aes_CFB1:
+ fallthrough
+ case aes_CFB2:
+ fallthrough
+ case aes_CFB4:
+ bytes:=A.mode-aes_CFB1+1
+ for j:=0;j<bytes;j++ {fell_off=(fell_off<<8)|uint32(A.f[j])}
+ for j:=0;j<16;j++ {st[j]=A.f[j]}
+ for j:=bytes;j<16;j++ {A.f[j-bytes]=A.f[j]}
+ A.ecb_encrypt(st[:])
+ for j:=0;j<bytes;j++ {
+ buff[j]^=st[j]
+ A.f[16-bytes+j]=buff[j]
+ }
+ return fell_off
+
+ case aes_OFB1:
+ fallthrough
+ case aes_OFB2:
+ fallthrough
+ case aes_OFB4:
+ fallthrough
+ case aes_OFB8:
+ fallthrough
+ case aes_OFB16:
+
+ bytes:=A.mode-aes_OFB1+1
+ A.ecb_encrypt(A.f[:])
+ for j:=0;j<bytes;j++ {buff[j]^=A.f[j]}
+ return 0;
+
+ case aes_CTR1:
+ fallthrough
+ case aes_CTR2:
+ fallthrough
+ case aes_CTR4:
+ fallthrough
+ case aes_CTR8:
+ fallthrough
+ case aes_CTR16:
+ bytes:=A.mode-aes_CTR1+1
+ for j:=0;j<16;j++ {st[j]=A.f[j]}
+ A.ecb_encrypt(st[:])
+ for j:=0;j<bytes;j++ {buff[j]^=st[j]}
+ aes_increment(A.f[:])
+ return 0
+
+ default:
+ return 0
+ }
+}
+
+ /* Decrypt using selected mode of operation */
+func (A *AES) Decrypt(buff []byte) uint32 {
+
+ var st [16]byte
+
+ // Supported Modes of Operation
+
+ var fell_off uint32=0
+ switch A.mode {
+ case aes_ECB:
+ A.ecb_decrypt(buff);
+ return 0;
+ case aes_CBC:
+ for j:=0;j<16;j++ {
+ st[j]=A.f[j];
+ A.f[j]=buff[j];
+ }
+ A.ecb_decrypt(buff);
+ for j:=0;j<16;j++ {
+ buff[j]^=st[j];
+ st[j]=0
+ }
+ return 0
+ case aes_CFB1:
+ fallthrough
+ case aes_CFB2:
+ fallthrough
+ case aes_CFB4:
+ bytes:=A.mode-aes_CFB1+1;
+ for j:=0;j<bytes;j++ {fell_off=(fell_off<<8)|uint32(A.f[j])}
+ for j:=0;j<16;j++ {st[j]=A.f[j]}
+ for j:=bytes;j<16;j++ {A.f[j-bytes]=A.f[j]}
+ A.ecb_encrypt(st[:])
+ for j:=0;j<bytes;j++ {
+ A.f[16-bytes+j]=buff[j]
+ buff[j]^=st[j]
+ }
+ return fell_off
+ case aes_OFB1:
+ fallthrough
+ case aes_OFB2:
+ fallthrough
+ case aes_OFB4:
+ fallthrough
+ case aes_OFB8:
+ fallthrough
+ case aes_OFB16:
+ bytes:=A.mode-aes_OFB1+1
+ A.ecb_encrypt(A.f[:]);
+ for j:=0;j<bytes;j++ {buff[j]^=A.f[j]}
+ return 0
+
+ case aes_CTR1:
+ fallthrough
+ case aes_CTR2:
+ fallthrough
+ case aes_CTR4:
+ fallthrough
+ case aes_CTR8:
+ fallthrough
+ case aes_CTR16:
+ bytes:=A.mode-aes_CTR1+1
+ for j:=0;j<16;j++ {st[j]=A.f[j]}
+ A.ecb_encrypt(st[:])
+ for j:=0;j<bytes;j++ {buff[j]^=st[j]}
+ aes_increment(A.f[:])
+ return 0
+
+ default:
+ return 0;
+ }
+ }
+
+/* Clean up and delete left-overs */
+func (A *AES) End() { // clean up
+ for i:=0;i<4*(A.Nr+1);i++ {A.fkey[i]=0; A.rkey[i]=0}
+ for i:=0;i<16;i++ {A.f[i]=0}
+}
+/*
+func main() {
+ var key [32]byte
+ var block [16]byte
+ var iv [16]byte
+
+ for i:=0;i<32;i++ {key[i]=0}
+ key[0]=1
+ for i:=0;i<16;i++ {iv[i]=byte(i)}
+ for i:=0;i<16;i++ {block[i]=byte(i)}
+
+ a:=NewAES()
+
+ a.Init(aes_CTR16,32,key[:],iv[:])
+ fmt.Printf("Plain= \n")
+ for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
+ fmt.Printf("\n")
+
+ a.Encrypt(block[:])
+
+ fmt.Printf("Encrypt= \n")
+ for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
+ fmt.Printf("\n")
+
+ a.Reset(aes_CTR16,iv[:])
+ a.Decrypt(block[:])
+
+ fmt.Printf("Decrypt= \n")
+ for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
+ fmt.Printf("\n")
+
+ a.End();
+}
+*/
[28/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/ECP2.java
----------------------------------------------------------------------
diff --git a/java/ECP2.java b/java/ECP2.java
deleted file mode 100755
index e89237d..0000000
--- a/java/ECP2.java
+++ /dev/null
@@ -1,623 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-public final class ECP2 {
- private FP2 x;
- private FP2 y;
- private FP2 z;
- private boolean INF;
-
-/* Constructor - set this=O */
- public ECP2() {
- INF=true;
- x=new FP2(0);
- y=new FP2(1);
- z=new FP2(1);
- }
-
-/* Test this=O? */
- public boolean is_infinity() {
- return INF;
- }
-/* copy this=P */
- public void copy(ECP2 P)
- {
- x.copy(P.x);
- y.copy(P.y);
- z.copy(P.z);
- INF=P.INF;
- }
-/* set this=O */
- public void inf() {
- INF=true;
- x.zero();
- y.zero();
- z.zero();
- }
-
-/* Conditional move of Q to P dependant on d */
- public void cmove(ECP2 Q,int d)
- {
- x.cmove(Q.x,d);
- y.cmove(Q.y,d);
- z.cmove(Q.z,d);
-
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- INF^=(INF^Q.INF)&bd;
- }
-
-/* return 1 if b==c, no branching */
- public static int teq(int b,int c)
- {
- int x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
- }
-
-/* Constant time select from pre-computed table */
- public void select(ECP2 W[],int b)
- {
- ECP2 MP=new ECP2();
- int m=b>>31;
- int babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m&1));
- }
-
-/* Test if P == Q */
- public boolean equals(ECP2 Q) {
- if (is_infinity() && Q.is_infinity()) return true;
- if (is_infinity() || Q.is_infinity()) return false;
-
- FP2 zs2=new FP2(z); zs2.sqr();
- FP2 zo2=new FP2(Q.z); zo2.sqr();
- FP2 zs3=new FP2(zs2); zs3.mul(z);
- FP2 zo3=new FP2(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.equals(zo3)) return false;
-
- return true;
- }
-/* set this=-this */
- public void neg() {
- if (is_infinity()) return;
- y.neg(); y.norm();
- return;
- }
-/* set to Affine - (x,y,z) to (x,y) */
- public void affine() {
- if (is_infinity()) return;
- FP2 one=new FP2(1);
- if (z.equals(one)) return;
- z.inverse();
-
- FP2 z2=new FP2(z);
- z2.sqr();
- x.mul(z2); x.reduce();
- y.mul(z2);
- y.mul(z); y.reduce();
- z.copy(one);
- }
-/* extract affine x as FP2 */
- public FP2 getX()
- {
- affine();
- return x;
- }
-/* extract affine y as FP2 */
- public FP2 getY()
- {
- affine();
- return y;
- }
-/* extract projective x */
- public FP2 getx()
- {
- return x;
- }
-/* extract projective y */
- public FP2 gety()
- {
- return y;
- }
-/* extract projective z */
- public FP2 getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- affine();
- x.getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i]=t[i];
- x.getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+ROM.MODBYTES]=t[i];
-
- y.getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+2*ROM.MODBYTES]=t[i];
- y.getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+3*ROM.MODBYTES]=t[i];
- }
-/* convert from byte array to point */
- public static ECP2 fromBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- BIG ra;
- BIG rb;
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i];
- ra=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES];
- rb=BIG.fromBytes(t);
- FP2 rx=new FP2(ra,rb);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+2*ROM.MODBYTES];
- ra=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+3*ROM.MODBYTES];
- rb=BIG.fromBytes(t);
- FP2 ry=new FP2(ra,rb);
-
- return new ECP2(rx,ry);
- }
-/* convert this to hex string */
- public String toString() {
- if (is_infinity()) return "infinity";
- affine();
- return "("+x.toString()+","+y.toString()+")";
- }
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
- public static FP2 RHS(FP2 x) {
- x.norm();
- FP2 r=new FP2(x);
- r.sqr();
- FP2 b=new FP2(new BIG(ROM.CURVE_B));
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
- }
-
-/* construct this from (x,y) - but set to O if not on curve */
- public ECP2(FP2 ix,FP2 iy) {
- x=new FP2(ix);
- y=new FP2(iy);
- z=new FP2(1);
- FP2 rhs=RHS(x);
- FP2 y2=new FP2(y);
- y2.sqr();
- if (y2.equals(rhs)) INF=false;
- else {x.zero();INF=true;}
- }
-
-/* construct this from x - but set to O if not on curve */
- public ECP2(FP2 ix) {
- x=new FP2(ix);
- y=new FP2(1);
- z=new FP2(1);
- FP2 rhs=RHS(x);
- if (rhs.sqrt())
- {
- y.copy(rhs);
- INF=false;
- }
- else {x.zero();INF=true;}
- }
-
-/* this+=this */
- public int dbl() {
- if (INF) return -1;
- if (y.iszilch())
- {
- inf();
- return -1;
- }
-
- FP2 w1=new FP2(x);
- FP2 w2=new FP2(0);
- FP2 w3=new FP2(x);
- FP2 w8=new FP2(x);
-
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
-
- w2.copy(y); w2.sqr();
- w3.copy(x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
- w1.norm();
-
- x.copy(w8); x.sqr();
- x.add(w1);
- x.add(w1);
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8); y.mul(w3);
- w2.norm();
- y.sub(w2);
- y.norm();
- z.norm();
-
- return 1;
- }
-
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
- public int add(ECP2 Q) {
- if (INF)
- {
- copy(Q);
- return -1;
- }
- if (Q.INF) return -1;
-
- boolean aff=false;
-
- if (Q.z.isunity()) aff=true;
-
- FP2 A,C;
- FP2 B=new FP2(z);
- FP2 D=new FP2(z);
- if (!aff)
- {
- A=new FP2(Q.z);
- C=new FP2(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A=new FP2(x);
- C=new FP2(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return 1;
- }
- else
- {
- INF=true;
- return -1;
- }
- }
-
- if (!aff) z.mul(Q.z);
- z.mul(B);
-
- FP2 e=new FP2(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- x.copy(D); x.sqr(); x.sub(e);
-
- A.sub(x);
- y.copy(A); y.mul(D);
- C.mul(B); y.sub(C);
-
- x.norm();
- y.norm();
- z.norm();
-
- return 0;
- }
-
-/* set this-=Q */
- public int sub(ECP2 Q) {
- Q.neg();
- int D=add(Q);
- Q.neg();
- return D;
- }
-/* set this*=q, where q is Modulus, using Frobenius */
- public void frob(FP2 X)
- {
- if (INF) return;
- FP2 X2=new FP2(X);
- X2.sqr();
- x.conj();
- y.conj();
- z.conj();
- z.reduce();
- x.mul(X2);
- y.mul(X2);
- y.mul(X);
- }
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
- public static void multiaffine(int m,ECP2[] P)
- {
- int i;
- FP2 t1=new FP2(0);
- FP2 t2=new FP2(0);
-
- FP2[] work=new FP2[m];
- work[0]=new FP2(1);
- work[1]=new FP2(P[0].z);
- for (i=2;i<m;i++)
- {
- work[i]=new FP2(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z);
-
- t1.inverse();
-
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]); t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* P*=e */
- public ECP2 mul(BIG e)
- {
-/* fixed size windows */
- int i,b,nb,m,s,ns;
- BIG mt=new BIG();
- BIG t=new BIG();
- ECP2 P=new ECP2();
- ECP2 Q=new ECP2();
- ECP2 C=new ECP2();
- ECP2[] W=new ECP2[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4];
-
- if (is_infinity()) return new ECP2();
-
- affine();
-
-/* precompute table */
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP2();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP2();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-/* convert the table to affine */
-
- multiaffine(8,W);
-
-/* make exponent odd - add 2P if even, P if odd */
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+(t.nbits()+3)/4;
-/* convert exponent to signed 4-bit window */
- for (i=0;i<nb;i++)
- {
- w[i]=(byte)(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=(byte)t.lastbits(5);
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- P.affine();
- return P;
- }
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
- public static ECP2 mul4(ECP2[] Q,BIG[] u)
- {
- int i,j,nb;
- int[] a=new int[4];
- ECP2 T=new ECP2();
- ECP2 C=new ECP2();
- ECP2 P=new ECP2();
- ECP2[] W=new ECP2[8];
-
- BIG mt=new BIG();
- BIG[] t=new BIG[4];
-
- byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1];
-
- for (i=0;i<4;i++)
- {
- t[i]=new BIG(u[i]);
- Q[i].affine();
- }
-
-/* precompute table */
-
- W[0]=new ECP2(); W[0].copy(Q[0]); W[0].sub(Q[1]);
- W[1]=new ECP2(); W[1].copy(W[0]);
- W[2]=new ECP2(); W[2].copy(W[0]);
- W[3]=new ECP2(); W[3].copy(W[0]);
- W[4]=new ECP2(); W[4].copy(Q[0]); W[4].add(Q[1]);
- W[5]=new ECP2(); W[5].copy(W[4]);
- W[6]=new ECP2(); W[6].copy(W[4]);
- W[7]=new ECP2(); W[7].copy(W[4]);
- T.copy(Q[2]); T.sub(Q[3]);
- W[1].sub(T);
- W[2].add(T);
- W[5].sub(T);
- W[6].add(T);
- T.copy(Q[2]); T.add(Q[3]);
- W[0].sub(T);
- W[3].add(T);
- W[4].sub(T);
- W[7].add(T);
-
- multiaffine(8,W);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf();
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- C.add(Q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
-
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(byte)(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- P.dbl();
- P.add(T);
- }
- P.sub(C); /* apply correction */
-
- P.affine();
- return P;
- }
-
-/*
- public static void main(String[] args) {
- BIG r=new BIG(ROM.Modulus);
-
- BIG Pxa=new BIG(ROM.CURVE_Pxa);
- BIG Pxb=new BIG(ROM.CURVE_Pxb);
- BIG Pya=new BIG(ROM.CURVE_Pya);
- BIG Pyb=new BIG(ROM.CURVE_Pyb);
-
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(Fra,Frb);
-
- FP2 Px=new FP2(Pxa,Pxb);
- FP2 Py=new FP2(Pya,Pyb);
-
- ECP2 P=new ECP2(Px,Py);
-
- System.out.println("P= "+P.toString());
-
- P=P.mul(r);
- System.out.println("P= "+P.toString());
-
- ECP2 Q=new ECP2(Px,Py);
- Q.frob(f);
- System.out.println("Q= "+Q.toString());
- } */
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/FF.java
----------------------------------------------------------------------
diff --git a/java/FF.java b/java/FF.java
deleted file mode 100755
index e02d47b..0000000
--- a/java/FF.java
+++ /dev/null
@@ -1,974 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Java Large Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public final class FF {
- private final BIG[] v;
- private final int length;
-
- private static final int P_MBITS=ROM.MODBYTES*8;
- private static final int P_MB=(P_MBITS%ROM.BASEBITS);
- private static final int P_OMASK=((int)(-1)<<(P_MBITS%ROM.BASEBITS));
- private static final int P_FEXCESS=((int)1<<(ROM.BASEBITS*ROM.NLEN-P_MBITS));
- private static final int P_TBITS=(P_MBITS%ROM.BASEBITS);
-
- public int P_EXCESS()
- {
- return ((v[length-1].get(ROM.NLEN-1)&P_OMASK)>>(P_MB));
- }
-
-/* Constructors */
- public FF(int n)
- {
- v=new BIG[n];
- for (int i=0;i<n;i++)
- v[i]=new BIG(0);
- length=n;
- }
-
- public FF(int [][] x,int n)
- {
- v=new BIG[n];
- for (int i=0;i<n;i++)
- v[i]=new BIG(x[i]);
- length=n;
- }
-
- public int getlen()
- {
- return length;
- }
-
-/* set to integer */
- public void set(int m)
- {
- zero();
- v[0].set(0,(int)(m&ROM.MASK));
- v[0].set(1,(int)(m>>ROM.BASEBITS));
- }
-
-/* copy from FF b */
- public void copy(FF b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].copy(b.v[i]);
- }
- }
-
-/* x=y<<n */
- public void dsucopy(FF b)
- {
- for (int i=0;i<b.length;i++)
- {
- v[b.length+i].copy(b.v[i]);
- v[i].zero();
- }
- }
-
-/* x=y */
- public void dscopy(FF b)
- {
- for (int i=0;i<b.length;i++)
- {
- v[i].copy(b.v[i]);
- v[b.length+i].zero();
- }
- }
-
-/* x=y>>n */
- public void sducopy(FF b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].copy(b.v[length+i]);
- }
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<length;i++)
- {
- v[i].zero();
- }
- }
-
- public void one()
- {
- v[0].one();
- for (int i=1;i<length;i++)
- {
- v[i].zero();
- }
- }
-
-/* test equals 0 */
- public boolean iszilch()
- {
- for (int i=0;i<length;i++)
- {
- if (!v[i].iszilch()) return false;
- }
- return true;
- }
-
-/* shift right by 256-bit words */
- public void shrw(int n)
- {
- for (int i=0;i<n;i++)
- {
- v[i].copy(v[i+n]);
- v[i+n].zero();
- }
- }
-
-/* shift left by 256-bit words */
- public void shlw(int n)
- {
- for (int i=0;i<n;i++)
- {
- v[n+i].copy(v[i]);
- v[i].zero();
- }
- }
-
-/* extract last bit */
- public int parity()
- {
- return v[0].parity();
- }
-
- public int lastbits(int m)
- {
- return v[0].lastbits(m);
- }
-
-/* compare x and y - must be normalised, and of same length */
- public static int comp(FF a,FF b)
- {
- int i,j;
- for (i=a.length-1;i>=0;i--)
- {
- j=BIG.comp(a.v[i],b.v[i]);
- if (j!=0) return j;
- }
- return 0;
- }
-
-/* recursive add */
- public void radd(int vp,FF x,int xp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].copy(x.v[xp+i]);
- v[vp+i].add(y.v[yp+i]);
- }
- }
-
-/* recursive inc */
- public void rinc(int vp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].add(y.v[yp+i]);
- }
- }
-
-/* recursive sub */
- public void rsub(int vp,FF x,int xp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].copy(x.v[xp+i]);
- v[vp+i].sub(y.v[yp+i]);
- }
- }
-
-/* recursive dec */
- public void rdec(int vp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].sub(y.v[yp+i]);
- }
- }
-
-/* simple add */
- public void add(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].add(b.v[i]);
- }
-
-/* simple sub */
- public void sub(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].sub(b.v[i]);
- }
-
-/* reverse sub */
- public void revsub(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].rsub(b.v[i]);
- }
-
-/* increment/decrement by a small integer */
- public void inc(int m)
- {
- v[0].inc(m);
- norm();
- }
-
- public void dec(int m)
- {
- v[0].dec(m);
- norm();
- }
-
- /* normalise - but hold any overflow in top part unless n<0 */
- private void rnorm(int vp,int n)
- {
- boolean trunc=false;
- int i,carry;
- if (n<0)
- { /* -v n signals to do truncation */
- n=-n;
- trunc=true;
- }
- for (i=0;i<n-1;i++)
- {
- carry=v[vp+i].norm();
- v[vp+i].xortop(carry<<P_TBITS);
- v[vp+i+1].inc(carry);
- }
- carry=v[vp+n-1].norm();
- if (trunc)
- v[vp+n-1].xortop(carry<<P_TBITS);
-
- }
-
- public void norm()
- {
- rnorm(0,length);
- }
-
-/* shift left by one bit */
- public void shl()
- {
- int i,carry,delay_carry=0;
- for (i=0;i<length-1;i++)
- {
- carry=v[i].fshl(1);
- v[i].inc(delay_carry);
- v[i].xortop(carry<<P_TBITS);
- delay_carry=carry;
- }
- v[length-1].fshl(1);
- v[length-1].inc(delay_carry);
- }
-
-/* shift right by one bit */
-
- public void shr()
- {
- int i,carry;
- for (i=length-1;i>0;i--)
- {
- carry=v[i].fshr(1);
- v[i-1].ortop(carry<<P_TBITS);
- }
- v[0].fshr(1);
- }
-
-/* Convert to Hex String */
- public String toString()
- {
- norm();
- String s="";
- for (int i=length-1;i>=0;i--)
- {
- s+=v[i].toString();
- }
- return s;
- }
-
-/* Convert FFs to/from byte arrays */
- public void toBytes(byte[] b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].tobytearray(b,(length-i-1)*ROM.MODBYTES);
- }
- }
-
- public static void fromBytes(FF x,byte[] b)
- {
- for (int i=0;i<x.length;i++)
- {
- x.v[i]=BIG.frombytearray(b,(x.length-i-1)*ROM.MODBYTES);
- }
- }
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
- private static void cswap(FF a,FF b,int d)
- {
- for (int i=0;i<a.length;i++)
- {
- // BIG.cswap(a.v[i],b.v[i],d);
- a.v[i].cswap(b.v[i],d);
- }
- }
-
-/* z=x*y, t is workspace */
- private void karmul(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n)
- {
- int nd2;
- if (n==1)
- {
- DBIG d=BIG.mul(x.v[xp],y.v[yp]);
- v[vp+1]=d.split(8*ROM.MODBYTES);
- v[vp].copy(d);
- return;
- }
- nd2=n/2;
- radd(vp,x,xp,x,xp+nd2,nd2);
- rnorm(vp,nd2);
- radd(vp+nd2,y,yp,y,yp+nd2,nd2);
- rnorm(vp+nd2,nd2);
- t.karmul(tp,this,vp,this,vp+nd2,t,tp+n,nd2);
- karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- t.rdec(tp,this,vp,n);
- t.rdec(tp,this,vp+n,n);
- rinc(vp+nd2,t,tp,n);
- rnorm(vp,2*n);
- }
-
- private void karsqr(int vp,FF x,int xp,FF t,int tp,int n)
- {
- int nd2;
- if (n==1)
- {
- DBIG d=BIG.sqr(x.v[xp]);
- v[vp+1].copy(d.split(8*ROM.MODBYTES));
- v[vp].copy(d);
- return;
- }
-
- nd2=n/2;
- karsqr(vp,x,xp,t,tp+n,nd2);
- karsqr(vp+n,x,xp+nd2,t,tp+n,nd2);
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,n);
- rinc(vp+nd2,t,tp,n);
- rnorm(vp+nd2,n);
- }
-
-
- private void karmul_lower(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n)
- { /* Calculates Least Significant bottom half of x*y */
- int nd2;
- if (n==1)
- { /* only calculate bottom half of product */
- v[vp].copy(BIG.smul(x.v[xp],y.v[yp]));
- return;
- }
- nd2=n/2;
-
- karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- rnorm(vp+nd2,-nd2); /* truncate it */
- }
-
- private void karmul_upper(FF x,FF y,FF t,int n)
- { /* Calculates Most Significant upper half of x*y, given lower part */
- int nd2;
-
- nd2=n/2;
- radd(n,x,0,x,nd2,nd2);
- radd(n+nd2,y,0,y,nd2,nd2);
-
- t.karmul(0,this,n+nd2,this,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,this,n,n); /* t=t-a1b1 */
- rinc(nd2,this,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- rnorm(0,-n); /* a0b0 now in z - truncate it */
- t.rdec(0,this,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- rinc(nd2,t,0,n);
-
- rnorm(nd2,n);
- }
-
- /* z=x*y. Assumes x and y are of same length. */
- public static FF mul(FF x,FF y)
- {
- int n=x.length;
- FF z=new FF(2*n);
- FF t=new FF(2*n);
- z.karmul(0,x,0,y,0,t,0,n);
- return z;
- }
-
- /* z=x^2 */
- public static FF sqr(FF x)
- {
- int n=x.length;
- FF z=new FF(2*n);
- FF t=new FF(2*n);
- z.karsqr(0,x,0,t,0,n);
- return z;
- }
-
-/* return low part of product this*y */
- public void lmul(FF y)
- {
- int n=length;
- FF t=new FF(2*n);
- FF x=new FF(n); x.copy(this);
- karmul_lower(0,x,0,y,0,t,0,n);
- }
-
-/* Set b=b mod c */
- public void mod(FF c)
- {
- int k=0;
-
- norm();
- if (comp(this,c)<0)
- return;
- do
- {
- c.shl();
- k++;
- } while (comp(this,c)>=0);
-
- while (k>0)
- {
- c.shr();
- if (comp(this,c)>=0)
- {
- sub(c);
- norm();
- }
- k--;
- }
- }
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
- public FF reduce(FF N,FF ND)
- { /* fast karatsuba Montgomery reduction */
- int n=N.length;
- FF t=new FF(2*n);
- FF r=new FF(n);
- FF m=new FF(n);
-
- r.sducopy(this);
- m.karmul_lower(0,this,0,ND,0,t,0,n);
- karmul_upper(N,m,t,n);
- m.sducopy(this);
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
-
- }
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
- public FF dmod(FF b)
- {
- int k,n=b.length;
- FF m=new FF(2*n);
- FF x=new FF(2*n);
- FF r=new FF(n);
-
- x.copy(this);
- x.norm();
- m.dsucopy(b); k=256*n;
-
- while (k>0)
- {
- m.shr();
-
- if (comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
- k--;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- }
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
-
- public void invmodp(FF p)
- {
- int n=p.length;
-
- FF u=new FF(n);
- FF v=new FF(n);
- FF x1=new FF(n);
- FF x2=new FF(n);
- FF t=new FF(n);
- FF one=new FF(n);
-
- one.one();
- u.copy(this);
- v.copy(p);
- x1.copy(one);
- x2.zero();
-
- // reduce n in here as well!
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr();
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr();
- }
- while (v.parity()==0)
- {
- v.shr();
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr();
- }
- if (comp(u,v)>=0)
- {
-
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0)
- copy(x1);
- else
- copy(x2);
- }
-
-/* nresidue mod m */
- public void nres(FF m)
- {
- int n=m.length;
- FF d=new FF(2*n);
- d.dsucopy(this);
- copy(d.dmod(m));
- }
-
- public void redc(FF m,FF ND)
- {
- int n=m.length;
- FF d=new FF(2*n);
- mod(m);
- d.dscopy(this);
- copy(d.reduce(m,ND));
- mod(m);
- }
-
- private void mod2m(int m)
- {
- for (int i=m;i<length;i++)
- v[i].zero();
- }
-
- /* U=1/a mod 2^m - Arazi & Qi */
- private FF invmod2m()
- {
- int i,n=length;
-
- FF b=new FF(n);
- FF c=new FF(n);
- FF U=new FF(n);
-
- FF t;
-
- U.zero();
- U.v[0].copy(v[0]);
- U.v[0].invmod2m();
-
- for (i=1;i<n;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- t=mul(U,b); t.shrw(i); b.copy(t);
- c.copy(this); c.shrw(i); c.mod2m(i);
- c.lmul(U); c.mod2m(i);
-
- b.add(c); b.norm();
- b.lmul(U); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(c); b.norm();
- b.shlw(i);
- U.add(b);
- }
- U.norm();
- return U;
- }
-
- public void random(RAND rng)
- {
- int n=length;
- for (int i=0;i<n;i++)
- {
- v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (v[n-1].nbits()<ROM.MODBYTES*8) v[n-1].copy(BIG.random(rng));
- }
-
- /* generate random x */
- public void randomnum(FF p,RAND rng)
- {
- int n=length;
- FF d=new FF(2*n);
-
- for (int i=0;i<2*n;i++)
- {
- d.v[i].copy(BIG.random(rng));
- }
- copy(d.dmod(p));
- }
-
- /* this*=y mod p */
- public void modmul(FF y,FF p,FF nd)
- {
- int ex=P_EXCESS();
- int ey=y.P_EXCESS();
- if ((ex+1)*(ey+1)+1>=P_FEXCESS) mod(p);
- FF d=mul(this,y);
- copy(d.reduce(p,nd));
- }
-
- /* this*=y mod p */
- public void modsqr(FF p,FF nd)
- {
- int ex=P_EXCESS();
- if ((ex+1)*(ex+1)+1>=P_FEXCESS) mod(p);
- FF d=sqr(this);
- copy(d.reduce(p,nd));
- }
-
- /* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
- public void skpow(FF e,FF p)
- {
- int i,b,n=p.length;
- FF R0=new FF(n);
- FF R1=new FF(n);
- FF ND=p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- b=e.v[i/256].bit(i%256);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
-
- }
-
- copy(R0);
- redc(p,ND);
- }
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- public void skpow(BIG e,FF p)
- {
- int i,b,n=p.length;
- FF R0=new FF(n);
- FF R1=new FF(n);
- FF ND=p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- b=e.bit(i);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
- }
- copy(R0);
- redc(p,ND);
- }
-
- /* raise to an integer power - right-to-left method */
- public void power(int e,FF p)
- {
- int n=p.length;
- boolean f=true;
- FF w=new FF(n);
- FF ND=p.invmod2m();
-
- w.copy(this);
- w.nres(p);
-
- if (e==2)
- {
- copy(w);
- modsqr(p,ND);
- }
- else for (; ; )
- {
- if (e%2==1)
- {
- if (f) copy(w);
- else modmul(w,p,ND);
- f=false;
- }
- e>>=1;
- if (e==0) break;
- w.modsqr(p,ND);
- }
- redc(p,ND);
- }
-
- /* this=this^e mod p, faster but not side channel resistant */
- public void pow(FF e,FF p)
- {
- int i,b,n=p.length;
- FF w=new FF(n);
- FF ND=p.invmod2m();
-
- w.copy(this);
- one();
- nres(p);
- w.nres(p);
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- modsqr(p,ND);
- b=e.v[i/256].bit(i%256);
- if (b==1) modmul(w,p,ND);
- }
- redc(p,ND);
- }
-
- /* double exponentiation r=x^e.y^f mod p */
- public void pow2(BIG e,FF y,BIG f,FF p)
- {
- int i,eb,fb,n=p.length;
- FF xn=new FF(n);
- FF yn=new FF(n);
- FF xy=new FF(n);
- FF ND=p.invmod2m();
-
- xn.copy(this);
- yn.copy(y);
- xn.nres(p);
- yn.nres(p);
- xy.copy(xn); xy.modmul(yn,p,ND);
- one();
- nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- eb=e.bit(i);
- fb=f.bit(i);
- modsqr(p,ND);
- if (eb==1)
- {
- if (fb==1) modmul(xy,p,ND);
- else modmul(xn,p,ND);
- }
- else
- {
- if (fb==1) modmul(yn,p,ND);
- }
- }
- redc(p,ND);
- }
-
- private static int igcd(int x,int y)
- { /* integer GCD, returns GCD of x and y */
- int r;
- if (y==0) return x;
- while ((r=x%y)!=0)
- {x=y;y=r;}
- return y;
- }
-
- /* quick and dirty check for common factor with n */
- public boolean cfactor(int s)
- {
- int r,n=length;
- int g;
-
- FF x=new FF(n);
- FF y=new FF(n);
-
- y.set(s);
- x.copy(this);
- x.norm();
-
- do
- {
- x.sub(y);
- x.norm();
- while (!x.iszilch() && x.parity()==0) x.shr();
- }
- while (comp(x,y)>0);
-
- g=x.v[0].get(0);
- r=igcd(s,g);
- if (r>1) return true;
- return false;
- }
-
- /* Miller-Rabin test for primality. Slow. */
- public static boolean prime(FF p,RAND rng)
- {
- int i,j,s=0,n=p.length;
- boolean loop;
- FF d=new FF(n);
- FF x=new FF(n);
- FF unity=new FF(n);
- FF nm1=new FF(n);
-
- int sf=4849845; /* 3*5*.. *19 */
- p.norm();
-
- if (p.cfactor(sf)) return false;
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity()==0)
- {
- d.shr();
- s++;
- }
- if (s==0) return false;
- for (i=0;i<10;i++)
- {
- x.randomnum(p,rng);
- x.pow(d,p);
- if (comp(x,unity)==0 || comp(x,nm1)==0) continue;
- loop=false;
- for (j=1;j<s;j++)
- {
- x.power(2,p);
- if (comp(x,unity)==0) return false;
- if (comp(x,nm1)==0) {loop=true; break;}
- }
- if (loop) continue;
- return false;
- }
- return true;
- }
-
-
-// public static final int[][] P ={{0x1670957,0x1568CD3C,0x2595E5,0xEED4F38,0x1FC9A971,0x14EF7E62,0xA503883,0x9E1E05E,0xBF59E3},{0x1844C908,0x1B44A798,0x3A0B1E7,0xD1B5B4E,0x1836046F,0x87E94F9,0x1D34C537,0xF7183B0,0x46D07},{0x17813331,0x19E28A90,0x1473A4D6,0x1CACD01F,0x1EEA8838,0xAF2AE29,0x1F85292A,0x1632585E,0xD945E5},{0x919F5EF,0x1567B39F,0x19F6AD11,0x16CE47CF,0x9B36EB1,0x35B7D3,0x483B28C,0xCBEFA27,0xB5FC21}};
-/*
- public static final int[][] P= {{0x156FFDDF,0x5EC1ED,0xC6702D0,0x1C42FB6,0x1A3A50F0,0x1EE1811F,0x1AB28D94,0x1BE439E1,0x56790},{0x1D781CB3,0x1E3D731B,0x153A96F6,0x9AC443F,0x10628677,0x1F21365D,0x97B4301,0xDAD3A12,0xD6C46E},{0x833D55D,0xD44CF7B,0x4373422,0x22718D3,0x1E4CF3CA,0xB774703,0x117E2980,0x10C0F2A7,0x10D8B7},{0x1A784949,0x1483C3BF,0x7938D16,0x18E0E7B5,0x111E4EF6,0x20163B4,0x95FEBE,0x129E8526,0xF48167}};
-
- public static void main(String[] args) {
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (int i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- int n=4;
-
- FF x=new FF(n);
- x.set(3);
-
- FF p=new FF(P,n);
-
- // if (prime(p,rng)) System.out.println("p is a prime");
-
- FF e=new FF(n);
- e.copy(p);
- e.dec(1); e.norm();
-
- System.out.println("e= "+e.toString());
-
- x.skpow(e,p);
- System.out.println("x= "+x.toString());
-
- } */
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/FP.java
----------------------------------------------------------------------
diff --git a/java/FP.java b/java/FP.java
deleted file mode 100755
index 711a51d..0000000
--- a/java/FP.java
+++ /dev/null
@@ -1,327 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Small Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public final class FP {
- private final BIG x;
- private static BIG p=new BIG(ROM.Modulus);
-
-/* Constructors */
- public FP(int a)
- {
- x=new BIG(a);
- nres();
- }
-
- public FP()
- {
- x=new BIG(0);
- }
-
- public FP(BIG a)
- {
- x=new BIG(a);
- nres();
- }
-
- public FP(FP a)
- {
- x=new BIG(a.x);
- }
-
-/* convert to string */
- public String toString()
- {
- String s=redc().toString();
- return s;
- }
-
- public String toRawString()
- {
- String s=x.toRawString();
- return s;
- }
-
-/* convert to Montgomery n-residue form */
- public void nres()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE)
- {
- DBIG d=new DBIG(x);
- d.shl(ROM.NLEN*ROM.BASEBITS);
- x.copy(d.mod(p));
- }
- }
-
-/* convert back to regular form */
- public BIG redc()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE)
- {
- DBIG d=new DBIG(x);
- return BIG.mod(d);
- }
- else
- {
- BIG r=new BIG(x);
- return r;
- }
- }
-
-/* test this=0? */
- public boolean iszilch() {
- reduce();
- return x.iszilch();
- }
-
-/* copy from FP b */
- public void copy(FP b)
- {
- x.copy(b.x);
- }
-
-/* set this=0 */
- public void zero()
- {
- x.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- x.one(); nres();
- }
-
-/* normalise this */
- public void norm()
- {
- x.norm();
- }
-
-/* swap FPs depending on d */
- public void cswap(FP b,int d)
- {
- x.cswap(b.x,d);
- }
-
-/* copy FPs depending on d */
- public void cmove(FP b,int d)
- {
- x.cmove(b.x,d);
- }
-
-/* this*=b mod Modulus */
- public void mul(FP b)
- {
- int ea=BIG.EXCESS(x);
- int eb=BIG.EXCESS(b.x);
-
- if ((ea+1)*(eb+1)+1>=ROM.FEXCESS) reduce();
-
- DBIG d=BIG.mul(x,b.x);
- x.copy(BIG.mod(d));
- }
-
-/* this*=c mod Modulus, where c is a small int */
- public void imul(int c)
- {
- norm();
- boolean s=false;
- if (c<0)
- {
- c=-c;
- s=true;
- }
- int afx=(BIG.EXCESS(x)+1)*(c+1)+1;
- if (c<ROM.NEXCESS && afx<ROM.FEXCESS)
- {
- x.imul(c);
- }
- else
- {
- if (afx<ROM.FEXCESS) x.pmul(c);
- else
- {
- DBIG d=x.pxmul(c);
- x.copy(d.mod(p));
- }
- }
- if (s) neg();
- norm();
- }
-
-/* this*=this mod Modulus */
- public void sqr()
- {
- DBIG d;
- int ea=BIG.EXCESS(x);
- if ((ea+1)*(ea+1)+1>=ROM.FEXCESS)
- reduce();
-
- d=BIG.sqr(x);
- x.copy(BIG.mod(d));
- }
-
-/* this+=b */
- public void add(FP b) {
- x.add(b.x);
- if (BIG.EXCESS(x)+2>=ROM.FEXCESS) reduce();
- }
-
-/* this = -this mod Modulus */
- public void neg()
- {
- int sb,ov;
- BIG m=new BIG(p);
-
- norm();
-
- ov=BIG.EXCESS(x);
- sb=1; while(ov!=0) {sb++;ov>>=1;}
-
- m.fshl(sb);
- x.rsub(m);
-
- if (BIG.EXCESS(x)>=ROM.FEXCESS) reduce();
- }
-
-/* this-=b */
- public void sub(FP b)
- {
- FP n=new FP(b);
- n.neg();
- this.add(n);
- }
-
-/* this/=2 mod Modulus */
- public void div2()
- {
- x.norm();
- if (x.parity()==0)
- x.fshr(1);
- else
- {
- x.add(p);
- x.norm();
- x.fshr(1);
- }
- }
-
-/* this=1/this mod Modulus */
- public void inverse()
- {
- BIG r=redc();
- r.invmodp(p);
- x.copy(r);
- nres();
- }
-
-/* return TRUE if this==a */
- public boolean equals(FP a)
- {
- a.reduce();
- reduce();
- if (BIG.comp(a.x,x)==0) return true;
- return false;
- }
-
-/* reduce this mod Modulus */
- public void reduce()
- {
- x.mod(p);
- }
-
-/* return this^e mod Modulus */
- public FP pow(BIG e)
- {
- int bt;
- FP r=new FP(1);
- e.norm();
- x.norm();
- FP m=new FP(this);
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(m);
- if (e.iszilch()) break;
- m.sqr();
- }
- r.x.mod(p);
- return r;
- }
-
-/* return sqrt(this) mod Modulus */
- public FP sqrt()
- {
- reduce();
- BIG b=new BIG(p);
- if (ROM.MOD8==5)
- {
- b.dec(5); b.norm(); b.shr(3);
- FP i=new FP(this); i.x.shl(1);
- FP v=i.pow(b);
- i.mul(v); i.mul(v);
- i.x.dec(1);
- FP r=new FP(this);
- r.mul(v); r.mul(i);
- r.reduce();
- return r;
- }
- else
- {
- b.inc(1); b.norm(); b.shr(2);
- return pow(b);
- }
- }
-
-/* return jacobi symbol (this/Modulus) */
- public int jacobi()
- {
- BIG w=redc();
- return w.jacobi(p);
- }
-/*
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(m);
- e.dec(1);
-
- System.out.println("m= "+m.nbits());
-
-
- BIG r=x.powmod(e,m);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
- BIG.cswap(m,r,0);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
-// FP y=new FP(3);
-// FP s=y.pow(e);
-// System.out.println("s= "+s.toString());
-
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/FP12.java
----------------------------------------------------------------------
diff --git a/java/FP12.java b/java/FP12.java
deleted file mode 100755
index b2f704c..0000000
--- a/java/FP12.java
+++ /dev/null
@@ -1,643 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-public final class FP12 {
- private final FP4 a;
- private final FP4 b;
- private final FP4 c;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- c.reduce();
- }
-/* normalise all components of this */
- public void norm()
- {
- a.norm();
- b.norm();
- c.norm();
- }
-/* test x==0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch() && c.iszilch());
- }
-/* test x==1 ? */
- public boolean isunity() {
- FP4 one=new FP4(1);
- return (a.equals(one) && b.iszilch() && c.iszilch());
- }
-/* return 1 if x==y, else 0 */
- public boolean equals(FP12 x)
- {
- return (a.equals(x.a) && b.equals(x.b) && c.equals(x.c));
- }
-/* extract a from this */
- public FP4 geta()
- {
- return a;
- }
-/* extract b */
- public FP4 getb()
- {
- return b;
- }
-/* extract c */
- public FP4 getc()
- {
- return c;
- }
-/* copy this=x */
- public void copy(FP12 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- c.copy(x.c);
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- c.zero();
- }
-/* this=conj(this) */
- public void conj()
- {
- a.conj();
- b.nconj();
- c.conj();
- }
-/* Constructors */
- public FP12(FP4 d)
- {
- a=new FP4(d);
- b=new FP4(0);
- c=new FP4(0);
- }
-
- public FP12(int d)
- {
- a=new FP4(d);
- b=new FP4(0);
- c=new FP4(0);
- }
-
- public FP12(FP4 d,FP4 e,FP4 f)
- {
- a=new FP4(d);
- b=new FP4(e);
- c=new FP4(f);
- }
-
- public FP12(FP12 x)
- {
- a=new FP4(x.a);
- b=new FP4(x.b);
- c=new FP4(x.c);
- }
-
-/* Granger-Scott Unitary Squaring */
- public void usqr()
- {
- FP4 A=new FP4(a);
- FP4 B=new FP4(c);
- FP4 C=new FP4(b);
- FP4 D=new FP4(0);
-
- a.sqr();
- D.copy(a); D.add(a);
- a.add(D);
-
- a.norm();
- A.nconj();
-
- A.add(A);
- a.add(A);
- B.sqr();
- B.times_i();
-
- D.copy(B); D.add(B);
- B.add(D);
- B.norm();
-
- C.sqr();
- D.copy(C); D.add(C);
- C.add(D);
- C.norm();
-
- b.conj();
- b.add(b);
- c.nconj();
-
- c.add(c);
- b.add(B);
- c.add(C);
- reduce();
-
- }
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- public void sqr()
- {
- FP4 A=new FP4(a);
- FP4 B=new FP4(b);
- FP4 C=new FP4(c);
- FP4 D=new FP4(a);
-
- A.sqr();
- B.mul(c);
- B.add(B);
- C.sqr();
- D.mul(b);
- D.add(D);
-
- c.add(a);
- c.add(b);
- c.sqr();
-
- a.copy(A);
-
- A.add(B);
- A.norm();
- A.add(C);
- A.add(D);
- A.norm();
-
- A.neg();
- B.times_i();
- C.times_i();
-
- a.add(B);
-
- b.copy(C); b.add(D);
- c.add(A);
-
- norm();
- }
-
-/* FP12 full multiplication this=this*y */
- public void mul(FP12 y)
- {
- FP4 z0=new FP4(a);
- FP4 z1=new FP4(0);
- FP4 z2=new FP4(b);
- FP4 z3=new FP4(0);
- FP4 t0=new FP4(a);
- FP4 t1=new FP4(y.a);
-
- z0.mul(y.a);
- z2.mul(y.b);
-
- t0.add(b);
- t1.add(y.b);
-
- z1.copy(t0); z1.mul(t1);
- t0.copy(b); t0.add(c);
-
- t1.copy(y.b); t1.add(y.c);
- z3.copy(t0); z3.mul(t1);
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- z1.add(t0);
- z1.norm();
- b.copy(z1); b.add(t1);
-
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a); t0.add(c);
- t1.copy(y.a); t1.add(y.c);
- t0.mul(t1);
- z2.add(t0);
-
- t0.copy(c); t0.mul(y.c);
- t1.copy(t0); t1.neg();
-
- z2.norm();
- z3.norm();
- b.norm();
-
- c.copy(z2); c.add(t1);
- z3.add(t1);
- t0.times_i();
- b.add(t0);
-
- z3.times_i();
- a.copy(z0); a.add(z3);
-
- norm();
- }
-
-/* Special case of multiplication arises from special form of ATE pairing line function */
- public void smul(FP12 y)
- {
- FP4 z0=new FP4(a);
- FP4 z2=new FP4(b);
- FP4 z3=new FP4(b);
- FP4 t0=new FP4(0);
- FP4 t1=new FP4(y.a);
-
- z0.mul(y.a);
- z2.pmul(y.b.real());
- b.add(a);
- t1.real().add(y.b.real());
-
- b.mul(t1);
- z3.add(c);
- z3.pmul(y.b.real());
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- b.add(t0);
- b.norm();
-
- b.add(t1);
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a); t0.add(c);
- t0.mul(y.a);
- c.copy(z2); c.add(t0);
-
- z3.times_i();
- a.copy(z0); a.add(z3);
-
- norm();
- }
-
-/* this=1/this */
- public void inverse()
- {
- FP4 f0=new FP4(a);
- FP4 f1=new FP4(b);
- FP4 f2=new FP4(a);
- FP4 f3=new FP4(0);
-
- norm();
- f0.sqr();
- f1.mul(c);
- f1.times_i();
- f0.sub(f1);
-
- f1.copy(c); f1.sqr();
- f1.times_i();
- f2.mul(b);
- f1.sub(f2);
-
- f2.copy(b); f2.sqr();
- f3.copy(a); f3.mul(c);
- f2.sub(f3);
-
- f3.copy(b); f3.mul(f2);
- f3.times_i();
- a.mul(f0);
- f3.add(a);
- c.mul(f1);
- c.times_i();
-
- f3.add(c);
- f3.inverse();
- a.copy(f0); a.mul(f3);
- b.copy(f1); b.mul(f3);
- c.copy(f2); c.mul(f3);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- FP2 f2=new FP2(f);
- FP2 f3=new FP2(f);
-
- f2.sqr();
- f3.mul(f2);
-
- a.frob(f3);
- b.frob(f3);
- c.frob(f3);
-
- b.pmul(f);
- c.pmul(f2);
- }
-
-/* trace function */
- public FP4 trace()
- {
- FP4 t=new FP4(0);
- t.copy(a);
- t.imul(3);
- t.reduce();
- return t;
- }
-
-/* convert from byte array to FP12 */
- public static FP12 fromBytes(byte[] w)
- {
- BIG a,b;
- FP2 c,d;
- FP4 e,f,g;
- byte[] t=new byte[ROM.MODBYTES];
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+2*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+3*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- e=new FP4(c,d);
-
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+4*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+5*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+6*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+7*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- f=new FP4(c,d);
-
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+8*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+9*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+10*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+11*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- g=new FP4(c,d);
-
- return new FP12(e,f,g);
- }
-
-/* convert this to byte array */
- public void toBytes(byte[] w)
- {
- byte[] t=new byte[ROM.MODBYTES];
- a.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i]=t[i];
- a.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+ROM.MODBYTES]=t[i];
- a.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+2*ROM.MODBYTES]=t[i];
- a.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+3*ROM.MODBYTES]=t[i];
-
- b.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+4*ROM.MODBYTES]=t[i];
- b.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+5*ROM.MODBYTES]=t[i];
- b.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+6*ROM.MODBYTES]=t[i];
- b.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+7*ROM.MODBYTES]=t[i];
-
- c.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+8*ROM.MODBYTES]=t[i];
- c.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+9*ROM.MODBYTES]=t[i];
- c.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+10*ROM.MODBYTES]=t[i];
- c.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+11*ROM.MODBYTES]=t[i];
- }
-
-/* convert to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+","+c.toString()+"]");
- }
-
-/* this=this^e */
-/* Note this is simple square and multiply, so not side-channel safe */
- public FP12 pow(BIG e)
- {
- norm();
- e.norm();
- FP12 w=new FP12(this);
- BIG z=new BIG(e);
- FP12 r=new FP12(1);
-
- while (true)
- {
- int bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.usqr();
- }
- r.reduce();
- return r;
- }
-
-/* constant time powering by small integer of max length bts */
- public void pinpow(int e,int bts)
- {
- int i,b;
- FP12 [] R=new FP12[2];
- R[0]=new FP12(1);
- R[1]=new FP12(this);
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- R[1-b].mul(R[b]);
- R[b].usqr();
- }
- this.copy(R[0]);
- }
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
- public static FP12 pow4(FP12[] q,BIG[] u)
- {
- int i,j,nb,m;
- int[] a=new int[4];
- FP12 [] g=new FP12[8];
- FP12 [] s=new FP12[2];
- FP12 c=new FP12(1);
- FP12 p=new FP12(0);
- BIG [] t=new BIG[4];
- BIG mt=new BIG(0);
- byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1];
-
- for (i=0;i<4;i++)
- t[i]=new BIG(u[i]);
-
- s[0]=new FP12(0);
- s[1]=new FP12(0);
-
- g[0]=new FP12(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0]);
- g[1]=new FP12(g[0]);
- g[2]=new FP12(g[0]);
- g[3]=new FP12(g[0]);
- g[4]=new FP12(q[0]); g[4].mul(q[1]);
- g[5]=new FP12(g[4]);
- g[6]=new FP12(g[4]);
- g[7]=new FP12(g[4]);
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0]);
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0]);
- g[2].mul(s[1]);
- g[5].mul(s[0]);
- g[6].mul(s[1]);
- s[1].copy(q[2]); s[1].mul(q[3]);
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0]);
- g[3].mul(s[1]);
- g[4].mul(s[0]);
- g[7].mul(s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
-
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- c.mul(q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
- c.conj();
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
- p.copy(g[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- m=w[i]>>7;
- j=(w[i]^m)-m; /* j=abs(w[i]) */
- j=(j-1)/2;
- s[0].copy(g[j]); s[1].copy(g[j]); s[1].conj();
- p.usqr();
- p.mul(s[m&1]);
- }
- p.mul(c); /* apply correction */
- p.reduce();
- return p;
- }
-
-/*
- public static void main(String[] args) {
- BIG p=new BIG(ROM.Modulus);
- FP2 w0,w1;
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.zero(); b.zero(); a.inc(1); b.inc(2);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(3); b.inc(4);
- w1=new FP2(a,b);
- FP4 t0=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(5); b.inc(6);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(7); b.inc(8);
- w1=new FP2(a,b);
- FP4 t1=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(9); b.inc(10);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(11); b.inc(12);
- w1=new FP2(a,b);
- FP4 t2=new FP4(w0,w1);
-
- FP12 w=new FP12(t0,t1,t2);
- FP12 t=new FP12(w);
-
- System.out.println("w= "+w.toString());
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- w.frob(f);
- System.out.println("w= "+w.toString());
-
- w=t.pow(p);
-
- System.out.println("w= "+w.toString());
-
- w.inverse();
-
- System.out.println("1/w= "+w.toString());
-
- w.inverse();
-
- System.out.println("w= "+w.toString());
-
- t.copy(w);
- w.conj();
- t.inverse();
- w.mul(t);
-
- System.out.println("w^(p^6-1)= "+w.toString());
-
- t.copy(w);
- w.frob(f);
- w.frob(f);
- w.mul(t);
-
- System.out.println("w^(p^6-1)(p^2+1)= "+w.toString());
-
- t.copy(w);
-
- t.inverse();
- w.conj();
-
- System.out.println("w= "+w.toString());
- System.out.println("t= "+t.toString());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/FP2.java
----------------------------------------------------------------------
diff --git a/java/FP2.java b/java/FP2.java
deleted file mode 100755
index 185c103..0000000
--- a/java/FP2.java
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-public final class FP2 {
- private final FP a;
- private final FP b;
-
-/* reduce components mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-
-/* normalise components of w */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-
-/* test this=0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-
- public void cmove(FP2 g,int d)
- {
- a.cmove(g.a,d);
- b.cmove(g.b,d);
- }
-
-/* test this=1 ? */
- public boolean isunity() {
- FP one=new FP(1);
- return (a.equals(one) && b.iszilch());
- }
-
-/* test this=x */
- public boolean equals(FP2 x) {
- return (a.equals(x.a) && b.equals(x.b));
- }
-
-/* Constructors */
- public FP2(int c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
- public FP2(FP2 x)
- {
- a=new FP(x.a);
- b=new FP(x.b);
- }
-
- public FP2(FP c,FP d)
- {
- a=new FP(c);
- b=new FP(d);
- }
-
- public FP2(BIG c,BIG d)
- {
- a=new FP(c);
- b=new FP(d);
- }
-
- public FP2(FP c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
- public FP2(BIG c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
-/* extract a */
- public BIG getA()
- {
- return a.redc();
- }
-
-/* extract b */
- public BIG getB()
- {
- return b.redc();
- }
-
-/* copy this=x */
- public void copy(FP2 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-
-/* negate this mod Modulus */
- public void neg()
- {
- norm();
- FP m=new FP(a);
- FP t=new FP(0);
-
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m); t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-
-/* set to a-ib */
- public void conj()
- {
- b.neg();
- }
-
-/* this+=a */
- public void add(FP2 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-
-/* this-=a */
- public void sub(FP2 x)
- {
- FP2 m=new FP2(x);
- m.neg();
- add(m);
- }
-
-/* this*=s, where s is an FP */
- public void pmul(FP s)
- {
- a.mul(s);
- b.mul(s);
- }
-
-/* this*=i, where i is an int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-
-/* this*=this */
- public void sqr()
- {
- norm();
-
- FP w1=new FP(a);
- FP w3=new FP(a);
- FP mb=new FP(b);
- w3.mul(b);
- w1.add(b);
- mb.neg();
- a.add(mb);
- a.mul(w1);
- b.copy(w3); b.add(w3);
- norm();
- }
-
-/* this*=y */
- public void mul(FP2 y)
- {
- norm(); /* This is needed here as {a,b} is not normed before additions */
-
- FP w1=new FP(a);
- FP w2=new FP(b);
- FP w5=new FP(a);
- FP mw=new FP(0);
-
- w1.mul(y.a); // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b); // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(b); // w5=a+b
- b.copy(y.a); b.add(y.b); // b=y.a+y.b
-
- b.mul(w5);
- mw.copy(w1); mw.add(w2); mw.neg();
-
- b.add(mw); mw.add(w1);
- a.copy(w1); a.add(mw);
-
- norm();
-
- }
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
- public boolean sqrt()
- {
- if (iszilch()) return true;
- FP w1=new FP(b);
- FP w2=new FP(a);
- w1.sqr(); w2.sqr(); w1.add(w2);
- if (w1.jacobi()!=1) { zero(); return false; }
- w1=w1.sqrt();
- w2.copy(a); w2.add(w1); w2.div2();
- if (w2.jacobi()!=1)
- {
- w2.copy(a); w2.sub(w1); w2.div2();
- if (w2.jacobi()!=1) { zero(); return false; }
- }
- w2=w2.sqrt();
- a.copy(w2);
- w2.add(w2);
- w2.inverse();
- b.mul(w2);
- return true;
- }
-
-/* output to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+"]");
- }
-
- public String toRawString()
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
- FP w1=new FP(a);
- FP w2=new FP(b);
-
- w1.sqr();
- w2.sqr();
- w1.add(w2);
- w1.inverse();
- a.mul(w1);
- w1.neg();
- b.mul(w1);
- }
-
-/* this/=2 */
- public void div2()
- {
- a.div2();
- b.div2();
- }
-
-/* this*=sqrt(-1) */
- public void times_i()
- {
- // a.norm();
- FP z=new FP(a);
- a.copy(b); a.neg();
- b.copy(z);
- }
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- public void mul_ip()
- {
- norm();
- FP2 t=new FP2(this);
- FP z=new FP(a);
- a.copy(b);
- a.neg();
- b.copy(z);
- add(t);
- norm();
- }
-
-/* w/=(1+sqrt(-1)) */
- public void div_ip()
- {
- FP2 t=new FP2(0);
- norm();
- t.a.copy(a); t.a.add(b);
- t.b.copy(b); t.b.sub(a);
- copy(t);
- div2();
- }
-/*
- public FP2 pow(BIG e)
- {
- int bt;
- FP2 r=new FP2(1);
- e.norm();
- norm();
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(this);
- if (e.iszilch()) break;
- sqr();
- }
-
- r.reduce();
- return r;
- }
-
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(27);
- BIG pp1=new BIG(m);
- BIG pm1=new BIG(m);
- BIG a=new BIG(1);
- BIG b=new BIG(1);
- FP2 w=new FP2(a,b);
- FP2 z=new FP2(w);
-
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
- for (int i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
- // for (int i=0;i<100;i++)
- // {
- a.randomnum(rng);
- b.randomnum(rng);
-
- w=new FP2(a,b);
- System.out.println("w="+w.toString());
-
- z=new FP2(w);
- z.inverse();
- System.out.println("z="+z.toString());
-
- z.inverse();
- if (!z.equals(w)) System.out.println("Error");
- // }
-
-// System.out.println("m="+m.toString());
-// w.sqr();
-// w.mul(z);
-
- System.out.println("w="+w.toString());
-
-
- pp1.inc(1); pp1.norm();
- pm1.dec(1); pm1.norm();
- System.out.println("p+1="+pp1.toString());
- System.out.println("p-1="+pm1.toString());
- w=w.pow(pp1);
- w=w.pow(pm1);
- System.out.println("w="+w.toString());
- }
-*/
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/FP4.java
----------------------------------------------------------------------
diff --git a/java/FP4.java b/java/FP4.java
deleted file mode 100755
index 5f0f42a..0000000
--- a/java/FP4.java
+++ /dev/null
@@ -1,583 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-public final class FP4 {
- private final FP2 a;
- private final FP2 b;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-/* normalise all components of this mod Modulus */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-/* test this==0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-/* test this==1 ? */
- public boolean isunity() {
- FP2 one=new FP2(1);
- return (a.equals(one) && b.iszilch());
- }
-
-/* test is w real? That is in a+ib test b is zero */
- public boolean isreal()
- {
- return b.iszilch();
- }
-/* extract real part a */
- public FP2 real()
- {
- return a;
- }
-
- public FP2 geta()
- {
- return a;
- }
-/* extract imaginary part b */
- public FP2 getb()
- {
- return b;
- }
-/* test this=x? */
- public boolean equals(FP4 x)
- {
- return (a.equals(x.a) && b.equals(x.b));
- }
-/* constructors */
- public FP4(int c)
- {
- a=new FP2(c);
- b=new FP2(0);
- }
-
- public FP4(FP4 x)
- {
- a=new FP2(x.a);
- b=new FP2(x.b);
- }
-
- public FP4(FP2 c,FP2 d)
- {
- a=new FP2(c);
- b=new FP2(d);
- }
-
- public FP4(FP2 c)
- {
- a=new FP2(c);
- b=new FP2(0);
- }
-/* copy this=x */
- public void copy(FP4 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-/* set this=-this */
- public void neg()
- {
- FP2 m=new FP2(a);
- FP2 t=new FP2(0);
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m); t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-/* this=conjugate(this) */
- public void conj()
- {
- b.neg(); b.norm();
- }
-/* this=-conjugate(this) */
- public void nconj()
- {
- a.neg(); a.norm();
- }
-/* this+=x */
- public void add(FP4 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-/* this-=x */
- public void sub(FP4 x)
- {
- FP4 m=new FP4(x);
- m.neg();
- add(m);
- }
-
-/* this*=s where s is FP2 */
- public void pmul(FP2 s)
- {
- a.mul(s);
- b.mul(s);
- }
-/* this*=c where c is int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-/* this*=this */
- public void sqr()
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
- FP2 t3=new FP2(a);
-
- t3.mul(b);
- t1.add(b);
- t2.mul_ip();
-
- t2.add(a);
- a.copy(t1);
-
- a.mul(t2);
-
- t2.copy(t3);
- t2.mul_ip();
- t2.add(t3);
- t2.neg();
- a.add(t2);
-
- b.copy(t3);
- b.add(t3);
-
- norm();
- }
-/* this*=y */
- public void mul(FP4 y)
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
- FP2 t3=new FP2(0);
- FP2 t4=new FP2(b);
-
- t1.mul(y.a);
- t2.mul(y.b);
- t3.copy(y.b);
- t3.add(y.a);
- t4.add(a);
-
- t4.mul(t3);
- t4.sub(t1);
- t4.norm();
-
- b.copy(t4);
- b.sub(t2);
- t2.mul_ip();
- a.copy(t2);
- a.add(t1);
-
- norm();
- }
-/* convert this to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+"]");
- }
-
- public String toRawString()
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
-
- t1.sqr();
- t2.sqr();
- t2.mul_ip();
- t1.sub(t2);
- t1.inverse();
- a.mul(t1);
- t1.neg();
- b.mul(t1);
- }
-
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
- public void times_i()
- {
- norm();
- FP2 s=new FP2(b);
- FP2 t=new FP2(b);
- s.times_i();
- t.add(s);
- t.norm();
- b.copy(a);
- a.copy(t);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- a.conj();
- b.conj();
- b.mul(f);
- }
-
-/* this=this^e */
- public FP4 pow(BIG e)
- {
- norm();
- e.norm();
- FP4 w=new FP4(this);
- BIG z=new BIG(e);
- FP4 r=new FP4(1);
- while (true)
- {
- int bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.sqr();
- }
- r.reduce();
- return r;
- }
-/* XTR xtr_a function */
- public void xtr_A(FP4 w,FP4 y,FP4 z)
- {
- FP4 r=new FP4(w);
- FP4 t=new FP4(w);
- r.sub(y);
- r.pmul(a);
- t.add(y);
- t.pmul(b);
- t.times_i();
-
- copy(r);
- add(t);
- add(z);
-
- norm();
- }
-
-/* XTR xtr_d function */
- public void xtr_D() {
- FP4 w=new FP4(this);
- sqr(); w.conj();
- w.add(w);
- sub(w);
- reduce();
- }
-
-/* r=x^n using XTR method on traces of FP12s */
- public FP4 xtr_pow(BIG n) {
- FP4 a=new FP4(3);
- FP4 b=new FP4(this);
- FP4 c=new FP4(b);
- c.xtr_D();
- FP4 t=new FP4(0);
- FP4 r=new FP4(0);
-
- n.norm();
- int par=n.parity();
- BIG v=new BIG(n); v.fshr(1);
- if (par==0) {v.dec(1); v.norm();}
-
- int nb=v.nbits();
- for (int i=nb-1;i>=0;i--)
- {
- if (v.bit(i)!=1)
- {
- t.copy(b);
- conj();
- c.conj();
- b.xtr_A(a,this,c);
- conj();
- c.copy(t);
- c.xtr_D();
- a.xtr_D();
- }
- else
- {
- t.copy(a); t.conj();
- a.copy(b);
- a.xtr_D();
- b.xtr_A(c,this,t);
- c.xtr_D();
- }
- }
- if (par==0) r.copy(c);
- else r.copy(b);
- r.reduce();
- return r;
- }
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- public FP4 xtr_pow2(FP4 ck,FP4 ckml,FP4 ckm2l,BIG a,BIG b)
- {
- a.norm(); b.norm();
- BIG e=new BIG(a);
- BIG d=new BIG(b);
- BIG w=new BIG(0);
-
- FP4 cu=new FP4(ck); // can probably be passed in w/o copying
- FP4 cv=new FP4(this);
- FP4 cumv=new FP4(ckml);
- FP4 cum2v=new FP4(ckm2l);
- FP4 r=new FP4(0);
- FP4 t=new FP4(0);
-
- int f2=0;
- while (d.parity()==0 && e.parity()==0)
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e)!=0)
- {
- if (BIG.comp(d,e)>0)
- {
- w.copy(e); w.imul(4); w.norm();
- if (BIG.comp(d,w)<=0)
- {
- w.copy(d); d.copy(e);
- e.rsub(w); e.norm();
-
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cum2v.conj();
- cumv.copy(cv);
- cv.copy(cu);
- cu.copy(t);
-
- }
- else if (d.parity()==0)
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- else if (e.parity()==1)
- {
- d.sub(e); d.norm();
- d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cu.xtr_D();
- cum2v.copy(cv);
- cum2v.xtr_D();
- cum2v.conj();
- cv.copy(t);
- }
- else
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- }
- if (BIG.comp(d,e)<0)
- {
- w.copy(d); w.imul(4); w.norm();
- if (BIG.comp(e,w)<=0)
- {
- e.sub(d); e.norm();
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cumv.copy(cu);
- cu.copy(t);
- }
- else if (e.parity()==0)
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- else if (d.parity()==1)
- {
- w.copy(e);
- e.copy(d);
- w.sub(d); w.norm();
- d.copy(w); d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cumv.conj();
- cum2v.copy(cu);
- cum2v.xtr_D();
- cum2v.conj();
- cu.copy(cv);
- cu.xtr_D();
- cv.copy(t);
- }
- else
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- }
- }
- r.copy(cv);
- r.xtr_A(cu,cumv,cum2v);
- for (int i=0;i<f2;i++)
- r.xtr_D();
- r=r.xtr_pow(d);
- return r;
- }
-/*
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG e=new BIG(12);
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.inc(27); b.inc(45);
-
- FP2 w0=new FP2(a,b);
-
- a.zero(); b.zero();
- a.inc(33); b.inc(54);
-
- FP2 w1=new FP2(a,b);
-
-
- FP4 w=new FP4(w0,w1);
- FP4 t=new FP4(w);
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- System.out.println("w= "+w.toString());
-
- w=w.pow(m);
-
- System.out.println("w^p= "+w.toString());
-
- t.frob(f);
-
-
- System.out.println("w^p= "+t.toString());
-
- w=w.pow(m);
- w=w.pow(m);
- w=w.pow(m);
- System.out.println("w^p4= "+w.toString());
-
-
- System.out.println("Test Inversion");
-
- w=new FP4(w0,w1);
-
- w.inverse();
-
- System.out.println("1/w mod p^4 = "+w.toString());
-
- w.inverse();
-
- System.out.println("1/(1/w) mod p^4 = "+w.toString());
-
- FP4 ww=new FP4(w);
-
- w=w.xtr_pow(e);
- System.out.println("w^e= "+w.toString());
-
-
- a.zero(); b.zero();
- a.inc(37); b.inc(17);
- w0=new FP2(a,b);
- a.zero(); b.zero();
- a.inc(49); b.inc(31);
- w1=new FP2(a,b);
-
- FP4 c1=new FP4(w0,w1);
- FP4 c2=new FP4(w0,w1);
- FP4 c3=new FP4(w0,w1);
-
- BIG e1=new BIG(3331);
- BIG e2=new BIG(3372);
-
- FP4 cr=w.xtr_pow2(c1,c2,c3,e1,e2);
-
- System.out.println("c^e= "+cr.toString());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/GCM.java
----------------------------------------------------------------------
diff --git a/java/GCM.java b/java/GCM.java
deleted file mode 100755
index eb9a840..0000000
--- a/java/GCM.java
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-
-public class GCM {
- public static final int NB=4;
- public static final int GCM_ACCEPTING_HEADER=0;
- public static final int GCM_ACCEPTING_CIPHER=1;
- public static final int GCM_NOT_ACCEPTING_MORE=2;
- public static final int GCM_FINISHED=3;
- public static final int GCM_ENCRYPTING=0;
- public static final int GCM_DECRYPTING=1;
-
- private int[][] table=new int[128][4]; /* 2k bytes */
- private byte[] stateX=new byte[16];
- private byte[]Y_0=new byte[16];
- private int counter;
- private int[] lenA=new int[2];
- private int[] lenC=new int[2];
- private int status;
- private AES a=new AES();
-
- private static int pack(byte[] b)
- { /* pack bytes into a 32-bit Word */
- return ((((int)b[0])&0xff)<<24)|(((int)b[1]&0xff)<<16)|(((int)b[2]&0xff)<<8)|((int)b[3]&0xff);
- }
-
- private static byte[] unpack(int a)
- { /* unpack bytes from a word */
- byte [] b=new byte[4];
- b[3]=(byte)(a);
- b[2]=(byte)(a>>>8);
- b[1]=(byte)(a>>>16);
- b[0]=(byte)(a>>>24);
- return b;
- }
-
- private void precompute(byte[] H)
- {
- int i,j,c;
- byte[] b=new byte[4];
-
- for (i=j=0;i<NB;i++,j+=4)
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- table[0][i]=pack(b);
- }
- for (i=1;i<128;i++)
- {
- c=0;
- for (j=0;j<NB;j++) {table[i][j]=c|(table[i-1][j])>>>1; c=table[i-1][j]<<31;}
- if (c!=0) table[i][0]^=0xE1000000; /* irreducible polynomial */
- }
- }
-
- private void gf2mul()
- { /* gf2m mul - Z=H*X mod 2^128 */
- int i,j,m,k;
- int[] P=new int[4];
- int c;
- byte[] b;//=new byte[4];
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8; m=0;
- for (i=0;i<128;i++)
- {
- c=(stateX[m]>>>(--j))&1;
- if (c!=0) for (k=0;k<NB;k++) P[k]^=table[i][k];
- if (j==0)
- {
- j=8; m++;
- if (m==16) break;
- }
- }
- for (i=j=0;i<NB;i++,j+=4)
- {
- b=unpack(P[i]);
- stateX[j]=b[0]; stateX[j+1]=b[1]; stateX[j+2]=b[2]; stateX[j+3]=b[3];
- }
- }
-
- private void wrap()
- { /* Finish off GHASH */
- int i,j;
- int[] F=new int[4];
- byte[] L=new byte[16];
- byte[] b;//=new byte[4];
-
-/* convert lengths from bytes to bits */
- F[0]=(lenA[0]<<3)|(lenA[1]&0xE0000000)>>>29;
- F[1]=lenA[1]<<3;
- F[2]=(lenC[0]<<3)|(lenC[1]&0xE0000000)>>>29;
- F[3]=lenC[1]<<3;
- for (i=j=0;i<NB;i++,j+=4)
- {
- b=unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3];
- }
- for (i=0;i<16;i++) stateX[i]^=L[i];
- gf2mul();
- }
-
-/* Initialize GCM mode */
- public void init(byte[] key,int niv,byte[] iv)
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- int i;
- byte[] H=new byte[16];
- byte[] b;//=new byte[4];
-
- for (i=0;i<16;i++) {H[i]=0; stateX[i]=0;}
-
- a.init(AES.ECB,key,iv);
- a.ecb_encrypt(H); /* E(K,0) */
- precompute(H);
-
- lenA[0]=lenC[0]=lenA[1]=lenC[1]=0;
- if (niv==12)
- {
- for (i=0;i<12;i++) a.f[i]=iv[i];
- b=unpack((int)1);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* initialise IV */
- for (i=0;i<16;i++) Y_0[i]=a.f[i];
- }
- else
- {
- status=GCM_ACCEPTING_CIPHER;
- ghash(iv,niv); /* GHASH(H,0,IV) */
- wrap();
- for (i=0;i<16;i++) {a.f[i]=stateX[i];Y_0[i]=a.f[i];stateX[i]=0;}
- lenA[0]=lenC[0]=lenA[1]=lenC[1]=0;
- }
- status=GCM_ACCEPTING_HEADER;
- }
-
-/* Add Header data - included but not encrypted */
- public boolean add_header(byte[] header,int len)
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- int i,j=0;
- if (status!=GCM_ACCEPTING_HEADER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- stateX[i]^=header[j++];
- lenA[1]++; if (lenA[1]==0) lenA[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_ACCEPTING_CIPHER;
- return true;
- }
-
- private boolean ghash(byte[] plain,int len)
- {
- int i,j=0;
- int counter;
- // byte[] B=new byte[16];
- // byte[] b=new byte[4];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- stateX[i]^=plain[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return true;
- }
-
-/* Add Plaintext - included and encrypted */
- public byte[] add_plain(byte[] plain,int len)
- {
- int i,j=0;
- int counter;
- byte[] B=new byte[16];
- byte[] b=new byte[4];
- byte[] cipher=new byte[len];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return new byte[0];
-
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=pack(b);
- counter++;
- b=unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=a.f[i];
- a.ecb_encrypt(B); /* encrypt it */
-
- for (i=0;i<16 && j<len;i++)
- {
- cipher[j]=(byte)(plain[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return cipher;
- }
-
-/* Add Ciphertext - decrypts to plaintext */
- public byte[] add_cipher(byte[] cipher,int len)
- {
- int i,j=0;
- int counter;
- byte[] B=new byte[16];
- byte[] b=new byte[4];
- byte[] plain=new byte[len];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return new byte[0];
-
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=pack(b);
- counter++;
- b=unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=a.f[i];
- a.ecb_encrypt(B); /* encrypt it */
- for (i=0;i<16 && j<len;i++)
- {
- plain[j]=(byte)(cipher[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return plain;
- }
-
-/* Finish and extract Tag */
- public byte[] finish(boolean extract)
- { /* Finish off GHASH and extract tag (MAC) */
- int i;
- byte[] tag=new byte[16];
-
- wrap();
-/* extract tag */
- if (extract)
- {
- a.ecb_encrypt(Y_0); /* E(K,Y0) */
- for (i=0;i<16;i++) Y_0[i]^=stateX[i];
- for (i=0;i<16;i++) {tag[i]=Y_0[i];Y_0[i]=stateX[i]=0;}
- }
- status=GCM_FINISHED;
- a.end();
- return tag;
- }
-
- public static byte[] hex2bytes(String s) {
- int len = s.length();
- byte[] data = new byte[len / 2];
- for (int i = 0; i < len; i += 2) {
- data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
- + Character.digit(s.charAt(i+1), 16));
- }
- return data;
- }
-/*
- public static void main(String[] args) {
- int i;
-
- String KT="feffe9928665731c6d6a8f9467308308";
- String MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- String HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
-// char* NT="cafebabefacedbaddecaf888";
-// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
- String NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
-
- byte[] T=new byte[16]; // Tag
- byte[] K=new byte[16]; // AES Key
- byte[] H=new byte[64]; // Header - to be included in Authentication, but not encrypted
- byte[] N=new byte[100]; // IV - Initialisation vector
- byte[] M=new byte[100]; // Plaintext to be encrypted/authenticated
- byte[] C=new byte[100]; // Ciphertext
- byte[] P=new byte[100]; // Recovered Plaintext
-
- GCM g=new GCM();
-
- M=hex2bytes(MT);
- H=hex2bytes(HT);
- N=hex2bytes(NT);
- K=hex2bytes(KT);
-
- int len=M.length;
- int lenH=H.length;
- int lenK=K.length;
- int lenIV=N.length;
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",M[i]);
- System.out.format("\n");
-
- g.init(K,lenIV,N);
- g.add_header(H,lenH);
- C=g.add_plain(M,len);
- T=g.finish(true);
-
- System.out.format("Ciphertext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",C[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
-
- g.init(K,lenIV,N);
- g.add_header(H,lenH);
- P=g.add_cipher(C,len);
- T=g.finish(true);
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",P[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
- }
- */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/HASH.java
----------------------------------------------------------------------
diff --git a/java/HASH.java b/java/HASH.java
deleted file mode 100755
index 8a484c1..0000000
--- a/java/HASH.java
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256)
- *
- * Generates a 256 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-public class HASH {
- private int[] length=new int[2];
- private int[] h=new int[8];
- private int[] w=new int[64];
-
- public static final int H0=0x6A09E667;
- public static final int H1=0xBB67AE85;
- public static final int H2=0x3C6EF372;
- public static final int H3=0xA54FF53A;
- public static final int H4=0x510E527F;
- public static final int H5=0x9B05688C;
- public static final int H6=0x1F83D9AB;
- public static final int H7=0x5BE0CD19;
-
- public static final int len=32;
-
- public static final int[] K={
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2};
-
-
-/* functions */
- private static int S(int n,int x)
- {
- return (((x)>>>n) | ((x)<<(32-n)));
- }
-
- private static int R(int n,int x)
- {
- return ((x)>>>n);
- }
-
- private static int Ch(int x,int y,int z)
- {
- return ((x&y)^(~(x)&z));
- }
-
- private static int Maj(int x,int y,int z)
- {
- return ((x&y)^(x&z)^(y&z));
- }
-
- private static int Sig0(int x)
- {
- return (S(2,x)^S(13,x)^S(22,x));
- }
-
- private static int Sig1(int x)
- {
- return (S(6,x)^S(11,x)^S(25,x));
- }
-
- private static int theta0(int x)
- {
- return (S(7,x)^S(18,x)^R(3,x));
- }
-
- private static int theta1(int x)
- {
- return (S(17,x)^S(19,x)^R(10,x));
- }
-
-
- private void transform()
- { /* basic transformation step */
- int a,b,c,d,e,f,g,hh,t1,t2;
- int j;
- for (j=16;j<64;j++)
- w[j]=theta1(w[j-2])+w[j-7]+theta0(w[j-15])+w[j-16];
- a=h[0]; b=h[1]; c=h[2]; d=h[3];
- e=h[4]; f=h[5]; g=h[6]; hh=h[7];
-
- for (j=0;j<64;j++)
- { /* 64 times - mush it up */
- t1=hh+Sig1(e)+Ch(e,f,g)+K[j]+w[j];
- t2=Sig0(a)+Maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
-
- }
- h[0]+=a; h[1]+=b; h[2]+=c; h[3]+=d;
- h[4]+=e; h[5]+=f; h[6]+=g; h[7]+=hh;
- }
-
-/* Initialise Hash function */
- public void init()
- { /* initialise */
- int i;
- for (i=0;i<64;i++) w[i]=0;
- length[0]=length[1]=0;
- h[0]=H0;
- h[1]=H1;
- h[2]=H2;
- h[3]=H3;
- h[4]=H4;
- h[5]=H5;
- h[6]=H6;
- h[7]=H7;
- }
-
-/* Constructor */
- public HASH()
- {
- init();
- }
-
-/* process a single byte */
- public void process(int byt)
- { /* process the next message byte */
- int cnt;
- cnt=(length[0]/32)%16;
-
- w[cnt]<<=8;
- w[cnt]|=(byt&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1]++; length[0]=0; }
- if ((length[0]%512)==0) transform();
- }
-
-/* process an array of bytes */
- public void process_array(byte[] b)
- {
- for (int i=0;i<b.length;i++) process((int)b[i]);
- }
-
-/* process a 32-bit integer */
- public void process_num(int n)
- {
- process((n>>24)&0xff);
- process((n>>16)&0xff);
- process((n>>8)&0xff);
- process(n&0xff);
- }
-
-/* Generate 32-byte Hash */
- public byte[] hash()
- { /* pad message and finish - supply digest */
- int i;
- byte[] digest=new byte[32];
- int len0,len1;
- len0=length[0];
- len1=length[1];
- process(0x80);
- while ((length[0]%512)!=448) process(0);
- w[14]=len1;
- w[15]=len0;
- transform();
- for (i=0;i<len;i++)
- { /* convert to bytes */
- digest[i]=(byte)((h[i/4]>>(8*(3-i%4))) & 0xff);
- }
- init();
- return digest;
- }
-
-/* test program: should produce digest */
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-/*
- public static void main(String[] args) {
- byte[] test="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".getBytes();
- byte[] digest;
- int i;
- HASH sh=new HASH();
-
- for (i=0;i<test.length;i++)
- sh.process(test[i]);
-
- digest=sh.hash();
- for (i=0;i<32;i++) System.out.format("%02x",digest[i]);
-
- // for (i=0;i<32;i++) System.out.format("%d ",digest[i]);
-
- System.out.println("");
- } */
-}
-
[39/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/FP12.cs
----------------------------------------------------------------------
diff --git a/cs/FP12.cs b/cs/FP12.cs
deleted file mode 100644
index 2574aa8..0000000
--- a/cs/FP12.cs
+++ /dev/null
@@ -1,769 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-public sealed class FP12
-{
- private readonly FP4 a;
- private readonly FP4 b;
- private readonly FP4 c;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- c.reduce();
- }
-/* normalise all components of this */
- public void norm()
- {
- a.norm();
- b.norm();
- c.norm();
- }
-/* test x==0 ? */
- public bool iszilch()
- {
- reduce();
- return (a.iszilch() && b.iszilch() && c.iszilch());
- }
-/* test x==1 ? */
- public bool isunity()
- {
- FP4 one = new FP4(1);
- return (a.Equals(one) && b.iszilch() && c.iszilch());
- }
-/* return 1 if x==y, else 0 */
- public bool Equals(FP12 x)
- {
- return (a.Equals(x.a) && b.Equals(x.b) && c.Equals(x.c));
- }
-/* extract a from this */
- public FP4 geta()
- {
- return a;
- }
-/* extract b */
- public FP4 getb()
- {
- return b;
- }
-/* extract c */
- public FP4 getc()
- {
- return c;
- }
-/* copy this=x */
- public void copy(FP12 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- c.copy(x.c);
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- c.zero();
- }
-/* this=conj(this) */
- public void conj()
- {
- a.conj();
- b.nconj();
- c.conj();
- }
-/* Constructors */
- public FP12(FP4 d)
- {
- a = new FP4(d);
- b = new FP4(0);
- c = new FP4(0);
- }
-
- public FP12(int d)
- {
- a = new FP4(d);
- b = new FP4(0);
- c = new FP4(0);
- }
-
- public FP12(FP4 d, FP4 e, FP4 f)
- {
- a = new FP4(d);
- b = new FP4(e);
- c = new FP4(f);
- }
-
- public FP12(FP12 x)
- {
- a = new FP4(x.a);
- b = new FP4(x.b);
- c = new FP4(x.c);
- }
-
-/* Granger-Scott Unitary Squaring */
- public void usqr()
- {
- FP4 A = new FP4(a);
- FP4 B = new FP4(c);
- FP4 C = new FP4(b);
- FP4 D = new FP4(0);
-
- a.sqr();
- D.copy(a);
- D.add(a);
- a.add(D);
-
-// a.norm();
- A.nconj();
-
- A.add(A);
- a.add(A);
- B.sqr();
- B.times_i();
-
- D.copy(B);
- D.add(B);
- B.add(D);
-// B.norm();
-
- C.sqr();
- D.copy(C);
- D.add(C);
- C.add(D);
-// C.norm();
-
- b.conj();
- b.add(b);
- c.nconj();
-
- c.add(c);
- b.add(B);
- c.add(C);
- reduce();
-
- }
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- public void sqr()
- {
- FP4 A = new FP4(a);
- FP4 B = new FP4(b);
- FP4 C = new FP4(c);
- FP4 D = new FP4(a);
-
- A.sqr();
- B.mul(c);
- B.add(B);
- C.sqr();
- D.mul(b);
- D.add(D);
-
- c.add(a);
- c.add(b);
- c.sqr();
-
- a.copy(A);
-
- A.add(B);
-// A.norm();
- A.add(C);
- A.add(D);
-// A.norm();
-
- A.neg();
- B.times_i();
- C.times_i();
-
- a.add(B);
-
- b.copy(C);
- b.add(D);
- c.add(A);
- norm();
- }
-
-/* FP12 full multiplication this=this*y */
- public void mul(FP12 y)
- {
- FP4 z0 = new FP4(a);
- FP4 z1 = new FP4(0);
- FP4 z2 = new FP4(b);
- FP4 z3 = new FP4(0);
- FP4 t0 = new FP4(a);
- FP4 t1 = new FP4(y.a);
-
- z0.mul(y.a);
- z2.mul(y.b);
-
- t0.add(b);
- t1.add(y.b);
-
- z1.copy(t0);
- z1.mul(t1);
- t0.copy(b);
- t0.add(c);
-
- t1.copy(y.b);
- t1.add(y.c);
- z3.copy(t0);
- z3.mul(t1);
-
- t0.copy(z0);
- t0.neg();
- t1.copy(z2);
- t1.neg();
-
- z1.add(t0);
-// z1.norm();
- b.copy(z1);
- b.add(t1);
-
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a);
- t0.add(c);
- t1.copy(y.a);
- t1.add(y.c);
- t0.mul(t1);
- z2.add(t0);
-
- t0.copy(c);
- t0.mul(y.c);
- t1.copy(t0);
- t1.neg();
-
-// z2.norm();
-// z3.norm();
-// b.norm();
-
- c.copy(z2);
- c.add(t1);
- z3.add(t1);
- t0.times_i();
- b.add(t0);
-
- z3.times_i();
- a.copy(z0);
- a.add(z3);
- norm();
- }
-
-/* Special case of multiplication arises from special form of ATE pairing line function */
- public void smul(FP12 y)
- {
- FP4 z0 = new FP4(a);
- FP4 z2 = new FP4(b);
- FP4 z3 = new FP4(b);
- FP4 t0 = new FP4(0);
- FP4 t1 = new FP4(y.a);
-
- z0.mul(y.a);
- z2.pmul(y.b.real());
- b.add(a);
- t1.real().add(y.b.real());
-
- b.mul(t1);
- z3.add(c);
- z3.pmul(y.b.real());
-
- t0.copy(z0);
- t0.neg();
- t1.copy(z2);
- t1.neg();
-
- b.add(t0);
-// b.norm();
-
- b.add(t1);
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a);
- t0.add(c);
- t0.mul(y.a);
- c.copy(z2);
- c.add(t0);
-
- z3.times_i();
- a.copy(z0);
- a.add(z3);
-
- norm();
- }
-
-/* this=1/this */
- public void inverse()
- {
- FP4 f0 = new FP4(a);
- FP4 f1 = new FP4(b);
- FP4 f2 = new FP4(a);
- FP4 f3 = new FP4(0);
-
- norm();
- f0.sqr();
- f1.mul(c);
- f1.times_i();
- f0.sub(f1);
-
- f1.copy(c);
- f1.sqr();
- f1.times_i();
- f2.mul(b);
- f1.sub(f2);
-
- f2.copy(b);
- f2.sqr();
- f3.copy(a);
- f3.mul(c);
- f2.sub(f3);
-
- f3.copy(b);
- f3.mul(f2);
- f3.times_i();
- a.mul(f0);
- f3.add(a);
- c.mul(f1);
- c.times_i();
-
- f3.add(c);
- f3.inverse();
- a.copy(f0);
- a.mul(f3);
- b.copy(f1);
- b.mul(f3);
- c.copy(f2);
- c.mul(f3);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- FP2 f2 = new FP2(f);
- FP2 f3 = new FP2(f);
-
- f2.sqr();
- f3.mul(f2);
-
- a.frob(f3);
- b.frob(f3);
- c.frob(f3);
-
- b.pmul(f);
- c.pmul(f2);
- }
-
-/* trace function */
- public FP4 trace()
- {
- FP4 t = new FP4(0);
- t.copy(a);
- t.imul(3);
- t.reduce();
- return t;
- }
-
-/* convert from byte array to FP12 */
- public static FP12 fromBytes(sbyte[] w)
- {
- BIG a, b;
- FP2 c, d;
- FP4 e, f, g;
- sbyte[] t = new sbyte[ROM.MODBYTES];
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i];
- }
- a = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + ROM.MODBYTES];
- }
- b = BIG.fromBytes(t);
- c = new FP2(a,b);
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 2 * ROM.MODBYTES];
- }
- a = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 3 * ROM.MODBYTES];
- }
- b = BIG.fromBytes(t);
- d = new FP2(a,b);
-
- e = new FP4(c,d);
-
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 4 * ROM.MODBYTES];
- }
- a = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 5 * ROM.MODBYTES];
- }
- b = BIG.fromBytes(t);
- c = new FP2(a,b);
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 6 * ROM.MODBYTES];
- }
- a = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 7 * ROM.MODBYTES];
- }
- b = BIG.fromBytes(t);
- d = new FP2(a,b);
-
- f = new FP4(c,d);
-
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 8 * ROM.MODBYTES];
- }
- a = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 9 * ROM.MODBYTES];
- }
- b = BIG.fromBytes(t);
- c = new FP2(a,b);
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 10 * ROM.MODBYTES];
- }
- a = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = w[i + 11 * ROM.MODBYTES];
- }
- b = BIG.fromBytes(t);
- d = new FP2(a,b);
-
- g = new FP4(c,d);
-
- return new FP12(e,f,g);
- }
-
-/* convert this to byte array */
- public void toBytes(sbyte[] w)
- {
- sbyte[] t = new sbyte[ROM.MODBYTES];
- a.geta().A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i] = t[i];
- }
- a.geta().B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + ROM.MODBYTES] = t[i];
- }
- a.getb().A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 2 * ROM.MODBYTES] = t[i];
- }
- a.getb().B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 3 * ROM.MODBYTES] = t[i];
- }
-
- b.geta().A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 4 * ROM.MODBYTES] = t[i];
- }
- b.geta().B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 5 * ROM.MODBYTES] = t[i];
- }
- b.getb().A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 6 * ROM.MODBYTES] = t[i];
- }
- b.getb().B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 7 * ROM.MODBYTES] = t[i];
- }
-
- c.geta().A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 8 * ROM.MODBYTES] = t[i];
- }
- c.geta().B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 9 * ROM.MODBYTES] = t[i];
- }
- c.getb().A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 10 * ROM.MODBYTES] = t[i];
- }
- c.getb().B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- w[i + 11 * ROM.MODBYTES] = t[i];
- }
- }
-
-/* convert to hex string */
- public override string ToString()
- {
- return ("[" + a.ToString() + "," + b.ToString() + "," + c.ToString() + "]");
- }
-
-/* this=this^e */
- public FP12 pow(BIG e)
- {
- norm();
- e.norm();
- FP12 w = new FP12(this);
- BIG z = new BIG(e);
- FP12 r = new FP12(1);
-
- while (true)
- {
- int bt = z.parity();
- z.fshr(1);
- if (bt == 1)
- {
- r.mul(w);
- }
- if (z.iszilch())
- {
- break;
- }
- w.usqr();
- }
- r.reduce();
- return r;
- }
-
-/* constant time powering by small integer of max length bts */
- public void pinpow(int e, int bts)
- {
- int i, b;
- FP12[] R = new FP12[2];
- R[0] = new FP12(1);
- R[1] = new FP12(this);
- for (i = bts - 1;i >= 0;i--)
- {
- b = (e >> i) & 1;
- R[1 - b].mul(R[b]);
- R[b].usqr();
- }
- this.copy(R[0]);
- }
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
- public static FP12 pow4(FP12[] q, BIG[] u)
- {
- int i, j, nb, m;
- int[] a = new int[4];
- FP12[] g = new FP12[8];
- FP12[] s = new FP12[2];
- FP12 c = new FP12(1);
- FP12 p = new FP12(0);
- BIG[] t = new BIG[4];
- BIG mt = new BIG(0);
- sbyte[] w = new sbyte[ROM.NLEN * ROM.BASEBITS + 1];
-
- for (i = 0;i < 4;i++)
- {
- t[i] = new BIG(u[i]);
- }
-
- s[0] = new FP12(0);
- s[1] = new FP12(0);
-
- g[0] = new FP12(q[0]);
- s[0].copy(q[1]);
- s[0].conj();
- g[0].mul(s[0]);
- g[1] = new FP12(g[0]);
- g[2] = new FP12(g[0]);
- g[3] = new FP12(g[0]);
- g[4] = new FP12(q[0]);
- g[4].mul(q[1]);
- g[5] = new FP12(g[4]);
- g[6] = new FP12(g[4]);
- g[7] = new FP12(g[4]);
-
- s[1].copy(q[2]);
- s[0].copy(q[3]);
- s[0].conj();
- s[1].mul(s[0]);
- s[0].copy(s[1]);
- s[0].conj();
- g[1].mul(s[0]);
- g[2].mul(s[1]);
- g[5].mul(s[0]);
- g[6].mul(s[1]);
- s[1].copy(q[2]);
- s[1].mul(q[3]);
- s[0].copy(s[1]);
- s[0].conj();
- g[0].mul(s[0]);
- g[3].mul(s[1]);
- g[4].mul(s[0]);
- g[7].mul(s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
-
- for (i = 0;i < 4;i++)
- {
- if (t[i].parity() == 0)
- {
- t[i].inc(1);
- t[i].norm();
- c.mul(q[i]);
- }
- mt.add(t[i]);
- mt.norm();
- }
- c.conj();
- nb = 1 + mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j = 0;j < nb;j++)
- {
- for (i = 0;i < 4;i++)
- {
- a[i] = (t[i].lastbits(2) - 2);
- t[i].dec(a[i]);
- t[i].norm();
- t[i].fshr(1);
- }
- w[j] = (sbyte)(8 * a[0] + 4 * a[1] + 2 * a[2] + a[3]);
- }
- w[nb] = (sbyte)(8 * t[0].lastbits(2) + 4 * t[1].lastbits(2) + 2 * t[2].lastbits(2) + t[3].lastbits(2));
- p.copy(g[(w[nb] - 1) / 2]);
-
- for (i = nb - 1;i >= 0;i--)
- {
- m = w[i] >> 7;
- j = (w[i] ^ m) - m; // j=abs(w[i])
- j = (j - 1) / 2;
- s[0].copy(g[j]);
- s[1].copy(g[j]);
- s[1].conj();
- p.usqr();
- p.mul(s[m & 1]);
- }
- p.mul(c); // apply correction
- p.reduce();
- return p;
- }
-
-/*
- public static void main(String[] args) {
- BIG p=new BIG(ROM.Modulus);
- FP2 w0,w1;
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.zero(); b.zero(); a.inc(1); b.inc(2);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(3); b.inc(4);
- w1=new FP2(a,b);
- FP4 t0=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(5); b.inc(6);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(7); b.inc(8);
- w1=new FP2(a,b);
- FP4 t1=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(9); b.inc(10);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(11); b.inc(12);
- w1=new FP2(a,b);
- FP4 t2=new FP4(w0,w1);
-
- FP12 w=new FP12(t0,t1,t2);
- FP12 t=new FP12(w);
-
- System.out.println("w= "+w.toString());
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- w.frob(f);
- System.out.println("w= "+w.toString());
-
- w=t.pow(p);
-
- System.out.println("w= "+w.toString());
-
- w.inverse();
-
- System.out.println("1/w= "+w.toString());
-
- w.inverse();
-
- System.out.println("w= "+w.toString());
-
- t.copy(w);
- w.conj();
- t.inverse();
- w.mul(t);
-
- System.out.println("w^(p^6-1)= "+w.toString());
-
- t.copy(w);
- w.frob(f);
- w.frob(f);
- w.mul(t);
-
- System.out.println("w^(p^6-1)(p^2+1)= "+w.toString());
-
- t.copy(w);
-
- t.inverse();
- w.conj();
-
- System.out.println("w= "+w.toString());
- System.out.println("t= "+t.toString());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/FP2.cs
----------------------------------------------------------------------
diff --git a/cs/FP2.cs b/cs/FP2.cs
deleted file mode 100644
index f5c8d16..0000000
--- a/cs/FP2.cs
+++ /dev/null
@@ -1,428 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-public sealed class FP2
-{
- private readonly FP a;
- private readonly FP b;
-
-/* reduce components mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-
-/* normalise components of w */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-
-/* test this=0 ? */
- public bool iszilch()
- {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-
- public void cmove(FP2 g, int d)
- {
- a.cmove(g.a,d);
- b.cmove(g.b,d);
- }
-
-/* test this=1 ? */
- public bool isunity()
- {
- FP one = new FP(1);
- return (a.Equals(one) && b.iszilch());
- }
-
-/* test this=x */
- public bool Equals(FP2 x)
- {
- return (a.Equals(x.a) && b.Equals(x.b));
- }
-
-/* Constructors */
- public FP2(int c)
- {
- a = new FP(c);
- b = new FP(0);
- }
-
- public FP2(FP2 x)
- {
- a = new FP(x.a);
- b = new FP(x.b);
- }
-
- public FP2(FP c, FP d)
- {
- a = new FP(c);
- b = new FP(d);
- }
-
- public FP2(BIG c, BIG d)
- {
- a = new FP(c);
- b = new FP(d);
- }
-
- public FP2(FP c)
- {
- a = new FP(c);
- b = new FP(0);
- }
-
- public FP2(BIG c)
- {
- a = new FP(c);
- b = new FP(0);
- }
-
-/* extract a */
- public BIG A
- {
- get
- {
- return a.redc();
- }
- }
-
-/* extract b */
- public BIG B
- {
- get
- {
- return b.redc();
- }
- }
-
-/* copy this=x */
- public void copy(FP2 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-
-/* negate this mod Modulus */
- public void neg()
- {
- norm();
- FP m = new FP(a);
- FP t = new FP(0);
-
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m);
- t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-
-/* set to a-ib */
- public void conj()
- {
- b.neg();
- }
-
-/* this+=a */
- public void add(FP2 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-
-/* this-=a */
- public void sub(FP2 x)
- {
- FP2 m = new FP2(x);
- m.neg();
- add(m);
- }
-
-/* this*=s, where s is an FP */
- public void pmul(FP s)
- {
- a.mul(s);
- b.mul(s);
- }
-
-/* this*=i, where i is an int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-
-/* this*=this */
- public void sqr()
- {
- norm();
- FP w1 = new FP(a);
- FP w3 = new FP(a);
- FP mb = new FP(b);
-
- w3.mul(b);
- w1.add(b);
- mb.neg();
- a.add(mb);
- a.mul(w1);
- b.copy(w3);
- b.add(w3);
-// reduce();
- norm();
- }
-
-/* this*=y */
- public void mul(FP2 y)
- {
- norm(); // This is needed here as {a,b} is not normed before additions
-
- FP w1 = new FP(a);
- FP w2 = new FP(b);
- FP w5 = new FP(a);
- FP mw = new FP(0);
-
- w1.mul(y.a); // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b); // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(b); // w5=a+b
- b.copy(y.a);
- b.add(y.b); // b=y.a+y.b
-
- b.mul(w5);
- mw.copy(w1);
- mw.add(w2);
- mw.neg();
-
- b.add(mw);
- mw.add(w1);
- a.copy(w1);
- a.add(mw);
-
-// reduce();
- norm();
- }
-
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
- public bool sqrt()
- {
- if (iszilch())
- {
- return true;
- }
- FP w1 = new FP(b);
- FP w2 = new FP(a);
- w1.sqr();
- w2.sqr();
- w1.add(w2);
- if (w1.jacobi() != 1)
- {
- zero();
- return false;
- }
- w1 = w1.sqrt();
- w2.copy(a);
- w2.add(w1);
- w2.div2();
- if (w2.jacobi() != 1)
- {
- w2.copy(a);
- w2.sub(w1);
- w2.div2();
- if (w2.jacobi() != 1)
- {
- zero();
- return false;
- }
- }
- w2 = w2.sqrt();
- a.copy(w2);
- w2.add(w2);
- w2.inverse();
- b.mul(w2);
- return true;
- }
-
-/* output to hex string */
- public override string ToString()
- {
- return ("[" + a.ToString() + "," + b.ToString() + "]");
- }
-
- public string toRawString()
- {
- return ("[" + a.toRawString() + "," + b.toRawString() + "]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
- FP w1 = new FP(a);
- FP w2 = new FP(b);
-
- w1.sqr();
- w2.sqr();
- w1.add(w2);
- w1.inverse();
- a.mul(w1);
- w1.neg();
- b.mul(w1);
- }
-
-/* this/=2 */
- public void div2()
- {
- a.div2();
- b.div2();
- }
-
-/* this*=sqrt(-1) */
- public void times_i()
- {
- // a.norm();
- FP z = new FP(a);
- a.copy(b);
- a.neg();
- b.copy(z);
- }
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- public void mul_ip()
- {
- norm();
- FP2 t = new FP2(this);
- FP z = new FP(a);
- a.copy(b);
- a.neg();
- b.copy(z);
- add(t);
- norm();
- }
-
-/* w/=(1+sqrt(-1)) */
- public void div_ip()
- {
- FP2 t = new FP2(0);
- norm();
- t.a.copy(a);
- t.a.add(b);
- t.b.copy(b);
- t.b.sub(a);
- copy(t);
- div2();
- }
-/*
- public FP2 pow(BIG e)
- {
- int bt;
- FP2 r=new FP2(1);
- e.norm();
- norm();
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(this);
- if (e.iszilch()) break;
- sqr();
- }
-
- r.reduce();
- return r;
- }
-
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(27);
- BIG pp1=new BIG(m);
- BIG pm1=new BIG(m);
- BIG a=new BIG(1);
- BIG b=new BIG(1);
- FP2 w=new FP2(a,b);
- FP2 z=new FP2(w);
-
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
- for (int i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
- // for (int i=0;i<100;i++)
- // {
- a.randomnum(rng);
- b.randomnum(rng);
-
- w=new FP2(a,b);
- System.out.println("w="+w.toString());
-
- z=new FP2(w);
- z.inverse();
- System.out.println("z="+z.toString());
-
- z.inverse();
- if (!z.equals(w)) System.out.println("Error");
- // }
-
-// System.out.println("m="+m.toString());
-// w.sqr();
-// w.mul(z);
-
- System.out.println("w="+w.toString());
-
-
- pp1.inc(1); pp1.norm();
- pm1.dec(1); pm1.norm();
- System.out.println("p+1="+pp1.toString());
- System.out.println("p-1="+pm1.toString());
- w=w.pow(pp1);
- w=w.pow(pm1);
- System.out.println("w="+w.toString());
- }
-*/
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/FP4.cs
----------------------------------------------------------------------
diff --git a/cs/FP4.cs b/cs/FP4.cs
deleted file mode 100644
index 317a07c..0000000
--- a/cs/FP4.cs
+++ /dev/null
@@ -1,633 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-public sealed class FP4
-{
- private readonly FP2 a;
- private readonly FP2 b;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-/* normalise all components of this mod Modulus */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-/* test this==0 ? */
- public bool iszilch()
- {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-/* test this==1 ? */
- public bool isunity()
- {
- FP2 one = new FP2(1);
- return (a.Equals(one) && b.iszilch());
- }
-
-/* test is w real? That is in a+ib test b is zero */
- public bool isreal()
- {
- return b.iszilch();
- }
-/* extract real part a */
- public FP2 real()
- {
- return a;
- }
-
- public FP2 geta()
- {
- return a;
- }
-/* extract imaginary part b */
- public FP2 getb()
- {
- return b;
- }
-/* test this=x? */
- public bool Equals(FP4 x)
- {
- return (a.Equals(x.a) && b.Equals(x.b));
- }
-/* constructors */
- public FP4(int c)
- {
- a = new FP2(c);
- b = new FP2(0);
- }
-
- public FP4(FP4 x)
- {
- a = new FP2(x.a);
- b = new FP2(x.b);
- }
-
- public FP4(FP2 c, FP2 d)
- {
- a = new FP2(c);
- b = new FP2(d);
- }
-
- public FP4(FP2 c)
- {
- a = new FP2(c);
- b = new FP2(0);
- }
-/* copy this=x */
- public void copy(FP4 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-/* set this=-this */
- public void neg()
- {
- FP2 m = new FP2(a);
- FP2 t = new FP2(0);
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m);
- t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-/* this=conjugate(this) */
- public void conj()
- {
- b.neg();
- b.norm();
- }
-/* this=-conjugate(this) */
- public void nconj()
- {
- a.neg();
- a.norm();
- }
-/* this+=x */
- public void add(FP4 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-/* this-=x */
- public void sub(FP4 x)
- {
- FP4 m = new FP4(x);
- m.neg();
- add(m);
- }
-
-/* this*=s where s is FP2 */
- public void pmul(FP2 s)
- {
- a.mul(s);
- b.mul(s);
- }
-/* this*=c where c is int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-/* this*=this */
- public void sqr()
- {
- norm();
-
- FP2 t1 = new FP2(a);
- FP2 t2 = new FP2(b);
- FP2 t3 = new FP2(a);
-
- t3.mul(b);
- t1.add(b);
- t2.mul_ip();
-
- t2.add(a);
- a.copy(t1);
-
- a.mul(t2);
-
- t2.copy(t3);
- t2.mul_ip();
- t2.add(t3);
- t2.neg();
- a.add(t2);
-
- b.copy(t3);
- b.add(t3);
-
- norm();
- }
-/* this*=y */
- public void mul(FP4 y)
- {
- norm();
-
- FP2 t1 = new FP2(a);
- FP2 t2 = new FP2(b);
- FP2 t3 = new FP2(0);
- FP2 t4 = new FP2(b);
-
- t1.mul(y.a);
- t2.mul(y.b);
- t3.copy(y.b);
- t3.add(y.a);
- t4.add(a);
-
- t4.mul(t3);
- t4.sub(t1);
-// t4.norm();
-
- b.copy(t4);
- b.sub(t2);
- t2.mul_ip();
- a.copy(t2);
- a.add(t1);
-
- norm();
- }
-/* convert this to hex string */
- public override string ToString()
- {
- return ("[" + a.ToString() + "," + b.ToString() + "]");
- }
-
- public string toRawString()
- {
- return ("[" + a.toRawString() + "," + b.toRawString() + "]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
-
- FP2 t1 = new FP2(a);
- FP2 t2 = new FP2(b);
-
- t1.sqr();
- t2.sqr();
- t2.mul_ip();
- t1.sub(t2);
- t1.inverse();
- a.mul(t1);
- t1.neg();
- b.mul(t1);
- }
-
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
- public void times_i()
- {
- norm();
- FP2 s = new FP2(b);
- FP2 t = new FP2(b);
- s.times_i();
- t.add(s);
-// t.norm();
- b.copy(a);
- a.copy(t);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- a.conj();
- b.conj();
- b.mul(f);
- }
-
-/* this=this^e */
- public FP4 pow(BIG e)
- {
- norm();
- e.norm();
- FP4 w = new FP4(this);
- BIG z = new BIG(e);
- FP4 r = new FP4(1);
- while (true)
- {
- int bt = z.parity();
- z.fshr(1);
- if (bt == 1)
- {
- r.mul(w);
- }
- if (z.iszilch())
- {
- break;
- }
- w.sqr();
- }
- r.reduce();
- return r;
- }
-/* XTR xtr_a function */
- public void xtr_A(FP4 w, FP4 y, FP4 z)
- {
- FP4 r = new FP4(w);
- FP4 t = new FP4(w);
- r.sub(y);
- r.pmul(a);
- t.add(y);
- t.pmul(b);
- t.times_i();
-
- copy(r);
- add(t);
- add(z);
-
- norm();
- }
-
-/* XTR xtr_d function */
- public void xtr_D()
- {
- FP4 w = new FP4(this);
- sqr();
- w.conj();
- w.add(w);
- sub(w);
- reduce();
- }
-
-/* r=x^n using XTR method on traces of FP12s */
- public FP4 xtr_pow(BIG n)
- {
- FP4 a = new FP4(3);
- FP4 b = new FP4(this);
- FP4 c = new FP4(b);
- c.xtr_D();
- FP4 t = new FP4(0);
- FP4 r = new FP4(0);
-
- n.norm();
- int par = n.parity();
- BIG v = new BIG(n);
- v.fshr(1);
- if (par == 0)
- {
- v.dec(1);
- v.norm();
- }
-
- int nb = v.nbits();
- for (int i = nb - 1;i >= 0;i--)
- {
- if (v.bit(i) != 1)
- {
- t.copy(b);
- conj();
- c.conj();
- b.xtr_A(a,this,c);
- conj();
- c.copy(t);
- c.xtr_D();
- a.xtr_D();
- }
- else
- {
- t.copy(a);
- t.conj();
- a.copy(b);
- a.xtr_D();
- b.xtr_A(c,this,t);
- c.xtr_D();
- }
- }
- if (par == 0)
- {
- r.copy(c);
- }
- else
- {
- r.copy(b);
- }
- r.reduce();
- return r;
- }
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- public FP4 xtr_pow2(FP4 ck, FP4 ckml, FP4 ckm2l, BIG a, BIG b)
- {
- a.norm();
- b.norm();
- BIG e = new BIG(a);
- BIG d = new BIG(b);
- BIG w = new BIG(0);
-
- FP4 cu = new FP4(ck); // can probably be passed in w/o copying
- FP4 cv = new FP4(this);
- FP4 cumv = new FP4(ckml);
- FP4 cum2v = new FP4(ckm2l);
- FP4 r = new FP4(0);
- FP4 t = new FP4(0);
-
- int f2 = 0;
- while (d.parity() == 0 && e.parity() == 0)
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e) != 0)
- {
- if (BIG.comp(d,e) > 0)
- {
- w.copy(e);
- w.imul(4);
- w.norm();
- if (BIG.comp(d,w) <= 0)
- {
- w.copy(d);
- d.copy(e);
- e.rsub(w);
- e.norm();
-
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cum2v.conj();
- cumv.copy(cv);
- cv.copy(cu);
- cu.copy(t);
-
- }
- else if (d.parity() == 0)
- {
- d.fshr(1);
- r.copy(cum2v);
- r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- else if (e.parity() == 1)
- {
- d.sub(e);
- d.norm();
- d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cu.xtr_D();
- cum2v.copy(cv);
- cum2v.xtr_D();
- cum2v.conj();
- cv.copy(t);
- }
- else
- {
- w.copy(d);
- d.copy(e);
- d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v);
- cumv.conj();
- cum2v.copy(t);
- cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- }
- if (BIG.comp(d,e) < 0)
- {
- w.copy(d);
- w.imul(4);
- w.norm();
- if (BIG.comp(e,w) <= 0)
- {
- e.sub(d);
- e.norm();
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cumv.copy(cu);
- cu.copy(t);
- }
- else if (e.parity() == 0)
- {
- w.copy(d);
- d.copy(e);
- d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v);
- cumv.conj();
- cum2v.copy(t);
- cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- else if (d.parity() == 1)
- {
- w.copy(e);
- e.copy(d);
- w.sub(d);
- w.norm();
- d.copy(w);
- d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cumv.conj();
- cum2v.copy(cu);
- cum2v.xtr_D();
- cum2v.conj();
- cu.copy(cv);
- cu.xtr_D();
- cv.copy(t);
- }
- else
- {
- d.fshr(1);
- r.copy(cum2v);
- r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- }
- }
- r.copy(cv);
- r.xtr_A(cu,cumv,cum2v);
- for (int i = 0;i < f2;i++)
- {
- r.xtr_D();
- }
- r = r.xtr_pow(d);
- return r;
- }
-
-/*
-
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG e=new BIG(12);
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.inc(27); b.inc(45);
-
- FP2 w0=new FP2(a,b);
-
- a.zero(); b.zero();
- a.inc(33); b.inc(54);
-
- FP2 w1=new FP2(a,b);
-
-
- FP4 w=new FP4(w0,w1);
- FP4 t=new FP4(w);
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- System.out.println("w= "+w.toString());
-
- w=w.pow(m);
-
- System.out.println("w^p= "+w.toString());
-
- t.frob(f);
-
-
- System.out.println("w^p= "+t.toString());
-
- w=w.pow(m);
- w=w.pow(m);
- w=w.pow(m);
- System.out.println("w^p4= "+w.toString());
-
-
- System.out.println("Test Inversion");
-
- w=new FP4(w0,w1);
-
- w.inverse();
-
- System.out.println("1/w mod p^4 = "+w.toString());
-
- w.inverse();
-
- System.out.println("1/(1/w) mod p^4 = "+w.toString());
-
- FP4 ww=new FP4(w);
-
- w=w.xtr_pow(e);
- System.out.println("w^e= "+w.toString());
-
-
- a.zero(); b.zero();
- a.inc(37); b.inc(17);
- w0=new FP2(a,b);
- a.zero(); b.zero();
- a.inc(49); b.inc(31);
- w1=new FP2(a,b);
-
- FP4 c1=new FP4(w0,w1);
- FP4 c2=new FP4(w0,w1);
- FP4 c3=new FP4(w0,w1);
-
- BIG e1=new BIG(3331);
- BIG e2=new BIG(3372);
-
- FP4 cr=w.xtr_pow2(c1,c2,c3,e1,e2);
-
- System.out.println("c^e= "+cr.toString());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/GCM.cs
----------------------------------------------------------------------
diff --git a/cs/GCM.cs b/cs/GCM.cs
deleted file mode 100644
index 5ddd706..0000000
--- a/cs/GCM.cs
+++ /dev/null
@@ -1,500 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-
-public class GCM
-{
- public const int NB = 4;
- public const int GCM_ACCEPTING_HEADER = 0;
- public const int GCM_ACCEPTING_CIPHER = 1;
- public const int GCM_NOT_ACCEPTING_MORE = 2;
- public const int GCM_FINISHED = 3;
- public const int GCM_ENCRYPTING = 0;
- public const int GCM_DECRYPTING = 1;
-
-//JAVA TO C# CONVERTER NOTE: The following call to the 'RectangularArrays' helper class reproduces the rectangular array initialization that is automatic in Java:
-//ORIGINAL LINE: private int[][] table = new int[128][4]; // 2k bytes
- private int[][] table = RectangularArrays.ReturnRectangularIntArray(128, 4); // 2k bytes
- private sbyte[] stateX = new sbyte[16];
- private sbyte[] Y_0 = new sbyte[16];
- private int counter;
- private int[] lenA = new int[2];
- private int[] lenC = new int[2];
- private int status;
- private AES a = new AES();
-
- private static int pack(sbyte[] b)
- { // pack bytes into a 32-bit Word
- return ((((int)b[0]) & 0xff) << 24) | (((int)b[1] & 0xff) << 16) | (((int)b[2] & 0xff) << 8) | ((int)b[3] & 0xff);
- }
-
- private static sbyte[] unpack(int a)
- { // unpack bytes from a word
- sbyte[] b = new sbyte[4];
- b[3] = (sbyte)(a);
- b[2] = (sbyte)((int)((uint)a >> 8));
- b[1] = (sbyte)((int)((uint)a >> 16));
- b[0] = (sbyte)((int)((uint)a >> 24));
- return b;
- }
-
- private void precompute(sbyte[] H)
- {
- int i, j, c;
- sbyte[] b = new sbyte[4];
-
- for (i = j = 0;i < NB;i++,j += 4)
- {
- b[0] = H[j];
- b[1] = H[j + 1];
- b[2] = H[j + 2];
- b[3] = H[j + 3];
- table[0][i] = pack(b);
- }
- for (i = 1;i < 128;i++)
- {
- c = 0;
- for (j = 0;j < NB;j++)
- {
- table[i][j] = c | (int)((uint)(table[i - 1][j]) >> 1);
- c = table[i - 1][j] << 31;
- }
- if (c != 0)
- {
- table[i][0] ^= unchecked((int)0xE1000000); // irreducible polynomial
- }
- }
- }
-
- private void gf2mul()
- { // gf2m mul - Z=H*X mod 2^128
- int i, j, m, k;
- int[] P = new int[4];
- int c;
- sbyte[] b; //=new byte[4];
-
- P[0] = P[1] = P[2] = P[3] = 0;
- j = 8;
- m = 0;
- for (i = 0;i < 128;i++)
- {
- c = ((int)((uint)stateX[m] >> (--j))) & 1;
- if (c != 0)
- {
- for (k = 0;k < NB;k++)
- {
- P[k] ^= table[i][k];
- }
- }
- if (j == 0)
- {
- j = 8;
- m++;
- if (m == 16)
- {
- break;
- }
- }
- }
- for (i = j = 0;i < NB;i++,j += 4)
- {
- b = unpack(P[i]);
- stateX[j] = b[0];
- stateX[j + 1] = b[1];
- stateX[j + 2] = b[2];
- stateX[j + 3] = b[3];
- }
- }
-
- private void wrap()
- { // Finish off GHASH
- int i, j;
- int[] F = new int[4];
- sbyte[] L = new sbyte[16];
- sbyte[] b; //=new byte[4];
-
-/* convert lengths from bytes to bits */
- F[0] = (lenA[0] << 3) | (int)((uint)(lenA[1] & 0xE0000000)>>29);
- F[1] = lenA[1] << 3;
- F[2] = (lenC[0] << 3) | (int)((uint)(lenC[1] & 0xE0000000)>>29);
- F[3] = lenC[1] << 3;
- for (i = j = 0;i < NB;i++,j += 4)
- {
- b = unpack(F[i]);
- L[j] = b[0];
- L[j + 1] = b[1];
- L[j + 2] = b[2];
- L[j + 3] = b[3];
- }
- for (i = 0;i < 16;i++)
- {
- stateX[i] ^= L[i];
- }
- gf2mul();
- }
-
-/* Initialize GCM mode */
- public virtual void init(sbyte[] key, int niv, sbyte[] iv)
- { // iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes
- int i;
- sbyte[] H = new sbyte[16];
- sbyte[] b; //=new byte[4];
-
- for (i = 0;i < 16;i++)
- {
- H[i] = 0;
- stateX[i] = 0;
- }
-
- a.init(AES.ECB,key,iv);
- a.ecb_encrypt(H); // E(K,0)
- precompute(H);
-
- lenA[0] = lenC[0] = lenA[1] = lenC[1] = 0;
- if (niv == 12)
- {
- for (i = 0;i < 12;i++)
- {
- a.f[i] = iv[i];
- }
- b = unpack((int)1);
- a.f[12] = b[0];
- a.f[13] = b[1];
- a.f[14] = b[2];
- a.f[15] = b[3]; // initialise IV
- for (i = 0;i < 16;i++)
- {
- Y_0[i] = a.f[i];
- }
- }
- else
- {
- status = GCM_ACCEPTING_CIPHER;
- ghash(iv,niv); // GHASH(H,0,IV)
- wrap();
- for (i = 0;i < 16;i++)
- {
- a.f[i] = stateX[i];
- Y_0[i] = a.f[i];
- stateX[i] = 0;
- }
- lenA[0] = lenC[0] = lenA[1] = lenC[1] = 0;
- }
- status = GCM_ACCEPTING_HEADER;
- }
-
-/* Add Header data - included but not encrypted */
- public virtual bool add_header(sbyte[] header, int len)
- { // Add some header. Won't be encrypted, but will be authenticated. len is length of header
- int i , j = 0;
- if (status != GCM_ACCEPTING_HEADER)
- {
- return false;
- }
-
- while (j < len)
- {
- for (i = 0;i < 16 && j < len;i++)
- {
- stateX[i] ^= header[j++];
- lenA[1]++;
- if (lenA[1] == 0)
- {
- lenA[0]++;
- }
- }
- gf2mul();
- }
- if (len % 16 != 0)
- {
- status = GCM_ACCEPTING_CIPHER;
- }
- return true;
- }
-
- private bool ghash(sbyte[] plain, int len)
- {
- int i , j = 0;
- int counter;
- // byte[] B=new byte[16];
- // byte[] b=new byte[4];
-
- if (status == GCM_ACCEPTING_HEADER)
- {
- status = GCM_ACCEPTING_CIPHER;
- }
- if (status != GCM_ACCEPTING_CIPHER)
- {
- return false;
- }
-
- while (j < len)
- {
- for (i = 0;i < 16 && j < len;i++)
- {
- stateX[i] ^= plain[j++];
- lenC[1]++;
- if (lenC[1] == 0)
- {
- lenC[0]++;
- }
- }
- gf2mul();
- }
- if (len % 16 != 0)
- {
- status = GCM_NOT_ACCEPTING_MORE;
- }
- return true;
- }
-
-/* Add Plaintext - included and encrypted */
- public virtual sbyte[] add_plain(sbyte[] plain, int len)
- {
- int i , j = 0;
- int counter;
- sbyte[] B = new sbyte[16];
- sbyte[] b = new sbyte[4];
- sbyte[] cipher = new sbyte[len];
-
- if (status == GCM_ACCEPTING_HEADER)
- {
- status = GCM_ACCEPTING_CIPHER;
- }
- if (status != GCM_ACCEPTING_CIPHER)
- {
- return new sbyte[0];
- }
-
- while (j < len)
- {
-
- b[0] = a.f[12];
- b[1] = a.f[13];
- b[2] = a.f[14];
- b[3] = a.f[15];
- counter = pack(b);
- counter++;
- b = unpack(counter);
- a.f[12] = b[0];
- a.f[13] = b[1];
- a.f[14] = b[2];
- a.f[15] = b[3]; // increment counter
- for (i = 0;i < 16;i++)
- {
- B[i] = a.f[i];
- }
- a.ecb_encrypt(B); // encrypt it
-
- for (i = 0;i < 16 && j < len;i++)
- {
- cipher[j] = (sbyte)(plain[j] ^ B[i]);
- stateX[i] ^= cipher[j++];
- lenC[1]++;
- if (lenC[1] == 0)
- {
- lenC[0]++;
- }
- }
- gf2mul();
- }
- if (len % 16 != 0)
- {
- status = GCM_NOT_ACCEPTING_MORE;
- }
- return cipher;
- }
-
-/* Add Ciphertext - decrypts to plaintext */
- public virtual sbyte[] add_cipher(sbyte[] cipher, int len)
- {
- int i , j = 0;
- int counter;
- sbyte[] B = new sbyte[16];
- sbyte[] b = new sbyte[4];
- sbyte[] plain = new sbyte[len];
-
- if (status == GCM_ACCEPTING_HEADER)
- {
- status = GCM_ACCEPTING_CIPHER;
- }
- if (status != GCM_ACCEPTING_CIPHER)
- {
- return new sbyte[0];
- }
-
- while (j < len)
- {
-
- b[0] = a.f[12];
- b[1] = a.f[13];
- b[2] = a.f[14];
- b[3] = a.f[15];
- counter = pack(b);
- counter++;
- b = unpack(counter);
- a.f[12] = b[0];
- a.f[13] = b[1];
- a.f[14] = b[2];
- a.f[15] = b[3]; // increment counter
- for (i = 0;i < 16;i++)
- {
- B[i] = a.f[i];
- }
- a.ecb_encrypt(B); // encrypt it
- for (i = 0;i < 16 && j < len;i++)
- {
- plain[j] = (sbyte)(cipher[j] ^ B[i]);
- stateX[i] ^= cipher[j++];
- lenC[1]++;
- if (lenC[1] == 0)
- {
- lenC[0]++;
- }
- }
- gf2mul();
- }
- if (len % 16 != 0)
- {
- status = GCM_NOT_ACCEPTING_MORE;
- }
- return plain;
- }
-
-/* Finish and extract Tag */
- public virtual sbyte[] finish(bool extract)
- { // Finish off GHASH and extract tag (MAC)
- int i;
- sbyte[] tag = new sbyte[16];
-
- wrap();
-/* extract tag */
- if (extract)
- {
- a.ecb_encrypt(Y_0); // E(K,Y0)
- for (i = 0;i < 16;i++)
- {
- Y_0[i] ^= stateX[i];
- }
- for (i = 0;i < 16;i++)
- {
- tag[i] = Y_0[i];
- Y_0[i] = stateX[i] = 0;
- }
- }
- status = GCM_FINISHED;
- a.end();
- return tag;
- }
-
- public static sbyte[] hex2bytes(string s)
- {
- int len = s.Length;
- sbyte[] data = new sbyte[len / 2];
- for (int i = 0; i < len; i += 2)
- {
- data[i / 2] = (sbyte)((char.digit(s[i], 16) << 4) + char.digit(s[i + 1], 16));
- }
- return data;
- }
-
-/*
- public static void main(String[] args) {
- int i;
-
- String KT="feffe9928665731c6d6a8f9467308308";
- String MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- String HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
-// char* NT="cafebabefacedbaddecaf888";
-// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
- String NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
-
- byte[] T=new byte[16]; // Tag
- byte[] K=new byte[16]; // AES Key
- byte[] H=new byte[64]; // Header - to be included in Authentication, but not encrypted
- byte[] N=new byte[100]; // IV - Initialisation vector
- byte[] M=new byte[100]; // Plaintext to be encrypted/authenticated
- byte[] C=new byte[100]; // Ciphertext
- byte[] P=new byte[100]; // Recovered Plaintext
-
- GCM g=new GCM();
-
- M=hex2bytes(MT);
- H=hex2bytes(HT);
- N=hex2bytes(NT);
- K=hex2bytes(KT);
-
- int len=M.length;
- int lenH=H.length;
- int lenK=K.length;
- int lenIV=N.length;
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",M[i]);
- System.out.format("\n");
-
- g.init(K,lenIV,N);
- g.add_header(H,lenH);
- C=g.add_plain(M,len);
- T=g.finish(true);
-
- System.out.format("Ciphertext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",C[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
-
- g.init(K,lenIV,N);
- g.add_header(H,lenH);
- P=g.add_cipher(C,len);
- T=g.finish(true);
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",P[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/HASH.cs
----------------------------------------------------------------------
diff --git a/cs/HASH.cs b/cs/HASH.cs
deleted file mode 100644
index 50d4427..0000000
--- a/cs/HASH.cs
+++ /dev/null
@@ -1,240 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256)
- *
- * Generates a 256 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-public class HASH
-{
- private int[] length = new int[2];
- private int[] h = new int[8];
- private int[] w = new int[64];
-
- public const int H0 = 0x6A09E667;
- public const int H1 = unchecked((int)0xBB67AE85);
- public const int H2 = 0x3C6EF372;
- public const int H3 = unchecked((int)0xA54FF53A);
- public const int H4 = 0x510E527F;
- public const int H5 = unchecked((int)0x9B05688C);
- public const int H6 = 0x1F83D9AB;
- public const int H7 = 0x5BE0CD19;
-
- public const int len = 32;
-
- public static readonly int[] K = new int[] {0x428a2f98, 0x71374491, unchecked((int)0xb5c0fbcf), unchecked((int)0xe9b5dba5), 0x3956c25b, 0x59f111f1, unchecked((int)0x923f82a4), unchecked((int)0xab1c5ed5), unchecked((int)0xd807aa98), 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, unchecked((int)0x80deb1fe), unchecked((int)0x9bdc06a7), unchecked((int)0xc19bf174), unchecked((int)0xe49b69c1), unchecked((int)0xefbe4786), 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, unchecked((int)0x983e5152), unchecked((int)0xa831c66d), unchecked((int)0xb00327c8), unchecked((int)0xbf597fc7), unchecked((int)0xc6e00bf3), unchecked((int)0xd5a79147), 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, unchecked((int)0x81c2c92e), unchecked((int)0x92722c85), unchecked((int)0xa2bfe8a1), unchecked((int)0xa81a664b), unchecked((int)0xc24b8b70), unchecked((int)0xc76c51a3), unchecked((int)0xd192e819), unchecked((int)0xd6990624), unchecked((int)0
xf40e3585), 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, unchecked((int)0x84c87814), unchecked((int)0x8cc70208), unchecked((int)0x90befffa), unchecked((int)0xa4506ceb), unchecked((int)0xbef9a3f7), unchecked((int)0xc67178f2)};
-
-
-/* functions */
- private static int S(int n, int x)
- {
- return (((int)((uint)(x) >> n)) | ((x) << (32 - n)));
- }
-
- private static int R(int n, int x)
- {
- return ((int)((uint)(x) >> n));
- }
-
- private static int Ch(int x, int y, int z)
- {
- return ((x & y) ^ (~(x) & z));
- }
-
- private static int Maj(int x, int y, int z)
- {
- return ((x & y) ^ (x & z) ^ (y & z));
- }
-
- private static int Sig0(int x)
- {
- return (S(2,x) ^ S(13,x) ^ S(22,x));
- }
-
- private static int Sig1(int x)
- {
- return (S(6,x) ^ S(11,x) ^ S(25,x));
- }
-
- private static int theta0(int x)
- {
- return (S(7,x) ^ S(18,x) ^ R(3,x));
- }
-
- private static int theta1(int x)
- {
- return (S(17,x) ^ S(19,x) ^ R(10,x));
- }
-
-
- private void transform()
- { // basic transformation step
- int a, b, c, d, e, f, g, hh, t1, t2;
- int j;
- for (j = 16;j < 64;j++)
- {
- w[j] = theta1(w[j - 2]) + w[j - 7] + theta0(w[j - 15]) + w[j - 16];
- }
- a = h[0];
- b = h[1];
- c = h[2];
- d = h[3];
- e = h[4];
- f = h[5];
- g = h[6];
- hh = h[7];
-
- for (j = 0;j < 64;j++)
- { // 64 times - mush it up
- t1 = hh + Sig1(e) + Ch(e,f,g) + K[j] + w[j];
- t2 = Sig0(a) + Maj(a,b,c);
- hh = g;
- g = f;
- f = e;
- e = d + t1;
- d = c;
- c = b;
- b = a;
- a = t1 + t2;
-
- }
- h[0] += a;
- h[1] += b;
- h[2] += c;
- h[3] += d;
- h[4] += e;
- h[5] += f;
- h[6] += g;
- h[7] += hh;
- }
-
-/* Initialise Hash function */
- public virtual void init()
- { // initialise
- int i;
- for (i = 0;i < 64;i++)
- {
- w[i] = 0;
- }
- length[0] = length[1] = 0;
- h[0] = H0;
- h[1] = H1;
- h[2] = H2;
- h[3] = H3;
- h[4] = H4;
- h[5] = H5;
- h[6] = H6;
- h[7] = H7;
- }
-
-/* Constructor */
- public HASH()
- {
- init();
- }
-
-/* process a single byte */
- public virtual void process(int byt)
- { // process the next message byte
- int cnt;
- cnt = (length[0] / 32) % 16;
-
- w[cnt] <<= 8;
- w[cnt] |= (byt & 0xFF);
- length[0] += 8;
- if (length[0] == 0)
- {
- length[1]++;
- length[0] = 0;
- }
- if ((length[0] % 512) == 0)
- {
- transform();
- }
- }
-
-/* process an array of bytes */
- public virtual void process_array(sbyte[] b)
- {
- for (int i = 0;i < b.Length;i++)
- {
- process((int)b[i]);
- }
- }
-
-/* process a 32-bit integer */
- public virtual void process_num(int n)
- {
- process((n >> 24) & 0xff);
- process((n >> 16) & 0xff);
- process((n >> 8) & 0xff);
- process(n & 0xff);
- }
-
-/* Generate 32-byte Hash */
- public virtual sbyte[] hash()
- { // pad message and finish - supply digest
- int i;
- sbyte[] digest = new sbyte[32];
- int len0, len1;
- len0 = length[0];
- len1 = length[1];
- process(0x80);
- while ((length[0] % 512) != 448)
- {
- process(0);
- }
- w[14] = len1;
- w[15] = len0;
- transform();
- for (i = 0;i < len;i++)
- { // convert to bytes
- digest[i] = unchecked((sbyte)((h[i / 4] >> (8 * (3 - i % 4))) & 0xff));
- }
- init();
- return digest;
- }
-
-/* test program: should produce digest */
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-/*
- public static void main(String[] args) {
- byte[] test="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".getBytes();
- byte[] digest;
- int i;
- HASH sh=new HASH();
-
- for (i=0;i<test.length;i++)
- sh.process(test[i]);
-
- digest=sh.hash();
- for (i=0;i<32;i++) System.out.format("%02x",digest[i]);
-
- // for (i=0;i<32;i++) System.out.format("%d ",digest[i]);
-
- System.out.println("");
- } */
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/MPIN.cs
----------------------------------------------------------------------
diff --git a/cs/MPIN.cs b/cs/MPIN.cs
deleted file mode 100644
index f8ae051..0000000
--- a/cs/MPIN.cs
+++ /dev/null
@@ -1,916 +0,0 @@
-using System;
-
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-public class MPIN
-{
- public static readonly int EFS = ROM.MODBYTES;
- public static readonly int EGS = ROM.MODBYTES;
- public const int PAS = 16;
- public const int BAD_PARAMS = -11;
- public const int INVALID_POINT = -14;
- public const int WRONG_ORDER = -18;
- public const int BAD_PIN = -19;
-
-/* Configure your PIN here */
-
- public const int MAXPIN = 10000; // PIN less than this
- public const int PBLEN = 14; // Number of bits in PIN
- public const int TS = 10; // 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN)
- public const int TRAP = 200; // 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN)
-
-/* Hash number (optional) and string to point on curve */
-
- public static sbyte[] hashit(int n, sbyte[] ID)
- {
- HASH H = new HASH();
- if (n != 0)
- {
- H.process_num(n);
- }
- H.process_array(ID);
- sbyte[] h = H.hash();
- return h;
- }
-
- public static ECP mapit(sbyte[] h)
- {
- BIG q = new BIG(ROM.Modulus);
- BIG x = BIG.fromBytes(h);
- x.mod(q);
- ECP P;
- while (true)
- {
- P = new ECP(x,0);
- if (!P.is_infinity())
- {
- break;
- }
- x.inc(1);
- x.norm();
- }
- return P;
- }
-
-/* needed for SOK */
- public static ECP2 mapit2(sbyte[] h)
- {
- BIG q = new BIG(ROM.Modulus);
- BIG x = BIG.fromBytes(h);
- BIG one = new BIG(1);
- FP2 X;
- ECP2 Q, T, K;
- x.mod(q);
- while (true)
- {
- X = new FP2(one,x);
- Q = new ECP2(X);
- if (!Q.is_infinity())
- {
- break;
- }
- x.inc(1);
- x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG Fra = new BIG(ROM.CURVE_Fra);
- BIG Frb = new BIG(ROM.CURVE_Frb);
- X = new FP2(Fra,Frb);
- x = new BIG(ROM.CURVE_Bnx);
-
- T = new ECP2();
- T.copy(Q);
- T.mul(x);
- T.neg();
- K = new ECP2();
- K.copy(T);
- K.dbl();
- K.add(T);
- K.affine();
-
- K.frob(X);
- Q.frob(X);
- Q.frob(X);
- Q.frob(X);
- Q.add(T);
- Q.add(K);
- T.frob(X);
- T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
- }
-
-/* return time in slots since epoch */
- public static int today()
- {
- TimeSpan t = DateTime.Now- new DateTime(1970,1,1);
- return (int)(t.TotalSeconds / (60 * 1440));
- }
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- public static ECP map(BIG u, int cb)
- {
- ECP P;
- BIG x = new BIG(u);
- BIG p = new BIG(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P = new ECP(x,cb);
- if (!P.is_infinity())
- {
- break;
- }
- x.inc(1);
- x.norm();
- }
- return P;
- }
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- public static int unmap(BIG u, ECP P)
- {
- int s = P.S;
- ECP R;
- int r = 0;
- BIG x = P.X;
- u.copy(x);
- while (true)
- {
- u.dec(1);
- u.norm();
- r++;
- R = new ECP(u,s);
- if (!R.is_infinity())
- {
- break;
- }
- }
- return r;
- }
-
- public static sbyte[] HASH_ID(sbyte[] ID)
- {
- return hashit(0,ID);
- }
-
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- public static int ENCODING(RAND rng, sbyte[] E)
- {
- int rn, m, su, sv;
- sbyte[] T = new sbyte[EFS];
-
- for (int i = 0;i < EFS;i++)
- {
- T[i] = E[i + 1];
- }
- BIG u = BIG.fromBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- T[i] = E[i + EFS + 1];
- }
- BIG v = BIG.fromBytes(T);
-
- ECP P = new ECP(u,v);
- if (P.is_infinity())
- {
- return INVALID_POINT;
- }
-
- BIG p = new BIG(ROM.Modulus);
- u = BIG.randomnum(p,rng);
-
- su = rng.Byte; //if (su<0) su=-su;
- su %= 2;
-
- ECP W = map(u,su);
- P.sub(W);
- sv = P.S;
- rn = unmap(v,P);
- m = rng.Byte; //if (m<0) m=-m;
- m %= rn;
- v.inc(m + 1);
- E[0] = (sbyte)(su + 2 * sv);
- u.toBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- E[i + 1] = T[i];
- }
- v.toBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- E[i + EFS + 1] = T[i];
- }
-
- return 0;
- }
-
- public static int DECODING(sbyte[] D)
- {
- int su, sv;
- sbyte[] T = new sbyte[EFS];
-
- if ((D[0] & 0x04) != 0)
- {
- return INVALID_POINT;
- }
-
- for (int i = 0;i < EFS;i++)
- {
- T[i] = D[i + 1];
- }
- BIG u = BIG.fromBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- T[i] = D[i + EFS + 1];
- }
- BIG v = BIG.fromBytes(T);
-
- su = D[0] & 1;
- sv = (D[0] >> 1) & 1;
- ECP W = map(u,su);
- ECP P = map(v,sv);
- P.add(W);
- u = P.X;
- v = P.Y;
- D[0] = 0x04;
- u.toBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- D[i + 1] = T[i];
- }
- v.toBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- D[i + EFS + 1] = T[i];
- }
-
- return 0;
- }
-
-/* R=R1+R2 in group G1 */
- public static int RECOMBINE_G1(sbyte[] R1, sbyte[] R2, sbyte[] R)
- {
- ECP P = ECP.fromBytes(R1);
- ECP Q = ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity())
- {
- return INVALID_POINT;
- }
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- }
-
-/* W=W1+W2 in group G2 */
- public static int RECOMBINE_G2(sbyte[] W1, sbyte[] W2, sbyte[] W)
- {
- ECP2 P = ECP2.fromBytes(W1);
- ECP2 Q = ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity())
- {
- return INVALID_POINT;
- }
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- }
-
-/* create random secret S */
- public static int RANDOM_GENERATE(RAND rng, sbyte[] S)
- {
- BIG s;
- BIG r = new BIG(ROM.CURVE_Order);
- s = BIG.randomnum(r,rng);
-
- s.toBytes(S);
- return 0;
- }
-
-/* Extract PIN from TOKEN for identity CID */
- public static int EXTRACT_PIN(sbyte[] CID, int pin, sbyte[] TOKEN)
- {
- ECP P = ECP.fromBytes(TOKEN);
- if (P.is_infinity())
- {
- return INVALID_POINT;
- }
- sbyte[] h = hashit(0,CID);
- ECP R = mapit(h);
-
-
- pin %= MAXPIN;
-
- R = R.pinmul(pin,PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- }
-
-/* Implement step 2 on client side of MPin protocol */
- public static int CLIENT_2(sbyte[] X, sbyte[] Y, sbyte[] SEC)
- {
- BIG r = new BIG(ROM.CURVE_Order);
- ECP P = ECP.fromBytes(SEC);
- if (P.is_infinity())
- {
- return INVALID_POINT;
- }
-
- BIG px = BIG.fromBytes(X);
- BIG py = BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- px.rsub(r);
-
- PAIR.G1mul(P,px).toBytes(SEC);
- return 0;
- }
-
-/* Implement step 1 on client side of MPin protocol */
- public static int CLIENT_1(int date, sbyte[] CLIENT_ID, RAND rng, sbyte[] X, int pin, sbyte[] TOKEN, sbyte[] SEC, sbyte[] xID, sbyte[] xCID, sbyte[] PERMIT)
- {
- BIG r = new BIG(ROM.CURVE_Order);
-// BIG q=new BIG(ROM.Modulus);
- BIG x;
-// BIG m=new BIG(0);
- if (rng != null)
- {
- x = BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x = BIG.fromBytes(X);
- }
- ECP P, T, W;
- BIG px;
-// byte[] t=new byte[EFS];
-
- sbyte[] h = hashit(0,CLIENT_ID);
- P = mapit(h);
-
- T = ECP.fromBytes(TOKEN);
- if (T.is_infinity())
- {
- return INVALID_POINT;
- }
-
- pin %= MAXPIN;
- W = P.pinmul(pin,PBLEN);
- T.add(W);
- if (date != 0)
- {
- W = ECP.fromBytes(PERMIT);
- if (W.is_infinity())
- {
- return INVALID_POINT;
- }
- T.add(W);
- h = hashit(date,h);
- W = mapit(h);
- if (xID != null)
- {
- P = PAIR.G1mul(P,x);
- P.toBytes(xID);
- W = PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P = PAIR.G1mul(P,x);
- }
- if (xCID != null)
- {
- P.toBytes(xCID);
- }
- }
- else
- {
- if (xID != null)
- {
- P = PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
-
- T.toBytes(SEC);
- return 0;
- }
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- public static int GET_SERVER_SECRET(sbyte[] S, sbyte[] SST)
- {
- ECP2 Q = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG s = BIG.fromBytes(S);
- Q = PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- }
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- public static int GET_G1_MULTIPLE(RAND rng, int type, sbyte[] X, sbyte[] G, sbyte[] W)
- {
- BIG x;
- BIG r = new BIG(ROM.CURVE_Order);
- if (rng != null)
- {
- x = BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x = BIG.fromBytes(X);
- }
- ECP P;
- if (type == 0)
- {
- P = ECP.fromBytes(G);
- if (P.is_infinity())
- {
- return INVALID_POINT;
- }
- }
- else
- {
- P = mapit(G);
- }
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- }
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
- public static int GET_CLIENT_SECRET(sbyte[] S, sbyte[] CID, sbyte[] CST)
- {
- return GET_G1_MULTIPLE(null,1,S,CID,CST);
- }
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- public static int GET_CLIENT_PERMIT(int date, sbyte[] S, sbyte[] CID, sbyte[] CTT)
- {
- sbyte[] h = hashit(date,CID);
- ECP P = mapit(h);
-
- BIG s = BIG.fromBytes(S);
- PAIR.G1mul(P,s).toBytes(CTT);
- return 0;
- }
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- public static void SERVER_1(int date, sbyte[] CID, sbyte[] HID, sbyte[] HTID)
- {
- sbyte[] h = hashit(0,CID);
- ECP R , P = mapit(h);
-
- if (date != 0)
- {
- if (HID != null)
- {
- P.toBytes(HID);
- }
- h = hashit(date,h);
- R = mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- else
- {
- P.toBytes(HID);
- }
- }
-
-/* Implement step 2 of MPin protocol on server side */
- public static int SERVER_2(int date, sbyte[] HID, sbyte[] HTID, sbyte[] Y, sbyte[] SST, sbyte[] xID, sbyte[] xCID, sbyte[] mSEC, sbyte[] E, sbyte[] F)
- {
- BIG q = new BIG(ROM.Modulus);
- ECP2 Q = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
- ECP2 sQ = ECP2.fromBytes(SST);
- if (sQ.is_infinity())
- {
- return INVALID_POINT;
- }
-
- ECP R;
- if (date != 0)
- {
- R = ECP.fromBytes(xCID);
- }
- else
- {
- if (xID == null)
- {
- return BAD_PARAMS;
- }
- R = ECP.fromBytes(xID);
- }
- if (R.is_infinity())
- {
- return INVALID_POINT;
- }
-
- BIG y = BIG.fromBytes(Y);
- ECP P;
- if (date != 0)
- {
- P = ECP.fromBytes(HTID);
- }
- else
- {
- if (HID == null)
- {
- return BAD_PARAMS;
- }
- P = ECP.fromBytes(HID);
- }
-
- if (P.is_infinity())
- {
- return INVALID_POINT;
- }
-
- P = PAIR.G1mul(P,y);
- P.add(R);
- R = ECP.fromBytes(mSEC);
- if (R.is_infinity())
- {
- return INVALID_POINT;
- }
-
- FP12 g;
-// FP12 g1=new FP12(0);
-
- g = PAIR.ate2(Q,R,sQ,P);
- g = PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID != null && xID != null && E != null && F != null)
- {
- g.toBytes(E);
- if (date != 0)
- {
- P = ECP.fromBytes(HID);
- if (P.is_infinity())
- {
- return INVALID_POINT;
- }
- R = ECP.fromBytes(xID);
- if (R.is_infinity())
- {
- return INVALID_POINT;
- }
-
- P = PAIR.G1mul(P,y);
- P.add(R);
- }
- g = PAIR.ate(Q,P);
- g = PAIR.fexp(g);
- g.toBytes(F);
- }
- return BAD_PIN;
- }
-
- return 0;
- }
-
-/* Pollards kangaroos used to return PIN error */
- public static int KANGAROO(sbyte[] E, sbyte[] F)
- {
- FP12 ge = FP12.fromBytes(E);
- FP12 gf = FP12.fromBytes(F);
- int[] distance = new int[TS];
- FP12 t = new FP12(gf);
- FP12[] table = new FP12[TS];
- int i, j, m, s, dn, dm, res, steps;
-
- s = 1;
- for (m = 0;m < TS;m++)
- {
- distance[m] = s;
- table[m] = new FP12(t);
- s *= 2;
- t.usqr();
- }
- t.one();
- dn = 0;
- for (j = 0;j < TRAP;j++)
- {
- i = t.geta().geta().A.lastbits(8) % TS;
- t.mul(table[i]);
- dn += distance[i];
- }
- gf.copy(t);
- gf.conj();
- steps = 0;
- dm = 0;
- res = 0;
- while (dm - dn < MAXPIN)
- {
- steps++;
- if (steps > 4 * TRAP)
- {
- break;
- }
- i = ge.geta().geta().A.lastbits(8) % TS;
- ge.mul(table[i]);
- dm += distance[i];
- if (ge.Equals(t))
- {
- res = dm - dn;
- break;
- }
- if (ge.Equals(gf))
- {
- res = dn - dm;
- break;
- }
-
- }
- if (steps > 4 * TRAP || dm - dn >= MAXPIN)
- {
- res = 0;
- } // Trap Failed - probable invalid token
- return res;
- }
-
-/* Functions to support M-Pin Full */
-
- public static int PRECOMPUTE(sbyte[] TOKEN, sbyte[] CID, sbyte[] G1, sbyte[] G2)
- {
- ECP P, T;
- FP12 g;
-
- T = ECP.fromBytes(TOKEN);
- if (T.is_infinity())
- {
- return INVALID_POINT;
- }
-
- P = mapit(CID);
-
- ECP2 Q = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- g = PAIR.ate(Q,T);
- g = PAIR.fexp(g);
- g.toBytes(G1);
-
- g = PAIR.ate(Q,P);
- g = PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- }
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- public static int CLIENT_KEY(sbyte[] G1, sbyte[] G2, int pin, sbyte[] R, sbyte[] X, sbyte[] wCID, sbyte[] CK)
- {
- HASH H = new HASH();
- sbyte[] t = new sbyte[EFS];
-
- FP12 g1 = FP12.fromBytes(G1);
- FP12 g2 = FP12.fromBytes(G2);
- BIG z = BIG.fromBytes(R);
- BIG x = BIG.fromBytes(X);
-
- ECP W = ECP.fromBytes(wCID);
- if (W.is_infinity())
- {
- return INVALID_POINT;
- }
-
- W = PAIR.G1mul(W,x);
-
- FP2 f = new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG r = new BIG(ROM.CURVE_Order);
- BIG q = new BIG(ROM.Modulus);
-
- BIG m = new BIG(q);
- m.mod(r);
-
- BIG a = new BIG(z);
- a.mod(m);
-
- BIG b = new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- FP4 c = g1.trace();
- g2.copy(g1);
- g2.frob(f);
- FP4 cp = g2.trace();
- g1.conj();
- g2.mul(g1);
- FP4 cpm1 = g2.trace();
- g2.mul(g1);
- FP4 cpm2 = g2.trace();
-
- c = c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- c.geta().A.toBytes(t);
- H.process_array(t);
- c.geta().B.toBytes(t);
- H.process_array(t);
- c.getb().A.toBytes(t);
- H.process_array(t);
- c.getb().B.toBytes(t);
- H.process_array(t);
-
- W.X.toBytes(t);
- H.process_array(t);
- W.Y.toBytes(t);
- H.process_array(t);
-
- t = H.hash();
- for (int i = 0;i < PAS;i++)
- {
- CK[i] = t[i];
- }
-
- return 0;
- }
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- public static int SERVER_KEY(sbyte[] Z, sbyte[] SST, sbyte[] W, sbyte[] xID, sbyte[] xCID, sbyte[] SK)
- {
- HASH H = new HASH();
- sbyte[] t = new sbyte[EFS];
-
- ECP2 sQ = ECP2.fromBytes(SST);
- if (sQ.is_infinity())
- {
- return INVALID_POINT;
- }
- ECP R = ECP.fromBytes(Z);
- if (R.is_infinity())
- {
- return INVALID_POINT;
- }
-
- ECP U;
- if (xCID != null)
- {
- U = ECP.fromBytes(xCID);
- }
- else
- {
- U = ECP.fromBytes(xID);
- }
- if (U.is_infinity())
- {
- return INVALID_POINT;
- }
-
- BIG w = BIG.fromBytes(W);
- U = PAIR.G1mul(U,w);
- FP12 g = PAIR.ate(sQ,R);
- g = PAIR.fexp(g);
-
- FP4 c = g.trace();
- c.geta().A.toBytes(t);
- H.process_array(t);
- c.geta().B.toBytes(t);
- H.process_array(t);
- c.getb().A.toBytes(t);
- H.process_array(t);
- c.getb().B.toBytes(t);
- H.process_array(t);
-
- U.X.toBytes(t);
- H.process_array(t);
- U.Y.toBytes(t);
- H.process_array(t);
-
- t = H.hash();
- for (int i = 0;i < PAS;i++)
- {
- SK[i] = t[i];
- }
-
- return 0;
- }
-
-/* return time since epoch */
- public static int GET_TIME()
- {
- DateTime date = DateTime.Now;
- return (int)(date.Ticks / 1000);
- }
-
-/* Generate Y = H(epoch, xCID/xID) */
- public static void GET_Y(int TimeValue, sbyte[] xCID, sbyte[] Y)
- {
- sbyte[] h = hashit(TimeValue,xCID);
- BIG y = BIG.fromBytes(h);
- BIG q = new BIG(ROM.CURVE_Order);
- y.mod(q);
- y.toBytes(Y);
- }
-
-/* One pass MPIN Client */
- public static int CLIENT(int date, sbyte[] CLIENT_ID, RAND RNG, sbyte[] X, int pin, sbyte[] TOKEN, sbyte[] SEC, sbyte[] xID, sbyte[] xCID, sbyte[] PERMIT, int TimeValue, sbyte[] Y)
- {
- int rtn = 0;
-
- sbyte[] pID;
- if (date == 0)
- {
- pID = xID;
- }
- else
- {
- pID = xCID;
- }
-
- rtn = CLIENT_1(date,CLIENT_ID,RNG,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- {
- return rtn;
- }
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- {
- return rtn;
- }
-
- return 0;
- }
-
-/* One pass MPIN Server */
- public static int SERVER(int date, sbyte[] HID, sbyte[] HTID, sbyte[] Y, sbyte[] SST, sbyte[] xID, sbyte[] xCID, sbyte[] SEC, sbyte[] E, sbyte[] F, sbyte[] CID, int TimeValue)
- {
- int rtn = 0;
-
- sbyte[] pID;
- if (date == 0)
- {
- pID = xID;
- }
- else
- {
- pID = xCID;
- }
-
- SERVER_1(date,CID,HID,HTID);
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F);
- if (rtn != 0)
- {
- return rtn;
- }
-
- return 0;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/PAIR.cs
----------------------------------------------------------------------
diff --git a/cs/PAIR.cs b/cs/PAIR.cs
deleted file mode 100644
index 14bd6db..0000000
--- a/cs/PAIR.cs
+++ /dev/null
@@ -1,586 +0,0 @@
-using System;
-
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve Pairing functions */
-
-public sealed class PAIR
-{
-
-/* Line function */
- public static FP12 line(ECP2 A, ECP2 B, FP Qx, FP Qy)
- {
- ECP2 P = new ECP2();
-
- FP4 a, b, c;
- P.copy(A);
- FP2 ZZ = new FP2(P.getz());
- ZZ.sqr();
- int D;
- if (A == B)
- {
- D = A.dbl(); // Check this return value in amcl_ec2.c
- }
- else
- {
- D = A.add(B);
- }
- if (D < 0)
- {
- return new FP12(1);
- }
- FP2 Z3 = new FP2(A.getz());
- c = new FP4(0);
- if (D == 0)
- { // Addition
- FP2 X = new FP2(B.getx());
- FP2 Y = new FP2(B.gety());
- FP2 T = new FP2(P.getz());
- T.mul(Y);
- ZZ.mul(T);
-
- FP2 NY = new FP2(P.gety());
- NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a = new FP4(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b = new FP4(ZZ);
- }
- else
- { // Doubling
- FP2 X = new FP2(P.getx());
- FP2 Y = new FP2(P.gety());
- FP2 T = new FP2(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a = new FP4(Z3,X);
- T.neg();
- ZZ.mul(T);
- ZZ.pmul(Qx);
- b = new FP4(ZZ);
- }
- return new FP12(a,b,c);
- }
-
-/* Optimal R-ate pairing */
- public static FP12 ate(ECP2 P, ECP Q)
- {
- FP2 f = new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x = new BIG(ROM.CURVE_Bnx);
- BIG n = new BIG(x);
- ECP2 K = new ECP2();
- FP12 lv;
- n.pmul(6);
- n.dec(2);
- n.norm();
- P.affine();
- Q.affine();
- FP Qx = new FP(Q.getx());
- FP Qy = new FP(Q.gety());
-
- ECP2 A = new ECP2();
- FP12 r = new FP12(1);
-
- A.copy(P);
- int nb = n.nbits();
-
- for (int i = nb - 2;i >= 1;i--)
- {
- lv = line(A,A,Qx,Qy);
- r.smul(lv);
-
- if (n.bit(i) == 1)
- {
- lv = line(A,P,Qx,Qy);
-
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv = line(A,A,Qx,Qy);
- r.smul(lv);
-
-/* R-ate fixup */
-
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv = line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv = line(A,K,Qx,Qy);
- r.smul(lv);
-
- return r;
- }
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- public static FP12 ate2(ECP2 P, ECP Q, ECP2 R, ECP S)
- {
- FP2 f = new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x = new BIG(ROM.CURVE_Bnx);
- BIG n = new BIG(x);
- ECP2 K = new ECP2();
- FP12 lv;
- n.pmul(6);
- n.dec(2);
- n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- FP Qx = new FP(Q.getx());
- FP Qy = new FP(Q.gety());
- FP Sx = new FP(S.getx());
- FP Sy = new FP(S.gety());
-
- ECP2 A = new ECP2();
- ECP2 B = new ECP2();
- FP12 r = new FP12(1);
-
- A.copy(P);
- B.copy(R);
- int nb = n.nbits();
-
- for (int i = nb - 2;i >= 1;i--)
- {
- lv = line(A,A,Qx,Qy);
- r.smul(lv);
- lv = line(B,B,Sx,Sy);
- r.smul(lv);
-
- if (n.bit(i) == 1)
- {
- lv = line(A,P,Qx,Qy);
- r.smul(lv);
- lv = line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv = line(A,A,Qx,Qy);
- r.smul(lv);
-
- lv = line(B,B,Sx,Sy);
- r.smul(lv);
-
-/* R-ate fixup */
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv = line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv = line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv = line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv = line(B,K,Sx,Sy);
- r.smul(lv);
-
- return r;
- }
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- public static FP12 fexp(FP12 m)
- {
- FP2 f = new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x = new BIG(ROM.CURVE_Bnx);
- FP12 r = new FP12(m);
- FP12 x0, x1, x2, x3, x4, x5;
-
-/* Easy part of final exp */
- FP12 lv = new FP12(r);
- lv.inverse();
- r.conj();
-
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-/* Hard part of final exp */
- lv.copy(r);
- lv.frob(f);
- x0 = new FP12(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1 = new FP12(r);
- x1.conj();
- x4 = r.pow(x);
-
- x3 = new FP12(x4);
- x3.frob(f);
-
- x2 = x4.pow(x);
-
- x5 = new FP12(x2);
- x5.conj();
- lv = x2.pow(x);
-
- x2.frob(f);
- r.copy(x2);
- r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- return r;
- }
-
-/* GLV method */
- public static BIG[] glv(BIG e)
- {
- int i, j;
- BIG t = new BIG(0);
- BIG q = new BIG(ROM.CURVE_Order);
- BIG[] u = new BIG[2];
- BIG[] v = new BIG[2];
- for (i = 0;i < 2;i++)
- {
- t.copy(new BIG(ROM.CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]);
- DBIG d = BIG.mul(t,e);
- v[i] = new BIG(d.div(q));
- u[i] = new BIG(0);
- }
- u[0].copy(e);
- for (i = 0;i < 2;i++)
- {
- for (j = 0;j < 2;j++)
- {
- t.copy(new BIG(ROM.CURVE_SB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- return u;
- }
-
-/* Galbraith & Scott Method */
- public static BIG[] gs(BIG e)
- {
- int i, j;
- BIG t = new BIG(0);
- BIG q = new BIG(ROM.CURVE_Order);
- BIG[] u = new BIG[4];
- BIG[] v = new BIG[4];
- for (i = 0;i < 4;i++)
- {
- t.copy(new BIG(ROM.CURVE_WB[i]));
- DBIG d = BIG.mul(t,e);
- v[i] = new BIG(d.div(q));
- u[i] = new BIG(0);
- }
- u[0].copy(e);
- for (i = 0;i < 4;i++)
- {
- for (j = 0;j < 4;j++)
- {
- t.copy(new BIG(ROM.CURVE_BB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- return u;
- }
-
-/* Multiply P by e in group G1 */
- public static ECP G1mul(ECP P, BIG e)
- {
- ECP R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R = new ECP();
- R.copy(P);
- int i, np, nn;
- ECP Q = new ECP();
- Q.copy(P);
- BIG q = new BIG(ROM.CURVE_Order);
- FP cru = new FP(new BIG(ROM.CURVE_Cru));
- BIG t = new BIG(0);
- BIG[] u = glv(e);
- Q.getx().mul(cru);
-
- np = u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn = t.nbits();
- if (nn < np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np = u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn = t.nbits();
- if (nn < np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R = R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R = P.mul(e);
- }
- return R;
- }
-
-/* Multiply P by e in group G2 */
- public static ECP2 G2mul(ECP2 P, BIG e)
- {
- ECP2 R;
- if (ROM.USE_GS_G2)
- {
- ECP2[] Q = new ECP2[4];
- FP2 f = new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q = new BIG(ROM.CURVE_Order);
- BIG[] u = gs(e);
-
- BIG t = new BIG(0);
- int i, np, nn;
- P.affine();
- Q[0] = new ECP2();
- Q[0].copy(P);
- for (i = 1;i < 4;i++)
- {
- Q[i] = new ECP2();
- Q[i].copy(Q[i - 1]);
- Q[i].frob(f);
- }
- for (i = 0;i < 4;i++)
- {
- np = u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn = t.nbits();
- if (nn < np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
- R = ECP2.mul4(Q,u);
-
- }
- else
- {
- R = P.mul(e);
- }
- return R;
- }
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
- public static FP12 GTpow(FP12 d, BIG e)
- {
- FP12 r;
- if (ROM.USE_GS_GT)
- {
- FP12[] g = new FP12[4];
- FP2 f = new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q = new BIG(ROM.CURVE_Order);
- BIG t = new BIG(0);
- int i, np, nn;
- BIG[] u = gs(e);
-
- g[0] = new FP12(d);
- for (i = 1;i < 4;i++)
- {
- g[i] = new FP12(0);
- g[i].copy(g[i - 1]);
- g[i].frob(f);
- }
- for (i = 0;i < 4;i++)
- {
- np = u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn = t.nbits();
- if (nn < np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r = FP12.pow4(g,u);
- }
- else
- {
- r = d.pow(e);
- }
- return r;
- }
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
- public static bool GTmember(FP12 m)
- {
- if (m.isunity())
- {
- return false;
- }
- FP12 r = new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity())
- {
- return false;
- }
-
- FP2 f = new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
-
- r.copy(m);
- r.frob(f);
- r.frob(f);
- FP12 w = new FP12(r);
- w.frob(f);
- w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.Equals(r))
- {
- return false;
- }
- BIG x = new BIG(ROM.CURVE_Bnx);
- r.copy(m);
- w = r.pow(x);
- w = w.pow(x);
- r.copy(w);
- r.sqr();
- r.mul(w);
- r.sqr();
- w.copy(m);
- w.frob(f);
- }
- return w.Equals(r);
- }
-}
-/*
- public static void Main(string[] args)
- {
- ECP Q = new ECP(new BIG(ROM.CURVE_Gx),new BIG(ROM.CURVE_Gy));
- ECP2 P = new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG r = new BIG(ROM.CURVE_Order);
- BIG xa = new BIG(ROM.CURVE_Pxa);
-
- Console.WriteLine("P= " + P.ToString());
- Console.WriteLine("Q= " + Q.ToString());
-
- BIG m = new BIG(17);
-
- FP12 e = ate(P,Q);
- Console.WriteLine("\ne= " + e.ToString());
-
- e = fexp(e);
- // e=GTpow(e,m);
-
- Console.WriteLine("\ne= " + e.ToString());
-
- BIG[] GLV = glv(r);
-
- Console.WriteLine("GLV[0]= " + GLV[0].ToString());
- Console.WriteLine("GLV[0]= " + GLV[1].ToString());
-
- ECP G = new ECP();
- G.copy(Q);
- ECP2 R = new ECP2();
- R.copy(P);
-
-
- e = ate(R,Q);
- e = fexp(e);
-
- e = GTpow(e,xa);
- Console.WriteLine("\ne= " + e.ToString());
-
-
- R = G2mul(R,xa);
- e = ate(R,G);
- e = fexp(e);
-
- Console.WriteLine("\ne= " + e.ToString());
-
- G = G1mul(G,xa);
- e = ate(P,G);
- e = fexp(e);
- Console.WriteLine("\ne= " + e.ToString());
- }
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/RAND.cs
----------------------------------------------------------------------
diff --git a/cs/RAND.cs b/cs/RAND.cs
deleted file mode 100644
index 0c74885..0000000
--- a/cs/RAND.cs
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-public class RAND
-{
-/* Cryptographically strong pseudo-random number generator */
-
- private const int NK = 21;
- private const int NJ = 6;
- private const int NV = 8;
- private int[] ira = new int[NK]; // random number...
- private int rndptr; // ...array & pointer
- private int borrow;
- private int pool_ptr;
- private sbyte[] pool = new sbyte[32]; // random pool
-
- public RAND()
- {
- clean();
- }
-
- private int sbrand()
- { // Marsaglia & Zaman random number generator
- int i, k;
- long pdiff, t;
-
- rndptr++;
- if (rndptr < NK)
- {
- return ira[rndptr];
- }
- rndptr = 0;
- for (i = 0,k = NK - NJ;i < NK;i++,k++)
- { // calculate next NK values
- if (k == NK)
- {
- k = 0;
- }
- t = ((long)ira[k]) & 0xffffffffL;
- pdiff = (t - (((long)ira[i]) & 0xffffffffL) - (long)borrow) & 0xffffffffL;
- if (pdiff < t)
- {
- borrow = 0;
- }
- if (pdiff > t)
- {
- borrow = 1;
- }
- ira[i] = unchecked((int)(pdiff & 0xffffffffL));
- }
-
- return ira[0];
- }
-
- public virtual void sirand(int seed)
- {
- int i, @in;
- int t , m = 1;
- borrow = 0;
- rndptr = 0;
- ira[0] ^= seed;
- for (i = 1;i < NK;i++)
- { // fill initialisation vector
- @in = (NV * i) % NK;
- ira[@in] ^= m; // note XOR
- t = m;
- m = seed - m;
- seed = t;
- }
- for (i = 0;i < 10000;i++)
- {
- sbrand(); // "warm-up" & stir the generator
- }
- }
-
- private void fill_pool()
- {
- HASH sh = new HASH();
- for (int i = 0;i < 128;i++)
- {
- sh.process(sbrand());
- }
- pool = sh.hash();
- pool_ptr = 0;
- }
-
- private static int pack(sbyte[] b)
- { // pack 4 bytes into a 32-bit Word
- return ((((int)b[3]) & 0xff) << 24) | (((int)b[2] & 0xff) << 16) | (((int)b[1] & 0xff) << 8) | ((int)b[0] & 0xff);
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public virtual void seed(int rawlen, sbyte[] raw)
- { // initialise from at least 128 byte string of raw random entropy
- int i;
- sbyte[] digest;
- sbyte[] b = new sbyte[4];
- HASH sh = new HASH();
- pool_ptr = 0;
- for (i = 0;i < NK;i++)
- {
- ira[i] = 0;
- }
- if (rawlen > 0)
- {
- for (i = 0;i < rawlen;i++)
- {
- sh.process(raw[i]);
- }
- digest = sh.hash();
-
-/* initialise PRNG from distilled randomness */
-
- for (i = 0;i < 8;i++)
- {
- b[0] = digest[4 * i];
- b[1] = digest[4 * i + 1];
- b[2] = digest[4 * i + 2];
- b[3] = digest[4 * i + 3];
- sirand(pack(b));
- }
- }
- fill_pool();
- }
-
-/* Terminate and clean up */
- public virtual void clean()
- { // kill internal state
- int i;
- pool_ptr = rndptr = 0;
- for (i = 0;i < 32;i++)
- {
- pool[i] = 0;
- }
- for (i = 0;i < NK;i++)
- {
- ira[i] = 0;
- }
- borrow = 0;
- }
-
-/* get random byte */
- public virtual int Byte
- {
- get
- {
- int r;
- r = pool[pool_ptr++];
- if (pool_ptr >= 32)
- {
- fill_pool();
- }
- return (r & 0xff);
- }
- }
-
-/* test main program */
-/*
- public static void main(String[] args) {
- int i;
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- for (i=0;i<1000;i++)
- System.out.format("%03d ",rng.getByte());
- } */
-}
[36/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/latex/amcl.tex
----------------------------------------------------------------------
diff --git a/docs/latex/amcl.tex b/docs/latex/amcl.tex
deleted file mode 100644
index 2f897a2..0000000
--- a/docs/latex/amcl.tex
+++ /dev/null
@@ -1,416 +0,0 @@
-\documentclass{llncs}
-\usepackage{amsmath,amssymb,url}
-\usepackage{algorithm}
-\usepackage{algpseudocode}
-\usepackage{graphicx}
-\usepackage{mathcomp}
-
-\newcommand{\Cyc}{\mathrm{\Phi}}
-\newcommand{\Frob}{\mathrm{\Phi}}
-\newcommand{\twist}{\mathrm{\Psi}}
-\newcommand{\F}{\mathbb{F}}
-\newcommand{\half}[1]{{\lfloor#1/2\rfloor}}
-\newcommand{\ord}{\qopname\relax{no}{ord}}
-\newcommand{\sign}{\qopname\relax{no}{sign}}
-\newcommand{\tr}{\qopname\relax{no}{tr}}
-\newcommand{\Z}{\mathbb{Z}}
-\newcommand{\Cpp}{C\kern-0.05em\texttt{+\kern-0.03em+}}
-\newcommand{\pp}{\,\kern-0.05em\texttt{+\kern-0.031em+}}
-\newcommand\T{\rule{0pt}{2.6ex}}
-
-\newcommand{\Input}{\item[\textsc{Input:}]}
-\newcommand{\Output}{\item[\textsc{Output:}]}
-
-\sloppy
-
-\begin{document}
-
-\pagestyle{plain}
-
-\title{The Apache Milagro Crypto Library}
-
-\author{
-Michael Scott
-}
-
-\institute{}
-
-\institute{
-%Chief Cryptographer \\
-MIRACL Labs\\%
-%\bf{For Internal Distribution Only} \\
-\email{mike.scott@miracl.com} \\
-}
-
-\maketitle
-
-\begin{abstract}
-
-We introduce a new multi-lingual crypto library, specifically designed to support the Internet of Things.
-
-\end{abstract}
-
-\section{Introduction}\label{sec:intro}
-
-%One of the major mysteries in the real-world of crypto is resistance to the exploitation of new research ideas. Its not that cryptographic research has failed to throw up new ideas that have
-%the potential for commercial exploitation -- far from it. But in the real-world 1970's crypto rules supreme, and very little happens that isn't PKI/RSA based. The reasons for this are many and varied.
-%However one part of the puzzle might be the non-availability of easy-to-use open source cryptographic tools, that do not require in depth cryptographic expertise to deploy.
-
-%In particular
-There are many crypto libraries out there. Many offer a bewildering variety of cryptographic primitives, at different levels of security. Many use extensive assembly language
-in order to be as fast as possible. Many are very big, even bloated. Some rely on other external libraries. Many were designed by academics for academics, and so are not really suitable for
-commercial use. Many are otherwise excellent, but not written in our favourite language.
-
-The Apache Milagro Crypto Library (AMCL) \footnote{\url{https://github.com/MIRACL/amcl.git}} is different. AMCL is completely self-contained (except for the requirement for an external entropy source for random number generation). AMCL is for use in
-the pre-quantum era -- that is in the here and now. With
-the advent of a workable quantum computer, AMCL will become history. But we are not expecting that to happen any time soon.
-
-AMCL is portable -- there is no assembly language. The original version is written in C, Java, Javascript, Go and Swift using only generic programming constructs, but AMCL is truly
-multi-lingual, as compatible
-versions will be available in many other languages (see below). These versions will be identical in that for the same inputs they will not only produce the same outputs, but all internal calculations will also be the same.
-AMCL is fast, but does not attempt to set speed records (a particular academic obsession). There are of course contexts where speed is of the essence -- for example for a server farm which must handle
-multiple SSL connections, and where a 10\% speed increase implies the need for 10\% less servers, with a a 10\% saving on electricity. But in the Internet of Things we would suggest that this is less
-important. In general the speed
-is expected to be ``good enough''. However AMCL is small. Some libraries boast of having hundreds of thousands of lines of code - AMCL has less than 10,000. AMCL takes up the minimum of
-ROM/RAM resources in order to fit into the smallest possible embedded footprint, consistent with other design constraints. It is expected that this will be vital for implementations that
-support security in the Internet of Things. AMCL (the C version) only uses stack memory, and is thus natively multi-threaded.
-
-Only one level of security is supported, equivalent to 128-bit AES. This is the current standard level for cryptography that is expected to be unbreakable. As a justification we could not
-improve on that given by Miele and Lenstra \cite{ml} -- ``With 128-bit security more than sufficient for the foreseeable future, it is not
-clear either what purpose is served by higher security levels, other than catering
-to �TOP SECRET� 192-bit security ..... In this context it is interesting to
-note that 256-bit AES, also prescribed ...... for �TOP SECRET�, was introduced
-only to still have a 128-bit secure symmetric cipher in the post-quantum world
-......, and that 192-bit security was merely a side-effect that resulted from
-the calculation (128+256)/2 ....... In that world ECC is obsolete anyhow.''
-
-
-AMCL makes most
-of the choices for you as to which primitives to use, based on the best available current advice. Specifically it uses AES-128 for symmetric encryption, SHA256 for hashing, 256-bit prime field elliptic
-curves for public key protocols, and 256-bit BN curves to support pairing-based protocols. However three different parameterizations of Elliptic curve are supported - Weierstrass, Edwards and
-Montgomery, as each is appropriate within its own niche. In each case only the standard projective coordinates are used. But you do get to
-choose the actual elliptic curve, with support for three different
-forms of the modulus. For pairings we assume a modulus congruent to $3 \bmod 8$ with a D-type twist, parameterized by a negative $x$ value \cite{barreto-naehrig}.
-Standard modes of AES are supported, plus GCM mode for authenticated encryption.
-
-The C version of AMCL is configured at compile time for 16, 32 or 64 bit processors, and for a specific elliptic curve. The Java and Javascript versions are (obviously) processor agnostic,
-but the same choices of elliptic curve are available.
-
-AMCL is written with an awareness of the abilities of modern pipelined processors. In particular there was an awareness that the unpredictable program branch should be avoided at all costs, not
-only as it slows down the processor, but as it may open the door to side-channel attacks. The innocuous looking {\tt if} statement -- unless its outcome can be accurately predicted -- is the enemy
-of quality crypto software.
-
-In the sequel we refer to the C version of AMCL, unless otherwise specified. We emphasis that all AMCL versions are completely self-contained. No external
-libraries or packages are required to implement all of the supported cryptographic functionality (other than for an external entropy source).
-
-\section{Context}
-
-A crypto library does not function is isolation. The AMCL was originally designed to support the MIRACL IoT solution. The MIRACL IoT solution is based on a cloud-based infrastructure designed by MIRACL
-to support the M-Pin protocol \cite{mpin}, but which has wider application to novel protocols of particular relevance to the IoT. This document describes the AMCL library which was originally designed for internal use,
-but which has now reached a level of maturity where we are pleased to make it available as a service to the wider community as an open source product, under a standard Apache 2.0 license.
-
-\section{Library Structure}
-
-The modules that make up AMCL are shown below, with some indication of how they interact. Several example APIs will be provided to implement common protocols. Note that all
-interaction with the API is via machine-independent endian-indifferent arrays of bytes (a.k.a. octet strings).
-Therefore the underlying workings of the library are invisible to the consumer of its services.
-
-\begin{figure}[!htb]
- \begin{center}
- \includegraphics[width=120mm ]{clint.eps}
- \end{center}
- \caption{\small The AMCL library.}
- \label{clint}
-\end{figure}
-
-The symmetric encryption and hashing code, along with the random number generation, is uninteresting, and since we make no claims for it, we will not refer to it again. It was mostly
-borrowed from our well-known MIRACL library.
-
-\section{Handling 256-bit Numbers}
-
-\subsection{Representation}
-
-One of the major design decisions is how to represent the 256-bit field elements required for the elliptic curve and pairing-based cryptography. Here there are two different approaches.
-One is to pack the bits as tightly as possible into computer words. For example on a 64-bit computer 256-bit numbers can be stored in just 4 words. However to manipulate numbers in this
-form, even for simple addition, requires handling of carry bits if overflow is to be avoided,
-and a high-level language does not have direct access to carry flags. It is possible to emulate the flags, but this would be inefficient. In fact this approach is only really suitable
-for an assembly language implementation.
-
-The alternative idea is to use extra words for the representation, and then try to offset the additional cost by taking full advantage of the ``spare'' bits in every word.
-This idea follows a ``corner of the literature'' \cite{bernstein-chuengsatiansup-lange} which has been promoted by Bernstein and his collaborators in several publications.
-Refer to figure \ref{words}, where each digit of the representation is stored as a signed integer which is the size of the processor word-length.
-
-
-Note that almost all arithmetic takes place modulo a 256-bit prime number, the modulus representing the field over which the elliptic curve is defined, here denoted as $p$.
-
-On 64-bit processors, AMCL represents numbers to the base $2^{56}$ in a 5 element array, the Word Excess is 7 bits, and for a 256-bit modulus the Field Excess is 24 bits
-
-On 32-bit processors, AMCL represents numbers to the base $2^{29}$ in a 9 element array, the Word Excess is 2 bits, and for a 256-bit modulus the Field Excess is 5 bits
-
-On 16-bit processors, AMCL represents numbers to the base $2^{13}$ in a 20 element array, the Word Excess is 2 bits, and for a 256-bit modulus the Field Excess is 4 bits
-
-Such a representation of a 256-bit number is referred to as a {BIG}. Addition or subtraction of a pair of {BIG}s, results in another {BIG}.
-
-The Java version uses exactly the same 32-bit representation as above. For Javascript (where all numbers are stored as 64-bit floating point with a 52-bit mantissa, but mostly
-manipulated as 32-bit integers), numbers
-are represented to the base $2^{24}$ in an 11 element array, the Word Excess is 7 bits, and the Field Excess for a 256-bit modulus is 8 bits.
-
-\subsection{Addition and Subtraction}
-
-The existance of a word excess means for example that multiple field elements can be added together digit by digit, without processing of carries, before overflow can occur.
-Only occasionally will there be a requirement to {\it normalise} these {\it extended} values, that is to force them back into the original format. Note that this is independent of the modulus.
-
-The existance of a field excess means that, independent of the word excess, multiple field elements can be added together before it is required to reduce the sum with respect to the modulus. In the
-literature this is referred to as lazy, or delayed, reduction. In fact we allow the modulus to be as small as 254 bits, which obviously increases the field excess.
-
-Note that these two mechanisms associated with the word excess and the field excess (often confused in the literature) operate largely independently of each other.
-
-AMCL has no support for negative numbers. Therefore subtraction will be implemented as field negation followed by addition. Negation is performed using the method described as
-Option 1 in \cite{aranha-karabina-longa-gebotys-lopez}. Basically the
-number of the active bits in the field excess of the number to be negated is determined, the modulus is shifted left by this amount plus one, and the value to be negated is subtracted from this value.
-Note that because of the ``plus 1'', this will always produce a positive result at the cost of eating a bit into the field excess.
-
-\begin{figure}[!htb]
- \begin{center}
- \includegraphics[width=120mm ]{words.eps}
- \end{center}
- \caption{\small 256-bit number representation}
- \label{words}
-\end{figure}
-
-Normalisation of extended numbers requires the word excess of each digit to be shifted right by the number of base bits, and added to the next digit, working right to left. Note that when numbers
-are subtracted digit-by-digit individual digits may become negative. However
-since we are avoiding using the sign bit, due to the magic of 2's complement arithmetic, this all works fine without any conditional branches.
-
-Reduction of unreduced BIG numbers is carried out using a simple shift-compare-and-subtract of the modulus, with one subtraction needed on average half of the time for every active bit in the field excess.
-Hopefully such reductions will rarely be required, as they are slow and involve unpredictable program branches.
-
-Since the length of field elements is fixed at compile time, it is expected that the compiler will unroll most of the time-critical loops. In any case the conditional branch required at the foot of a
-fixed-size loop can be accurately predicted by modern hardware.
-
-The problem now is to decide when to normalise and when to reduce numbers to avoid the possibility of overflow. There are two ways of doing this. One is to monitor the excesses at run-time and act when the
-threat of overflow arises. The second is to do a careful analysis of the code and insert normalisation and reduction code at points where the possibility of overflow may arise, based on a static worst-case
-analysis.
-
-The field excess $E_n$ of a number $n$ is easily captured by a simple masking and shifting of the top word. If two normalised numbers $a$ and $b$ are to be added then the excess of their sum will be at worst
-$E_a + E_b +1$. As long as this is less than $2^{FE}$ where $FE$ is the field excess, then we are fine. Otherwise both numbers should be reduced prior to the addition. In AMCL these checks are
-performed at run-time. However, as we shall see, in practise these reductions are very rarely required. So the {\tt if} statement used to control them is highly predictable. Observe that even
-in the worst case, for a 16-bit implementation, the excess is a generous $FE=4$, and so many elements can be added or subtracted before reduction is required.
-
-The worst case word excess for the result of a calculation is harder to calculate at run time, as it would require inspection of every digit of every {BIG}. This would slow computation down to an unacceptable extent.
-Therefore in this case
-we use static analysis and insert normalisation code where we know it might be needed. This process was supported by special debugging code that warned of places where overflow was possible, based on a simple
-worst-case analysis.
-
-\subsection{Multiplication and Reduction}
-
-To support multiplication of {BIG}s, we will require a double-length {DBIG} type. Also the partial products that arise in the process of long multiplication will require a double-length data type. Fortunately many
-popular C compilers, like Gnu {GCC}, always support an integer type that is double the native word-length. For Java the ``int'' type is 32-bits and there is a double-length ``long'' type which is 64-bit.
-Of course for Javascript a double length type is not possible, and so the partial products must be accomodated within the 52-bit mantissa.
-
-It is generally accepted that the fastest way to do multi-precision multiplication is to accumulate the double-length partial products that contribute to each column in the classic school-boy long multiplication
-algorithm, also known as the Comba method. Then at the foot of the column the total is split into the sum for that column, and the carry to the next column, working right-to-left. If the numbers are normalised
-prior to the multiplication, then
-with the word excesses that we have chosen, this will not result in overflow. The {DBIG} product will be automatically normalised as a result of this process. Squaring can be done in a
-similar fashion, but only requires just over half of the number of partial products, and so it may be somewhat faster.
-
-The {DBIG} value that results from a multiplication or squaring may be immediately reduced with respect to the modulus to bring it back to a {BIG}. However again we may choose to delay this
-reduction, and therefore we need the ability to safely add and subtract DBIG numbers while again avoiding overflow.
-
-The method used for full reduction of a DBIG back to a BIG depends on the form of the modulus. We choose to support three distinct types of modulus, (a) pseudo Mersenne of the form $2^n-c$ where
-$c$ is small and $n$ is the size of the modulus in bits,
-(b) Montgomery-friendly of the form $k.2^n-1$, and (c) moduli of no special form. For cases (b) and (c) we convert all
-field elements to Montgomery's {\it n}-residue form, and use Montgomery's fast method for modular reduction \cite{montgomery}. In all cases the DBIG number to be reduced $y$ must be in the
-range $0<y<pR$ (a requirement of Montgomery's method), and the result $x$ is guaranteed to
-be in the range $0<x<2p$, where $R=2^{256+FE}$ for a 256-bit modulus. Note that the BIG result will be (nearly) fully reduced. The fact than we allow $x$ to be larger than $p$ means that we can avoid
-the notorious Montgomery ``final subtraction'' \cite{montgomery}.
-
-Observe how unreduced numbers involved in complex calculations tend to be (nearly fully) reduced if they are involved in a modular multiplication. So for example if field element $x$ has a large field excess,
-and if we calculate $x=x.y$, then as long as the unreduced product is less than $pR$, the result will be a nearly fully reduced $x$. So in many cases there is a natural tendency for field excesses
-not to grow without limit, and not to overflow, without requiring explicit action on our part.
-
-Consider now a sequence of code that adds, subtracts and multiplies field elements, as might arise in elliptic curve additions and doublings. Assume that the code has been analysed and that normalisation
-code has been inserted where needed. Assume that the reduction code that
-activates if there is a possibility of an element overflowing its field excess, while present, never in fact is triggered (due to the behaviour described above). Then we assert that there is only one
-possible place in which an unpredicted branch may occur. This will be in the negation code associated with a subtraction, where the number of bits in the field excess must be counted. However we would
-point out that some architectures do now support machine code instructions that count the number of active bits in a computer register -- although unfortunately this capability is not supported by the
-typical high-level language syntax.
-
-\section{Extension Field arithmetic}
-
-To support cryptographic pairings we will need support for extension fields. We use a towering of extensions, from $\F_p$ to $\F_{p^2}$ to $\F_{p^4}$ to $\F_{p^{12}}$ as required for
-BN curves \cite{barreto-naehrig}. An element
-of the quadratic extension field will be represented as $f=a+ib$, where $i$ is the square root of the quadratic non-residue -1.
-To add, subtract and multiply them we use the obvious methods. However for negation we can construct $-f=-a-ib$ as $b-(a+b)+i.(a-(a+b)$ which requires only one base field negation. A similar idea
-can be used recursively for higher order extensions, so that only one base field negation is ever required.
-
-
-\section{Elliptic Curves}
-
-Three types of Elliptic curve are supported for the implementation of Elliptic Curve Cryptography (ECC), but curves are limited to popular families that support faster implementation. Weierstrass
-curves are supported using the Short Weierstrass representation:-
-
-$$ y^2=x^3+Ax+B $$
-
-where $A=0$ or $A=-3$. Edwards curves are supported using both regular and twisted Edwards format:-
-
-$$ Ax^2+y^2=1+Bx^2y^2 $$
-
-where $A=1$ or $A=-1$. Montgomery curves are represented as:-
-
-$$ y^2=x^3+Ax^2+x $$
-
-where $A$ must be small.
-
-In the particular case of elliptic curve point multiplication, there are potentially a myriad of very dangerous side-channel attacks that arise from using the classic double-and-add algorithm
-and its variants. Vulnerabilities arise if branches are taken that depend on secret bits, or if data is even accessed using secret values as indices.
-Many types of counter-measures have been suggested. The simplest solution is to use a constant-time algorithm like the Montgomery ladder, which has a very simple structure, uses very little
-memory and has no key-bit-dependent branches.
-If using a Montgomery representation of the elliptic curve the Montgomery ladder \cite{montgomery2} is in fact the optimal algorithm for point multiplication. For other representations we use a
-fixed-sized signed window method, as described in \cite{bos-costello-longa-naehrig}.
-
-AMCL has built-in support for most standardised elliptic curves, along with many curves that have been proposed for standardisation at our chosen level of security.
-Specifically it supports the NIST curve \cite{certicom}, \cite{nist}, the well known Curve25519 \cite{bernstein}, the 256-bit Brainpool curve \cite{brainpool}, the ANSSI curve \cite{ANSSI}, and four
-NUMS (Nothing-Up-My-Sleeve) curves proposed by Bos et al. \cite{bos-costello-longa-naehrig}. Some of these proposals support only a Weierstrass representation, but many also allow an Edwards and Montgomery
-form. Tools are provided to allow easy integration of more curves.
-
-
-\section{Support for classic Finite Field Methods}
-
-Before Elliptic Curves, cryptography depended on methods based on simple finite fields. The most famous of these would be the well known RSA method. These methods have the advantage of
-being effectively parameterless, and therefore the issue of trust in parameters that arises for elliptic curves, is not an issue. However these methods are subject to index calculus based
-methods of cryptanalysis, and so fields and keys are typically much larger. So how to support for example a 2048-bit implementation of RSA based on a library designed for optimized 256-bit operations? The idea is simple --
-use AMCL as a virtual 256-bit machine, and build 2048-bit arithmetic on top of that. And to claw back some decent performance use the Karatsuba method \cite{knuth} so that for example 2048-bit multiplication
-recurses efficiently right down to 256-bit operations. Of course the downside of the Karatsuba method is that while it saves on multiplications, the number of additions and subtractions is greatly increased.
-However the existance of generous word excesses in our representation makes this less of a problem, as most additions can be carried out without normalisation.
-
-Secret key operations like RSA decryption use the Montgomery ladder to achieve side-channel-attack resistance.
-
-The implementation can currently support $1024.2^n$ bit fields, so for example 2048-bit RSA can be used to get reasonably close to the AES-128-bit level of security, and if desired 4096 bit RSA can be used to
-comfortably exceed it.
-
-Note that this code is supported independently of the elliptic curve code. So for example RSA and ECC can be run together within a single application.
-
-However we regard these methods as ``legacy'' as in our view ECC based methods are a much better fit for the IoT.
-
-\section{Multi-Lingual support}
-
-It is a big ask to develop and maintain multiple versions of a crypto library written in radically different languages such as C, Java, Javascript, Go and Swift. This has discouraged the use of
-language specific methods (which are in any case of little relevance here), and strongly encouraged the use of simple, generic computer language constructs.
-
-This approach brings a surprising bonus: AMCL can be automatically converted to many other languages using available translator tools. For example Tangible Software Solutions \cite{tss}
-market a Java to C\# converter. This generated an efficient fully functional C\# version of AMCL within minutes. The same company market a Java to Visual Basic converter.
-Google have a Java to Objective C
-converter \cite{gol} specifically designed to convert Android apps developed in Java, to iOS apps written in Objective C.
-
-Of course not all languages can be supported in this way, so support for some will be developed manually. In particular a Rust version is currently under development.
-
-
-\section{Discussion}
-
-We found in our code that, with few exceptions, reductions due to possible overflow of the field excess of a BIG were very rare, especially for the 64-bit version of the library. Similarly
-normalisation was
-rarely needed for the 64-bit code. This is due to the much greater excesses that apply in the 64-bit representation. In some experiments we calculated thousands of random pairings,
-and reduction due to field excess overflow detection never happened.
-
-In general in developing AMCL we tried to use optimal methods, without going to what we (very subjectively) regarded as extremes in order to maximise performance.
-Algorithms that require less memory were generally preferred if the impact on performance was not large. Some optimizations, while perfectly valid, are hard to
-implement without having a significant impact on program readability and maintainability. Deciding which optimizations to use and which to reject (on the grounds of code size and negative impact on code
-readability and maintainability) is admittedly rather arbitrary!
-
-One notable omission from AMCL is the use of precomputation on fixed parameters in order to speed up certain calculations. We try to justify this, rather unconvincingly, by pointing out
-that precomputation must of necessity increase code size. Furthermore such methods are more sensitive to side-channel attacks and much of their speed advantage will be lost if they are to be
-fully side-channel protected. Also precomputation on secret values clearly increases the amount of secret data that needs to be protected.
-However our view might change in later versions depending on our in-the-field experiences of using AMCL.
-
-%\newpage
-\bibliographystyle{plain}
-\bibliography{amcl}
-
-%\newpage
-\appendix
-
-\section*{Benchmarks}
-
-Since AMCL is intended for the Internet of Things, we think it appropriate to give some timings based on an implementation on the Raspberry Pi (version 2) computer, which is
-based on a 32-bit ARM7 chip. We do not overclock the 900MHz processor.
-
-We developed three API programs, one which tests standard methods of elliptic curve key exchange, public key cryptography and digital signature. Another implements all components of our M-Pin protocol,
-a pairing-based protocol of medium complexity \cite{mpin}. The former uses the ed25519 Edwards curve \cite{bernstein-duif-lange-schwabe-yang} with its pseudo-mersenne modulus, and the latter a BN curve.
-Finally we implement all the steps of the RSA public key encryption protocol using 2048-bit keys, that is key generation, encryption and decryption.
-
-These might be regarded as representative of what might be expected for an implementation of a typical elliptic curve (ECC) protocol, a typical pairing-based (PBC) protocol, and a typical classic
-public key protocol based on RSA.
-The results in the first table indicate the code and stack requirements when these programs were compiled using version 4.8 of the GCC compiler, using the standard -O3 (optimize for best performance) and -Os
-(optimize for minimum size) flags, and a flag to indicate the specific ARM architecture (Cortex-A7).
-
-
-\begin{table}
-\centering
-\begin{tabular}{|l|c|c|}
-\hline
-&~~Code Size~~&~Maximum Stack Usage~\\
-\hline
-~ECC -O3 & 68085 & 4140 \\ %
-~ECC -Os & 31115 & 3752 \\ %
-~PBC -O3 & 84031 & 8140 \\ %
-~PBC -Os & 46044 & 7904 \\ %
-~RSA -O3 & 61461 & 5332 \\ %
-~RSA -Os & 23449 & 5228 \\ %
-\hline
-\end{tabular}
-~\\
-\caption{Typical Memory Footprint}
-\label{footprint}
-\end{table}
-
-
-Next we give some timings for a single SPA-protected ECC point multiplication on an Edwards curve, for the calculation of a single PBC pairing on the BN curve, and for a SPA-protected 2048-bit RSA decryption.
-
-\begin{table}
-\centering
-\begin{tabular}{|l|c|}
-\hline
-&~Time in milliseconds~\\
-\hline
-~ECC point multiplication -O3 & 3.9 \\ %
-~ECC point multiplication -Os & 5.9 \\ %
-~PBC pairing -O3 & 47.4 \\ %
-~PBC pairing -Os & 77.3 \\ %
-~RSA decryption -O3 & 155 \\ %
-~RSA decryption -Os & 233 \\ %
-\hline
-\end{tabular}
-~\\
-\caption{C Benchmarks}
-\label{cspeed}
-\end{table}
-
-Observe that we do not compare these timings with any other -- because that is not the point.
-The point is -- are they ``good enough'' for whatever application you have in mind? And we suspect that, in the great majority of cases, they are.
-
-Clearly for Java and Javascript we are completely at the mercy of the efficiency (or otherwise) of the virtual machine. As can be seen from these Javascript timings, these
-can vary significantly.
-
-
-\begin{table}
-\centering
-\begin{tabular}{|l|l|l|c|}
-\hline
- & ~Device~ & ~Browser~ &~Time in seconds~\\
-\hline
-~ECC point multiplication~ & ~Raspberry Pi~ & ~Epiphany~ & 0.65 \\
- & ~Apple iPad 2~ & ~Safari~ & 0.096 \\
- & ~Samsung Galaxy Note 4~ & ~Chrome~ & 0.018 \\
-~PBC pairing~ & ~Raspberry Pi~ & ~Epiphany~ & 11.0\\
- & ~Apple iPad 2~ & ~Safari~ & 1.6\\
- & ~Samsung Galaxy Note 4~ & ~Chrome~ & 0.30\\
-\hline
-\end{tabular}
-~\\
-\caption{JavaScript Benchmarks}
-\label{jsspeed}
-\end{table}
-
-
-\end{document}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/latex/clint.eps
----------------------------------------------------------------------
diff --git a/docs/latex/clint.eps b/docs/latex/clint.eps
deleted file mode 100644
index ac8d8d0..0000000
--- a/docs/latex/clint.eps
+++ /dev/null
@@ -1,682 +0,0 @@
-%!PS-Adobe-2.0 EPSF-2.0
-%%Title: C:\Users\Shamus\Pictures\ngcl.dia
-%%Creator: Dia v0.97.2
-%%CreationDate: Thu Dec 04 10:27:13 2014
-%%For: Shamus
-%%Orientation: Portrait
-%%Magnification: 1.0000
-%%BoundingBox: 0 0 1109 740
-%%BeginSetup
-%%EndSetup
-%%EndComments
-%%BeginProlog
-[ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright
-/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
-/two /three /four /five /six /seven /eight /nine /colon /semicolon
-/less /equal /greater /question /at /A /B /C /D /E
-/F /G /H /I /J /K /L /M /N /O
-/P /Q /R /S /T /U /V /W /X /Y
-/Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c
-/d /e /f /g /h /i /j /k /l /m
-/n /o /p /q /r /s /t /u /v /w
-/x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright
-/ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior
-/acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf
-/threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla
-/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde
-/Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex
-/Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring
-/ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis
-/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave
-/uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def
-/cp {closepath} bind def
-/c {curveto} bind def
-/f {fill} bind def
-/a {arc} bind def
-/ef {eofill} bind def
-/ex {exch} bind def
-/gr {grestore} bind def
-/gs {gsave} bind def
-/sa {save} bind def
-/rs {restore} bind def
-/l {lineto} bind def
-/m {moveto} bind def
-/rm {rmoveto} bind def
-/n {newpath} bind def
-/s {stroke} bind def
-/sh {show} bind def
-/slc {setlinecap} bind def
-/slj {setlinejoin} bind def
-/slw {setlinewidth} bind def
-/srgb {setrgbcolor} bind def
-/rot {rotate} bind def
-/sc {scale} bind def
-/sd {setdash} bind def
-/ff {findfont} bind def
-/sf {setfont} bind def
-/scf {scalefont} bind def
-/sw {stringwidth pop} bind def
-/tr {translate} bind def
-
-/ellipsedict 8 dict def
-ellipsedict /mtrx matrix put
-/ellipse
-{ ellipsedict begin
- /endangle exch def
- /startangle exch def
- /yrad exch def
- /xrad exch def
- /y exch def
- /x exch def /savematrix mtrx currentmatrix def
- x y tr xrad yrad sc
- 0 0 1 startangle endangle arc
- savematrix setmatrix
- end
-} def
-
-/mergeprocs {
-dup length
-3 -1 roll
-dup
-length
-dup
-5 1 roll
-3 -1 roll
-add
-array cvx
-dup
-3 -1 roll
-0 exch
-putinterval
-dup
-4 2 roll
-putinterval
-} bind def
-/Times-Roman-latin1
- /Times-Roman findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Times-Italic-latin1
- /Times-Italic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Times-Bold-latin1
- /Times-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Times-BoldItalic-latin1
- /Times-BoldItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-Gothic-latin1
- /AvantGarde-Gothic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-BookOblique-latin1
- /AvantGarde-BookOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-Demi-latin1
- /AvantGarde-Demi findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-DemiOblique-latin1
- /AvantGarde-DemiOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-Light-latin1
- /Bookman-Light findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-LightItalic-latin1
- /Bookman-LightItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-Demi-latin1
- /Bookman-Demi findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-DemiItalic-latin1
- /Bookman-DemiItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-latin1
- /Courier findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-Oblique-latin1
- /Courier-Oblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-Bold-latin1
- /Courier-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-BoldOblique-latin1
- /Courier-BoldOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-latin1
- /Helvetica findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Oblique-latin1
- /Helvetica-Oblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Bold-latin1
- /Helvetica-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-BoldOblique-latin1
- /Helvetica-BoldOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-latin1
- /Helvetica-Narrow findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-Oblique-latin1
- /Helvetica-Narrow-Oblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-Bold-latin1
- /Helvetica-Narrow-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-BoldOblique-latin1
- /Helvetica-Narrow-BoldOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-Roman-latin1
- /NewCenturySchlbk-Roman findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-Italic-latin1
- /NewCenturySchlbk-Italic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-Bold-latin1
- /NewCenturySchlbk-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-BoldItalic-latin1
- /NewCenturySchlbk-BoldItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-Roman-latin1
- /Palatino-Roman findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-Italic-latin1
- /Palatino-Italic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-Bold-latin1
- /Palatino-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-BoldItalic-latin1
- /Palatino-BoldItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Symbol-latin1
- /Symbol findfont
-definefont pop
-/ZapfChancery-MediumItalic-latin1
- /ZapfChancery-MediumItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/ZapfDingbats-latin1
- /ZapfDingbats findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-28.346000 -28.346000 scale
--0.950000 -18.050000 translate
-%%EndProlog
-
-
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 14.000000 15.000000 m 14.000000 18.000000 l 26.000000 18.000000 l 26.000000 15.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 14.000000 15.000000 m 14.000000 18.000000 l 26.000000 18.000000 l 26.000000 15.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(BIG - Big Number support) 15.000000 16.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 14.000000 11.000000 m 14.000000 14.000000 l 26.000000 14.000000 l 26.000000 11.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 14.000000 11.000000 m 14.000000 14.000000 l 26.000000 14.000000 l 26.000000 11.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(FP - Finite Field Functions) 15.000000 12.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 28.000000 11.000000 m 28.000000 14.000000 l 40.000000 14.000000 l 40.000000 11.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 28.000000 11.000000 m 28.000000 14.000000 l 40.000000 14.000000 l 40.000000 11.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(ECP - Elliptic Curves over Fp) 29.000000 12.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 26.000000 12.500000 m 27.513197 12.500000 l s
-[] 0 sd
-0 slj
-0 slc
-n 27.888197 12.500000 m 27.388197 12.750000 l 27.513197 12.500000 l 27.388197 12.250000 l ef
-n 27.888197 12.500000 m 27.388197 12.750000 l 27.513197 12.500000 l 27.388197 12.250000 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 14.000000 7.000000 m 14.000000 10.000000 l 26.000000 10.000000 l 26.000000 7.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 14.000000 7.000000 m 14.000000 10.000000 l 26.000000 10.000000 l 26.000000 7.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(FP2 - Extension Field Fp2) 15.000000 8.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 14.000000 3.000000 m 14.000000 6.000000 l 26.000000 6.000000 l 26.000000 3.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 14.000000 3.000000 m 14.000000 6.000000 l 26.000000 6.000000 l 26.000000 3.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(FP4 - Extension Field Fp4) 16.000000 4.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 14.000000 -1.000000 m 14.000000 2.000000 l 26.000000 2.000000 l 26.000000 -1.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 14.000000 -1.000000 m 14.000000 2.000000 l 26.000000 2.000000 l 26.000000 -1.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(FP12 - Extension Field Fp12) 16.000000 0.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 28.000000 7.000000 m 28.000000 10.000000 l 40.000000 10.000000 l 40.000000 7.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 28.000000 7.000000 m 28.000000 10.000000 l 40.000000 10.000000 l 40.000000 7.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(ECP2 - Elliptic Curves over Fp2) 29.000000 8.880000 m
- gs 1 -1 sc sh gr
-/Helvetica-latin1 ff 0.560000 scf sf
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 34.000000 10.950928 m 34.000000 10.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 34.000000 10.111803 m 34.250000 10.611803 l 34.000000 10.486803 l 33.750000 10.611803 l ef
-n 34.000000 10.111803 m 34.250000 10.611803 l 34.000000 10.486803 l 33.750000 10.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 20.000000 11.000000 m 20.000000 10.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 20.000000 10.111803 m 20.250000 10.611803 l 20.000000 10.486803 l 19.750000 10.611803 l ef
-n 20.000000 10.111803 m 20.250000 10.611803 l 20.000000 10.486803 l 19.750000 10.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 20.000000 7.000000 m 20.000000 6.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 20.000000 6.111803 m 20.250000 6.611803 l 20.000000 6.486803 l 19.750000 6.611803 l ef
-n 20.000000 6.111803 m 20.250000 6.611803 l 20.000000 6.486803 l 19.750000 6.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 20.000000 3.000000 m 20.000000 2.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 20.000000 2.111803 m 20.250000 2.611803 l 20.000000 2.486803 l 19.750000 2.611803 l ef
-n 20.000000 2.111803 m 20.250000 2.611803 l 20.000000 2.486803 l 19.750000 2.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 28.000000 3.000000 m 28.000000 6.000000 l 40.000000 6.000000 l 40.000000 3.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 28.000000 3.000000 m 28.000000 6.000000 l 40.000000 6.000000 l 40.000000 3.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(PAIR - Pairings on BN curves) 29.000000 4.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 34.000000 6.950928 m 34.000000 6.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 34.000000 6.111803 m 34.250000 6.611803 l 34.000000 6.486803 l 33.750000 6.611803 l ef
-n 34.000000 6.111803 m 34.250000 6.611803 l 34.000000 6.486803 l 33.750000 6.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 26.000000 0.500000 m 27.695896 2.619870 l s
-[] 0 sd
-0 slj
-0 slc
-n 27.930157 2.912696 m 27.422592 2.678436 l 27.695896 2.619870 l 27.813027 2.366088 l ef
-n 27.930157 2.912696 m 27.422592 2.678436 l 27.695896 2.619870 l 27.813027 2.366088 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 1.000000 3.000000 m 1.000000 6.000000 l 12.000000 6.000000 l 12.000000 3.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 1.000000 3.000000 m 1.000000 6.000000 l 12.000000 6.000000 l 12.000000 3.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(AES - Symmetric Encryption) 2.000000 4.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 1.000000 11.000000 m 1.000000 14.000000 l 12.000000 14.000000 l 12.000000 11.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 1.000000 11.000000 m 1.000000 14.000000 l 12.000000 14.000000 l 12.000000 11.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(RAND - Random Numbers) 2.000000 12.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 12.000000 12.500000 m 13.695896 14.619870 l s
-[] 0 sd
-0 slj
-0 slc
-n 13.930157 14.912696 m 13.422592 14.678436 l 13.695896 14.619870 l 13.813027 14.366088 l ef
-n 13.930157 14.912696 m 13.422592 14.678436 l 13.695896 14.619870 l 13.813027 14.366088 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 1.000000 15.000000 m 1.000000 18.000000 l 12.000000 18.000000 l 12.000000 15.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 1.000000 15.000000 m 1.000000 18.000000 l 12.000000 18.000000 l 12.000000 15.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(HASH - Hashing) 2.000000 8.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 6.500000 14.535876 m 6.500000 15.000000 l s
-[] 0 sd
-0 slj
-0 slc
-n 6.500000 14.160876 m 6.750000 14.660876 l 6.500000 14.535876 l 6.250000 14.660876 l ef
-n 6.500000 14.160876 m 6.750000 14.660876 l 6.500000 14.535876 l 6.250000 14.660876 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-n 1.000000 7.000000 m 1.000000 10.000000 l 12.000000 10.000000 l 12.000000 7.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(External Entropy Source) 3.000000 16.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 6.500000 10.000000 m 6.500000 10.513197 l s
-[] 0 sd
-0 slj
-0 slc
-n 6.500000 10.888197 m 6.250000 10.388197 l 6.500000 10.513197 l 6.750000 10.388197 l ef
-n 6.500000 10.888197 m 6.250000 10.388197 l 6.500000 10.513197 l 6.750000 10.388197 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 28.000000 -1.000000 m 28.000000 2.000000 l 40.000000 2.000000 l 40.000000 -1.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 28.000000 -1.000000 m 28.000000 2.000000 l 40.000000 2.000000 l 40.000000 -1.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(OCT - Octet Input/Output ) 29.000000 0.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 28.000000 15.000000 m 28.000000 18.000000 l 40.000000 18.000000 l 40.000000 15.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 28.000000 15.000000 m 28.000000 18.000000 l 40.000000 18.000000 l 40.000000 15.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(ROM - Field/Curve Constants) 29.000000 16.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 4.000000 -8.000000 m 4.000000 -4.000000 l 36.000000 -4.000000 l 36.000000 -8.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 4.000000 -8.000000 m 4.000000 -4.000000 l 36.000000 -4.000000 l 36.000000 -8.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(Your API) 20.000000 -6.120000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 30.662354 -1.049622 m 24.850715 -3.747882 l s
-[] 0 sd
-0 slj
-0 slc
-n 24.510586 -3.905799 m 25.069369 -3.921996 l 24.850715 -3.747882 l 24.858813 -3.468491 l ef
-n 24.510586 -3.905799 m 25.069369 -3.921996 l 24.850715 -3.747882 l 24.858813 -3.468491 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-1.000000 1.000000 1.000000 srgb
-n 1.000000 -1.000000 m 1.000000 2.000000 l 12.000000 2.000000 l 12.000000 -1.000000 l f
-0.000000 0.000000 0.000000 srgb
-n 1.000000 -1.000000 m 1.000000 2.000000 l 12.000000 2.000000 l 12.000000 -1.000000 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(GCM - authenticated encryption ) 2.000000 0.880000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 26.000000 8.500000 m 27.513197 8.500000 l s
-[] 0 sd
-0 slj
-0 slc
-n 27.888197 8.500000 m 27.388197 8.750000 l 27.513197 8.500000 l 27.388197 8.250000 l ef
-n 27.888197 8.500000 m 27.388197 8.750000 l 27.513197 8.500000 l 27.388197 8.250000 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 6.500000 2.950928 m 6.500000 2.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 6.500000 2.111803 m 6.750000 2.611803 l 6.500000 2.486803 l 6.250000 2.611803 l ef
-n 6.500000 2.111803 m 6.750000 2.611803 l 6.500000 2.486803 l 6.250000 2.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 20.000000 15.000000 m 20.000000 14.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 20.000000 14.111803 m 20.250000 14.611803 l 20.000000 14.486803 l 19.750000 14.611803 l ef
-n 20.000000 14.111803 m 20.250000 14.611803 l 20.000000 14.486803 l 19.750000 14.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 34.000000 15.000000 m 34.000000 14.486803 l s
-[] 0 sd
-0 slj
-0 slc
-n 34.000000 14.111803 m 34.250000 14.611803 l 34.000000 14.486803 l 33.750000 14.611803 l ef
-n 34.000000 14.111803 m 34.250000 14.611803 l 34.000000 14.486803 l 33.750000 14.611803 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 28.000000 16.500000 m 26.304104 14.380130 l s
-[] 0 sd
-0 slj
-0 slc
-n 26.069843 14.087304 m 26.577408 14.321564 l 26.304104 14.380130 l 26.186973 14.633912 l ef
-n 26.069843 14.087304 m 26.577408 14.321564 l 26.304104 14.380130 l 26.186973 14.633912 l cp s
-showpage
[34/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-cgo/crypto.go
----------------------------------------------------------------------
diff --git a/go/amcl-cgo/crypto.go b/go/amcl-cgo/crypto.go
deleted file mode 100644
index db5a6b1..0000000
--- a/go/amcl-cgo/crypto.go
+++ /dev/null
@@ -1,828 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-/*
-#cgo CFLAGS: -std=c99 -O3 -I/opt/amcl/include
-#cgo LDFLAGS: -L/opt/amcl/lib -lmpin -lamcl -lm
-#include <stdio.h>
-#include <stdlib.h>
-#include "amcl.h"
-#include "mpin.h"
-#include "utils.h"
-*/
-import "C"
-import (
- "encoding/hex"
- "fmt"
- "unsafe"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-const EAS int = int(C.PAS)
-const EGS int = int(C.PGS)
-const EFS int = int(C.PFS)
-const HASH_BYTES int = int(C.HASH_BYTES)
-const IVS int = 12
-const G1S = 2*EFS + 1
-const G2S = 4 * EFS
-const GTS = 12 * EFS
-
-var RNG C.csprng
-
-func OCT_free(valOctet *C.octet) {
- C.free(unsafe.Pointer(valOctet.val))
-}
-
-func GetOctetZero(lenStr int) C.octet {
- valBytes := make([]byte, lenStr)
- val := string(valBytes)
- valCS := C.CString(val)
- lenCS := C.int(lenStr)
- octetVal := C.octet{lenCS, lenCS, valCS}
- return octetVal
-}
-
-func GetOctet(valStr string) C.octet {
- valCS := C.CString(valStr)
- lenCS := C.int(len(valStr))
- octetVal := C.octet{lenCS, lenCS, valCS}
- return octetVal
-}
-
-func GetOctetHex(valHex string) C.octet {
- valBytes, err := hex.DecodeString(valHex)
- if err != nil {
- octetVal := GetOctetZero(0)
- return octetVal
- }
- valStr := string(valBytes)
- octetVal := GetOctet(valStr)
- return octetVal
-}
-
-func OCT_len(valOctet *C.octet) int {
- return int(valOctet.len)
-}
-
-// Convert an octet to a string
-func OCT_toStr(valOct *C.octet) string {
- dstLen := OCT_len(valOct)
- dstBytes := make([]byte, dstLen)
- dstStr := string(dstBytes)
- dst := C.CString(dstStr)
- C.OCT_toStr(valOct, dst)
- dstStr = C.GoStringN(dst, valOct.len)
- C.free(unsafe.Pointer(dst))
- return dstStr
-}
-
-// Convert an octet to bytes
-func OCT_toBytes(valOct *C.octet) []byte {
- dstLen := OCT_len(valOct)
- dstBytes := make([]byte, dstLen)
- dstStr := string(dstBytes)
- dst := C.CString(dstStr)
- C.OCT_toStr(valOct, dst)
- dstStr = C.GoStringN(dst, valOct.len)
- C.free(unsafe.Pointer(dst))
- dstBytes = []byte(dstStr)
- return dstBytes
-}
-
-// Convert an octet to a hex string
-func OCT_toHex(valOctet *C.octet) string {
- dstLen := OCT_len(valOctet)
- dstBytes := make([]byte, hex.EncodedLen(dstLen))
- dstStr := string(dstBytes)
- dst := C.CString(dstStr)
- C.OCT_toHex(valOctet, dst)
- dstStr = C.GoString(dst)
- C.free(unsafe.Pointer(dst))
- return dstStr
-}
-
-/* return time in slots since epoch */
-func MPIN_today() int {
- date := C.MPIN_today()
- return int(date)
-}
-
-/* return time since epoch */
-func MPIN_GET_TIME() int {
- timeValue := C.MPIN_GET_TIME()
- return int(timeValue)
-}
-
-func MPIN_CREATE_CSPRNG(RNG *C.csprng, SEED []byte) {
- // Form Octet
- SEEDStr := string(SEED)
- SEEDOct := GetOctet(SEEDStr)
- defer OCT_free(&SEEDOct)
- C.MPIN_CREATE_CSPRNG(RNG, &SEEDOct)
-}
-
-func MPIN_HASH_ID(ID []byte) (HASHID []byte) {
- // Form Octets
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
- HASHIDOct := GetOctetZero(HASH_BYTES)
- defer OCT_free(&HASHIDOct)
-
- // Hash MPIN_ID
- C.MPIN_HASH_ID(&IDOct, &HASHIDOct)
-
- // Convert octet to bytes
- HASHID = OCT_toBytes(&HASHIDOct)
-
- return
-}
-
-/* create random secret S. Use GO RNG */
-func MPIN_RANDOM_GENERATE_WRAP(RNG *amcl.RAND) (int, []byte) {
- var S [EGS]byte
- errorCode := amcl.MPIN_RANDOM_GENERATE(RNG, S[:])
- return errorCode, S[:]
-}
-
-/* create random secret S. Use C RNG */
-func MPIN_RANDOM_GENERATE_C(RNG *C.csprng) (errorCode int, S []byte) {
- // Form Octet
- SOct := GetOctetZero(EGS)
- defer OCT_free(&SOct)
-
- rtn := C.MPIN_RANDOM_GENERATE(RNG, &SOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- S = OCT_toBytes(&SOct)
-
- return
-}
-
-/* Extract Server Secret SS=S*Q where Q is fixed generator in G2 and S is master secret */
-func MPIN_GET_SERVER_SECRET_WRAP(S []byte) (errorCode int, SS []byte) {
- // Form Octets
- SStr := string(S)
- SOct := GetOctet(SStr)
- defer OCT_free(&SOct)
- SSOct := GetOctetZero(G2S)
- defer OCT_free(&SSOct)
-
- rtn := C.MPIN_GET_SERVER_SECRET(&SOct, &SSOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- SS = OCT_toBytes(&SSOct)
-
- return
-}
-
-/* R=R1+R2 in group G1 */
-func MPIN_RECOMBINE_G1_WRAP(R1 []byte, R2 []byte) (errorCode int, R []byte) {
- // Form Octets
- R1Str := string(R1)
- R1Oct := GetOctet(R1Str)
- defer OCT_free(&R1Oct)
- R2Str := string(R2)
- R2Oct := GetOctet(R2Str)
- defer OCT_free(&R2Oct)
- ROct := GetOctetZero(G1S)
- defer OCT_free(&ROct)
-
- rtn := C.MPIN_RECOMBINE_G1(&R1Oct, &R2Oct, &ROct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- R = OCT_toBytes(&ROct)
-
- return
-}
-
-/* W=W1+W2 in group G2 */
-func MPIN_RECOMBINE_G2_WRAP(W1 []byte, W2 []byte) (errorCode int, W []byte) {
- // Form Octets
- W1Str := string(W1)
- W1Oct := GetOctet(W1Str)
- defer OCT_free(&W1Oct)
- W2Str := string(W2)
- W2Oct := GetOctet(W2Str)
- defer OCT_free(&W2Oct)
- WOct := GetOctetZero(G2S)
- defer OCT_free(&WOct)
-
- rtn := C.MPIN_RECOMBINE_G2(&W1Oct, &W2Oct, &WOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- W = OCT_toBytes(&WOct)
-
- return
-}
-
-/* Client secret CS=S*H(ID) where ID is client ID and S is master secret */
-/* CID is hashed externally */
-func MPIN_GET_CLIENT_SECRET_WRAP(S []byte, ID []byte) (errorCode int, CS []byte) {
- // Form Octets
- SStr := string(S)
- SOct := GetOctet(SStr)
- defer OCT_free(&SOct)
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
- CSOct := GetOctetZero(G1S)
- defer OCT_free(&CSOct)
-
- rtn := C.MPIN_GET_CLIENT_SECRET(&SOct, &IDOct, &CSOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- CS = OCT_toBytes(&CSOct)
-
- return
-}
-
-/* Time Permit TP=S*(date|H(ID)) where S is master secret */
-func MPIN_GET_CLIENT_PERMIT_WRAP(date int, S, ID []byte) (errorCode int, TP []byte) {
- // Form Octets
- SStr := string(S)
- SOct := GetOctet(SStr)
- defer OCT_free(&SOct)
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
- TPOct := GetOctetZero(G1S)
- defer OCT_free(&TPOct)
-
- rtn := C.MPIN_GET_CLIENT_PERMIT(C.int(date), &SOct, &IDOct, &TPOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- TP = OCT_toBytes(&TPOct)
-
- return
-}
-
-/* Extract PIN from CS for identity CID to form TOKEN */
-func MPIN_EXTRACT_PIN_WRAP(ID []byte, PIN int, CS []byte) (errorCode int, TOKEN []byte) {
- // Form Octets
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
- CSStr := string(CS)
- CSOct := GetOctet(CSStr)
- defer OCT_free(&CSOct)
-
- rtn := C.MPIN_EXTRACT_PIN(&IDOct, C.int(PIN), &CSOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- TOKEN = OCT_toBytes(&CSOct)
-
- return
-}
-
-/* One pass MPIN Client. Using GO RNG */
-func MPIN_CLIENT_WRAP(date, TimeValue, PIN int, RNG *amcl.RAND, ID, X, TOKEN, TP, MESSAGE []byte) (errorCode int, XOut, Y, SEC, U, UT []byte) {
- amcl.MPIN_RANDOM_GENERATE(RNG, X[:])
- errorCode, XOut, Y, SEC, U, UT = MPIN_CLIENT_C(date, ID[:], nil, X[:], PIN, TOKEN[:], TP[:], MESSAGE[:], TimeValue)
- return
-}
-
-/* One pass MPIN Client. Using C RNG */
-func MPIN_CLIENT_C(date int, ID []byte, RNG *C.csprng, X []byte, PIN int, TOKEN []byte, TP []byte, MESSAGE []byte, TimeValue int) (errorCode int, XOut, Y, SEC, U, UT []byte) {
- // Form Octets
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
- XStr := string(X)
- XOct := GetOctet(XStr)
- defer OCT_free(&XOct)
- TOKENStr := string(TOKEN)
- TOKENOct := GetOctet(TOKENStr)
- defer OCT_free(&TOKENOct)
- TPStr := string(TP)
- TPOct := GetOctet(TPStr)
- defer OCT_free(&TPOct)
- MESSAGEStr := string(MESSAGE)
- MESSAGEOct := GetOctet(MESSAGEStr)
- defer OCT_free(&MESSAGEOct)
-
- SECOct := GetOctetZero(G1S)
- defer OCT_free(&SECOct)
- UOct := GetOctetZero(G1S)
- defer OCT_free(&UOct)
- UTOct := GetOctetZero(G1S)
- defer OCT_free(&UTOct)
- YOct := GetOctetZero(EGS)
- defer OCT_free(&YOct)
-
- rtn := C.MPIN_CLIENT(C.int(date), &IDOct, RNG, &XOct, C.int(PIN), &TOKENOct, &SECOct, &UOct, &UTOct, &TPOct, &MESSAGEOct, C.int(TimeValue), &YOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- XOut = OCT_toBytes(&XOct)
- SEC = OCT_toBytes(&SECOct)
- U = OCT_toBytes(&UOct)
- UT = OCT_toBytes(&UTOct)
- Y = OCT_toBytes(&YOct)
-
- return
-}
-
-// Precompute values for use by the client side of M-Pin Full
-func MPIN_PRECOMPUTE_WRAP(TOKEN []byte, ID []byte) (errorCode int, GT1 []byte, GT2 []byte) {
- // Form Octets
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
- TOKENStr := string(TOKEN)
- TOKENOct := GetOctet(TOKENStr)
- defer OCT_free(&TOKENOct)
-
- GT1Oct := GetOctetZero(GTS)
- defer OCT_free(>1Oct)
- GT2Oct := GetOctetZero(GTS)
- defer OCT_free(>2Oct)
-
- rtn := C.MPIN_PRECOMPUTE(&TOKENOct, &IDOct, >1Oct, >2Oct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- GT1 = OCT_toBytes(>1Oct)
- GT2 = OCT_toBytes(>2Oct)
-
- return
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
- Use GO RNG
-*/
-func MPIN_GET_G1_MULTIPLE_WRAP(RNG *amcl.RAND, typ int, X, G []byte) (errorCode int, XOut, W []byte) {
- amcl.MPIN_RANDOM_GENERATE(RNG, X[:])
- errorCode, XOut, W = MPIN_GET_G1_MULTIPLE_C(nil, typ, X[:], G[:])
- return
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
- Use C RNG
-*/
-func MPIN_GET_G1_MULTIPLE_C(RNG *C.csprng, typ int, X []byte, G []byte) (errorCode int, XOut, W []byte) {
- XStr := string(X)
- XOct := GetOctet(XStr)
- defer OCT_free(&XOct)
- GStr := string(G)
- GOct := GetOctet(GStr)
- defer OCT_free(&GOct)
-
- WOct := GetOctetZero(G1S)
- defer OCT_free(&WOct)
-
- rtn := C.MPIN_GET_G1_MULTIPLE(RNG, C.int(typ), &XOct, &GOct, &WOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- XOut = OCT_toBytes(&XOct)
- W = OCT_toBytes(&WOct)
-
- return
-}
-
-/* One pass MPIN Server */
-func MPIN_SERVER_WRAP(date, TimeValue int, SS, U, UT, V, ID, MESSAGE []byte) (errorCode int, HID, HTID, Y, E, F []byte) {
- SSStr := string(SS)
- SSOct := GetOctet(SSStr)
- defer OCT_free(&SSOct)
- UStr := string(U)
- UOct := GetOctet(UStr)
- defer OCT_free(&UOct)
- UTStr := string(UT)
- UTOct := GetOctet(UTStr)
- defer OCT_free(&UTOct)
- VStr := string(V)
- VOct := GetOctet(VStr)
- defer OCT_free(&VOct)
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
- MESSAGEStr := string(MESSAGE)
- MESSAGEOct := GetOctet(MESSAGEStr)
- defer OCT_free(&MESSAGEOct)
-
- HIDOct := GetOctetZero(G1S)
- defer OCT_free(&HIDOct)
- HTIDOct := GetOctetZero(G1S)
- defer OCT_free(&HTIDOct)
- YOct := GetOctetZero(EGS)
- defer OCT_free(&YOct)
- EOct := GetOctetZero(GTS)
- defer OCT_free(&EOct)
- FOct := GetOctetZero(GTS)
- defer OCT_free(&FOct)
-
- rtn := C.MPIN_SERVER(C.int(date), &HIDOct, &HTIDOct, &YOct, &SSOct, &UOct, &UTOct, &VOct, &EOct, &FOct, &IDOct, &MESSAGEOct, C.int(TimeValue))
- errorCode = int(rtn)
-
- // Convert octet to bytes
- HID = OCT_toBytes(&HIDOct)
- HTID = OCT_toBytes(&HTIDOct)
- Y = OCT_toBytes(&YOct)
- E = OCT_toBytes(&EOct)
- F = OCT_toBytes(&FOct)
-
- return
-}
-
-/* Pollards kangaroos used to return PIN error */
-func MPIN_KANGAROO(E []byte, F []byte) (PINError int) {
- EStr := string(E)
- EOct := GetOctet(EStr)
- defer OCT_free(&EOct)
- FStr := string(F)
- FOct := GetOctet(FStr)
- defer OCT_free(&FOct)
-
- rtn := C.MPIN_KANGAROO(&EOct, &FOct)
- PINError = int(rtn)
- return
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-func MPIN_SERVER_KEY_WRAP(Z, SS, W, P, I, U, UT []byte) (errorCode int, SK []byte) {
- ZStr := string(Z)
- ZOct := GetOctet(ZStr)
- defer OCT_free(&ZOct)
- SSStr := string(SS)
- SSOct := GetOctet(SSStr)
- defer OCT_free(&SSOct)
- WStr := string(W)
- WOct := GetOctet(WStr)
- defer OCT_free(&WOct)
- PStr := string(P)
- POct := GetOctet(PStr)
- defer OCT_free(&POct)
- IStr := string(I)
- IOct := GetOctet(IStr)
- defer OCT_free(&IOct)
- UStr := string(U)
- UOct := GetOctet(UStr)
- defer OCT_free(&UOct)
- UTStr := string(UT)
- UTOct := GetOctet(UTStr)
- defer OCT_free(&UTOct)
-
- SKOct := GetOctetZero(EAS)
- defer OCT_free(&SKOct)
-
- rtn := C.MPIN_SERVER_KEY(&ZOct, &SSOct, &WOct, &POct, &IOct, &UOct, &UTOct, &SKOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- SK = OCT_toBytes(&SKOct)
-
- return
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-func MPIN_CLIENT_KEY_WRAP(PIN int, GT1, GT2, R, X, P, T []byte) (errorCode int, CK []byte) {
- GT1Str := string(GT1)
- GT1Oct := GetOctet(GT1Str)
- defer OCT_free(>1Oct)
- GT2Str := string(GT2)
- GT2Oct := GetOctet(GT2Str)
- defer OCT_free(>2Oct)
- RStr := string(R)
- ROct := GetOctet(RStr)
- defer OCT_free(&ROct)
- XStr := string(X)
- XOct := GetOctet(XStr)
- defer OCT_free(&XOct)
- PStr := string(P)
- POct := GetOctet(PStr)
- defer OCT_free(&POct)
- TStr := string(T)
- TOct := GetOctet(TStr)
- defer OCT_free(&TOct)
-
- CKOct := GetOctetZero(EAS)
- defer OCT_free(&CKOct)
-
- rtn := C.MPIN_CLIENT_KEY(>1Oct, >2Oct, C.int(PIN), &ROct, &XOct, &POct, &TOct, &CKOct)
- errorCode = int(rtn)
-
- // Convert octet to bytes
- CK = OCT_toBytes(&CKOct)
-
- return
-}
-
-// Generate a random byte array
-func GENERATE_RANDOM_C(RNG *C.csprng, randomLen int) (random []byte) {
- randomOct := GetOctetZero(randomLen)
- defer OCT_free(&randomOct)
-
- C.generateRandom(RNG, &randomOct)
-
- // Convert octet to bytes
- random = OCT_toBytes(&randomOct)
-
- return
-}
-
-// Generate random six digit value
-func GENERATE_OTP_C(RNG *C.csprng) int {
- rtn := C.generateOTP(RNG)
- return int(rtn)
-}
-
-/* AES-GCM Encryption:
- K is key, H is header, IV is initialization vector and P is plaintext.
- Returns cipthertext and tag (MAC) */
-func MPIN_AES_GCM_ENCRYPT(K, IV, H, P []byte) ([]byte, []byte) {
- KStr := string(K)
- KOct := GetOctet(KStr)
- defer OCT_free(&KOct)
- IVStr := string(IV)
- IVOct := GetOctet(IVStr)
- defer OCT_free(&IVOct)
- HStr := string(H)
- HOct := GetOctet(HStr)
- defer OCT_free(&HOct)
- PStr := string(P)
- POct := GetOctet(PStr)
- defer OCT_free(&POct)
-
- TOct := GetOctetZero(16)
- defer OCT_free(&TOct)
- lenC := len(PStr)
- COct := GetOctetZero(lenC)
- defer OCT_free(&COct)
-
- C.MPIN_AES_GCM_ENCRYPT(&KOct, &IVOct, &HOct, &POct, &COct, &TOct)
-
- // Convert octet to bytes
- C := OCT_toBytes(&COct)
- T := OCT_toBytes(&TOct)
-
- return C, T[:]
-}
-
-/* AES-GCM Deryption:
- K is key, H is header, IV is initialization vector and P is plaintext.
- Returns cipthertext and tag (MAC) */
-func MPIN_AES_GCM_DECRYPT(K, IV, H, C []byte) ([]byte, []byte) {
- KStr := string(K)
- KOct := GetOctet(KStr)
- defer OCT_free(&KOct)
- IVStr := string(IV)
- IVOct := GetOctet(IVStr)
- defer OCT_free(&IVOct)
- HStr := string(H)
- HOct := GetOctet(HStr)
- defer OCT_free(&HOct)
- CStr := string(C)
- COct := GetOctet(CStr)
- defer OCT_free(&COct)
-
- TOct := GetOctetZero(16)
- defer OCT_free(&TOct)
- lenP := len(CStr)
- POct := GetOctetZero(lenP)
- defer OCT_free(&POct)
-
- C.MPIN_AES_GCM_DECRYPT(&KOct, &IVOct, &HOct, &COct, &POct, &TOct)
-
- // Convert octet to bytes
- P := OCT_toBytes(&POct)
- T := OCT_toBytes(&TOct)
-
- return P, T[:]
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-func MPIN_PBKDF2(Pass, Salt []byte, rep, olen int) (Key []byte) {
- PassStr := string(Pass)
- PassOct := GetOctet(PassStr)
- defer OCT_free(&PassOct)
- SaltStr := string(Salt)
- SaltOct := GetOctet(SaltStr)
- defer OCT_free(&SaltOct)
-
- KeyOct := GetOctetZero(olen)
- defer OCT_free(&KeyOct)
-
- C.MPIN_PBKDF2(&PassOct, &SaltOct, C.int(rep), C.int(olen), &KeyOct)
-
- // Convert octet to bytes
- Key = OCT_toBytes(&KeyOct)
-
- return
-}
-
-func MPIN_printBinary(array []byte) {
- for i := 0; i < len(array); i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
-func MPIN_SERVER_1_WRAP(date int, ID []byte) (HID, HTID []byte) {
- // Form Octets
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
-
- HIDOct := GetOctetZero(G1S)
- defer OCT_free(&HIDOct)
- HTIDOct := GetOctetZero(G1S)
- defer OCT_free(&HTIDOct)
-
- C.MPIN_SERVER_1(C.int(date), &IDOct, &HIDOct, &HTIDOct)
-
- // Convert octet to bytes
- HID = OCT_toBytes(&HIDOct)
- HTID = OCT_toBytes(&HTIDOct)
-
- return
-}
-
-/* Implement step 2 of MPin protocol on server side */
-func MPIN_SERVER_2_WRAP(date int, HID []byte, HTID []byte, Y []byte, SS []byte, U []byte, UT []byte, V []byte) (errorCode int, E, F []byte) {
- // Form Octets
- HIDStr := string(HID)
- HIDOct := GetOctet(HIDStr)
- defer OCT_free(&HIDOct)
- HTIDStr := string(HTID)
- HTIDOct := GetOctet(HTIDStr)
- defer OCT_free(&HTIDOct)
- YStr := string(Y)
- YOct := GetOctet(YStr)
- defer OCT_free(&YOct)
- SSStr := string(SS)
- SSOct := GetOctet(SSStr)
- defer OCT_free(&SSOct)
- UStr := string(U)
- UOct := GetOctet(UStr)
- defer OCT_free(&UOct)
- UTStr := string(UT)
- UTOct := GetOctet(UTStr)
- defer OCT_free(&UTOct)
- VStr := string(V)
- VOct := GetOctet(VStr)
- defer OCT_free(&VOct)
-
- EOct := GetOctetZero(GTS)
- defer OCT_free(&EOct)
- FOct := GetOctetZero(GTS)
- defer OCT_free(&FOct)
- rtn := C.MPIN_SERVER_2(C.int(date), &HIDOct, &HTIDOct, &YOct, &SSOct, &UOct, &UTOct, &VOct, &EOct, &FOct)
-
- errorCode = int(rtn)
- E = OCT_toBytes(&EOct)
- F = OCT_toBytes(&FOct)
-
- return
-}
-
-/* Implement step 1 on client side of MPin protocol. Use GO code to generate random X */
-func MPIN_CLIENT_1_WRAP(date int, ID []byte, RNG *amcl.RAND, X []byte, PIN int, TOKEN []byte, TP []byte) (errorCode int, XOut, SEC, U, UT []byte) {
- amcl.MPIN_RANDOM_GENERATE(RNG, X[:])
- errorCode, XOut, SEC, U, UT = MPIN_CLIENT_1_C(date, ID[:], nil, X[:], PIN, TOKEN[:], TP[:])
- return
-}
-
-/* Implement step 1 on client side of MPin protocol
- When rng=nil the X value is externally generated
-*/
-func MPIN_CLIENT_1_C(date int, ID []byte, rng *C.csprng, X []byte, PIN int, TOKEN []byte, TP []byte) (errorCode int, XOut, SEC, U, UT []byte) {
- // Form Octets
- IDStr := string(ID)
- IDOct := GetOctet(IDStr)
- defer OCT_free(&IDOct)
-
- XStr := string(X)
- XOct := GetOctet(XStr)
- defer OCT_free(&XOct)
-
- TOKENStr := string(TOKEN)
- TOKENOct := GetOctet(TOKENStr)
- defer OCT_free(&TOKENOct)
-
- TPStr := string(TP)
- TPOct := GetOctet(TPStr)
- defer OCT_free(&TPOct)
-
- SECOct := GetOctetZero(G1S)
- defer OCT_free(&SECOct)
- UOct := GetOctetZero(G1S)
- defer OCT_free(&UOct)
- UTOct := GetOctetZero(G1S)
- defer OCT_free(&UTOct)
-
- rtn := C.MPIN_CLIENT_1(C.int(date), &IDOct, rng, &XOct, C.int(PIN), &TOKENOct, &SECOct, &UOct, &UTOct, &TPOct)
-
- errorCode = int(rtn)
- // Convert octet to bytes
- XOut = OCT_toBytes(&XOct)
- SEC = OCT_toBytes(&SECOct)
- U = OCT_toBytes(&UOct)
- UT = OCT_toBytes(&UTOct)
-
- return
-}
-
-/* Implement step 2 on client side of MPin protocol */
-func MPIN_CLIENT_2_WRAP(X []byte, Y []byte, SEC []byte) (errorCode int, V []byte) {
- // Form Octets
- XStr := string(X)
- XOct := GetOctet(XStr)
- defer OCT_free(&XOct)
- YStr := string(Y)
- YOct := GetOctet(YStr)
- defer OCT_free(&YOct)
- SECStr := string(SEC)
- SECOct := GetOctet(SECStr)
- defer OCT_free(&SECOct)
-
- rtn := C.MPIN_CLIENT_2(&XOct, &YOct, &SECOct)
-
- errorCode = int(rtn)
- // Convert octet to bytes
- V = OCT_toBytes(&SECOct)
-
- return
-}
-
-func MPIN_HASH_ALL_WRAP(I, U, UT, Y, V, R, W []byte) (HM []byte) {
- // Form Octets
- IStr := string(I)
- IOct := GetOctet(IStr)
- defer OCT_free(&IOct)
-
- UStr := string(U)
- UOct := GetOctet(UStr)
- defer OCT_free(&UOct)
-
- UTStr := string(UT)
- UTOct := GetOctet(UTStr)
- defer OCT_free(&UTOct)
-
- YStr := string(Y)
- YOct := GetOctet(YStr)
- defer OCT_free(&YOct)
-
- VStr := string(V)
- VOct := GetOctet(VStr)
- defer OCT_free(&VOct)
-
- RStr := string(R)
- ROct := GetOctet(RStr)
- defer OCT_free(&ROct)
-
- WStr := string(W)
- WOct := GetOctet(WStr)
- defer OCT_free(&WOct)
-
- HMOct := GetOctetZero(HASH_BYTES)
- defer OCT_free(&HMOct)
-
- // Hash values
- C.MPIN_HASH_ALL(&IOct, &UOct, &UTOct, &YOct, &VOct, &ROct, &WOct, &HMOct)
-
- // Convert octet to bytes
- HM = OCT_toBytes(&HMOct)
-
- return
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-cgo/crypto_test.go
----------------------------------------------------------------------
diff --git a/go/amcl-cgo/crypto_test.go b/go/amcl-cgo/crypto_test.go
deleted file mode 100644
index 0fa7c78..0000000
--- a/go/amcl-cgo/crypto_test.go
+++ /dev/null
@@ -1,1175 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-import (
- "crypto/rand"
- "encoding/hex"
- "fmt"
- mathrand "math/rand"
- "testing"
-
- "github.com/stretchr/testify/assert"
-
- amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-const nIter int = 100
-
-// Set to true if library built with "-D USE_ANONYMOUS=on"
-const USE_ANONYMOUS = false
-
-func TestGoodPIN(t *testing.T) {
- want := 0
- var got int
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- if USE_ANONYMOUS {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestBadPIN(t *testing.T) {
- want := -19
- var got int
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- ////// Client //////
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- ////// Server //////
- if USE_ANONYMOUS {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestBadToken(t *testing.T) {
- want := -19
- var got int
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, _, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Send UT as V to model bad token
- if USE_ANONYMOUS {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], HCID[:], MESSAGE[:])
- } else {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], ID[:], MESSAGE[:])
- }
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestRandom(t *testing.T) {
- want := 0
- var got int
-
- for i := 0; i < nIter; i++ {
-
- // Seed value for Random Number Generator (RNG)
- seed := make([]byte, 16)
- rand.Read(seed)
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Epoch time in days
- date := MPIN_today()
-
- // Epoch time in seconds
- timeValue := MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := mathrand.Intn(10000)
- // PIN variable to authenticate
- PIN2 := PIN1
-
- // Assign the End-User a random ID
- ID := make([]byte, 16)
- rand.Read(ID)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- if USE_ANONYMOUS {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
- assert.Equal(t, want, got, "Should be equal")
- }
-}
-
-func TestGoodSignature(t *testing.T) {
- want := 0
- var got int
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Authenticate
- if USE_ANONYMOUS {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestSignatureExpired(t *testing.T) {
- want := -19
- var got int
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- timeValue += 10
- // Authenticate
- if USE_ANONYMOUS {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestBadSignature(t *testing.T) {
- want := -19
- var got int
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Authenticate
- MESSAGE[0] = 00
- if USE_ANONYMOUS {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- got, _, _, _, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestPINError(t *testing.T) {
- want := 1001
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 2235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- var E []byte
- var F []byte
- if USE_ANONYMOUS {
- _, _, _, _, E, F = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- _, _, _, _, E, F = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
-
- got := MPIN_KANGAROO(E[:], F[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestMPINFull(t *testing.T) {
- want := "4e0317c9962dc2944c121ec41c800e16"
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Precomputation
- _, G1, G2 := MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID)
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, XOut, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Send Z=r.ID to Server
- var R [EGS]byte
- _, ROut, Z := MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:])
-
- // Authenticate
- var HID []byte
- var HTID []byte
- var Y []byte
- if USE_ANONYMOUS {
- _, HID, HTID, Y, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- } else {
- _, HID, HTID, Y, _, _ = MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- }
-
- // send T=w.ID to client
- var W [EGS]byte
- _, WOut, T := MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:])
-
- // Hash all values
- HM := MPIN_HASH_ALL_WRAP(HCID[:], U[:], UT[:], Y[:], V[:], Z[:], T[:])
-
- _, AES_KEY_SERVER := MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], HM[:], HID[:], U[:], UT[:])
- got := hex.EncodeToString(AES_KEY_SERVER[:])
- if got != want {
- t.Errorf("%s != %s", want, got)
- }
-
- _, AES_KEY_CLIENT := MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], HM[:], T[:])
- got = hex.EncodeToString(AES_KEY_CLIENT[:])
-
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestTwoPassGoodPIN(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- var HID []byte
- var HTID []byte
- if USE_ANONYMOUS {
- HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
- } else {
- HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
- }
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestTwoPassBadPIN(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- var HID []byte
- var HTID []byte
- if USE_ANONYMOUS {
- HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
- } else {
- HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
- }
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestTwoPassBadToken(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- var HID []byte
- var HTID []byte
- if USE_ANONYMOUS {
- HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
- } else {
- HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
- }
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, _ = MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- // Send UT as V to model bad token
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], UT[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestRandomTwoPass(t *testing.T) {
- want := 0
-
- for i := 0; i < nIter; i++ {
-
- // Seed value for Random Number Generator (RNG)
- seed := make([]byte, 16)
- rand.Read(seed)
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Epoch time in days
- date := MPIN_today()
-
- // PIN variable to create token
- PIN1 := mathrand.Intn(10000)
- // PIN variable to authenticate
- PIN2 := PIN1
-
- // Assign the End-User a random ID
- ID := make([]byte, 16)
- rand.Read(ID)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- var HID []byte
- var HTID []byte
- if USE_ANONYMOUS {
- HID, HTID = MPIN_SERVER_1_WRAP(date, HCID)
- } else {
- HID, HTID = MPIN_SERVER_1_WRAP(date, ID)
- }
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/AES.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/AES.go b/go/amcl-go/AES.go
deleted file mode 100644
index 598d408..0000000
--- a/go/amcl-go/AES.go
+++ /dev/null
@@ -1,634 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AES Encryption */
-
-package amcl
-
-//import "fmt"
-
-const aes_ECB int = 0
-const aes_CBC int = 1
-const aes_CFB1 int = 2
-const aes_CFB2 int = 3
-const aes_CFB4 int = 5
-const aes_OFB1 int = 14
-const aes_OFB2 int = 15
-const aes_OFB4 int = 17
-const aes_OFB8 int = 21
-const aes_OFB16 int = 29
-
-var aes_InCo = [...]byte{0xB, 0xD, 0x9, 0xE} /* Inverse Coefficients */
-
-var aes_ptab = [...]byte{
- 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
- 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
- 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
- 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
- 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
- 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
- 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
- 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
- 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
- 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
- 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
- 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
- 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
- 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
- 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
- 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1}
-
-var aes_ltab = [...]byte{
- 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
- 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
- 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
- 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
- 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
- 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
- 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
- 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
- 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
- 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
- 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
- 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
- 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
- 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
- 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
- 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7}
-
-var aes_fbsub = [...]byte{
- 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
- 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
- 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
- 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
- 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
- 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
- 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
- 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
- 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
- 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
- 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
- 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
- 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
- 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
- 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
- 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22}
-
-var aes_rbsub = [...]byte{
- 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
- 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
- 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
- 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
- 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
- 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
- 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
- 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
- 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
- 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
- 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
- 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
- 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
- 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
- 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
- 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125}
-
-var aes_rco = [...]byte{1, 2, 4, 8, 16, 32, 64, 128, 27, 54, 108, 216, 171, 77, 154, 47}
-
-var aes_ftable = [...]uint32{
- 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0xdf2f2ff, 0xbd6b6bd6,
- 0xb16f6fde, 0x54c5c591, 0x50303060, 0x3010102, 0xa96767ce, 0x7d2b2b56,
- 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f,
- 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0xbf0f0fb,
- 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453,
- 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
- 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551,
- 0x34e5e5d1, 0x8f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
- 0xc040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637,
- 0xf05050a, 0xb59a9a2f, 0x907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
- 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d,
- 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
- 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd,
- 0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x0, 0x2cededc1,
- 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d,
- 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
- 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a,
- 0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x6020204, 0x817f7ffe,
- 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d,
- 0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x4f5f5f1,
- 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5,
- 0xef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
- 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755,
- 0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
- 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54,
- 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
- 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264,
- 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0xa06060c, 0x6c242448, 0xe45c5cb8,
- 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531,
- 0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
- 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac,
- 0x7f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
- 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657,
- 0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
- 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c,
- 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x5030306, 0x1f6f6f7, 0x120e0e1c,
- 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199,
- 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
- 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c,
- 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
- 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7,
- 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
- 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c}
-
-var aes_rtable = [...]uint32{
- 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f,
- 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
- 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25,
- 0x980eea45, 0xe1c0fe5d, 0x2752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
- 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458,
- 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
- 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5,
- 0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
- 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72,
- 0x578f1fe3, 0x2aab5566, 0x728ebb2, 0x3c2b52f, 0x9a7bc586, 0xa50837d3,
- 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7,
- 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
- 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040,
- 0x69f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
- 0xb58d5491, 0x55dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6,
- 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
- 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x0, 0x83868009, 0x48ed2b32,
- 0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
- 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0xfe75793,
- 0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
- 0xaba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0xb0d090e, 0xadc78bf2,
- 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
- 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb,
- 0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
- 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc,
- 0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
- 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9,
- 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
- 0xe49d3a2c, 0xd927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890,
- 0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
- 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x97826cd, 0xf418596e,
- 0x1b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, 0xe6e815ef,
- 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a,
- 0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
- 0x4a9804f1, 0xf7daec41, 0xe50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43,
- 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
- 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92,
- 0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
- 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255,
- 0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
- 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0xc25e2bc,
- 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
- 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0}
-
-type AES struct {
- mode int
- fkey [44]uint32
- rkey [44]uint32
- f [16]byte
-}
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
-func aes_ROTL8(x uint32) uint32 {
- return (((x) << 8) | ((x) >> 24))
-}
-
-func aes_ROTL16(x uint32) uint32 {
- return (((x) << 16) | ((x) >> 16))
-}
-
-func aes_ROTL24(x uint32) uint32 {
- return (((x) << 24) | ((x) >> 8))
-}
-
-func aes_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */
- return ((uint32(b[3]) & 0xff) << 24) | ((uint32(b[2]) & 0xff) << 16) | ((uint32(b[1]) & 0xff) << 8) | (uint32(b[0]) & 0xff)
-}
-
-func aes_unpack(a uint32) [4]byte { /* unpack bytes from a word */
- var b = [4]byte{byte(a & 0xff), byte((a >> 8) & 0xff), byte((a >> 16) & 0xff), byte((a >> 24) & 0xff)}
- return b
-}
-
-func aes_bmul(x byte, y byte) byte { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- ix := int(x) & 0xff
- iy := int(y) & 0xff
- lx := int(aes_ltab[ix]) & 0xff
- ly := int(aes_ltab[iy]) & 0xff
-
- if x != 0 && y != 0 {
- return aes_ptab[(lx+ly)%255]
- } else {
- return byte(0)
- }
-}
-
-func aes_SubByte(a uint32) uint32 {
- b := aes_unpack(a)
- b[0] = aes_fbsub[int(b[0])]
- b[1] = aes_fbsub[int(b[1])]
- b[2] = aes_fbsub[int(b[2])]
- b[3] = aes_fbsub[int(b[3])]
- return aes_pack(b)
-}
-
-func aes_product(x uint32, y uint32) byte { /* dot product of two 4-byte arrays */
- xb := aes_unpack(x)
- yb := aes_unpack(y)
-
- return (aes_bmul(xb[0], yb[0]) ^ aes_bmul(xb[1], yb[1]) ^ aes_bmul(xb[2], yb[2]) ^ aes_bmul(xb[3], yb[3]))
-}
-
-func aes_InvMixCol(x uint32) uint32 { /* matrix Multiplication */
- var b [4]byte
- m := aes_pack(aes_InCo)
- b[3] = aes_product(m, x)
- m = aes_ROTL24(m)
- b[2] = aes_product(m, x)
- m = aes_ROTL24(m)
- b[1] = aes_product(m, x)
- m = aes_ROTL24(m)
- b[0] = aes_product(m, x)
- var y = aes_pack(b)
- return y
-}
-
-/* reset cipher */
-func (A *AES) Reset(m int, iv []byte) { /* reset mode, or reset iv */
- A.mode = m
- for i := 0; i < 16; i++ {
- A.f[i] = 0
- }
- if (A.mode != aes_ECB) && (iv != nil) {
- for i := 0; i < 16; i++ {
- A.f[i] = iv[i]
- }
- }
-}
-
-func (A *AES) Init(m int, key []byte, iv []byte) { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- var CipherKey [4]uint32
- var b [4]byte
- nk := 4
- A.Reset(m, iv)
- N := 44
-
- j := 0
- for i := 0; i < nk; i++ {
- for k := 0; k < 4; k++ {
- b[k] = key[j+k]
- }
- CipherKey[i] = aes_pack(b)
- j += 4
- }
- for i := 0; i < nk; i++ {
- A.fkey[i] = CipherKey[i]
- }
- j = nk
- for k := 0; j < N; k++ {
- A.fkey[j] = A.fkey[j-nk] ^ aes_SubByte(aes_ROTL24(A.fkey[j-1])) ^ uint32(aes_rco[k])
- for i := 1; i < nk && (i+j) < N; i++ {
- A.fkey[i+j] = A.fkey[i+j-nk] ^ A.fkey[i+j-1]
- }
- j += nk
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for j := 0; j < 4; j++ {
- A.rkey[j+N-4] = A.fkey[j]
- }
- for i := 4; i < N-4; i += 4 {
- k := N - 4 - i
- for j := 0; j < 4; j++ {
- A.rkey[k+j] = aes_InvMixCol(A.fkey[i+j])
- }
- }
- for j := N - 4; j < N; j++ {
- A.rkey[j-N+4] = A.fkey[j]
- }
-}
-
-func NewAES() *AES {
- var A = new(AES)
- return A
-}
-
-func (A *AES) Getreg() [16]byte {
- var ir [16]byte
- for i := 0; i < 16; i++ {
- ir[i] = A.f[i]
- }
- return ir
-}
-
-/* Encrypt a single block */
-func (A *AES) ecb_encrypt(buff []byte) {
- var b [4]byte
- var p [4]uint32
- var q [4]uint32
-
- j := 0
- for i := 0; i < 4; i++ {
- for k := 0; k < 4; k++ {
- b[k] = buff[j+k]
- }
- p[i] = aes_pack(b)
- p[i] ^= A.fkey[i]
- j += 4
- }
-
- k := 4
-
- /* State alternates between p and q */
- for i := 1; i < 10; i++ {
- q[0] = A.fkey[k] ^ aes_ftable[int(p[0]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[1]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[2]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[3]>>24)&0xff)])
-
- q[1] = A.fkey[k+1] ^ aes_ftable[int(p[1]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[2]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[3]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[0]>>24)&0xff)])
-
- q[2] = A.fkey[k+2] ^ aes_ftable[int(p[2]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[3]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[0]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[1]>>24)&0xff)])
-
- q[3] = A.fkey[k+3] ^ aes_ftable[int(p[3]&0xff)] ^ aes_ROTL8(aes_ftable[int((p[0]>>8)&0xff)]) ^ aes_ROTL16(aes_ftable[int((p[1]>>16)&0xff)]) ^ aes_ROTL24(aes_ftable[int((p[2]>>24)&0xff)])
-
- k += 4
- for j = 0; j < 4; j++ {
- t := p[j]
- p[j] = q[j]
- q[j] = t
- }
- }
-
- /* Last Round */
-
- q[0] = A.fkey[k] ^ uint32(aes_fbsub[int(p[0]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[1]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[2]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[3]>>24)&0xff)]))
-
- q[1] = A.fkey[k+1] ^ uint32(aes_fbsub[int(p[1]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[2]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[3]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[0]>>24)&0xff)]))
-
- q[2] = A.fkey[k+2] ^ uint32(aes_fbsub[int(p[2]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[3]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[0]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[1]>>24)&0xff)]))
-
- q[3] = A.fkey[k+3] ^ uint32(aes_fbsub[int(p[3]&0xff)]) ^ aes_ROTL8(uint32(aes_fbsub[int((p[0]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_fbsub[int((p[1]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_fbsub[int((p[2]>>24)&0xff)]))
-
- j = 0
- for i := 0; i < 4; i++ {
- b = aes_unpack(q[i])
- for k = 0; k < 4; k++ {
- buff[j+k] = b[k]
- }
- j += 4
- }
-}
-
-/* Decrypt a single block */
-func (A *AES) ecb_decrypt(buff []byte) {
- var b [4]byte
- var p [4]uint32
- var q [4]uint32
-
- j := 0
- for i := 0; i < 4; i++ {
- for k := 0; k < 4; k++ {
- b[k] = buff[j+k]
- }
- p[i] = aes_pack(b)
- p[i] ^= A.rkey[i]
- j += 4
- }
-
- k := 4
-
- /* State alternates between p and q */
- for i := 1; i < 10; i++ {
-
- q[0] = A.rkey[k] ^ aes_rtable[int(p[0]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[3]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[2]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[1]>>24)&0xff)])
-
- q[1] = A.rkey[k+1] ^ aes_rtable[int(p[1]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[0]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[3]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[2]>>24)&0xff)])
-
- q[2] = A.rkey[k+2] ^ aes_rtable[int(p[2]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[1]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[0]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[3]>>24)&0xff)])
-
- q[3] = A.rkey[k+3] ^ aes_rtable[int(p[3]&0xff)] ^ aes_ROTL8(aes_rtable[int((p[2]>>8)&0xff)]) ^ aes_ROTL16(aes_rtable[int((p[1]>>16)&0xff)]) ^ aes_ROTL24(aes_rtable[int((p[0]>>24)&0xff)])
-
- k += 4
- for j := 0; j < 4; j++ {
- t := p[j]
- p[j] = q[j]
- q[j] = t
- }
- }
-
- /* Last Round */
-
- q[0] = A.rkey[k] ^ uint32(aes_rbsub[int(p[0]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[3]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[2]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[1]>>24)&0xff)]))
-
- q[1] = A.rkey[k+1] ^ uint32(aes_rbsub[int(p[1]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[0]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[3]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[2]>>24)&0xff)]))
-
- q[2] = A.rkey[k+2] ^ uint32(aes_rbsub[int(p[2]&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[1]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[0]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[3]>>24)&0xff)]))
-
- q[3] = A.rkey[k+3] ^ uint32(aes_rbsub[int((p[3])&0xff)]) ^ aes_ROTL8(uint32(aes_rbsub[int((p[2]>>8)&0xff)])) ^ aes_ROTL16(uint32(aes_rbsub[int((p[1]>>16)&0xff)])) ^ aes_ROTL24(uint32(aes_rbsub[int((p[0]>>24)&0xff)]))
-
- j = 0
- for i := 0; i < 4; i++ {
- b = aes_unpack(q[i])
- for k := 0; k < 4; k++ {
- buff[j+k] = b[k]
- }
- j += 4
- }
-}
-
-/* Encrypt using selected mode of operation */
-func (A *AES) Encrypt(buff []byte) uint32 {
- var st [16]byte
-
- // Supported Modes of Operation
-
- var fell_off uint32 = 0
- switch A.mode {
- case aes_ECB:
- A.ecb_encrypt(buff)
- return 0
- case aes_CBC:
- for j := 0; j < 16; j++ {
- buff[j] ^= A.f[j]
- }
- A.ecb_encrypt(buff)
- for j := 0; j < 16; j++ {
- A.f[j] = buff[j]
- }
- return 0
-
- case aes_CFB1:
- fallthrough
- case aes_CFB2:
- fallthrough
- case aes_CFB4:
- bytes := A.mode - aes_CFB1 + 1
- for j := 0; j < bytes; j++ {
- fell_off = (fell_off << 8) | uint32(A.f[j])
- }
- for j := 0; j < 16; j++ {
- st[j] = A.f[j]
- }
- for j := bytes; j < 16; j++ {
- A.f[j-bytes] = A.f[j]
- }
- A.ecb_encrypt(st[:])
- for j := 0; j < bytes; j++ {
- buff[j] ^= st[j]
- A.f[16-bytes+j] = buff[j]
- }
- return fell_off
-
- case aes_OFB1:
- fallthrough
- case aes_OFB2:
- fallthrough
- case aes_OFB4:
- fallthrough
- case aes_OFB8:
- fallthrough
- case aes_OFB16:
-
- bytes := A.mode - aes_OFB1 + 1
- A.ecb_encrypt(A.f[:])
- for j := 0; j < bytes; j++ {
- buff[j] ^= A.f[j]
- }
- return 0
-
- default:
- return 0
- }
-}
-
-/* Decrypt using selected mode of operation */
-func (A *AES) Decrypt(buff []byte) uint32 {
-
- var st [16]byte
-
- // Supported Modes of Operation
-
- var fell_off uint32 = 0
- switch A.mode {
- case aes_ECB:
- A.ecb_decrypt(buff)
- return 0
- case aes_CBC:
- for j := 0; j < 16; j++ {
- st[j] = A.f[j]
- A.f[j] = buff[j]
- }
- A.ecb_decrypt(buff)
- for j := 0; j < 16; j++ {
- buff[j] ^= st[j]
- st[j] = 0
- }
- return 0
- case aes_CFB1:
- fallthrough
- case aes_CFB2:
- fallthrough
- case aes_CFB4:
- bytes := A.mode - aes_CFB1 + 1
- for j := 0; j < bytes; j++ {
- fell_off = (fell_off << 8) | uint32(A.f[j])
- }
- for j := 0; j < 16; j++ {
- st[j] = A.f[j]
- }
- for j := bytes; j < 16; j++ {
- A.f[j-bytes] = A.f[j]
- }
- A.ecb_encrypt(st[:])
- for j := 0; j < bytes; j++ {
- A.f[16-bytes+j] = buff[j]
- buff[j] ^= st[j]
- }
- return fell_off
- case aes_OFB1:
- fallthrough
- case aes_OFB2:
- fallthrough
- case aes_OFB4:
- fallthrough
- case aes_OFB8:
- fallthrough
- case aes_OFB16:
- bytes := A.mode - aes_OFB1 + 1
- A.ecb_encrypt(A.f[:])
- for j := 0; j < bytes; j++ {
- buff[j] ^= A.f[j]
- }
- return 0
-
- default:
- return 0
- }
-}
-
-/* Clean up and delete left-overs */
-func (A *AES) End() { // clean up
- for i := 0; i < 44; i++ {
- A.fkey[i] = 0
- A.rkey[i] = 0
- }
- for i := 0; i < 16; i++ {
- A.f[i] = 0
- }
-}
-
-/*
-func main() {
- var key [16]byte
- var block [16]byte
- var iv [16]byte
-
- for i:=0;i<16;i++ {key[i]=0}
- key[0]=1
- for i:=0;i<16;i++ {iv[i]=byte(i)}
- for i:=0;i<16;i++ {block[i]=byte(i)}
-
- a:=NewAES()
-
- a.Init(aes_CBC,key[:],iv[:])
- fmt.Printf("Plain= \n")
- for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
- fmt.Printf("\n")
-
- a.Encrypt(block[:])
-
- fmt.Printf("Encrypt= \n")
- for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
- fmt.Printf("\n")
-
- a.Reset(aes_CBC,iv[:])
- a.Decrypt(block[:])
-
- fmt.Printf("Decrypt= \n")
- for i:=0;i<16;i++ {fmt.Printf("%02X ", block[i]&0xff)}
- fmt.Printf("\n")
-
- a.End();
-}
-*/
[09/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/bigtobig.cpp
----------------------------------------------------------------------
diff --git a/version22/bigtobig.cpp b/version22/bigtobig.cpp
new file mode 100644
index 0000000..fbc89ea
--- /dev/null
+++ b/version22/bigtobig.cpp
@@ -0,0 +1,292 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+//
+// Program to convert from Big to AMCL BIG format
+// cl /O2 bigtobig.cpp big.cpp miracl.lib
+// g++ -O2 bigtobig.cpp big.cpp miracl.a -o bigtobig
+//
+//
+
+#include <iostream>
+#include "zzn.h"
+
+using namespace std;
+
+Miracl precision=100;
+
+// Code to parse formula in command line
+// This code isn't mine, but its public domain
+// Shamefully I forget the source
+//
+// NOTE: It may be necessary on some platforms to change the operators * and #
+//
+
+#if defined(unix)
+#define TIMES '.'
+#define RAISE '^'
+#else
+#define TIMES '*'
+#define RAISE '#'
+#endif
+
+Big tt;
+static char *ss;
+
+void eval_power (Big& oldn,Big& n,char op)
+{
+ if (op) n=pow(oldn,toint(n)); // power(oldn,size(n),n,n);
+}
+
+void eval_product (Big& oldn,Big& n,char op)
+{
+ switch (op)
+ {
+ case TIMES:
+ n*=oldn;
+ break;
+ case '/':
+ n=oldn/n;
+ break;
+ case '%':
+ n=oldn%n;
+ }
+}
+
+void eval_sum (Big& oldn,Big& n,char op)
+{
+ switch (op)
+ {
+ case '+':
+ n+=oldn;
+ break;
+ case '-':
+ n=oldn-n;
+ }
+}
+
+void eval (void)
+{
+ Big oldn[3];
+ Big n;
+ int i;
+ char oldop[3];
+ char op;
+ char minus;
+ for (i=0;i<3;i++)
+ {
+ oldop[i]=0;
+ }
+LOOP:
+ while (*ss==' ')
+ ss++;
+ if (*ss=='-') /* Unary minus */
+ {
+ ss++;
+ minus=1;
+ }
+ else
+ minus=0;
+ while (*ss==' ')
+ ss++;
+ if (*ss=='(' || *ss=='[' || *ss=='{') /* Number is subexpression */
+ {
+ ss++;
+ eval ();
+ n=tt;
+ }
+ else /* Number is decimal value */
+ {
+ for (i=0;ss[i]>='0' && ss[i]<='9';i++)
+ ;
+ if (!i) /* No digits found */
+ {
+ cout << "Error - invalid number" << endl;
+ exit (20);
+ }
+ op=ss[i];
+ ss[i]=0;
+ n=atoi(ss);
+ ss+=i;
+ *ss=op;
+ }
+ if (minus) n=-n;
+ do
+ op=*ss++;
+ while (op==' ');
+ if (op==0 || op==')' || op==']' || op=='}')
+ {
+ eval_power (oldn[2],n,oldop[2]);
+ eval_product (oldn[1],n,oldop[1]);
+ eval_sum (oldn[0],n,oldop[0]);
+ tt=n;
+ return;
+ }
+ else
+ {
+ if (op==RAISE)
+ {
+ eval_power (oldn[2],n,oldop[2]);
+ oldn[2]=n;
+ oldop[2]=RAISE;
+ }
+ else
+ {
+ if (op==TIMES || op=='/' || op=='%')
+ {
+ eval_power (oldn[2],n,oldop[2]);
+ oldop[2]=0;
+ eval_product (oldn[1],n,oldop[1]);
+ oldn[1]=n;
+ oldop[1]=op;
+ }
+ else
+ {
+ if (op=='+' || op=='-')
+ {
+ eval_power (oldn[2],n,oldop[2]);
+ oldop[2]=0;
+ eval_product (oldn[1],n,oldop[1]);
+ oldop[1]=0;
+ eval_sum (oldn[0],n,oldop[0]);
+ oldn[0]=n;
+ oldop[0]=op;
+ }
+ else /* Error - invalid operator */
+ {
+ cout << "Error - invalid operator" << endl;
+ exit (20);
+ }
+ }
+ }
+ }
+ goto LOOP;
+}
+
+void output(int w,Big t,Big m)
+{
+ Big y=t;
+
+ for (int i=0;i<w;i++)
+ {
+ cout << "0x" << y%m ;
+ if (i<w-1) cout << ",";
+ y/=m;
+ }
+ cout << endl;
+}
+
+int main(int argc, char **argv)
+{
+ int i,ip,chunk,basebits;
+ Big n,m;
+ BOOL gotP,gotA,gotB;
+ int Base;
+ miracl *mip=&precision;
+ argv++; argc--;
+ if (argc<1)
+ {
+ cout << "Program converts from Big to BIG" << endl;
+ cout << "bigtobig <big number> <chunk>> <basebits>" << endl;
+ cout << "OR" << endl;
+ cout << "bigtobig <formula for big number> <chunk>> <basebits>" << endl;
+#if defined(unix)
+ cout << "e.g. bigtobig -f 2^255-19 32 29" << endl;
+#else
+ cout << "e.g. bigtobig -f 2#255-19 32 29" << endl;
+#endif
+ cout << "To input Big number in Hex, precede with -h" << endl;
+ return 0;
+ }
+
+ ip=0;
+ gprime(1000);
+ gotP=gotA=gotB=FALSE;
+ n=0;
+ Base=10;
+ while (ip<argc)
+ {
+ if (!gotP && strcmp(argv[ip],"-f")==0)
+ {
+ ip++;
+ if (!gotP && ip<argc)
+ {
+
+ ss=argv[ip++];
+ tt=0;
+ eval();
+ n=tt;
+ gotP=TRUE;
+ continue;
+ }
+ else
+ {
+ cout << "Error in command line" << endl;
+ return 0;
+ }
+ }
+
+
+ if (strcmp(argv[ip],"-h")==0)
+ {
+ ip++;
+ Base=16;
+ continue;
+ }
+
+ if (!gotP)
+ {
+ mip->IOBASE=Base;
+ n=argv[ip++];
+ mip->IOBASE=10;
+ gotP=TRUE;
+ continue;
+ }
+ if (!gotA)
+ {
+ mip->IOBASE=Base;
+ chunk=atoi(argv[ip++]);
+ gotA=TRUE;
+ continue;
+ }
+ if (!gotB)
+ {
+ mip->IOBASE=Base;
+ basebits=atoi(argv[ip++]);
+ gotB=TRUE;
+ continue;
+ }
+ cout << "Error in command line" << endl;
+ return 0;
+ }
+ if (!gotP || !gotA || !gotB)
+ {
+ cout << "Error in command line" << endl;
+ return 0;
+ }
+
+ mip->IOBASE=16;
+
+ m=pow((Big)2,basebits);
+
+ output(1+bits(n)/basebits,n,m);
+
+ return 0;
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/blsgen.cpp
----------------------------------------------------------------------
diff --git a/version22/blsgen.cpp b/version22/blsgen.cpp
new file mode 100644
index 0000000..9b08b7c
--- /dev/null
+++ b/version22/blsgen.cpp
@@ -0,0 +1,194 @@
+/*
+Copyright 2015 CertiVox UK Ltd
+
+This file is part of The CertiVox MIRACL IOT Crypto SDK (MiotCL)
+
+MiotCL is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+MiotCL is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with MiotCL. If not, see <http://www.gnu.org/licenses/>.
+
+You can be released from the requirements of the license by purchasing
+a commercial license.
+*/
+
+/* BLSGEN - Helper MIRACL program to generate constants for BlS curves
+
+(MINGW build)
+
+g++ -O3 blsgen.cpp big.cpp zzn.cpp ecn.cpp zzn2.cpp ecn2.cpp miracl.a -o blsgen.exe
+
+This ONLY works for D-type curves of the form y^2=x^3+1, with a positive x parameter
+
+*/
+
+#include <iostream>
+#include "big.h"
+#include "ecn.h"
+#include "zzn2.h"
+#include "ecn2.h"
+
+using namespace std;
+
+Miracl precision(20,0);
+
+Big output(int chunk,int w,Big t,Big m)
+{
+ Big last,y=t;
+
+ cout << "{";
+ for (int i=0;i<w;i++)
+ {
+ last=y%m;
+ cout << "0x" << last;
+ y/=m;
+ if (i==w-1) break;
+ if (chunk==64) cout << "L,";
+ else cout << ",";
+ }
+
+ if (chunk==64) cout << "L}";
+ else cout << "}";
+ return last;
+}
+
+void set_frobenius_constant(ZZn2 &X)
+{
+ Big p=get_modulus();
+ switch (get_mip()->pmod8)
+ {
+ case 5:
+ X.set((Big)0,(Big)1); // = (sqrt(-2)^(p-1)/2
+ break;
+ case 3: // = (1+sqrt(-1))^(p-1)/2
+ X.set((Big)1,(Big)1);
+ break;
+ case 7:
+ X.set((Big)2,(Big)1); // = (2+sqrt(-1))^(p-1)/2
+ default: break;
+ }
+ X=pow(X,(p-1)/6);
+}
+
+/* Fill in this bit yourself.... */
+
+#define CHUNK 64 /* processor word size */
+#define MBITS 455 /* Modulus size in bits */
+
+/* This next from output of check.cpp program */
+#define BASEBITS 60
+
+#define MODTYPE NOT_SPECIAL
+#define CURVETYPE WEIERSTRASS
+#define CURVE_A 0 // like A parameter in CURVE: y^2=x^3+Ax+B
+
+/* .....to here */
+
+#define WORDS (1+((MBITS-1)/BASEBITS))
+
+int main()
+{
+ miracl *mip=&precision;
+ Big p,q,R,Beta;
+ Big m,x,y,w,t,c,n,r,a,b,gx,gy,B,xa,xb,ya,yb,cof;
+ Big np,PP,TT,FF;
+ ZZn cru;
+ ZZn2 X;
+ ECn P;
+ ECn2 Q;
+ ZZn2 Xa,Ya;
+ int i,j;
+
+ mip->IOBASE=16;
+
+/* Set BLS value x which determines curve */
+
+ x= (char *)"10002000002000010007";
+ B=1;
+ x= (char *)"10000000000004100100";
+ B=7;
+ x= (char *)"10000020000080000800";
+ B=10;
+/* ... to here */
+
+ p=(pow(x,6)-2*pow(x,5)+2*pow(x,3)+x+1)/3;
+ ecurve((Big)0,B,p,MR_AFFINE);
+ mip->TWIST=MR_SEXTIC_D;
+ t=x+1;
+ q=pow(x,4)-x*x+1;
+ cof=(p+1-t)/q;
+
+// cout << "cof= " << (p+1-t)/q << endl;
+
+ gx=-1; gy=3;
+ if (!P.set(gx,gy))
+ {
+ cout << "Failed - try another x " << endl;
+ return 0;
+ }
+
+// while (!P.set(gx) || (cof*P).iszero()) gx=gx+1;
+
+ P*=cof;
+ P.get(gx,gy);
+
+ cout << "MOD8 " << p%8 << endl;
+
+ m=pow((Big)2,BASEBITS);
+
+ cout << "MConst=0x" << inverse(m-p%m,m) << ";" << endl;
+
+ cout << "Modulus="; output(CHUNK,WORDS,p,m); cout << ";" << endl;
+
+ cout << "CURVE_Order="; output(CHUNK,WORDS,q,m); cout << ";" << endl;
+ cout << "CURVE_Cof="; output(CHUNK,WORDS,cof,m); cout << ";" << endl;
+ cout << "CURVE_B= "; output(CHUNK,WORDS,B,m); cout << ";" << endl;
+ cout << "CURVE_Gx="; output(CHUNK,WORDS,gx,m); cout << ";" << endl;
+ cout << "CURVE_Gy="; output(CHUNK,WORDS,gy,m); cout << ";" << endl;
+ cout << endl;
+ cout << "CURVE_Bnx="; output(CHUNK,WORDS,x,m); cout << ";" << endl;
+
+ modulo(p);
+
+ cru=pow((ZZn)2,(p-1)/3);
+ cru*=cru; // right cube root of unity
+
+ cout << "CURVE_Cru="; output(CHUNK,WORDS,(Big)cru,m); cout << ";" << endl;
+
+ set_frobenius_constant(X);
+ X.get(a,b);
+ cout << "CURVE_Fra="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
+ cout << "CURVE_Frb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
+
+ while (!Q.set(randn2())) ;
+
+ TT=t*t-2*p;
+ PP=p*p;
+ FF=sqrt((4*PP-TT*TT)/3);
+ np=PP+1-(-3*FF+TT)/2; // 2 possibilities...
+
+ Q=(np/q)*Q;
+
+ Q.get(Xa,Ya);
+ Xa.get(a,b);
+ cout << "CURVE_Pxa="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
+ cout << "CURVE_Pxb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
+ Ya.get(a,b);
+ cout << "CURVE_Pya="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
+ cout << "CURVE_Pyb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
+
+ Q*=q;
+ if (!Q.iszero())
+ {
+ cout << "**** Failed ****" << endl;
+ cout << "\nQ= " << Q << endl << endl;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/bngen.cpp
----------------------------------------------------------------------
diff --git a/version22/bngen.cpp b/version22/bngen.cpp
new file mode 100644
index 0000000..da4c10c
--- /dev/null
+++ b/version22/bngen.cpp
@@ -0,0 +1,251 @@
+/*
+Copyright 2015 CertiVox UK Ltd
+
+This file is part of The CertiVox MIRACL IOT Crypto SDK (MiotCL)
+
+MiotCL is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+MiotCL is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with MiotCL. If not, see <http://www.gnu.org/licenses/>.
+
+You can be released from the requirements of the license by purchasing
+a commercial license.
+*/
+
+/* BNGEN - Helper MIRACL program to generate constants for BN curve
+
+(MINGW build)
+
+g++ -O3 bngen.cpp big.cpp zzn.cpp zzn2.cpp ecn2.cpp miracl.a -o bngen.exe
+
+This ONLY works for D-type curves of the form y^2=x^3+2, with a negative x parameter, and x=3 mod 4
+
+*/
+
+#include <iostream>
+#include "big.h"
+#include "zzn2.h"
+#include "ecn2.h"
+
+using namespace std;
+
+Miracl precision(20,0);
+
+Big output(int chunk,int w,Big t,Big m)
+{
+ Big last,y=t;
+
+ cout << "{";
+ for (int i=0;i<w;i++)
+ {
+ last=y%m;
+ cout << "0x" << last;
+ y/=m;
+ if (i==w-1) break;
+ if (chunk==64) cout << "L,";
+ else cout << ",";
+ }
+
+ if (chunk==64) cout << "L}";
+ else cout << "}";
+ return last;
+}
+
+void q_power_frobenius(ECn2 &A,ZZn2 &F)
+{
+// Fast multiplication of A by q (for Trace-Zero group members only)
+ ZZn2 x,y,z,w,r;
+
+ A.get(x,y);
+
+ w=F*F;
+ r=F;
+
+ if (get_mip()->TWIST==MR_SEXTIC_M) r=inverse(F); // could be precalculated
+ if (get_mip()->TWIST==MR_SEXTIC_D) r=F;
+
+ w=r*r;
+ x=w*conj(x);
+ y=r*w*conj(y);
+
+ A.set(x,y);
+}
+
+//
+// Faster Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez
+//
+
+void cofactor(ECn2& S,ZZn2 &F,Big& x)
+{
+ ECn2 T,K;
+ T=S;
+ T*=-x;
+ T.norm();
+ K=(T+T)+T;
+ K.norm();
+ q_power_frobenius(K,F);
+ q_power_frobenius(S,F); q_power_frobenius(S,F); q_power_frobenius(S,F);
+ S+=T; S+=K;
+ q_power_frobenius(T,F); q_power_frobenius(T,F);
+ S+=T;
+ S.norm();
+}
+
+void set_frobenius_constant(ZZn2 &X)
+{
+ Big p=get_modulus();
+ switch (get_mip()->pmod8)
+ {
+ case 5:
+ X.set((Big)0,(Big)1); // = (sqrt(-2)^(p-1)/2
+ break;
+ case 3: // = (1+sqrt(-1))^(p-1)/2
+ X.set((Big)1,(Big)1);
+ break;
+ case 7:
+ X.set((Big)2,(Big)1); // = (2+sqrt(-1))^(p-1)/2
+ default: break;
+ }
+ X=pow(X,(p-1)/6);
+}
+
+/* Fill in this bit yourself.... */
+
+#define CHUNK 64 /* processor word size */
+#define MBITS 454 /* Modulus size in bits */
+
+/* This next from output of check.cpp program */
+#define BASEBITS 60
+
+#define MODTYPE NOT_SPECIAL
+#define CURVETYPE WEIERSTRASS
+#define CURVE_A 0 // like A parameter in CURVE: y^2=x^3+Ax+B
+
+/* .....to here */
+
+#define WORDS (1+((MBITS-1)/BASEBITS))
+
+int main()
+{
+ miracl *mip=&precision;
+ Big p,q,R,cru;
+ Big m,x,y,w,t,c,n,r,a,b,gx,gy,B,xa,xb,ya,yb,cof;
+ ZZn2 X;
+ ECn2 Q;
+ ZZn2 Xa,Ya;
+ int i;
+
+ mip->IOBASE=16;
+
+/* Set BN value x which determines curve - note that x is assumed to be negative */
+
+// x=(char *)"6000000000101041"; // for full 256-bit GT_STRONG parameter
+// x=(char *)"4080000000000001"; // Fast but not not GT_STRONG parameter
+
+// x=(char *)"4000020100608205"; // G2 and GT-Strong parameter
+// x=(char *)"4000000003C012B1"; // CertiVox's GT_STRONG parameter
+// x=(char *)"10000000000000000000004000000000000001001";
+// x=(char *)"4000806000004081"; // Best GT_STRONG parameter
+
+/* Fill in this bit yourself... */
+
+// x=(char *)"4080000000000001"; // Nogami's fast parameter
+ x=(char *)"10000010000000000000100000001";
+// x=(char *)"10000000000000000000004000000000000001001";
+
+/* ... to here */
+
+ p=36*pow(x,4)-36*pow(x,3)+24*x*x-6*x+1;
+ ecurve((Big)0,(Big)2,p,MR_AFFINE);
+ mip->TWIST=MR_SEXTIC_D;
+ t=6*x*x+1;
+ q=p+1-t;
+ cof=1;
+ B=2;
+ gx=p-1;
+ gy=1;
+
+ cout << "MOD8 " << p%8 << endl;
+
+ m=pow((Big)2,BASEBITS);
+
+ cout << "MConst=0x" << inverse(m-p%m,m) << ";" << endl;
+
+ cout << "Modulus="; output(CHUNK,WORDS,p,m); cout << ";" << endl;
+
+ cout << "CURVE_Order="; output(CHUNK,WORDS,q,m); cout << ";" << endl;
+ cout << "CURVE_Cof="; output(CHUNK,WORDS,cof,m); cout << ";" << endl;
+ cout << "CURVE_B= "; output(CHUNK,WORDS,B,m); cout << ";" << endl;
+ cout << "CURVE_Gx="; output(CHUNK,WORDS,gx,m); cout << ";" << endl;
+ cout << "CURVE_Gy="; output(CHUNK,WORDS,gy,m); cout << ";" << endl;
+ cout << endl;
+ cout << "CURVE_Bnx="; output(CHUNK,WORDS,x,m); cout << ";" << endl;
+
+ cru=(18*pow(x,3)-18*x*x+9*x-2);
+ cout << "CURVE_Cru="; output(CHUNK,WORDS,cru,m); cout << ";" << endl;
+
+ set_frobenius_constant(X);
+ X.get(a,b);
+ cout << "CURVE_Fra="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
+ cout << "CURVE_Frb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
+
+ Xa.set((ZZn)0,(ZZn)-1);
+ Ya.set((ZZn)1,ZZn(0));
+ Q.set(Xa,Ya);
+
+// cofactor(Q,X,x);
+
+ Q=(p-1+t)*Q;
+
+ Q.get(Xa,Ya);
+ Xa.get(a,b);
+ cout << "CURVE_Pxa="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
+ cout << "CURVE_Pxb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
+ Ya.get(a,b);
+ cout << "CURVE_Pya="; output(CHUNK,WORDS,a,m); cout << ";" << endl;
+ cout << "CURVE_Pyb="; output(CHUNK,WORDS,b,m); cout << ";" << endl;
+
+// Q*=q;
+// cout << "Q= " << Q << endl;
+
+
+ cout << "CURVE_W[2]={"; output(CHUNK,WORDS,6*x*x-4*x+1,m);cout << ","; output(CHUNK,WORDS,(2*x-1),m); cout << "};" << endl;
+ cout << "CURVE_SB[2][2]={"; cout << "{"; output(CHUNK,WORDS,6*x*x-2*x,m); cout << ","; output(CHUNK,WORDS,(2*x-1),m); cout << "}";cout << ","; cout << "{"; output(CHUNK,WORDS,(2*x-1),m); cout << ","; output(CHUNK,WORDS,q-(6*x*x-4*x+1),m); cout << "}"; cout << "};" << endl;
+
+ cout << "CURVE_WB[4]={"; output(CHUNK,WORDS,2*x*x-3*x+1,m); cout << ","; output(CHUNK,WORDS,12*x*x*x-8*x*x+x,m);
+ cout << ","; output(CHUNK,WORDS,6*x*x*x-4*x*x+x,m); cout << ","; output(CHUNK,WORDS,2*x*x-x,m); cout << "};" << endl;
+
+ cout << "CURVE_BB[4][4]={";
+ cout << "{";
+ output(CHUNK,WORDS,q-x+1,m);
+ cout << ","; output(CHUNK,WORDS,q-x,m);
+ cout << ","; output(CHUNK,WORDS,q-x,m);
+ cout << ","; output(CHUNK,WORDS,2*x,m);
+ cout << "}";
+
+ cout << ","; cout << "{";output(CHUNK,WORDS,2*x-1,m);
+ cout << ","; output(CHUNK,WORDS,q-x,m);
+ cout << ","; output(CHUNK,WORDS,q-x+1,m);
+ cout << ","; output(CHUNK,WORDS,q-x,m);
+ cout << "}";
+ cout << ","; cout << "{"; output(CHUNK,WORDS,2*x,m);
+ cout << ","; output(CHUNK,WORDS,2*x-1,m);
+ cout << ","; output(CHUNK,WORDS,2*x-1,m);
+ cout << ","; output(CHUNK,WORDS,2*x-1,m);
+ cout << "}";
+
+ cout << ","; cout << "{"; output(CHUNK,WORDS,x+1,m);
+ cout << ","; output(CHUNK,WORDS,4*x-2,m);
+ cout << ","; output(CHUNK,WORDS,q-2*x-1,m);
+ cout << ","; output(CHUNK,WORDS,x+1,m);
+ cout << "}";
+ cout << "};" << endl;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/CARSK.pem
----------------------------------------------------------------------
diff --git a/version22/c/CARSK.pem b/version22/c/CARSK.pem
new file mode 100644
index 0000000..743aead
--- /dev/null
+++ b/version22/c/CARSK.pem
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,E7A447797FE65D8D1309B743D8BA74B7
+
+G+ZhtxB+W4fKo11fAzggY0OOOB1RAwwSZFZ0DhlYEl76BLMUlXUfiziGQvpKcKdW
+aKcCPqmWw0TFkgwdwRB1NPu2tX786tNF3tIQa33TEuaY1ekyP9DpQdGksNHEIZ5N
+fCW22KJ+7lcm5/0G8IJXXUAAXiE65o+X+6vlmT9nzSPlCKOZvb0ITtahuphzg6l3
+QmXHYYtflKoqv9mFo63IGIp2EXjAlJUlVs+8f1NG+8b4J0KrHXx5MmvNBn+86GEV
+8lyryqgVFRxfbcvDI2s7GGLW4KZCDCRxRrG3GTtXRjJaVjw7VutL1teUfHKOegpA
+iFa0HNpILpqu6K99DBcteJaFxW3gOr3PdaylC046G+P059AnBA86lsJedKjbJ3WW
+DXtOawuBIQ3iIrGJ/q5vMK7cbAG785HOaqMQth0YPB/VFklsjAd/RW2CKr94ggB9
+wU1/IUcJ25pz/ph/7h7KDjoxIa1OEx5EHzzrFc88jGAmEBSfx6J5tU2GtruJhoqr
+SpiW36KQt+xFydfjywxO32BQ9YPae1yeQQwrX67YBNUkQhQpff7KxqqQJt7wqAVL
+vD4jthqRHOutco/It0cuqyO8dK01UDB6UIZdRlJuJ83HmqI+3YDtd2MOUIteSXMb
+4wAhMf1XFB6FQUuzB9Nc85wXWa5a7qyP63VMoPgiqgh7g5Is52hlcFcIBz6GE+h6
+Oz8FnaVX5K7Co2XojTJ3f99t5oEvF3aMPbCnG6izFQYNH+o8XTxRrldpb7hvoU6t
+z3lh4i8p2lq/DO1F8C9jKX0nJiSK311beuqkb0pA4VBPYNYBvx+UP3zBdcE82sab
+2flx1m6/OrJnyDMAOZAUFdbarU4AFJgLrBWbDjouCDHlQLZjY6ubBlvmslzY9QdR
+A1ssy1+wi39bM6ZSnrS1310/JDQPdIrd6Srh6e+54xiJHpjcvqE77uBeeje9ilHB
+pXdKi6Hv873yrI5T/F5zonKoFc1OO4cOrc8MLaQs0kJTcjXdg9uNk3AYKDYyq5JV
+gvJU2c/W/Z4pq0ve2ekETXjaoz2DSzbg1LGgzy/AOdPukmNgADn9qRyNtgwr30ix
+kDRjEG9bt5unkskXjdqtwl6mKiYvtM2SPfncdyCW3tqW++a7GvlA1TLecgzw9t40
++m0gKcIBj/vy6VFiLluQy7J59+MD6BNVxSeFvR2gMsj1sIxsIrq4lxPyG4knp3RA
+JeKTDes5DrquboJ1usl2ra8v5njJB8phHDVss4rBtlWuw5zBagaTN2PU8GLzmte6
+6PeagGDYNl2zoTMVOtTQ1BYDE08IS6ZNqSftrkGx4ypDnI5EHqoAl+ksSenGq2eg
+0/vW768hHSmQXIZHsV6YuI2nqYoM+SDAAFg38hnrtoIYEf0XYhHhr3hasL1ckWxG
+Q/fAlZynbxKL98KKB47eXXky0CHeJ77zICD1sotXIJJN4yMeDW14HIFCV/G9l+RI
+NYHCYzlnoaz244TTidsyYt02GYbR3zshhUw1CNn4THHQl9p4o7jYO/gFZtelc3+V
+SeVOKCXiSnJPhPiFVbnhlpJ7+4GhdpZRi84a6aLRinOUZf0WjYspOKhEaPOP5e1m
+ZKgC6vqqWawN+NQhHNG/S8Opu/TAt0hNE5fCYUUdWCL3MmuJPSsJ0orEtV3TAqLz
+q4znU2fzh3nuTKVWxeHbiVJ8dW50JhhixDYW4KrW8U/KHpqIRc3CztZllFrH/5ly
+al1FqhsNt4DgJwgqz34MMtKFOWw5K9/DPB/Dy0s9BrxkE5B6dxwj5S9RcVMkkkw/
+xVF2qt7ApLcPl84iQtP+Dz+bGWCL7LeeO5JG42Al4M3buO5b+34N4CpRHZh5E6AW
+uRbFuY/RiiqOxG+PQmWRdnEReBf4ORgocr5Kv3PAjp2LUf4aeSBsmml2CV7lgJue
+BOPJuiHL9YTfBchABi1dkMTjXUshtbtxLmBVJmkFsaTsMZsKKKRuIk+O80yYOncd
+uF+vKn1+F1hMV84ejIjLjreq+yTSDvVlmQn5v4jbDLtlpYBFoaMPq1GBqt0ZYSrK
+/sy/sy+jzneESlb520jOtSd2sryXL3jJOxJauZltALmJ5ZqImJ1NXZ8vTTwLmMaA
+DG3PqtZprI8oOj/iPXCcMPXkaLWJ+lVIfIqfxXYSMwj9ZVYoRBaYmym33v7pZtkn
+/8zLXv8J19LSoG+Ykfaf7Sf8fi0FzRmrj7jjXc2Sf5m1PhS2Ss17J8YydXeulKER
+M1TPOcfrkvdHZzt+ECNkqDxbbskaUTm9HdZ5HTdybnLryQalEzR9jzC02QobDOiI
+eQ6j0MjEpK4KQ9HY+deZiFysKQopvBjD7uSoq8gTBtLD4gpYVveD7Y5tlwVknrhl
+iFhdRCAgC6XLE+N7PkQm+nyI9T/IERSP9zDQyTguJKP4sq3Hl6hCkjuuogD6nLmP
+pKL4z+u0pqEakNExFxsDL/hf2G3KnFEJHhtT4/JlxuuJhdKs1uCO7zzWratwbFM1
+EQ9euYxLutt/5sNOaU+uabmk4R4ziRsdFYDOHBQR3IhoUJ9L4UhPvMZTo+ZSHpWC
+ellUk5UspPR3pzcd+lnQQGNTkwzMWayhSFfFJ6sdvfd1TTNflYpFhLHOD+ZSx4go
+/VrkSOkoXZtdr8a6cqOI1wOQIoeYjama4h+R+XW1jrc52GHchhrx7ZPjWGllYN5g
+ypzWl9gFbGGfx1gmIt6OCfCIcGxOMS7o5taCUpjiqU75Ts4Ri+/c6RJcI3CqBBT6
+mJ+nSfTZ7hMTaCmmmkYbvcCcAVZ9W/IxyVMj/p7pI7sH65vz3mNC7E/veF7rlSSZ
+EvgSjv12FgmD5rGtW5b0bbbylOvRygo1BpgCWSp91R22Yw+pjZilSvy0kWEMq2yx
+d6sLdkjZgLtp2NPMCM51OpuO0Hidd7KwdaJoB5rJwGs1+JWKtv/Xr4cSBXzpgDWl
+LxaGwC0KcDVoGRqvJldGuCpdN56yC46njzgZmQBq2QXthrJ1wveMiwpyFd/fu4KJ
+gu+OlNzMvZRz9zJkfHdswnx/P/E+FR/yv+W1ZKKhb6hBHoW7HOuJecjmbZpD562Y
+snzQ+Ehc3H88Mykzcc/iHZabNbP+M2TcPQ5eLvd2oPKsSFZw7EHU1B6XFpzk6r8x
+-----END RSA PRIVATE KEY-----
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/aes.c
----------------------------------------------------------------------
diff --git a/version22/c/aes.c b/version22/c/aes.c
new file mode 100644
index 0000000..f876c51
--- /dev/null
+++ b/version22/c/aes.c
@@ -0,0 +1,702 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+
+/*
+ * Implementation of the NIST Advanced Ecryption Standard
+ *
+ * SU=m, SU is Stack Usage
+ */
+
+#include <stdlib.h>
+#include "arch.h"
+#include "amcl.h"
+
+/* this is fixed */
+#define NB 4
+
+/* Rotates 32-bit word left by 1, 2 or 3 byte */
+
+#define ROTL8(x) (((x)<<8)|((x)>>24))
+#define ROTL16(x) (((x)<<16)|((x)>>16))
+#define ROTL24(x) (((x)<<24)|((x)>>8))
+
+static const uchar InCo[4]= {0xB,0xD,0x9,0xE}; /* Inverse Coefficients */
+
+static const uchar ptab[]=
+{
+ 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
+ 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
+ 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
+ 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
+ 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
+ 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
+ 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
+ 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
+ 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
+ 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
+ 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
+ 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
+ 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
+ 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
+ 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
+ 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
+};
+
+static const uchar ltab[]=
+{
+ 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
+ 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
+ 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
+ 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
+ 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
+ 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
+ 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
+ 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
+ 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
+ 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
+ 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
+ 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
+ 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
+ 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
+ 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
+ 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
+};
+
+static const uchar fbsub[]=
+{
+ 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
+ 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
+ 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
+ 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
+ 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
+ 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
+ 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
+ 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
+ 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
+ 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
+ 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
+ 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
+ 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
+ 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
+ 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
+ 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
+};
+
+static const uchar rbsub[]=
+{
+ 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
+ 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
+ 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
+ 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
+ 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
+ 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
+ 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
+ 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
+ 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
+ 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
+ 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
+ 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
+ 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
+ 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
+ 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
+ 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
+};
+
+static const unsign32 rco[]=
+{1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47};
+
+static const unsign32 ftable[]=
+{
+ 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
+ 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
+ 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
+ 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
+ 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
+ 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
+ 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
+ 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
+ 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
+ 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
+ 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
+ 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
+ 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
+ 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
+ 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
+ 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
+ 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
+ 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
+ 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
+ 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
+ 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
+ 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
+ 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
+ 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
+ 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
+ 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
+ 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
+ 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
+ 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
+ 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
+ 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
+ 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
+ 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
+ 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
+ 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
+ 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
+ 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
+ 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
+ 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
+ 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
+ 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
+ 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
+ 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
+};
+
+static const unsign32 rtable[]=
+{
+ 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
+ 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
+ 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
+ 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
+ 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
+ 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
+ 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
+ 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
+ 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
+ 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
+ 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
+ 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
+ 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
+ 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
+ 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
+ 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
+ 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
+ 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
+ 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
+ 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
+ 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
+ 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
+ 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
+ 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
+ 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
+ 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
+ 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
+ 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
+ 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
+ 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
+ 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
+ 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
+ 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
+ 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
+ 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
+ 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
+ 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
+ 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
+ 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
+ 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
+ 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
+ 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
+ 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
+};
+
+#define MR_TOBYTE(x) ((uchar)((x)))
+
+static unsign32 pack(const uchar *b)
+{
+ /* pack bytes into a 32-bit Word */
+ return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
+}
+
+static void unpack(unsign32 a,uchar *b)
+{
+ /* unpack bytes from a word */
+ b[0]=MR_TOBYTE(a);
+ b[1]=MR_TOBYTE(a>>8);
+ b[2]=MR_TOBYTE(a>>16);
+ b[3]=MR_TOBYTE(a>>24);
+}
+
+/* SU= 8 */
+static uchar bmul(uchar x,uchar y)
+{
+ /* x.y= AntiLog(Log(x) + Log(y)) */
+ if (x && y) return ptab[(ltab[x]+ltab[y])%255];
+ else return 0;
+}
+
+static unsign32 SubByte(unsign32 a)
+{
+ uchar b[4];
+ unpack(a,b);
+ b[0]=fbsub[b[0]];
+ b[1]=fbsub[b[1]];
+ b[2]=fbsub[b[2]];
+ b[3]=fbsub[b[3]];
+ return pack(b);
+}
+
+/* SU= 16 */
+static uchar product(unsign32 x,unsign32 y)
+{
+ /* dot product of two 4-byte arrays */
+ uchar xb[4],yb[4];
+ unpack(x,xb);
+ unpack(y,yb);
+ return bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]);
+}
+
+static unsign32 InvMixCol(unsign32 x)
+{
+ /* matrix Multiplication */
+ unsign32 y,m;
+ uchar b[4];
+
+ m=pack(InCo);
+ b[3]=product(m,x);
+ m=ROTL24(m);
+ b[2]=product(m,x);
+ m=ROTL24(m);
+ b[1]=product(m,x);
+ m=ROTL24(m);
+ b[0]=product(m,x);
+ y=pack(b);
+ return y;
+}
+
+/* SU= 8 */
+/* reset cipher */
+void AES_reset(amcl_aes *a,int mode,char *iv)
+{
+ /* reset mode, or reset iv */
+ int i;
+ a->mode=mode;
+ for (i=0; i<4*NB; i++)
+ a->f[i]=0;
+ if (mode!=ECB && iv!=NULL)
+ {
+ for (i=0; i<4*NB; i++)
+ a->f[i]=iv[i];
+ }
+}
+
+void AES_getreg(amcl_aes *a,char *ir)
+{
+ int i;
+ for (i=0; i<4*NB; i++) ir[i]=a->f[i];
+}
+
+/* SU= 72 */
+/* Initialise cipher */
+int AES_init(amcl_aes* a,int mode,int nk,char *key,char *iv)
+{
+ /* Key length Nk=16, 24 or 32 bytes */
+ /* Key Scheduler. Create expanded encryption key */
+ int i,j,k,N,nr;
+ unsign32 CipherKey[8];
+
+ nk/=4;
+
+ if (nk!=4 && nk!=6 && nk!=8) return 0;
+
+ nr=6+nk;
+
+ a->Nk=nk;
+ a->Nr=nr;
+
+ AES_reset(a,mode,iv);
+
+ N=NB*(nr+1);
+
+ for (i=j=0; i<nk; i++,j+=4)
+ {
+ CipherKey[i]=pack((uchar *)&key[j]);
+ }
+ for (i=0; i<nk; i++) a->fkey[i]=CipherKey[i];
+ for (j=nk,k=0; j<N; j+=nk,k++)
+ {
+ a->fkey[j]=a->fkey[j-nk]^SubByte(ROTL24(a->fkey[j-1]))^rco[k];
+ if (nk<=6)
+ {
+ for (i=1; i<nk && (i+j)<N; i++)
+ a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
+ }
+ else
+ {
+ for (i=1; i<4 && (i+j)<N; i++)
+ a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
+ if ((j+4)<N) a->fkey[j+4]=a->fkey[j+4-nk]^SubByte(a->fkey[j+3]);
+ for (i=5; i<nk && (i+j)<N; i++)
+ a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
+ }
+
+ }
+ /* now for the expanded decrypt key in reverse order */
+
+ for (j=0; j<NB; j++) a->rkey[j+N-NB]=a->fkey[j];
+ for (i=NB; i<N-NB; i+=NB)
+ {
+ k=N-NB-i;
+ for (j=0; j<NB; j++) a->rkey[k+j]=InvMixCol(a->fkey[i+j]);
+ }
+ for (j=N-NB; j<N; j++) a->rkey[j-N+NB]=a->fkey[j];
+ return 1;
+}
+
+/* SU= 80 */
+/* Encrypt a single block */
+void AES_ecb_encrypt(amcl_aes *a,uchar *buff)
+{
+ int i,j,k;
+ unsign32 p[4],q[4],*x,*y,*t;
+
+ for (i=j=0; i<NB; i++,j+=4)
+ {
+ p[i]=pack((uchar *)&buff[j]);
+ p[i]^=a->fkey[i];
+ }
+
+ k=NB;
+ x=p;
+ y=q;
+
+ /* State alternates between x and y */
+ for (i=1; i<a->Nr; i++)
+ {
+
+ y[0]=a->fkey[k]^ftable[MR_TOBYTE(x[0])]^
+ ROTL8(ftable[MR_TOBYTE(x[1]>>8)])^
+ ROTL16(ftable[MR_TOBYTE(x[2]>>16)])^
+ ROTL24(ftable[x[3]>>24]);
+ y[1]=a->fkey[k+1]^ftable[MR_TOBYTE(x[1])]^
+ ROTL8(ftable[MR_TOBYTE(x[2]>>8)])^
+ ROTL16(ftable[MR_TOBYTE(x[3]>>16)])^
+ ROTL24(ftable[x[0]>>24]);
+ y[2]=a->fkey[k+2]^ftable[MR_TOBYTE(x[2])]^
+ ROTL8(ftable[MR_TOBYTE(x[3]>>8)])^
+ ROTL16(ftable[MR_TOBYTE(x[0]>>16)])^
+ ROTL24(ftable[x[1]>>24]);
+ y[3]=a->fkey[k+3]^ftable[MR_TOBYTE(x[3])]^
+ ROTL8(ftable[MR_TOBYTE(x[0]>>8)])^
+ ROTL16(ftable[MR_TOBYTE(x[1]>>16)])^
+ ROTL24(ftable[x[2]>>24]);
+
+ k+=4;
+ t=x;
+ x=y;
+ y=t; /* swap pointers */
+ }
+
+ /* Last Round */
+
+ y[0]=a->fkey[k]^(unsign32)fbsub[MR_TOBYTE(x[0])]^
+ ROTL8((unsign32)fbsub[MR_TOBYTE(x[1]>>8)])^
+ ROTL16((unsign32)fbsub[MR_TOBYTE(x[2]>>16)])^
+ ROTL24((unsign32)fbsub[x[3]>>24]);
+ y[1]=a->fkey[k+1]^(unsign32)fbsub[MR_TOBYTE(x[1])]^
+ ROTL8((unsign32)fbsub[MR_TOBYTE(x[2]>>8)])^
+ ROTL16((unsign32)fbsub[MR_TOBYTE(x[3]>>16)])^
+ ROTL24((unsign32)fbsub[x[0]>>24]);
+ y[2]=a->fkey[k+2]^(unsign32)fbsub[MR_TOBYTE(x[2])]^
+ ROTL8((unsign32)fbsub[MR_TOBYTE(x[3]>>8)])^
+ ROTL16((unsign32)fbsub[MR_TOBYTE(x[0]>>16)])^
+ ROTL24((unsign32)fbsub[x[1]>>24]);
+ y[3]=a->fkey[k+3]^(unsign32)fbsub[MR_TOBYTE(x[3])]^
+ ROTL8((unsign32)fbsub[MR_TOBYTE(x[0]>>8)])^
+ ROTL16((unsign32)fbsub[MR_TOBYTE(x[1]>>16)])^
+ ROTL24((unsign32)fbsub[x[2]>>24]);
+
+ for (i=j=0; i<NB; i++,j+=4)
+ {
+ unpack(y[i],(uchar *)&buff[j]);
+ x[i]=y[i]=0; /* clean up stack */
+ }
+}
+
+/* SU= 80 */
+/* Decrypt a single block */
+void AES_ecb_decrypt(amcl_aes *a,uchar *buff)
+{
+ int i,j,k;
+ unsign32 p[4],q[4],*x,*y,*t;
+
+ for (i=j=0; i<NB; i++,j+=4)
+ {
+ p[i]=pack((uchar *)&buff[j]);
+ p[i]^=a->rkey[i];
+ }
+
+ k=NB;
+ x=p;
+ y=q;
+
+ /* State alternates between x and y */
+ for (i=1; i<a->Nr; i++)
+ {
+ /* Nr is number of rounds. May be odd. */
+
+ y[0]=a->rkey[k]^rtable[MR_TOBYTE(x[0])]^
+ ROTL8(rtable[MR_TOBYTE(x[3]>>8)])^
+ ROTL16(rtable[MR_TOBYTE(x[2]>>16)])^
+ ROTL24(rtable[x[1]>>24]);
+ y[1]=a->rkey[k+1]^rtable[MR_TOBYTE(x[1])]^
+ ROTL8(rtable[MR_TOBYTE(x[0]>>8)])^
+ ROTL16(rtable[MR_TOBYTE(x[3]>>16)])^
+ ROTL24(rtable[x[2]>>24]);
+ y[2]=a->rkey[k+2]^rtable[MR_TOBYTE(x[2])]^
+ ROTL8(rtable[MR_TOBYTE(x[1]>>8)])^
+ ROTL16(rtable[MR_TOBYTE(x[0]>>16)])^
+ ROTL24(rtable[x[3]>>24]);
+ y[3]=a->rkey[k+3]^rtable[MR_TOBYTE(x[3])]^
+ ROTL8(rtable[MR_TOBYTE(x[2]>>8)])^
+ ROTL16(rtable[MR_TOBYTE(x[1]>>16)])^
+ ROTL24(rtable[x[0]>>24]);
+
+ k+=4;
+ t=x;
+ x=y;
+ y=t; /* swap pointers */
+ }
+
+
+ /* Last Round */
+ y[0]=a->rkey[k]^(unsign32)rbsub[MR_TOBYTE(x[0])]^
+ ROTL8((unsign32)rbsub[MR_TOBYTE(x[3]>>8)])^
+ ROTL16((unsign32)rbsub[MR_TOBYTE(x[2]>>16)])^
+ ROTL24((unsign32)rbsub[x[1]>>24]);
+ y[1]=a->rkey[k+1]^(unsign32)rbsub[MR_TOBYTE(x[1])]^
+ ROTL8((unsign32)rbsub[MR_TOBYTE(x[0]>>8)])^
+ ROTL16((unsign32)rbsub[MR_TOBYTE(x[3]>>16)])^
+ ROTL24((unsign32)rbsub[x[2]>>24]);
+ y[2]=a->rkey[k+2]^(unsign32)rbsub[MR_TOBYTE(x[2])]^
+ ROTL8((unsign32)rbsub[MR_TOBYTE(x[1]>>8)])^
+ ROTL16((unsign32)rbsub[MR_TOBYTE(x[0]>>16)])^
+ ROTL24((unsign32)rbsub[x[3]>>24]);
+ y[3]=a->rkey[k+3]^(unsign32)rbsub[MR_TOBYTE(x[3])]^
+ ROTL8((unsign32)rbsub[MR_TOBYTE(x[2]>>8)])^
+ ROTL16((unsign32)rbsub[MR_TOBYTE(x[1]>>16)])^
+ ROTL24((unsign32)rbsub[x[0]>>24]);
+
+ for (i=j=0; i<NB; i++,j+=4)
+ {
+ unpack(y[i],(uchar *)&buff[j]);
+ x[i]=y[i]=0; /* clean up stack */
+ }
+
+}
+
+/* simple default increment function */
+static void increment(char *f)
+{
+ int i;
+ for (i=0; i<16; i++)
+ {
+ f[i]++;
+ if (f[i]!=0) break;
+ }
+}
+
+/* SU= 40 */
+/* Encrypt using selected mode of operation */
+unsign32 AES_encrypt(amcl_aes* a,char *buff)
+{
+ int j,bytes;
+ char st[16];
+ unsign32 fell_off;
+
+ /* Supported Modes of Operation */
+
+ fell_off=0;
+ switch (a->mode)
+ {
+ case ECB:
+ AES_ecb_encrypt(a,(uchar *)buff);
+ return 0;
+ case CBC:
+ for (j=0; j<4*NB; j++) buff[j]^=a->f[j];
+ AES_ecb_encrypt(a,(uchar *)buff);
+ for (j=0; j<4*NB; j++) a->f[j]=buff[j];
+ return 0;
+
+ case CFB1:
+ case CFB2:
+ case CFB4:
+ bytes=a->mode-CFB1+1;
+ for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
+ for (j=0; j<4*NB; j++) st[j]=a->f[j];
+ for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
+ AES_ecb_encrypt(a,(uchar *)st);
+ for (j=0; j<bytes; j++)
+ {
+ buff[j]^=st[j];
+ a->f[16-bytes+j]=buff[j];
+ }
+ return fell_off;
+
+ case OFB1:
+ case OFB2:
+ case OFB4:
+ case OFB8:
+ case OFB16:
+
+ bytes=a->mode-OFB1+1;
+ AES_ecb_encrypt(a,(uchar *)(a->f));
+ for (j=0; j<bytes; j++) buff[j]^=a->f[j];
+ return 0;
+
+ case CTR1:
+ case CTR2:
+ case CTR4:
+ case CTR8:
+ case CTR16:
+
+ bytes=a->mode-CTR1+1;
+ for (j=0; j<4*NB; j++) st[j]=a->f[j];
+ AES_ecb_encrypt(a,(uchar *)st);
+ for (j=0; j<bytes; j++) buff[j]^=st[j];
+ increment(a->f);
+
+ default:
+ return 0;
+ }
+}
+
+/* SU= 40 */
+/* Decrypt using selected mode of operation */
+unsign32 AES_decrypt(amcl_aes *a,char *buff)
+{
+ int j,bytes;
+ char st[16];
+ unsign32 fell_off;
+
+ /* Supported modes of operation */
+ fell_off=0;
+ switch (a->mode)
+ {
+ case ECB:
+ AES_ecb_decrypt(a,(uchar *)buff);
+ return 0;
+ case CBC:
+ for (j=0; j<4*NB; j++)
+ {
+ st[j]=a->f[j];
+ a->f[j]=buff[j];
+ }
+ AES_ecb_decrypt(a,(uchar *)buff);
+ for (j=0; j<4*NB; j++)
+ {
+ buff[j]^=st[j];
+ st[j]=0;
+ }
+ return 0;
+ case CFB1:
+ case CFB2:
+ case CFB4:
+ bytes=a->mode-CFB1+1;
+ for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
+ for (j=0; j<4*NB; j++) st[j]=a->f[j];
+ for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
+ AES_ecb_encrypt(a,(uchar *)st);
+ for (j=0; j<bytes; j++)
+ {
+ a->f[16-bytes+j]=buff[j];
+ buff[j]^=st[j];
+ }
+ return fell_off;
+ case OFB1:
+ case OFB2:
+ case OFB4:
+ case OFB8:
+ case OFB16:
+ bytes=a->mode-OFB1+1;
+ AES_ecb_encrypt(a,(uchar *)(a->f));
+ for (j=0; j<bytes; j++) buff[j]^=a->f[j];
+ return 0;
+
+ case CTR1:
+ case CTR2:
+ case CTR4:
+ case CTR8:
+ case CTR16:
+
+ bytes=a->mode-CTR1+1;
+ for (j=0; j<4*NB; j++) st[j]=a->f[j];
+ AES_ecb_encrypt(a,(uchar *)st);
+ for (j=0; j<bytes; j++) buff[j]^=st[j];
+ increment(a->f);
+
+ default:
+ return 0;
+ }
+}
+
+/* Clean up and delete left-overs */
+void AES_end(amcl_aes *a)
+{
+ /* clean up */
+ int i;
+ for (i=0; i<NB*(a->Nr+1); i++)
+ a->fkey[i]=a->rkey[i]=0;
+ for (i=0; i<4*NB; i++)
+ a->f[i]=0;
+}
+
+
+/*
+#include <stdio.h>
+
+#define KK 32
+
+int main()
+{
+ int i;
+ amcl_aes a;
+ unsign32 t;
+ uchar x,y;
+
+ char key[KK];
+ char block[16];
+ char iv[16];
+ for (i=0;i<KK;i++) key[i]=5;
+ key[0]=1;
+ for (i=0;i<16;i++) iv[i]=i;
+ for (i=0;i<16;i++) block[i]=i;
+
+ AES_init(&a,CTR16,KK,key,iv);
+
+ printf("Plain= ");
+ for (i=0;i<16;i++) printf("%02x",block[i]);
+ printf("\n");
+ AES_encrypt(&a,block);
+ printf("Encrypt= ");
+ for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
+ printf("\n");
+ AES_reset(&a,CTR16,iv);
+ AES_decrypt(&a,block);
+ printf("Decrypt= ");
+ for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
+ printf("\n");
+
+ AES_end(&a);
+
+ return 0;
+}
+
+*/
+
[18/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/BNCXOnePass.json
----------------------------------------------------------------------
diff --git a/js/tests/BNCXOnePass.json b/js/tests/BNCXOnePass.json
deleted file mode 100644
index 4556b1c..0000000
--- a/js/tests/BNCXOnePass.json
+++ /dev/null
@@ -1 +0,0 @@
-[{"TimeValue": 1437055594, "SS1": "082fc0a0f340a1d18b51be28d0fc1c14210361ee9cd89e33bbfbaceaf91b0ef90d00773c9450f6db74a254f4bdcdb0bd501a30de15975b47c82e284d5bd42f1c23e5780693e63da58f50535b2c012f89392df1ed33b476e0b516e78489726edb0002284e932e4a13a0e6e838be28ab8973a5fa9a60760e5682a0d29a8b5dc6cf", "SS2": "2387f35da03b890e44669846486d5d55abb85eb13f6f2929a5f4d65d1953cb670b8eca87941c87a1bc9965b71b023a6bcc5af324c0824789c8b9b45ec38fda1604257638e754f2b7b6ca3b62e6b3478ac5dfc8854aed61366a52febbf4ec475a06ebc4c6b7fb6ef3d180cb8e11d2fde98af8ecec3b35eacb111b594a2cc66d59", "DATE": 16632, "PIN2": 4116, "PIN1": 4116, "SERVER_SECRET": "22a04aa155b9f4e5d5f401cf4a9853a48ebb338703713f8267ce752cfe7f3576209066e00046a2b55c341e2c54420cb57d33cff5e0b5a5ebf924be1210b6a1c808aacef1a6650b76ca10e3cfe7e36c2cdd095c908485da362bb0e82ca4215ca0039fe6f40de85ae2ac6748fe4146b3bedac423bdbfbbc8c496aed0c9fc48e713", "SEC": "0416cc105db6b649eeab5c55d900a7a4e7335b17b20a8ee2421aaaa00a572fa767072fab0d6a85b789bbe9ae2d53508ebb6c63611555
926ebc7b63c074ceec5194", "TP2": "0423acc4d0fb3efe6c9083ee97fba7a28999f05b34988117615df402149cb20ea6078794313732ffd3d51b47e7b5f379f493226f643ea3a25d348fae094686e73a", "TP1": "0401404487efc64b49afad56d6ee7eaaf7990baffddcae300c6a0e93d3503175480858bb4d61bf5382598385a4f586b23490b2813ce8e5ab91dd7e44422b72adc3", "CS1": "041b0e0217960c6e3f764e2893ddd54e3f9742964bfb2ae0499a642500dad1101016980875b2b430c432de5201edd774b488800734da6801c9cdedab447bbe3bec", "CS2": "041c110579293baef562105420c760f4a27d85f5890c31483d7e792d4c6ad3b9c405b67d59b286a8645b5695b5d60683e5d2b315fba27b943ee4186f94935bfa17", "HASH_MPIN_ID_HEX": "b9b3d46398bf50c2f8fb451784aa2128de642cec70115b8a31d5e88a388cba4b", "TIME_PERMIT": "0414753542c15d5efcab38b4274252da121be0bc5da5e3f333d86a0a2d5002ce790051ecdbf492b8c5dc6aacd105d173e3e1473fd078cac83233ef01c361c0a5bb", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223164363764313438616266363765623934346
133393566623434326138623366406365727469766f782e636f6d222c202273616c74223a20226137366465353036623735653539396664316462626363643061376666643035227d", "TOKEN": "041520a19f8a2d6c43a20443572ef2805f0cf21887c7f076b3f503e6ffc09cb21a09b0c5301d32c8726d9f739c358ae5d7dfb3f00b8a8cb4fee84942049d148963", "U": "041ad4e457fb582e4f6cadc63ec7f11ebd4a46e0a9fc695727bbc93de98414e928068540af45c968ec0601a85eb7c0f25ed5d52385558b6052a2fba0bd1f7edbaa", "SERVER_OUTPUT": 0, "Y": "2199a789cdced7bbebb55761cfb254c1979ce5e42fbae192cb2a8eb37899a2e8", "X": "206e3b2c3d64b357970320cead5aafe304c10b8739ad3804fe050c41bfc2c7ab", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"1d67d148abf67eb944a395fb442a8b3f@certivox.com\", \"salt\": \"a76de506b75e599fd1dbbccd0a7ffd05\"}", "test_no": 0, "UT": "0419ecac47fcd2423252a449ccf49d1b255a150dd9db44ff42ef592510f2d898f5135d587204a8ec7eb49097ada47a2b1ee3d9d004521dff2f009443c6a841a680", "MS2": "17aabd87aedf8cc74004624696c4b9474cd4d0f8003718e3ed09b61cd75c
9573", "MS1": "1aa7e48ba225ddb8d714ed9e8d9a1cba19d3d095d7f2ed05e6eed04e4ada9137", "CLIENT_SECRET": "0419b4248967e478922fbb00f66b32a48dc9ce45f2bd3755eac7a03e5b7ce1a5ef06e35f21137b719f3734c193910c8285633cc564e64e84e2606696ed3ed19a2d"}, {"TimeValue": 1437055594, "SS1": "1f0a6786b8453e8bde8df371da4440068931c4bf5c9d7be2e5d09ba7c7ef534e22669c9d3500ee41c7b92c0aa938cead8e467d317e4b27c9cd874c2ed9f58653075b5c163df3b20799ef8a2791eb6d828112ff260feb0fc39dbd0b711ae41ae40f1b689524ddc805cda3b95ee56de97e9d71941fd44da0b3f8993903e56e90a4", "SS2": "1720ca642eb9d2d00fa7c83bb49173015c6ae7c0b5efd879794862da852dd5900924b2daa97a89327f64502fd5427ca1ea41b5e5f44cfb054bfad11239f50f4314ddd241a76b2e6aab9900cf25e2b32bb0bc01e22eaacc496cea8ae7b25c8b7a14359713e43ad650d3b3766af31c1c2dc147d384b8c814a0345ff2695e992d4d", "DATE": 16632, "PIN2": 1535, "PIN1": 1535, "SERVER_SECRET": "1e9be19b9e35406176962ec8bc6e3139573c535579d172e5091ebb5809f9f76f03f4255d2ad17cc3ca16f027fbb89d1166d2ee1987a01e13411955e1237771a70f5cd77a058033
890c454c4070f6008c21d637e994531e49161f5b11affcd50716b8f64f0e973f3a1a1491530c33cfb293df5d515d3406badc6cd922160c323a", "SEC": "040fd26f248ead0e35d09fe1c0fdcc7200de11633457d57dd0fbc4c8ddef7c173822d043acdbd252acc52c6b2823a382e0b96c3ba8493ffab4a871b98a0e0838a2", "TP2": "0416f543e42cb00afc875922ae6780cae35b9cf044fe16538bf294785501ddb2b3090e4327d1076d233d6006d39b63a4c8e72c7316613b7d5297537ff103a3ce6f", "TP1": "0407a3c2ceedb560cdeee862a86ce2783d4a0bf4bdf21a37b1de547bddf2cd213714551f555e01a388f4c2a2df07e0f1a53c41f1c096a0c830d50e2a0e4be2c857", "CS1": "0404891dfcd821f15298c948787fc6e94df28140134e9accb92aac9a07de99dbec166aadc9dac65e70f185950e975f7240c1dfd3865d256e5b0806215e13ee95c3", "CS2": "0403bc5f0a236271731e15554d3745498a6abb08a42bf0cf9fa844da1da2788267230eb2bb290c62e5c2ce533f930cccdd1baaa67da6ea5e729bfecce1f8b6d02c", "HASH_MPIN_ID_HEX": "6d3f66cea2c2765cdfea261c240b5fc80c39a4f784d8e35d757e2c2ccea4fb98", "TIME_PERMIT": "041756a2484f5a4c5e07915312580e638b89e83daa2b562b96cbab1872e396d4cd016eb
2bb4206260e1764311914b161f6b61c5c115a171b556d8cf2c3cbdd114b", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223030666162643461613133643966333161323063363662343665343336626165406365727469766f782e636f6d222c202273616c74223a20223362636264653031623164336334333031363766346437613930623235613561227d", "TOKEN": "0418ba15d2768f38cf0bb1cd4dae432ef784f023f36f4ade3f490d2474cd003df400d491f3e313b4dc68d8773351a38b228a4ef298a42c76c6e629f5739fe00596", "U": "041f0ba9c7aaf9555de4eebcb016e597a75b9dbdbafb9a555565fa3ccb6f8cfec311919858f4586cde88292081617320472fde1f15ae3e29f86cc8c3efb35c5ac4", "SERVER_OUTPUT": 0, "Y": "0b2a71dfa1d0672d86647e29a21d99f9d13d8d6f9f29546c495322f0f13acd81", "X": "097cbbc27ed253d20851d132e7ef3cb223ebc2d42a7d767b765d0ef1f4201cf1", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"00fabd4aa13d9f31a20c66b46e436bae@certivox.com\", \"salt\": \"3bcbde01b1d3c430167f4d7a90b
25a5a\"}", "test_no": 1, "UT": "0406835bc8f692fb8d38e830625583fdc20c910973850a21d5be88d7c34277833b1e21ddfc587ee8d48a4c22723aefa11634aea4bced306ce0a80fef945519fbba", "MS2": "0bd0f9fc9d4c748b7b6da167269a64c3e48642a55176ff791d0343b4306b5cd3", "MS1": "0c7deb224423caf8a06965f2b9246bac63b186c6ec05a028dc6d449e6629f30e", "CLIENT_SECRET": "0402cf0505c978790bf5bc58c924951fcb49a3dc318527c91a4546fc53d5292ac21901d96353861029fa8da9dbd0dbc17e614a5485cc21e3fa71e2360838ee49a7"}, {"TimeValue": 1437055594, "SS1": "11d662c00d0d3f881404d2acfae22db878562936d941a374b54ea509605895e52317a9b55f74077365cf35e4cb543199c00b96437f610544c9c7dd88be2e89ac238b5b4c798fdc4164cdc1b3299178d0859455df40136d484da12517c858f1ac127f812070e326f34837d41d6fb13209ab2604e1365abb267073e5179e43ec40", "SS2": "13eb1f135f668afcc19c6fa675472452d5567fced6da896bf01d3365dbc097f400b3294d460fe49828f1a0377d2876c203ae5515e4d0aed54040b7150f8fe8860649a6f93a270aa7eeedc28777198f920270d74eecad990af949615d60b205fd21b819915ed7fcf77a15e390c4d7d8dccaf18
fef2722c1b301995793d0ca8d02", "DATE": 16632, "PIN2": 843, "PIN1": 843, "SERVER_SECRET": "15061b323c65444caca65753324d843014fdadbdf9958ddf516679febb4f973e0eb5d3608dc32d0ed47ddf5c379bc2b724f0358ab8b968521d42ef1c22fc1a520a4e071d2bcb8240d63e3dd2d34646a3934336d126df77d344ac98004eb730a7036176b16db2c0bbd915ff95498ad0a1c98657ba41dfd2744be6942056f31e77", "SEC": "0400120e0d896c0fc3df240c1d87f9ce58b725ee008145f77f0f767fb836d7e3fa1125b87151e9b389255f4a1b85f32ac0ae3c62cb037f6f39fd4dbc8048380384", "TP2": "04237695dd784b268c7a03f11ada42ae65b200630f285876a0812df0f379d9f72b0cd5b68cc0abe0c20e2cbf2359a1a743cff27c79c0c655fd7f95d2820d759558", "TP1": "0407e04b24e6be31a1885f93424401b6a84614feec9dec0fc2ca28cfa962df7eb006a602e3a47b186fbfdde53e98fdd98c785d62a04e8e88dede489bb39ecaab83", "CS1": "04234a4d815221d901b0a37962bfba9bfed0658c55dd115387b1897bbbf63bd7bd17eab98d290564db64e3aa03b542c321760cb3354521ac991f1a24794505159c", "CS2": "041474f00ab39e397b3e7741a3beaa847ef604f819c481e04aee35e629924e008d1d5fd69687c
be1753a774ad27f206dda796064b42a36dabfb4aa4fa04dd3e85a", "HASH_MPIN_ID_HEX": "9b1969fb7539865c49463006891bd589b2bfec0afd10676df6fa942ad115222c", "TIME_PERMIT": "040979b536bd351f19c6feda495cce4705ffa80df29de789c37c9168887041e58e208cb5cd538ad4a1ab6a598112f7cc758159d165742697287a0c01ea216f4312", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223436343637353838323234313132336565383137386238373439306639653637406365727469766f782e636f6d222c202273616c74223a20226532383537656137326433373861383061323435653165626531363162343561227d", "TOKEN": "04178da1177afd7bc7787e77749b85714d60424319395c86b96d49b2fb02a4bba60702c87904b0aa6fc678d7dd7223deebac03674ca5367d2cfdd32b554f2af0dc", "U": "0405210ebf2e6f2ed2d4ab9f513d4dd154f93a2649ecbb591dd749b64220b6ed100387b9408a9abe4e7423b440b252447cf9d92bd04cec5288e894979807822f28", "SERVER_OUTPUT": 0, "Y": "141552e7c7d7f6e8e010326b047cdc37dafb5b1a89e20e1d069153571fa7c995", "X": "0a4e
225eb772d11ff7453f98fadcedb69e458c66cdce08cb14ee5588edf757c3", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"464675882241123ee8178b87490f9e67@certivox.com\", \"salt\": \"e2857ea72d378a80a245e1ebe161b45a\"}", "test_no": 2, "UT": "0417f25cacc62825b2ab114d689ab3d5b358c107b920f9405707d7f1a30025241f1c6055dc48c435048e868787bfcb6a4df000d94baf0764e0c4c60a76192b04ad", "MS2": "16bcff53023fc06ab79929a6a6e2ebb780c046868abcff7f17610a6b00ec124d", "MS1": "1066cb3cf8ceb0e0f71e369ba741f80e731b53207b1ce2dd2d3e8a6400bb4edd", "CLIENT_SECRET": "040edb7613c00cc632523466e9582afab0fba870c22793ebc47ec8d37ecbc538da03158232ad98096b902b2ca063da3b582f0b84d06d2afe1eecc2083dc18a55ef"}, {"TimeValue": 1437055594, "SS1": "096184dad48551fc6be718d6ac6cff22b2648c8647bf3e98d57d6b9bd63125751dc9a73d7690d0bf2e7fd158e7dc950ac24c08fc9cedd3cf24a56914037ade1819d97ff25c8461b13ede554e780a15c897a841fd15c49b4fcec3bdeedeb5bb92185d89f0ec9ae915000869f7c9f6aa689bc1dc14949acbae73c73f8daeac3ede", "SS2":
"0397ff8864a8a437731f3f70bd2fe73eee5446a626922522691dfe4b8881bacb1e51acdd8ddc023be9f55fd8ed84f17e2d1cbfdc40806b36665ce8819037bd3a2307a22a575c96995011597414e99f3b6c54c7f92650190be2ea70371623fc401b5867fc94fba21916877f5b1611b6ac9cb62a5a223433d58be4c7c88eb1dd74", "DATE": 16632, "PIN2": 7972, "PIN1": 7972, "SERVER_SECRET": "07ecd98bb128b1929360e10fb988bcc4835f2805cf044e4651eb31b0740c9b2522a7f9a2b1e657b94338f52a6c3ae3fa82dd81449c34a2e5711f97885a0337430a171da6d485afbec18b3e3bc9edfb06db32ff83cf53062da9aec4e437bfc04b19765945045a7f6c9328864c67420a83b56730653ae3fa3660e0a9c07fdc05cb", "SEC": "041ff80c769451bf49ebf438834f3881834095a1e6530476eaef9838546a688b4c1826f5dd251bfcf4121bc10ce15ddaf5ac131dff57d09e697afe1f63dc8f234f", "TP2": "0404dd64f2e493cb2dd84094aa0718c4ef7a246d5655352dfe6bd1911466bf35fe1775e0708bb99717b784ca159298f7d69c3c1af4c5f978e8327308fce4023af0", "TP1": "040ef12020fbbd48cf4a6d044bc4cf0b5e5df1e5afacaf4d4ab97fb0e1110ccb521d5c6c2e33712b15df50a69517dbf6531cbb8582ac2cd83cdb442bdd4966
16c1", "CS1": "0407ec4413c24e35ff0be16a0a555278bd57e0815f351b9d8217cfae896c4f066e18a2b4774ddf99f1cea6b16961abb2a41b306c031dd6736a08df12734ff1dd38", "CS2": "0413b3a31e3bb327d001f5fb4b9a10333cf1f3c2a0676e9f41b78329e34153d0631fb07d132ad8359ef92035ceb43594fcf7c0c5d70bf99b1271fd70c5bcc03d33", "HASH_MPIN_ID_HEX": "723060d6d62776526a40cdcb0234a8ea0b447f54ee16c1bdee7a97f85359cd43", "TIME_PERMIT": "040f7b4da94cc4af4051863a4a27b0c90e09df6d455a25038e011607b7a88a95c904d57bea35811bf625facb56ee00e720fe8d5698dba0567c7a2bfe1e89187abb", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223464383335663032663136356436646263643062343339306633343937343930406365727469766f782e636f6d222c202273616c74223a20223066613432636461663133353033396434623335396632383038373934656239227d", "TOKEN": "041aea90e77d809204fc186e391181bee0f87e7a62f967555e0b6c8ec9cf3dac30004f6803588943907ef5ec93c07f1828aaa01453fa364f5a8b1d19f82f08321f", "U": "041
ed3f1bac02f8bb2656b014ab5d798da097cea6a6a724b8774cfda0e3f49f5441aeaed71b3eb3d968b7e8f526de58b6eafa51f023a49016c0c706ebd3f537d50", "SERVER_OUTPUT": 0, "Y": "200bd00a38aa3f27fc7a67b344089863ae33ca25d61987f57621ba409139f9b2", "X": "18216cfe7274c2f260dde0d658566844d6feaf9bfb6455607f31b0d7d7defbfc", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"4d835f02f165d6dbcd0b4390f3497490@certivox.com\", \"salt\": \"0fa42cdaf135039d4b359f2808794eb9\"}", "test_no": 3, "UT": "0419a60643e9d6e8fac87b6b1c6dbd2a2d17b715b098c4a4e362770dc2374fa38c17bdb659f6619b5ececc1a2634da44177df04c695e20ecb11c56c8859e2f1d1d", "MS2": "0bd581f3df3e1d4165ff9abb2609e7b235a2a7b3a871e4ad3d25a1ccd987d51b", "MS1": "22879582bf9698f145408977f6537092b299dfc8a9dc416370b3e27e7051816b", "CLIENT_SECRET": "040645f40aed8439c91174c7af6607927865d72bbe6594a04b5e5edd6e0393abb91ad240f06e2742ec5bef19c2f142435ac57dca003f8646211a80fb639720756f"}, {"TimeValue": 1437055594, "SS1": "0e8146d948b9d70b5572ad07aa8f51dc
5d39d85679035ad20cb80cfaaac6ab4b040cb9baac13691e406dc1c321b354bf2c1d42fbe305715e54fa0e1e672b503f14b291275f8773416ea3337ef0b8a08e2f7f688d6a249d215715d7868496990d0866967bb777a97f1f9ea4e7d4f6c1f02f440d2916f78783f6ff51ceace6eaae", "SS2": "1b7fd428ac1b04f55da8832dab02996da7f43afc2947ea7131ff1a2911039fb805267daa99479588aebfe4973c1176f00c55a9c95c4387be2744f1e3e525ef78213d5b5ae859fc6a80963628e20f150f5a775a64e90880c89928b47ecaf067450986f5e2cdb1d7256dbc67f53bef50d1d5c03410589061adebd34595aa4f65a3", "DATE": 16632, "PIN2": 2095, "PIN1": 2095, "SERVER_SECRET": "21b7b1cd48fc25ec6ff595fba12da288a05018fe6bb029b7246509f8da4b777a1e85967ebf2d094cc682dd0528db93445f18f0152a3f4a8c0179dbb46deded0f1cad8fcbd074489bacf272168b5321e4a194682da5dd454e23ed64b37d237f2704f1dfb4e183c04f8b0afa3fbe35a4c629b62539c1dd92911d7fabc30505aa6c", "SEC": "041f7e3b61ea5cd8708f8ad231319f0917c68d313955fd7848e6752334b51dd6511c3d2e23f208ea0241bb3f1817b6d5b645b45ebe6b88e9b122b68cc439bb418e", "TP2": "04006fffdaf9375cd9b278d29c9c0abf39
bf0c4a0effb1972bc7721e4977afcf461eeb095e7e3ae1597f51a39543af218af70f506387eb462360379d0cd2848904", "TP1": "04110f5163c1b7702ec14cf785f76aebdfa033a679a26dd0144977724d1c74d8f709780815f04f1d684b53c349e5bd89760352bb9b99a9343976314ca127c1a50a", "CS1": "0402d4c9a2bb32e0b79af40e704d4c2308564bcdf1fcb0a413aef5384966cef45d03b94909206a7b77c8ebe9933e180960dfb0c35925da3be774a08576e8c1d672", "CS2": "040946615a7ca6415e12272626a969352c14f9b27c89ff5c676fadeab625173adf0e7f66fb774c4326b2e9f91696a4e5dabe0aa9f472dccde05b316497fe6951be", "HASH_MPIN_ID_HEX": "d18f4c069b67ef01c59ab00ea108d313357a83a6c7c24245a43203d87189bff1", "TIME_PERMIT": "042105ee8fcf28921e3064bfe42b67742a656f29038cb1e848e077df11dbbb2e671df987b6399e75bad05e28127cadcdf9c0c8731569292407afcfd3d2c17ff947", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226262363164616262656262346635353761353635623965383239663762613638406365727469766f782e636f6d222c202273616c
74223a20226135316234333239623639633661333739346137376330316630653966643539227d", "TOKEN": "040490b0c665b0fffb5f0deb68b353d527b22553f78ed2b411347f5746b95a437d171cbc02a442ca4ad04a967439f2b68428347d3711820b1a0d6a1bfe63baf1c6", "U": "040b770249bf14a784abb093b016aada2d51fc19fc24e2ebe81b26d387c39d5b1e0a8100b1637afc48f9e652983037a85eab3d7d1521d2fb1ca704d5336ea7b6b9", "SERVER_OUTPUT": 0, "Y": "0657e0e6c275fa357de7efd9da1b0d514a70bb5f433c3202bcf0eaee9efb3800", "X": "046609f66f3a0ed3731b585178396e3223485273fc86896ca4f211010f80c3d1", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"bb61dabbebb4f557a565b9e829f7ba68@certivox.com\", \"salt\": \"a51b4329b69c6a3794a77c01f0e9fd59\"}", "test_no": 4, "UT": "0417aa87bd03835346b19dea1ec2f36bd1cc11889aa3bc531ebe9dbc16d70c385010ae0ef8893dd44f56d2886381b5e6aec8cc378644b376b7651f74b51943fff4", "MS2": "22c87d06f40485ab525783d3bdd711ddefcd867fbb2928e73568d8740f899783", "MS1": "0dddf02737cad83ab6ffed65fd90c869e019bc554504053da39a
7b22d2196a3e", "CLIENT_SECRET": "0418e5906918a219a2fc340c39badc084bcdf3a56f06bc6f4be3cc5ee3365a2fa8046c0c52a140d03723f72469624531aa1c69f24c1fbfd040648880e68c8963ec"}, {"TimeValue": 1437055594, "SS1": "10a3adc1c8741b9ad13f4b076f9e1ac3bf5e8722079cba07c6e5bdf765b4646100b30929076fe47aaa60f9068edf51a513de543f48d20e3475a93e60070ab2910077d4224213c623467e55d15ca099273efcaf25c58130762feff3e4d35876d21224b7ac1cc461d4306e680e03b5a241a71108af57b2222ed27d373a30b3a786", "SS2": "13afc176e27670ad37770822255cf4f6c11f4294d42990448a33a20f7fdd64ff048431f72e300a8d276d60db5920901fbf25ad7a219a5ad1cdcf53540b0a07a907656a8ff8081154c70e3bbc95e0ac7d9b67370555419f061a7f86b1435e29a408eb946f33070d9dd10995e475f88e39525d1c710b169485782f3a2176371dfd", "DATE": 16632, "PIN2": 8078, "PIN1": 8078, "SERVER_SECRET": "00884ad099e601ebf3ec8f215421568d220fb184c873b9f207a0b88fe82760ec11e7d2c74dac247f7ed8c96a04081c2bbc1f1bbc0270fc960cdd1c54f06064c100f4bcfa3c9ee1ef74408bf3e6f91cc81ba0642b42277518069cc65e5803c96c0265a634fdb90aa97
a85aa529a0bb48768c239713c041185d795c9975bd8e557", "SEC": "041d06bafb14d9af567985b4b4f8c0962f39bbfe1af8e659880f1aa673c3617a990c9c348c7a930f23ffc58761569fa274a34eaa42ffe5f53fefcb73f0e2cfffb2", "TP2": "04202748065930898ceb38bf60b3977a79a3d4545bed8702f587909acdd35a78bc1350dc58fc5bb5293dbe8be5d4c1062f0eb167e4c3abc14416260be73a5ad19a", "TP1": "0420d58ba4214c220457ecb2d3d074be1cace5fa7ed0417855e85ccf2f7ef98cea2093565db14cab29bf3a56915ad570329215ec6bf1491b48279ed9f6ceb6959f", "CS1": "04158933bd760bcf6e34da8051c8f42a82d6e66476ffcf7aafa594140d2a145e8d14a6765f7a4826e00796513ae46ef490447cdfba63be0e979924dc1e867848a6", "CS2": "042047915e66dcf1dfe0316578848a5c594b20d836a8425b65aad53432df3b668a190d40d269d926e812da35fd78f5953c85cddf9efbb2f856c9f3c8f1750c5188", "HASH_MPIN_ID_HEX": "fb3f7665ed8cbf079670fba05eb827a2d763cd486cb56aec90419d3e6291a868", "TIME_PERMIT": "040288790fafb7a98c9459147501eb077be6733863eb70f71a28b7f102b8319ed406c6bdde46253ac1c2a8772b25c2f67391f091a8d090885039eeb895b39b6ccf", "MPIN
_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226639636163656331303335346635303836653731386436303538636139616561406365727469766f782e636f6d222c202273616c74223a20223735623266666337613739393839333534343730633438386364383432386339227d", "TOKEN": "040537801d02d60a83f7722fb24e8c0d9c9d12e2c9b013bdd1d2aeb62c6d118a3e1f432ca640d1047ad6e77ecb65fce80477aa1dec572cb9712d39035cebd2ef87", "U": "0400804b917f101a53a7d022ab6196c94a0c7841e085980af4c013b8366f4ca110232c8e1b45862d111ef5bbf8356774b9353571d205b6d36afdc4cf6054db6a06", "SERVER_OUTPUT": 0, "Y": "03ee9a72b9df62462599a9cc2693201543b21a47e9d4409af2669c4ccd2293f4", "X": "0ebe18c010fd571b9c6e07e70a75b0ed65bc8493cbd50dcb43d7ed4f18b51e91", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"f9cacec10354f5086e718d6058ca9aea@certivox.com\", \"salt\": \"75b2ffc7a79989354470c488cd8428c9\"}", "test_no": 5, "UT": "040a6ae56ecb3db3eef308351e4a4ed31c8
9d336938f866b8fa4d1ec06ead94e4f19f6ca08e54d35a45a3029714bf72adeb6dc533ff9b3aa0530857a2374403987", "MS2": "0bc993a892c446df37412605ce25c6da06c3c437a4d9d750633f5ad9dd09111b", "MS1": "07b43fa17f0c70a4512c6f68d4707cc074e27ce760838bbc1b8ebb21520d72b0", "CLIENT_SECRET": "040266c959c3443ed20985b29313905d9bb2f04bbb9c8becafcea36643a3a1e2f21955cdc0b0e738898935d05e4e13db7e88e05e0c59716e4d07ca429f57590333"}, {"TimeValue": 1437055594, "SS1": "0f78b32b38ba387fd26ead5e6f4c432deac4690670d1d0f075424f66129cb2ce230fbbcbc83fb5f1c1b1f68556bf56328ee9b1af888ff0514f8c3ad218d24d990dd9c23da8587b973ebf37f6b264460fd2f94b7c33b50421c7a29c1e8191767e14271a3071a0d47119722a51b25b0369ad93e1b624c275126145519101b3795f", "SS2": "02d08830dd0005f363fdaab76e8d1ee272fd3422fb07aaa82f199cb0e76638ee0abb2931638b889e78cdde8c682d6839a439451d68f5f1bf6ca0def20bfc588912d3ba0d2e11b77be1cc002ce4f1005adf8cd3f67f75d00a76669d167782b72a0d5235a3f35c4df015063074bda3dd5d3bf8de5aa48100a94d053cf9576b0ad1", "DATE": 16632, "PIN2": 4279, "PIN1":
4279, "SERVER_SECRET": "00808d5dda133e05e941a1f8d008b570d46d880899177cf31fcd94c6ecaca28321944498857f37c52582961a24440675180374c9ffd06d77fde95e43cfc5d420153314a34813bf99f7bdc14e9725cbcfc6da1c7fe41b93a79e8c281e236df6f80f9f21ba91456fee210f63c7be9f836d6f18a66960eb11fe8125ee3dce9a3f8b", "SEC": "0416b67473f9566599323edf11979b4b76bf103729c451984abf7e4c3539cb67f5166876b1e8bce28027aaec38a79381e48d65fcea0c0c05ea0f4c7bbe5bc1b992", "TP2": "040f8fb9d70f76911319a347183879839b297bd8be0eaa8e3f75e01446513880d8000aa3d2cd9d8bdd8a4eb1a830ada0fbb9bf110d0d776d492b7043f25a4912b0", "TP1": "040fd9f0b5dd776b64ce58bf3ca58fead5b40d6f6cb79ba26f744a4d640f869fd2039b32c0daa0f6ae7e7624c2959ce51e7f333365ec6f45307fa65d3d1a4b029b", "CS1": "0402dd9f72640c50b6e9cd74303b43d90e566aed4bf72cea2e5054c409b6242d0b23f1cce3a1ca0d5db47218e370c8aae17d76fa6cb87d5a844fd36494b7bee915", "CS2": "0404317543e7e1f968d5c0831ea71f9cb928b78f0cefbf6ebd3172bb42381d8a8e160cc4556c1bbf587d92f53b6569c6a4924fb50bb12cf62a468507516697b6b2", "HASH_MPI
N_ID_HEX": "54bfd095e20f198fe23a2fbd5eac675fe66b70d041568ab441c8e81edb03cf19", "TIME_PERMIT": "0423394325000be64a6d3f77037021307de7740b873e232689bfb75528f036cda41d33c9b8891eb24e4f389cbe6f9838a7bd301340056508ebd6523024cdb1e07c", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223964326437333338363163383864373337646436623039663461316430303330406365727469766f782e636f6d222c202273616c74223a20223137313262376239313532343363386637396566323232316363666662366439227d", "TOKEN": "041dd1ac80e615447d65bbfb0c2f58743be6a8b1fb9dd77bcdedf2f4028afb0ace07f358be0aec025b94e2839f865ab93d5b08f8a668659198718edb82b43de8d9", "U": "040dd5197c3d2713e06f4ed7d3ebb4a49df0b7642b270fff77b815c8ce0d39cdee1558346f5cd01c13acbab64d9bbc5d3b02b0188d75435e6a16b3a0f55cb653c6", "SERVER_OUTPUT": 0, "Y": "09c5df8d16a98f6feada6abc8d4be435176e1020456cd3763f6e71524688259e", "X": "093f87857bf06fa6e997adb38f997a9a0e96b56e541a4bff4bf89cf806422649", "m
pin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"9d2d733861c88d737dd6b09f4a1d0030@certivox.com\", \"salt\": \"1712b7b915243c8f79ef2221ccffb6d9\"}", "test_no": 6, "UT": "040c765d42a810f20b1c201169e867c2ca96699dd8bcd992b79736d38cd0a9ef0411844e878dadc48aedc8a2bd3c8f4cbb93f94c7df2a314bcd0846a342f1a0dda", "MS2": "0729216104cbb6bb3896c59f9b8592c9ec108c8e2859f0d6f5a6ca31a23e1049", "MS1": "05bba4fad041639a12dfb112b91ff152bdd3d48f91384474e703faae774ae303", "CLIENT_SECRET": "041cc63c1bfad23602b7a060996aff8e53f93128b4efffa724c5144a1a43c6c5fa0a66969c0c7e903f0c2008882a2840478eed6a8d83208fe576d9d627e41ba22d"}, {"TimeValue": 1437055594, "SS1": "21b6f31913fc69f324654dad9f88234fc2f4115a474d931e96c998871c9989ed0118f1a767072c15625ae67ee9b9dcfaca96b15fdca09f588248ac588964262d0dbd595ccbbea6520f30945537c80b4c118084c894244d979e824c322a1cd1620f88b875cdb1aa21f453bc87baf3b9886bccfa4cfd0ca95f7da84dd7379fe057", "SS2": "22586f28d7b03e1f3a3ba68fceb1ed27b3873ca2c5b998e16906a8fd99ac952
21ffc2ddf57ccfead7a2660891787f9275145f4fe8177255eab6633f01ba59d0e18b9b07f51f4d0a3479f035fc94fe86fb005d2411cd2b4669cfefd7b6c238bc7129eab2670df19cfb297d884a8569ff4b24be28578e71300542770f9acd928e4", "DATE": 16632, "PIN2": 5746, "PIN1": 5746, "SERVER_SECRET": "0e87db97f7eceb032600bc40d6d2a84c6993220624d4efc46292e65008d31edc061c3866465985f129cba519e396263f6184ac5c0da5e69d41a3905cecd830a523ecdfb47ca9175a7c6728e5ca02ffb930a0ce5323e7b0c438cfb8fb9faff40d10ad917b37db62905008ed014d1bd2e0b47c1007b0b6e87b5a6c109e01d817e9", "SEC": "040cdf22125169f73aed4f857579d183e03db05d64ea168f55b0275bc57775f2cd06b262e4309ff803bf829ffd6774d04d52ef0786f1a3c41a321cd7a70330afc2", "TP2": "0416c43c08e70511669ce599a2a538be12d3abe3582cc9bbb6621411252f4b55620cf40aac5c8a91a247f3d9c19c4cc41d27b66b4edf7f0e69f806c4cde17f9c33", "TP1": "041c7fa68c05c3e594ad2d9d0e4fe6b6e4bbada23a907945d2818d02aec635158e0b6efe2f6bf1e2424d6df92714ba9a2d4e64a8243fb0a848eb6842a527cd2ae9", "CS1": "0405c2bf4e5c9adc83a276b75f13a905c151ef6ae6c9bb3d7c
c0658b7c32dfe91f23afd7edd94a83e7810bf109e1d915047edc7121f758663a89b7d4123424d96b", "CS2": "04046cf112bc3fc901b3d76e54598c007d63db4303f6c06659a2b3772a320fc035233c50c2bb0349b2e9269b8a251874c2ee8909e92c42f3229ecf06b62d3170a1", "HASH_MPIN_ID_HEX": "206f4a9004b84070917957956889423641af811a1492e62ba605048f56fa5eb0", "TIME_PERMIT": "041d957b1f177871d7e6ee918f409c5b2aa1488550c0c102e15dae1f8ccf51d36f01038485126f678541329ba586abd0e9737597eece1021796f13006b894d40fb", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226264373731636335613832616433393766663230316463643739616432343066406365727469766f782e636f6d222c202273616c74223a20223132373661306331353562303466383861613139393530626238643734653331227d", "TOKEN": "040613b45b65347385faa4b8b748de0758c16e62f8c0d1c0aeff1153955c4e9f091f5d5a79be1b176c316d20772b6b7bf58091f2cc2e3b8503d47fb2acf87f1280", "U": "04079822951ad9acbb6987ce9658b98f85f0a1e508bc03771fd7ad913726a2fb1600
f8e000ea67f1e7fabd7c2ab65a154baa45bf267a77431d73c4d1f79f2d973d", "SERVER_OUTPUT": 0, "Y": "22083153ce467aed9bea168eb47189832661c35ebde5b1408670c212d91b1d27", "X": "0fffbfc5255dfb3edf9acb19266582574be3cd332937db79cf3d4c90bddebb25", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"bd771cc5a82ad397ff201dcd79ad240f@certivox.com\", \"salt\": \"1276a0c155b04f88aa19950bb8d74e31\"}", "test_no": 7, "UT": "04137640386e8542a5b1b21d70b69136ee38f15615e4f2c621559a544ad144d48802c7a8dd2b9624f430d5d1b804ef4a6407bb3844f6503f73bb5147070dd64be0", "MS2": "0583c820e45d89f38f5510516e8be013c64b81b17dac596589931a0956bc28e2", "MS1": "20d705c20f94e32d379c8bd296897b2ba3d8905bb2bef4536f359d59f32d1e08", "CLIENT_SECRET": "04137540232257b4a070bfad94eeafeb04b9beee811b7762ca389aec02757e4b2921aa0cb981584c00499328e01114970d2f9da4608c5954f681090931edce3834"}, {"TimeValue": 1437055594, "SS1": "20a60f2545d0335b128292a44ec19a0685de6e8e11a7f962a90b02ac3cf54ef5161bf52be280b96a66cca3bfe5d4bd259
eaafb205b5ffb8bb1947426fbab40490f679d1a5bd8279cf482f1e58f2ef1b01ef8a2f276f40b5f236b791ba517d01a0c11df7e7bfda3226500dafcfa7b5ac625be94b3a34b85c784ac7f22bde58f20", "SS2": "13ad54fecb98e01a03bcdc960316b28605c4c857b47d0ae6f9ad0e81bb6be1d901c8a16831756e2de7677cdf9a879f6afeb8df5695610dfe3528a4bd9349e53f00268b0b7e3b9582a4c424e57e60ef9e0ec883fa3b39d6791559fbd60a64876c10f32e1464ccd70bd24cf7fae68db26e883c23aa1f728f0caaf3fc5ca9a59d59", "DATE": 16632, "PIN2": 3888, "PIN1": 3888, "SERVER_SECRET": "1559df9b1b6d8f7f920aa73f7ce7f6ec7532405185e962e63ed2ae12351381ca237efccd5acd68df2276e1e09bdb9a3fc30d38d86bac755d6deed0ff61f509282366658f4113a7de19d9646d9f6552b0aeb327a20473e9f1883fd0051739c0111640ab70cf4ed9456fd09529a016f36e98442156d2f7817c185ddbb61f3d2dde", "SEC": "040a051572b5b03aaf2c9f8492c22ede2d6df6511468954aab48375666ad6864e01e4eac5b5c25adc87a8b02884201c17466f2c6046f2fea51de98873c4f0fed24", "TP2": "04202284eeb4dd52548b3c812d6355d173a243cc8e54080b2658197fd36398cfd20083e25a1edd7570833cb4acdadd9747b
149ff0ff0d4b8bfa3cb6a9acc302a79", "TP1": "0411b7463d6cfabb4363f66f5b69caf4715f54c6f58da20853bc6b27ab82fbebf31c41b9ce746e4b14c51ac1c0ad4cb95960ad758bf3acf76b0274e490dd25161a", "CS1": "040d6e106c1e31e0a1e43b641b35e62fd9e31b41c513bb7a736d7eddf51613c7830f16e3cad33f63541defc7b07dda7e5a0abf7bab2548798b838e68e0f705b60f", "CS2": "041d6d7163274892d3332e4cc38bbb7bfa8044b822fa766e51b292474719f0bc0508d25f620b4b774ce10edd25527c9ff42c959d6dc3ea835bd33f15032b99f169", "HASH_MPIN_ID_HEX": "366c1db0bcee4f5cf381137eabbef20459ddb79539fe0376164598ba1e83e3a7", "TIME_PERMIT": "041a0469ad551e2134f770b4a617124a5ef45007f84d0d8be133f9736adcf1a4b120ed4638c346c940d0447c4d1cdd251dfe7237ae2bed301ab2fa1123ebed5a5d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226333383535623531626539366566633335363565626261373338393334373838406365727469766f782e636f6d222c202273616c74223a20223265303034653133626563613630616465353639376339363238326
230626439227d", "TOKEN": "04072981d4a182e4a97810fd7c5b127b271ddb25f642e5c73464452558e495b1ed190932c9dd1629c5f1f2c812b5b3554822bc18444d427f1f490192f47a6d8940", "U": "0402cb9f9df17368decb230ad2e1814d16a3c63dadeee1f0cf4a42e41049970bc821dc8de133ec69bb223d2087bff06f0f29c6053a0e1bbd990d3afdc37002b914", "SERVER_OUTPUT": 0, "Y": "13904ec0396c16e53b85eaffb95feb346911d840356231e2e1080523c2dbdcc2", "X": "1827f87c0832033e94c11021fb9521f41bdeb11e03badc34bcfa7d3c25646d88", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"c3855b51be96efc3565ebba738934788@certivox.com\", \"salt\": \"2e004e13beca60ade5697c96282b0bd9\"}", "test_no": 8, "UT": "0416a964393c27d2ffdc9a7321ffce937d5928e87f912cd279e621d01a351da8a31a4089da68f56e8d678b6143fbea3ab0a4e521186272e984dc7157ae020ce719", "MS2": "069f5c42f679b13e16427fea489e1c2a8c514b64e0ab645c4ee9fbb2b91d9e88", "MS1": "133a893ca750b4d3a8ea2d8f60a1f1548eb6cb427cc2ee946a1d59c10b51ddd0", "CLIENT_SECRET": "040f8ba4c0b70e5bcf122f44ff03bfa2
cead2afa4c9f6861311c021d0230835a090b565ae081547189b254113688ff0ee6a192e8c10150bbc0d80724a9d3ad43ca"}, {"TimeValue": 1437055594, "SS1": "15b45fbd93ddb2bd318f7bc487f92dfb8235d52208d1c830060bec546325ebe706a873544a271cd4c9d0bea6d0ecf6f16b0467280c5ab6f2ebc5040835afb0a61ebe5200737be76a1fc9bd391f34a7306086a4a6b2dcd0397303c29d13dfe1b00c58dabbcd320151fa44de1423c830926fd7fed46423b500c998abcf659f72e8", "SS2": "1dfce70e7c09807952eaef736cc997e4c4ee19b402da0db4378d784f4c3e7a1009d4d45a703792d9cd060948506d69136211cc19d635288c8e64d41470af5c8107e9b6e418c4b6b3bd859da608d691e62b7205df978443dc41ef1d5ac6bba36202f8e0d429f84872be9c1db38b1dfe4253eca8d4af7a3202ad931ed0692a3c9f", "DATE": 16632, "PIN2": 8616, "PIN1": 8616, "SERVER_SECRET": "0bd98bad2de5a88851e2814670e0b3c8e39732f147b333eef47c5361747bc13c16e7fb89d4f8ce663fa125982cacf7aee3a52434847f4c4b3df4edd56c0358480ed5367d49011f07d9542e8aff025352f63c5c90228e461c230f4668d0fd5da41e3ea29515138667be93a9392d7b4643349c907a98d4b97bdd35fbb76e58a12f", "SEC": "0416589
fbab198df5b33aa40e0ffd9bca5ef1b8f631ef0e9ef5f6e91e8183762370890d2ce12d9f8eb1a4d6f9d50e25cf0f64c76ee4e43f19f04db56badcd9aff7", "TP2": "041d478719a1858f2be62033ad8b114a3b167d2492f5fd24ec7f0583b11e84903022d14127d8fff71d4eb30e7ab38308ed61d5f680c69342d1b967e97436f18677", "TP1": "0415b0a5f32aef0e790255025bde8c50c90b54ca77a88b8de89677df98148c329101c2541fc654c40b51be9cee188352f32faeab107888416b1dd2a9ebbadafe71", "CS1": "04068220d5205b39a4274be964b0195c9f66581d4bc963b9688a7a4d4b413513ac23bbc9475767a3482f1e50e3594389f8d9a32b718acce405a9485f7f55a89b21", "CS2": "040259c9cbe5e1062653d070ddcb9446b991f70c230a8436028a28668159bf9dbc1ece0f3c5fd56e129194a7147a273ecc415767afe801b2be85cb3ebf923a1088", "HASH_MPIN_ID_HEX": "fecf76c1416f129206e9e2a3fd3bf7230788c1130756e963183521dc2ceb3936", "TIME_PERMIT": "041fcd55a07d40cea6e676d248bd4601707543a721b91ddab9767e27bf2285cad40e63fff0540f193af36f520b9a79ebddf50ba70577b79da52c312f84e5d3a423", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a20223230
31352d30372d31365431343a30363a33345a222c2022757365724944223a20226663326237613563393333623638323238386238353531393932333231656637406365727469766f782e636f6d222c202273616c74223a20223137316632613566643065343861303832373336393531313363306566666434227d", "TOKEN": "0416189809d726522f49c6c2775d676ce214724765b96f894214301cb93256d980186884fac7a60baccff492fd0916db5994ba9e1978cd6940df9e30d3b39b0c34", "U": "040e847e2e6a0395afd733602471e1eadf6dd0ccc87fcd6645ca7053869761da29067a5208c9414435ccd16f072660d1ac8070542bb266eee880e2814d08a4857b", "SERVER_OUTPUT": 0, "Y": "210f6f0628759207ccd4afd19008636ee83cec2779107eec7eaf596a29fd51c2", "X": "191bf4d04d0304dfae4ecc5e575e559382543ab85d307854af4587629f311d51", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"fc2b7a5c933b682288b8551992321ef7@certivox.com\", \"salt\": \"171f2a5fd0e48a08273695113c0effd4\"}", "test_no": 9, "UT": "040df60d0990ed42d0db975d57c668d119f650eceefc9fd7fefb2d62c3b0d4104c0ab892d482172d6ad5a182ebbd430710c4
4bbdb35bfcaf87f25e075231525fb8", "MS2": "02064a58282ae0e61eea98a840a85babdd77ff3c3b915226ce67bf1076ad03a6", "MS1": "21d5f449b6e3b14728e75da20a2bc1784a5ea9a1d7e59dbc10b91abb7e3c88ab", "CLIENT_SECRET": "041adbb6ca2f4dbcc6a96f29af42bce12a512848d77a8059ca900a988e168a16060172da2257ea7e5b66bffcae658c27a2544d49d07260fe170ce1e9e9a6f22211"}, {"TimeValue": 1437055594, "SS1": "141e3e978728a2fb41e7dab57554a13bfb3b17114aeb68ac060d0a9af0b26ac915769ab2c077e92454dac5f66e202f6ca0ec9729752019de9a335722bd97a3f520bcaf94545b998bfc864cbb415a00adb569c6df1bb4f2f9246ce4a0fbaf745a1b98be2d7681ceaf40a6e691c4b8872a358fa5f8aa1c3e0112d9817d51a7cacd", "SS2": "1741c86e32dd113eb4467b4a78d9e15e60073a2b908d4eb9fb9104b3e8c24a9b1115675a9758a8c4dca4e1ff098ac437afb0d1940089fc4bf738f993cecc0b08135861e863beb76c984604284073801782b1ac9b912aa2d1391bb7323dc752ef21ac7ab855835ef9746f0248d6d8ee4a86b81db96e9c51fa79472a70a0acfe51", "DATE": 16632, "PIN2": 2348, "PIN1": 2348, "SERVER_SECRET": "20337bec3293902531c4444e8284f42d4eb514139
18908df12da1d7600575545043ea2e161cfafef6312d7f2edef02bf582c773556d0c8f3501d356245b91e4f04935622d5bd3396aa41dc24e97729b2a4f383e33e265d9ca2d9ea981e63eb641fbd297e09f8e352f191a53f9bdcb074484d1e0a5093c95c9c9787825b153f44", "SEC": "0401fe01b7e74220521184fda7afa64fed847fbe8dd1496b58cbd7aba781555a39087d6dbceffda7a20f62202debf0c74c9bf9d12fadfb4022a8d64e8b78a549a6", "TP2": "041544b09fca7a847edad1b33489c4e3cdc8fe866db6721615fea747fc9fad0fac204a528e6b2e6f24bb0d637ece931a611c276b007b3cfa674e7ea56f2d1ff9da", "TP1": "040a0988593db59971da281052f574d9556c0ee6b793b163b086979b5c142e135802873d6d75a00ac88feced64b97ef0484a6e44a53235c6b9bea9344b0843f63a", "CS1": "0400df063860e4a1b9dda5d14be9310e4483446d6775399e22e934466b5f45aede0fa360ef1bb0d05b37a709a04a796694d05212083a636f858a22280ef4cc329f", "CS2": "040ac186615a7ef8ced8cbd18836b77221ba1399099f730a88ebeb22bb0384c68f1f3c132c629563ddba438e49c7bc2e77dbfd45ed2e372bb2905d1a16ab673f34", "HASH_MPIN_ID_HEX": "3fabf8f342d8349aa7ffde40020677a89327cf8f349b1823757db
f1f08387203", "TIME_PERMIT": "0404e9fec1d87783822a1045c6e6d8097cfeabd0e8c1d207b69d896c783a7cb0390bd98be06f0fbd02f0b992d74a467391df5489c3bf5c481333c3db4b2d736d4d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223833323937346433326332333332623232313931653265633562336164366166406365727469766f782e636f6d222c202273616c74223a20223535663234326630353530646533346663626663636638353565353431626664227d", "TOKEN": "040a2556fa51afce0a90f79d1d854d6cdcfb52fa2c438a7ea8945d9038aecdc4fa224bc02b68200b67261de2b19db4e18e04e654718333adadf8a1e5ac62b2e4ad", "U": "041a6e6cb6c049f7a92f571403cdd0b6928c98147ed4c5490a1aec0b6e7b573f4d222a3113af8ef0bbb2e710986cd8282b3a847de08eeb993a05fc9b3897f1b88c", "SERVER_OUTPUT": 0, "Y": "00c868a8618a1f163ab63f253bd9478b45dbeb1058e4ad02997f8fd086b44787", "X": "036c55d0c2e96e8aeebbecd55a614d9b9f52874e5ac8e9f8dc70c10b1c89c318", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \
"userID\": \"832974d32c2332b22191e2ec5b3ad6af@certivox.com\", \"salt\": \"55f242f0550de34fcbfccf855e541bfd\"}", "test_no": 10, "UT": "04224c0d3ff73ca962bfb64517f74c66870981dc30fbd85afb88428e910c8a94b71ab4357f81f2d5deb2f06c2b0ed97e349658f986f929444558a157821d9784aa", "MS2": "1ff3d2a38232e47c4c7bc1587e36944c1b19b779104a4c7985a59e96f021e41d", "MS1": "21cd3ca8c4c180f30cd2993a3ce4b3bd21d40b19321aaad9d559054699de6749", "CLIENT_SECRET": "040bcc10475f2544c12f3a60a11b893436184042ee603fa79a02f5cb71c12476e70627ea5043bbcf7402ac8018c3e9450542ce6d7247a1212d4a4ea5533ee7417c"}, {"TimeValue": 1437055594, "SS1": "1efd294fc0c35364e0e6894f044b9e30f2c4c9280f2da012caf742f1336bb72408fc273edfc93cd5a8b150513708219407ca23c7698dc69c2ad9b9b4f169c2881fc59404803590555df0b349eb9d4cc2d2af6743cb1759a4186cdc5ae39ce6631c776911d7db0bde542ec5704d5703c95401bff481081a8f1ff8b6e33b736c77", "SS2": "1664d545c4d86aba5a6a58453a324cd864ffb4465c7b78a41da63f599fb95aea1dbcd23c420c5cc782b21c26126bb9b3d8fee9eb442290854ed3afd8b6f2197
20daa5c9bc736bd2dc0b157837e5a4f76a34da133aac20f7478119c8d610070701c7d87210bbee7585e80357de1493f76985b191c0886d183829a14f1ee0491ea", "DATE": 16632, "PIN2": 3764, "PIN1": 3764, "SERVER_SECRET": "0b658e649a31f1b2c89d7d9176605f0b252b7ceadf7a46141b3774611f8d778e2391f1dd2cf7d0c753468b6ac07524bffc1843e5c30977ccc746ee8749c1a19720cbc776acee8912ca77ae60f30183fa006c017e6895298e5555db342328376003f5451780568a1e1db743b34f9475e49c66978c3e40aaf6813a6f2c2149f4bd", "SEC": "0418d813ea5d40e21324ee28f99365f5cec138a70fa67413fa93e800e757daf96910379e8b44ea28fce00fdc4d969976eeb8ad288d81b81a492ab66a05b736ba1b", "TP2": "041de26abb8acf859ae9a3c6326e34bad0d1ecd0d3390bd511cca14fd548e1ca9e01c84bcfd7fcaf973c75621cae682085d724af493f76bb5e40befe74c6fbc830", "TP1": "0402c3025492f8c511d2beae8b5fad7bbf5fc5bb512c072a7ab2c61e93b0c27c6f0b3b9e22deebe02cda455f925a360e92546eff933784e91e3ea5196f6df19623", "CS1": "040a35cfc292cc4e5962ba59ca42d53d32947e4c32b621b540cf7c9345a69e4fd61cf29cf801716e2121a9399895ea15b168d622d39e397469
9a54628fd9bc8d45", "CS2": "0420259e066fe78067e79e5c0fc6dccfa7796b6220e5c492486dec63bed72d2a3621e35bb562249a268d7f35d45c762e5cd613fc562c976784d2072e1fcd37683c", "HASH_MPIN_ID_HEX": "289ee3fa5a94034840db16087cf301cea714b03ba397b412b6c2d238eda7c9c8", "TIME_PERMIT": "040aaf1c8b0119389eccc9d55067c55fe4c7bc7c4df846f071c36b14e996a1b76206eec4a0734115df02d897053a2748eab9b855b89b2cfd97db279ed95125240d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223461383734353165373132386562383931633137323235666664616161333031406365727469766f782e636f6d222c202273616c74223a20226533383063326662613635306136383836323364303136356136613639383930227d", "TOKEN": "041d85d6567e0d54eedd1e422272034058aa1d8b9564eb300f03ce562a03c97e641e9be6092ab136ace2cee1970485f4d25f2bdd03df9c7b3df4e87d57e3184dc9", "U": "0410f7e14f66e78f685c0ca94fb43a6413f186aaee4e80280d02e1edbbd5df1cd30d59ef9b76c9a79e1e75b1d6681eb973e42b3fd8a581f8117054017efac205f5",
"SERVER_OUTPUT": 0, "Y": "1313bef2e23b67339555b6636bc3d49d459ef3f160960dcf236ec1bdd5fe4ecc", "X": "1b62ed7d224b20fa452a5376b61693a5eb86a25fcb364f192937fbd901215091", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"4a87451e7128eb891c17225ffdaaa301@certivox.com\", \"salt\": \"e380c2fba650a688623d0165a6a69890\"}", "test_no": 11, "UT": "0415b479e438845a8f9783496f58c3e0bbc170f5f88aac26ee7749ca40562d752f18880b97b5d5ac266d546c99037c20d397d6855210e54b434f6cf83e6416a438", "MS2": "0eafa15a9a8e4c7abef0545ada244f2cbcfc68cb60ae175fca9506abd4e55ef4", "MS1": "17d6e568724ef2c669b1bf0955d297feb04dce2ebcad5e0e293f312b7bc5eb75", "CLIENT_SECRET": "0411a0107ac787b157e005fb89a255364bd04bbf3ced17a9814128e5d91a54b02e090ed6d82f0e7e04cd4c3f0c166db4eaecb3062f54479145988fddd992fa4fc3"}, {"TimeValue": 1437055594, "SS1": "1f084fcd34b7141975d9be543b44c3112cad21e3727cbff236e05343f1ee2fa422086b6f3d50ddd3da8f7ee496245af4e482e54db6328f84c9cb7eb781cf92151404a2f6756c0989419e503f623c6af9
d9ee0a05f83d3c793dfead7643a871b50a14504a13781f12942acc491c9f4bfa8ab7545dcc4d115374bffcb24d9c3273", "SS2": "14bdde43fb67578a7e140d5fdd25ea43b0240cfdb65c6ad1c0a62221f45134b902de451be9f09cf64df6f0778bcaa45f835ed4bfcc793aa28af6b1d774cdc85a1cad226f32ebb0f93e0e7f2a46fa53ece6f10c7ed739c68e0832c3fc5159c6c500ba45c28ff2bd415cc2a985277f42cfa36d9eaffebcda4329699010a01ed345", "DATE": 16632, "PIN2": 729, "PIN1": 729, "SERVER_SECRET": "10886faeb52c1e9537f160f45c59ad13c6cbef0298b424c0bbf208e61316b06521037ca12d451db290461dcb0fc2a451b7872d332bcec4b74e99c78a47a825e717ef5d303331f03bcd840bfb47b57f7c4ba91c072910a1db102a382b804ef9951140cd6d4b47316f0c8d4b60d6372edd7768b81e73dd6adfaf1801719de8f237", "SEC": "041ab7777be5e4ff6999c68b6a529dd7ac5a83771a775dd311ea58facb40d7f652165182ca902c450f268dd3e211f6ddffb432710f713860c5f2b66f56f0a0f9fb", "TP2": "04210a8a1f478d5580722213c7a298ab465ae54e9a3a1c5367a0f9758ddd898b9c0dcf36efd81b3fece50f5ff86d7644fac4e240e82281b1554ff279958701630c", "TP1": "04111a929dc7bd39e9b03a3
4556892a6a07979182ed75575e5d761a7142e4fae470891df49934011688e91f3ade100070974a4ca455ee5c7a44383536d09143e59", "CS1": "040226a6456a3cbc19c97dbecb7113a43076a97af96d7ce2ebf5c305bf03d054e507d8740a9392edd53a672914fe31d44d379c6d40f7bd65632478e15ddc3ed7a9", "CS2": "0423a6f7b78cc09da0bdc47ac51a1be4c9c40eb822ef0023c71d65f2bed5ff3bc3049167a462b7ec23ca9b2e98885ef631a9419b0742358f6b96f25a0a83604a01", "HASH_MPIN_ID_HEX": "9b1289ae13d277a7903bf91c39f7354b16e520058edbd1582b398bac6a4e5895", "TIME_PERMIT": "040292e7f0988ee3c2b27556133f66609c6cec0e840fef77eb7e8e3d91365bf7a7221043eba23d239ed94bcae8db9e4dfc9e48a110b6cbfa64d4de1920b3daee16", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223362623731366431393537323239626261306234323139643131333332623865406365727469766f782e636f6d222c202273616c74223a20223136653432306331306632333731636462323734313663646463396162303730227d", "TOKEN": "041cc54e7d33164efe713a6635e05147067e51c
3895e6ccb45afd0f3bd6b9285981bdcf87ef710f2aac842a55a442a31e9baab1796a052ff90344d204c73ef9cde", "U": "041a8e01b282c075739404db6c88c30e839e28ee4caab457f42e678ec13254510d187d4f21d90a83ef986c99694847a758b46659fceeaadf788fb0b3b0bcb10f00", "SERVER_OUTPUT": 0, "Y": "1482a173e217118752fb0a85152834112811c19efef329d22728576dfb630ac6", "X": "10dc5afa64c0f21e055838571419b9bad8c5359ad33acb5f109150e15f81a228", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"3bb716d1957229bba0b4219d11332b8e@certivox.com\", \"salt\": \"16e420c10f2371cdb27416cddc9ab070\"}", "test_no": 12, "UT": "04160428dcb8acc3ee9723a8b964433e29366172fa1a150d4929400df7be89bb511c31a5029d176c8568b73a0dbc73526064443b38a25e9563705f48de2e90a122", "MS2": "1870a12d9a058102ac5e6bb8b25efd92ee19ecc0bdac840ac2b052b8276bb858", "MS1": "129927756c27b518bda7684658ce9b238a7ae61081d4673363cb080231964ba4", "CLIENT_SECRET": "041a5e935fd79d7941a430752208f6f39a991954e8a8f989f017b1e079e5d146fa126d8ef4f8ecad862ebcda61ad79a8
eeaf3b8df671e8969f1ddc0a4a11f5e107"}, {"TimeValue": 1437055595, "SS1": "02ab58c41ba82f7de410e2111eb3ea9e8d5c58efc2fa69abb4a74e2f99966fdd02c6cf185ddea52839c94e26ed7c516a35ae7994f23376c9c4880bead9cb8f7c09f5586f7307190e586e352481bc768d58bb173607017d7ef6a7e39ebbe05134186e74132682b785ace486080d34f4054d4aba9adb64605c0e49b59d12d26d6d", "SS2": "1a7bd72c0c88f97e6764caef54b615a869b81733dfcb7b61b261adb81cd88ce70a331d31721e1fef4c4ee87e24ba80a766d2d40abcf406e6599968d6d28039e11f5191b7307b749ac798ab130ce0e43db6943f3d986fb8ed82f22e52a05d1bb6013dea562ce83ccdec2f7af94f6336dcb28168f49247ed44ba4f45459d0d3b33", "DATE": 16632, "PIN2": 9410, "PIN1": 9410, "SERVER_SECRET": "047ca35946ee57111516f82d51605a1931146b4f351dc86e48f126c90e82a536048efca74438f46efe4659b8f5499abcf9a9918be660fee5587747005327a6ed01b0574b1e4e8698e14cced4657432e05b355117ead11a10fee742312b9fddb91e0c1a64d6da74afe6e4bc12cc47c81fc1d7ef2a01e184e6a172de2da23cc0b0", "SEC": "040e83641ef69e04b1c6ebd461633f5630d5f4918b4d98c82a067d71eb13d957de11cf1
a1d917635af967bf7e1aa55881d15625fee69c33328777a9b0741a8c75d", "TP2": "0419f91052f79129cbcc0d8477e06a9f9e2ebaef5338b4c8205b621ed6ca680204217a180a1d223c12260a2ae46cafa6c2873015edf3406d4b5a17a46c4b3373b3", "TP1": "041feb1fede0801e06d694fb6f3957d805c77633ed34f3acd201bddb1c1ff66e8c1ab41301b261cb21245571f9fa1bd458cb507809cf117f212727ced872a8817a", "CS1": "0419545b0377a3a2e3c7a4075bb80330a1abb7b9b27f2f42e1bdae83a46e4fab84008b1dd9832ef635bb92d14d5a779271b18b2b361242d327fc299ea9dd0147ec", "CS2": "041670aca835aa6caca1490566522db9cb088868b19258207950580a33db96010a198d431324f7a52fc21944ef07d473d8fb9a076e319f6f1dc69c04ed35338bba", "HASH_MPIN_ID_HEX": "520253ee9b443098b498723b7cdce97f59a5b4e408193141790af7ae1094a502", "TIME_PERMIT": "04104c3b58d81b87d8ce6b426652626260b3673186ee7f1095cbe68070f7a0443600c748f473e203c0ad9127eab8024d270b646c6946cd985851ca9f6de567f062", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a2022
6266343065363033316266363836643562363665383965653465366263633933406365727469766f782e636f6d222c202273616c74223a20226532633533393430303561633863393562323038333334623030663530373836227d", "TOKEN": "041df9ce7195053809b2485775a9f9974ba1366ac4279210f901fffc3515bc5c801652c09676c5037bc08287c5aa5acae3426c73ff9a0fedfffec6624d64abaa5a", "U": "041c21a2c64dc170457cc25be48de8da0dc0afecd99745ec31f237d2d054e6da141e751690638405e6417a279e5b1452cb8040ec4d23593c6e34df54fc1abf1607", "SERVER_OUTPUT": 0, "Y": "1269ee0eef8c8273bbf338dc9be3ee3ab36e8111114c3500e2c107cefb736098", "X": "0151ef94138b5b19bd059b8cf1387ddf7d39a36a74b9b5dc9197eb984876dd04", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"bf40e6031bf686d5b66e89ee4e6bcc93@certivox.com\", \"salt\": \"e2c5394005ac8c95b208334b00f50786\"}", "test_no": 13, "UT": "040042d2b3678fe8bc99e0a19595f5d8b9b4f281e1be9ebfb11969d52d6a5707e81b9038a3c7b1bcad237a984bf2ba12583b059e1aafcd9268a91e46dc3a044ec9", "MS2": "0b396333cd482362b87006
aee74762c5ee19971c1f07a2b60ae82390460a68c2", "MS1": "0d076f355ba119bc1b4ec43017ffe0c74dbc56cff41f838b80133dda04070b7e", "CLIENT_SECRET": "0412f4f95ba5441fb0a1e35093b75400bf61ec79bffdb6c34859f98ff43cd6e7801ee6e150e1546b12f4d68300cc8a59b9616c9b0390a6953911a270e1e3779250"}, {"TimeValue": 1437055595, "SS1": "1121461da0b381032d470ec98dc7058e40fd79ac326b001ef311f8e21383c65b13edee07a54b9b8b08ade1522486da58472d9f7f52d3469861de13c2feac3a8604d25c34e7a55536aab04fe961380fa5adaae77288ecec868a8e5adceb075fc60a5eb54a8af7318f66f59c6d5ed88914316213c8c539d197100451a31e043b26", "SS2": "1ee0191720fe5aa927ff15ebaf7ff0af186a265e7a7c19dc545b5f07dc5c7e1117af6959d16c667eec58910e3c91728058b79199002094a56d2bf0996749c04a14426d80134ddb41a2fb9007ad71263658fe19546f84526471779db5d6673e5b0d9126fe406efa3d69921685279f5f2aa0a369cb3477baa226f89f02c48074ef", "DATE": 16632, "PIN2": 4411, "PIN1": 4411, "SERVER_SECRET": "1bd93920323951c7719eba225527dc8cdcbd1127f2ebb16dd7bc0821f37dce371fbec3e9c47a65fdfbfa2e54cf8f53477b213af8
e3cb9ad1f3d9c88a614bff42049f75799d64819e686cb971b76810f2d9e8aa8fa660a469fceb6daa33362a31126098b74967f92cc3c4052874b250a15881b0201a62eb0368bd3210c3cc70d5", "SEC": "04011b191e65c4a6c88a3c3d1dda3fd6bcf66ec47d348eb62e65a15fc391e14c0a18e5ec4efa692d85651c36c706fc31d738a112af0c1ba1b6e127b2250b86bf6c", "TP2": "040b5a7d2d8c4943db9b00f83730728b59c0eb2834fe6855acc9d026123adc93441ad84ae4127de8be49b71e00a06bc9f6e864cfcbff96b753863122d83ec52fdc", "TP1": "041a7ae7b493bbc82821c7e4716c194fef2d4035948bec707a465856e0b977b84d1d56d971b6100aa89bd8d0ae1a34537c173973281dbb5929690844a69283e88a", "CS1": "041a8424ebac47a3121e0130eb4db0db13c32de89a565ed16d6719b8cbe9725fbf1c81164d474cbde1e4130553694d5201c20b2ff347d46b6897122165bf428a42", "CS2": "041b2545e8f58cf20edce4347ebf914e5a730faafd78dcf65f8372b78af2ce38920587f9f22c6312bacd61657febf445d814666637a8f2d4abe02ab275508f0da3", "HASH_MPIN_ID_HEX": "16b140879f84bd5a1b8e08a2bcb67d15bc3d4710542244216d4b4dfdbbf5641b", "TIME_PERMIT": "0419f269e2bb7308fdab5a907bc5663ea
2d3a00947d57c0c427e3691d97c644fd51559410bc6db6a23ab23aefd3b798c354992e10e4a16eee6ed80313b846581e0", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226461336163663561383662343438643934396165356530373261653565663365406365727469766f782e636f6d222c202273616c74223a20223634306139643435396662383339343662613032313464653430353937336632227d", "TOKEN": "0421d94f37813be32b3995135ade93f649b848edbf68ef064983c6ae6fda44bec71a358324a42be450d154946a8611f06b1870ce4aac15dea8015f9e2f2caa33f0", "U": "0420356c11c152057a16e963d3189bdcdd5814083a5165f65cf20670e2d81207bb1780cfa420f76c06cc1df963d388378d3a9350045b6888bc63d6986d287abd7f", "SERVER_OUTPUT": 0, "Y": "0eeb54be0a5265efd58dec5732f146f92209720e550fbcac0af0fdac50cdd609", "X": "1da8fdbba6e83c6d9f1a89f1fc7c0871b62d965c549c039287f816db9c958101", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"da3acf5a86b448d949ae5e072ae5ef3e@certivox.com\", \
"salt\": \"640a9d459fb83946ba0214de405973f2\"}", "test_no": 14, "UT": "040ec352a6b673469d009d015247330d1c9110709095496f971af960fda520683f0d1b4692f9cdce4388190ed5d1f73ed4961986d3a4f9420f3ec904e6fcbebb19", "MS2": "029d7b3191bb5c3501fce6f3fac6e3f9802c799af86d6361ec687cfd5e4f956c", "MS1": "1f0cb6091f001cd40a00c9cf019ea238251685a49d363895fb2223077f617408", "CLIENT_SECRET": "04176eeeae545878791848f41b8764ed54def2fabff17d23a78091100aba053ab018bc977276adb19a1aaa1ae455d42290f926ec7fdc48319bfc45091da3d5b4a9"}, {"TimeValue": 1437055595, "SS1": "005ef11ade21d61ac0eadde02972e2de6d421275a37bfa48df685a74a2fdc70516a6cfae5e86bce0cad7ae18d9239e5b0e3e422872d915f2d251a4173e503a6b0d3156a84d8ddd03f0407d6a486408a7783875fb592d27845b39468b92ef2ccb10f80ab45210d73e0d28b5a310aba2be51543455f4340e89df721b41a56257aa", "SS2": "15302e6012a81ecc8d10bfee41cfbddb5d5caab43570f841833a4df2820fc9792285ff10aac04418dad2110659e439bfb067dc938a09c7cbd6f01bdc0858f73101f0220a23e9837a56f1140cc2335ebda85f51c92434e045bb21556d28acd3
f11a32257c8b38bd7b45f1e4fc5b52c48d37676153ed5acf531c28d4699ae11e7c", "DATE": 16632, "PIN2": 1194, "PIN1": 1194, "SERVER_SECRET": "0c1f0a1d84f7ef2050822d0b7267c40ef224c181a1e153323f42c283068e01f105b6b997a6297b509331e09d539be6501da16e9398613790deb4c0bc59ff874622f7e037e9ce8b3c6d1156a7ef89e277dc203a9714f7126a1da793294daffde314baf0cca6df4e69077ef7854d84ee0662dc36ee1c83aad10aba863c0eacabac", "SEC": "0414c3964f2dc9baed7a0fe822da337837fccd71f047a787b4ebf43a1d6c87f67c180a760c788651362369cc05f8ca71e917bfc3083f22670b693f8c15c92a1962", "TP2": "040d5e5a4d5769e5d43c713dd4c1d13c72dd45c841c7bee5b447bd940012f467be01e2a81e6f300d40d5b19091cdef005dc5ea1004a6e80ad366450788503a2b3d", "TP1": "040929c8a9de6b460411a9bdee1fbb1f58770b5505da8742a5e409c262dc7187511d0a85389f9fc6507e1bf128bc84e16224068b17874c890de0c68beda4f55698", "CS1": "040ad6af61f568b0adb40ae1b77de62aaf28fba96d1f99d4da6502574f1e6a589e0b59234b7b67aaff5f74b3b1fd5b4b04ea19ef6068d416abf7896facd3289d98", "CS2": "04203ecff5912724a49ead970bafa49ee5f9
74905b1589e56ff10c035ddcc4342f12f063cef3ba0a21caffb27ca514d5cb4e6dde44a956635cf17003736eacddea", "HASH_MPIN_ID_HEX": "a4db348d6a3e12686220b7e892dc7a8c2d03369cdafb27c78211846384d74d39", "TIME_PERMIT": "040c000dfab56e9266f8ee90716e966ff5f478bea270afe2968fa3936a0f34f1a820fac6f963b6f7c65b318db7bc1cb883123ab0846f66497a54890b0a2eaddb2f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226337313336353930643937363864313637353364363864326333343331303634406365727469766f782e636f6d222c202273616c74223a20223335366235316130323839336462353538303430363038363964363731623966227d", "TOKEN": "040929fe71e7d7a3814d3aeba40f9a786c33fbe3b2bccf86b9e83b8638bf16a69222ddd3cf5583476e502ec761311af5acc98e6eb3b4e15fd497ed43ec0df5a5a4", "U": "041f231e85cd33ead8f6f972939966b5b3f8c8a94ff8f573b56b9cce2d53ffd84c0fe624780c96d8454031dcf34bd3d994dbfda83f5aab2f5cce208af47c0123ee", "SERVER_OUTPUT": 0, "Y": "0cd7c161c49b6a196d77a23750d04cd63bd9
7ffcf4023915a1ac4ce354bd82a5", "X": "00422b928dd2e96614005ba84fc78741c706b2cdf1e6867e712d73d01aa17a21", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"c7136590d9768d16753d68d2c3431064@certivox.com\", \"salt\": \"356b51a02893db55804060869d671b9f\"}", "test_no": 15, "UT": "040c0cf30dcb53d590b1e4cf3a137b8890614ac6d4a13905feeacd41f3882137d120002dd8d2f6337bd910b999e7a199fc21ee49959bf7f775b209c7fdaee1e7b7", "MS2": "021ecb6fd22558fcae0387b205f80d7a029dffc18a0611c434ee2caa0cf90c04", "MS1": "0516497d2e0d85158c64bef07aab7363e919e9e4fd653633600a3018e004a347", "CLIENT_SECRET": "040035cdc25404fed0e2b5be105bcbc7226005dd176a48674d73fde18647649d161823310c66710662de295ff851c52ba63a75020fbe9b81c0b8fb2873c3ac533c"}, {"TimeValue": 1437055595, "SS1": "23dad6d7b3ed7e4cef930e8b3d011dfc6f1dd639bc1fae7fb2cad6827ea6b673170bbf3d94545632da5cc5aad16cb90daae8b710d07cc152f90243bae0fcb17b126c0780f165329d81558c67a99ba5b3c57374959fc5d068d791137a56a61ac41e7179156e2b819b89a9fb5b19c602e
f114ae70304535eb05695fbb68bbf47b3", "SS2": "2151d6676be391aad04b74ad9169b1467a5891d93355393b007f3c1b8a3470da145803c0a48cd272ccc65c94e3efbc4a1e23e2d01e868cb9cd8afd4217426de4097ba55e12e54064a971140ca658aca66a09d015600b4d8781a732898b25f582003d71fd218cb4e1f28c61302da41adab06859df6b1d687f760b59e70b9c006f", "DATE": 16632, "PIN2": 3666, "PIN1": 3666, "SERVER_SECRET": "2354cc84b0be0d086235dd5106676f8693e3caf2571b96fff02737c0d7810c7f03db95e7716ff35c4eaf7f09ec2b56b20762605e77a1a86ec7495230cd5b6127114eed4e469f14b30c8d33987700b69212752777dc6d78ef33d40d6aeb275ce51b2b23061ea3d777149b1ec98623e20fcc732b107eba9324c7e7f394d5c33167", "SEC": "04087fd4db3bee68c16fa739fc8d1a483223d8566a188a6ed4e055aff46e78c957171cf4cd69dde39d94ee5a283a5ceb3ea0ad49e90a3ac02b51d6b2c4400cb0f0", "TP2": "040826228e1929139fea73f8637de9c15c609c38c6d9d658d3b12ce06a641995ca10772604069ec77a9bf62317b290fcdfbbdc098302eb12e074f6d273df7854fc", "TP1": "041ae5cb5b45dee4b542b8087191a774a42020f77e62bb409002f2c394137757e8171089a8215c86cef9
950f85162848fed0ee06d6b91d537e94bd5b496f2764a1", "CS1": "040a40647d79427687f087efabde69566fe951a867144e282683bb8d42db4652c71371fda7796029e60c69181c9ee9fa209f2fbfef3d6749dff19bce53a9757a2e", "CS2": "0413665be94ad63b94a0deec4c4e90f320eed14ca79f65b134d30279617a3e537f1381fa0905472080863b7669b23b28dcdadc68cd56a8f135331dc80588859f83", "HASH_MPIN_ID_HEX": "9fb97d070dbcf9f02f43ce6c92819472f161cda42a3e573e92ae3139e64a866c", "TIME_PERMIT": "04113d67256d744acfe5dc848a6744dbcaf37c3a3cf403dad667a7f259e4b642e216c8683a8966965ccb76c89b3132bb225afb426fcf0a328b06f244f386cf52c9", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223863643361316134373638376662306636376561396532636431626666363262406365727469766f782e636f6d222c202273616c74223a20223539663466343065376632363031386266313661653434313661326336373862227d", "TOKEN": "0414d94c5363566bb7d58b1c262aa2eebd31b4c8c6a4708423b38f706d28df9159033b999178fcf7b6d010e906c9f24d3621
4e4c9f9bbae206efbffe8db39356d6", "U": "040ae2c3e19032733458d87778a894fee58bd17584b6c3c3016fe16a8e8fc8075c120becf699a5c842e590c2d416f76814ff620dc76b4bac78df1ea0350ef2c75f", "SERVER_OUTPUT": 0, "Y": "0f36cbf567ea62ef0fb17428388ba8c32e4c736f1435d725a63ad0e1bbcce48f", "X": "0fed17091ee2633e8ce34f753851becb2fb567050dc87140077136ae15caa1af", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"8cd3a1a47687fb0f67ea9e2cd1bff62b@certivox.com\", \"salt\": \"59f4f40e7f26018bf16ae4416a2c678b\"}", "test_no": 16, "UT": "040431d184823b62bd1d96124a67bc6767f763b664b23f279aa2a265e550130c951e00cd459fd3ff49fc77558962439ce0e6f1ddf340a87ccd0e2db6969b2d0cb5", "MS2": "19ce6cbc23b50bc0cf5300dda69b43008224194e1c75739a48017adc4784430d", "MS1": "1851b82bc5867efd663f4cb84f4d3122ccbcc4dcba715c34e44fdf6e6feac37b", "CLIENT_SECRET": "0400490fdcf249375e425bfa5a45016d25a3990b53a4b0beaccf7fe98d5874049322072b915fcf94c7ad8580c451ee2fade519424abeec83f123ab7092ca9e3d83"}, {"TimeValue": 143705559
5, "SS1": "1465c8cfdbc267dba7c633b0bfe7bdf5abcb5f1c27590aac10f65105b9eddad21cf5e9a6d02fe5f13d03f00052f4d0b69401412d5653fdbe979fad22fb7a0f14047401bfbeae0501610dbe5ff148cdfa48dfd4f4888ae716353deeb7a5c5b4210bb2b0d0180f9006b8797b352dd721501fa28d81da2b672ffb7adb6b3cdca472", "SS2": "0040dae30b7302d80a3099a898ca47185dd8e189ef2a66b981e9602ee3acd7ed23eceea8b87da9ddb371743a127b21ded6da06ba8259f8673d29e283063d4dcd154f980bd5894bdef38d126097601e19297597707a87079d2389c34b11a2564b189152c688e555fa01500cd3a54d21540409d724556ea6a392d587873bd5256a", "DATE": 16632, "PIN2": 4703, "PIN1": 4703, "SERVER_SECRET": "184e0d80931ac074dd0497385f0eda5499ec7eb4467c1a71356fb5f70d5c8d0b0d8f5a6cd5ad6a4164f26a9041287eb62814ef254a12fac0928b907d4fb4720b025cd8f9b14ea04e3fd11345cc963d6c7a3e7437703e1171f7f6f908bd1c804f1e0ec758abb14f966a58865b4dc563477323c73060487c103ed93a044b0c54a0", "SEC": "0411d04d217ec0ab6aeed1385935e71a33aeeba74817e00d5886ba1226b5e3a851218272c144a2c160b90c4a2906c96d5724aacb017dd6b2c560589c1d951d2912",
"TP2": "040dd9b30beec49d625d62910e5c56bd94e848a9922e21b77666ae17ffd471193e2090e2301febda70d27f40ffbebde9fe4776172b732218a4a40688ca6b5779e3", "TP1": "04152c631db2412096d8c363435b220a3f25fe5a2d24ec6c4baecc5555166b17c721de54b4513ed3f27c8dbe25f70e3c30cefe3391212d4f823f8cd0ca3ad23a33", "CS1": "040122e925d5f065abef086c1b63d7efb0cfcf43810c1dc926889b9d9be33d1bde23be99d18dc6d15e2a68f48a485a94173c6fc098bfab74b85af1024fa2792f86", "CS2": "040f023aad490c8b55be81353c58910e8ffc2e4b7f91231ecbd385456e0904fcb80ee1a1ce9b7c8e7064b1e0fc4510853bbd051f4b3638b9d4edef03b0718cd141", "HASH_MPIN_ID_HEX": "4b428e699fc9a420725a076d5413fcb71a747a4a2fbfd1cb7ebc90c08cfb6755", "TIME_PERMIT": "040882e822769978bfe5bf18e2ffc130664a2b4bf6920a2c9f2641db53e431063f1ff5fc746b87ca432aaa855ab24da576b611e6c83dcd7538e1851be64230567f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223237363735643564333062303335633633373537616537616266306462626
433406365727469766f782e636f6d222c202273616c74223a20223836646432333935613364303164303333366530633662323235653063616637227d", "TOKEN": "0419a378f241f8c1210f3619827406bfc4fcdd16832ce90d7997c00870bca47e8018fe17f16deb3d4d18c8a1dd5af16c40c327e235a5230dd0c188d13357613f14", "U": "0408301fe2746039f6d1b933cf136b54b33941642e6ae2ff933030b6b36805557d048b14057093ec9f841ff4ab130c13722849ddc7a23b1546489f2dc69f8442ae", "SERVER_OUTPUT": 0, "Y": "1c1f2cba76c40c464c385fdbc7df270f3dcce1387296ef592d8453ff1aa1c001", "X": "01273f0dee51cf0a7ab547d53f44f85bffb7fa33583a3a9428bfdb4e2d384777", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"27675d5d30b035c63757ae7abf0dbbd3@certivox.com\", \"salt\": \"86dd2395a3d01d0336e0c6b225e0caf7\"}", "test_no": 17, "UT": "040cc1452068bb696b9999f6be7e1b5e75f9cd94c98588fe5ec55e433039bdcb430ddcce810b8ea86ccd5db61e8b643a8b563f07c3a271de038a2d468f55954303", "MS2": "07e8493d8b0d000003928116bb37650b00cdc5b194152cb4c636526b47ed06a9", "MS1": "1a0adf7b
aebbe316e94ac64c5c86ac431d2f0b708f4f4ea856436fc6bde88975", "CLIENT_SECRET": "041125501e61ef5498d79f475b50318d0d6ffbd76bcb895bc8317631994b272c531dfbcbab019ff73c92fdf7cbade07f8f6e725a46ca27bbf0e00673b62bbaa468"}, {"TimeValue": 1437055595, "SS1": "0818708b4057a6b7b1246bc5c1ae71a84fa402961729edb72e69f3b366ab80e71e984e78ecd3c4dca114a4208a84a1b79e16c088cdadff0c8f60f2543301f1541ce918024251242f3761a3968592c7fd8b4190b91528ca7b278b35dd50bb64da062a96f1e1771cfd8d5f71790912aa39bbac50c229fa8d3948c3313babc98952", "SS2": "1c073c3a5aca34f59f43e1ee8639f402d08d5f31035b71bbc7fad1773c7c69cd0a4c60d1defc6c198da083ad9d6fb18ba9295019bf8999ebb49f4affc378393f0d9c595156090e85fcfba773878145c6d8c6c967375e27c0debc51255a7952581389f9014044f65a22fc8aaeb63696d69e4537e6d94dccbecdf41f677bc0f13e", "DATE": 16632, "PIN2": 5558, "PIN1": 5558, "SERVER_SECRET": "1b23361dc753294af3136729a5302ad7dacad4f4129c1f041870a6f93925273813aa2857b4eda7d70e2fa1e7b1baf87062de7ab8fde1b574c17255b0620ff9d922d2f48a7d49c7673413f36807ff5a78d614e
7984f64e48788b54f5f4b69ce17219919647618e4984b22df832d7b29b62885761bc124a85e84621ed87fc3c5fb", "SEC": "041e17b37d06f123edf6931647cb891bc8fff89e3eea460e93f30c58fc84c39206148fc5cd39c2c404d90587bcffcae52c20d777756f5905d734e1387f555e9b19", "TP2": "040dcc09d755461b46cb2dec388815a694d8867a81ff1cfe7d8702d992f297b6bc1ad9b7a86c9f06455a514dc935bcc2d21fb9dac96678aacdbe0533904338afb5", "TP1": "04179065480dac54e4908018f9571d4751e5a41de122780c5fa0051e835d9f05a80969cbd01b13028fa129fb03cd318eb3c9cd0915d733163979108c876dadb401", "CS1": "041d4c7ec996ae43e13d276049a83a9c6ce9405198f8ae511586959533aef478cf1dd08605eca276acf4a94ca9bd66798c659f8ec6a477fc481bc90c2c348a17db", "CS2": "040eb81dd0505b75dd41900d9136515299b416947cd764c7bfa7ac19d109e7f9f9033154e1e5fd127a90139f920d0b9dbd3bbdec675e2b9c6c4faad48eafef519e", "HASH_MPIN_ID_HEX": "92e52fd7a598d3329558b15715cccf3fda6e24ba972197d26b06a67b7ce52091", "TIME_PERMIT": "0419865184919eba5b30638e28b6aec29aa531d52f436e8d4a3bdb14f2b2f1c6b8054f3a5d6dff6ab30f98cb9b37d8
26d226865a42bc40b539c6c576aa8b1d6035", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223462303438653962326565373530383233653633613931356631623436393566406365727469766f782e636f6d222c202273616c74223a20226564343532363861663161623062336139366531396534333632666365356561227d", "TOKEN": "0418484d420d5cf643aad539e9f52b7378ab8f4cdf8ef7bbe9d6ac9a6e8574201a192d203c66fc76e552d578aa5e5d8da6ab6017586927e43e70ef877766cd17fd", "U": "04214201e8f8cc2604db187df04bd48a50a2cc7a5aac0d6e098e9d44efbb315dcb205a66734278e4b357610f5736b38b82ec02a9fd4f0cbd9152cc2bbc17cbaea1", "SERVER_OUTPUT": 0, "Y": "0d2cc930460731529f003ff6b99a656193ff42acd219bcd9bcd197b35402a685", "X": "1e9c5a4c9440cdc3f5576c0b3569d84badf663ab1e1b9b8ab0999d1689faac3f", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"4b048e9b2ee750823e63a915f1b4695f@certivox.com\", \"salt\": \"ed45268af1ab0b3a96e19e4362fce5ea\"}", "test_no": 1
8, "UT": "04123fb3fddeaffe5dfb2478cc0f1a2013c97e1c41c80a5daf876db9c924ffce1f00fb996f0f656502a28ed0888c5d68dd7afdcb25e43bb2ecee079f923141e9f9", "MS2": "217c13d95a6f57116c25bdd53ce905935b3e72f9e4f87e32b83714197c5a83f3", "MS1": "0809b9fe12a5f12dd625571b799e28dedb3876365258642711fb1c4773fb8418", "CLIENT_SECRET": "041da982bf4b92c79e12320974547dca93d32c32f1f2407936b3a4304f0fe9ad1e051f463ee406d90b2177a7be888418a70e9117ec704b2a356b48c4ccd02c1f60"}, {"TimeValue": 1437055595, "SS1": "2124d878bc05ae18bfd1c1b8fdf06f77189f98e3b2658452e9e29b8e144fc23502c5abb9977897f45480f487801f9a61b0372e42a2100762033a42d132c06c3309ce8f44d18486ed0f2cf36befe624b04cacf33036b001a62409682335a22cdf01312a4ce2a99072745acf80e6f9aa7897ef9e5d41d1f865c5ed5b045877209a", "SS2": "0144c1e5e23be6996ab5291bc5f5ab178d62459ad52fafcdbfa35b38641289d207af3ce235ec7b08f0dc36ddda2edc15fae60b1b4d9d8053242e4d0b839ce43723084451d891609033f5299cfb483a04beeeece181f862e6102fe42434263c5c1fed38dd6b6970c1e4b56e00c43ceb888768fa42dd63cd025480a9f8d4c
bd581", "DATE": 16632, "PIN2": 8962, "PIN1": 8962, "SERVER_SECRET": "19e19ac0e2938b6d0789ea420bc80e440ddf6fa22bd494b8ad8c7760f4bed59f05f6819435e9be192adb5c540742c759137301da7ad2177dea93812ca592ae92121551dcdbc0841c9feedc712f78a7a6c96a2becb56b1e8a57bf24d18329aaa907c15539afb7e1f2b8e55ef4fb4608abf73404b2ceb5659b7cd14c83c264aa32", "SEC": "040697a45302c86abb805705faf9109c4ddfe09b0b8dcbd436c89f4b8741a6ba5215f2b5241045eb5fa5880dd4ef3e1b362eb28151e3ee0a1487590495662c1fd5", "TP2": "04195adc282df8e526e5fbc4c4266bb5f06647a59b8ac22c73c7fcae803abb9b9a0db18aa85edea9aa2fe25a7f1017c56fc34602ad6c38bdd9bb77fbae900486e6", "TP1": "04235bf05a09110757c3fdd994278e79bd49a22eeb581cf0856791442bdbaef2831e557b922c7f9a523c7305c797462864579f9a58b9c53fec4bd7cecc3cbfe0fc", "CS1": "041f743ccf91d3f774ecd3ba6014c4d686b860527e1ef0b415f4c69b9bf6031c1e0d9c797c091d3a950c64de89360556126b566466db4ac4a0cb87f2215b9eb465", "CS2": "04092d710891fae6905433a27d29f02c0d1512c34de55f67e2ba02cfc4c8cf71510a9070e17cfce6072a5455fea5b28b6
06a6f2b0517c3e41dcfa048994eef2d0a", "HASH_MPIN_ID_HEX": "2394aa62d7640ad3c8939742810e9edaa3d21be2262f41fc7eb92685a5a61c10", "TIME_PERMIT": "041db9b7dbca2b8dbb93b077b3f89799b82a07f4f4c090036f56f8fe2cea8d794e1369e5cae38ba6e122b478481037c6c576297e35f774ebbfa93da93f334ea568", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226633646432323764623830383462313965343563393539376538336366613161406365727469766f782e636f6d222c202273616c74223a20226664396633653435663064313638303934343063336661623232633532303166227d", "TOKEN": "0402eac396bdec8929485fd8b3982918e570e9dc99c21c195a105d8a77108497402098ec4824072f1c1b76e145bad6526b5d3099d9b85014193fbff9d9eafe3bc7", "U": "041d68b082675971f81a7b9e07a3e655d9468f68c9c81510072d5bce6d554bc11a1a52cfea598602ef1636e21bf4ec3dd706963fcffc067c1e1efffbe131439dac", "SERVER_OUTPUT": 0, "Y": "1d77eef22ca0c10bcf2c494263578727f331e761cf22022327b853c03ef0ae0b", "X": "069aea8e8552b85654fa45c5
d861fad0d4ccfeca5fe882225c195f8ad95f6e21", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"f3dd227db8084b19e45c9597e83cfa1a@certivox.com\", \"salt\": \"fd9f3e45f0d16809440c3fab22c5201f\"}", "test_no": 19, "UT": "04166953130501ee5dfa056241ead9e5604bf8c21a3b6cf2be6120107cda23d1191d3acd2092e601fac897faaae777119fc7b6a04710410102d17bdeeba54eece6", "MS2": "1a96dcff0e5b2aed8a034cd367e1e62cb3f86072daa1eb114c027419ea2aa9f1", "MS1": "119fbde8dd4f5125ffae67b4e3fa8c7925d38522a53e74583ddddf1475cf11c9", "CLIENT_SECRET": "0410b3cc689ba1310aa8fbcdc5535d5c9b24407f9c88ef4a86c157350a21fd80d0018191b9d651fa1c16d423daf96a673db93dbae11c8c6dabdd767ad3324a9822"}, {"TimeValue": 1437055595, "SS1": "167e7c65c25f80a1dbb94dea64e396b34cfa47edeb3476d1f95eef3d050552bc087ce425beee13cd4d388252f3c6c93d4d193c8be52010f6c7c4246682f3e0221cf00340798caa4b01ed402cab0073efd315245c10eca7ef30e833918dcb129707b402ebd0505ee754413f68ea4678475c3705ec3741077216f92f2d4003b5ea", "SS2": "196cc5d90cfee46d8
47d857ce81d46eacf09cf2d3cab6e39ff94f53be5a1853b198895bc2ee6e0c9f36b21491b64c55e469ea9501f72ffa5fb005d17807230bc0eecf00cc46aee4f0f58edd135c0754da36b8f8a13d6bd64393b2284f73f1c5e018b3be32d1f42d609767c456085be0f9bbd76072b4642f85529e7eac7069d93", "DATE": 16632, "PIN2": 8915, "PIN1": 8915, "SERVER_SECRET": "179c28b95ab04a03311a4fc8e2e6a9a6235a7faa093de973eeecb5fbded1c5881ef8cb0b9dc0fab3ad8e64b668fe9b12dbbcf0761cf076531ebb501254559f750111b0bc82312eaf6ca06c425691bb6cee4908c990061779805c50a238ca1baa0c3f25ac169b043e13af12816512e03b1a16ae44585bb46228c7ff27131311d8", "SEC": "041ef43672c0e6a1212ec033b0bb71f24130b4aa6aad40bff7c50ebefe939fca64109ac419048d814442a1bfb0bf87fd1c3ea07b410fd9e33b7822bdf21c032253", "TP2": "041752454b4e15800bcda5581ae89584144257f03b615a93a04a5406dbb38f7ba112ad21f2e44a96fd4cc32e0688da46b5a34e2ee1a1045586c6d3016afb84a917", "TP1": "0404726736a3d64c7c8b2410b2b1932d2074067b329ee33421cd640abe16380bec1e8709f278eb05b6bf4a4597749c32c0850108697e89669644b8a8b1442e7026", "CS1": "041c
2fb362a9d4ffb0afe4cc8cdcafd54304efd682449ebcdd05d4c5bc6f7bc6a1035d60a5351459dd682c86f77aefd37d65719fb54e0cd72c3c33621b0df6fcc9", "CS2": "0415129eff675097c289a3f83f16ad4af59337c927a5b3002aa170c251f1b3ceb007c8fa08b78badfda34f3301c9c937c7f339048939911803d761361aef202c72", "HASH_MPIN_ID_HEX": "4d1c63aef49f8b93d3255efbbab2436ead9177cbbdf72ab816bf2177c464c24c", "TIME_PERMIT": "04190542e10eb28527d27e15e7e7f99118cb73faec830f98d939db0cff66e9f3c61980a64c13e7981b249786178fc47d676c9e832aa4765aeb2065f8c923d866b5", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223763653435633934306636393433646236653731366432386235386538643538406365727469766f782e636f6d222c202273616c74223a20226565663866373434316633633637363766343037623739376262316636373533227d", "TOKEN": "040a94bdf3fd2e2fdccedf0a821a0a857919d3cffabe7e960223dd5ea2ebd9a27e02e6f1875e19cf327053ff39892339ef01024dd6d81e41086a19348ef3205f18", "U": "0406dd2bef46982c600cdf
971027c39477efee27e047bbe2ae34d2185b521c66821c0ac4ba00feb7e10e654159e88156f36c584795f1703157a72855d5a64229d9", "SERVER_OUTPUT": 0, "Y": "12bb1d67e34d8cd81c9173240432103d875c19e2310f27009c8f6b868cf5729f", "X": "07d02706a63911757c5b00ae15398bdf24f8ccf487f4041e0ea6bb559e60f4bd", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"7ce45c940f6943db6e716d28b58e8d58@certivox.com\", \"salt\": \"eef8f7441f3c6767f407b797bb1f6753\"}", "test_no": 20, "UT": "040c85281fbb9708ac7fb2c5190274bf7087cf1332c38c2d5fe384f48de8e31b9a10fbb585027474a148a7166fdb5800f1cd07b4324ac6e1e7d75dcfd5f1257e37", "MS2": "174ed4eccf9407b2b36c29cc2b2b64424edb8a5073e7b3fceeb6cdcf666bf166", "MS1": "03112b5d22d677fa7ed698d875132cff1e3615f37664069b49bba3405ef8293f", "CLIENT_SECRET": "0420bedfd98e6e1b3afbba847190577886a84869491936c5eb6455cb60fa367a0d15b7d7b4672b1966b3ba3ab9772ae16ba4f120a723c379c969997dd47bb1bb99"}, {"TimeValue": 1437055595, "SS1": "1c2f71028200c7743973eb5b4cf992278523fddbd85795df04
529adcb7dc721c1de51fb07e528562ad9a85afc5607eaf9222f17bd6d4b757a23c184ece0ae56e239cf45452afdd38b0944517e649d2e83ee0929e9c80b825c717e4ffb13904c71343c7afc2a1b67340adbde47c569b339daff386613a363a3d72783ee573d70c", "SS2": "18d90b9554809ddd6e5a848976ac047d3e4e8bfdb00fa303c316a6105d646cef181f8df4662c6cc65bfb2166b76f45188646428d8dbe238a999a75f149d6a2dd1fe1c057e7b14e5c4f0a89a04cccf7d6d6959a286cb517f0fd8a4638b7f1341d19459cd1393f70cc4546ea19dfb3b8063c5717a72bd4f607994d44e5338a1489", "DATE": 16632, "PIN2": 5133, "PIN1": 5133, "SERVER_SECRET": "11a02cf1ab17532996726afddaec1ba9583e17eb7e341504addaa59d3a8a1f4e0866d1847893cc0e492b2c63e88a9f0712dee8ad2fdcf413c5d381aff4aeacbc206d7a1ba8a3633b27f1a7e6f893f09471349b8f8886ce86e2e6df56c0fc147521891be43c631b0611a6d149b5aebee9f4165df4cd6adf27d4b4b3e73a6fa895", "SEC": "0423d9e7d837fdfb13508f39ea03e6931a287a2db022509b407f1209ac6c1bb33014da097913707d83f98686e16a47a8843be104d435f63a4e5b7a0511ee60d807", "TP2": "040105bc5aa447338e0ebea6e8ee1a211d5976aed2cebe1846c5
45aab2b7c2c4cd1fd9c5f031efdec25687a5ddeaba63229915fc3ae66e00f6cf453b8af89b660e", "TP1": "041379beffe90bf6abd693f8af3c70aae777a121d9fbb837c7da1bc9c1e46f8d20046f03d84c17aed6b6012c94d750af27431a0b6d7a649ad600625fda0fcc13dd", "CS1": "041d35e0e53a90a5ff9307b5b97eac04f4cc6598c280acfb5e19087578bb19d5690cae97ff08e2ddfb3a6e19e13dea1c4a2561bc5067c551250e75c3af85a94162", "CS2": "0414a98b6414877ccefb2ca01b672793db9bc915f4794c8d8a73997e829a380afa1887af1f82e2a1714f0a429d799c129713b89bd7b248bc596ffa5880e7a81243", "HASH_MPIN_ID_HEX": "b003096956cd013eac152ae591bca7c054de788b12c43844c79bef9c76113feb", "TIME_PERMIT": "04167a375c83ab8313938384fefe040b3e2f0aa84cbfba0de7648c22197909fc4a0002114b8209a202925507f5ce1c29157418fef7bd87a33b12166044b1be068b", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223561636463376364313764333537376539326461313332616663346534643638406365727469766f782e636f6d222c202273616c74223a202265646230
66363336373461313138313963613134653863376230323939626536227d", "TOKEN": "040aa221e9ee39482dd4b41829a31ec43d884da68199a47f47e59c7f8f4f0e9de61c0a5ff802a752eff1d20446b3c31c8994a2274124d94991033814ab7c380cbd", "U": "041d0793cfa683f2b0a2c68622a3f640cf03760b64d0000f84cb7168641393369309e4ba2fa79fbede4255ecf98aa230d6af79ecba6feeda92284133f63effa1cb", "SERVER_OUTPUT": 0, "Y": "07eff2cb21516f8dab028f07c58c4ba2bb1b477635e6bf9df092178855376d8e", "X": "1ce985372265305a72bce0de62e8d89a6528abe875831f553122d4ba80f6838f", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"5acdc7cd17d3577e92da132afc4e4d68@certivox.com\", \"salt\": \"edb0f63674a11819ca14e8c7b0299be6\"}", "test_no": 21, "UT": "0416a5f626609a868610e80fd604195b5161a0901929e8f020b0f952fbee287e020ee611ed055a8f7a4040ad4cf6f8984143abffdff6ac73f9fc3c069bd28a79c5", "MS2": "1d2861a78f1aaeff63d6ea6d8ab029dfba3b5c8fde372a35119a2de53bedd114", "MS1": "11ebf8baa2668df5b16e84095bcbec5f37361887f49434a9ac4bcea2e698e927", "C
LIENT_SECRET": "040ce22cca8d2b5cc695e5bf8257faf56ac4b0185326fb2ce03917abf94e7e498d0483e5b336a2d4642e738f95fc0f99e582f77e1de2856ee25fede0224b49874c"}, {"TimeValue": 1437055595, "SS1": "0de2e6df1abd97a21d971e8c23c136f4696f5d76f874988d9d9333890f1b882a12e1475fbec6f7937c216a6e9e2d17ac0cdccb5b781176651600098f2860ffab16cc48d6f5ee290628e75b325ee4b9a8b2daa85ddb29cf9c7a20de9e919f510d23dfef10e5d8ee8cd7c3df1bb7e300f2c4e03aff86f4d2072c66110d139c9c7c", "SS2": "0537ed4c3553b874dbcbd3cf7dada742f32beb9a1f16456d9f875b5e192dc66420fc831947aef46207325d040bbbc1ad60eb12a8c622f3458ee502f0a6538e0922d7aa479e1d28fe5976bd70cc7043763db42bb49c2889869267c85eb8217b56202c0e756ade871a1715632045c3af1057403ce8d98b7812b3748150c64f94c3", "DATE": 16632, "PIN2": 5337, "PIN1": 5337, "SERVER_SECRET": "1e167c030bed8123f52715dc647979c777d5d1399e59dface8de353eb64061d02216ddbb6a926a4db272f2dc08304d32e4dbaa188694875d31531c90f1a13eb617fa2a5bf45430215f329527bc812da1ac46802be880f14c6d48410c860423c821fa166e6d1049259a5f4613c214a231f8
a99753c09615a8474b7920a9f2c84e", "SEC": "04061e2d17b4c0e38713618bfb164e312525d4854efa314a22e328e27d559b6f291c1551a4469ba33b990e9303f212da7ccc21dc0bf53830a09c51c3d0daa3e8ab", "TP2": "040d1383c528d29ce6ab256696cc1c32485e96498d4b4c2740693cb20ca033e5fd1727d9b82df82aac69bae640d1660e196ed838f623f12ebb21cd9c7ca9ea0b5c", "TP1": "041874088d4210e3d4af1df0ecef90bdf7b78c37cb6ed682834b3654a0ba7bcad204f335edeefefe1cbc1fd5a6c119f333a0e4ef06febaf07645dff425a31e8f2c", "CS1": "040964897b71b4ee4b8115b839ffaab80c803d767e74c25c1fb76e7183b8219802043618edd91839ef1577b02916cb46c3484204ff012b58527c4d0543ec9294cf", "CS2": "0401a402a9b99429e9b988c14d1e700143c5ca9f253c6c3ae7fdd23f2af1c9886023b23159ed6c657b90885a87647a9ea7c436190a899c9cac70ae16d40adcdb25", "HASH_MPIN_ID_HEX": "810ddaea04c5c1d33f99cd2ca20738147f2618688908c6add5e8377b8354960b", "TIME_PERMIT": "04165d8518383c59296b87c59162fcd8d8018dc770f9ca59ba7a29ef86ef3b1497098c7533296fe76d06944a0146927bd2541bef8b4e5124e623530de32c0af4d7", "MPIN_ID_HEX": "7b226d
6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226166636535343831313065323563303762343262313464313033623736303464406365727469766f782e636f6d222c202273616c74223a20223432663433663332643763653166633935616537303830366237396663623733227d", "TOKEN": "041b08b4d707a900b0ab9212218e8ff782232bcb67d0ad7af0b60d4c639e5d6cf81b97bd65d88f275271f9f0d6828224f7a9a4684247675c88918d74690a3ca51c", "U": "0421e95b832350e86b14a172fb8a692b8bef7a7720e0b28750dec10bfc7db6d968055e183b3e59234c2ecb39833ca58bc2ed9c38343aaeb7735d4f581edbe4aff0", "SERVER_OUTPUT": 0, "Y": "132a35942ae1f78f44b94f3b1679c0be95a885f1230b1189a395bb10e9b48cfd", "X": "16a9570fa23c138241b87c46f694b2b55d7db4330fc276cb30d44ed6828ab801", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"afce548110e25c07b42b14d103b7604d@certivox.com\", \"salt\": \"42f43f32d7ce1fc95ae70806b79fcb73\"}", "test_no": 22, "UT": "0400c108ec2ed1de79cc0cfcddef3e4382626877e1937ccf587
98076dc5c6d43b902b67f5941711b5918a6176cab2709b7242bffa9a7bec56293f23130704e1130", "MS2": "059f060052ae587ed62932069bbf449d7aaafab1375353285ce084e6517fb02a", "MS1": "0ffa1676bee9ff7663186aa1ef66cb1fe09ca840bd2ddeb2fc9d06d7c3099f1b", "CLIENT_SECRET": "042093e8117bee91529caed016f9b7d4050ac26ce99a53b17ebda521ae230209b921f193b1352c023ceae47ed49b44a6632778b76e62aedcc68f245906bd2af90f"}, {"TimeValue": 1437055595, "SS1": "074e620a47c53adf4859d4df96bd5ba278f399f2c4434b73d2e5a711cda653e31c5e77295b91bbe8dc942ebf36f04e3c7c853c467cbbb9736061875867d84ffd06169ded374489a178adfbed46345efc5c3f1f2554799487aee929b526c1d5c81d6e76739578069c988516e27ebc2961bef6d24ead425fd720891e1b2f393f6a", "SS2": "0b412345b0ab86801c256a273cb8674d8340dd8c45fb920e09ae90676674d2d40684f28225cc206bb1883b89b378052be06097e2a1519f0f70c63b7f79fd0fa40fa865f48ce4b44e290e7a2a6ff2c3f29b6f81bafc8d23b5e3a61bbea63c15ee1aed6f9e2e3b34130388a869c2d624f683c2f671b34c403e8cd5be025ec8daf1", "DATE": 16632, "PIN2": 4924, "PIN1": 4924, "SERVER_SE
CRET": "10e6a2722cb79bb2a5542efa260d6a6078f605f58af34f6ae3e468e4c13d779501fd4dd0a767a12e82d2332fa99fca6884182b961b9c0015bb9c2de56aabd4db0710deb201c7af12a0cba3f1d85f544a8d6107f2bb71c16953868f9256cf27c000327d421f01cd561605435a59d06ef6fb2687df759200d1d56aaa68fbc570ad", "SEC": "04066cfb2a767984ce8de6169fe82f1778419015265d3ad7cc7db3058f9358884c1f5bbee103c9d7c0020a6dd484c231d83c3f1dae47807fdf45ea5fbe2ac07f17", "TP2": "040aa39e00812efab4d3754ad6e803166050fb849aae49f62c782449dfd0d1db5a1f7f61a513f5405c4083a1e5b4cabb0923042316754f94e95c05b7a2cb594bee", "TP1": "0407ddc4f87fac6689e93aef04b0a8262f088c28b264e4530172522db87efc1234216abe06d1cc8bdf91824a65167becd839f479d411966de354e290f07f49ac0f", "CS1": "041f6b62915debf363ddb2d61c54f1516f0a88fa01d2af46c81d3488c479eb82d719bf549cee6c84363d038a7242d68310bdb9bd184787fb45cb90609a169e9225", "CS2": "040fde7a3b1a8b7aae6d5a8ae72582363f606957707886a524a0976737b1e03b0810d2ab22e0b9b783c9357b0fe3abb26b3556ef0fb7eb3739cd92a0675fbd6fbb", "HASH_MPIN_ID_HEX": "7ac7
9a48b5f116cf3eae5cd1e9df9219ba17c32a0ce94913a7d0c7c1d0dc6eb9", "TIME_PERMIT": "040a28f1bfe51615f2a5cea19acf50771868d5bf8fcf90681c515ad75b169ff41617786c0185fdb4b3c00201d47e596c7244df4f2ec559f571d4bdc4734297ebb2", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226464353533306436363965633034386364306664626532373264633266666165406365727469766f782e636f6d222c202273616c74223a20223562623762616434376132636236363233333764333261613538643235393136227d", "TOKEN": "0414493ec8b984218d949ecccb715116a381cc04a6c8cfc6b41000f778130b49f4099d6cf0f1463297c68eeed7d56fe114ae937d6bc78d80111956528ccce18b3f", "U": "0420396f639a5c7d58fecbb68c13c2396c54aaf8c08e00e48b49c137477f4f1cda230ac40cfbf7fcba53f5f9e5548c453444acd3833b1e57240740cf5f7a0c8c7e", "SERVER_OUTPUT": 0, "Y": "225cf1573bd4eee607670d6b79090e174f6ed0939c3733964602db7090a32e71", "X": "1cdc04dfb5d0d9b320de97876c0c75a573b23e4ad3b3178b9ef2148360505a79", "mpin_id": "{\"mob
ile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"dd5530d669ec048cd0fdbe272dc2ffae@certivox.com\", \"salt\": \"5bb7bad47a2cb662337d32aa58d25916\"}", "test_no": 23, "UT": "0406261cf77da914a8812d2e75225df0e22fe4b378be2fea32ed9403b7d4dee2fa131363d78d5950d98445c7bed5d6724a88974361fe8b5e0ab60c819ee108f1d6", "MS2": "19737df08839b2c6bda04053818779c8f104363e0a49767896c7ea96bbf5986e", "MS1": "160b764cb78405619e1c0f6f12e1228e21483fb683b130db6210027900e6023b", "CLIENT_SECRET": "04015ac9e6ec0988d052342e425f6c3ebbcd284d7c72c7de38ad3e318282b5cc201738e53120b6b164334c18ec806af4e6060461af6682d2007bd1c74851026cf8"}, {"TimeValue": 1437055595, "SS1": "1dfff407a998e1ae42ba63e9d7468dbd0f3affd46eeb06e71b849e9b7da69f8a0ce1edad5779719277d96676c7d865b669f094f3bebb6426545ff27a02890fe10635dfad2f0c8438ba6743c21e62c87d7827dc00f81ae8feba72d57d85ece5c003a1b4f9d1401a292fe7ca46a9bab5a6709b6b4261ef5e318f1093efdbe3d92e", "SS2": "06a99f6fb31611e48df8511b84191a88dda865608d555a21c2b33542309253180f88dd3f84d165
0835bac39a472453cf7595662c780f755892422c959d6b2d9301f0204978248a893f2bcebdaf96923da5494f804694885c3873f228322b58291b48da61c416db1f2681982dcb864a655f1fcf5a32e8a725386d306564e5fac8", "DATE": 16632, "PIN2": 9815, "PIN1": 9815, "SERVER_SECRET": "160d008919bf09dd8b8c5bec1e59cc93af87ca012f94229a77feb6c0dfb4a185233a2fadb561f9fde70ab47e11131c7f54286dedfeb117df6866cf08eab8d1d91ba45c7bc3374caa693c30c5faa32240b36b03f0bf4b865cd5d99d69d0b0d72206a0db6d9fe55e29b8a5c1d8e5e6b31683edd94b3139979c59d74ba368a400f2", "SEC": "04040c58835d1674a02d57438bc34c75904d9c9106f197e10e05687cda0e9c7c9f151933eda2de623126f461a7ba4931afd0f6d7935b591ab15205986fa46e255d", "TP2": "0408853cc6a9fcdc7932eb3ae647e6868adc10dd2e9601e63425d469e4e45daf9c11745425807b8b782158d3730cd8f03777be0f751148f9498d2d9449c3e9c87e", "TP1": "041c9b3a7c918a93893807ed6f82a12e5e586fd709350cee72a4d770c50cc777970d9f5527511bc366ad15493673042cdc0c3515396bd45282eabde97b5828a5d1", "CS1": "0417b32b90fb099fece26252d8ff88256a6bdc27300cc3761f828081730d09860
d21b119e5dd11bf4435e6e706b830b68d8b4c60d2a57784a4896f46e5cc22d226", "CS2": "04108fe3a901d83e5b25e9f6350f096ba7b48de4279cb9d37e79d3cdca69e81f9a04dcaa9e0f00f9023fad0d8b1d8aa43474d10435c508f4dd90f01127846be5f2", "HASH_MPIN_ID_HEX": "048f0125345fd1da3cc4d35fd809ea9fdbbbd9d06dcfe4ccfa868d6dcf4cdbf0", "TIME_PERMIT": "04130c52a3796f04670b4b05cc94b0ee1de128fe709eb45210c86ddda7cd13c49a20efc52884cfcb2ab6590fb4f3e733f82cab78109da9374677ae6aadfd2eb84c", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223534363038396336353030336237626438383835353866663232626462656265406365727469766f782e636f6d222c202273616c74223a20223061363066363733616263646539303664666165366466393331633966623339227d", "TOKEN": "041ddf4e0f7be612572c79ab5818d0bd9e0d3538e39b0e566bc0f38f84d101f8ae02c53dec288ccdb536af7dcca995cea60bb88ac319dadc18ecd2246eccaf13f6", "U": "041839b3d5dd0528fe6ebb4b8fe0ca2d82de0d77acee6e2653e22a98937c39d23c0824f604c1a90eaa7
a7e5b48ef97495b1d6f17ab99f6081c5851de0d4e022939", "SERVER_OUTPUT": 0, "Y": "0125859bb5998d5d21053a0a32f4149e0ecf0ec2b996997d6506cf09d6acfb4c", "X": "049503ba3a07b667a049ffb092393cb3da468502ef4681fd9dc6bc82b09fcfea", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"546089c65003b7bd888558ff22bdbebe@certivox.com\", \"salt\": \"0a60f673abcde906dfae6df931c9fb39\"}", "test_no": 24, "UT": "0406240ec243897b2817de929e5c29bee7b83f8032b6963086045955aa1f9035a10cb5e09a277daccf493a3b41104e3168bc2b5059259142ae308e05e05fc92a04", "MS2": "18ae401f3f87f35f32a83607ad3d67ba237e62d3f0d6ac5ced86f68bfc2cec9e", "MS1": "12af4d3cbae01080f71957366897cf2ca849604b50dba156e8955a2eef1bf512", "CLIENT_SECRET": "0405510122ce97d8591538ca33435d94aa0a264df45c2cd1b982ff8b43282bd85219e1266c15049d1ff0e2cbb7d0ce94e3b691eb5ff5687b53be531dba9a94b97a"}, {"TimeValue": 1437055595, "SS1": "151ebaa9f4d3850f67200fba397a0e66c6cfbb36b02a11b4a369853ad88ffb800aa782447cb2761c9e2f2045c38a70bbade12aac474cf2b
918959e9dd68c22f709d56fcd55a557e83e669e77e2805ff218c7aed19de0038dd14c768d2251fb831dfaf4e9723199e35d4589d80e8502004b1a34da4dead7464c2efcf361ecb5fd", "SS2": "213f546044d639dfa60a24fe91c407d81ced9224ad542283ab2c1740beb5ab7214100dde7ab37e41be05f8d74d0b5ef6a42992b947173ec4fd285f4d38a047700908afac6dbe55512f5aa6417c7648aff1e56b9eba3ea61d3c1500c6a84c0800228824b381be3290cccede00f9c1ba6a4386a0b1cd9ae6454006841345c601c6", "DATE": 16632, "PIN2": 1580, "PIN1": 1580, "SERVER_SECRET": "1809f67bb6b94e6d382adfe85875475d34029a3096e604eac302754ae3af565e0256df4eb52058c5d25daa53a0c021b582065b6ab11ca2124f2895c03ac4130d03db5a46b26f3ff3922275ec33f99e737f3a65ae0b8561d359a7f2ffe8a0cf520af528509690ef2241175e2168c1be52944ff487b708297448d0d79f19549d54", "SEC": "04077364091300f87cda1d16a1ed8d35512639a87fb0e20942c43b71b3e3d90fb2118e893219720f55bd5a906d0122c2e25937e7045370a29c30393133b45b0a41", "TP2": "040b0253a183d292d9bde76392a0bbbcc9cacb978d7c64b5f0a8d55a452fa926c80e50679e27dcb38a87bfe730bfc7c6f94f2676a526c7778
bf0c16ad084822cea", "TP1": "0406563cd9d62aa692495965ef7e6a15de10d0882d594d0dbef04b4563914753311814a84493ff21cdd211722b958673f1119bfcbfe30f31cb522a359e08877fcd", "CS1": "040be1c34540b42ce63ce86c8f9bd4d541c5e5b699efb2286685a8ec88169e10c1203d97ff1e4ee1c5b3dabdf48cd6875a2e3f5aac2adc0a73715c83afb3a254de", "CS2": "04133ba77bda07477831747d1986414e9ea4b84ee97fb58c56d0f0d82d34ad84ff0c1d93fc2ea816a69e3c3468bde3fd71bd12a0a8c106b2d388b7f3f06871f25c", "HASH_MPIN_ID_HEX": "18c824e55cd98a799340f188ac38b3364174a1dcf015a5884b3f10a97384d7bd", "TIME_PERMIT": "0400652e779915e7000ce7e584926f4df9af98d93f2c68878f3738d1d13eaf87b01ec26720a9855bdeb48236dc67d1763523f9f17206c045d5524afa9c42725f35", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223037623833363365613330333738383464366539303134373465373435643661406365727469766f782e636f6d222c202273616c74223a20223466326234333631623961626364653564653161643561613633346664646666227d"
, "TOKEN": "041e5d268cd58583567f3b2f244c30b01f2f646c6d8aafad79330f10a333e2e4af17ef2b1fe4a2f27576ad4ca2092d1d7520d6c3bf70b3c64f179125944d82eff9", "U": "0417d114eb7d1f511ee663cde5c399504b1fa61c410c3b23bf8ceb9af8ac93178004414438a05a6992aa21ed0cb6acbaecddf5185ef02f383192aeb8a707f49f77", "SERVER_OUTPUT": 0, "Y": "0617e2f50a7b1cb0626ecfa797b24900f8d35f3bd97ac978a67bcd59f3ab7536", "X": "2291fa3d3dca7fa8364953daa645072837e5bf239f02323a76a6e4396e2730c4", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"07b8363ea3037884d6e901474e745d6a@certivox.com\", \"salt\": \"4f2b4361b9abcde5de1ad5aa634fddff\"}", "test_no": 25, "UT": "0421729c46379b414cffd7260b9a260dc6d7f796594b411be45db8787ee72ec18608e720ead5711be6e4d8398ccfd5889c840adbcf412cbdca437224d88bf9b1ad", "MS2": "1619d904f1fd6b791a0e81d8a53d35230938605dc79df72c1e064b425fa22882", "MS1": "04a8aaf65175a71ab4bfb39f53d30d29107a3e3bb16319ad4fb5741f31cf5c67", "CLIENT_SECRET": "041d423eedb4e2e0269817014f3a12ff25d28fcb23c54
eeb4c86ea77a7dfd3f53a0748f9847d077b45815aa98cf146abb94d6b44eccef833244cc0fc388e8aaeda"}, {"TimeValue": 1437055595, "SS1": "12a09577eb6f6f30595486fad7ebc3a1341162302ef9e433e1d001a9fea78d2b1e594e3678a081e7a07bc38b4fda4951b49756a0357a03e4f7abfa0bf6123b550039c1a85f511491e0f95086dcfbc796378760072bd2a8dd8d7ad8d5ee99b2fd07c9e5a511dee03edca572f6c55924e43965dda4a8fe086c84687796dbb44684", "SS2": "0aadd27990079cda4ae471ff46eea6892fd50a0a8887d5ea3f10921fdedb720419ab7e99af9079b144f4fb09b3f3fb63f0c76c677d1b56705c86df22a6fe760c006c35406106f3fffd0bd663ba1b0d23b89c1355e37f04db4df3e2fb87567fbb11abb1b261f976e2a5bbc00b861c90a9c4005dbd6f4c7c16ba63c077e747386c", "DATE": 16632, "PIN2": 5314, "PIN1": 5314, "SERVER_SECRET": "1104be4d66e7b41da565d7a950a86706f26f67bd7d387776f0bdce4d8207c8c420f1f771998f7fc73d2285401e37c083b1e1e2288e9b3922a8a4982056fee894149e0ec0f477a19c7900bc4626c61825be0c8e0bae19b6bf48a48ddb6d6e095a19612622d9dcfc627697e70d1ed56a2f5a2ba3fa541b00f2c640103c6358b8c9", "SEC": "04074f9aabca040e4c07
1321575583b917f498b40ad678bedd647e022573a12348003d0bb414033f3ce449f94904af23fdfde2a7d0d338bb79326d5ecb25334048", "TP2": "04076926a1869d6b8cffaf314b5f33acaad4ebdc0d032512ea53224d83606befbe1eecbc6299fd57a7a69ff36e6ccf38d361c3ad2c42466442612e6d6c60d1551d", "TP1": "04208fcc0ac70af091fcc1f11db34cc63d89440f193d652010b1c6a616d0098f341710f5ae655bc9411aec445348207796a029b757df761989eb3f535952c688fd", "CS1": "0406fe805766ea5b737fe5a2d53b6538733636843dbef935e27ea08f0942d10569146777aae7b40997e78e7dff12a2f5dcf64fb941b485e00301012355a9f844ef", "CS2": "040f8cbf8cebbf209ebdca9622819fb3b897cd2bc6474a3badec15cba6bbb2e240218c09039b8f119932320fcf783095c792915d9ee8349dad598587596a35ecb3", "HASH_MPIN_ID_HEX": "5d3cc05c6c82ecdbc5f32478fc0bbd3d29712af25ca03de3ccbf482507826f83", "TIME_PERMIT": "04219c5d61386561f326e77f2e74960bd28e5c399b209eb196ae561a15f2291dbb1f9fb9b4d0669980307ce16871bbebfc03fe2337464651728ce7bf83bfce5f26", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d3
1365431343a30363a33355a222c2022757365724944223a20223137383930393265313161616237323635313034386230653661333330323237406365727469766f782e636f6d222c202273616c74223a20226164306261666337343835353363356363306534393530353866376331333162227d", "TOKEN": "041ad8094f5dc854325eb5fb4bdce9a7a700d540d85155a7ab8571615390d62b730dbf614820a78ab36b959e24995fca0882c2fe3aacf1b9527da85fbd1f2d8c52", "U": "042227a1192f9e8880a3b8f207771bf8d6b906e2be97a137dd8b1686d72f5a9f93040e35c101958b467485f57a2253a2857dc18597eba8f66a78b3f21efe9711ec", "SERVER_OUTPUT": 0, "Y": "21fd7d4c993d61a9692b89cf37111744f5fd0c8db752cc7cf487a2a5f83dfdd0", "X": "09e317ac3f6c8bd859d237da5375f29df5a5fc7d2bba61b14c61f79ac409af13", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"1789092e11aab72651048b0e6a330227@certivox.com\", \"salt\": \"ad0bafc748553c5cc0e495058f7c131b\"}", "test_no": 26, "UT": "0407efee2974f26fc61d22d22921f8fde39d38ed3d22fef2c719d56e7d9b19bfc61d6ba818f5118cce77ae4134d408511f9ab26abcd1f347
2df8ab0ef54df1610c", "MS2": "149838282463244a61c727b463efccd995c134a0eb7027b41ec0c2fdfdd92981", "MS1": "18058af144c7ca55128252e66a7d6240b08049141b7da23318e3766dc8382b10", "CLIENT_SECRET": "04007862f4ae6ad3b1e2e6d9c8f95e79e30b5cea864e41940e34c4fb08a902a7680c5de89410f45ba2238debb0902c101607ff5dc81104fc4e1aea65b45f573e27"}, {"TimeValue": 1437055595, "SS1": "08b32d422e2e40bbdfd19f615ff8baee2e699bdea2b58dc13e46c6c888f9d3a80e1eae357df01fcb97db7768852a8b423e0fe790378c9f68a1915cfced5bc8ea1b8de66e5eb4a04e3791079a535e10796c9e79cb37743ecf0d26efc6585a418600e79e43953866bf7bbf20648213793ae3ab8d6d1d8a2c08b0d2c4f0bcf0027a", "SS2": "225553cc1c05a2486965787b11c4d0e78995aceb71041eb7008d4c0c8c5eac7c100d30f460de9e518c8bf7c1eb9ce571ef338b16c8e7f3e056856fbaa522dfef07fced161834cea6efdfc7937071196733e2f2f72b0473468e7236f720b1ce381b53bc9b959a697ef92b430fdcba8cd4f4e0abe63901ab022c333ba5400e405f", "DATE": 16632, "PIN2": 8419, "PIN1": 8419, "SERVER_SECRET": "20324c15c492ee1ce313d8f42b17e0cda1b9d3b189932ad02d818
3d33ca492e30ad43be29b00bb788b210d12baadce9f56b83a5bc582abf4cd8fcf6767aea78505eac294374643f64cec0dd993be144c7c6d68665f0e9f3d5b21bc73454aa50806d5e77eeb5a762b1371ae4dddf5bacbc0d19b8237d505016d5398c89fa0289e", "SEC": "041d799dc7f51d86dbd34f149157812592b08df03249ee253c5f6a998018bebc6423138bce980eb0eae79a5dac073a352d8742b5d3f8cec422fd163a9ab3e13c30", "TP2": "040befffc5c5ea575766c45a69945640cea75e92006e494037998660e04bf6af93082b6632020cf131e4fa619654f1a1031afb7eeafa9cb1a8b697ba0a4ccc1a0c", "TP1": "0418a17b2bbd9e84ec76abae150a724002a5289dfb9ac30b0f8059eaa018c502a116b576f68defe9dd73a512c3e4e12c1eeb225d484f336ec966360c77c19e4a2a", "CS1": "04103aa39f9f3ef8f6734e51371457bf7479b19f3ad0f412b8cd7a272964c4fd521feebd75306f8389c37cfa606b31a34d2dbbd009e387b7284eba24cc0ab0f134", "CS2": "04047761df0beb8bba110d7ee61a963c6b7746491c914837f5a7ce6aa5f0d08a7f0ba7d6a57745033725b93ad0948d4022779b6237bc1d63611288afe6dc18327b", "HASH_MPIN_ID_HEX": "48761a549a27198d7fcfefe27e94ce74a1df5ba6e1537c28e1bb295142b9a541"
, "TIME_PERMIT": "0404c0f1d1a1cceb30639101aafcc2bb8735f360aafa6876639feea93c7bc9856c1c95822ed3527d6a2b895169a70dcc859f2bbd2dad1b46d75d3cd8b23d37d844", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223433326463326463366564616632336330323133623063613931653363303233406365727469766f782e636f6d222c202273616c74223a202235303
<TRUNCATED>
[10/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/testVectors/mpin/BNCXOnePass.json
----------------------------------------------------------------------
diff --git a/testVectors/mpin/BNCXOnePass.json b/testVectors/mpin/BNCXOnePass.json
deleted file mode 100644
index 4556b1c..0000000
--- a/testVectors/mpin/BNCXOnePass.json
+++ /dev/null
@@ -1 +0,0 @@
-[{"TimeValue": 1437055594, "SS1": "082fc0a0f340a1d18b51be28d0fc1c14210361ee9cd89e33bbfbaceaf91b0ef90d00773c9450f6db74a254f4bdcdb0bd501a30de15975b47c82e284d5bd42f1c23e5780693e63da58f50535b2c012f89392df1ed33b476e0b516e78489726edb0002284e932e4a13a0e6e838be28ab8973a5fa9a60760e5682a0d29a8b5dc6cf", "SS2": "2387f35da03b890e44669846486d5d55abb85eb13f6f2929a5f4d65d1953cb670b8eca87941c87a1bc9965b71b023a6bcc5af324c0824789c8b9b45ec38fda1604257638e754f2b7b6ca3b62e6b3478ac5dfc8854aed61366a52febbf4ec475a06ebc4c6b7fb6ef3d180cb8e11d2fde98af8ecec3b35eacb111b594a2cc66d59", "DATE": 16632, "PIN2": 4116, "PIN1": 4116, "SERVER_SECRET": "22a04aa155b9f4e5d5f401cf4a9853a48ebb338703713f8267ce752cfe7f3576209066e00046a2b55c341e2c54420cb57d33cff5e0b5a5ebf924be1210b6a1c808aacef1a6650b76ca10e3cfe7e36c2cdd095c908485da362bb0e82ca4215ca0039fe6f40de85ae2ac6748fe4146b3bedac423bdbfbbc8c496aed0c9fc48e713", "SEC": "0416cc105db6b649eeab5c55d900a7a4e7335b17b20a8ee2421aaaa00a572fa767072fab0d6a85b789bbe9ae2d53508ebb6c63611555
926ebc7b63c074ceec5194", "TP2": "0423acc4d0fb3efe6c9083ee97fba7a28999f05b34988117615df402149cb20ea6078794313732ffd3d51b47e7b5f379f493226f643ea3a25d348fae094686e73a", "TP1": "0401404487efc64b49afad56d6ee7eaaf7990baffddcae300c6a0e93d3503175480858bb4d61bf5382598385a4f586b23490b2813ce8e5ab91dd7e44422b72adc3", "CS1": "041b0e0217960c6e3f764e2893ddd54e3f9742964bfb2ae0499a642500dad1101016980875b2b430c432de5201edd774b488800734da6801c9cdedab447bbe3bec", "CS2": "041c110579293baef562105420c760f4a27d85f5890c31483d7e792d4c6ad3b9c405b67d59b286a8645b5695b5d60683e5d2b315fba27b943ee4186f94935bfa17", "HASH_MPIN_ID_HEX": "b9b3d46398bf50c2f8fb451784aa2128de642cec70115b8a31d5e88a388cba4b", "TIME_PERMIT": "0414753542c15d5efcab38b4274252da121be0bc5da5e3f333d86a0a2d5002ce790051ecdbf492b8c5dc6aacd105d173e3e1473fd078cac83233ef01c361c0a5bb", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223164363764313438616266363765623934346
133393566623434326138623366406365727469766f782e636f6d222c202273616c74223a20226137366465353036623735653539396664316462626363643061376666643035227d", "TOKEN": "041520a19f8a2d6c43a20443572ef2805f0cf21887c7f076b3f503e6ffc09cb21a09b0c5301d32c8726d9f739c358ae5d7dfb3f00b8a8cb4fee84942049d148963", "U": "041ad4e457fb582e4f6cadc63ec7f11ebd4a46e0a9fc695727bbc93de98414e928068540af45c968ec0601a85eb7c0f25ed5d52385558b6052a2fba0bd1f7edbaa", "SERVER_OUTPUT": 0, "Y": "2199a789cdced7bbebb55761cfb254c1979ce5e42fbae192cb2a8eb37899a2e8", "X": "206e3b2c3d64b357970320cead5aafe304c10b8739ad3804fe050c41bfc2c7ab", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"1d67d148abf67eb944a395fb442a8b3f@certivox.com\", \"salt\": \"a76de506b75e599fd1dbbccd0a7ffd05\"}", "test_no": 0, "UT": "0419ecac47fcd2423252a449ccf49d1b255a150dd9db44ff42ef592510f2d898f5135d587204a8ec7eb49097ada47a2b1ee3d9d004521dff2f009443c6a841a680", "MS2": "17aabd87aedf8cc74004624696c4b9474cd4d0f8003718e3ed09b61cd75c
9573", "MS1": "1aa7e48ba225ddb8d714ed9e8d9a1cba19d3d095d7f2ed05e6eed04e4ada9137", "CLIENT_SECRET": "0419b4248967e478922fbb00f66b32a48dc9ce45f2bd3755eac7a03e5b7ce1a5ef06e35f21137b719f3734c193910c8285633cc564e64e84e2606696ed3ed19a2d"}, {"TimeValue": 1437055594, "SS1": "1f0a6786b8453e8bde8df371da4440068931c4bf5c9d7be2e5d09ba7c7ef534e22669c9d3500ee41c7b92c0aa938cead8e467d317e4b27c9cd874c2ed9f58653075b5c163df3b20799ef8a2791eb6d828112ff260feb0fc39dbd0b711ae41ae40f1b689524ddc805cda3b95ee56de97e9d71941fd44da0b3f8993903e56e90a4", "SS2": "1720ca642eb9d2d00fa7c83bb49173015c6ae7c0b5efd879794862da852dd5900924b2daa97a89327f64502fd5427ca1ea41b5e5f44cfb054bfad11239f50f4314ddd241a76b2e6aab9900cf25e2b32bb0bc01e22eaacc496cea8ae7b25c8b7a14359713e43ad650d3b3766af31c1c2dc147d384b8c814a0345ff2695e992d4d", "DATE": 16632, "PIN2": 1535, "PIN1": 1535, "SERVER_SECRET": "1e9be19b9e35406176962ec8bc6e3139573c535579d172e5091ebb5809f9f76f03f4255d2ad17cc3ca16f027fbb89d1166d2ee1987a01e13411955e1237771a70f5cd77a058033
890c454c4070f6008c21d637e994531e49161f5b11affcd50716b8f64f0e973f3a1a1491530c33cfb293df5d515d3406badc6cd922160c323a", "SEC": "040fd26f248ead0e35d09fe1c0fdcc7200de11633457d57dd0fbc4c8ddef7c173822d043acdbd252acc52c6b2823a382e0b96c3ba8493ffab4a871b98a0e0838a2", "TP2": "0416f543e42cb00afc875922ae6780cae35b9cf044fe16538bf294785501ddb2b3090e4327d1076d233d6006d39b63a4c8e72c7316613b7d5297537ff103a3ce6f", "TP1": "0407a3c2ceedb560cdeee862a86ce2783d4a0bf4bdf21a37b1de547bddf2cd213714551f555e01a388f4c2a2df07e0f1a53c41f1c096a0c830d50e2a0e4be2c857", "CS1": "0404891dfcd821f15298c948787fc6e94df28140134e9accb92aac9a07de99dbec166aadc9dac65e70f185950e975f7240c1dfd3865d256e5b0806215e13ee95c3", "CS2": "0403bc5f0a236271731e15554d3745498a6abb08a42bf0cf9fa844da1da2788267230eb2bb290c62e5c2ce533f930cccdd1baaa67da6ea5e729bfecce1f8b6d02c", "HASH_MPIN_ID_HEX": "6d3f66cea2c2765cdfea261c240b5fc80c39a4f784d8e35d757e2c2ccea4fb98", "TIME_PERMIT": "041756a2484f5a4c5e07915312580e638b89e83daa2b562b96cbab1872e396d4cd016eb
2bb4206260e1764311914b161f6b61c5c115a171b556d8cf2c3cbdd114b", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223030666162643461613133643966333161323063363662343665343336626165406365727469766f782e636f6d222c202273616c74223a20223362636264653031623164336334333031363766346437613930623235613561227d", "TOKEN": "0418ba15d2768f38cf0bb1cd4dae432ef784f023f36f4ade3f490d2474cd003df400d491f3e313b4dc68d8773351a38b228a4ef298a42c76c6e629f5739fe00596", "U": "041f0ba9c7aaf9555de4eebcb016e597a75b9dbdbafb9a555565fa3ccb6f8cfec311919858f4586cde88292081617320472fde1f15ae3e29f86cc8c3efb35c5ac4", "SERVER_OUTPUT": 0, "Y": "0b2a71dfa1d0672d86647e29a21d99f9d13d8d6f9f29546c495322f0f13acd81", "X": "097cbbc27ed253d20851d132e7ef3cb223ebc2d42a7d767b765d0ef1f4201cf1", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"00fabd4aa13d9f31a20c66b46e436bae@certivox.com\", \"salt\": \"3bcbde01b1d3c430167f4d7a90b
25a5a\"}", "test_no": 1, "UT": "0406835bc8f692fb8d38e830625583fdc20c910973850a21d5be88d7c34277833b1e21ddfc587ee8d48a4c22723aefa11634aea4bced306ce0a80fef945519fbba", "MS2": "0bd0f9fc9d4c748b7b6da167269a64c3e48642a55176ff791d0343b4306b5cd3", "MS1": "0c7deb224423caf8a06965f2b9246bac63b186c6ec05a028dc6d449e6629f30e", "CLIENT_SECRET": "0402cf0505c978790bf5bc58c924951fcb49a3dc318527c91a4546fc53d5292ac21901d96353861029fa8da9dbd0dbc17e614a5485cc21e3fa71e2360838ee49a7"}, {"TimeValue": 1437055594, "SS1": "11d662c00d0d3f881404d2acfae22db878562936d941a374b54ea509605895e52317a9b55f74077365cf35e4cb543199c00b96437f610544c9c7dd88be2e89ac238b5b4c798fdc4164cdc1b3299178d0859455df40136d484da12517c858f1ac127f812070e326f34837d41d6fb13209ab2604e1365abb267073e5179e43ec40", "SS2": "13eb1f135f668afcc19c6fa675472452d5567fced6da896bf01d3365dbc097f400b3294d460fe49828f1a0377d2876c203ae5515e4d0aed54040b7150f8fe8860649a6f93a270aa7eeedc28777198f920270d74eecad990af949615d60b205fd21b819915ed7fcf77a15e390c4d7d8dccaf18
fef2722c1b301995793d0ca8d02", "DATE": 16632, "PIN2": 843, "PIN1": 843, "SERVER_SECRET": "15061b323c65444caca65753324d843014fdadbdf9958ddf516679febb4f973e0eb5d3608dc32d0ed47ddf5c379bc2b724f0358ab8b968521d42ef1c22fc1a520a4e071d2bcb8240d63e3dd2d34646a3934336d126df77d344ac98004eb730a7036176b16db2c0bbd915ff95498ad0a1c98657ba41dfd2744be6942056f31e77", "SEC": "0400120e0d896c0fc3df240c1d87f9ce58b725ee008145f77f0f767fb836d7e3fa1125b87151e9b389255f4a1b85f32ac0ae3c62cb037f6f39fd4dbc8048380384", "TP2": "04237695dd784b268c7a03f11ada42ae65b200630f285876a0812df0f379d9f72b0cd5b68cc0abe0c20e2cbf2359a1a743cff27c79c0c655fd7f95d2820d759558", "TP1": "0407e04b24e6be31a1885f93424401b6a84614feec9dec0fc2ca28cfa962df7eb006a602e3a47b186fbfdde53e98fdd98c785d62a04e8e88dede489bb39ecaab83", "CS1": "04234a4d815221d901b0a37962bfba9bfed0658c55dd115387b1897bbbf63bd7bd17eab98d290564db64e3aa03b542c321760cb3354521ac991f1a24794505159c", "CS2": "041474f00ab39e397b3e7741a3beaa847ef604f819c481e04aee35e629924e008d1d5fd69687c
be1753a774ad27f206dda796064b42a36dabfb4aa4fa04dd3e85a", "HASH_MPIN_ID_HEX": "9b1969fb7539865c49463006891bd589b2bfec0afd10676df6fa942ad115222c", "TIME_PERMIT": "040979b536bd351f19c6feda495cce4705ffa80df29de789c37c9168887041e58e208cb5cd538ad4a1ab6a598112f7cc758159d165742697287a0c01ea216f4312", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223436343637353838323234313132336565383137386238373439306639653637406365727469766f782e636f6d222c202273616c74223a20226532383537656137326433373861383061323435653165626531363162343561227d", "TOKEN": "04178da1177afd7bc7787e77749b85714d60424319395c86b96d49b2fb02a4bba60702c87904b0aa6fc678d7dd7223deebac03674ca5367d2cfdd32b554f2af0dc", "U": "0405210ebf2e6f2ed2d4ab9f513d4dd154f93a2649ecbb591dd749b64220b6ed100387b9408a9abe4e7423b440b252447cf9d92bd04cec5288e894979807822f28", "SERVER_OUTPUT": 0, "Y": "141552e7c7d7f6e8e010326b047cdc37dafb5b1a89e20e1d069153571fa7c995", "X": "0a4e
225eb772d11ff7453f98fadcedb69e458c66cdce08cb14ee5588edf757c3", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"464675882241123ee8178b87490f9e67@certivox.com\", \"salt\": \"e2857ea72d378a80a245e1ebe161b45a\"}", "test_no": 2, "UT": "0417f25cacc62825b2ab114d689ab3d5b358c107b920f9405707d7f1a30025241f1c6055dc48c435048e868787bfcb6a4df000d94baf0764e0c4c60a76192b04ad", "MS2": "16bcff53023fc06ab79929a6a6e2ebb780c046868abcff7f17610a6b00ec124d", "MS1": "1066cb3cf8ceb0e0f71e369ba741f80e731b53207b1ce2dd2d3e8a6400bb4edd", "CLIENT_SECRET": "040edb7613c00cc632523466e9582afab0fba870c22793ebc47ec8d37ecbc538da03158232ad98096b902b2ca063da3b582f0b84d06d2afe1eecc2083dc18a55ef"}, {"TimeValue": 1437055594, "SS1": "096184dad48551fc6be718d6ac6cff22b2648c8647bf3e98d57d6b9bd63125751dc9a73d7690d0bf2e7fd158e7dc950ac24c08fc9cedd3cf24a56914037ade1819d97ff25c8461b13ede554e780a15c897a841fd15c49b4fcec3bdeedeb5bb92185d89f0ec9ae915000869f7c9f6aa689bc1dc14949acbae73c73f8daeac3ede", "SS2":
"0397ff8864a8a437731f3f70bd2fe73eee5446a626922522691dfe4b8881bacb1e51acdd8ddc023be9f55fd8ed84f17e2d1cbfdc40806b36665ce8819037bd3a2307a22a575c96995011597414e99f3b6c54c7f92650190be2ea70371623fc401b5867fc94fba21916877f5b1611b6ac9cb62a5a223433d58be4c7c88eb1dd74", "DATE": 16632, "PIN2": 7972, "PIN1": 7972, "SERVER_SECRET": "07ecd98bb128b1929360e10fb988bcc4835f2805cf044e4651eb31b0740c9b2522a7f9a2b1e657b94338f52a6c3ae3fa82dd81449c34a2e5711f97885a0337430a171da6d485afbec18b3e3bc9edfb06db32ff83cf53062da9aec4e437bfc04b19765945045a7f6c9328864c67420a83b56730653ae3fa3660e0a9c07fdc05cb", "SEC": "041ff80c769451bf49ebf438834f3881834095a1e6530476eaef9838546a688b4c1826f5dd251bfcf4121bc10ce15ddaf5ac131dff57d09e697afe1f63dc8f234f", "TP2": "0404dd64f2e493cb2dd84094aa0718c4ef7a246d5655352dfe6bd1911466bf35fe1775e0708bb99717b784ca159298f7d69c3c1af4c5f978e8327308fce4023af0", "TP1": "040ef12020fbbd48cf4a6d044bc4cf0b5e5df1e5afacaf4d4ab97fb0e1110ccb521d5c6c2e33712b15df50a69517dbf6531cbb8582ac2cd83cdb442bdd4966
16c1", "CS1": "0407ec4413c24e35ff0be16a0a555278bd57e0815f351b9d8217cfae896c4f066e18a2b4774ddf99f1cea6b16961abb2a41b306c031dd6736a08df12734ff1dd38", "CS2": "0413b3a31e3bb327d001f5fb4b9a10333cf1f3c2a0676e9f41b78329e34153d0631fb07d132ad8359ef92035ceb43594fcf7c0c5d70bf99b1271fd70c5bcc03d33", "HASH_MPIN_ID_HEX": "723060d6d62776526a40cdcb0234a8ea0b447f54ee16c1bdee7a97f85359cd43", "TIME_PERMIT": "040f7b4da94cc4af4051863a4a27b0c90e09df6d455a25038e011607b7a88a95c904d57bea35811bf625facb56ee00e720fe8d5698dba0567c7a2bfe1e89187abb", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223464383335663032663136356436646263643062343339306633343937343930406365727469766f782e636f6d222c202273616c74223a20223066613432636461663133353033396434623335396632383038373934656239227d", "TOKEN": "041aea90e77d809204fc186e391181bee0f87e7a62f967555e0b6c8ec9cf3dac30004f6803588943907ef5ec93c07f1828aaa01453fa364f5a8b1d19f82f08321f", "U": "041
ed3f1bac02f8bb2656b014ab5d798da097cea6a6a724b8774cfda0e3f49f5441aeaed71b3eb3d968b7e8f526de58b6eafa51f023a49016c0c706ebd3f537d50", "SERVER_OUTPUT": 0, "Y": "200bd00a38aa3f27fc7a67b344089863ae33ca25d61987f57621ba409139f9b2", "X": "18216cfe7274c2f260dde0d658566844d6feaf9bfb6455607f31b0d7d7defbfc", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"4d835f02f165d6dbcd0b4390f3497490@certivox.com\", \"salt\": \"0fa42cdaf135039d4b359f2808794eb9\"}", "test_no": 3, "UT": "0419a60643e9d6e8fac87b6b1c6dbd2a2d17b715b098c4a4e362770dc2374fa38c17bdb659f6619b5ececc1a2634da44177df04c695e20ecb11c56c8859e2f1d1d", "MS2": "0bd581f3df3e1d4165ff9abb2609e7b235a2a7b3a871e4ad3d25a1ccd987d51b", "MS1": "22879582bf9698f145408977f6537092b299dfc8a9dc416370b3e27e7051816b", "CLIENT_SECRET": "040645f40aed8439c91174c7af6607927865d72bbe6594a04b5e5edd6e0393abb91ad240f06e2742ec5bef19c2f142435ac57dca003f8646211a80fb639720756f"}, {"TimeValue": 1437055594, "SS1": "0e8146d948b9d70b5572ad07aa8f51dc
5d39d85679035ad20cb80cfaaac6ab4b040cb9baac13691e406dc1c321b354bf2c1d42fbe305715e54fa0e1e672b503f14b291275f8773416ea3337ef0b8a08e2f7f688d6a249d215715d7868496990d0866967bb777a97f1f9ea4e7d4f6c1f02f440d2916f78783f6ff51ceace6eaae", "SS2": "1b7fd428ac1b04f55da8832dab02996da7f43afc2947ea7131ff1a2911039fb805267daa99479588aebfe4973c1176f00c55a9c95c4387be2744f1e3e525ef78213d5b5ae859fc6a80963628e20f150f5a775a64e90880c89928b47ecaf067450986f5e2cdb1d7256dbc67f53bef50d1d5c03410589061adebd34595aa4f65a3", "DATE": 16632, "PIN2": 2095, "PIN1": 2095, "SERVER_SECRET": "21b7b1cd48fc25ec6ff595fba12da288a05018fe6bb029b7246509f8da4b777a1e85967ebf2d094cc682dd0528db93445f18f0152a3f4a8c0179dbb46deded0f1cad8fcbd074489bacf272168b5321e4a194682da5dd454e23ed64b37d237f2704f1dfb4e183c04f8b0afa3fbe35a4c629b62539c1dd92911d7fabc30505aa6c", "SEC": "041f7e3b61ea5cd8708f8ad231319f0917c68d313955fd7848e6752334b51dd6511c3d2e23f208ea0241bb3f1817b6d5b645b45ebe6b88e9b122b68cc439bb418e", "TP2": "04006fffdaf9375cd9b278d29c9c0abf39
bf0c4a0effb1972bc7721e4977afcf461eeb095e7e3ae1597f51a39543af218af70f506387eb462360379d0cd2848904", "TP1": "04110f5163c1b7702ec14cf785f76aebdfa033a679a26dd0144977724d1c74d8f709780815f04f1d684b53c349e5bd89760352bb9b99a9343976314ca127c1a50a", "CS1": "0402d4c9a2bb32e0b79af40e704d4c2308564bcdf1fcb0a413aef5384966cef45d03b94909206a7b77c8ebe9933e180960dfb0c35925da3be774a08576e8c1d672", "CS2": "040946615a7ca6415e12272626a969352c14f9b27c89ff5c676fadeab625173adf0e7f66fb774c4326b2e9f91696a4e5dabe0aa9f472dccde05b316497fe6951be", "HASH_MPIN_ID_HEX": "d18f4c069b67ef01c59ab00ea108d313357a83a6c7c24245a43203d87189bff1", "TIME_PERMIT": "042105ee8fcf28921e3064bfe42b67742a656f29038cb1e848e077df11dbbb2e671df987b6399e75bad05e28127cadcdf9c0c8731569292407afcfd3d2c17ff947", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226262363164616262656262346635353761353635623965383239663762613638406365727469766f782e636f6d222c202273616c
74223a20226135316234333239623639633661333739346137376330316630653966643539227d", "TOKEN": "040490b0c665b0fffb5f0deb68b353d527b22553f78ed2b411347f5746b95a437d171cbc02a442ca4ad04a967439f2b68428347d3711820b1a0d6a1bfe63baf1c6", "U": "040b770249bf14a784abb093b016aada2d51fc19fc24e2ebe81b26d387c39d5b1e0a8100b1637afc48f9e652983037a85eab3d7d1521d2fb1ca704d5336ea7b6b9", "SERVER_OUTPUT": 0, "Y": "0657e0e6c275fa357de7efd9da1b0d514a70bb5f433c3202bcf0eaee9efb3800", "X": "046609f66f3a0ed3731b585178396e3223485273fc86896ca4f211010f80c3d1", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"bb61dabbebb4f557a565b9e829f7ba68@certivox.com\", \"salt\": \"a51b4329b69c6a3794a77c01f0e9fd59\"}", "test_no": 4, "UT": "0417aa87bd03835346b19dea1ec2f36bd1cc11889aa3bc531ebe9dbc16d70c385010ae0ef8893dd44f56d2886381b5e6aec8cc378644b376b7651f74b51943fff4", "MS2": "22c87d06f40485ab525783d3bdd711ddefcd867fbb2928e73568d8740f899783", "MS1": "0dddf02737cad83ab6ffed65fd90c869e019bc554504053da39a
7b22d2196a3e", "CLIENT_SECRET": "0418e5906918a219a2fc340c39badc084bcdf3a56f06bc6f4be3cc5ee3365a2fa8046c0c52a140d03723f72469624531aa1c69f24c1fbfd040648880e68c8963ec"}, {"TimeValue": 1437055594, "SS1": "10a3adc1c8741b9ad13f4b076f9e1ac3bf5e8722079cba07c6e5bdf765b4646100b30929076fe47aaa60f9068edf51a513de543f48d20e3475a93e60070ab2910077d4224213c623467e55d15ca099273efcaf25c58130762feff3e4d35876d21224b7ac1cc461d4306e680e03b5a241a71108af57b2222ed27d373a30b3a786", "SS2": "13afc176e27670ad37770822255cf4f6c11f4294d42990448a33a20f7fdd64ff048431f72e300a8d276d60db5920901fbf25ad7a219a5ad1cdcf53540b0a07a907656a8ff8081154c70e3bbc95e0ac7d9b67370555419f061a7f86b1435e29a408eb946f33070d9dd10995e475f88e39525d1c710b169485782f3a2176371dfd", "DATE": 16632, "PIN2": 8078, "PIN1": 8078, "SERVER_SECRET": "00884ad099e601ebf3ec8f215421568d220fb184c873b9f207a0b88fe82760ec11e7d2c74dac247f7ed8c96a04081c2bbc1f1bbc0270fc960cdd1c54f06064c100f4bcfa3c9ee1ef74408bf3e6f91cc81ba0642b42277518069cc65e5803c96c0265a634fdb90aa97
a85aa529a0bb48768c239713c041185d795c9975bd8e557", "SEC": "041d06bafb14d9af567985b4b4f8c0962f39bbfe1af8e659880f1aa673c3617a990c9c348c7a930f23ffc58761569fa274a34eaa42ffe5f53fefcb73f0e2cfffb2", "TP2": "04202748065930898ceb38bf60b3977a79a3d4545bed8702f587909acdd35a78bc1350dc58fc5bb5293dbe8be5d4c1062f0eb167e4c3abc14416260be73a5ad19a", "TP1": "0420d58ba4214c220457ecb2d3d074be1cace5fa7ed0417855e85ccf2f7ef98cea2093565db14cab29bf3a56915ad570329215ec6bf1491b48279ed9f6ceb6959f", "CS1": "04158933bd760bcf6e34da8051c8f42a82d6e66476ffcf7aafa594140d2a145e8d14a6765f7a4826e00796513ae46ef490447cdfba63be0e979924dc1e867848a6", "CS2": "042047915e66dcf1dfe0316578848a5c594b20d836a8425b65aad53432df3b668a190d40d269d926e812da35fd78f5953c85cddf9efbb2f856c9f3c8f1750c5188", "HASH_MPIN_ID_HEX": "fb3f7665ed8cbf079670fba05eb827a2d763cd486cb56aec90419d3e6291a868", "TIME_PERMIT": "040288790fafb7a98c9459147501eb077be6733863eb70f71a28b7f102b8319ed406c6bdde46253ac1c2a8772b25c2f67391f091a8d090885039eeb895b39b6ccf", "MPIN
_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226639636163656331303335346635303836653731386436303538636139616561406365727469766f782e636f6d222c202273616c74223a20223735623266666337613739393839333534343730633438386364383432386339227d", "TOKEN": "040537801d02d60a83f7722fb24e8c0d9c9d12e2c9b013bdd1d2aeb62c6d118a3e1f432ca640d1047ad6e77ecb65fce80477aa1dec572cb9712d39035cebd2ef87", "U": "0400804b917f101a53a7d022ab6196c94a0c7841e085980af4c013b8366f4ca110232c8e1b45862d111ef5bbf8356774b9353571d205b6d36afdc4cf6054db6a06", "SERVER_OUTPUT": 0, "Y": "03ee9a72b9df62462599a9cc2693201543b21a47e9d4409af2669c4ccd2293f4", "X": "0ebe18c010fd571b9c6e07e70a75b0ed65bc8493cbd50dcb43d7ed4f18b51e91", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"f9cacec10354f5086e718d6058ca9aea@certivox.com\", \"salt\": \"75b2ffc7a79989354470c488cd8428c9\"}", "test_no": 5, "UT": "040a6ae56ecb3db3eef308351e4a4ed31c8
9d336938f866b8fa4d1ec06ead94e4f19f6ca08e54d35a45a3029714bf72adeb6dc533ff9b3aa0530857a2374403987", "MS2": "0bc993a892c446df37412605ce25c6da06c3c437a4d9d750633f5ad9dd09111b", "MS1": "07b43fa17f0c70a4512c6f68d4707cc074e27ce760838bbc1b8ebb21520d72b0", "CLIENT_SECRET": "040266c959c3443ed20985b29313905d9bb2f04bbb9c8becafcea36643a3a1e2f21955cdc0b0e738898935d05e4e13db7e88e05e0c59716e4d07ca429f57590333"}, {"TimeValue": 1437055594, "SS1": "0f78b32b38ba387fd26ead5e6f4c432deac4690670d1d0f075424f66129cb2ce230fbbcbc83fb5f1c1b1f68556bf56328ee9b1af888ff0514f8c3ad218d24d990dd9c23da8587b973ebf37f6b264460fd2f94b7c33b50421c7a29c1e8191767e14271a3071a0d47119722a51b25b0369ad93e1b624c275126145519101b3795f", "SS2": "02d08830dd0005f363fdaab76e8d1ee272fd3422fb07aaa82f199cb0e76638ee0abb2931638b889e78cdde8c682d6839a439451d68f5f1bf6ca0def20bfc588912d3ba0d2e11b77be1cc002ce4f1005adf8cd3f67f75d00a76669d167782b72a0d5235a3f35c4df015063074bda3dd5d3bf8de5aa48100a94d053cf9576b0ad1", "DATE": 16632, "PIN2": 4279, "PIN1":
4279, "SERVER_SECRET": "00808d5dda133e05e941a1f8d008b570d46d880899177cf31fcd94c6ecaca28321944498857f37c52582961a24440675180374c9ffd06d77fde95e43cfc5d420153314a34813bf99f7bdc14e9725cbcfc6da1c7fe41b93a79e8c281e236df6f80f9f21ba91456fee210f63c7be9f836d6f18a66960eb11fe8125ee3dce9a3f8b", "SEC": "0416b67473f9566599323edf11979b4b76bf103729c451984abf7e4c3539cb67f5166876b1e8bce28027aaec38a79381e48d65fcea0c0c05ea0f4c7bbe5bc1b992", "TP2": "040f8fb9d70f76911319a347183879839b297bd8be0eaa8e3f75e01446513880d8000aa3d2cd9d8bdd8a4eb1a830ada0fbb9bf110d0d776d492b7043f25a4912b0", "TP1": "040fd9f0b5dd776b64ce58bf3ca58fead5b40d6f6cb79ba26f744a4d640f869fd2039b32c0daa0f6ae7e7624c2959ce51e7f333365ec6f45307fa65d3d1a4b029b", "CS1": "0402dd9f72640c50b6e9cd74303b43d90e566aed4bf72cea2e5054c409b6242d0b23f1cce3a1ca0d5db47218e370c8aae17d76fa6cb87d5a844fd36494b7bee915", "CS2": "0404317543e7e1f968d5c0831ea71f9cb928b78f0cefbf6ebd3172bb42381d8a8e160cc4556c1bbf587d92f53b6569c6a4924fb50bb12cf62a468507516697b6b2", "HASH_MPI
N_ID_HEX": "54bfd095e20f198fe23a2fbd5eac675fe66b70d041568ab441c8e81edb03cf19", "TIME_PERMIT": "0423394325000be64a6d3f77037021307de7740b873e232689bfb75528f036cda41d33c9b8891eb24e4f389cbe6f9838a7bd301340056508ebd6523024cdb1e07c", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223964326437333338363163383864373337646436623039663461316430303330406365727469766f782e636f6d222c202273616c74223a20223137313262376239313532343363386637396566323232316363666662366439227d", "TOKEN": "041dd1ac80e615447d65bbfb0c2f58743be6a8b1fb9dd77bcdedf2f4028afb0ace07f358be0aec025b94e2839f865ab93d5b08f8a668659198718edb82b43de8d9", "U": "040dd5197c3d2713e06f4ed7d3ebb4a49df0b7642b270fff77b815c8ce0d39cdee1558346f5cd01c13acbab64d9bbc5d3b02b0188d75435e6a16b3a0f55cb653c6", "SERVER_OUTPUT": 0, "Y": "09c5df8d16a98f6feada6abc8d4be435176e1020456cd3763f6e71524688259e", "X": "093f87857bf06fa6e997adb38f997a9a0e96b56e541a4bff4bf89cf806422649", "m
pin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"9d2d733861c88d737dd6b09f4a1d0030@certivox.com\", \"salt\": \"1712b7b915243c8f79ef2221ccffb6d9\"}", "test_no": 6, "UT": "040c765d42a810f20b1c201169e867c2ca96699dd8bcd992b79736d38cd0a9ef0411844e878dadc48aedc8a2bd3c8f4cbb93f94c7df2a314bcd0846a342f1a0dda", "MS2": "0729216104cbb6bb3896c59f9b8592c9ec108c8e2859f0d6f5a6ca31a23e1049", "MS1": "05bba4fad041639a12dfb112b91ff152bdd3d48f91384474e703faae774ae303", "CLIENT_SECRET": "041cc63c1bfad23602b7a060996aff8e53f93128b4efffa724c5144a1a43c6c5fa0a66969c0c7e903f0c2008882a2840478eed6a8d83208fe576d9d627e41ba22d"}, {"TimeValue": 1437055594, "SS1": "21b6f31913fc69f324654dad9f88234fc2f4115a474d931e96c998871c9989ed0118f1a767072c15625ae67ee9b9dcfaca96b15fdca09f588248ac588964262d0dbd595ccbbea6520f30945537c80b4c118084c894244d979e824c322a1cd1620f88b875cdb1aa21f453bc87baf3b9886bccfa4cfd0ca95f7da84dd7379fe057", "SS2": "22586f28d7b03e1f3a3ba68fceb1ed27b3873ca2c5b998e16906a8fd99ac952
21ffc2ddf57ccfead7a2660891787f9275145f4fe8177255eab6633f01ba59d0e18b9b07f51f4d0a3479f035fc94fe86fb005d2411cd2b4669cfefd7b6c238bc7129eab2670df19cfb297d884a8569ff4b24be28578e71300542770f9acd928e4", "DATE": 16632, "PIN2": 5746, "PIN1": 5746, "SERVER_SECRET": "0e87db97f7eceb032600bc40d6d2a84c6993220624d4efc46292e65008d31edc061c3866465985f129cba519e396263f6184ac5c0da5e69d41a3905cecd830a523ecdfb47ca9175a7c6728e5ca02ffb930a0ce5323e7b0c438cfb8fb9faff40d10ad917b37db62905008ed014d1bd2e0b47c1007b0b6e87b5a6c109e01d817e9", "SEC": "040cdf22125169f73aed4f857579d183e03db05d64ea168f55b0275bc57775f2cd06b262e4309ff803bf829ffd6774d04d52ef0786f1a3c41a321cd7a70330afc2", "TP2": "0416c43c08e70511669ce599a2a538be12d3abe3582cc9bbb6621411252f4b55620cf40aac5c8a91a247f3d9c19c4cc41d27b66b4edf7f0e69f806c4cde17f9c33", "TP1": "041c7fa68c05c3e594ad2d9d0e4fe6b6e4bbada23a907945d2818d02aec635158e0b6efe2f6bf1e2424d6df92714ba9a2d4e64a8243fb0a848eb6842a527cd2ae9", "CS1": "0405c2bf4e5c9adc83a276b75f13a905c151ef6ae6c9bb3d7c
c0658b7c32dfe91f23afd7edd94a83e7810bf109e1d915047edc7121f758663a89b7d4123424d96b", "CS2": "04046cf112bc3fc901b3d76e54598c007d63db4303f6c06659a2b3772a320fc035233c50c2bb0349b2e9269b8a251874c2ee8909e92c42f3229ecf06b62d3170a1", "HASH_MPIN_ID_HEX": "206f4a9004b84070917957956889423641af811a1492e62ba605048f56fa5eb0", "TIME_PERMIT": "041d957b1f177871d7e6ee918f409c5b2aa1488550c0c102e15dae1f8ccf51d36f01038485126f678541329ba586abd0e9737597eece1021796f13006b894d40fb", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226264373731636335613832616433393766663230316463643739616432343066406365727469766f782e636f6d222c202273616c74223a20223132373661306331353562303466383861613139393530626238643734653331227d", "TOKEN": "040613b45b65347385faa4b8b748de0758c16e62f8c0d1c0aeff1153955c4e9f091f5d5a79be1b176c316d20772b6b7bf58091f2cc2e3b8503d47fb2acf87f1280", "U": "04079822951ad9acbb6987ce9658b98f85f0a1e508bc03771fd7ad913726a2fb1600
f8e000ea67f1e7fabd7c2ab65a154baa45bf267a77431d73c4d1f79f2d973d", "SERVER_OUTPUT": 0, "Y": "22083153ce467aed9bea168eb47189832661c35ebde5b1408670c212d91b1d27", "X": "0fffbfc5255dfb3edf9acb19266582574be3cd332937db79cf3d4c90bddebb25", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"bd771cc5a82ad397ff201dcd79ad240f@certivox.com\", \"salt\": \"1276a0c155b04f88aa19950bb8d74e31\"}", "test_no": 7, "UT": "04137640386e8542a5b1b21d70b69136ee38f15615e4f2c621559a544ad144d48802c7a8dd2b9624f430d5d1b804ef4a6407bb3844f6503f73bb5147070dd64be0", "MS2": "0583c820e45d89f38f5510516e8be013c64b81b17dac596589931a0956bc28e2", "MS1": "20d705c20f94e32d379c8bd296897b2ba3d8905bb2bef4536f359d59f32d1e08", "CLIENT_SECRET": "04137540232257b4a070bfad94eeafeb04b9beee811b7762ca389aec02757e4b2921aa0cb981584c00499328e01114970d2f9da4608c5954f681090931edce3834"}, {"TimeValue": 1437055594, "SS1": "20a60f2545d0335b128292a44ec19a0685de6e8e11a7f962a90b02ac3cf54ef5161bf52be280b96a66cca3bfe5d4bd259
eaafb205b5ffb8bb1947426fbab40490f679d1a5bd8279cf482f1e58f2ef1b01ef8a2f276f40b5f236b791ba517d01a0c11df7e7bfda3226500dafcfa7b5ac625be94b3a34b85c784ac7f22bde58f20", "SS2": "13ad54fecb98e01a03bcdc960316b28605c4c857b47d0ae6f9ad0e81bb6be1d901c8a16831756e2de7677cdf9a879f6afeb8df5695610dfe3528a4bd9349e53f00268b0b7e3b9582a4c424e57e60ef9e0ec883fa3b39d6791559fbd60a64876c10f32e1464ccd70bd24cf7fae68db26e883c23aa1f728f0caaf3fc5ca9a59d59", "DATE": 16632, "PIN2": 3888, "PIN1": 3888, "SERVER_SECRET": "1559df9b1b6d8f7f920aa73f7ce7f6ec7532405185e962e63ed2ae12351381ca237efccd5acd68df2276e1e09bdb9a3fc30d38d86bac755d6deed0ff61f509282366658f4113a7de19d9646d9f6552b0aeb327a20473e9f1883fd0051739c0111640ab70cf4ed9456fd09529a016f36e98442156d2f7817c185ddbb61f3d2dde", "SEC": "040a051572b5b03aaf2c9f8492c22ede2d6df6511468954aab48375666ad6864e01e4eac5b5c25adc87a8b02884201c17466f2c6046f2fea51de98873c4f0fed24", "TP2": "04202284eeb4dd52548b3c812d6355d173a243cc8e54080b2658197fd36398cfd20083e25a1edd7570833cb4acdadd9747b
149ff0ff0d4b8bfa3cb6a9acc302a79", "TP1": "0411b7463d6cfabb4363f66f5b69caf4715f54c6f58da20853bc6b27ab82fbebf31c41b9ce746e4b14c51ac1c0ad4cb95960ad758bf3acf76b0274e490dd25161a", "CS1": "040d6e106c1e31e0a1e43b641b35e62fd9e31b41c513bb7a736d7eddf51613c7830f16e3cad33f63541defc7b07dda7e5a0abf7bab2548798b838e68e0f705b60f", "CS2": "041d6d7163274892d3332e4cc38bbb7bfa8044b822fa766e51b292474719f0bc0508d25f620b4b774ce10edd25527c9ff42c959d6dc3ea835bd33f15032b99f169", "HASH_MPIN_ID_HEX": "366c1db0bcee4f5cf381137eabbef20459ddb79539fe0376164598ba1e83e3a7", "TIME_PERMIT": "041a0469ad551e2134f770b4a617124a5ef45007f84d0d8be133f9736adcf1a4b120ed4638c346c940d0447c4d1cdd251dfe7237ae2bed301ab2fa1123ebed5a5d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20226333383535623531626539366566633335363565626261373338393334373838406365727469766f782e636f6d222c202273616c74223a20223265303034653133626563613630616465353639376339363238326
230626439227d", "TOKEN": "04072981d4a182e4a97810fd7c5b127b271ddb25f642e5c73464452558e495b1ed190932c9dd1629c5f1f2c812b5b3554822bc18444d427f1f490192f47a6d8940", "U": "0402cb9f9df17368decb230ad2e1814d16a3c63dadeee1f0cf4a42e41049970bc821dc8de133ec69bb223d2087bff06f0f29c6053a0e1bbd990d3afdc37002b914", "SERVER_OUTPUT": 0, "Y": "13904ec0396c16e53b85eaffb95feb346911d840356231e2e1080523c2dbdcc2", "X": "1827f87c0832033e94c11021fb9521f41bdeb11e03badc34bcfa7d3c25646d88", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"c3855b51be96efc3565ebba738934788@certivox.com\", \"salt\": \"2e004e13beca60ade5697c96282b0bd9\"}", "test_no": 8, "UT": "0416a964393c27d2ffdc9a7321ffce937d5928e87f912cd279e621d01a351da8a31a4089da68f56e8d678b6143fbea3ab0a4e521186272e984dc7157ae020ce719", "MS2": "069f5c42f679b13e16427fea489e1c2a8c514b64e0ab645c4ee9fbb2b91d9e88", "MS1": "133a893ca750b4d3a8ea2d8f60a1f1548eb6cb427cc2ee946a1d59c10b51ddd0", "CLIENT_SECRET": "040f8ba4c0b70e5bcf122f44ff03bfa2
cead2afa4c9f6861311c021d0230835a090b565ae081547189b254113688ff0ee6a192e8c10150bbc0d80724a9d3ad43ca"}, {"TimeValue": 1437055594, "SS1": "15b45fbd93ddb2bd318f7bc487f92dfb8235d52208d1c830060bec546325ebe706a873544a271cd4c9d0bea6d0ecf6f16b0467280c5ab6f2ebc5040835afb0a61ebe5200737be76a1fc9bd391f34a7306086a4a6b2dcd0397303c29d13dfe1b00c58dabbcd320151fa44de1423c830926fd7fed46423b500c998abcf659f72e8", "SS2": "1dfce70e7c09807952eaef736cc997e4c4ee19b402da0db4378d784f4c3e7a1009d4d45a703792d9cd060948506d69136211cc19d635288c8e64d41470af5c8107e9b6e418c4b6b3bd859da608d691e62b7205df978443dc41ef1d5ac6bba36202f8e0d429f84872be9c1db38b1dfe4253eca8d4af7a3202ad931ed0692a3c9f", "DATE": 16632, "PIN2": 8616, "PIN1": 8616, "SERVER_SECRET": "0bd98bad2de5a88851e2814670e0b3c8e39732f147b333eef47c5361747bc13c16e7fb89d4f8ce663fa125982cacf7aee3a52434847f4c4b3df4edd56c0358480ed5367d49011f07d9542e8aff025352f63c5c90228e461c230f4668d0fd5da41e3ea29515138667be93a9392d7b4643349c907a98d4b97bdd35fbb76e58a12f", "SEC": "0416589
fbab198df5b33aa40e0ffd9bca5ef1b8f631ef0e9ef5f6e91e8183762370890d2ce12d9f8eb1a4d6f9d50e25cf0f64c76ee4e43f19f04db56badcd9aff7", "TP2": "041d478719a1858f2be62033ad8b114a3b167d2492f5fd24ec7f0583b11e84903022d14127d8fff71d4eb30e7ab38308ed61d5f680c69342d1b967e97436f18677", "TP1": "0415b0a5f32aef0e790255025bde8c50c90b54ca77a88b8de89677df98148c329101c2541fc654c40b51be9cee188352f32faeab107888416b1dd2a9ebbadafe71", "CS1": "04068220d5205b39a4274be964b0195c9f66581d4bc963b9688a7a4d4b413513ac23bbc9475767a3482f1e50e3594389f8d9a32b718acce405a9485f7f55a89b21", "CS2": "040259c9cbe5e1062653d070ddcb9446b991f70c230a8436028a28668159bf9dbc1ece0f3c5fd56e129194a7147a273ecc415767afe801b2be85cb3ebf923a1088", "HASH_MPIN_ID_HEX": "fecf76c1416f129206e9e2a3fd3bf7230788c1130756e963183521dc2ceb3936", "TIME_PERMIT": "041fcd55a07d40cea6e676d248bd4601707543a721b91ddab9767e27bf2285cad40e63fff0540f193af36f520b9a79ebddf50ba70577b79da52c312f84e5d3a423", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a20223230
31352d30372d31365431343a30363a33345a222c2022757365724944223a20226663326237613563393333623638323238386238353531393932333231656637406365727469766f782e636f6d222c202273616c74223a20223137316632613566643065343861303832373336393531313363306566666434227d", "TOKEN": "0416189809d726522f49c6c2775d676ce214724765b96f894214301cb93256d980186884fac7a60baccff492fd0916db5994ba9e1978cd6940df9e30d3b39b0c34", "U": "040e847e2e6a0395afd733602471e1eadf6dd0ccc87fcd6645ca7053869761da29067a5208c9414435ccd16f072660d1ac8070542bb266eee880e2814d08a4857b", "SERVER_OUTPUT": 0, "Y": "210f6f0628759207ccd4afd19008636ee83cec2779107eec7eaf596a29fd51c2", "X": "191bf4d04d0304dfae4ecc5e575e559382543ab85d307854af4587629f311d51", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"fc2b7a5c933b682288b8551992321ef7@certivox.com\", \"salt\": \"171f2a5fd0e48a08273695113c0effd4\"}", "test_no": 9, "UT": "040df60d0990ed42d0db975d57c668d119f650eceefc9fd7fefb2d62c3b0d4104c0ab892d482172d6ad5a182ebbd430710c4
4bbdb35bfcaf87f25e075231525fb8", "MS2": "02064a58282ae0e61eea98a840a85babdd77ff3c3b915226ce67bf1076ad03a6", "MS1": "21d5f449b6e3b14728e75da20a2bc1784a5ea9a1d7e59dbc10b91abb7e3c88ab", "CLIENT_SECRET": "041adbb6ca2f4dbcc6a96f29af42bce12a512848d77a8059ca900a988e168a16060172da2257ea7e5b66bffcae658c27a2544d49d07260fe170ce1e9e9a6f22211"}, {"TimeValue": 1437055594, "SS1": "141e3e978728a2fb41e7dab57554a13bfb3b17114aeb68ac060d0a9af0b26ac915769ab2c077e92454dac5f66e202f6ca0ec9729752019de9a335722bd97a3f520bcaf94545b998bfc864cbb415a00adb569c6df1bb4f2f9246ce4a0fbaf745a1b98be2d7681ceaf40a6e691c4b8872a358fa5f8aa1c3e0112d9817d51a7cacd", "SS2": "1741c86e32dd113eb4467b4a78d9e15e60073a2b908d4eb9fb9104b3e8c24a9b1115675a9758a8c4dca4e1ff098ac437afb0d1940089fc4bf738f993cecc0b08135861e863beb76c984604284073801782b1ac9b912aa2d1391bb7323dc752ef21ac7ab855835ef9746f0248d6d8ee4a86b81db96e9c51fa79472a70a0acfe51", "DATE": 16632, "PIN2": 2348, "PIN1": 2348, "SERVER_SECRET": "20337bec3293902531c4444e8284f42d4eb514139
18908df12da1d7600575545043ea2e161cfafef6312d7f2edef02bf582c773556d0c8f3501d356245b91e4f04935622d5bd3396aa41dc24e97729b2a4f383e33e265d9ca2d9ea981e63eb641fbd297e09f8e352f191a53f9bdcb074484d1e0a5093c95c9c9787825b153f44", "SEC": "0401fe01b7e74220521184fda7afa64fed847fbe8dd1496b58cbd7aba781555a39087d6dbceffda7a20f62202debf0c74c9bf9d12fadfb4022a8d64e8b78a549a6", "TP2": "041544b09fca7a847edad1b33489c4e3cdc8fe866db6721615fea747fc9fad0fac204a528e6b2e6f24bb0d637ece931a611c276b007b3cfa674e7ea56f2d1ff9da", "TP1": "040a0988593db59971da281052f574d9556c0ee6b793b163b086979b5c142e135802873d6d75a00ac88feced64b97ef0484a6e44a53235c6b9bea9344b0843f63a", "CS1": "0400df063860e4a1b9dda5d14be9310e4483446d6775399e22e934466b5f45aede0fa360ef1bb0d05b37a709a04a796694d05212083a636f858a22280ef4cc329f", "CS2": "040ac186615a7ef8ced8cbd18836b77221ba1399099f730a88ebeb22bb0384c68f1f3c132c629563ddba438e49c7bc2e77dbfd45ed2e372bb2905d1a16ab673f34", "HASH_MPIN_ID_HEX": "3fabf8f342d8349aa7ffde40020677a89327cf8f349b1823757db
f1f08387203", "TIME_PERMIT": "0404e9fec1d87783822a1045c6e6d8097cfeabd0e8c1d207b69d896c783a7cb0390bd98be06f0fbd02f0b992d74a467391df5489c3bf5c481333c3db4b2d736d4d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223833323937346433326332333332623232313931653265633562336164366166406365727469766f782e636f6d222c202273616c74223a20223535663234326630353530646533346663626663636638353565353431626664227d", "TOKEN": "040a2556fa51afce0a90f79d1d854d6cdcfb52fa2c438a7ea8945d9038aecdc4fa224bc02b68200b67261de2b19db4e18e04e654718333adadf8a1e5ac62b2e4ad", "U": "041a6e6cb6c049f7a92f571403cdd0b6928c98147ed4c5490a1aec0b6e7b573f4d222a3113af8ef0bbb2e710986cd8282b3a847de08eeb993a05fc9b3897f1b88c", "SERVER_OUTPUT": 0, "Y": "00c868a8618a1f163ab63f253bd9478b45dbeb1058e4ad02997f8fd086b44787", "X": "036c55d0c2e96e8aeebbecd55a614d9b9f52874e5ac8e9f8dc70c10b1c89c318", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \
"userID\": \"832974d32c2332b22191e2ec5b3ad6af@certivox.com\", \"salt\": \"55f242f0550de34fcbfccf855e541bfd\"}", "test_no": 10, "UT": "04224c0d3ff73ca962bfb64517f74c66870981dc30fbd85afb88428e910c8a94b71ab4357f81f2d5deb2f06c2b0ed97e349658f986f929444558a157821d9784aa", "MS2": "1ff3d2a38232e47c4c7bc1587e36944c1b19b779104a4c7985a59e96f021e41d", "MS1": "21cd3ca8c4c180f30cd2993a3ce4b3bd21d40b19321aaad9d559054699de6749", "CLIENT_SECRET": "040bcc10475f2544c12f3a60a11b893436184042ee603fa79a02f5cb71c12476e70627ea5043bbcf7402ac8018c3e9450542ce6d7247a1212d4a4ea5533ee7417c"}, {"TimeValue": 1437055594, "SS1": "1efd294fc0c35364e0e6894f044b9e30f2c4c9280f2da012caf742f1336bb72408fc273edfc93cd5a8b150513708219407ca23c7698dc69c2ad9b9b4f169c2881fc59404803590555df0b349eb9d4cc2d2af6743cb1759a4186cdc5ae39ce6631c776911d7db0bde542ec5704d5703c95401bff481081a8f1ff8b6e33b736c77", "SS2": "1664d545c4d86aba5a6a58453a324cd864ffb4465c7b78a41da63f599fb95aea1dbcd23c420c5cc782b21c26126bb9b3d8fee9eb442290854ed3afd8b6f2197
20daa5c9bc736bd2dc0b157837e5a4f76a34da133aac20f7478119c8d610070701c7d87210bbee7585e80357de1493f76985b191c0886d183829a14f1ee0491ea", "DATE": 16632, "PIN2": 3764, "PIN1": 3764, "SERVER_SECRET": "0b658e649a31f1b2c89d7d9176605f0b252b7ceadf7a46141b3774611f8d778e2391f1dd2cf7d0c753468b6ac07524bffc1843e5c30977ccc746ee8749c1a19720cbc776acee8912ca77ae60f30183fa006c017e6895298e5555db342328376003f5451780568a1e1db743b34f9475e49c66978c3e40aaf6813a6f2c2149f4bd", "SEC": "0418d813ea5d40e21324ee28f99365f5cec138a70fa67413fa93e800e757daf96910379e8b44ea28fce00fdc4d969976eeb8ad288d81b81a492ab66a05b736ba1b", "TP2": "041de26abb8acf859ae9a3c6326e34bad0d1ecd0d3390bd511cca14fd548e1ca9e01c84bcfd7fcaf973c75621cae682085d724af493f76bb5e40befe74c6fbc830", "TP1": "0402c3025492f8c511d2beae8b5fad7bbf5fc5bb512c072a7ab2c61e93b0c27c6f0b3b9e22deebe02cda455f925a360e92546eff933784e91e3ea5196f6df19623", "CS1": "040a35cfc292cc4e5962ba59ca42d53d32947e4c32b621b540cf7c9345a69e4fd61cf29cf801716e2121a9399895ea15b168d622d39e397469
9a54628fd9bc8d45", "CS2": "0420259e066fe78067e79e5c0fc6dccfa7796b6220e5c492486dec63bed72d2a3621e35bb562249a268d7f35d45c762e5cd613fc562c976784d2072e1fcd37683c", "HASH_MPIN_ID_HEX": "289ee3fa5a94034840db16087cf301cea714b03ba397b412b6c2d238eda7c9c8", "TIME_PERMIT": "040aaf1c8b0119389eccc9d55067c55fe4c7bc7c4df846f071c36b14e996a1b76206eec4a0734115df02d897053a2748eab9b855b89b2cfd97db279ed95125240d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223461383734353165373132386562383931633137323235666664616161333031406365727469766f782e636f6d222c202273616c74223a20226533383063326662613635306136383836323364303136356136613639383930227d", "TOKEN": "041d85d6567e0d54eedd1e422272034058aa1d8b9564eb300f03ce562a03c97e641e9be6092ab136ace2cee1970485f4d25f2bdd03df9c7b3df4e87d57e3184dc9", "U": "0410f7e14f66e78f685c0ca94fb43a6413f186aaee4e80280d02e1edbbd5df1cd30d59ef9b76c9a79e1e75b1d6681eb973e42b3fd8a581f8117054017efac205f5",
"SERVER_OUTPUT": 0, "Y": "1313bef2e23b67339555b6636bc3d49d459ef3f160960dcf236ec1bdd5fe4ecc", "X": "1b62ed7d224b20fa452a5376b61693a5eb86a25fcb364f192937fbd901215091", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"4a87451e7128eb891c17225ffdaaa301@certivox.com\", \"salt\": \"e380c2fba650a688623d0165a6a69890\"}", "test_no": 11, "UT": "0415b479e438845a8f9783496f58c3e0bbc170f5f88aac26ee7749ca40562d752f18880b97b5d5ac266d546c99037c20d397d6855210e54b434f6cf83e6416a438", "MS2": "0eafa15a9a8e4c7abef0545ada244f2cbcfc68cb60ae175fca9506abd4e55ef4", "MS1": "17d6e568724ef2c669b1bf0955d297feb04dce2ebcad5e0e293f312b7bc5eb75", "CLIENT_SECRET": "0411a0107ac787b157e005fb89a255364bd04bbf3ced17a9814128e5d91a54b02e090ed6d82f0e7e04cd4c3f0c166db4eaecb3062f54479145988fddd992fa4fc3"}, {"TimeValue": 1437055594, "SS1": "1f084fcd34b7141975d9be543b44c3112cad21e3727cbff236e05343f1ee2fa422086b6f3d50ddd3da8f7ee496245af4e482e54db6328f84c9cb7eb781cf92151404a2f6756c0989419e503f623c6af9
d9ee0a05f83d3c793dfead7643a871b50a14504a13781f12942acc491c9f4bfa8ab7545dcc4d115374bffcb24d9c3273", "SS2": "14bdde43fb67578a7e140d5fdd25ea43b0240cfdb65c6ad1c0a62221f45134b902de451be9f09cf64df6f0778bcaa45f835ed4bfcc793aa28af6b1d774cdc85a1cad226f32ebb0f93e0e7f2a46fa53ece6f10c7ed739c68e0832c3fc5159c6c500ba45c28ff2bd415cc2a985277f42cfa36d9eaffebcda4329699010a01ed345", "DATE": 16632, "PIN2": 729, "PIN1": 729, "SERVER_SECRET": "10886faeb52c1e9537f160f45c59ad13c6cbef0298b424c0bbf208e61316b06521037ca12d451db290461dcb0fc2a451b7872d332bcec4b74e99c78a47a825e717ef5d303331f03bcd840bfb47b57f7c4ba91c072910a1db102a382b804ef9951140cd6d4b47316f0c8d4b60d6372edd7768b81e73dd6adfaf1801719de8f237", "SEC": "041ab7777be5e4ff6999c68b6a529dd7ac5a83771a775dd311ea58facb40d7f652165182ca902c450f268dd3e211f6ddffb432710f713860c5f2b66f56f0a0f9fb", "TP2": "04210a8a1f478d5580722213c7a298ab465ae54e9a3a1c5367a0f9758ddd898b9c0dcf36efd81b3fece50f5ff86d7644fac4e240e82281b1554ff279958701630c", "TP1": "04111a929dc7bd39e9b03a3
4556892a6a07979182ed75575e5d761a7142e4fae470891df49934011688e91f3ade100070974a4ca455ee5c7a44383536d09143e59", "CS1": "040226a6456a3cbc19c97dbecb7113a43076a97af96d7ce2ebf5c305bf03d054e507d8740a9392edd53a672914fe31d44d379c6d40f7bd65632478e15ddc3ed7a9", "CS2": "0423a6f7b78cc09da0bdc47ac51a1be4c9c40eb822ef0023c71d65f2bed5ff3bc3049167a462b7ec23ca9b2e98885ef631a9419b0742358f6b96f25a0a83604a01", "HASH_MPIN_ID_HEX": "9b1289ae13d277a7903bf91c39f7354b16e520058edbd1582b398bac6a4e5895", "TIME_PERMIT": "040292e7f0988ee3c2b27556133f66609c6cec0e840fef77eb7e8e3d91365bf7a7221043eba23d239ed94bcae8db9e4dfc9e48a110b6cbfa64d4de1920b3daee16", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33345a222c2022757365724944223a20223362623731366431393537323239626261306234323139643131333332623865406365727469766f782e636f6d222c202273616c74223a20223136653432306331306632333731636462323734313663646463396162303730227d", "TOKEN": "041cc54e7d33164efe713a6635e05147067e51c
3895e6ccb45afd0f3bd6b9285981bdcf87ef710f2aac842a55a442a31e9baab1796a052ff90344d204c73ef9cde", "U": "041a8e01b282c075739404db6c88c30e839e28ee4caab457f42e678ec13254510d187d4f21d90a83ef986c99694847a758b46659fceeaadf788fb0b3b0bcb10f00", "SERVER_OUTPUT": 0, "Y": "1482a173e217118752fb0a85152834112811c19efef329d22728576dfb630ac6", "X": "10dc5afa64c0f21e055838571419b9bad8c5359ad33acb5f109150e15f81a228", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:34Z\", \"userID\": \"3bb716d1957229bba0b4219d11332b8e@certivox.com\", \"salt\": \"16e420c10f2371cdb27416cddc9ab070\"}", "test_no": 12, "UT": "04160428dcb8acc3ee9723a8b964433e29366172fa1a150d4929400df7be89bb511c31a5029d176c8568b73a0dbc73526064443b38a25e9563705f48de2e90a122", "MS2": "1870a12d9a058102ac5e6bb8b25efd92ee19ecc0bdac840ac2b052b8276bb858", "MS1": "129927756c27b518bda7684658ce9b238a7ae61081d4673363cb080231964ba4", "CLIENT_SECRET": "041a5e935fd79d7941a430752208f6f39a991954e8a8f989f017b1e079e5d146fa126d8ef4f8ecad862ebcda61ad79a8
eeaf3b8df671e8969f1ddc0a4a11f5e107"}, {"TimeValue": 1437055595, "SS1": "02ab58c41ba82f7de410e2111eb3ea9e8d5c58efc2fa69abb4a74e2f99966fdd02c6cf185ddea52839c94e26ed7c516a35ae7994f23376c9c4880bead9cb8f7c09f5586f7307190e586e352481bc768d58bb173607017d7ef6a7e39ebbe05134186e74132682b785ace486080d34f4054d4aba9adb64605c0e49b59d12d26d6d", "SS2": "1a7bd72c0c88f97e6764caef54b615a869b81733dfcb7b61b261adb81cd88ce70a331d31721e1fef4c4ee87e24ba80a766d2d40abcf406e6599968d6d28039e11f5191b7307b749ac798ab130ce0e43db6943f3d986fb8ed82f22e52a05d1bb6013dea562ce83ccdec2f7af94f6336dcb28168f49247ed44ba4f45459d0d3b33", "DATE": 16632, "PIN2": 9410, "PIN1": 9410, "SERVER_SECRET": "047ca35946ee57111516f82d51605a1931146b4f351dc86e48f126c90e82a536048efca74438f46efe4659b8f5499abcf9a9918be660fee5587747005327a6ed01b0574b1e4e8698e14cced4657432e05b355117ead11a10fee742312b9fddb91e0c1a64d6da74afe6e4bc12cc47c81fc1d7ef2a01e184e6a172de2da23cc0b0", "SEC": "040e83641ef69e04b1c6ebd461633f5630d5f4918b4d98c82a067d71eb13d957de11cf1
a1d917635af967bf7e1aa55881d15625fee69c33328777a9b0741a8c75d", "TP2": "0419f91052f79129cbcc0d8477e06a9f9e2ebaef5338b4c8205b621ed6ca680204217a180a1d223c12260a2ae46cafa6c2873015edf3406d4b5a17a46c4b3373b3", "TP1": "041feb1fede0801e06d694fb6f3957d805c77633ed34f3acd201bddb1c1ff66e8c1ab41301b261cb21245571f9fa1bd458cb507809cf117f212727ced872a8817a", "CS1": "0419545b0377a3a2e3c7a4075bb80330a1abb7b9b27f2f42e1bdae83a46e4fab84008b1dd9832ef635bb92d14d5a779271b18b2b361242d327fc299ea9dd0147ec", "CS2": "041670aca835aa6caca1490566522db9cb088868b19258207950580a33db96010a198d431324f7a52fc21944ef07d473d8fb9a076e319f6f1dc69c04ed35338bba", "HASH_MPIN_ID_HEX": "520253ee9b443098b498723b7cdce97f59a5b4e408193141790af7ae1094a502", "TIME_PERMIT": "04104c3b58d81b87d8ce6b426652626260b3673186ee7f1095cbe68070f7a0443600c748f473e203c0ad9127eab8024d270b646c6946cd985851ca9f6de567f062", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a2022
6266343065363033316266363836643562363665383965653465366263633933406365727469766f782e636f6d222c202273616c74223a20226532633533393430303561633863393562323038333334623030663530373836227d", "TOKEN": "041df9ce7195053809b2485775a9f9974ba1366ac4279210f901fffc3515bc5c801652c09676c5037bc08287c5aa5acae3426c73ff9a0fedfffec6624d64abaa5a", "U": "041c21a2c64dc170457cc25be48de8da0dc0afecd99745ec31f237d2d054e6da141e751690638405e6417a279e5b1452cb8040ec4d23593c6e34df54fc1abf1607", "SERVER_OUTPUT": 0, "Y": "1269ee0eef8c8273bbf338dc9be3ee3ab36e8111114c3500e2c107cefb736098", "X": "0151ef94138b5b19bd059b8cf1387ddf7d39a36a74b9b5dc9197eb984876dd04", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"bf40e6031bf686d5b66e89ee4e6bcc93@certivox.com\", \"salt\": \"e2c5394005ac8c95b208334b00f50786\"}", "test_no": 13, "UT": "040042d2b3678fe8bc99e0a19595f5d8b9b4f281e1be9ebfb11969d52d6a5707e81b9038a3c7b1bcad237a984bf2ba12583b059e1aafcd9268a91e46dc3a044ec9", "MS2": "0b396333cd482362b87006
aee74762c5ee19971c1f07a2b60ae82390460a68c2", "MS1": "0d076f355ba119bc1b4ec43017ffe0c74dbc56cff41f838b80133dda04070b7e", "CLIENT_SECRET": "0412f4f95ba5441fb0a1e35093b75400bf61ec79bffdb6c34859f98ff43cd6e7801ee6e150e1546b12f4d68300cc8a59b9616c9b0390a6953911a270e1e3779250"}, {"TimeValue": 1437055595, "SS1": "1121461da0b381032d470ec98dc7058e40fd79ac326b001ef311f8e21383c65b13edee07a54b9b8b08ade1522486da58472d9f7f52d3469861de13c2feac3a8604d25c34e7a55536aab04fe961380fa5adaae77288ecec868a8e5adceb075fc60a5eb54a8af7318f66f59c6d5ed88914316213c8c539d197100451a31e043b26", "SS2": "1ee0191720fe5aa927ff15ebaf7ff0af186a265e7a7c19dc545b5f07dc5c7e1117af6959d16c667eec58910e3c91728058b79199002094a56d2bf0996749c04a14426d80134ddb41a2fb9007ad71263658fe19546f84526471779db5d6673e5b0d9126fe406efa3d69921685279f5f2aa0a369cb3477baa226f89f02c48074ef", "DATE": 16632, "PIN2": 4411, "PIN1": 4411, "SERVER_SECRET": "1bd93920323951c7719eba225527dc8cdcbd1127f2ebb16dd7bc0821f37dce371fbec3e9c47a65fdfbfa2e54cf8f53477b213af8
e3cb9ad1f3d9c88a614bff42049f75799d64819e686cb971b76810f2d9e8aa8fa660a469fceb6daa33362a31126098b74967f92cc3c4052874b250a15881b0201a62eb0368bd3210c3cc70d5", "SEC": "04011b191e65c4a6c88a3c3d1dda3fd6bcf66ec47d348eb62e65a15fc391e14c0a18e5ec4efa692d85651c36c706fc31d738a112af0c1ba1b6e127b2250b86bf6c", "TP2": "040b5a7d2d8c4943db9b00f83730728b59c0eb2834fe6855acc9d026123adc93441ad84ae4127de8be49b71e00a06bc9f6e864cfcbff96b753863122d83ec52fdc", "TP1": "041a7ae7b493bbc82821c7e4716c194fef2d4035948bec707a465856e0b977b84d1d56d971b6100aa89bd8d0ae1a34537c173973281dbb5929690844a69283e88a", "CS1": "041a8424ebac47a3121e0130eb4db0db13c32de89a565ed16d6719b8cbe9725fbf1c81164d474cbde1e4130553694d5201c20b2ff347d46b6897122165bf428a42", "CS2": "041b2545e8f58cf20edce4347ebf914e5a730faafd78dcf65f8372b78af2ce38920587f9f22c6312bacd61657febf445d814666637a8f2d4abe02ab275508f0da3", "HASH_MPIN_ID_HEX": "16b140879f84bd5a1b8e08a2bcb67d15bc3d4710542244216d4b4dfdbbf5641b", "TIME_PERMIT": "0419f269e2bb7308fdab5a907bc5663ea
2d3a00947d57c0c427e3691d97c644fd51559410bc6db6a23ab23aefd3b798c354992e10e4a16eee6ed80313b846581e0", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226461336163663561383662343438643934396165356530373261653565663365406365727469766f782e636f6d222c202273616c74223a20223634306139643435396662383339343662613032313464653430353937336632227d", "TOKEN": "0421d94f37813be32b3995135ade93f649b848edbf68ef064983c6ae6fda44bec71a358324a42be450d154946a8611f06b1870ce4aac15dea8015f9e2f2caa33f0", "U": "0420356c11c152057a16e963d3189bdcdd5814083a5165f65cf20670e2d81207bb1780cfa420f76c06cc1df963d388378d3a9350045b6888bc63d6986d287abd7f", "SERVER_OUTPUT": 0, "Y": "0eeb54be0a5265efd58dec5732f146f92209720e550fbcac0af0fdac50cdd609", "X": "1da8fdbba6e83c6d9f1a89f1fc7c0871b62d965c549c039287f816db9c958101", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"da3acf5a86b448d949ae5e072ae5ef3e@certivox.com\", \
"salt\": \"640a9d459fb83946ba0214de405973f2\"}", "test_no": 14, "UT": "040ec352a6b673469d009d015247330d1c9110709095496f971af960fda520683f0d1b4692f9cdce4388190ed5d1f73ed4961986d3a4f9420f3ec904e6fcbebb19", "MS2": "029d7b3191bb5c3501fce6f3fac6e3f9802c799af86d6361ec687cfd5e4f956c", "MS1": "1f0cb6091f001cd40a00c9cf019ea238251685a49d363895fb2223077f617408", "CLIENT_SECRET": "04176eeeae545878791848f41b8764ed54def2fabff17d23a78091100aba053ab018bc977276adb19a1aaa1ae455d42290f926ec7fdc48319bfc45091da3d5b4a9"}, {"TimeValue": 1437055595, "SS1": "005ef11ade21d61ac0eadde02972e2de6d421275a37bfa48df685a74a2fdc70516a6cfae5e86bce0cad7ae18d9239e5b0e3e422872d915f2d251a4173e503a6b0d3156a84d8ddd03f0407d6a486408a7783875fb592d27845b39468b92ef2ccb10f80ab45210d73e0d28b5a310aba2be51543455f4340e89df721b41a56257aa", "SS2": "15302e6012a81ecc8d10bfee41cfbddb5d5caab43570f841833a4df2820fc9792285ff10aac04418dad2110659e439bfb067dc938a09c7cbd6f01bdc0858f73101f0220a23e9837a56f1140cc2335ebda85f51c92434e045bb21556d28acd3
f11a32257c8b38bd7b45f1e4fc5b52c48d37676153ed5acf531c28d4699ae11e7c", "DATE": 16632, "PIN2": 1194, "PIN1": 1194, "SERVER_SECRET": "0c1f0a1d84f7ef2050822d0b7267c40ef224c181a1e153323f42c283068e01f105b6b997a6297b509331e09d539be6501da16e9398613790deb4c0bc59ff874622f7e037e9ce8b3c6d1156a7ef89e277dc203a9714f7126a1da793294daffde314baf0cca6df4e69077ef7854d84ee0662dc36ee1c83aad10aba863c0eacabac", "SEC": "0414c3964f2dc9baed7a0fe822da337837fccd71f047a787b4ebf43a1d6c87f67c180a760c788651362369cc05f8ca71e917bfc3083f22670b693f8c15c92a1962", "TP2": "040d5e5a4d5769e5d43c713dd4c1d13c72dd45c841c7bee5b447bd940012f467be01e2a81e6f300d40d5b19091cdef005dc5ea1004a6e80ad366450788503a2b3d", "TP1": "040929c8a9de6b460411a9bdee1fbb1f58770b5505da8742a5e409c262dc7187511d0a85389f9fc6507e1bf128bc84e16224068b17874c890de0c68beda4f55698", "CS1": "040ad6af61f568b0adb40ae1b77de62aaf28fba96d1f99d4da6502574f1e6a589e0b59234b7b67aaff5f74b3b1fd5b4b04ea19ef6068d416abf7896facd3289d98", "CS2": "04203ecff5912724a49ead970bafa49ee5f9
74905b1589e56ff10c035ddcc4342f12f063cef3ba0a21caffb27ca514d5cb4e6dde44a956635cf17003736eacddea", "HASH_MPIN_ID_HEX": "a4db348d6a3e12686220b7e892dc7a8c2d03369cdafb27c78211846384d74d39", "TIME_PERMIT": "040c000dfab56e9266f8ee90716e966ff5f478bea270afe2968fa3936a0f34f1a820fac6f963b6f7c65b318db7bc1cb883123ab0846f66497a54890b0a2eaddb2f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226337313336353930643937363864313637353364363864326333343331303634406365727469766f782e636f6d222c202273616c74223a20223335366235316130323839336462353538303430363038363964363731623966227d", "TOKEN": "040929fe71e7d7a3814d3aeba40f9a786c33fbe3b2bccf86b9e83b8638bf16a69222ddd3cf5583476e502ec761311af5acc98e6eb3b4e15fd497ed43ec0df5a5a4", "U": "041f231e85cd33ead8f6f972939966b5b3f8c8a94ff8f573b56b9cce2d53ffd84c0fe624780c96d8454031dcf34bd3d994dbfda83f5aab2f5cce208af47c0123ee", "SERVER_OUTPUT": 0, "Y": "0cd7c161c49b6a196d77a23750d04cd63bd9
7ffcf4023915a1ac4ce354bd82a5", "X": "00422b928dd2e96614005ba84fc78741c706b2cdf1e6867e712d73d01aa17a21", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"c7136590d9768d16753d68d2c3431064@certivox.com\", \"salt\": \"356b51a02893db55804060869d671b9f\"}", "test_no": 15, "UT": "040c0cf30dcb53d590b1e4cf3a137b8890614ac6d4a13905feeacd41f3882137d120002dd8d2f6337bd910b999e7a199fc21ee49959bf7f775b209c7fdaee1e7b7", "MS2": "021ecb6fd22558fcae0387b205f80d7a029dffc18a0611c434ee2caa0cf90c04", "MS1": "0516497d2e0d85158c64bef07aab7363e919e9e4fd653633600a3018e004a347", "CLIENT_SECRET": "040035cdc25404fed0e2b5be105bcbc7226005dd176a48674d73fde18647649d161823310c66710662de295ff851c52ba63a75020fbe9b81c0b8fb2873c3ac533c"}, {"TimeValue": 1437055595, "SS1": "23dad6d7b3ed7e4cef930e8b3d011dfc6f1dd639bc1fae7fb2cad6827ea6b673170bbf3d94545632da5cc5aad16cb90daae8b710d07cc152f90243bae0fcb17b126c0780f165329d81558c67a99ba5b3c57374959fc5d068d791137a56a61ac41e7179156e2b819b89a9fb5b19c602e
f114ae70304535eb05695fbb68bbf47b3", "SS2": "2151d6676be391aad04b74ad9169b1467a5891d93355393b007f3c1b8a3470da145803c0a48cd272ccc65c94e3efbc4a1e23e2d01e868cb9cd8afd4217426de4097ba55e12e54064a971140ca658aca66a09d015600b4d8781a732898b25f582003d71fd218cb4e1f28c61302da41adab06859df6b1d687f760b59e70b9c006f", "DATE": 16632, "PIN2": 3666, "PIN1": 3666, "SERVER_SECRET": "2354cc84b0be0d086235dd5106676f8693e3caf2571b96fff02737c0d7810c7f03db95e7716ff35c4eaf7f09ec2b56b20762605e77a1a86ec7495230cd5b6127114eed4e469f14b30c8d33987700b69212752777dc6d78ef33d40d6aeb275ce51b2b23061ea3d777149b1ec98623e20fcc732b107eba9324c7e7f394d5c33167", "SEC": "04087fd4db3bee68c16fa739fc8d1a483223d8566a188a6ed4e055aff46e78c957171cf4cd69dde39d94ee5a283a5ceb3ea0ad49e90a3ac02b51d6b2c4400cb0f0", "TP2": "040826228e1929139fea73f8637de9c15c609c38c6d9d658d3b12ce06a641995ca10772604069ec77a9bf62317b290fcdfbbdc098302eb12e074f6d273df7854fc", "TP1": "041ae5cb5b45dee4b542b8087191a774a42020f77e62bb409002f2c394137757e8171089a8215c86cef9
950f85162848fed0ee06d6b91d537e94bd5b496f2764a1", "CS1": "040a40647d79427687f087efabde69566fe951a867144e282683bb8d42db4652c71371fda7796029e60c69181c9ee9fa209f2fbfef3d6749dff19bce53a9757a2e", "CS2": "0413665be94ad63b94a0deec4c4e90f320eed14ca79f65b134d30279617a3e537f1381fa0905472080863b7669b23b28dcdadc68cd56a8f135331dc80588859f83", "HASH_MPIN_ID_HEX": "9fb97d070dbcf9f02f43ce6c92819472f161cda42a3e573e92ae3139e64a866c", "TIME_PERMIT": "04113d67256d744acfe5dc848a6744dbcaf37c3a3cf403dad667a7f259e4b642e216c8683a8966965ccb76c89b3132bb225afb426fcf0a328b06f244f386cf52c9", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223863643361316134373638376662306636376561396532636431626666363262406365727469766f782e636f6d222c202273616c74223a20223539663466343065376632363031386266313661653434313661326336373862227d", "TOKEN": "0414d94c5363566bb7d58b1c262aa2eebd31b4c8c6a4708423b38f706d28df9159033b999178fcf7b6d010e906c9f24d3621
4e4c9f9bbae206efbffe8db39356d6", "U": "040ae2c3e19032733458d87778a894fee58bd17584b6c3c3016fe16a8e8fc8075c120becf699a5c842e590c2d416f76814ff620dc76b4bac78df1ea0350ef2c75f", "SERVER_OUTPUT": 0, "Y": "0f36cbf567ea62ef0fb17428388ba8c32e4c736f1435d725a63ad0e1bbcce48f", "X": "0fed17091ee2633e8ce34f753851becb2fb567050dc87140077136ae15caa1af", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"8cd3a1a47687fb0f67ea9e2cd1bff62b@certivox.com\", \"salt\": \"59f4f40e7f26018bf16ae4416a2c678b\"}", "test_no": 16, "UT": "040431d184823b62bd1d96124a67bc6767f763b664b23f279aa2a265e550130c951e00cd459fd3ff49fc77558962439ce0e6f1ddf340a87ccd0e2db6969b2d0cb5", "MS2": "19ce6cbc23b50bc0cf5300dda69b43008224194e1c75739a48017adc4784430d", "MS1": "1851b82bc5867efd663f4cb84f4d3122ccbcc4dcba715c34e44fdf6e6feac37b", "CLIENT_SECRET": "0400490fdcf249375e425bfa5a45016d25a3990b53a4b0beaccf7fe98d5874049322072b915fcf94c7ad8580c451ee2fade519424abeec83f123ab7092ca9e3d83"}, {"TimeValue": 143705559
5, "SS1": "1465c8cfdbc267dba7c633b0bfe7bdf5abcb5f1c27590aac10f65105b9eddad21cf5e9a6d02fe5f13d03f00052f4d0b69401412d5653fdbe979fad22fb7a0f14047401bfbeae0501610dbe5ff148cdfa48dfd4f4888ae716353deeb7a5c5b4210bb2b0d0180f9006b8797b352dd721501fa28d81da2b672ffb7adb6b3cdca472", "SS2": "0040dae30b7302d80a3099a898ca47185dd8e189ef2a66b981e9602ee3acd7ed23eceea8b87da9ddb371743a127b21ded6da06ba8259f8673d29e283063d4dcd154f980bd5894bdef38d126097601e19297597707a87079d2389c34b11a2564b189152c688e555fa01500cd3a54d21540409d724556ea6a392d587873bd5256a", "DATE": 16632, "PIN2": 4703, "PIN1": 4703, "SERVER_SECRET": "184e0d80931ac074dd0497385f0eda5499ec7eb4467c1a71356fb5f70d5c8d0b0d8f5a6cd5ad6a4164f26a9041287eb62814ef254a12fac0928b907d4fb4720b025cd8f9b14ea04e3fd11345cc963d6c7a3e7437703e1171f7f6f908bd1c804f1e0ec758abb14f966a58865b4dc563477323c73060487c103ed93a044b0c54a0", "SEC": "0411d04d217ec0ab6aeed1385935e71a33aeeba74817e00d5886ba1226b5e3a851218272c144a2c160b90c4a2906c96d5724aacb017dd6b2c560589c1d951d2912",
"TP2": "040dd9b30beec49d625d62910e5c56bd94e848a9922e21b77666ae17ffd471193e2090e2301febda70d27f40ffbebde9fe4776172b732218a4a40688ca6b5779e3", "TP1": "04152c631db2412096d8c363435b220a3f25fe5a2d24ec6c4baecc5555166b17c721de54b4513ed3f27c8dbe25f70e3c30cefe3391212d4f823f8cd0ca3ad23a33", "CS1": "040122e925d5f065abef086c1b63d7efb0cfcf43810c1dc926889b9d9be33d1bde23be99d18dc6d15e2a68f48a485a94173c6fc098bfab74b85af1024fa2792f86", "CS2": "040f023aad490c8b55be81353c58910e8ffc2e4b7f91231ecbd385456e0904fcb80ee1a1ce9b7c8e7064b1e0fc4510853bbd051f4b3638b9d4edef03b0718cd141", "HASH_MPIN_ID_HEX": "4b428e699fc9a420725a076d5413fcb71a747a4a2fbfd1cb7ebc90c08cfb6755", "TIME_PERMIT": "040882e822769978bfe5bf18e2ffc130664a2b4bf6920a2c9f2641db53e431063f1ff5fc746b87ca432aaa855ab24da576b611e6c83dcd7538e1851be64230567f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223237363735643564333062303335633633373537616537616266306462626
433406365727469766f782e636f6d222c202273616c74223a20223836646432333935613364303164303333366530633662323235653063616637227d", "TOKEN": "0419a378f241f8c1210f3619827406bfc4fcdd16832ce90d7997c00870bca47e8018fe17f16deb3d4d18c8a1dd5af16c40c327e235a5230dd0c188d13357613f14", "U": "0408301fe2746039f6d1b933cf136b54b33941642e6ae2ff933030b6b36805557d048b14057093ec9f841ff4ab130c13722849ddc7a23b1546489f2dc69f8442ae", "SERVER_OUTPUT": 0, "Y": "1c1f2cba76c40c464c385fdbc7df270f3dcce1387296ef592d8453ff1aa1c001", "X": "01273f0dee51cf0a7ab547d53f44f85bffb7fa33583a3a9428bfdb4e2d384777", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"27675d5d30b035c63757ae7abf0dbbd3@certivox.com\", \"salt\": \"86dd2395a3d01d0336e0c6b225e0caf7\"}", "test_no": 17, "UT": "040cc1452068bb696b9999f6be7e1b5e75f9cd94c98588fe5ec55e433039bdcb430ddcce810b8ea86ccd5db61e8b643a8b563f07c3a271de038a2d468f55954303", "MS2": "07e8493d8b0d000003928116bb37650b00cdc5b194152cb4c636526b47ed06a9", "MS1": "1a0adf7b
aebbe316e94ac64c5c86ac431d2f0b708f4f4ea856436fc6bde88975", "CLIENT_SECRET": "041125501e61ef5498d79f475b50318d0d6ffbd76bcb895bc8317631994b272c531dfbcbab019ff73c92fdf7cbade07f8f6e725a46ca27bbf0e00673b62bbaa468"}, {"TimeValue": 1437055595, "SS1": "0818708b4057a6b7b1246bc5c1ae71a84fa402961729edb72e69f3b366ab80e71e984e78ecd3c4dca114a4208a84a1b79e16c088cdadff0c8f60f2543301f1541ce918024251242f3761a3968592c7fd8b4190b91528ca7b278b35dd50bb64da062a96f1e1771cfd8d5f71790912aa39bbac50c229fa8d3948c3313babc98952", "SS2": "1c073c3a5aca34f59f43e1ee8639f402d08d5f31035b71bbc7fad1773c7c69cd0a4c60d1defc6c198da083ad9d6fb18ba9295019bf8999ebb49f4affc378393f0d9c595156090e85fcfba773878145c6d8c6c967375e27c0debc51255a7952581389f9014044f65a22fc8aaeb63696d69e4537e6d94dccbecdf41f677bc0f13e", "DATE": 16632, "PIN2": 5558, "PIN1": 5558, "SERVER_SECRET": "1b23361dc753294af3136729a5302ad7dacad4f4129c1f041870a6f93925273813aa2857b4eda7d70e2fa1e7b1baf87062de7ab8fde1b574c17255b0620ff9d922d2f48a7d49c7673413f36807ff5a78d614e
7984f64e48788b54f5f4b69ce17219919647618e4984b22df832d7b29b62885761bc124a85e84621ed87fc3c5fb", "SEC": "041e17b37d06f123edf6931647cb891bc8fff89e3eea460e93f30c58fc84c39206148fc5cd39c2c404d90587bcffcae52c20d777756f5905d734e1387f555e9b19", "TP2": "040dcc09d755461b46cb2dec388815a694d8867a81ff1cfe7d8702d992f297b6bc1ad9b7a86c9f06455a514dc935bcc2d21fb9dac96678aacdbe0533904338afb5", "TP1": "04179065480dac54e4908018f9571d4751e5a41de122780c5fa0051e835d9f05a80969cbd01b13028fa129fb03cd318eb3c9cd0915d733163979108c876dadb401", "CS1": "041d4c7ec996ae43e13d276049a83a9c6ce9405198f8ae511586959533aef478cf1dd08605eca276acf4a94ca9bd66798c659f8ec6a477fc481bc90c2c348a17db", "CS2": "040eb81dd0505b75dd41900d9136515299b416947cd764c7bfa7ac19d109e7f9f9033154e1e5fd127a90139f920d0b9dbd3bbdec675e2b9c6c4faad48eafef519e", "HASH_MPIN_ID_HEX": "92e52fd7a598d3329558b15715cccf3fda6e24ba972197d26b06a67b7ce52091", "TIME_PERMIT": "0419865184919eba5b30638e28b6aec29aa531d52f436e8d4a3bdb14f2b2f1c6b8054f3a5d6dff6ab30f98cb9b37d8
26d226865a42bc40b539c6c576aa8b1d6035", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223462303438653962326565373530383233653633613931356631623436393566406365727469766f782e636f6d222c202273616c74223a20226564343532363861663161623062336139366531396534333632666365356561227d", "TOKEN": "0418484d420d5cf643aad539e9f52b7378ab8f4cdf8ef7bbe9d6ac9a6e8574201a192d203c66fc76e552d578aa5e5d8da6ab6017586927e43e70ef877766cd17fd", "U": "04214201e8f8cc2604db187df04bd48a50a2cc7a5aac0d6e098e9d44efbb315dcb205a66734278e4b357610f5736b38b82ec02a9fd4f0cbd9152cc2bbc17cbaea1", "SERVER_OUTPUT": 0, "Y": "0d2cc930460731529f003ff6b99a656193ff42acd219bcd9bcd197b35402a685", "X": "1e9c5a4c9440cdc3f5576c0b3569d84badf663ab1e1b9b8ab0999d1689faac3f", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"4b048e9b2ee750823e63a915f1b4695f@certivox.com\", \"salt\": \"ed45268af1ab0b3a96e19e4362fce5ea\"}", "test_no": 1
8, "UT": "04123fb3fddeaffe5dfb2478cc0f1a2013c97e1c41c80a5daf876db9c924ffce1f00fb996f0f656502a28ed0888c5d68dd7afdcb25e43bb2ecee079f923141e9f9", "MS2": "217c13d95a6f57116c25bdd53ce905935b3e72f9e4f87e32b83714197c5a83f3", "MS1": "0809b9fe12a5f12dd625571b799e28dedb3876365258642711fb1c4773fb8418", "CLIENT_SECRET": "041da982bf4b92c79e12320974547dca93d32c32f1f2407936b3a4304f0fe9ad1e051f463ee406d90b2177a7be888418a70e9117ec704b2a356b48c4ccd02c1f60"}, {"TimeValue": 1437055595, "SS1": "2124d878bc05ae18bfd1c1b8fdf06f77189f98e3b2658452e9e29b8e144fc23502c5abb9977897f45480f487801f9a61b0372e42a2100762033a42d132c06c3309ce8f44d18486ed0f2cf36befe624b04cacf33036b001a62409682335a22cdf01312a4ce2a99072745acf80e6f9aa7897ef9e5d41d1f865c5ed5b045877209a", "SS2": "0144c1e5e23be6996ab5291bc5f5ab178d62459ad52fafcdbfa35b38641289d207af3ce235ec7b08f0dc36ddda2edc15fae60b1b4d9d8053242e4d0b839ce43723084451d891609033f5299cfb483a04beeeece181f862e6102fe42434263c5c1fed38dd6b6970c1e4b56e00c43ceb888768fa42dd63cd025480a9f8d4c
bd581", "DATE": 16632, "PIN2": 8962, "PIN1": 8962, "SERVER_SECRET": "19e19ac0e2938b6d0789ea420bc80e440ddf6fa22bd494b8ad8c7760f4bed59f05f6819435e9be192adb5c540742c759137301da7ad2177dea93812ca592ae92121551dcdbc0841c9feedc712f78a7a6c96a2becb56b1e8a57bf24d18329aaa907c15539afb7e1f2b8e55ef4fb4608abf73404b2ceb5659b7cd14c83c264aa32", "SEC": "040697a45302c86abb805705faf9109c4ddfe09b0b8dcbd436c89f4b8741a6ba5215f2b5241045eb5fa5880dd4ef3e1b362eb28151e3ee0a1487590495662c1fd5", "TP2": "04195adc282df8e526e5fbc4c4266bb5f06647a59b8ac22c73c7fcae803abb9b9a0db18aa85edea9aa2fe25a7f1017c56fc34602ad6c38bdd9bb77fbae900486e6", "TP1": "04235bf05a09110757c3fdd994278e79bd49a22eeb581cf0856791442bdbaef2831e557b922c7f9a523c7305c797462864579f9a58b9c53fec4bd7cecc3cbfe0fc", "CS1": "041f743ccf91d3f774ecd3ba6014c4d686b860527e1ef0b415f4c69b9bf6031c1e0d9c797c091d3a950c64de89360556126b566466db4ac4a0cb87f2215b9eb465", "CS2": "04092d710891fae6905433a27d29f02c0d1512c34de55f67e2ba02cfc4c8cf71510a9070e17cfce6072a5455fea5b28b6
06a6f2b0517c3e41dcfa048994eef2d0a", "HASH_MPIN_ID_HEX": "2394aa62d7640ad3c8939742810e9edaa3d21be2262f41fc7eb92685a5a61c10", "TIME_PERMIT": "041db9b7dbca2b8dbb93b077b3f89799b82a07f4f4c090036f56f8fe2cea8d794e1369e5cae38ba6e122b478481037c6c576297e35f774ebbfa93da93f334ea568", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226633646432323764623830383462313965343563393539376538336366613161406365727469766f782e636f6d222c202273616c74223a20226664396633653435663064313638303934343063336661623232633532303166227d", "TOKEN": "0402eac396bdec8929485fd8b3982918e570e9dc99c21c195a105d8a77108497402098ec4824072f1c1b76e145bad6526b5d3099d9b85014193fbff9d9eafe3bc7", "U": "041d68b082675971f81a7b9e07a3e655d9468f68c9c81510072d5bce6d554bc11a1a52cfea598602ef1636e21bf4ec3dd706963fcffc067c1e1efffbe131439dac", "SERVER_OUTPUT": 0, "Y": "1d77eef22ca0c10bcf2c494263578727f331e761cf22022327b853c03ef0ae0b", "X": "069aea8e8552b85654fa45c5
d861fad0d4ccfeca5fe882225c195f8ad95f6e21", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"f3dd227db8084b19e45c9597e83cfa1a@certivox.com\", \"salt\": \"fd9f3e45f0d16809440c3fab22c5201f\"}", "test_no": 19, "UT": "04166953130501ee5dfa056241ead9e5604bf8c21a3b6cf2be6120107cda23d1191d3acd2092e601fac897faaae777119fc7b6a04710410102d17bdeeba54eece6", "MS2": "1a96dcff0e5b2aed8a034cd367e1e62cb3f86072daa1eb114c027419ea2aa9f1", "MS1": "119fbde8dd4f5125ffae67b4e3fa8c7925d38522a53e74583ddddf1475cf11c9", "CLIENT_SECRET": "0410b3cc689ba1310aa8fbcdc5535d5c9b24407f9c88ef4a86c157350a21fd80d0018191b9d651fa1c16d423daf96a673db93dbae11c8c6dabdd767ad3324a9822"}, {"TimeValue": 1437055595, "SS1": "167e7c65c25f80a1dbb94dea64e396b34cfa47edeb3476d1f95eef3d050552bc087ce425beee13cd4d388252f3c6c93d4d193c8be52010f6c7c4246682f3e0221cf00340798caa4b01ed402cab0073efd315245c10eca7ef30e833918dcb129707b402ebd0505ee754413f68ea4678475c3705ec3741077216f92f2d4003b5ea", "SS2": "196cc5d90cfee46d8
47d857ce81d46eacf09cf2d3cab6e39ff94f53be5a1853b198895bc2ee6e0c9f36b21491b64c55e469ea9501f72ffa5fb005d17807230bc0eecf00cc46aee4f0f58edd135c0754da36b8f8a13d6bd64393b2284f73f1c5e018b3be32d1f42d609767c456085be0f9bbd76072b4642f85529e7eac7069d93", "DATE": 16632, "PIN2": 8915, "PIN1": 8915, "SERVER_SECRET": "179c28b95ab04a03311a4fc8e2e6a9a6235a7faa093de973eeecb5fbded1c5881ef8cb0b9dc0fab3ad8e64b668fe9b12dbbcf0761cf076531ebb501254559f750111b0bc82312eaf6ca06c425691bb6cee4908c990061779805c50a238ca1baa0c3f25ac169b043e13af12816512e03b1a16ae44585bb46228c7ff27131311d8", "SEC": "041ef43672c0e6a1212ec033b0bb71f24130b4aa6aad40bff7c50ebefe939fca64109ac419048d814442a1bfb0bf87fd1c3ea07b410fd9e33b7822bdf21c032253", "TP2": "041752454b4e15800bcda5581ae89584144257f03b615a93a04a5406dbb38f7ba112ad21f2e44a96fd4cc32e0688da46b5a34e2ee1a1045586c6d3016afb84a917", "TP1": "0404726736a3d64c7c8b2410b2b1932d2074067b329ee33421cd640abe16380bec1e8709f278eb05b6bf4a4597749c32c0850108697e89669644b8a8b1442e7026", "CS1": "041c
2fb362a9d4ffb0afe4cc8cdcafd54304efd682449ebcdd05d4c5bc6f7bc6a1035d60a5351459dd682c86f77aefd37d65719fb54e0cd72c3c33621b0df6fcc9", "CS2": "0415129eff675097c289a3f83f16ad4af59337c927a5b3002aa170c251f1b3ceb007c8fa08b78badfda34f3301c9c937c7f339048939911803d761361aef202c72", "HASH_MPIN_ID_HEX": "4d1c63aef49f8b93d3255efbbab2436ead9177cbbdf72ab816bf2177c464c24c", "TIME_PERMIT": "04190542e10eb28527d27e15e7e7f99118cb73faec830f98d939db0cff66e9f3c61980a64c13e7981b249786178fc47d676c9e832aa4765aeb2065f8c923d866b5", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223763653435633934306636393433646236653731366432386235386538643538406365727469766f782e636f6d222c202273616c74223a20226565663866373434316633633637363766343037623739376262316636373533227d", "TOKEN": "040a94bdf3fd2e2fdccedf0a821a0a857919d3cffabe7e960223dd5ea2ebd9a27e02e6f1875e19cf327053ff39892339ef01024dd6d81e41086a19348ef3205f18", "U": "0406dd2bef46982c600cdf
971027c39477efee27e047bbe2ae34d2185b521c66821c0ac4ba00feb7e10e654159e88156f36c584795f1703157a72855d5a64229d9", "SERVER_OUTPUT": 0, "Y": "12bb1d67e34d8cd81c9173240432103d875c19e2310f27009c8f6b868cf5729f", "X": "07d02706a63911757c5b00ae15398bdf24f8ccf487f4041e0ea6bb559e60f4bd", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"7ce45c940f6943db6e716d28b58e8d58@certivox.com\", \"salt\": \"eef8f7441f3c6767f407b797bb1f6753\"}", "test_no": 20, "UT": "040c85281fbb9708ac7fb2c5190274bf7087cf1332c38c2d5fe384f48de8e31b9a10fbb585027474a148a7166fdb5800f1cd07b4324ac6e1e7d75dcfd5f1257e37", "MS2": "174ed4eccf9407b2b36c29cc2b2b64424edb8a5073e7b3fceeb6cdcf666bf166", "MS1": "03112b5d22d677fa7ed698d875132cff1e3615f37664069b49bba3405ef8293f", "CLIENT_SECRET": "0420bedfd98e6e1b3afbba847190577886a84869491936c5eb6455cb60fa367a0d15b7d7b4672b1966b3ba3ab9772ae16ba4f120a723c379c969997dd47bb1bb99"}, {"TimeValue": 1437055595, "SS1": "1c2f71028200c7743973eb5b4cf992278523fddbd85795df04
529adcb7dc721c1de51fb07e528562ad9a85afc5607eaf9222f17bd6d4b757a23c184ece0ae56e239cf45452afdd38b0944517e649d2e83ee0929e9c80b825c717e4ffb13904c71343c7afc2a1b67340adbde47c569b339daff386613a363a3d72783ee573d70c", "SS2": "18d90b9554809ddd6e5a848976ac047d3e4e8bfdb00fa303c316a6105d646cef181f8df4662c6cc65bfb2166b76f45188646428d8dbe238a999a75f149d6a2dd1fe1c057e7b14e5c4f0a89a04cccf7d6d6959a286cb517f0fd8a4638b7f1341d19459cd1393f70cc4546ea19dfb3b8063c5717a72bd4f607994d44e5338a1489", "DATE": 16632, "PIN2": 5133, "PIN1": 5133, "SERVER_SECRET": "11a02cf1ab17532996726afddaec1ba9583e17eb7e341504addaa59d3a8a1f4e0866d1847893cc0e492b2c63e88a9f0712dee8ad2fdcf413c5d381aff4aeacbc206d7a1ba8a3633b27f1a7e6f893f09471349b8f8886ce86e2e6df56c0fc147521891be43c631b0611a6d149b5aebee9f4165df4cd6adf27d4b4b3e73a6fa895", "SEC": "0423d9e7d837fdfb13508f39ea03e6931a287a2db022509b407f1209ac6c1bb33014da097913707d83f98686e16a47a8843be104d435f63a4e5b7a0511ee60d807", "TP2": "040105bc5aa447338e0ebea6e8ee1a211d5976aed2cebe1846c5
45aab2b7c2c4cd1fd9c5f031efdec25687a5ddeaba63229915fc3ae66e00f6cf453b8af89b660e", "TP1": "041379beffe90bf6abd693f8af3c70aae777a121d9fbb837c7da1bc9c1e46f8d20046f03d84c17aed6b6012c94d750af27431a0b6d7a649ad600625fda0fcc13dd", "CS1": "041d35e0e53a90a5ff9307b5b97eac04f4cc6598c280acfb5e19087578bb19d5690cae97ff08e2ddfb3a6e19e13dea1c4a2561bc5067c551250e75c3af85a94162", "CS2": "0414a98b6414877ccefb2ca01b672793db9bc915f4794c8d8a73997e829a380afa1887af1f82e2a1714f0a429d799c129713b89bd7b248bc596ffa5880e7a81243", "HASH_MPIN_ID_HEX": "b003096956cd013eac152ae591bca7c054de788b12c43844c79bef9c76113feb", "TIME_PERMIT": "04167a375c83ab8313938384fefe040b3e2f0aa84cbfba0de7648c22197909fc4a0002114b8209a202925507f5ce1c29157418fef7bd87a33b12166044b1be068b", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223561636463376364313764333537376539326461313332616663346534643638406365727469766f782e636f6d222c202273616c74223a202265646230
66363336373461313138313963613134653863376230323939626536227d", "TOKEN": "040aa221e9ee39482dd4b41829a31ec43d884da68199a47f47e59c7f8f4f0e9de61c0a5ff802a752eff1d20446b3c31c8994a2274124d94991033814ab7c380cbd", "U": "041d0793cfa683f2b0a2c68622a3f640cf03760b64d0000f84cb7168641393369309e4ba2fa79fbede4255ecf98aa230d6af79ecba6feeda92284133f63effa1cb", "SERVER_OUTPUT": 0, "Y": "07eff2cb21516f8dab028f07c58c4ba2bb1b477635e6bf9df092178855376d8e", "X": "1ce985372265305a72bce0de62e8d89a6528abe875831f553122d4ba80f6838f", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"5acdc7cd17d3577e92da132afc4e4d68@certivox.com\", \"salt\": \"edb0f63674a11819ca14e8c7b0299be6\"}", "test_no": 21, "UT": "0416a5f626609a868610e80fd604195b5161a0901929e8f020b0f952fbee287e020ee611ed055a8f7a4040ad4cf6f8984143abffdff6ac73f9fc3c069bd28a79c5", "MS2": "1d2861a78f1aaeff63d6ea6d8ab029dfba3b5c8fde372a35119a2de53bedd114", "MS1": "11ebf8baa2668df5b16e84095bcbec5f37361887f49434a9ac4bcea2e698e927", "C
LIENT_SECRET": "040ce22cca8d2b5cc695e5bf8257faf56ac4b0185326fb2ce03917abf94e7e498d0483e5b336a2d4642e738f95fc0f99e582f77e1de2856ee25fede0224b49874c"}, {"TimeValue": 1437055595, "SS1": "0de2e6df1abd97a21d971e8c23c136f4696f5d76f874988d9d9333890f1b882a12e1475fbec6f7937c216a6e9e2d17ac0cdccb5b781176651600098f2860ffab16cc48d6f5ee290628e75b325ee4b9a8b2daa85ddb29cf9c7a20de9e919f510d23dfef10e5d8ee8cd7c3df1bb7e300f2c4e03aff86f4d2072c66110d139c9c7c", "SS2": "0537ed4c3553b874dbcbd3cf7dada742f32beb9a1f16456d9f875b5e192dc66420fc831947aef46207325d040bbbc1ad60eb12a8c622f3458ee502f0a6538e0922d7aa479e1d28fe5976bd70cc7043763db42bb49c2889869267c85eb8217b56202c0e756ade871a1715632045c3af1057403ce8d98b7812b3748150c64f94c3", "DATE": 16632, "PIN2": 5337, "PIN1": 5337, "SERVER_SECRET": "1e167c030bed8123f52715dc647979c777d5d1399e59dface8de353eb64061d02216ddbb6a926a4db272f2dc08304d32e4dbaa188694875d31531c90f1a13eb617fa2a5bf45430215f329527bc812da1ac46802be880f14c6d48410c860423c821fa166e6d1049259a5f4613c214a231f8
a99753c09615a8474b7920a9f2c84e", "SEC": "04061e2d17b4c0e38713618bfb164e312525d4854efa314a22e328e27d559b6f291c1551a4469ba33b990e9303f212da7ccc21dc0bf53830a09c51c3d0daa3e8ab", "TP2": "040d1383c528d29ce6ab256696cc1c32485e96498d4b4c2740693cb20ca033e5fd1727d9b82df82aac69bae640d1660e196ed838f623f12ebb21cd9c7ca9ea0b5c", "TP1": "041874088d4210e3d4af1df0ecef90bdf7b78c37cb6ed682834b3654a0ba7bcad204f335edeefefe1cbc1fd5a6c119f333a0e4ef06febaf07645dff425a31e8f2c", "CS1": "040964897b71b4ee4b8115b839ffaab80c803d767e74c25c1fb76e7183b8219802043618edd91839ef1577b02916cb46c3484204ff012b58527c4d0543ec9294cf", "CS2": "0401a402a9b99429e9b988c14d1e700143c5ca9f253c6c3ae7fdd23f2af1c9886023b23159ed6c657b90885a87647a9ea7c436190a899c9cac70ae16d40adcdb25", "HASH_MPIN_ID_HEX": "810ddaea04c5c1d33f99cd2ca20738147f2618688908c6add5e8377b8354960b", "TIME_PERMIT": "04165d8518383c59296b87c59162fcd8d8018dc770f9ca59ba7a29ef86ef3b1497098c7533296fe76d06944a0146927bd2541bef8b4e5124e623530de32c0af4d7", "MPIN_ID_HEX": "7b226d
6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226166636535343831313065323563303762343262313464313033623736303464406365727469766f782e636f6d222c202273616c74223a20223432663433663332643763653166633935616537303830366237396663623733227d", "TOKEN": "041b08b4d707a900b0ab9212218e8ff782232bcb67d0ad7af0b60d4c639e5d6cf81b97bd65d88f275271f9f0d6828224f7a9a4684247675c88918d74690a3ca51c", "U": "0421e95b832350e86b14a172fb8a692b8bef7a7720e0b28750dec10bfc7db6d968055e183b3e59234c2ecb39833ca58bc2ed9c38343aaeb7735d4f581edbe4aff0", "SERVER_OUTPUT": 0, "Y": "132a35942ae1f78f44b94f3b1679c0be95a885f1230b1189a395bb10e9b48cfd", "X": "16a9570fa23c138241b87c46f694b2b55d7db4330fc276cb30d44ed6828ab801", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"afce548110e25c07b42b14d103b7604d@certivox.com\", \"salt\": \"42f43f32d7ce1fc95ae70806b79fcb73\"}", "test_no": 22, "UT": "0400c108ec2ed1de79cc0cfcddef3e4382626877e1937ccf587
98076dc5c6d43b902b67f5941711b5918a6176cab2709b7242bffa9a7bec56293f23130704e1130", "MS2": "059f060052ae587ed62932069bbf449d7aaafab1375353285ce084e6517fb02a", "MS1": "0ffa1676bee9ff7663186aa1ef66cb1fe09ca840bd2ddeb2fc9d06d7c3099f1b", "CLIENT_SECRET": "042093e8117bee91529caed016f9b7d4050ac26ce99a53b17ebda521ae230209b921f193b1352c023ceae47ed49b44a6632778b76e62aedcc68f245906bd2af90f"}, {"TimeValue": 1437055595, "SS1": "074e620a47c53adf4859d4df96bd5ba278f399f2c4434b73d2e5a711cda653e31c5e77295b91bbe8dc942ebf36f04e3c7c853c467cbbb9736061875867d84ffd06169ded374489a178adfbed46345efc5c3f1f2554799487aee929b526c1d5c81d6e76739578069c988516e27ebc2961bef6d24ead425fd720891e1b2f393f6a", "SS2": "0b412345b0ab86801c256a273cb8674d8340dd8c45fb920e09ae90676674d2d40684f28225cc206bb1883b89b378052be06097e2a1519f0f70c63b7f79fd0fa40fa865f48ce4b44e290e7a2a6ff2c3f29b6f81bafc8d23b5e3a61bbea63c15ee1aed6f9e2e3b34130388a869c2d624f683c2f671b34c403e8cd5be025ec8daf1", "DATE": 16632, "PIN2": 4924, "PIN1": 4924, "SERVER_SE
CRET": "10e6a2722cb79bb2a5542efa260d6a6078f605f58af34f6ae3e468e4c13d779501fd4dd0a767a12e82d2332fa99fca6884182b961b9c0015bb9c2de56aabd4db0710deb201c7af12a0cba3f1d85f544a8d6107f2bb71c16953868f9256cf27c000327d421f01cd561605435a59d06ef6fb2687df759200d1d56aaa68fbc570ad", "SEC": "04066cfb2a767984ce8de6169fe82f1778419015265d3ad7cc7db3058f9358884c1f5bbee103c9d7c0020a6dd484c231d83c3f1dae47807fdf45ea5fbe2ac07f17", "TP2": "040aa39e00812efab4d3754ad6e803166050fb849aae49f62c782449dfd0d1db5a1f7f61a513f5405c4083a1e5b4cabb0923042316754f94e95c05b7a2cb594bee", "TP1": "0407ddc4f87fac6689e93aef04b0a8262f088c28b264e4530172522db87efc1234216abe06d1cc8bdf91824a65167becd839f479d411966de354e290f07f49ac0f", "CS1": "041f6b62915debf363ddb2d61c54f1516f0a88fa01d2af46c81d3488c479eb82d719bf549cee6c84363d038a7242d68310bdb9bd184787fb45cb90609a169e9225", "CS2": "040fde7a3b1a8b7aae6d5a8ae72582363f606957707886a524a0976737b1e03b0810d2ab22e0b9b783c9357b0fe3abb26b3556ef0fb7eb3739cd92a0675fbd6fbb", "HASH_MPIN_ID_HEX": "7ac7
9a48b5f116cf3eae5cd1e9df9219ba17c32a0ce94913a7d0c7c1d0dc6eb9", "TIME_PERMIT": "040a28f1bfe51615f2a5cea19acf50771868d5bf8fcf90681c515ad75b169ff41617786c0185fdb4b3c00201d47e596c7244df4f2ec559f571d4bdc4734297ebb2", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20226464353533306436363965633034386364306664626532373264633266666165406365727469766f782e636f6d222c202273616c74223a20223562623762616434376132636236363233333764333261613538643235393136227d", "TOKEN": "0414493ec8b984218d949ecccb715116a381cc04a6c8cfc6b41000f778130b49f4099d6cf0f1463297c68eeed7d56fe114ae937d6bc78d80111956528ccce18b3f", "U": "0420396f639a5c7d58fecbb68c13c2396c54aaf8c08e00e48b49c137477f4f1cda230ac40cfbf7fcba53f5f9e5548c453444acd3833b1e57240740cf5f7a0c8c7e", "SERVER_OUTPUT": 0, "Y": "225cf1573bd4eee607670d6b79090e174f6ed0939c3733964602db7090a32e71", "X": "1cdc04dfb5d0d9b320de97876c0c75a573b23e4ad3b3178b9ef2148360505a79", "mpin_id": "{\"mob
ile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"dd5530d669ec048cd0fdbe272dc2ffae@certivox.com\", \"salt\": \"5bb7bad47a2cb662337d32aa58d25916\"}", "test_no": 23, "UT": "0406261cf77da914a8812d2e75225df0e22fe4b378be2fea32ed9403b7d4dee2fa131363d78d5950d98445c7bed5d6724a88974361fe8b5e0ab60c819ee108f1d6", "MS2": "19737df08839b2c6bda04053818779c8f104363e0a49767896c7ea96bbf5986e", "MS1": "160b764cb78405619e1c0f6f12e1228e21483fb683b130db6210027900e6023b", "CLIENT_SECRET": "04015ac9e6ec0988d052342e425f6c3ebbcd284d7c72c7de38ad3e318282b5cc201738e53120b6b164334c18ec806af4e6060461af6682d2007bd1c74851026cf8"}, {"TimeValue": 1437055595, "SS1": "1dfff407a998e1ae42ba63e9d7468dbd0f3affd46eeb06e71b849e9b7da69f8a0ce1edad5779719277d96676c7d865b669f094f3bebb6426545ff27a02890fe10635dfad2f0c8438ba6743c21e62c87d7827dc00f81ae8feba72d57d85ece5c003a1b4f9d1401a292fe7ca46a9bab5a6709b6b4261ef5e318f1093efdbe3d92e", "SS2": "06a99f6fb31611e48df8511b84191a88dda865608d555a21c2b33542309253180f88dd3f84d165
0835bac39a472453cf7595662c780f755892422c959d6b2d9301f0204978248a893f2bcebdaf96923da5494f804694885c3873f228322b58291b48da61c416db1f2681982dcb864a655f1fcf5a32e8a725386d306564e5fac8", "DATE": 16632, "PIN2": 9815, "PIN1": 9815, "SERVER_SECRET": "160d008919bf09dd8b8c5bec1e59cc93af87ca012f94229a77feb6c0dfb4a185233a2fadb561f9fde70ab47e11131c7f54286dedfeb117df6866cf08eab8d1d91ba45c7bc3374caa693c30c5faa32240b36b03f0bf4b865cd5d99d69d0b0d72206a0db6d9fe55e29b8a5c1d8e5e6b31683edd94b3139979c59d74ba368a400f2", "SEC": "04040c58835d1674a02d57438bc34c75904d9c9106f197e10e05687cda0e9c7c9f151933eda2de623126f461a7ba4931afd0f6d7935b591ab15205986fa46e255d", "TP2": "0408853cc6a9fcdc7932eb3ae647e6868adc10dd2e9601e63425d469e4e45daf9c11745425807b8b782158d3730cd8f03777be0f751148f9498d2d9449c3e9c87e", "TP1": "041c9b3a7c918a93893807ed6f82a12e5e586fd709350cee72a4d770c50cc777970d9f5527511bc366ad15493673042cdc0c3515396bd45282eabde97b5828a5d1", "CS1": "0417b32b90fb099fece26252d8ff88256a6bdc27300cc3761f828081730d09860
d21b119e5dd11bf4435e6e706b830b68d8b4c60d2a57784a4896f46e5cc22d226", "CS2": "04108fe3a901d83e5b25e9f6350f096ba7b48de4279cb9d37e79d3cdca69e81f9a04dcaa9e0f00f9023fad0d8b1d8aa43474d10435c508f4dd90f01127846be5f2", "HASH_MPIN_ID_HEX": "048f0125345fd1da3cc4d35fd809ea9fdbbbd9d06dcfe4ccfa868d6dcf4cdbf0", "TIME_PERMIT": "04130c52a3796f04670b4b05cc94b0ee1de128fe709eb45210c86ddda7cd13c49a20efc52884cfcb2ab6590fb4f3e733f82cab78109da9374677ae6aadfd2eb84c", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223534363038396336353030336237626438383835353866663232626462656265406365727469766f782e636f6d222c202273616c74223a20223061363066363733616263646539303664666165366466393331633966623339227d", "TOKEN": "041ddf4e0f7be612572c79ab5818d0bd9e0d3538e39b0e566bc0f38f84d101f8ae02c53dec288ccdb536af7dcca995cea60bb88ac319dadc18ecd2246eccaf13f6", "U": "041839b3d5dd0528fe6ebb4b8fe0ca2d82de0d77acee6e2653e22a98937c39d23c0824f604c1a90eaa7
a7e5b48ef97495b1d6f17ab99f6081c5851de0d4e022939", "SERVER_OUTPUT": 0, "Y": "0125859bb5998d5d21053a0a32f4149e0ecf0ec2b996997d6506cf09d6acfb4c", "X": "049503ba3a07b667a049ffb092393cb3da468502ef4681fd9dc6bc82b09fcfea", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"546089c65003b7bd888558ff22bdbebe@certivox.com\", \"salt\": \"0a60f673abcde906dfae6df931c9fb39\"}", "test_no": 24, "UT": "0406240ec243897b2817de929e5c29bee7b83f8032b6963086045955aa1f9035a10cb5e09a277daccf493a3b41104e3168bc2b5059259142ae308e05e05fc92a04", "MS2": "18ae401f3f87f35f32a83607ad3d67ba237e62d3f0d6ac5ced86f68bfc2cec9e", "MS1": "12af4d3cbae01080f71957366897cf2ca849604b50dba156e8955a2eef1bf512", "CLIENT_SECRET": "0405510122ce97d8591538ca33435d94aa0a264df45c2cd1b982ff8b43282bd85219e1266c15049d1ff0e2cbb7d0ce94e3b691eb5ff5687b53be531dba9a94b97a"}, {"TimeValue": 1437055595, "SS1": "151ebaa9f4d3850f67200fba397a0e66c6cfbb36b02a11b4a369853ad88ffb800aa782447cb2761c9e2f2045c38a70bbade12aac474cf2b
918959e9dd68c22f709d56fcd55a557e83e669e77e2805ff218c7aed19de0038dd14c768d2251fb831dfaf4e9723199e35d4589d80e8502004b1a34da4dead7464c2efcf361ecb5fd", "SS2": "213f546044d639dfa60a24fe91c407d81ced9224ad542283ab2c1740beb5ab7214100dde7ab37e41be05f8d74d0b5ef6a42992b947173ec4fd285f4d38a047700908afac6dbe55512f5aa6417c7648aff1e56b9eba3ea61d3c1500c6a84c0800228824b381be3290cccede00f9c1ba6a4386a0b1cd9ae6454006841345c601c6", "DATE": 16632, "PIN2": 1580, "PIN1": 1580, "SERVER_SECRET": "1809f67bb6b94e6d382adfe85875475d34029a3096e604eac302754ae3af565e0256df4eb52058c5d25daa53a0c021b582065b6ab11ca2124f2895c03ac4130d03db5a46b26f3ff3922275ec33f99e737f3a65ae0b8561d359a7f2ffe8a0cf520af528509690ef2241175e2168c1be52944ff487b708297448d0d79f19549d54", "SEC": "04077364091300f87cda1d16a1ed8d35512639a87fb0e20942c43b71b3e3d90fb2118e893219720f55bd5a906d0122c2e25937e7045370a29c30393133b45b0a41", "TP2": "040b0253a183d292d9bde76392a0bbbcc9cacb978d7c64b5f0a8d55a452fa926c80e50679e27dcb38a87bfe730bfc7c6f94f2676a526c7778
bf0c16ad084822cea", "TP1": "0406563cd9d62aa692495965ef7e6a15de10d0882d594d0dbef04b4563914753311814a84493ff21cdd211722b958673f1119bfcbfe30f31cb522a359e08877fcd", "CS1": "040be1c34540b42ce63ce86c8f9bd4d541c5e5b699efb2286685a8ec88169e10c1203d97ff1e4ee1c5b3dabdf48cd6875a2e3f5aac2adc0a73715c83afb3a254de", "CS2": "04133ba77bda07477831747d1986414e9ea4b84ee97fb58c56d0f0d82d34ad84ff0c1d93fc2ea816a69e3c3468bde3fd71bd12a0a8c106b2d388b7f3f06871f25c", "HASH_MPIN_ID_HEX": "18c824e55cd98a799340f188ac38b3364174a1dcf015a5884b3f10a97384d7bd", "TIME_PERMIT": "0400652e779915e7000ce7e584926f4df9af98d93f2c68878f3738d1d13eaf87b01ec26720a9855bdeb48236dc67d1763523f9f17206c045d5524afa9c42725f35", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223037623833363365613330333738383464366539303134373465373435643661406365727469766f782e636f6d222c202273616c74223a20223466326234333631623961626364653564653161643561613633346664646666227d"
, "TOKEN": "041e5d268cd58583567f3b2f244c30b01f2f646c6d8aafad79330f10a333e2e4af17ef2b1fe4a2f27576ad4ca2092d1d7520d6c3bf70b3c64f179125944d82eff9", "U": "0417d114eb7d1f511ee663cde5c399504b1fa61c410c3b23bf8ceb9af8ac93178004414438a05a6992aa21ed0cb6acbaecddf5185ef02f383192aeb8a707f49f77", "SERVER_OUTPUT": 0, "Y": "0617e2f50a7b1cb0626ecfa797b24900f8d35f3bd97ac978a67bcd59f3ab7536", "X": "2291fa3d3dca7fa8364953daa645072837e5bf239f02323a76a6e4396e2730c4", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"07b8363ea3037884d6e901474e745d6a@certivox.com\", \"salt\": \"4f2b4361b9abcde5de1ad5aa634fddff\"}", "test_no": 25, "UT": "0421729c46379b414cffd7260b9a260dc6d7f796594b411be45db8787ee72ec18608e720ead5711be6e4d8398ccfd5889c840adbcf412cbdca437224d88bf9b1ad", "MS2": "1619d904f1fd6b791a0e81d8a53d35230938605dc79df72c1e064b425fa22882", "MS1": "04a8aaf65175a71ab4bfb39f53d30d29107a3e3bb16319ad4fb5741f31cf5c67", "CLIENT_SECRET": "041d423eedb4e2e0269817014f3a12ff25d28fcb23c54
eeb4c86ea77a7dfd3f53a0748f9847d077b45815aa98cf146abb94d6b44eccef833244cc0fc388e8aaeda"}, {"TimeValue": 1437055595, "SS1": "12a09577eb6f6f30595486fad7ebc3a1341162302ef9e433e1d001a9fea78d2b1e594e3678a081e7a07bc38b4fda4951b49756a0357a03e4f7abfa0bf6123b550039c1a85f511491e0f95086dcfbc796378760072bd2a8dd8d7ad8d5ee99b2fd07c9e5a511dee03edca572f6c55924e43965dda4a8fe086c84687796dbb44684", "SS2": "0aadd27990079cda4ae471ff46eea6892fd50a0a8887d5ea3f10921fdedb720419ab7e99af9079b144f4fb09b3f3fb63f0c76c677d1b56705c86df22a6fe760c006c35406106f3fffd0bd663ba1b0d23b89c1355e37f04db4df3e2fb87567fbb11abb1b261f976e2a5bbc00b861c90a9c4005dbd6f4c7c16ba63c077e747386c", "DATE": 16632, "PIN2": 5314, "PIN1": 5314, "SERVER_SECRET": "1104be4d66e7b41da565d7a950a86706f26f67bd7d387776f0bdce4d8207c8c420f1f771998f7fc73d2285401e37c083b1e1e2288e9b3922a8a4982056fee894149e0ec0f477a19c7900bc4626c61825be0c8e0bae19b6bf48a48ddb6d6e095a19612622d9dcfc627697e70d1ed56a2f5a2ba3fa541b00f2c640103c6358b8c9", "SEC": "04074f9aabca040e4c07
1321575583b917f498b40ad678bedd647e022573a12348003d0bb414033f3ce449f94904af23fdfde2a7d0d338bb79326d5ecb25334048", "TP2": "04076926a1869d6b8cffaf314b5f33acaad4ebdc0d032512ea53224d83606befbe1eecbc6299fd57a7a69ff36e6ccf38d361c3ad2c42466442612e6d6c60d1551d", "TP1": "04208fcc0ac70af091fcc1f11db34cc63d89440f193d652010b1c6a616d0098f341710f5ae655bc9411aec445348207796a029b757df761989eb3f535952c688fd", "CS1": "0406fe805766ea5b737fe5a2d53b6538733636843dbef935e27ea08f0942d10569146777aae7b40997e78e7dff12a2f5dcf64fb941b485e00301012355a9f844ef", "CS2": "040f8cbf8cebbf209ebdca9622819fb3b897cd2bc6474a3badec15cba6bbb2e240218c09039b8f119932320fcf783095c792915d9ee8349dad598587596a35ecb3", "HASH_MPIN_ID_HEX": "5d3cc05c6c82ecdbc5f32478fc0bbd3d29712af25ca03de3ccbf482507826f83", "TIME_PERMIT": "04219c5d61386561f326e77f2e74960bd28e5c399b209eb196ae561a15f2291dbb1f9fb9b4d0669980307ce16871bbebfc03fe2337464651728ce7bf83bfce5f26", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d3
1365431343a30363a33355a222c2022757365724944223a20223137383930393265313161616237323635313034386230653661333330323237406365727469766f782e636f6d222c202273616c74223a20226164306261666337343835353363356363306534393530353866376331333162227d", "TOKEN": "041ad8094f5dc854325eb5fb4bdce9a7a700d540d85155a7ab8571615390d62b730dbf614820a78ab36b959e24995fca0882c2fe3aacf1b9527da85fbd1f2d8c52", "U": "042227a1192f9e8880a3b8f207771bf8d6b906e2be97a137dd8b1686d72f5a9f93040e35c101958b467485f57a2253a2857dc18597eba8f66a78b3f21efe9711ec", "SERVER_OUTPUT": 0, "Y": "21fd7d4c993d61a9692b89cf37111744f5fd0c8db752cc7cf487a2a5f83dfdd0", "X": "09e317ac3f6c8bd859d237da5375f29df5a5fc7d2bba61b14c61f79ac409af13", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-07-16T14:06:35Z\", \"userID\": \"1789092e11aab72651048b0e6a330227@certivox.com\", \"salt\": \"ad0bafc748553c5cc0e495058f7c131b\"}", "test_no": 26, "UT": "0407efee2974f26fc61d22d22921f8fde39d38ed3d22fef2c719d56e7d9b19bfc61d6ba818f5118cce77ae4134d408511f9ab26abcd1f347
2df8ab0ef54df1610c", "MS2": "149838282463244a61c727b463efccd995c134a0eb7027b41ec0c2fdfdd92981", "MS1": "18058af144c7ca55128252e66a7d6240b08049141b7da23318e3766dc8382b10", "CLIENT_SECRET": "04007862f4ae6ad3b1e2e6d9c8f95e79e30b5cea864e41940e34c4fb08a902a7680c5de89410f45ba2238debb0902c101607ff5dc81104fc4e1aea65b45f573e27"}, {"TimeValue": 1437055595, "SS1": "08b32d422e2e40bbdfd19f615ff8baee2e699bdea2b58dc13e46c6c888f9d3a80e1eae357df01fcb97db7768852a8b423e0fe790378c9f68a1915cfced5bc8ea1b8de66e5eb4a04e3791079a535e10796c9e79cb37743ecf0d26efc6585a418600e79e43953866bf7bbf20648213793ae3ab8d6d1d8a2c08b0d2c4f0bcf0027a", "SS2": "225553cc1c05a2486965787b11c4d0e78995aceb71041eb7008d4c0c8c5eac7c100d30f460de9e518c8bf7c1eb9ce571ef338b16c8e7f3e056856fbaa522dfef07fced161834cea6efdfc7937071196733e2f2f72b0473468e7236f720b1ce381b53bc9b959a697ef92b430fdcba8cd4f4e0abe63901ab022c333ba5400e405f", "DATE": 16632, "PIN2": 8419, "PIN1": 8419, "SERVER_SECRET": "20324c15c492ee1ce313d8f42b17e0cda1b9d3b189932ad02d818
3d33ca492e30ad43be29b00bb788b210d12baadce9f56b83a5bc582abf4cd8fcf6767aea78505eac294374643f64cec0dd993be144c7c6d68665f0e9f3d5b21bc73454aa50806d5e77eeb5a762b1371ae4dddf5bacbc0d19b8237d505016d5398c89fa0289e", "SEC": "041d799dc7f51d86dbd34f149157812592b08df03249ee253c5f6a998018bebc6423138bce980eb0eae79a5dac073a352d8742b5d3f8cec422fd163a9ab3e13c30", "TP2": "040befffc5c5ea575766c45a69945640cea75e92006e494037998660e04bf6af93082b6632020cf131e4fa619654f1a1031afb7eeafa9cb1a8b697ba0a4ccc1a0c", "TP1": "0418a17b2bbd9e84ec76abae150a724002a5289dfb9ac30b0f8059eaa018c502a116b576f68defe9dd73a512c3e4e12c1eeb225d484f336ec966360c77c19e4a2a", "CS1": "04103aa39f9f3ef8f6734e51371457bf7479b19f3ad0f412b8cd7a272964c4fd521feebd75306f8389c37cfa606b31a34d2dbbd009e387b7284eba24cc0ab0f134", "CS2": "04047761df0beb8bba110d7ee61a963c6b7746491c914837f5a7ce6aa5f0d08a7f0ba7d6a57745033725b93ad0948d4022779b6237bc1d63611288afe6dc18327b", "HASH_MPIN_ID_HEX": "48761a549a27198d7fcfefe27e94ce74a1df5ba6e1537c28e1bb295142b9a541"
, "TIME_PERMIT": "0404c0f1d1a1cceb30639101aafcc2bb8735f360aafa6876639feea93c7bc9856c1c95822ed3527d6a2b895169a70dcc859f2bbd2dad1b46d75d3cd8b23d37d844", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30372d31365431343a30363a33355a222c2022757365724944223a20223433326463326463366564616632336330323133623063613931653363303233406365727469766f782e636
<TRUNCATED>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/amcl22.pdf
----------------------------------------------------------------------
diff --git a/version22/amcl22.pdf b/version22/amcl22.pdf
new file mode 100644
index 0000000..b5ba27f
Binary files /dev/null and b/version22/amcl22.pdf differ
[43/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/c/tests/CMakeLists.txt b/c/tests/CMakeLists.txt
deleted file mode 100644
index bdafec1..0000000
--- a/c/tests/CMakeLists.txt
+++ /dev/null
@@ -1,84 +0,0 @@
-# Create tests
-
-# add the binary tree directory to the search path for include files and linking
-include_directories (${CMAKE_CURRENT_BINARY_DIR} ${PROJECT_SOURCE_DIR}/c ${PROJECT_BINARY_DIR}/c )
-link_directories (${PROJECT_BINARY_DIR}/c)
-
-# enable testing
-enable_testing ()
-
-#define a macro to simplify adding tests
-macro (do_test arg result)
- add_test (${arg} ${arg})
- set_tests_properties (${arg}
- PROPERTIES PASS_REGULAR_EXPRESSION ${result}
- )
-endmacro ()
-
-if(BUILD_MPIN)
- add_executable (test_mpin test_mpin.c)
- add_executable (test_mpin_sign test_mpin_sign.c)
- add_executable (test_mpin_good test_mpin_good.c)
- add_executable (test_mpin_bad_pin test_mpin_bad_pin.c)
- add_executable (test_mpin_bad_token test_mpin_bad_token.c)
- add_executable (test_mpin_expired_tp test_mpin_expired_tp.c)
- add_executable (test_mpin_tp test_mpin_tp.c config.h)
- add_executable (test_mpin_random test_mpin_random.c config.h)
- add_executable (test_mpinfull test_mpinfull.c)
- add_executable (test_mpinfullSingle test_mpinfullSingle.c)
- add_executable (test_mpinfull_random test_mpinfull_random.c config.h)
- # Link the executable to the libraries
- target_link_libraries (test_mpin mpin)
- target_link_libraries (test_mpin_sign mpin)
- target_link_libraries (test_mpin_good mpin)
- target_link_libraries (test_mpin_bad_pin mpin)
- target_link_libraries (test_mpin_bad_token mpin)
- target_link_libraries (test_mpin_expired_tp mpin)
- target_link_libraries (test_mpin_tp mpin)
- target_link_libraries (test_mpin_random mpin)
- target_link_libraries (test_mpinfull mpin)
- target_link_libraries (test_mpinfullSingle mpin)
- target_link_libraries (test_mpinfull_random mpin)
- # tests
- do_test (test_mpin "SUCCESS Error Code 0")
- do_test (test_mpin_sign "TEST PASSED")
- do_test (test_mpin_good "SUCCESS Error Code 0")
- do_test (test_mpin_bad_pin "FAILURE")
- do_test (test_mpin_bad_token "FAILURE Invalid Token Error Code -19")
- do_test (test_mpin_expired_tp "FAILURE Invalid Token Error Code -19")
- do_test (test_mpin_tp "Iteration ${MPIN_TIME_PERMIT_TESTS} SUCCESS Error Code 0")
- do_test (test_mpin_random "Iteration ${MPIN_RANDOM_TESTS} SUCCESS Error Code 0")
- do_test (test_mpinfull "SUCCESS")
- do_test (test_mpinfullSingle "SUCCESS")
- do_test (test_mpinfull_random "Iteration ${MPIN_RANDOM_TESTS} SUCCESS")
-endif(BUILD_MPIN)
-
-if(BUILD_WCC)
- add_executable (test_wcc_gcm test_wcc_gcm.c)
- add_executable (test_wcc test_wcc.c)
- add_executable (test_wcc_random test_wcc_random.c)
- # Link the executable to the libraries
- target_link_libraries (test_wcc_gcm wcc)
- target_link_libraries (test_wcc wcc)
- target_link_libraries (test_wcc_random wcc)
- # tests
- do_test (test_wcc_gcm "SUCCESS")
- do_test (test_wcc "SUCCESS")
- do_test (test_wcc_random "SUCCESS")
-endif(BUILD_WCC)
-
-# General tests
-add_executable (test_rsa ${PROJECT_SOURCE_DIR}/c/rsa.c test_rsa.c)
-add_executable (test_ecm ${PROJECT_SOURCE_DIR}/c/ecdh.c test_ecm.c)
-add_executable (test_ecdh ${PROJECT_SOURCE_DIR}/c/ecdh.c test_ecdh.c)
-add_executable (test_version test_version.c)
-# Link the executable to the libraries
-target_link_libraries (test_rsa amcl)
-target_link_libraries (test_ecm amcl)
-target_link_libraries (test_ecdh amcl)
-target_link_libraries (test_version amcl)
-# tests
-do_test (test_rsa "SUCCESS")
-do_test (test_ecm "SUCCESS")
-do_test (test_ecdh "SUCCESS")
-do_test (test_version "Version: ${AMCL_VERSION_MAJOR}.${AMCL_VERSION_MINOR}.${AMCL_VERSION_PATCH} OS: ${OS} FIELD CHOICE: ${FIELD_CHOICE} CURVE TYPE: ${CURVE_TYPE} WORD_LENGTH: ${WORD_LENGTH}")
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/config.h.in
----------------------------------------------------------------------
diff --git a/c/tests/config.h.in b/c/tests/config.h.in
deleted file mode 100644
index 7240997..0000000
--- a/c/tests/config.h.in
+++ /dev/null
@@ -1,2 +0,0 @@
-const int nTimePermitTests = @MPIN_TIME_PERMIT_TESTS@;
-const int nRandomTests = @MPIN_RANDOM_TESTS@;
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_ecdh.c
----------------------------------------------------------------------
diff --git a/c/tests/test_ecdh.c b/c/tests/test_ecdh.c
deleted file mode 100755
index 8bb9e8c..0000000
--- a/c/tests/test_ecdh.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "ecdh.h"
-
-int main()
-{
- int i,j=0,res;
- int result;
- unsigned long ran;
- char *pp="M0ng00se";
- /* These octets are automatically protected against buffer overflow attacks */
- /* Note salt must be big enough to include an appended word */
- /* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
- /* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
- char s0[EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],raw[100],key[EAS],salt[32],pw[20],p1[30],p2[30],v[2*EFS+1],m[32],c[64],t[32],cs[EGS],ds[EGS];
- octet S0={0,sizeof(s0),s0};
- octet S1={0,sizeof(s1),s1};
- octet W0={0,sizeof(w0),w0};
- octet W1={0,sizeof(w1),w1};
- octet Z0={0,sizeof(z0),z0};
- octet Z1={0,sizeof(z1),z1};
- octet RAW={0,sizeof(raw),raw};
- octet KEY={0,sizeof(key),key};
- octet SALT={0,sizeof(salt),salt};
- octet PW={0,sizeof(pw),pw};
- octet P1={0,sizeof(p1),p1};
- octet P2={0,sizeof(p2),p2};
- octet V={0,sizeof(v),v};
- octet M={0,sizeof(m),m};
- octet C={0,sizeof(c),c};
- octet T={0,sizeof(t),t};
- octet CS={0,sizeof(cs),cs};
- octet DS={0,sizeof(ds),ds};
-
- /* Crypto Strong RNG */
- csprng RNG;
- time((time_t *)&ran);
- /* fake random seed source */
- RAW.len=100;
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=0;i<100;i++) RAW.val[i]=i;
- /* initialise strong RNG */
- ECP_CREATE_CSPRNG(&RNG,&RAW);
-
- SALT.len=8;
- for (i=0;i<8;i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- /* private key S0 of size EGS bytes derived from Password and Salt */
- ECP_PBKDF2(&PW,&SALT,1000,EGS,&S0);
- printf("Alices private key= 0x"); OCT_output(&S0);
-
- /* Generate Key pair S/W */
- ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
-
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 1;
- }
-
- printf("Alice's public key= 0x"); OCT_output(&W0);
-
- /* Random private key for other party */
- ECP_KEY_PAIR_GENERATE(&RNG,&S1,&W1);
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 1;
- }
- printf("Servers private key= 0x"); OCT_output(&S1);
- printf("Servers public key= 0x"); OCT_output(&W1);
-
- /* Calculate common key using DH - IEEE 1363 method */
- ECP_SVDP_DH(&S0,&W1,&Z0);
- ECP_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- ECP_KDF2(&Z0,NULL,EAS,&KEY);
-
- printf("Alice's DH Key= 0x"); OCT_output(&KEY);
- printf("Servers DH Key= 0x"); OCT_output(&KEY);
-
- printf("Testing ECIES\n");
-
- P1.len=3; P1.val[0]=0x0; P1.val[1]=0x1; P1.val[2]=0x2;
- P2.len=4; P2.val[0]=0x0; P2.val[1]=0x1; P2.val[2]=0x2; P2.val[3]=0x3;
-
- M.len=17;
- for (i=0;i<=16;i++) M.val[i]=i;
-
- ECP_ECIES_ENCRYPT(&P1,&P2,&RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x"); OCT_output(&V);
- printf("C= 0x"); OCT_output(&C);
- printf("T= 0x"); OCT_output(&T);
-
- if (!ECP_ECIES_DECRYPT(&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 1;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x"); OCT_output(&M);
-
- printf("Testing ECDSA\n");
-
- if (ECP_SP_DSA(&RNG,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 1;
- }
-
- printf("Signature C = 0x"); OCT_output(&CS);
- printf("Signature D = 0x"); OCT_output(&DS);
-
- if (ECP_VP_DSA(&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 1;
- }
- else printf("ECDSA Signature/Verification succeeded %d\n",j);
-
- ECP_KILL_CSPRNG(&RNG);
-
- printf("SUCCESS\n");
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_ecm.c
----------------------------------------------------------------------
diff --git a/c/tests/test_ecm.c b/c/tests/test_ecm.c
deleted file mode 100755
index c96e4ab..0000000
--- a/c/tests/test_ecm.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH API Functions only - suitable for testing Montgomery curves */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "ecdh.h"
-
-int main()
-{
- int i,j=0,res;
- int result;
- unsigned long ran;
- char *pp="M0ng00se";
- /* These octets are automatically protected against buffer overflow attacks */
- /* Note salt must be big enough to include an appended word */
- /* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
- /* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
- char s0[EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],raw[100],key[EAS],salt[32],pw[20];
- octet S0={0,sizeof(s0),s0};
- octet S1={0,sizeof(s1),s1};
- octet W0={0,sizeof(w0),w0};
- octet W1={0,sizeof(w1),w1};
- octet Z0={0,sizeof(z0),z0};
- octet Z1={0,sizeof(z1),z1};
- octet RAW={0,sizeof(raw),raw};
- octet KEY={0,sizeof(key),key};
- octet SALT={0,sizeof(salt),salt};
- octet PW={0,sizeof(pw),pw};
-
- /* Crypto Strong RNG */
- csprng RNG;
- time((time_t *)&ran);
- /* fake random seed source */
- RAW.len=100;
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=4;i<100;i++) RAW.val[i]=i;
-
- ECP_CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-
- SALT.len=8;
- for (i=0;i<8;i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_clear(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
- /* private key S0 of size EGS bytes derived from Password and Salt */
- ECP_PBKDF2(&PW,&SALT,1000,EGS,&S0);
- printf("Alices private key= 0x"); OCT_output(&S0);
-
- /* Generate Key pair S/W */
- ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
-
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
- if (res!=0)
- {
- printf("Alice's ECP Public Key is invalid!\n");
- return 1;
- }
-
- printf("Alice's public key= 0x"); OCT_output(&W0);
-
- /* Random private key for other party */
- ECP_KEY_PAIR_GENERATE(&RNG,&S1,&W1);
- printf("Servers private key= 0x"); OCT_output(&S1);
- printf("Servers public key= 0x"); OCT_output(&W1);
-
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
- if (res!=0)
- {
- printf("Server's ECP Public Key is invalid!\n");
- return 1;
- }
-
- /* Calculate common key using DH - IEEE 1363 method */
-
- ECP_SVDP_DH(&S0,&W1,&Z0);
- ECP_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 1;
- }
-
- ECP_KDF2(&Z0,NULL,EAS,&KEY);
-
- printf("Alice's DH Key= 0x"); OCT_output(&KEY);
- printf("Servers DH Key= 0x"); OCT_output(&KEY);
-
- printf("SUCCESS\n");
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin.c b/c/tests/test_mpin.c
deleted file mode 100755
index b747fc9..0000000
--- a/c/tests/test_mpin.c
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test good token and correct PIN with D-TA. Single pass */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y1[PGS],y2[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y1={sizeof(y1),sizeof(y1),y1};
- octet Y2={sizeof(y2),sizeof(y2),y2};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of Client ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- int TimeValue = 0;
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Single pass MPIN protocol */
- /* Client */
- TimeValue = MPIN_GET_TIME();
- printf("TimeValue %d \n", TimeValue);
- rtn = MPIN_CLIENT(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,NULL,&UT,&TP,NULL,TimeValue,&Y1);
- if (rtn != 0) {
- printf("MPIN_CLIENT ERROR %d\n", rtn);
- return 1;
- }
- printf("Y1 = 0x");
- OCT_output(&Y1);
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server */
- rtn = MPIN_SERVER(date,NULL,&HTID,&Y2,&ServerSecret,NULL,&UT,&SEC,&E,&F,pID,NULL,TimeValue);
- printf("Y2 = 0x");
- OCT_output(&Y2);
- if (rtn != 0) {
- printf("FAILURE Invalid Token Error Code %d\n", rtn);
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin_bad_pin.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin_bad_pin.c b/c/tests/test_mpin_bad_pin.c
deleted file mode 100755
index 454cbfc..0000000
--- a/c/tests/test_mpin_bad_pin.c
+++ /dev/null
@@ -1,256 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test good token and incorrect PIN with D-TA */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- PIN1 = 1234;
- PIN2 = 1237;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 16512;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN(&ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- rtn = MPIN_SERVER_2(date,&HID,&HTID,&Y,&ServerSecret,&U,&UT,&SEC,&E,&F);
- if (rtn != 0) {
- err=MPIN_KANGAROO(&E,&F);
- if (err)
- printf("FAILURE PIN Error %d, Error Code %d\n",err, rtn);
- else
- printf("FAILURE Invalid Token Error Code %d\n", rtn);
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- OCT_output_string(&ID);
- printf("\n");
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin_bad_token.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin_bad_token.c b/c/tests/test_mpin_bad_token.c
deleted file mode 100755
index 61e4838..0000000
--- a/c/tests/test_mpin_bad_token.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test bad token and correct PIN with D-TA */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN(&ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- /* Set SEC to UT to simulate a bad token */
- rtn = MPIN_SERVER_2(date,&HID,&HTID,&Y,&ServerSecret,&U,&UT,&UT,&E,&F);
- if (rtn != 0) {
- err=MPIN_KANGAROO(&E,&F);
- if (err==0) printf("FAILURE Invalid Token Error Code %d\n", rtn);
- else printf("FAILURE PIN Error %d, Error Code %d\n",err, rtn);
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- OCT_output_string(&ID); printf("\n");
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin_expired_tp.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin_expired_tp.c b/c/tests/test_mpin_expired_tp.c
deleted file mode 100755
index cb7f23e..0000000
--- a/c/tests/test_mpin_expired_tp.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test good token and correct PIN with D-TA and expired time permit */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len = 100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- int yesterday = date -1;
- rtn = MPIN_GET_CLIENT_PERMIT(yesterday,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(yesterday,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(yesterday,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(yesterday,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN(&ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- rtn = MPIN_SERVER_2(date,&HID,&HTID,&Y,&ServerSecret,&U,&UT,&SEC,&E,&F);
- if (rtn != 0) {
- err=MPIN_KANGAROO(&E,&F);
- if (err==0) printf("FAILURE Invalid Token Error Code %d\n", rtn);
- else printf("FAILURE PIN Error %d, Error Code %d\n",err, rtn);
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- OCT_output_string(&ID); printf("\n");
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin_good.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin_good.c b/c/tests/test_mpin_good.c
deleted file mode 100755
index d43de5e..0000000
--- a/c/tests/test_mpin_good.c
+++ /dev/null
@@ -1,259 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test good token and correct PIN with D-TA */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of Client ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0)
- {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
-
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- return 1;
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- rtn = MPIN_SERVER_2(date,&HID,&HTID,&Y,&ServerSecret,&U,&UT,&SEC,&E,&F);
- if (rtn != 0) {
- err=MPIN_KANGAROO(&E,&F);
- if (err==0) {
- printf("FAILURE Invalid Token Error Code %d\n", rtn);
- } else {
- printf("FAILURE PIN Error %d, Error> Code %d\n",err, rtn);
- }
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin_random.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin_random.c b/c/tests/test_mpin_random.c
deleted file mode 100755
index 645cb19..0000000
--- a/c/tests/test_mpin_random.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test good token and correct PIN with D-TA */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "config.h"
-#include "mpin.h"
-
-// Define PIN range:
-#define MAX_RANGE 10000
-
-void rand_str(char *dest, size_t length,csprng *RNG) {
- BIG r;
- char charset[] = "0123456789@.*"
- "abcdefghijklmnopqrstuvwxyz"
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
- while (length-- > 0) {
- BIG_random(r,RNG);
- size_t index = r[0] % (sizeof charset);
- *dest++ = charset[index];
- }
- *dest = '\0';
-}
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err,iter;
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- octet *pID;
-
- int date = 0;
-
- unsigned long ran;
- int byte_count = 32;
- FILE *fp;
- char seed[32] = {0};
- octet SEED = {sizeof(seed),sizeof(seed),seed};
- csprng RNG;
-
-#ifdef __linux__
- size_t readSize;
- fp = fopen("/dev/urandom", "r");
- readSize = fread(&seed, 1, byte_count, fp);
- fclose(fp);
-#else
- /* non random seed value! */
- time((time_t *)&ran);
- SEED.val[0]=ran;
- SEED.val[1]=ran>>8;
- SEED.val[2]=ran>>16;
- SEED.val[3]=ran>>24;
- for (i=4;i<byte_count;i++) SEED.val[i]=i+1;
-#endif
- printf("SEED 0x");
- OCT_output(&SEED);
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- for(iter=1; iter<nRandomTests+1; iter++)
- {
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Assign the End-User an ID */
- char id[256];
- octet ID = {0,sizeof(id),id};
- rand_str(id,256,&RNG);
- OCT_jstring(&ID,id);
- printf("CLIENT: ID %s\n", id);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- srand ( time (NULL) );
- PIN1 = rand()%MAX_RANGE; // Get random between 0 and MAX_RANGE
- PIN2 = PIN1;
- printf("PIN1 %d PIN2 %d\n", PIN1, PIN2);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
-
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- return 1;
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- rtn = MPIN_SERVER_2(date,&HID,&HTID,&Y,&ServerSecret,&U,&UT,&SEC,&E,&F);
- if (rtn != 0) {
- err=MPIN_KANGAROO(&E,&F);
- if (err==0) {
- printf("Iteration %d FAILURE Invalid Token Error Code %d\n", iter, rtn);
- return 1;
- } else {
- printf("Iteration %d FAILURE PIN Error %d, Error Code %d\n", iter, err, rtn);
- return 1;
- }
- } else {
- printf("Iteration %d SUCCESS Error Code %d\n\n", iter, rtn);
- }
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin_sign.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin_sign.c b/c/tests/test_mpin_sign.c
deleted file mode 100755
index 7743e66..0000000
--- a/c/tests/test_mpin_sign.c
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test M-Pin Signature */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- int failure = 0;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- // Message to sign
- char m[256];
- octet M={0,sizeof(m),m};
-
- char x[PGS],y1[PGS],y2[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y1={sizeof(y1),sizeof(y1),y1};
- octet Y2={sizeof(y2),sizeof(y2),y2};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of Client ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
-
-
- int TimeValue = 0;
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Good signature */
-
- /* Client */
- char* message = "sign this message";
- OCT_jstring(&M,message);
- TimeValue = MPIN_GET_TIME();
- printf("TimeValue %d \n", TimeValue);
- rtn = MPIN_CLIENT(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,NULL,&UT,&TP,&M,TimeValue,&Y1);
- if (rtn != 0) {
- printf("MPIN_CLIENT ERROR %d\n", rtn);
- return 1;
- }
- printf("Y1 = 0x");
- OCT_output(&Y1);
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server */
- rtn = MPIN_SERVER(date,NULL,&HTID,&Y2,&ServerSecret,NULL,&UT,&SEC,&E,&F,pID,&M,TimeValue);
- printf("Y2 = 0x");
- OCT_output(&Y2);
- if (rtn != 0) {
- failure = 1;
- printf("FAILURE valid signature not detected %d\n", rtn);
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- }
-
- /* Time stamp expired */
-
- /* Client */
- OCT_clear(&M);
- message = "sign this message";
- OCT_jstring(&M,message);
- TimeValue = MPIN_GET_TIME();
- printf("TimeValue %d \n", TimeValue);
- rtn = MPIN_CLIENT(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,NULL,&UT,&TP,&M,TimeValue,&Y1);
- if (rtn != 0) {
- printf("MPIN_CLIENT ERROR %d\n", rtn);
- return 1;
- }
- printf("Y1 = 0x");
- OCT_output(&Y1);
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server */
- TimeValue += 10;
- rtn = MPIN_SERVER(date,NULL,&HTID,&Y2,&ServerSecret,NULL,&UT,&SEC,&E,&F,pID,&M,TimeValue);
- printf("Y2 = 0x");
- OCT_output(&Y2);
- if (rtn != -19) {
- failure = 1;
- printf("FAILURE Invalid signature not detected %d\n", rtn);
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- }
-
- /* Invalid data */
-
- /* Client */
- OCT_clear(&M);
- message = "sign this message";
- OCT_jstring(&M,message);
- TimeValue = MPIN_GET_TIME();
- printf("TimeValue %d \n", TimeValue);
- rtn = MPIN_CLIENT(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,NULL,&UT,&TP,&M,TimeValue,&Y1);
- if (rtn != 0) {
- printf("MPIN_CLIENT ERROR %d\n", rtn);
- return 1;
- }
- printf("Y1 = 0x");
- OCT_output(&Y1);
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server */
- OCT_clear(&M);
- message = "bad message";
- OCT_jstring(&M,message);
- rtn = MPIN_SERVER(date,NULL,&HTID,&Y2,&ServerSecret,NULL,&UT,&SEC,&E,&F,pID,&M,TimeValue);
- printf("Y2 = 0x");
- OCT_output(&Y2);
- if (rtn != -19) {
- failure = 1;
- printf("FAILURE Invalid signature not detected %d\n", rtn);
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- }
-
- if (failure != 0) {
- printf("TEST FAILED\n");
- return 1;
- }
-
- printf("TEST PASSED\n");
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpin_tp.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpin_tp.c b/c/tests/test_mpin_tp.c
deleted file mode 100755
index 05562b9..0000000
--- a/c/tests/test_mpin_tp.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test good token and correct PIN with D-TA for
- nTimePermitTests days in the future */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "config.h"
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err,iter;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- octet *pID;
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- for(iter=1; iter<nTimePermitTests+1; iter++)
- {
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- return 1;
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- rtn = MPIN_SERVER_2(date,&HID,&HTID,&Y,&ServerSecret,&U,&UT,&SEC,&E,&F);
- if (rtn != 0) {
- err=MPIN_KANGAROO(&E,&F);
- if (err==0) {
- printf("Iteration %d FAILURE Invalid Token Error Code %d\n", iter, rtn);
- break;
- } else {
- printf("Iteration %d FAILURE PIN Error %d, Error Code %d\n", iter, err, rtn);
- break;
- }
- } else {
- printf("Iteration %d SUCCESS Error Code %d\n", iter, rtn);
- }
- date++;
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpinfull.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpinfull.c b/c/tests/test_mpinfull.c
deleted file mode 100755
index 10cc857..0000000
--- a/c/tests/test_mpinfull.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test M-Pin Full */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of client ID */
- char hcid[HASH_BYTES];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
- char hsid[HASH_BYTES];
- octet HSID={sizeof(hsid),sizeof(hsid), hsid};
-
- /* Hash values of messages */
- char hm[HASH_BYTES];
- octet HM={sizeof(hm),sizeof(hm), hm};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on device */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- /* Precomputed values stored on device */
- char g1[12*PFS],g2[12*PFS];
- octet G1={0,sizeof(g1),g1};
- octet G2={0,sizeof(g2),g2};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- char r[PGS],z[2*PFS+1],w[PGS],t[2*PFS+1];
-
- char ck[PAS],sk[PAS];
- octet R={0,sizeof(r),r};
- octet Z={0,sizeof(z),z};
- octet W={0,sizeof(w),w};
- octet T={0,sizeof(t),t};
- octet SK={0,sizeof(sk),sk};
- octet CK={0,sizeof(ck),ck};
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* This encoding makes Time permit look random */
- if (MPIN_ENCODING(&RNG,&TP)!=0) printf("Encoding error\n");
- printf("Encoded Time Permit= "); OCT_output(&TP);
- if (MPIN_DECODING(&TP)!=0) printf("Decoding error\n");
- printf("Decoded Time Permit= "); OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Client precomputation */
- MPIN_PRECOMPUTE(&TOKEN,&HCID,&G1,&G2);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Client sends Z=r.ID to Server */
- MPIN_GET_G1_MULTIPLE(&RNG,1,&R,&HCID,&Z);
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Server sends T=w.ID to client */
- MPIN_GET_G1_MULTIPLE(&RNG,0,&W,&HTID,&T);
- printf("T = 0x");
- OCT_output(&T);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- rtn = MPIN_SERVER_2(date,NULL,&HTID,&Y,&ServerSecret,NULL,&UT,&SEC,&E,&F);
- if (rtn != 0) {
- printf("FAILURE Invalid Token Error Code %d\n", rtn);
- }
-
- MPIN_HASH_ALL(&HCID,NULL,&UT,&SEC,&Y,&Z,&T,&HM);
- MPIN_CLIENT_KEY(&G1,&G2,PIN2,&R,&X,&HM,&T,&CK);
- printf("Client Key = ");
- OCT_output(&CK);
-
- /* Server will use the hashed ID if anonymous connection required.
- MPIN_HASH_ID(&ID,&HSID);
- MPIN_HASH_ALL(&HSID,NULL,&UT,&SEC,&Y,&Z,&T,&HM);
- */
- MPIN_SERVER_KEY(&Z,&ServerSecret,&W,&HM,&HID,NULL,&UT,&SK);
- printf("Server Key = ");
- OCT_output(&SK);
-
- if (!OCT_comp(&CK,&SK)) {
- printf("FAILURE Keys are different\n");
- return 1;
- }
-
- printf("SUCCESS\n");
- return 0;
-}
[22/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/FF.js
----------------------------------------------------------------------
diff --git a/js/FF.js b/js/FF.js
deleted file mode 100755
index 5a1aba0..0000000
--- a/js/FF.js
+++ /dev/null
@@ -1,928 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL FF number class */
-
-/* General purpose Constructor */
-var FF = function(n) {
- this.v=new Array(n);
- this.length=n;
- for (var i=0;i<n;i++)
- this.v[i]=new BIG(0);
-};
-
-FF.prototype={
-/* set to zero */
-
- P_EXCESS: function()
- {
- return ((this.v[this.length-1].get(ROM.NLEN-1)&FF.P_OMASK)>>(FF.P_MB));
- },
-
- zero: function()
- {
- for (var i=0;i<this.length;i++) this.v[i].zero();
- return this;
- },
-
- getlen: function()
- {
- return this.length;
- },
-
-/* set to integer */
- set: function(m)
- {
- this.zero();
- this.v[0].set(0,(m&ROM.MASK));
- this.v[0].set(1,(m>>ROM.BASEBITS));
- },
-/* copy from FF b */
- copy: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].copy(b.v[i]);
- }
- },
-/* copy from FF b */
- rcopy: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].rcopy(b[i]);
- }
- },
-/* x=y<<n */
- dsucopy: function(b)
- {
- for (var i=0;i<b.length;i++)
- {
- this.v[b.length+i].copy(b.v[i]);
- this.v[i].zero();
- }
- },
-/* x=y */
- dscopy: function(b)
- {
- for (var i=0;i<b.length;i++)
- {
- this.v[i].copy(b.v[i]);
- this.v[b.length+i].zero();
- }
- },
-
-/* x=y>>n */
- sducopy: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].copy(b.v[this.length+i]);
- }
- },
- one: function()
- {
- this.v[0].one();
- for (var i=1;i<this.length;i++)
- {
- this.v[i].zero();
- }
- },
-/* test equals 0 */
- iszilch: function()
- {
- for (var i=0;i<this.length;i++)
- {
- if (!this.v[i].iszilch()) return false;
- }
- return true;
- },
-/* shift right by 256-bit words */
- shrw: function(n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[i].copy(this.v[i+n]);
- this.v[i+n].zero();
- }
- },
-
-/* shift left by 256-bit words */
- shlw: function(n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[n+i].copy(this.v[i]);
- this.v[i].zero();
- }
- },
-/* extract last bit */
- parity: function()
- {
- return this.v[0].parity();
- },
-
- lastbits: function(m)
- {
- return this.v[0].lastbits(m);
- },
-
-
-/* recursive add */
- radd: function(vp,x,xp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].copy(x.v[xp+i]);
- this.v[vp+i].add(y.v[yp+i]);
- }
- },
-
-/* recursive inc */
- rinc: function(vp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].add(y.v[yp+i]);
- }
- },
-
-/* recursive sub */
- rsub: function(vp,x,xp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].copy(x.v[xp+i]);
- this.v[vp+i].sub(y.v[yp+i]);
- }
- },
-
-/* recursive dec */
- rdec: function(vp,y,yp,n)
- {
- for (var i=0;i<n;i++)
- {
- this.v[vp+i].sub(y.v[yp+i]);
- }
- },
-
-/* simple add */
- add: function(b)
- {
- for (var i=0;i<this.length;i++)
- this.v[i].add(b.v[i]);
- },
-
-/* simple sub */
- sub: function(b)
- {
- for (var i=0;i<this.length;i++)
- this.v[i].sub(b.v[i]);
- },
-
-/* reverse sub */
- revsub: function(b)
- {
- for (var i=0;i<this.length;i++)
- this.v[i].rsub(b.v[i]);
- },
-
-/* increment/decrement by a small integer */
- inc: function(m)
- {
- this.v[0].inc(m);
- this.norm();
- },
-
- dec: function(m)
- {
- this.v[0].dec(m);
- this.norm();
- },
-
- /* normalise - but hold any overflow in top part unless n<0 */
- rnorm: function(vp,n)
- {
- var trunc=false;
- var i,carry;
- if (n<0)
- { /* -v n signals to do truncation */
- n=-n;
- trunc=true;
- }
- for (i=0;i<n-1;i++)
- {
- carry=this.v[vp+i].norm();
- this.v[vp+i].xortop(carry<<FF.P_TBITS);
- this.v[vp+i+1].inc(carry);
- }
- carry=this.v[vp+n-1].norm();
- if (trunc)
- this.v[vp+n-1].xortop(carry<<FF.P_TBITS);
- return this;
- },
- norm: function()
- {
- this.rnorm(0,this.length);
- },
-
-/* shift left by one bit */
- shl: function()
- {
- var i,carry,delay_carry=0;
- for (i=0;i<this.length-1;i++)
- {
- carry=this.v[i].fshl(1);
- this.v[i].inc(delay_carry);
- this.v[i].xortop(carry<<FF.P_TBITS);
- delay_carry=carry;
- }
- this.v[this.length-1].fshl(1);
- this.v[this.length-1].inc(delay_carry);
- },
-
-/* shift right by one bit */
- shr: function()
- {
- var i,carry;
- for (i=this.length-1;i>0;i--)
- {
- carry=this.v[i].fshr(1);
- this.v[i-1].ortop(carry<<FF.P_TBITS);
- }
- this.v[0].fshr(1);
- },
-
-/* Convert to Hex String */
- toString: function()
- {
- this.norm();
- var s="";
-
- for (var i=this.length-1;i>=0;i--)
- {
- s+=this.v[i].toString();
- }
- return s;
- },
-/* Convert FFs to/from byte arrays */
- toBytes: function(b)
- {
- for (var i=0;i<this.length;i++)
- {
- this.v[i].tobytearray(b,(this.length-i-1)*ROM.MODBYTES);
- }
- },
-
-/* z=x*y, t is workspace */
- karmul: function(vp,x,xp,y,yp,t,tp,n)
- {
- var nd2;
- if (n==1)
- {
- var d=BIG.mul(x.v[xp],y.v[yp]);
- this.v[vp+1]=d.split(8*ROM.MODBYTES);
- this.v[vp].copy(d);
- return;
- }
- nd2=n/2;
- this.radd(vp,x,xp,x,xp+nd2,nd2);
- this.radd(vp+nd2,y,yp,y,yp+nd2,nd2);
- t.karmul(tp,this,vp,this,vp+nd2,t,tp+n,nd2);
- this.karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- this.karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- t.rdec(tp,this,vp,n);
- t.rdec(tp,this,vp+n,n);
- this.rinc(vp+nd2,t,tp,n);
- this.rnorm(vp,2*n);
- },
-
- karsqr: function(vp,x,xp,t,tp,n)
- {
- var nd2;
- if (n==1)
- {
- var d=BIG.sqr(x.v[xp]);
- this.v[vp+1].copy(d.split(8*ROM.MODBYTES));
- this.v[vp].copy(d);
- return;
- }
-
- nd2=n/2;
- this.karsqr(vp,x,xp,t,tp+n,nd2);
- this.karsqr(vp+n,x,xp+nd2,t,tp+n,nd2);
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- this.rinc(vp+nd2,t,tp,n);
- this.rinc(vp+nd2,t,tp,n);
- this.rnorm(vp+nd2,n);
- },
-
- karmul_lower: function(vp,x,xp,y,yp,t,tp,n)
- { /* Calculates Least Significant bottom half of x*y */
- var nd2;
- if (n==1)
- { /* only calculate bottom half of product */
- this.v[vp].copy(BIG.smul(x.v[xp],y.v[yp]));
- return;
- }
- nd2=n/2;
-
- this.karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- this.rinc(vp+nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- this.rinc(vp+nd2,t,tp,nd2);
- this.rnorm(vp+nd2,-nd2); /* truncate it */
- },
-
- karmul_upper: function(x,y,t,n)
- { /* Calculates Most Significant upper half of x*y, given lower part */
- var nd2;
-
- nd2=n/2;
- this.radd(n,x,0,x,nd2,nd2);
- this.radd(n+nd2,y,0,y,nd2,nd2);
-
- t.karmul(0,this,n+nd2,this,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- this.karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,this,n,n); /* t=t-a1b1 */
- this.rinc(nd2,this,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- this.rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- this.rnorm(0,-n); /* a0b0 now in z - truncate it */
- t.rdec(0,this,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- this.rinc(nd2,t,0,n);
-
- this.rnorm(nd2,n);
- },
-
-/* return low part of product this*y */
- lmul: function(y)
- {
- var n=this.length;
- var t=new FF(2*n);
- var x=new FF(n); x.copy(this);
- this.karmul_lower(0,x,0,y,0,t,0,n);
- },
-
-/* Set b=b mod c */
- mod: function(c)
- {
- var k=0;
-
- this.norm();
- if (FF.comp(this,c)<0)
- return;
- do
- {
- c.shl();
- k++;
- } while (FF.comp(this,c)>=0);
-
- while (k>0)
- {
- c.shr();
- if (FF.comp(this,c)>=0)
- {
- this.sub(c);
- this.norm();
- }
- k--;
- }
- },
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
- reduce: function(N,ND)
- { /* fast karatsuba Montgomery reduction */
- var n=N.length;
- var t=new FF(2*n);
- var r=new FF(n);
- var m=new FF(n);
-
- r.sducopy(this);
- m.karmul_lower(0,this,0,ND,0,t,0,n);
- this.karmul_upper(N,m,t,n);
- m.sducopy(this);
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
-
- },
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
- dmod: function(b)
- {
- var k,n=b.length;
- var m=new FF(2*n);
- var x=new FF(2*n);
- var r=new FF(n);
-
- x.copy(this);
- x.norm();
- m.dsucopy(b); k=256*n;
-
- while (k>0)
- {
- m.shr();
-
- if (FF.comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
- k--;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- },
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
- invmodp: function(p)
- {
- var n=p.length;
-
- var u=new FF(n);
- var v=new FF(n);
- var x1=new FF(n);
- var x2=new FF(n);
- var t=new FF(n);
- var one=new FF(n);
-
- one.one();
- u.copy(this);
- v.copy(p);
- x1.copy(one);
- x2.zero();
-
- // reduce n in here as well!
- while (FF.comp(u,one)!==0 && FF.comp(v,one)!==0)
- {
- while (u.parity()===0)
- {
- u.shr();
- if (x1.parity()!==0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr();
- }
- while (v.parity()===0)
- {
- v.shr();
- if (x2.parity()!==0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr();
- }
- if (FF.comp(u,v)>=0)
- {
-
- u.sub(v);
- u.norm();
- if (FF.comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (FF.comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (FF.comp(u,one)===0)
- this.copy(x1);
- else
- this.copy(x2);
- },
-
-/* nresidue mod m */
- nres: function(m)
- {
- var n=m.length;
- var d=new FF(2*n);
- d.dsucopy(this);
- this.copy(d.dmod(m));
- },
-
- redc: function(m,ND)
- {
- var n=m.length;
- var d=new FF(2*n);
- this.mod(m);
- d.dscopy(this);
- this.copy(d.reduce(m,ND));
- this.mod(m);
- },
-
- mod2m: function(m)
- {
- for (var i=m;i<this.length;i++)
- this.v[i].zero();
- },
-
- /* U=1/a mod 2^m - Arazi & Qi */
- invmod2m: function()
- {
- var i,n=this.length;
-
- var b=new FF(n);
- var c=new FF(n);
- var U=new FF(n);
-
- var t;
-
- U.zero();
- U.v[0].copy(this.v[0]);
- U.v[0].invmod2m();
-
- for (i=1;i<n;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- t=FF.mul(U,b); t.shrw(i); b.copy(t);
- c.copy(this); c.shrw(i); c.mod2m(i);
- c.lmul(U); c.mod2m(i);
-
- b.add(c); b.norm();
- b.lmul(U); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(c); b.norm();
- b.shlw(i);
- U.add(b);
- }
- U.norm();
- return U;
- },
-
- random: function(rng)
- {
- var n=this.length;
- for (var i=0;i<n;i++)
- {
- this.v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (this.v[n-1].nbits()<ROM.MODBYTES*8) this.v[n-1].copy(BIG.random(rng));
-
- },
-
- /* generate random x */
- randomnum: function(p,rng)
- {
- var n=this.length;
- var d=new FF(2*n);
-
- for (var i=0;i<2*n;i++)
- {
- d.v[i].copy(BIG.random(rng));
- }
- this.copy(d.dmod(p));
- },
-
- /* this*=y mod p */
- modmul: function(y,p,nd)
- {
- var ex=this.P_EXCESS();
- var ey=y.P_EXCESS();
- if ((ex+1)*(ey+1)+1>=FF.P_FEXCESS) this.mod(p);
- var d=FF.mul(this,y);
- this.copy(d.reduce(p,nd));
- },
-
- /* this*=y mod p */
- modsqr: function(p,nd)
- {
- var ex=this.P_EXCESS();
- if ((ex+1)*(ex+1)+1>=FF.P_FEXCESS) this.mod(p);
- var d=FF.sqr(this);
- this.copy(d.reduce(p,nd));
- },
-
- /* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
- skpow: function(e,p)
- {
- var i,b,n=p.length;
- var R0=new FF(n);
- var R1=new FF(n);
- var ND=p.invmod2m();
-
- this.mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
-
- b=e.v[Math.floor(i/256)].bit(i%256);
-
- this.copy(R0);
- this.modmul(R1,p,ND);
-
- FF.cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- FF.cswap(R0,R1,b);
-
- }
-
- this.copy(R0);
- this.redc(p,ND);
- },
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- skspow: function(e,p)
- {
- var i,b,n=p.length;
- var R0=new FF(n);
- var R1=new FF(n);
- var ND=p.invmod2m();
-
- this.mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- b=e.bit(i);
- this.copy(R0);
- this.modmul(R1,p,ND);
-
- FF.cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- FF.cswap(R0,R1,b);
- }
- this.copy(R0);
- this.redc(p,ND);
- },
-
- /* raise to an integer power - right-to-left method */
- power: function(e,p)
- {
- var n=p.length;
- var f=true;
- var w=new FF(n);
- var ND=p.invmod2m();
-
- w.copy(this);
- w.nres(p);
-
- if (e==2)
- {
- this.copy(w);
- this.modsqr(p,ND);
- }
- else for (; ; )
- {
- if (e%2==1)
- {
- if (f) this.copy(w);
- else this.modmul(w,p,ND);
- f=false;
- }
- e>>=1;
- if (e===0) break;
- w.modsqr(p,ND);
- }
- this.redc(p,ND);
- },
-
- /* this=this^e mod p, faster but not side channel resistant */
- pow: function(e,p)
- {
- var i,b,n=p.length;
- var w=new FF(n);
- var ND=p.invmod2m();
-
- w.copy(this);
- this.one();
- this.nres(p);
- w.nres(p);
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- this.modsqr(p,ND);
- b=e.v[Math.floor(i/256)].bit(i%256);
- if (b==1) this.modmul(w,p,ND);
- }
- this.redc(p,ND);
- },
-
- /* double exponentiation r=x^e.y^f mod p */
- pow2: function(e,y,f,p)
- {
- var i,eb,fb,n=p.length;
- var xn=new FF(n);
- var yn=new FF(n);
- var xy=new FF(n);
- var ND=p.invmod2m();
-
- xn.copy(this);
- yn.copy(y);
- xn.nres(p);
- yn.nres(p);
- xy.copy(xn); xy.modmul(yn,p,ND);
- this.one();
- this.nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- eb=e.bit(i);
- fb=f.bit(i);
- this.modsqr(p,ND);
- if (eb==1)
- {
- if (fb==1) this.modmul(xy,p,ND);
- else this.modmul(xn,p,ND);
- }
- else
- {
- if (fb==1) this.modmul(yn,p,ND);
- }
- }
- this.redc(p,ND);
- },
-
- /* quick and dirty check for common factor with n */
- cfactor: function(s)
- {
- var r,n=this.length;
- var g;
-
- var x=new FF(n);
- var y=new FF(n);
- y.set(s);
-
- x.copy(this);
- x.norm();
-
- do
- {
- x.sub(y);
- x.norm();
- while (!x.iszilch() && x.parity()===0) x.shr();
- }
- while (FF.comp(x,y)>0);
-
- g=x.v[0].get(0);
- r=FF.igcd(s,g);
- if (r>1) return true;
- return false;
- }
-
-
-};
-
-FF.P_MBITS=ROM.MODBYTES*8;
-FF.P_MB=(FF.P_MBITS%ROM.BASEBITS);
-FF.P_OMASK=((-1)<<(FF.P_MBITS%ROM.BASEBITS));
-FF.P_FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-FF.P_MBITS));
-FF.P_TBITS=(FF.P_MBITS%ROM.BASEBITS);
-
-
-/* compare x and y - must be normalised, and of same length */
-FF.comp=function(a,b)
-{
- var i,j;
- for (i=a.length-1;i>=0;i--)
- {
- j=BIG.comp(a.v[i],b.v[i]);
- if (j!==0) return j;
- }
- return 0;
-};
-
-FF.fromBytes=function(x,b)
-{
- for (var i=0;i<x.length;i++)
- {
- x.v[i]=BIG.frombytearray(b,(x.length-i-1)*ROM.MODBYTES);
- }
-};
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
-FF.cswap=function(a,b,d)
-{
- for (var i=0;i<a.length;i++)
- {
- // BIG.cswap(a.v[i],b.v[i],d);
- a.v[i].cswap(b.v[i],d);
- }
-};
-
- /* z=x*y. Assumes x and y are of same length. */
-FF.mul=function(x,y)
-{
- var n=x.length;
- var z=new FF(2*n);
- var t=new FF(2*n);
- z.karmul(0,x,0,y,0,t,0,n);
- return z;
-};
-
- /* z=x^2 */
-FF.sqr=function(x)
-{
- var n=x.length;
- var z=new FF(2*n);
- var t=new FF(2*n);
- z.karsqr(0,x,0,t,0,n);
- return z;
-};
-
-FF.igcd=function(x,y)
-{ /* integer GCD, returns GCD of x and y */
- var r;
- if (y===0) return x;
- while ((r=x%y)!==0)
- {x=y;y=r;}
- return y;
-};
-
-/* Miller-Rabin test for primality. Slow. */
-FF.prime=function(p,rng)
-{
- var i,j,s=0,n=p.length;
- var loop;
- var d=new FF(n);
- var x=new FF(n);
- var unity=new FF(n);
- var nm1=new FF(n);
-
- var sf=4849845; /* 3*5*.. *19 */
- p.norm();
-
- if (p.cfactor(sf)) return false;
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity()===0)
- {
- d.shr();
- s++;
- }
- if (s===0) return false;
-
- for (i=0;i<10;i++)
- {
- x.randomnum(p,rng);
- x.pow(d,p);
- if (FF.comp(x,unity)===0 || FF.comp(x,nm1)===0) continue;
- loop=false;
- for (j=1;j<s;j++)
- {
- x.power(2,p);
- if (FF.comp(x,unity)===0) return false;
- if (FF.comp(x,nm1)===0) {loop=true; break;}
- }
- if (loop) continue;
- return false;
- }
- return true;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/FP.js
----------------------------------------------------------------------
diff --git a/js/FP.js b/js/FP.js
deleted file mode 100755
index 37aa5de..0000000
--- a/js/FP.js
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic */
-/* AMCL mod p functions */
-
-/* General purpose COnstructor */
-var FP = function(x) {
- if (x instanceof FP)
- {
- this.f=new BIG(x.f);
- }
- else
- {
- this.f=new BIG(x);
- this.nres();
- }
-};
-
-FP.prototype={
-/* set this=0 */
- zero: function()
- {
- return this.f.zero();
- },
-
-/* copy from a BIG in ROM */
- rcopy: function(y)
- {
- this.f.rcopy(y);
- this.nres();
- },
-
-/* copy from another BIG */
- bcopy: function(y)
- {
- this.f.copy(y);
- this.nres();
- },
-
-/* copy from another FP */
- copy: function(y)
- {
- return this.f.copy(y.f);
- },
-
-/* conditional swap of a and b depending on d */
- cswap: function(b,d)
- {
- this.f.cswap(b.f,d);
- },
-
-/* conditional copy of b to a depending on d */
- cmove: function(b,d)
- {
- this.f.cmove(b.f,d);
- },
-
-/* convert to Montgomery n-residue form */
- nres: function()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE)
- {
- var p=new BIG();
- p.rcopy(ROM.Modulus);
- var d=new DBIG(0);
- d.hcopy(this.f);
- d.norm();
- d.shl(ROM.NLEN*ROM.BASEBITS);
- this.f.copy(d.mod(p));
-
- }
- return this;
- },
-
-/* convert back to regular form */
- redc: function()
- {
- var r=new BIG(0);
- r.copy(this.f);
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE)
- {
- var d=new DBIG(0);
- d.hcopy(this.f);
- r.copy(BIG.mod(d));
- }
-
- return r;
- },
-
-/* convert this to string */
- toString: function()
- {
- var s=this.redc().toString();
- return s;
- },
-
-/* test this=0 */
- iszilch: function()
- {
- this.reduce();
- return this.f.iszilch();
- },
-
-/* reduce this mod Modulus */
- reduce: function()
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- return this.f.mod(p);
- },
-
-/* set this=1 */
- one: function()
- {
- this.f.one();
- return this.nres();
- },
-
-/* normalise this */
- norm: function()
- {
- return this.f.norm();
- },
-
-/* this*=b mod Modulus */
- mul: function(b)
- {
- var ea=BIG.EXCESS(this.f);
- var eb=BIG.EXCESS(b.f);
- if ((ea+1)*(eb+1)+1>=ROM.FEXCESS) this.reduce();
- var d=BIG.mul(this.f,b.f);
- this.f.copy(BIG.mod(d));
- return this;
- },
-
-/* this*=c mod Modulus where c is an int */
- imul: function(c)
- {
- var s=false;
- this.norm();
- if (c<0)
- {
- c=-c;
- s=true;
- }
-
- var afx=(BIG.EXCESS(this.f)+1)*(c+1)+1;
- if (c<ROM.NEXCESS && afx<ROM.FEXCESS)
- {
- this.f.imul(c);
- }
- else
- {
- if (afx<ROM.FEXCESS) this.f.pmul(c);
- else
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- var d=this.f.pxmul(c);
- this.f.copy(d.mod(p));
- }
- }
- if (s) this.neg();
- return this.norm();
- },
-
-/* this*=this mod Modulus */
- sqr: function()
- {
- var d;
- var ea=BIG.EXCESS(this.f);
- if ((ea+1)*(ea+1)+1>=ROM.FEXCESS) this.reduce();
- d=BIG.sqr(this.f);
- var t=BIG.mod(d);
- this.f.copy(t);
- return this;
- },
-
-/* this+=b */
- add: function(b)
- {
- this.f.add(b.f);
- if (BIG.EXCESS(this.f)+2>=ROM.FEXCESS) this.reduce();
- return this;
- },
-/* this=-this mod Modulus */
- neg: function()
- {
- var sb,ov;
- var m=new BIG(0);
- m.rcopy(ROM.Modulus);
-
- this.norm();
- ov=BIG.EXCESS(this.f);
- sb=1; while(ov!==0) {sb++;ov>>=1;}
-
- m.fshl(sb);
- this.f.rsub(m);
- if (BIG.EXCESS(this.f)>=ROM.FEXCESS) this.reduce();
- return this;
- },
-
-/* this-=b */
- sub: function(b)
- {
- var n=new FP(0);
- n.copy(b);
- n.neg();
- this.add(n);
- return this;
- },
-
-/* this/=2 mod Modulus */
- div2: function()
- {
- this.norm();
- if (this.f.parity()===0)
- this.f.fshr(1);
- else
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
-
- this.f.add(p);
- this.f.norm();
- this.f.fshr(1);
- }
- return this;
- },
-
-/* this=1/this mod Modulus */
- inverse: function()
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- var r=this.redc();
- r.invmodp(p);
- this.f.copy(r);
- return this.nres();
- },
-
-/* return TRUE if this==a */
- equals: function(a)
- {
- a.reduce();
- this.reduce();
- if (BIG.comp(a.f,this.f)===0) return true;
- return false;
- },
-
-/* return this^e mod Modulus */
- pow: function(e)
- {
- var bt;
- var r=new FP(1);
- e.norm();
- this.norm();
- var m=new FP(0);
- m.copy(this);
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(m);
- if (e.iszilch()) break;
- m.sqr();
- }
-
- r.reduce();
- return r;
- },
-
-/* return jacobi symbol (this/Modulus) */
- jacobi: function()
- {
- var p=new BIG(0);
- p.rcopy(ROM.Modulus);
- var w=this.redc();
- return w.jacobi(p);
- },
-
-/* return sqrt(this) mod Modulus */
- sqrt: function()
- {
- this.reduce();
- var b=new BIG(0);
- b.rcopy(ROM.Modulus);
- if (ROM.MOD8==5)
- {
- b.dec(5); b.norm(); b.shr(3);
- var i=new FP(0);
- i.copy(this);
- i.f.shl(1);
- var v=i.pow(b);
- i.mul(v); i.mul(v);
- i.f.dec(1);
- var r=new FP(0);
- r.copy(this);
- r.mul(v); r.mul(i);
- r.reduce();
- return r;
- }
- else
- {
- b.inc(1); b.norm(); b.shr(2);
- return this.pow(b);
- }
- }
-
-};
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/FP12.js
----------------------------------------------------------------------
diff --git a/js/FP12.js b/js/FP12.js
deleted file mode 100755
index 938e727..0000000
--- a/js/FP12.js
+++ /dev/null
@@ -1,558 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-/* general purpose constructor */
-var FP12= function(d,e,f)
-{
- if (d instanceof FP12)
- {
- this.a=new FP4(d.a);
- this.b=new FP4(d.b);
- this.c=new FP4(d.c);
- }
- else
- {
- this.a=new FP4(d);
- this.b=new FP4(e);
- this.c=new FP4(f);
- }
-};
-
-FP12.prototype={
-/* reduce all components of this mod Modulus */
- reduce: function()
- {
- this.a.reduce();
- this.b.reduce();
- this.c.reduce();
- },
-/* normalize all components of this mod Modulus */
- norm: function()
- {
- this.a.norm();
- this.b.norm();
- this.c.norm();
- },
-/* test x==0 ? */
- iszilch: function()
- {
- this.reduce();
- return (this.a.iszilch() && this.b.iszilch() && this.c.iszilch());
- },
-/* test x==1 ? */
- isunity: function()
- {
- var one=new FP4(1);
- return (this.a.equals(one) && this.b.iszilch() && this.b.iszilch());
- },
-/* extract a from this */
- geta: function()
- {
- return this.a;
- },
-/* extract b */
- getb: function()
- {
- return this.b;
- },
-/* extract c */
- getc: function()
- {
- return this.c;
- },
-/* return 1 if x==y, else 0 */
- equals: function(x)
- {
- return (this.a.equals(x.a) && this.b.equals(x.b)&& this.c.equals(x.c));
- },
-/* copy this=x */
- copy: function(x)
- {
- this.a.copy(x.a);
- this.b.copy(x.b);
- this.c.copy(x.c);
- },
-/* set this=1 */
- one: function()
- {
- this.a.one();
- this.b.zero();
- this.c.zero();
- },
-/* this=conj(this) */
- conj: function()
- {
- this.a.conj();
- this.b.nconj();
- this.c.conj();
- },
-
-/* set this from 3 FP4s */
- set: function(d,e,f)
- {
- this.a.copy(d);
- this.b.copy(e);
- this.c.copy(f);
- },
-/* set this from one FP4 */
- seta: function(d)
- {
- this.a.copy(d);
- this.b.zero();
- this.c.zero();
- },
-
-/* Granger-Scott Unitary Squaring */
- usqr: function()
- {
- var A=new FP4(this.a); //A.copy(this.a);
- var B=new FP4(this.c); //B.copy(this.c);
- var C=new FP4(this.b); //C.copy(this.b);
- var D=new FP4(0);
-
- this.a.sqr();
- D.copy(this.a); D.add(this.a);
- this.a.add(D);
-
- A.nconj();
-
- A.add(A);
- this.a.add(A);
- B.sqr();
- B.times_i();
-
- D.copy(B); D.add(B);
- B.add(D);
-
- C.sqr();
- D.copy(C); D.add(C);
- C.add(D);
-
- this.b.conj();
- this.b.add(this.b);
- this.c.nconj();
-
- this.c.add(this.c);
- this.b.add(B);
- this.c.add(C);
- this.reduce();
- },
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- sqr: function()
- {
- var A=new FP4(this.a); //A.copy(this.a);
- var B=new FP4(this.b); //B.copy(this.b);
- var C=new FP4(this.c); //C.copy(this.c);
- var D=new FP4(this.a); //D.copy(this.a);
-
- A.sqr();
- B.mul(this.c);
- B.add(B);
- C.sqr();
- D.mul(this.b);
- D.add(D);
-
- this.c.add(this.a);
- this.c.add(this.b);
- this.c.sqr();
-
- this.a.copy(A);
-
- A.add(B);
- A.add(C);
- A.add(D);
- A.neg();
- B.times_i();
- C.times_i();
-
- this.a.add(B);
- this.b.copy(C); this.b.add(D);
- this.c.add(A);
-
- this.norm();
- },
-
-/* FP12 full multiplication this=this*y */
- mul: function(y)
- {
- var z0=new FP4(this.a); //z0.copy(this.a);
- var z1=new FP4(0);
- var z2=new FP4(this.b); //z2.copy(this.b);
- var z3=new FP4(0);
- var t0=new FP4(this.a); //t0.copy(this.a);
- var t1=new FP4(y.a); //t1.copy(y.a);
-
- z0.mul(y.a);
- z2.mul(y.b);
-
- t0.add(this.b);
- t1.add(y.b);
-
- z1.copy(t0); z1.mul(t1);
- t0.copy(this.b); t0.add(this.c);
-
- t1.copy(y.b); t1.add(y.c);
- z3.copy(t0); z3.mul(t1);
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- z1.add(t0);
- this.b.copy(z1); this.b.add(t1);
-
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(this.a); t0.add(this.c);
- t1.copy(y.a); t1.add(y.c);
- t0.mul(t1);
- z2.add(t0);
-
- t0.copy(this.c); t0.mul(y.c);
- t1.copy(t0); t1.neg();
-
- this.c.copy(z2); this.c.add(t1);
- z3.add(t1);
- t0.times_i();
- this.b.add(t0);
-
- z3.times_i();
- this.a.copy(z0); this.a.add(z3);
-
- this.norm();
- },
-
-/* Special case this*=y that arises from special form of ATE pairing line function */
- smul: function(y)
- {
- var z0=new FP4(this.a); //z0.copy(this.a);
- var z2=new FP4(this.b); //z2.copy(this.b);
- var z3=new FP4(this.b); //z3.copy(this.b);
- var t0=new FP4(0);
- var t1=new FP4(y.a); //t1.copy(y.a);
-
- z0.mul(y.a);
- z2.pmul(y.b.real());
- this.b.add(this.a);
- t1.real().add(y.b.real());
-
- this.b.mul(t1);
- z3.add(this.c);
- z3.pmul(y.b.real());
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- this.b.add(t0);
-
- this.b.add(t1);
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(this.a); t0.add(this.c);
- t0.mul(y.a);
- this.c.copy(z2); this.c.add(t0);
-
- z3.times_i();
- this.a.copy(z0); this.a.add(z3);
-
- this.norm();
- },
-
-/* this=1/this */
- inverse: function()
- {
- var f0=new FP4(this.a); //f0.copy(this.a);
- var f1=new FP4(this.b); //f1.copy(this.b);
- var f2=new FP4(this.a); //f2.copy(this.a);
- var f3=new FP4(0);
-
- f0.sqr();
- f1.mul(this.c);
- f1.times_i();
- f0.sub(f1);
-
- f1.copy(this.c); f1.sqr();
- f1.times_i();
- f2.mul(this.b);
- f1.sub(f2);
-
- f2.copy(this.b); f2.sqr();
- f3.copy(this.a); f3.mul(this.c);
- f2.sub(f3);
-
- f3.copy(this.b); f3.mul(f2);
- f3.times_i();
- this.a.mul(f0);
- f3.add(this.a);
- this.c.mul(f1);
- this.c.times_i();
-
- f3.add(this.c);
- f3.inverse();
- this.a.copy(f0); this.a.mul(f3);
- this.b.copy(f1); this.b.mul(f3);
- this.c.copy(f2); this.c.mul(f3);
- },
-
-/* this=this^p, where p=Modulus, using Frobenius */
- frob: function(f)
- {
- var f2=new FP2(f);
- var f3=new FP2(f);
-
- f2.sqr();
- f3.mul(f2);
-
- this.a.frob(f3);
- this.b.frob(f3);
- this.c.frob(f3);
-
- this.b.pmul(f);
- this.c.pmul(f2);
- },
-
-/* trace function */
- trace: function()
- {
- var t=new FP4(0);
- t.copy(this.a);
- t.imul(3);
- t.reduce();
- return t;
- },
-/* convert this to hex string */
- toString: function()
- {
- return ("["+this.a.toString()+","+this.b.toString()+","+this.c.toString()+"]");
- },
-/* convert this to byte array */
- toBytes: function(w)
- {
- var i;
- var t=[];
- this.a.geta().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i]=t[i];
- this.a.geta().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+ROM.MODBYTES]=t[i];
- this.a.getb().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+2*ROM.MODBYTES]=t[i];
- this.a.getb().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+3*ROM.MODBYTES]=t[i];
-
- this.b.geta().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+4*ROM.MODBYTES]=t[i];
- this.b.geta().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+5*ROM.MODBYTES]=t[i];
- this.b.getb().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+6*ROM.MODBYTES]=t[i];
- this.b.getb().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+7*ROM.MODBYTES]=t[i];
-
- this.c.geta().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+8*ROM.MODBYTES]=t[i];
- this.c.geta().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+9*ROM.MODBYTES]=t[i];
- this.c.getb().getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+10*ROM.MODBYTES]=t[i];
- this.c.getb().getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) w[i+11*ROM.MODBYTES]=t[i];
- },
-
-/* set this=this^e */
- pow: function(e)
- {
- this.norm();
- e.norm();
- var w=new FP12(this); //w.copy(this);
- var z=new BIG(e); //z.copy(e);
- var r=new FP12(1);
-
- while (true)
- {
- var bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.usqr();
- }
- r.reduce();
- return r;
- },
-
-/* constant time powering by small integer of max length bts */
- pinpow: function(e,bts)
- {
- var i,b;
- var R=[];
- R[0]=new FP12(1);
- R[1]=new FP12(this);
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- R[1-b].mul(R[b]);
- R[b].usqr();
- }
- this.copy(R[0]);
- }
-};
-
-/* convert from byte array to FP12 */
-FP12.fromBytes= function(w)
-{
- var i,a,b,c,d,e,f,g;
- var t=[];
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b); //c.bset(a,b);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+2*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+3*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b); //d.bset(a,b);
-
- e=new FP4(c,d); //e.set(c,d);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+4*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+5*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b); //c.bset(a,b);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+6*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+7*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- f=new FP4(c,d); //f.set(c,d);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+8*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+9*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b); //c.bset(a,b);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+10*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=w[i+11*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b); //d.bset(a,b);
-
- g=new FP4(c,d); //g.set(c,d);
-
- var r=new FP12(e,f,g); //r.set(e,f,g);
-
- return r;
-};
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
-FP12.pow4= function(q,u)
-{
- var i,j,nb,m;
- var a=[];
- var g=[];
- var s=[];
-
- var c=new FP12(1);
- var p=new FP12(0);
- var t=[];
-
- var mt=new BIG(0);
- var w=[];
-
- for (i=0;i<4;i++)
- t[i]=new BIG(u[i]);
-
- s[0]=new FP12(0);
- s[1]=new FP12(0);
-
- g[0]=new FP12(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0]);
- g[1]=new FP12(g[0]);
- g[2]=new FP12(g[0]);
- g[3]=new FP12(g[0]);
- g[4]=new FP12(q[0]); g[4].mul(q[1]);
- g[5]=new FP12(g[4]);
- g[6]=new FP12(g[4]);
- g[7]=new FP12(g[4]);
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0]);
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0]);
- g[2].mul(s[1]);
- g[5].mul(s[0]);
- g[6].mul(s[1]);
- s[1].copy(q[2]); s[1].mul(q[3]);
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0]);
- g[3].mul(s[1]);
- g[4].mul(s[0]);
- g[7].mul(s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
-
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- c.mul(q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
- c.conj();
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
- p.copy(g[Math.floor((w[nb]-1)/2)]);
-
- for (i=nb-1;i>=0;i--)
- {
- m=w[i]>>31;
- j=(w[i]^m)-m; /* j=abs(w[i]) */
- j=(j-1)/2;
- s[0].copy(g[j]); s[1].copy(g[j]); s[1].conj();
- p.usqr();
- p.mul(s[m&1]);
- }
- p.mul(c); /* apply correction */
- p.reduce();
- return p;
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/FP2.js
----------------------------------------------------------------------
diff --git a/js/FP2.js b/js/FP2.js
deleted file mode 100755
index b9b9942..0000000
--- a/js/FP2.js
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-/* general purpose constructor */
-var FP2 =function(c,d)
-{
- if (c instanceof FP2)
- {
- this.a=new FP(c.a);
- this.b=new FP(c.b);
- }
- else
- {
- this.a=new FP(c);
- this.b=new FP(d);
- }
-};
-
-FP2.prototype={
-/* reduce components mod Modulus */
- reduce: function()
- {
- this.a.reduce();
- this.b.reduce();
- },
-/* normalise components of w */
- norm: function()
- {
- this.a.norm();
- this.b.norm();
- },
-/* test this=0 ? */
- iszilch: function()
- {
- this.reduce();
- return (this.a.iszilch() && this.b.iszilch());
- },
-/* test this=1 ? */
- isunity: function()
- {
- var one=new FP(1);
- return (this.a.equals(one) && this.b.iszilch());
- },
-/* conditional copy of g to this depending on d */
- cmove:function(g,d)
- {
- this.a.cmove(g.a,d);
- this.b.cmove(g.b,d);
- },
-
-/* test this=x */
- equals: function(x) {
- return (this.a.equals(x.a) && this.b.equals(x.b));
- },
-/* extract a */
- getA: function()
- {
- return this.a.redc();
- },
-/* extract b */
- getB: function()
- {
- return this.b.redc();
- },
-
-/* set from pair of FPs */
- set: function(c,d)
- {
- this.a.copy(c);
- this.b.copy(d);
- },
-/* set a */
- seta: function(c)
- {
- this.a.copy(c);
- this.b.zero();
- },
-
-/* set from two BIGs */
- bset: function(c,d)
- {
- this.a.bcopy(c);
- this.b.bcopy(d);
- },
-
-/* set from one BIG */
- bseta: function(c)
- {
- this.a.bcopy(c);
- this.b.zero();
- },
-/* copy this=x */
- copy: function(x)
- {
- this.a.copy(x.a);
- this.b.copy(x.b);
- },
-/* set this=0 */
- zero: function()
- {
- this.a.zero();
- this.b.zero();
- },
-/* set this=1 */
- one: function()
- {
- this.a.one();
- this.b.zero();
- },
-/* negate this */
- neg: function()
- {
- this.norm();
- var m=new FP(this.a);
- var t=new FP(0);
-
- m.add(this.b);
- m.neg();
- m.norm();
- t.copy(m); t.add(this.b);
- this.b.copy(m);
- this.b.add(this.a);
- this.a.copy(t);
- //this.norm();
- },
-/* conjugate this */
- conj: function()
- {
- this.b.neg();
- },
-/* this+=a */
- add: function(x)
- {
- this.a.add(x.a);
- this.b.add(x.b);
- },
-/* this-=x */
- sub: function(x)
- {
- var m=new FP2(x); //var m=new FP2(0); m.copy(x);
- m.neg();
- this.add(m);
- },
-/* this*=s, where s is FP */
- pmul: function(s)
- {
- this.a.mul(s);
- this.b.mul(s);
- },
-/* this*=c, where s is int */
- imul: function(c)
- {
- this.a.imul(c);
- this.b.imul(c);
- },
-/* this*=this */
- sqr: function()
- {
- this.norm();
-
- var w1=new FP(this.a);
- var w3=new FP(this.a);
- var mb=new FP(this.b);
-
- w3.mul(this.b);
- w1.add(this.b);
- mb.neg();
- this.a.add(mb);
- this.a.mul(w1);
- this.b.copy(w3); this.b.add(w3);
- this.norm();
- },
-/* this*=y */
- mul: function(y)
- {
- this.norm(); // This is needed here as {a,b} is not normed before additions
-
- var w1=new FP(this.a);
- var w2=new FP(this.b);
- var w5=new FP(this.a);
- var mw=new FP(0);
-
- w1.mul(y.a); // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b); // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(this.b); // w5=a+b
- this.b.copy(y.a); this.b.add(y.b); // b=y.a+y.b
-
- this.b.mul(w5);
- mw.copy(w1); mw.add(w2); mw.neg();
-
- this.b.add(mw); mw.add(w1);
- this.a.copy(w1); this.a.add(mw);
-
- this.norm();
- },
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
- sqrt: function()
- {
- if (this.iszilch()) return true;
- var w1=new FP(this.b);
- var w2=new FP(this.a);
-
- w1.sqr(); w2.sqr(); w1.add(w2);
- if (w1.jacobi()!=1) { this.zero(); return false; }
- w1=w1.sqrt();
- w2.copy(this.a); w2.add(w1); w2.div2();
- if (w2.jacobi()!=1)
- {
- w2.copy(this.a); w2.sub(w1); w2.div2();
- if (w2.jacobi()!=1) { this.zero(); return false; }
- }
- w2=w2.sqrt();
- this.a.copy(w2);
- w2.add(w2);
- w2.inverse();
- this.b.mul(w2);
- return true;
- },
-
-/* convert this to hex string */
- toString: function()
- {
- return ("["+this.a.toString()+","+this.b.toString()+"]");
- },
-/* this=1/this */
- inverse: function()
- {
- this.norm();
- var w1=new FP(this.a);
- var w2=new FP(this.b);
- w1.sqr();
- w2.sqr();
- w1.add(w2);
- w1.inverse();
- this.a.mul(w1);
- w1.neg();
- this.b.mul(w1);
- },
-/* this/=2 */
- div2: function()
- {
- this.a.div2();
- this.b.div2();
- },
-/* this*=sqrt(-1) */
- times_i: function()
- {
- var z=new FP(this.a); //z.copy(this.a);
- this.a.copy(this.b); this.a.neg();
- this.b.copy(z);
- },
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- mul_ip: function()
- {
- this.norm();
- var t=new FP2(this);// t.copy(this);
- var z=new FP(this.a); //z.copy(this.a);
- this.a.copy(this.b);
- this.a.neg();
- this.b.copy(z);
- this.add(t);
- this.norm();
- },
-
-/* w/=(1+sqrt(-1)) */
- div_ip: function()
- {
- var t=new FP2(0);
- this.norm();
- t.a.copy(this.a); t.a.add(this.b);
- t.b.copy(this.b); t.b.sub(this.a);
- this.copy(t);
- this.div2();
- },
-/* this=this^e */
- pow: function(e)
- {
- var bt;
- var r=new FP2(1);
- this.norm();
- var x=new FP2(this); //x.copy(this);
- e.norm();
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(x);
- if (e.iszilch()) break;
- x.sqr();
- }
-
- r.reduce();
- return r;
- }
-
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/FP4.js
----------------------------------------------------------------------
diff --git a/js/FP4.js b/js/FP4.js
deleted file mode 100755
index 35dddfa..0000000
--- a/js/FP4.js
+++ /dev/null
@@ -1,501 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-/* general purpose constructor */
-var FP4=function(c,d)
-{
- if (c instanceof FP4)
- {
- this.a=new FP2(c.a);
- this.b=new FP2(c.b);
- }
- else
- {
- this.a=new FP2(c);
- this.b=new FP2(d);
- }
-};
-
-FP4.prototype={
-/* reduce all components of this mod Modulus */
- reduce: function()
- {
- this.a.reduce();
- this.b.reduce();
- },
-/* normalise all components of this mod Modulus */
- norm: function()
- {
- this.a.norm();
- this.b.norm();
- },
-/* test this==0 ? */
- iszilch: function()
- {
- this.reduce();
- return (this.a.iszilch() && this.b.iszilch());
- },
-/* test this==1 ? */
- isunity: function()
- {
- var one=new FP2(1);
- return (this.a.equals(one) && this.b.iszilch());
- },
-/* test is w real? That is in a+ib test b is zero */
- isreal: function()
- {
- return this.b.iszilch();
- },
-/* extract real part a */
- real: function()
- {
- return this.a;
- },
-
- geta: function()
- {
- return this.a;
- },
-/* extract imaginary part b */
- getb: function()
- {
- return this.b;
- },
-/* test this=x? */
- equals: function(x)
- {
- return (this.a.equals(x.a) && this.b.equals(x.b));
- },
-/* copy this=x */
- copy: function(x)
- {
- this.a.copy(x.a);
- this.b.copy(x.b);
- },
-/* this=0 */
- zero: function()
- {
- this.a.zero();
- this.b.zero();
- },
-/* this=1 */
- one: function()
- {
- this.a.one();
- this.b.zero();
- },
-
-/* set from two FP2s */
- set: function(c,d)
- {
- this.a.copy(c);
- this.b.copy(d);
- },
-/* set a */
- seta: function(c)
- {
- this.a.copy(c);
- this.b.zero();
- },
-/* this=-this */
- neg: function()
- {
- var m=new FP2(this.a); //m.copy(this.a);
- var t=new FP2(0);
- m.add(this.b);
- m.neg();
- m.norm();
- t.copy(m); t.add(this.b);
- this.b.copy(m);
- this.b.add(this.a);
- this.a.copy(t);
- },
-/* this=conjugate(this) */
- conj: function()
- {
- this.b.neg(); this.b.norm();
- },
-/* this=-conjugate(this) */
- nconj: function()
- {
- this.a.neg(); this.a.norm();
- },
-/* this+=x */
- add: function(x)
- {
- this.a.add(x.a);
- this.b.add(x.b);
- },
-/* this-=x */
- sub: function(x)
- {
- var m=new FP4(x); // m.copy(x);
- m.neg();
- this.add(m);
- },
-/* this*=s where s is FP2 */
- pmul: function(s)
- {
- this.a.mul(s);
- this.b.mul(s);
- },
-/* this*=c where s is int */
- imul: function(c)
- {
- this.a.imul(c);
- this.b.imul(c);
- },
-/* this*=this */
- sqr: function()
- {
- this.norm();
-
- var t1=new FP2(this.a); //t1.copy(this.a);
- var t2=new FP2(this.b); //t2.copy(this.b);
- var t3=new FP2(this.a); //t3.copy(this.a);
-
- t3.mul(this.b);
- t1.add(this.b);
- t2.mul_ip();
-
- t2.add(this.a);
- this.a.copy(t1);
-
- this.a.mul(t2);
-
- t2.copy(t3);
- t2.mul_ip();
- t2.add(t3);
-
- t2.neg();
-
- this.a.add(t2);
-
- this.b.copy(t3);
- this.b.add(t3);
-
- this.norm();
- },
-/* this*=y */
- mul: function(y)
- {
- this.norm();
-
- var t1=new FP2(this.a); //t1.copy(this.a);
- var t2=new FP2(this.b); //t2.copy(this.b);
- var t3=new FP2(0);
- var t4=new FP2(this.b); //t4.copy(this.b);
-
- t1.mul(y.a);
- t2.mul(y.b);
- t3.copy(y.b);
- t3.add(y.a);
- t4.add(this.a);
-
- t4.mul(t3);
- t4.sub(t1);
-
- this.b.copy(t4);
- this.b.sub(t2);
- t2.mul_ip();
- this.a.copy(t2);
- this.a.add(t1);
-
- this.norm();
- },
-/* convert to hex string */
- toString: function()
- {
- return ("["+this.a.toString()+","+this.b.toString()+"]");
- },
-/* this=1/this */
- inverse: function()
- {
- this.norm();
-
- var t1=new FP2(this.a); //t1.copy(this.a);
- var t2=new FP2(this.b);// t2.copy(this.b);
-
- t1.sqr();
- t2.sqr();
- t2.mul_ip();
- t1.sub(t2);
- t1.inverse();
- this.a.mul(t1);
- t1.neg();
- this.b.mul(t1);
- },
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
- times_i: function()
- {
- var s=new FP2(this.b); //s.copy(this.b);
- var t=new FP2(this.b); //t.copy(this.b);
- s.times_i();
- t.add(s);
- this.b.copy(this.a);
- this.a.copy(t);
- },
-
-/* this=this^q using Frobenius, where q is Modulus */
- frob: function(f)
- {
- this.a.conj();
- this.b.conj();
- this.b.mul(f);
- },
-
-/* this=this^e */
- pow: function(e)
- {
- this.norm();
- e.norm();
- var w=new FP4(this); //w.copy(this);
- var z=new BIG(e); //z.copy(e);
- var r=new FP4(1);
- while (true)
- {
- var bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.sqr();
- }
- r.reduce();
- return r;
- },
-
-/* XTR xtr_a function */
- xtr_A: function(w,y,z)
- {
- var r=new FP4(w); //r.copy(w);
- var t=new FP4(w); //t.copy(w);
- r.sub(y);
- r.pmul(this.a);
- t.add(y);
- t.pmul(this.b);
- t.times_i();
-
- this.copy(r);
- this.add(t);
- this.add(z);
-
- this.norm();
- },
-/* XTR xtr_d function */
- xtr_D: function()
- {
- var w=new FP4(this); //w.copy(this);
- this.sqr(); w.conj();
- w.add(w);
- this.sub(w);
- this.reduce();
- },
-/* r=x^n using XTR method on traces of FP12s */
- xtr_pow: function(n)
- {
- var a=new FP4(3);
- var b=new FP4(this);
- var c=new FP4(b);
- c.xtr_D();
- var t=new FP4(0);
- var r=new FP4(0);
-
- n.norm();
- var par=n.parity();
- var v=new BIG(n); v.fshr(1);
- if (par===0) {v.dec(1); v.norm();}
-
- var nb=v.nbits();
- for (var i=nb-1;i>=0;i--)
- {
- if (v.bit(i)!=1)
- {
- t.copy(b);
- this.conj();
- c.conj();
- b.xtr_A(a,this,c);
- this.conj();
- c.copy(t);
- c.xtr_D();
- a.xtr_D();
- }
- else
- {
- t.copy(a); t.conj();
- a.copy(b);
- a.xtr_D();
- b.xtr_A(c,this,t);
- c.xtr_D();
- }
- }
- if (par===0) r.copy(c);
- else r.copy(b);
- r.reduce();
- return r;
- },
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- xtr_pow2: function(ck,ckml,ckm2l,a,b)
- {
- a.norm(); b.norm();
- var e=new BIG(a); //e.copy(a);
- var d=new BIG(b); //d.copy(b);
- var w=new BIG(0);
-
- var cu=new FP4(ck); //cu.copy(ck); // can probably be passed in w/o copying
- var cv=new FP4(this); //cv.copy(this);
- var cumv=new FP4(ckml); //cumv.copy(ckml);
- var cum2v=new FP4(ckm2l); //cum2v.copy(ckm2l);
- var r=new FP4(0);
- var t=new FP4(0);
-
- var f2=0;
- while (d.parity()===0 && e.parity()===0)
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e)!==0)
- {
- if (BIG.comp(d,e)>0)
- {
- w.copy(e); w.imul(4); w.norm();
- if (BIG.comp(d,w)<=0)
- {
- w.copy(d); d.copy(e);
- e.rsub(w); e.norm();
-
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cum2v.conj();
- cumv.copy(cv);
- cv.copy(cu);
- cu.copy(t);
-
- }
- else if (d.parity()===0)
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- else if (e.parity()==1)
- {
- d.sub(e); d.norm();
- d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cu.xtr_D();
- cum2v.copy(cv);
- cum2v.xtr_D();
- cum2v.conj();
- cv.copy(t);
- }
- else
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- }
- if (BIG.comp(d,e)<0)
- {
- w.copy(d); w.imul(4); w.norm();
- if (BIG.comp(e,w)<=0)
- {
- e.sub(d); e.norm();
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cumv.copy(cu);
- cu.copy(t);
- }
- else if (e.parity()===0)
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- else if (d.parity()==1)
- {
- w.copy(e);
- e.copy(d);
- w.sub(d); w.norm();
- d.copy(w); d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cumv.conj();
- cum2v.copy(cu);
- cum2v.xtr_D();
- cum2v.conj();
- cu.copy(cv);
- cu.xtr_D();
- cv.copy(t);
- }
- else
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- }
- }
- r.copy(cv);
- r.xtr_A(cu,cumv,cum2v);
- for (var i=0;i<f2;i++)
- r.xtr_D();
- r=r.xtr_pow(d);
- return r;
- }
-
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/GCM.js
----------------------------------------------------------------------
diff --git a/js/GCM.js b/js/GCM.js
deleted file mode 100755
index f0fdfc5..0000000
--- a/js/GCM.js
+++ /dev/null
@@ -1,304 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-
-var GCM = function() {
- this.table=new Array(128);
- for (var i=0;i<128;i++)
- this.table[i]=new Array(4); /* 2k bytes */
- this.stateX=[];
- this.Y_0=[];
- this.counter=0;
- this.lenA=[];
- this.lenC=[];
- this.status=0;
- this.a=new AES();
-};
-
-GCM.prototype={
-
- precompute: function(H)
- {
- var i,j,c;
- var b=[];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- this.table[0][i]=GCM.pack(b);
- }
- for (i=1;i<128;i++)
- {
- c=0;
- for (j=0;j<4;j++)
- {
- this.table[i][j]=c|(this.table[i-1][j])>>>1;
- c=this.table[i-1][j]<<31;
- }
- if (c!==0) this.table[i][0]^=0xE1000000; /* irreducible polynomial */
- }
- },
-
- gf2mul: function()
- { /* gf2m mul - Z=H*X mod 2^128 */
- var i,j,m,k;
- var P=[];
- var c;
- var b=[];
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8; m=0;
- for (i=0;i<128;i++)
- {
- c=(this.stateX[m]>>>(--j))&1;
- if (c!==0) for (k=0;k<4;k++) P[k]^=this.table[i][k];
- if (j===0)
- {
- j=8; m++;
- if (m==16) break;
- }
- }
- for (i=j=0;i<4;i++,j+=4)
- {
- b=GCM.unpack(P[i]);
- this.stateX[j]=b[0]; this.stateX[j+1]=b[1]; this.stateX[j+2]=b[2]; this.stateX[j+3]=b[3];
- }
- },
-
- wrap: function()
- { /* Finish off GHASH */
- var i,j;
- var F=[];
- var L=[];
- var b=[];
-
-/* convert lengths from bytes to bits */
- F[0]=(this.lenA[0]<<3)|(this.lenA[1]&0xE0000000)>>>29;
- F[1]=this.lenA[1]<<3;
- F[2]=(this.lenC[0]<<3)|(this.lenC[1]&0xE0000000)>>>29;
- F[3]=this.lenC[1]<<3;
- for (i=j=0;i<4;i++,j+=4)
- {
- b=GCM.unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3];
- }
- for (i=0;i<16;i++) this.stateX[i]^=L[i];
- this.gf2mul();
- },
-
-/* Initialize GCM mode */
- init: function(key,niv,iv)
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- var i;
- var H=[];
- var b=[];
-
- for (i=0;i<16;i++) {H[i]=0; this.stateX[i]=0;}
-
- this.a.init(ROM.ECB,key,iv);
- this.a.ecb_encrypt(H); /* E(K,0) */
- this.precompute(H);
-
- this.lenA[0]=this.lenC[0]=this.lenA[1]=this.lenC[1]=0;
- if (niv==12)
- {
- for (i=0;i<12;i++) this.a.f[i]=iv[i];
- b=GCM.unpack(1);
- this.a.f[12]=b[0]; this.a.f[13]=b[1]; this.a.f[14]=b[2]; this.a.f[15]=b[3]; /* initialise IV */
- for (i=0;i<16;i++) this.Y_0[i]=this.a.f[i];
- }
- else
- {
- this.status=ROM.GCM_ACCEPTING_CIPHER;
- this.ghash(iv,niv); /* GHASH(H,0,IV) */
- this.wrap();
- for (i=0;i<16;i++) {this.a.f[i]=this.stateX[i];this.Y_0[i]=this.a.f[i];this.stateX[i]=0;}
- this.lenA[0]=this.lenC[0]=this.lenA[1]=this.lenC[1]=0;
- }
- this.status=ROM.GCM_ACCEPTING_HEADER;
- },
-
-/* Add Header data - included but not encrypted */
- add_header: function(header,len)
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- var i,j=0;
- if (this.status!=ROM.GCM_ACCEPTING_HEADER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- this.stateX[i]^=header[j++];
- this.lenA[1]++; this.lenA[1]|=0; if (this.lenA[1]===0) this.lenA[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_ACCEPTING_CIPHER;
- return true;
- },
-
- ghash: function(plain,len)
- {
- var i,j=0;
-
- if (this.status==ROM.GCM_ACCEPTING_HEADER) this.status=ROM.GCM_ACCEPTING_CIPHER;
- if (this.status!=ROM.GCM_ACCEPTING_CIPHER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- this.stateX[i]^=plain[j++];
- this.lenC[1]++; this.lenC[1]|=0; if (this.lenC[1]===0) this.lenC[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_NOT_ACCEPTING_MORE;
- return true;
- },
-
-/* Add Plaintext - included and encrypted */
- add_plain: function(plain,len)
- {
- var i,j=0;
- var B=[];
- var b=[];
- var cipher=[];
-
- if (this.status==ROM.GCM_ACCEPTING_HEADER) this.status=ROM.GCM_ACCEPTING_CIPHER;
- if (this.status!=ROM.GCM_ACCEPTING_CIPHER) return cipher;
-
- while (j<len)
- {
-
- b[0]=this.a.f[12]; b[1]=this.a.f[13]; b[2]=this.a.f[14]; b[3]=this.a.f[15];
- this.counter=GCM.pack(b);
- this.counter++;
- b=GCM.unpack(this.counter);
- this.a.f[12]=b[0]; this.a.f[13]=b[1]; this.a.f[14]=b[2]; this.a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=this.a.f[i];
- this.a.ecb_encrypt(B); /* encrypt it */
-
- for (i=0;i<16 && j<len;i++)
- {
- cipher[j]=(plain[j]^B[i]);
- this.stateX[i]^=cipher[j++];
- this.lenC[1]++; this.lenC[1]|=0; if (this.lenC[1]===0) this.lenC[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_NOT_ACCEPTING_MORE;
- return cipher;
- },
-
-/* Add Ciphertext - decrypts to plaintext */
- add_cipher: function(cipher,len)
- {
- var i,j=0;
- var B=[];
- var b=[];
- var plain=[];
-
- if (this.status==ROM.GCM_ACCEPTING_HEADER) this.status=ROM.GCM_ACCEPTING_CIPHER;
- if (this.status!=ROM.GCM_ACCEPTING_CIPHER) return plain;
-
- while (j<len)
- {
- b[0]=this.a.f[12]; b[1]=this.a.f[13]; b[2]=this.a.f[14]; b[3]=this.a.f[15];
- this.counter=GCM.pack(b);
- this.counter++;
- b=GCM.unpack(this.counter);
- this.a.f[12]=b[0]; this.a.f[13]=b[1]; this.a.f[14]=b[2]; this.a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=this.a.f[i];
- this.a.ecb_encrypt(B); /* encrypt it */
- for (i=0;i<16 && j<len;i++)
- {
- plain[j]=(cipher[j]^B[i]);
- this.stateX[i]^=cipher[j++];
- this.lenC[1]++; this.lenC[1]|=0; if (this.lenC[1]===0) this.lenC[0]++;
- }
- this.gf2mul();
- }
- if (len%16!==0) this.status=ROM.GCM_NOT_ACCEPTING_MORE;
- return plain;
- },
-
-/* Finish and extract Tag */
- finish: function(extract)
- { /* Finish off GHASH and extract tag (MAC) */
- var i;
- var tag=[];
-
- this.wrap();
-/* extract tag */
- if (extract)
- {
- this.a.ecb_encrypt(this.Y_0); /* E(K,Y0) */
- for (i=0;i<16;i++) this.Y_0[i]^=this.stateX[i];
- for (i=0;i<16;i++) {tag[i]=this.Y_0[i];this.Y_0[i]=this.stateX[i]=0;}
- }
- this.status=ROM.GCM_FINISHED;
- this.a.end();
- return tag;
- }
-
-};
-
-GCM.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[0])&0xff)<<24)|((b[1]&0xff)<<16)|((b[2]&0xff)<<8)|(b[3]&0xff);
-};
-
-GCM.unpack=function(a)
-{ /* unpack bytes from a word */
- var b=[];
- b[3]=(a&0xff);
- b[2]=((a>>>8)&0xff);
- b[1]=((a>>>16)&0xff);
- b[0]=((a>>>24)&0xff);
- return b;
-};
-
-GCM.hex2bytes=function(s)
-{
- var len = s.length;
- var data = [];
- for (var i = 0; i < len; i += 2)
- data[i / 2] = parseInt(s.substr(i,2),16);
-
- return data;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/HASH.js
----------------------------------------------------------------------
diff --git a/js/HASH.js b/js/HASH.js
deleted file mode 100755
index a5a82f8..0000000
--- a/js/HASH.js
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-var HASH = function() {
- this.length=[];
- this.h=[];
- this.w=[];
- this.init();
-};
-
-HASH.prototype={
-
- len: 32,
- /* functions */
- S: function(n,x)
- {
- return (((x)>>>n) | ((x)<<(32-n)));
- },
-
- R: function(n,x)
- {
- return ((x)>>>n);
- },
-
- Ch: function(x,y,z)
- {
- return ((x&y)^(~(x)&z));
- },
-
- Maj: function(x,y,z)
- {
- return ((x&y)^(x&z)^(y&z));
- },
-
- Sig0: function(x)
- {
- return (this.S(2,x)^this.S(13,x)^this.S(22,x));
- },
-
- Sig1: function(x)
- {
- return (this.S(6,x)^this.S(11,x)^this.S(25,x));
- },
-
- theta0: function(x)
- {
- return (this.S(7,x)^this.S(18,x)^this.R(3,x));
- },
-
- theta1: function(x)
- {
- return (this.S(17,x)^this.S(19,x)^this.R(10,x));
- },
-
- transform: function()
- { /* basic transformation step */
- var a,b,c,d,e,f,g,hh,t1,t2;
- var j;
- for (j=16;j<64;j++)
- this.w[j]=(this.theta1(this.w[j-2])+this.w[j-7]+this.theta0(this.w[j-15])+this.w[j-16])|0;
-
- a=this.h[0]; b=this.h[1]; c=this.h[2]; d=this.h[3];
- e=this.h[4]; f=this.h[5]; g=this.h[6]; hh=this.h[7];
-
- for (j=0;j<64;j++)
- { /* 64 times - mush it up */
- t1=(hh+this.Sig1(e)+this.Ch(e,f,g)+ROM.HK[j]+this.w[j])|0;
- t2=(this.Sig0(a)+this.Maj(a,b,c))|0;
- hh=g; g=f; f=e;
- e=(d+t1)|0; // Need to knock these back down to prevent 52-bit overflow
- d=c;
- c=b;
- b=a;
- a=(t1+t2)|0;
-
- }
- this.h[0]+=a; this.h[1]+=b; this.h[2]+=c; this.h[3]+=d;
- this.h[4]+=e; this.h[5]+=f; this.h[6]+=g; this.h[7]+=hh;
-
- this.h[0]|=0;
- this.h[1]|=0;
- this.h[2]|=0;
- this.h[3]|=0;
- this.h[4]|=0;
- this.h[5]|=0;
- this.h[6]|=0;
- this.h[7]|=0;
- },
-
-/* Initialise Hash function */
- init: function()
- { /* initialise */
- var i;
- for (i=0;i<64;i++) this.w[i]=0;
- this.length[0]=this.length[1]=0;
- this.h[0]=ROM.H0;
- this.h[1]=ROM.H1;
- this.h[2]=ROM.H2;
- this.h[3]=ROM.H3;
- this.h[4]=ROM.H4;
- this.h[5]=ROM.H5;
- this.h[6]=ROM.H6;
- this.h[7]=ROM.H7;
- },
-
-/* process a single byte */
- process: function(byt)
- { /* process the next message byte */
- var cnt;
-
- cnt=(this.length[0]>>>5)%16;
- this.w[cnt]<<=8;
- this.w[cnt]|=(byt&0xFF);
- this.length[0]+=8;
- if ((this.length[0]&0xffffffff)===0) { this.length[1]++; this.length[0]=0; }
- if ((this.length[0]%512)===0) this.transform();
- },
-
-/* process an array of bytes */
- process_array: function(b)
- {
- for (var i=0;i<b.length;i++) this.process(b[i]);
- },
-
-/* process a 32-bit integer */
- process_num: function(n)
- {
- this.process((n>>24)&0xff);
- this.process((n>>16)&0xff);
- this.process((n>>8)&0xff);
- this.process(n&0xff);
- },
-
- hash: function()
- { /* pad message and finish - supply digest */
- var i;
- var digest=[];
- var len0,len1;
- len0=this.length[0];
- len1=this.length[1];
- this.process(0x80);
- while ((this.length[0]%512)!=448) this.process(0);
-
- this.w[14]=len1;
- this.w[15]=len0;
- this.transform();
-
- for (i=0;i<32;i++)
- { /* convert to bytes */
- digest[i]=((this.h[i>>>2]>>(8*(3-i%4))) & 0xff);
- }
- this.init();
- return digest;
- }
-
-};
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/MPIN.js
----------------------------------------------------------------------
diff --git a/js/MPIN.js b/js/MPIN.js
deleted file mode 100755
index 837b4fd..0000000
--- a/js/MPIN.js
+++ /dev/null
@@ -1,800 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-var MPIN = {
- BAD_PARAMS:-11,
- INVALID_POINT:-14,
- WRONG_ORDER:-18,
- BAD_PIN:-19,
-/* configure PIN here */
- MAXPIN:10000, /* max PIN */
- PBLEN:14, /* MAXPIN length in bits */
- TS:10, /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- TRAP:200, /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
- EFS:ROM.MODBYTES,
- EGS:ROM.MODBYTES,
- PAS:16,
-
-/* return time in slots since epoch */
- today: function() {
- var now=new Date();
- return Math.floor(now.getTime()/(60000*1440)); // for daily tokens
- },
-
- bytestostring: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
- comparebytes: function(a,b)
- {
- if (a.length!=b.length) return false;
- for (var i=0;i<a.length;i++)
- {
- if (a[i]!=b[i]) return false;
- }
- return true;
- },
-
-
-/* Hash number (optional) and string to point on curve */
-
- hashit: function(n,ID)
- {
- var H=new HASH();
- if (n!==0) H.process_num(n);
- H.process_array(ID);
- return H.hash();
- },
-
- mapit: function(h)
- {
- var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x=BIG.fromBytes(h);
- x.mod(q);
- var P=new ECP();
- while (true)
- {
- P.setxi(x,0);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- },
-
-/* needed for SOK */
- mapit2: function(h)
- {
- var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x=BIG.fromBytes(h);
- var one=new BIG(1);
- x.mod(q);
- var Q,T,K,X;
- while (true)
- {
- X=new FP2(one,x);
- Q=new ECP2(); Q.setx(X);
- if (!Q.is_infinity()) break;
- x.inc(1); x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
-
- var Fa=new BIG(0); Fa.rcopy(ROM.CURVE_Fra);
- var Fb=new BIG(0); Fb.rcopy(ROM.CURVE_Frb);
- X=new FP2(Fa,Fb);
- x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- T=new ECP2(); T.copy(Q);
- T.mul(x); T.neg();
- K=new ECP2(); K.copy(T);
- K.dbl(); K.add(T); K.affine();
-
- K.frob(X);
- Q.frob(X); Q.frob(X); Q.frob(X);
- Q.add(T); Q.add(K);
- T.frob(X); T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
-
- },
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- map: function(u,cb)
- {
- var P=new ECP();
- var x=new BIG(u);
- var p=new BIG(0); p.rcopy(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P.setxi(x,cb);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- },
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- unmap: function(u,P)
- {
- var s=P.getS();
- var R=new ECP();
- var r=0;
- var x=P.getX();
- u.copy(x);
- while (true)
- {
- u.dec(1); u.norm();
- r++;
- R.setxi(u,s); //=new ECP(u,s);
- if (!R.is_infinity()) break;
- }
- return r;
- },
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- ENCODING: function(rng,E)
- {
- var i,rn,m,su,sv;
- var T=[];
-
- for (i=0;i<this.EFS;i++) T[i]=E[i+1];
- var u=BIG.fromBytes(T);
- for (i=0;i<this.EFS;i++) T[i]=E[i+this.EFS+1];
- var v=BIG.fromBytes(T);
-
- var P=new ECP(0); P.setxy(u,v);
- if (P.is_infinity()) return this.INVALID_POINT;
-
- var p=new BIG(0); p.rcopy(ROM.Modulus);
- u=BIG.randomnum(p,rng);
-
- su=rng.getByte(); if (su<0) su=-su; su%=2;
-
- var W=this.map(u,su);
- P.sub(W);
- sv=P.getS();
- rn=this.unmap(v,P);
- m=rng.getByte(); if (m<0) m=-m; m%=rn;
- v.inc(m+1);
- E[0]=(su+2*sv);
- u.toBytes(T);
- for (i=0;i<this.EFS;i++) E[i+1]=T[i];
- v.toBytes(T);
- for (i=0;i<this.EFS;i++) E[i+this.EFS+1]=T[i];
-
- return 0;
- },
-
- DECODING: function(D)
- {
- var i,su,sv;
- var T=[];
-
- if ((D[0]&0x04)!==0) return this.INVALID_POINT;
-
- for (i=0;i<this.EFS;i++) T[i]=D[i+1];
- var u=BIG.fromBytes(T);
- for (i=0;i<this.EFS;i++) T[i]=D[i+this.EFS+1];
- var v=BIG.fromBytes(T);
-
- su=D[0]&1;
- sv=(D[0]>>1)&1;
- var W=this.map(u,su);
- var P=this.map(v,sv);
- P.add(W);
- u=P.getX();
- v=P.getY();
- D[0]=0x04;
- u.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i+1]=T[i];
- v.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i+this.EFS+1]=T[i];
-
- return 0;
- },
-
-/* R=R1+R2 in group G1 */
- RECOMBINE_G1: function(R1,R2,R)
- {
- var P=ECP.fromBytes(R1);
- var Q=ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- },
-
-/* W=W1+W2 in group G2 */
- RECOMBINE_G2: function(W1,W2,W)
- {
- var P=ECP2.fromBytes(W1);
- var Q=ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- },
-
- HASH_ID: function(ID)
- {
- return this.hashit(0,ID);
- },
-
-/* create random secret S */
- RANDOM_GENERATE: function(rng,S)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var s=BIG.randomnum(r,rng);
-
- s.toBytes(S);
- return 0;
- },
-
-/* Extract PIN from TOKEN for identity CID */
- EXTRACT_PIN: function(CID,pin,TOKEN)
- {
- var P=ECP.fromBytes(TOKEN);
- if (P.is_infinity()) return this.INVALID_POINT;
- var h=this.hashit(0,CID);
- var R=this.mapit(h);
-
- pin%=this.MAXPIN;
-
- R=R.pinmul(pin,this.PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- },
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- GET_SERVER_SECRET: function(S,SST)
- {
-
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var s=BIG.fromBytes(S);
- Q=PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- },
-
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- GET_G1_MULTIPLE: function(rng,type,X,G,W)
- {
- var x;
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P;
- if (type==0)
- {
- P=ECP.fromBytes(G);
- if (P.is_infinity()) return INVALID_POINT;
- }
- else
- P=this.mapit(G);
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- },
-
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
- GET_CLIENT_SECRET: function(S,CID,CST)
- {
- return this.GET_G1_MULTIPLE(null,1,S,CID,CST);
- },
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- GET_CLIENT_PERMIT: function(date,S,CID,CTT)
- {
- var h=this.hashit(date,CID);
- var P=this.mapit(h);
-
- var s=BIG.fromBytes(S);
- P=PAIR.G1mul(P,s);
- P.toBytes(CTT);
- return 0;
- },
-
-/* Implement step 1 on client side of MPin protocol */
- CLIENT_1: function(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- // var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x;
- if (rng!==null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P,T,W;
-
- var h=this.hashit(0,CLIENT_ID);
- P=this.mapit(h);
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return this.INVALID_POINT;
-
- pin%=this.MAXPIN;
- W=P.pinmul(pin,this.PBLEN);
- T.add(W);
-
- if (date!=0)
- {
- W=ECP.fromBytes(PERMIT);
- if (W.is_infinity()) return this.INVALID_POINT;
- T.add(W);
- h=this.hashit(date,h);
- W=this.mapit(h);
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- W=PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if (xCID!=null) P.toBytes(xCID);
- }
- else
- {
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
- T.toBytes(SEC);
- return 0;
- },
-
-/* Implement step 2 on client side of MPin protocol */
- CLIENT_2: function(X,Y,SEC)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var P=ECP.fromBytes(SEC);
- if (P.is_infinity()) return this.INVALID_POINT;
-
- var px=BIG.fromBytes(X);
- var py=BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- px.rsub(r);
-
- PAIR.G1mul(P,px).toBytes(SEC);
- return 0;
- },
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- SERVER_1: function(date,CID,HID,HTID)
- {
- var h=this.hashit(0,CID);
- var R,P=this.mapit(h);
-
- if (date!==0)
- {
- if (HID!=null) P.toBytes(HID);
- h=this.hashit(date,h);
- R=this.mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- else P.toBytes(HID);
- },
-
-/* Implement step 1 of MPin protocol on server side */
- SERVER_2: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F)
- {
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return this.INVALID_POINT;
-
- var R;
- if (date!==0)
- R=ECP.fromBytes(xCID);
- else
- {
- if (xID==null) return this.BAD_PARAMS;
- R=ECP.fromBytes(xID);
- }
- if (R.is_infinity()) return this.INVALID_POINT;
-
- var y=BIG.fromBytes(Y);
- var P;
-
- if (date!=0) P=ECP.fromBytes(HTID);
- else
- {
- if (HID==null) return this.BAD_PARAMS;
- P=ECP.fromBytes(HID);
- }
- if (P.is_infinity()) return this.INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- R=ECP.fromBytes(mSEC);
- if (R.is_infinity()) return this.INVALID_POINT;
-
- var g=PAIR.ate2(Q,R,sQ,P);
- g=PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID!=null && xID!=null && E!=null && F!=null)
- {
- g.toBytes(E);
- if (date!==0)
- {
- P=ECP.fromBytes(HID);
- if (P.is_infinity()) return this.INVALID_POINT;
- R=ECP.fromBytes(xID);
- if (R.is_infinity()) return this.INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
-
- g.toBytes(F);
- }
- return this.BAD_PIN;
- }
- return 0;
- },
-
-/* Pollards kangaroos used to return PIN error */
- KANGAROO: function(E,F)
- {
- var ge=FP12.fromBytes(E);
- var gf=FP12.fromBytes(F);
- var distance = [];
- var t=new FP12(gf);
- var table=[];
- var i,j,m,s,dn,dm,res,steps;
-
- s=1;
- for (m=0;m<this.TS;m++)
- {
- distance[m]=s;
- table[m]=new FP12(t);
- s*=2;
- t.usqr();
- }
- t.one();
- dn=0;
- for (j=0;j<this.TRAP;j++)
- {
- i=t.geta().geta().getA().lastbits(8)%this.TS;
- t.mul(table[i]);
- dn+=distance[i];
- }
- gf.copy(t); gf.conj();
- steps=0; dm=0;
- res=0;
- while (dm-dn<this.MAXPIN)
- {
- steps++;
- if (steps>4*this.TRAP) break;
- i=ge.geta().geta().getA().lastbits(8)%this.TS;
- ge.mul(table[i]);
- dm+=distance[i];
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm;
- break;
- }
-
- }
- if (steps>4*this.TRAP || dm-dn>=this.MAXPIN) {res=0; } // Trap Failed - probable invalid token
- return res;
- },
-
- /* return time since epoch */
- GET_TIME: function() {
- var now=new Date();
- return Math.floor(now.getTime()/(1000));
- },
-
- /* y = H(time,xCID) */
- GET_Y: function(TimeValue,xCID,Y)
- {
- var q=new BIG(0);
- q.rcopy(ROM.CURVE_Order);
- var h=this.hashit(TimeValue,xCID);
- var y=BIG.fromBytes(h);
- y.mod(q);
- y.toBytes(Y);
- return 0;
- },
-
- /* One pass MPIN Client */
- CLIENT: function(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT,TimeValue,Y)
- {
-
- var rtn=0;
- var pID;
- if (date == 0) {
- pID = xID;
- } else {
- pID = xCID;
- xID = null;
- }
-
- rtn = this.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- return rtn;
-
- this.GET_Y(TimeValue,pID,Y);
-
- rtn = this.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- return rtn;
-
- return 0;
- },
-
- /* One pass MPIN Server */
- SERVER: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F,CID,TimeValue)
- {
- var rtn=0;
- var pID;
- if (date == 0) {
- pID = xID;
- } else {
- pID = xCID;
- }
-
- this.SERVER_1(date,CID,HID,HTID);
-
- this.GET_Y(TimeValue,pID,Y);
-
- rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
- },
-
-/* Functions to support M-Pin Full */
-
- PRECOMPUTE: function(TOKEN,CID,G1,G2)
- {
- var P,T;
- var g;
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- P=this.mapit(CID);
-
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- g=PAIR.ate(Q,T);
- g=PAIR.fexp(g);
- g.toBytes(G1);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- },
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- CLIENT_KEY: function(G1,G2,pin,R,X,wCID,CK)
- {
- var H=new HASH();
- var t=[];
-
- var g1=FP12.fromBytes(G1);
- var g2=FP12.fromBytes(G2);
- var z=BIG.fromBytes(R);
- var x=BIG.fromBytes(X);
-
- var W=ECP.fromBytes(wCID);
- if (W.is_infinity()) return INVALID_POINT;
-
- W=PAIR.G1mul(W,x);
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var q=new BIG(0); q.rcopy(ROM.Modulus);
-
- var m=new BIG(q);
- m.mod(r);
-
- var a=new BIG(z);
- a.mod(m);
-
- var b=new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,this.PBLEN);
- g1.mul(g2);
-
- var c=g1.trace();
- g2.copy(g1);
- g2.frob(f);
- var cp=g2.trace();
- g1.conj();
- g2.mul(g1);
- var cpm1=g2.trace();
- g2.mul(g1);
- var cpm2=g2.trace();
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- W.getX().toBytes(t);
- H.process_array(t);
- W.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (var i=0;i<this.PAS;i++) CK[i]=t[i];
-
- return 0;
- },
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- SERVER_KEY: function(Z,SST,W,xID,xCID,SK)
- {
- var H=new HASH();
- var t=[];
-
- var sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
- var R=ECP.fromBytes(Z);
- if (R.is_infinity()) return INVALID_POINT;
-
- var U;
- if (xCID!=null)
- U=ECP.fromBytes(xCID);
- else
- U=ECP.fromBytes(xID);
- if (U.is_infinity()) return INVALID_POINT;
-
- var w=BIG.fromBytes(W);
- U=PAIR.G1mul(U,w);
- var g=PAIR.ate(sQ,R);
- g=PAIR.fexp(g);
-
- var c=g.trace();
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- U.getX().toBytes(t);
- H.process_array(t);
- U.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (var i=0;i<this.PAS;i++) SK[i]=t[i];
-
- return 0;
- }
-};
[24/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/MPIN.java
----------------------------------------------------------------------
diff --git a/java64/MPIN.java b/java64/MPIN.java
deleted file mode 100755
index f8dfef0..0000000
--- a/java64/MPIN.java
+++ /dev/null
@@ -1,746 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-import java.util.Date;
-
-public class MPIN
-{
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int PAS=16;
- public static final int BAD_PARAMS=-11;
- public static final int INVALID_POINT=-14;
- public static final int WRONG_ORDER=-18;
- public static final int BAD_PIN=-19;
-
-/* Configure your PIN here */
-
- public static final int MAXPIN=10000; /* PIN less than this */
- public static final int PBLEN=14; /* Number of bits in PIN */
- public static final int TS=10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- public static final int TRAP=200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
-/* Hash number (optional) and string to point on curve */
-
- public static byte[] hashit(int n,byte[] ID)
- {
- HASH H=new HASH();
- if (n!=0) H.process_num(n);
- H.process_array(ID);
- byte[] h=H.hash();
- return h;
- }
-
- public static ECP mapit(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- x.mod(q);
- ECP P;
- while (true)
- {
- P=new ECP(x,0);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- }
-
-/* needed for SOK */
- public static ECP2 mapit2(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- BIG one=new BIG(1);
- FP2 X;
- ECP2 Q,T,K;
- x.mod(q);
- while (true)
- {
- X=new FP2(one,x);
- Q=new ECP2(X);
- if (!Q.is_infinity()) break;
- x.inc(1); x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
- X=new FP2(Fra,Frb);
- x=new BIG(ROM.CURVE_Bnx);
-
- T=new ECP2(); T.copy(Q);
- T.mul(x); T.neg();
- K=new ECP2(); K.copy(T);
- K.dbl(); K.add(T); K.affine();
-
- K.frob(X);
- Q.frob(X); Q.frob(X); Q.frob(X);
- Q.add(T); Q.add(K);
- T.frob(X); T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
- }
-
-/* return time in slots since epoch */
- public static int today() {
- Date date=new Date();
- return (int) (date.getTime()/(1000*60*1440));
- }
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- public static ECP map(BIG u,int cb)
- {
- ECP P;
- BIG x=new BIG(u);
- BIG p=new BIG(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P=new ECP(x,cb);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- }
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- public static int unmap(BIG u,ECP P)
- {
- int s=P.getS();
- ECP R;
- int r=0;
- BIG x=P.getX();
- u.copy(x);
- while (true)
- {
- u.dec(1); u.norm();
- r++;
- R=new ECP(u,s);
- if (!R.is_infinity()) break;
- }
- return r;
- }
-
- public static byte[] HASH_ID(byte[] ID)
- {
- return hashit(0,ID);
- }
-
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- public static int ENCODING(RAND rng,byte[] E)
- {
- int rn,m,su,sv;
- byte[] T=new byte[EFS];
-
- for (int i=0;i<EFS;i++) T[i]=E[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=E[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- ECP P=new ECP(u,v);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG p=new BIG(ROM.Modulus);
- u=BIG.randomnum(p,rng);
-
- su=rng.getByte(); /*if (su<0) su=-su;*/ su%=2;
-
- ECP W=map(u,su);
- P.sub(W);
- sv=P.getS();
- rn=unmap(v,P);
- m=rng.getByte(); /*if (m<0) m=-m;*/ m%=rn;
- v.inc(m+1);
- E[0]=(byte)(su+2*sv);
- u.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+EFS+1]=T[i];
-
- return 0;
- }
-
- public static int DECODING(byte[] D)
- {
- int su,sv;
- byte[] T=new byte[EFS];
-
- if ((D[0]&0x04)!=0) return INVALID_POINT;
-
- for (int i=0;i<EFS;i++) T[i]=D[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=D[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- su=D[0]&1;
- sv=(D[0]>>1)&1;
- ECP W=map(u,su);
- ECP P=map(v,sv);
- P.add(W);
- u=P.getX();
- v=P.getY();
- D[0]=0x04;
- u.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+EFS+1]=T[i];
-
- return 0;
- }
-
-/* R=R1+R2 in group G1 */
- public static int RECOMBINE_G1(byte[] R1,byte[] R2,byte[] R)
- {
- ECP P=ECP.fromBytes(R1);
- ECP Q=ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- }
-
-/* W=W1+W2 in group G2 */
- public static int RECOMBINE_G2(byte[] W1,byte[] W2,byte[] W)
- {
- ECP2 P=ECP2.fromBytes(W1);
- ECP2 Q=ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- }
-
-/* create random secret S */
- public static int RANDOM_GENERATE(RAND rng,byte[] S)
- {
- BIG s;
- BIG r=new BIG(ROM.CURVE_Order);
- s=BIG.randomnum(r,rng);
-
- s.toBytes(S);
- return 0;
- }
-
-/* Extract PIN from TOKEN for identity CID */
- public static int EXTRACT_PIN(byte[] CID,int pin,byte[] TOKEN)
- {
- ECP P=ECP.fromBytes(TOKEN);
- if (P.is_infinity()) return INVALID_POINT;
- byte[] h=hashit(0,CID);
- ECP R=mapit(h);
-
-
- pin%=MAXPIN;
-
- R=R.pinmul(pin,PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- }
-
-/* Implement step 2 on client side of MPin protocol */
- public static int CLIENT_2(byte[] X,byte[] Y,byte[] SEC)
- {
- BIG r=new BIG(ROM.CURVE_Order);
- ECP P=ECP.fromBytes(SEC);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG px=BIG.fromBytes(X);
- BIG py=BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- px.rsub(r);
-
- PAIR.G1mul(P,px).toBytes(SEC);
- return 0;
- }
-
-/* Implement step 1 on client side of MPin protocol */
- public static int CLIENT_1(int date,byte[] CLIENT_ID,RAND rng,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT)
- {
- BIG r=new BIG(ROM.CURVE_Order);
-// BIG q=new BIG(ROM.Modulus);
- BIG x;
-// BIG m=new BIG(0);
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P,T,W;
- BIG px;
-// byte[] t=new byte[EFS];
-
- byte[] h=hashit(0,CLIENT_ID);
- P=mapit(h);
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- pin%=MAXPIN;
- W=P.pinmul(pin,PBLEN);
- T.add(W);
- if (date!=0)
- {
- W=ECP.fromBytes(PERMIT);
- if (W.is_infinity()) return INVALID_POINT;
- T.add(W);
- h=hashit(date,h);
- W=mapit(h);
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- W=PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if (xCID!=null) P.toBytes(xCID);
- }
- else
- {
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
-
- T.toBytes(SEC);
- return 0;
- }
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- public static int GET_SERVER_SECRET(byte[] S,byte[] SST)
- {
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG s=BIG.fromBytes(S);
- Q=PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- }
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- public static int GET_G1_MULTIPLE(RAND rng, int type,byte[] X,byte[] G,byte[] W)
- {
- BIG x;
- BIG r=new BIG(ROM.CURVE_Order);
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P;
- if (type==0)
- {
- P=ECP.fromBytes(G);
- if (P.is_infinity()) return INVALID_POINT;
- }
- else
- P=mapit(G);
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- }
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
- public static int GET_CLIENT_SECRET(byte[] S,byte[] CID,byte[] CST)
- {
- return GET_G1_MULTIPLE(null,1,S,CID,CST);
- }
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- public static int GET_CLIENT_PERMIT(int date,byte[] S,byte[] CID,byte[] CTT)
- {
- byte[] h=hashit(date,CID);
- ECP P=mapit(h);
-
- BIG s=BIG.fromBytes(S);
- PAIR.G1mul(P,s).toBytes(CTT);
- return 0;
- }
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- public static void SERVER_1(int date,byte[] CID,byte[] HID,byte[] HTID)
- {
- byte[] h=hashit(0,CID);
- ECP R,P=mapit(h);
-
- if (date!=0)
- {
- if (HID!=null) P.toBytes(HID);
- h=hashit(date,h);
- R=mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- else P.toBytes(HID);
- }
-
-/* Implement step 2 of MPin protocol on server side */
- public static int SERVER_2(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] mSEC,byte[] E,byte[] F)
- {
- BIG q=new BIG(ROM.Modulus);
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
-
- ECP R;
- if (date!=0)
- R=ECP.fromBytes(xCID);
- else
- {
- if (xID==null) return BAD_PARAMS;
- R=ECP.fromBytes(xID);
- }
- if (R.is_infinity()) return INVALID_POINT;
-
- BIG y=BIG.fromBytes(Y);
- ECP P;
- if (date!=0) P=ECP.fromBytes(HTID);
- else
- {
- if (HID==null) return BAD_PARAMS;
- P=ECP.fromBytes(HID);
- }
-
- if (P.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- R=ECP.fromBytes(mSEC);
- if (R.is_infinity()) return INVALID_POINT;
-
- FP12 g;
-// FP12 g1=new FP12(0);
-
- g=PAIR.ate2(Q,R,sQ,P);
- g=PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID!=null && xID!=null && E!=null && F!=null)
- {
- g.toBytes(E);
- if (date!=0)
- {
- P=ECP.fromBytes(HID);
- if (P.is_infinity()) return INVALID_POINT;
- R=ECP.fromBytes(xID);
- if (R.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(F);
- }
- return BAD_PIN;
- }
-
- return 0;
- }
-
-/* Pollards kangaroos used to return PIN error */
- public static int KANGAROO(byte[] E,byte[] F)
- {
- FP12 ge=FP12.fromBytes(E);
- FP12 gf=FP12.fromBytes(F);
- int[] distance = new int[TS];
- FP12 t=new FP12(gf);
- FP12[] table=new FP12[TS];
- int i,j,m,s,dn,dm,res,steps;
-
- s=1;
- for (m=0;m<TS;m++)
- {
- distance[m]=s;
- table[m]=new FP12(t);
- s*=2;
- t.usqr();
- }
- t.one();
- dn=0;
- for (j=0;j<TRAP;j++)
- {
- i=t.geta().geta().getA().lastbits(8)%TS;
- t.mul(table[i]);
- dn+=distance[i];
- }
- gf.copy(t); gf.conj();
- steps=0; dm=0;
- res=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
- i=ge.geta().geta().getA().lastbits(8)%TS;
- ge.mul(table[i]);
- dm+=distance[i];
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm;
- break;
- }
-
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN) {res=0; } // Trap Failed - probable invalid token
- return res;
- }
-
-/* Functions to support M-Pin Full */
-
- public static int PRECOMPUTE(byte[] TOKEN,byte[] CID,byte[] G1,byte[] G2)
- {
- ECP P,T;
- FP12 g;
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- P=mapit(CID);
-
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- g=PAIR.ate(Q,T);
- g=PAIR.fexp(g);
- g.toBytes(G1);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- }
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- public static int CLIENT_KEY(byte[] G1,byte[] G2,int pin,byte[] R,byte[] X,byte[] wCID,byte[] CK)
- {
- HASH H=new HASH();
- byte[] t=new byte[EFS];
-
- FP12 g1=FP12.fromBytes(G1);
- FP12 g2=FP12.fromBytes(G2);
- BIG z=BIG.fromBytes(R);
- BIG x=BIG.fromBytes(X);
-
- ECP W=ECP.fromBytes(wCID);
- if (W.is_infinity()) return INVALID_POINT;
-
- W=PAIR.G1mul(W,x);
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG r=new BIG(ROM.CURVE_Order);
- BIG q=new BIG(ROM.Modulus);
-
- BIG m=new BIG(q);
- m.mod(r);
-
- BIG a=new BIG(z);
- a.mod(m);
-
- BIG b=new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- FP4 c=g1.trace();
- g2.copy(g1);
- g2.frob(f);
- FP4 cp=g2.trace();
- g1.conj();
- g2.mul(g1);
- FP4 cpm1=g2.trace();
- g2.mul(g1);
- FP4 cpm2=g2.trace();
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- W.getX().toBytes(t);
- H.process_array(t);
- W.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (int i=0;i<PAS;i++) CK[i]=t[i];
-
- return 0;
- }
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- public static int SERVER_KEY(byte[] Z,byte[] SST,byte[] W,byte[] xID,byte[] xCID,byte[] SK)
- {
- HASH H=new HASH();
- byte[] t=new byte[EFS];
-
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
- ECP R=ECP.fromBytes(Z);
- if (R.is_infinity()) return INVALID_POINT;
-
- ECP U;
- if (xCID!=null)
- U=ECP.fromBytes(xCID);
- else
- U=ECP.fromBytes(xID);
- if (U.is_infinity()) return INVALID_POINT;
-
- BIG w=BIG.fromBytes(W);
- U=PAIR.G1mul(U,w);
- FP12 g=PAIR.ate(sQ,R);
- g=PAIR.fexp(g);
-
- FP4 c=g.trace();
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- U.getX().toBytes(t);
- H.process_array(t);
- U.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (int i=0;i<PAS;i++) SK[i]=t[i];
-
- return 0;
- }
-
-/* return time since epoch */
- public static int GET_TIME() {
- Date date=new Date();
- return (int) (date.getTime()/1000);
- }
-
-/* Generate Y = H(epoch, xCID/xID) */
- public static void GET_Y(int TimeValue,byte[] xCID,byte[] Y)
- {
- byte[] h = hashit(TimeValue,xCID);
- BIG y = BIG.fromBytes(h);
- BIG q=new BIG(ROM.CURVE_Order);
- y.mod(q);
- y.toBytes(Y);
- }
-
-/* One pass MPIN Client */
- public static int CLIENT(int date,byte[] CLIENT_ID,RAND RNG,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT, int TimeValue, byte[] Y)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- rtn = CLIENT_1(date,CLIENT_ID,RNG,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- return rtn;
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-/* One pass MPIN Server */
- public static int SERVER(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] SEC,byte[] E,byte[] F,byte[] CID, int TimeValue)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- SERVER_1(date,CID,HID,HTID);
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/PAIR.java
----------------------------------------------------------------------
diff --git a/java64/PAIR.java b/java64/PAIR.java
deleted file mode 100755
index bc815a9..0000000
--- a/java64/PAIR.java
+++ /dev/null
@@ -1,537 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve Pairing functions */
-
-public final class PAIR {
-
-/* Line function */
- public static FP12 line(ECP2 A,ECP2 B,FP Qx,FP Qy)
- {
- ECP2 P=new ECP2();
-
- FP4 a,b,c;
- P.copy(A);
- FP2 ZZ=new FP2(P.getz());
- ZZ.sqr();
- int D;
- if (A==B) D=A.dbl(); /* Check this return value in amcl_ec2.c */
- else D=A.add(B);
- if (D<0)
- return new FP12(1);
- FP2 Z3=new FP2(A.getz());
- c=new FP4(0);
- if (D==0)
- { /* Addition */
- FP2 X=new FP2(B.getx());
- FP2 Y=new FP2(B.gety());
- FP2 T=new FP2(P.getz());
- T.mul(Y);
- ZZ.mul(T);
-
- FP2 NY=new FP2(P.gety()); NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- else
- { /* Doubling */
- FP2 X=new FP2(P.getx());
- FP2 Y=new FP2(P.gety());
- FP2 T=new FP2(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X);
- T.neg();
- ZZ.mul(T);
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- return new FP12(a,b,c);
- }
-
-/* Optimal R-ate pairing */
- public static FP12 ate(ECP2 P,ECP Q)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
-
- ECP2 A=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
-
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
-/* R-ate fixup */
-
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
-
- return r;
- }
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- public static FP12 ate2(ECP2 P,ECP Q,ECP2 R,ECP S)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
- FP Sx=new FP(S.getx());
- FP Sy=new FP(S.gety());
-
- ECP2 A=new ECP2();
- ECP2 B=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- lv=line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
-
-/* R-ate fixup */
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
-
- return r;
- }
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- public static FP12 fexp(FP12 m)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- FP12 r=new FP12(m);
- FP12 x0,x1,x2,x3,x4,x5;
-
-/* Easy part of final exp */
- FP12 lv=new FP12(r);
- lv.inverse();
- r.conj();
-
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-/* Hard part of final exp */
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r);
- x1.conj();
- x4=r.pow(x);
-
- x3=new FP12(x4);
- x3.frob(f);
-
- x2=x4.pow(x);
-
- x5=new FP12(x2); x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- return r;
- }
-
-/* GLV method */
- public static BIG[] glv(BIG e)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=new BIG[2];
- BIG[] v=new BIG[2];
- for (i=0;i<2;i++)
- {
- t.copy(new BIG(ROM.CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]);
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.copy(new BIG(ROM.CURVE_SB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
- }
-
-/* Galbraith & Scott Method */
- public static BIG[] gs(BIG e)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=new BIG[4];
- BIG[] v=new BIG[4];
- for (i=0;i<4;i++)
- {
- t.copy(new BIG(ROM.CURVE_WB[i]));
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.copy(new BIG(ROM.CURVE_BB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
- }
-
-/* Multiply P by e in group G1 */
- public static ECP G1mul(ECP P,BIG e)
- {
- ECP R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- int i,np,nn;
- ECP Q=new ECP();
- Q.copy(P);
- BIG q=new BIG(ROM.CURVE_Order);
- FP cru=new FP(new BIG(ROM.CURVE_Cru));
- BIG t=new BIG(0);
- BIG[] u=glv(e);
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* Multiply P by e in group G2 */
- public static ECP2 G2mul(ECP2 P,BIG e)
- {
- ECP2 R;
- if (ROM.USE_GS_G2)
- {
- ECP2[] Q=new ECP2[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=gs(e);
-
- BIG t=new BIG(0);
- int i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
- R=ECP2.mul4(Q,u);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
- public static FP12 GTpow(FP12 d,BIG e)
- {
- FP12 r;
- if (ROM.USE_GS_GT)
- {
- FP12[] g=new FP12[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG t=new BIG(0);
- int i,np,nn;
- BIG[] u=gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
- }
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
- public static boolean GTmember(FP12 m)
- {
- if (m.isunity()) return false;
- FP12 r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
-
- r.copy(m); r.frob(f); r.frob(f);
- FP12 w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- BIG x=new BIG(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
- }
-
- public static void main(String[] args) {
- ECP Q=new ECP(new BIG(ROM.CURVE_Gx),new BIG(ROM.CURVE_Gy));
- ECP2 P=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG r=new BIG(ROM.CURVE_Order);
- BIG xa=new BIG(ROM.CURVE_Pxa);
-
- System.out.println("P= "+P.toString());
- System.out.println("Q= "+Q.toString());
-
- BIG m=new BIG(17);
-
- FP12 e=ate(P,Q);
- System.out.println("\ne= "+e.toString());
-
- e=fexp(e);
- // e=GTpow(e,m);
-
- System.out.println("\ne= "+e.toString());
-
- BIG [] GLV=glv(r);
-
- System.out.println("GLV[0]= "+GLV[0].toString());
- System.out.println("GLV[0]= "+GLV[1].toString());
-
- ECP G=new ECP(); G.copy(Q);
- ECP2 R=new ECP2(); R.copy(P);
-
-
- e=ate(R,Q);
- e=fexp(e);
-
- e=GTpow(e,xa);
- System.out.println("\ne= "+e.toString());
-
-
- R=G2mul(R,xa);
- e=ate(R,G);
- e=fexp(e);
-
- System.out.println("\ne= "+e.toString());
-
- G=G1mul(G,xa);
- e=ate(P,G);
- e=fexp(e);
- System.out.println("\ne= "+e.toString());
- }
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/RAND.java
----------------------------------------------------------------------
diff --git a/java64/RAND.java b/java64/RAND.java
deleted file mode 100755
index 1bf6be2..0000000
--- a/java64/RAND.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-public class RAND {
-/* Cryptographically strong pseudo-random number generator */
-
- private static final int NK=21;
- private static final int NJ=6;
- private static final int NV=8;
- private int[] ira=new int[NK]; /* random number... */
- private int rndptr; /* ...array & pointer */
- private int borrow;
- private int pool_ptr;
- private byte[] pool=new byte[32]; /* random pool */
-
- public RAND()
- {
- clean();
- }
-
- private int sbrand()
- { /* Marsaglia & Zaman random number generator */
- int i,k;
- long pdiff,t;
-
- rndptr++;
- if (rndptr<NK) return ira[rndptr];
- rndptr=0;
- for (i=0,k=NK-NJ;i<NK;i++,k++)
- { /* calculate next NK values */
- if (k==NK) k=0;
- t=((long)ira[k])&0xffffffffL;
- pdiff=(t - (((long)ira[i])&0xffffffffL) - (long)borrow)&0xffffffffL;
- if (pdiff<t) borrow=0;
- if (pdiff>t) borrow=1;
- ira[i]=(int)(pdiff&0xffffffffL);
- }
-
- return ira[0];
- }
-
- public void sirand(int seed)
- {
- int i,in;
- int t,m=1;
- borrow=0;
- rndptr=0;
- ira[0]^=seed;
- for (i=1;i<NK;i++)
- { /* fill initialisation vector */
- in=(NV*i)%NK;
- ira[in]^=m; /* note XOR */
- t=m;
- m=seed-m;
- seed=t;
- }
- for (i=0;i<10000;i++) sbrand(); /* "warm-up" & stir the generator */
- }
-
- private void fill_pool()
- {
- HASH sh=new HASH();
- for (int i=0;i<128;i++) sh.process(sbrand());
- pool=sh.hash();
- pool_ptr=0;
- }
-
- private static int pack(byte[] b)
- { /* pack 4 bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public void seed(int rawlen,byte[] raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- int i;
- byte [] digest;
- byte [] b=new byte[4];
- HASH sh=new HASH();
- pool_ptr=0;
- for (i=0;i<NK;i++) ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
-
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- sirand(pack(b));
- }
- }
- fill_pool();
- }
-
-/* Terminate and clean up */
- public void clean()
- { /* kill internal state */
- int i;
- pool_ptr=rndptr=0;
- for (i=0;i<32;i++) pool[i]=0;
- for (i=0;i<NK;i++) ira[i]=0;
- borrow=0;
- }
-
-/* get random byte */
- public int getByte()
- {
- int r;
- r=pool[pool_ptr++];
- if (pool_ptr>=32) fill_pool();
- return (r&0xff);
- }
-
-/* test main program */
-/*
- public static void main(String[] args) {
- int i;
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- for (i=0;i<1000;i++)
- System.out.format("%03d ",rng.getByte());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ROM.java
----------------------------------------------------------------------
diff --git a/java64/ROM.java b/java64/ROM.java
deleted file mode 100755
index 4dc4bd4..0000000
--- a/java64/ROM.java
+++ /dev/null
@@ -1,381 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-public class ROM
-{
-/* Don't Modify from here... */
- public static final int NOT_SPECIAL=0;
- public static final int PSEUDO_MERSENNE=1;
- public static final int MONTGOMERY_FRIENDLY=2;
- public static final int WEIERSTRASS=0;
- public static final int EDWARDS=1;
- public static final int MONTGOMERY=2;
-/* ...to here */
-
-/*** Enter Some Field details here ***/
-// BN Curve
- public static final int MODBITS=254; /* Number of bits in Modulus */
- public static final int MOD8=3; /* Modulus mod 8 */
-// Curve 25519
-// public static final int MODBITS=255;
-// public static final int MOD8=5;
-// NIST256 or Brainpool
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MF254
-// public static final int MODBITS=254;
-// public static final int MOD8=7;
-// MS255
-//public static final int MODBITS= 255;
-//public static final int MOD8= 3;
-// MF256
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MS256
-//public static final int MODBITS= 256;
-//public static final int MOD8= 3;
-// ANSSI
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-
-/* Don't Modify from here... */
- public static final int NLEN=5;
- public static final int CHUNK=64;
- public static final int DNLEN=2*NLEN;
- public static final int BASEBITS=56;
- public static final long MASK=(((long)1<<BASEBITS)-1);
- public static final int HBITS=BASEBITS/2;
- public static final long HMASK=(((long)1<<HBITS)-1);
- public static final int MODBYTES=32;
- public static final int NEXCESS =((int)1<<(CHUNK-BASEBITS-1));
- public static final long FEXCESS =((long)1<<(BASEBITS*NLEN-MODBITS));
- public static final long OMASK=(long)(-1)<<(MODBITS%BASEBITS);
- public static final int TBITS=MODBITS%BASEBITS; // Number of active bits in top word
- public static final long TMASK=((long)1<<TBITS)-1;
-/* ...to here */
-
-/* Finite field support - for RSA, DH etc. */
- public static final int FF_BITS=2048; /* Finite Field Size in bits - must be 256.2^n */
- public static final int FFLEN=(FF_BITS/256);
- public static final int HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-// public static final long MConst=0x13L;
-
-
-// NIST-256 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL};
-// public static final long MConst=0x1L;
-
-// MF254 Modulus
-// public static final int MODTYPE=MONTGOMERY_FRIENDLY;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-// public static final long MConst=0x3F810000L;
-
-// MS255 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFD03L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long MConst=0x2FDL;
-
-// MS256 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long MConst=0xBDL;
-
-// MF256 Modulus
-//public static final int MODTYPE= 2;
-//public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long MConst=0xFFA80000L;
-
-// Brainpool
-// public static final int MODTYPE= NOT_SPECIAL;
-// public static final long[] Modulus= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long MConst=0xA75590CEFD89B9L;
-
-// ANSSI
-// public static final int MODTYPE= 0;
-// public static final long[] Modulus= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long MConst=0x97483A164E1155L;
-
-// BNCX Curve Modulus
-public static final int MODTYPE=NOT_SPECIAL;
-public static final long[] Modulus= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
-public static final long MConst=0x4E205BF9789E85L;
-
-// BN Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-//public static final long MConst=0x435E50D79435E5L;
-
-// BNT Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0x9DBBFEEEB4A713L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-//public static final long MConst=0xC5A872D914C4E5L;
-
-// BNT2 Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0xB2DC2BB460A48BL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
-//public static final long MConst=0xFE6A47A6505CDDL;
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A = -1;
-// public static final long[] CURVE_B = {0xEB4DCA135978A3L,0xA4D4141D8AB75L,0x797779E8980070L,0x2B6FFE738CC740L,0x52036CEEL};
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x562D608F25D51AL,0xC7609525A7B2C9L,0x31FDD6DC5C692CL,0xCD6E53FEC0A4E2L,0x216936D3L};
-// public static final long[] CURVE_Gy ={0x66666666666658L,0x66666666666666L,0x66666666666666L,0x66666666666666L,0x66666666L};
-
-// Original Curve25519
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =486662;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x9L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// NIST-256 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xCE3C3E27D2604BL,0x6B0CC53B0F63BL,0x55769886BC651DL,0xAA3A93E7B3EBBDL,0x5AC635D8L};
-// public static final long[] CURVE_Order={0xB9CAC2FC632551L,0xFAADA7179E84F3L,0xFFFFFFFFFFBCE6L,0xFFFFFFL,0xFFFFFFFFL};
-// public static final long[] CURVE_Gx ={0xA13945D898C296L,0x7D812DEB33A0F4L,0xE563A440F27703L,0xE12C4247F8BCE6L,0x6B17D1F2L};
-// public static final long[] CURVE_Gy ={0xB6406837BF51F5L,0x33576B315ECECBL,0x4A7C0F9E162BCEL,0xFE1A7F9B8EE7EBL,0x4FE342E2L};
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFD08DL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Order={0xA419C4AF8DF83FL,0x8BEA0DA375C06FL,0xFFFFFFFFFFEB81L,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Gx ={0x2L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x65DF37F90D4EBCL,0x38E3F8511931ADL,0x75BD778AEBDFB7L,0x3B2E56014AE15AL,0x140E3FD3L};
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x367BL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x52D0FDAF2701E5L,0x9A840E3212187CL,0xD502363F4E3632L,0xD6A4C335951D00L,0x19F0E690L};
-
-// MF254 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-55790;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-// public static final long[] CURVE_Gx ={0x3L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS255 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFAB46L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Order={0x8FAC983C594AEBL,0x38283AD2B3DFABL,0xFFFFFFFFFF864AL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x33FF6769CB44BAL,0xC78CDDFDA60D17L,0xF9B2FF7D177DB6L,0xEDBA7833921EBFL,0x6F7A6AC0L};
-
-// MS255 Modulus, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0xEA97L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x2A255BD08736A0L,0x4B8AED445A45BAL,0xDD8E0C47E55291L,0x4A7BB545EC254CL,0x26CB7853L};
-
-// MS255 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-240222;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-// public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS256, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x25581L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xAB20294751A825L,0x8275EA265C6020L,0xFFFFFFFFFFE43CL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xF46306C2B56C77L,0x2F9375894EC10BL,0x6CCEEEDD6BD02CL,0xC1E466D7FC82C9L,0x696F1853L};
-
-// MS256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x3BEEL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-//public static final long[] CURVE_Gx ={0xDL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7F6FB5331CADBAL,0x6D63824D303F70L,0xB39FA046BFBE2AL,0x2A1276DBA3D330L,0x7D0AB41EL};
-
-// MS256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-61370;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-// public static final long[] CURVE_Gx ={0xbL,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MF256 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x14E6AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x10C5E1A79857EBL,0x7513E6E5074B9DL,0xFFFFFFFFFFFC51L,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7954C2B724D2AL,0x47EB8D94DC6610L,0x26123DAE289569L,0xBE1808CE7BABBAL,0x20887C87L};
-
-// MF256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x350AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xEAA722F2F3C908L,0x5E648DFEA68D7DL,0xF3DB2C1AACA0C0L,0xF8CC4D5AEAEBEEL,0xDAD8D4F8L};
-
-// MF256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-54314;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-// public static final long[] CURVE_Gx ={0x8L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-
-
-// Brainpool
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xE58101FEE92B04L,0xEBC4AF2F49256AL,0x733D0B76B7BF93L,0x30D84EA4FE66A7L,0x662C61C4L};
-// public static final long[] CURVE_Order={0x1E0E82974856A7L,0x7AA3B561A6F790L,0x909D838D718C39L,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long[] CURVE_Gx ={0xA191562E1305F4L,0x42C47AAFBC2B79L,0xB23A656149AFA1L,0xC1CFE7B7732213L,0xA3E8EB3CL};
-// public static final long[] CURVE_Gy ={0xABE8F35B25C9BEL,0xB6DE39D027001DL,0xE14644417E69BCL,0x3439C56D7F7B22L,0x2D996C82L};
-
-// ANSSI
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL};
-// public static final long[] CURVE_Order={0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long[] CURVE_Gx ={0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L};
-// public static final long[] CURVE_Gy ={0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L};
-
-// BNCX Curve
-
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0x11C0A636EB1F6DL,0xD6EE0CC906CEBEL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L};
- public static final long[] CURVE_Bnx={0x3C012B1L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0xE0931794235C97L,0xDF6471EF875631L,0xCA83F1440BDL,0x480000L,0x0L};
- public static final long[] CURVE_Fra={0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL};
- public static final long[] CURVE_Frb={0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L};
- public static final long[] CURVE_Pxa={0x851CEEE4D2EC74L,0x85BFA03E2726C0L,0xF5C34BBB907CL,0x7053B256358B25L,0x19682D2CL};
- public static final long[] CURVE_Pxb={0xA58E8B2E29CFE1L,0x97B0C209C30F47L,0x37A8E99743F81BL,0x3E19F64AA011C9L,0x1466B9ECL};
- public static final long[] CURVE_Pya={0xFBFCEBCF0BE09FL,0xB33D847EC1B30CL,0x157DAEE2096361L,0x72332B8DD81E22L,0xA79EDD9L};
- public static final long[] CURVE_Pyb={0x904B228898EE9DL,0x4EA569D2EDEBEDL,0x512D8D3461C286L,0xECC4C09035C6E4L,0x6160C39L};
- public static final long[] CURVE_Gx ={0x6623EF5C1B55B2L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0x546349162FEB83L,0xB40381200L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0x5463491DB010E4L,0xB40381280L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0xBD5D5D20BB33EAL,0xD6EE0188CEBCBDL,0x647A6366D2643FL,0x8702A0DB0BDDFL,0x24000000L}}};
- public static final long[][] CURVE_WB={{0x1C2118567A84B0L,0x3C012B040L,0x2000L,0x0L,0x0L},{0xCDF995BE220475L,0x94EDA8CA7F9A36L,0x8702A0DC07EL,0x300000L,0x0L},{0x66FCCAE0F10B93L,0x4A76D4653FCD3BL,0x4381506E03FL,0x180000L,0x0L},{0x1C21185DFAAA11L,0x3C012B0C0L,0x2000L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x7802562L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L}},{{0x7802562L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x3C012B2L,0x40L,0x0L,0x0L,0x0L},{0xF004AC2L,0x100L,0x0L,0x0L,0x0L},{0x11C0A62F6AFA0AL,0xD6EE0CC906CE3EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x3C012B2L,0x40L,0x0L,0x0L,0x0L}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-
-// BNT Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Order={0x75777E8D30210DL,0xD43492B2CB363AL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Bnx={0x806000004081L,0x40L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cru={0xEB53D5AB4FCD87L,0x82A5F2BAB11FADL,0x47651504C9764CL,0x4801B1L,0x0L};
-public static final long[] CURVE_Fra={0xF5D14EADC80022L,0x4904D6FACCE359L,0xF190A13211BE6CL,0xC9BBC4394F6509L,0x1328A292L};
-public static final long[] CURVE_Frb={0xA7EAB040ECA6F1L,0xC513DF997D764L,0x450657A3DEB01EL,0x9B5B3D15AAA6A1L,0x10D87E48L};
-public static final long[] CURVE_Pxa={0x8987E2288E65BBL,0xAD1CAA6313BEL,0x325041548B7CCCL,0x4C1339EBCC055L,0x14483FCDL};
-public static final long[] CURVE_Pxb={0x67888808DBE2C0L,0x7FE1F81E34853AL,0xA631A51B57B95L,0x384EC302DA3FC5L,0x87F46B3L};
-public static final long[] CURVE_Pya={0x202C47E020CA1DL,0xB4167E8399F36CL,0xC6E5439F72C94CL,0x102B0BD74A2C69L,0x14E8C29CL};
-public static final long[] CURVE_Pyb={0xD8437C716628F2L,0x27E167BCB7DC6BL,0xA82C7572681D0AL,0x62454BD1EDEC18L,0x17AFE2A4L};
-public static final long[] CURVE_Gx ={0x9DBBFEEEB4A712L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[][] CURVE_W={{0x26430061838403L,0x81218241998384L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}};
-public static final long[][][] CURVE_SB={{{0x2743C061840504L,0x81218241998404L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x4F347E2BAC9D0AL,0x5313107131B2B6L,0x3696F8D5EFAE87L,0x6517014EFA0BABL,0x240120DBL}}};
-public static final long[][] CURVE_WB={{0x6140602080C080L,0x806080C08880C1L,0x2000L,0x0L,0x0L},{0xB53904088C4A85L,0xAD2FA352DC6C36L,0xDA436358868EDEL,0x300120L,0x0L},{0x5ADCB204464583L,0x5697D1A96E363BL,0x6D21B1AC43476FL,0x180090L,0x0L},{0x62412020814181L,0x806080C0888141L,0x2000L,0x0L,0x0L}};
-public static final long[][][] CURVE_BB={{{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x100C000008102L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL}},{{0x100C000008102L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x806000004082L,0x40L,0x0L,0x0L,0x0L},{0x2018000010202L,0x100L,0x0L,0x0L,0x0L},{0x7476BE8D2FA00AL,0xD43492B2CB35BAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x806000004082L,0x40L,0x0L
,0x0L,0x0L}}};
-
-*/
-
-// BNT2 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0xFB71A511AA2BF5L,0x8DE127B73833D7L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Bnx={0x20100608205L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x5027444866BD33L,0x5B773016470EFBL,0xC3617BECF23675L,0x480006L,0x0L};
- public static final long[] CURVE_Fra={0xB268C973AEF062L,0xC69B33C3BCE492L,0xF67FA37F195BBCL,0x29E8CAB6BD0A41L,0x124E0B8DL};
- public static final long[] CURVE_Frb={0x736240B1B429L,0xCD48F52D196D56L,0x18BBE650E72612L,0x17268FF6FA43DEL,0x11B1F8F5L};
- public static final long[] CURVE_Pxa={0xCC92399F40A3C8L,0xCDA4E96611784AL,0x7B056961706B35L,0x9693C6318279D7L,0x16FC17CFL};
- public static final long[] CURVE_Pxb={0x557A8AD8549540L,0x6F7BE6F6510610L,0x565907A95D17DBL,0xBD5975909C8188L,0x1EB5B500L};
- public static final long[] CURVE_Pya={0x7BECC514220513L,0x4A78860E737B14L,0x51B83935F12684L,0x761422AA9D4DFAL,0x1E8EE498L};
- public static final long[] CURVE_Pyb={0xB9328F577CE78EL,0xB746E26FA5781FL,0xA93DBC1FB8E27EL,0xBAE33BDBA29D76L,0x23CEF4CDL};
- public static final long[] CURVE_Gx ={0xB2DC2BB460A48AL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0xB76282A1347083L,0x60301399E1D10L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0xB76684A1F5748CL,0x60301399E1D90L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x440F227075BB72L,0x87DE267D9A16C7L,0xF3B89CFFFC1CFL,0x410F5AADB74E20L,0x24000482L}}};
- public static final long[][] CURVE_WB={{0x9272D48A70A224L,0x20100688A0945L,0x2000L,0x0L,0x0L},{0x5A572CF030EF19L,0x9651763543721DL,0x8240FD48A1B9A3L,0x300004L,0x0L},{0xAD2C96F848B88FL,0xCB28BB1AA1B92EL,0x41207EA450DCD1L,0x180002L,0x0L},{0x9276D68B31A62DL,0x20100688A09C5L,0x2000L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L}},{{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x20100608206L,0x40L,0x0L,0x0L,0x0L},{0x80401820812L,0x100L,0x0L,0x0L,0x0L},{0xFB6DA310E927EAL,0x8DE127B7383357L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x20100608206L,0x40L,0x0L,0x0L,0x0L}}};
-*/
-
-// BN Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Order={0xDL,0x800000000010A1L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L};
-public static final long[] CURVE_Bnx={0x80000000000001L,0x40L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cru={0x80000000000007L,0x6CDL,0x40000000024909L,0x49B362L,0x0L};
-public static final long[] CURVE_Fra={0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L};
-public static final long[] CURVE_Frb={0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L};
-public static final long[] CURVE_Pxa={0xAB2C7935FD0CB4L,0xE319E4FCC57C2BL,0x24F6DF763B05A5L,0xF55EA7EA335FB7L,0x95B04D4L};
-public static final long[] CURVE_Pxb={0xA07D0790962455L,0x86BE3D27AA5E38L,0x89E05747F39D6DL,0xC08347B49D42BFL,0x5D4D8A7L};
-public static final long[] CURVE_Pya={0xADCE687A08A46CL,0x2B30E98A4191F9L,0x4C3784B1F16908L,0x25E5313FA16D1CL,0xABF2ABFL};
-public static final long[] CURVE_Pyb={0xDF88D405F306ECL,0x82076ADD13A0E6L,0x1E47819D6A5C04L,0xE679DABDB38627L,0x18769A87L};
-public static final long[] CURVE_Gx ={0x12L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[][] CURVE_W={{0x3L,0x80000000000204L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}};
-public static final long[][][] CURVE_SB={{{0x4L,0x80000000000285L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0xAL,0xE9DL,0x80000000079E1EL,0x40000001BA344DL,0x25236482L}}};
-public static final long[][] CURVE_WB={{0x80000000000000L,0x80000000000040L,0x2080L,0x0L,0x0L},{0x80000000000005L,0x54AL,0x8000000001C707L,0x312241L,0x0L},{0x80000000000003L,0x800000000002C5L,0xC000000000E383L,0x189120L,0x0L},{0x80000000000001L,0x800000000000C1L,0x2080L,0x0L,0x0L}};
-public static final long[][][] CURVE_BB={{{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x2L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L}},{{0x2L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x80000000000002L,0x40L,0x0L,0x0L,0x0L},{0x2L,0x102L,0x0L,0x0L,0x0L},{0xAL,0x80000000001020L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x80000000000002L,0x40L,0x0L,0x0L,0x0L}}};
-
-*/
-
-// public static boolean debug=false;
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/RSA.java
----------------------------------------------------------------------
diff --git a/java64/RSA.java b/java64/RSA.java
deleted file mode 100755
index 4ce597c..0000000
--- a/java64/RSA.java
+++ /dev/null
@@ -1,319 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-final class rsa_private_key
-{
- public FF p,q,dp,dq,c;
-
- public rsa_private_key(int n)
- {
- p=new FF(n);
- q=new FF(n);
- dp=new FF(n);
- dq=new FF(n);
- c=new FF(n);
- }
-}
-
-final class rsa_public_key
-{
- public int e;
- public FF n;
-
- public rsa_public_key(int m)
- {
- e=0;
- n=new FF(m);
- }
-}
-
-public final class RSA {
-
- public static final int RFS=ROM.MODBYTES*ROM.FFLEN;
-
-/* generate an RSA key pair */
-
- public static void KEY_PAIR(RAND rng,int e,rsa_private_key PRIV,rsa_public_key PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
- int n=PUB.n.getlen()/2;
- FF t = new FF(n);
- FF p1=new FF(n);
- FF q1=new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng))
- PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng))
- PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
-
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()==0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()==0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
-
-/* Mask Generation Function */
-
- public static void MGF1(byte[] Z,int olen,byte[] K)
- {
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] B=new byte[hlen];
-
- int counter,cthreshold,k=0;
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter);
- B=H.hash();
-
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- }
-
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- /* OAEP Message Encoding for Encryption */
- public static byte[] OAEP_ENCODE(byte[] m,RAND rng,byte[] p)
- {
- int i,slen,olen=RFS-1;
- int mlen=m.length;
- int hlen,seedlen;
- byte[] f=new byte[RFS];
-
- HASH H=new HASH();
- hlen=HASH.len;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) return new byte[0];
-
- byte[] DBMASK=new byte[olen-seedlen];
-
- if (p!=null) H.process_array(p);
- byte[] h=H.hash();
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=(byte)rng.getByte();
- MGF1(SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
- MGF1(DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- int d=1;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- public static byte[] OAEP_DECODE(byte[] p,byte[] f)
- {
- int x,t;
- boolean comp;
- int i,k,olen=RFS-1;
- int hlen,seedlen;
-
- HASH H=new HASH();
- hlen=HASH.len;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
- byte[] CHASH=new byte[hlen];
-
- if (olen<seedlen+hlen+1) return new byte[0];
- byte[] DBMASK=new byte[olen-seedlen];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RFS)
- {
- int d=RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- if (p!=null) H.process_array(p);
- byte[] h=H.hash();
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- MGF1(DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- MGF1(SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return new byte[0];
- if (DBMASK[k]!=0) break;
- }
-
- t=DBMASK[k];
- if (!comp || x!=0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return new byte[0];
- }
-
- byte[] r=new byte[olen-seedlen-hlen-k-1];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- }
-
- /* destroy the Private Key structure */
- public static void PRIVATE_KEY_KILL(rsa_private_key PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
-
- /* RSA encryption with the public key */
- public static void ENCRYPT(rsa_public_key PUB,byte[] F,byte[] G)
- {
- int n=PUB.n.getlen();
- FF f=new FF(n);
-
- FF.fromBytes(f,F);
- f.power(PUB.e,PUB.n);
- f.toBytes(G);
- }
-
- /* RSA decryption with the private key */
- public static void DECRYPT(rsa_private_key PRIV,byte[] G,byte[] F)
- {
- int n=PRIV.p.getlen();
- FF g=new FF(2*n);
-
- FF.fromBytes(g,G);
- FF jp=g.dmod(PRIV.p);
- FF jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- FF t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestECDH.java
----------------------------------------------------------------------
diff --git a/java64/TestECDH.java b/java64/TestECDH.java
deleted file mode 100755
index 3027f12..0000000
--- a/java64/TestECDH.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-public class TestECDH
-{
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args)
- {
- int i,j=0,res;
- int result;
- String pp=new String("M0ng00se");
-
- int EGS=ECDH.EGS;
- int EFS=ECDH.EFS;
- int EAS=AES.KS;
-
- byte[] S1=new byte[EGS];
- byte[] W0=new byte[2*EFS+1];
- byte[] W1=new byte[2*EFS+1];
- byte[] Z0=new byte[EFS];
- byte[] Z1=new byte[EFS];
- byte[] RAW=new byte[100];
- byte[] SALT=new byte[8];
- byte[] P1=new byte[3];
- byte[] P2=new byte[4];
- byte[] V=new byte[2*EFS+1];
- byte[] M=new byte[17];
- byte[] T=new byte[12];
- byte[] CS=new byte[EGS];
- byte[] DS=new byte[EGS];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt
-
- System.out.println("Alice's Passphrase= "+pp);
- byte[] PW=pp.getBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- System.out.print("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- System.out.print("Alice's public key= 0x");
- printBinary(W0);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- {
- System.out.println("ECP Public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- System.out.print("Servers private key= 0x");
- printBinary(S1);
-
- System.out.print("Servers public key= 0x");
- printBinary(W1);
-
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- {
- System.out.print("ECP Public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- boolean same=true;
- for (i=0;i<EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- {
- System.out.println("*** ECPSVDP-DH Failed");
- return;
- }
-
- byte[] KEY=ECDH.KDF1(Z0,EAS);
-
- System.out.print("Alice's DH Key= 0x"); printBinary(KEY);
- System.out.print("Servers DH Key= 0x"); printBinary(KEY);
-
- System.out.println("Testing ECIES");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=(byte)i;
-
- byte[] C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T);
-
- System.out.println("Ciphertext= ");
- System.out.print("V= 0x"); printBinary(V);
- System.out.print("C= 0x"); printBinary(C);
- System.out.print("T= 0x"); printBinary(T);
-
-
- M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1);
- if (M.length==0)
- {
- System.out.println("*** ECIES Decryption Failed\n");
- return;
- }
- else System.out.println("Decryption succeeded");
-
- System.out.print("Message is 0x"); printBinary(M);
-
- System.out.println("Testing ECDSA");
-
- if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Signature Failed");
- return;
- }
- System.out.println("Signature= ");
- System.out.print("C= 0x"); printBinary(CS);
- System.out.print("D= 0x"); printBinary(DS);
-
- if (ECDH.ECPVP_DSA(W0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Verification Failed");
- return;
- }
- else System.out.println("ECDSA Signature/Verification succeeded "+j);
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestECM.java
----------------------------------------------------------------------
diff --git a/java64/TestECM.java b/java64/TestECM.java
deleted file mode 100755
index b0a07a1..0000000
--- a/java64/TestECM.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH API Function only - for use with Montgomery curves */
-
-public class TestECM
-{
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args)
- {
- int i,j=0,res;
- int result;
- String pp=new String("M0ng00se");
-
- int EGS=ECDH.EGS;
- int EFS=ECDH.EFS;
- int EAS=AES.KS;
-
- byte[] S1=new byte[EGS];
- byte[] W0=new byte[2*EFS+1];
- byte[] W1=new byte[2*EFS+1];
- byte[] Z0=new byte[EFS];
- byte[] Z1=new byte[EFS];
- byte[] RAW=new byte[100];
- byte[] SALT=new byte[8];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt
-
- System.out.println("Alice's Passphrase= "+pp);
- byte[] PW=pp.getBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- System.out.print("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- System.out.print("Alice's public key= 0x");
- printBinary(W0);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- {
- System.out.println("Alice's public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- System.out.print("Servers private key= 0x");
- printBinary(S1);
-
- System.out.print("Servers public key= 0x");
- printBinary(W1);
-
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- {
- System.out.print("Server's public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- boolean same=true;
- for (i=0;i<EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- {
- System.out.println("*** ECPSVDP-DH Failed");
- return;
- }
-
- byte[] KEY=ECDH.KDF1(Z0,EAS);
-
- System.out.print("Alice's DH Key= 0x"); printBinary(KEY);
- System.out.print("Servers DH Key= 0x"); printBinary(KEY);
-
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestMPIN.java
----------------------------------------------------------------------
diff --git a/java64/TestMPIN.java b/java64/TestMPIN.java
deleted file mode 100755
index f883a57..0000000
--- a/java64/TestMPIN.java
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN API Functions */
-
-import java.util.Date;
-import java.util.Scanner;
-
-public class TestMPIN
-{
- static boolean PERMITS=true;
- static boolean PINERROR=true;
- static boolean FULL=true;
- static boolean SINGLE_PASS=false;
-
- static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args) {
- RAND rng=new RAND();
- byte[] raw=new byte[100];
- for (int i=0;i<100;i++) raw[i]=(byte)(i+1);
- rng.seed(100,raw);
-
- int EGS=MPIN.EGS;
- int EFS=MPIN.EFS;
- int G1S=2*EFS+1; /* Group 1 Size */
- int G2S=4*EFS; /* Group 2 Size */
- int EAS=16;
-
- byte[] S=new byte[EGS];
- byte[] SST = new byte[G2S];
- byte[] TOKEN = new byte[G1S];
- byte[] PERMIT = new byte[G1S];
- byte[] SEC = new byte[G1S];
- byte[] xID = new byte[G1S];
- byte[] xCID = new byte[G1S];
- byte[] X= new byte[EGS];
- byte[] Y= new byte[EGS];
- byte[] E=new byte[12*EFS];
- byte[] F=new byte[12*EFS];
- byte[] HID=new byte[G1S];
- byte[] HTID=new byte[G1S];
-
- byte[] G1=new byte[12*EFS];
- byte[] G2=new byte[12*EFS];
- byte[] R=new byte[EGS];
- byte[] Z=new byte[G1S];
- byte[] W=new byte[EGS];
- byte[] T=new byte[G1S];
- byte[] CK=new byte[EAS];
- byte[] SK=new byte[EAS];
-
-/* Trusted Authority set-up */
-
- MPIN.RANDOM_GENERATE(rng,S);
- System.out.print("Master Secret s: 0x"); printBinary(S);
-
- /* Create Client Identity */
- String IDstr = "testUser@miracl.com";
- byte[] CLIENT_ID = IDstr.getBytes();
-
- byte[] HCID=MPIN.HASH_ID(CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- System.out.print("Client ID= "); printBinary(CLIENT_ID);
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- System.out.print("Server Secret SS: 0x"); printBinary(SST);
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- System.out.print("Client Secret CS: 0x");
- printBinary(TOKEN);
-
-/* Client extracts PIN from secret to create Token */
- int pin=1234;
- System.out.println("Client extracts PIN= "+pin);
- int rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- System.out.println("FAILURE: EXTRACT_PIN rtn: " + rtn);
-
- System.out.print("Client Token TK: 0x");
- printBinary(TOKEN);
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
- int date;
- if (PERMITS)
- {
- date=MPIN.today();
- System.out.println("Date= "+date);
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT);
- System.out.print("Time Permit TP: 0x"); printBinary(PERMIT);
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- System.out.print("Encoded Time Permit TP: 0x"); printBinary(PERMIT);
- MPIN.DECODING(PERMIT);
- System.out.print("Decoded Time Permit TP: 0x"); printBinary(PERMIT);
- }
- else date=0;
-
- System.out.print("\nPIN= ");
- Scanner scan=new Scanner(System.in);
- pin=scan.nextInt();
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-IMPORTANT: To save space and time..
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
-
- byte[] pxID=xID;
- byte[] pxCID=xCID;
- byte[] pHID=HID;
- byte[] pHTID=HTID;
- byte[] pE=E;
- byte[] pF=F;
- byte[] pPERMIT=PERMIT;
- byte[] prHID;
-
- if (date!=0)
- {
-
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- pHID=null;
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (SINGLE_PASS)
- {
- System.out.println("MPIN Single Pass");
- int timeValue = MPIN.GET_TIME();
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- rtn=MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- System.out.println("FAILURE: SERVER rtn: " + rtn);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- System.out.println("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_1 rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_2 rtn: " + rtn);
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- System.out.println("FAILURE: SERVER_1 rtn: " + rtn);
- }
-
- if (rtn == MPIN.BAD_PIN)
- {
- System.out.println("Server says - Bad Pin. I don't know you. Feck off.\n");
- if (PINERROR)
- {
- int err=MPIN.KANGAROO(E,F);
- if (err!=0) System.out.format("(Client PIN is out by %d)\n",err);
- }
- return;
- }
- else System.out.println("Server says - PIN is good! You really are "+IDstr);
-
-
- if (FULL)
- {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- System.out.print("Client Key = 0x"); printBinary(CK);
-
- MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK);
- System.out.print("Server Key = 0x"); printBinary(SK);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestRSA.java
----------------------------------------------------------------------
diff --git a/java64/TestRSA.java b/java64/TestRSA.java
deleted file mode 100755
index 2c30155..0000000
--- a/java64/TestRSA.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-public class TestRSA
-{
-
- public static void main(String[] args)
- {
- int i;
- int RFS=RSA.RFS;
-
- String message="Hello World\n";
-
- rsa_public_key pub=new rsa_public_key(ROM.FFLEN);
- rsa_private_key priv=new rsa_private_key(ROM.HFLEN);
-
- byte[] ML=new byte[RFS];
- byte[] C=new byte[RFS];
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-//for (i=0;i<10;i++)
-//{
- System.out.println("Generating public/private key pair");
- RSA.KEY_PAIR(rng,65537,priv,pub);
-
- byte[] M=message.getBytes();
- System.out.print("Encrypting test string\n");
- byte[] E=RSA.OAEP_ENCODE(M,rng,null); /* OAEP encode message M to E */
-
- RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */
- System.out.print("Ciphertext= 0x"); RSA.printBinary(C);
-
- System.out.print("Decrypting test string\n");
- RSA.DECRYPT(priv,C,ML);
- byte[] MS=RSA.OAEP_DECODE(null,ML); /* OAEP decode message */
-
- message=new String(MS);
- System.out.print(message);
-//}
- RSA.PRIVATE_KEY_KILL(priv);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/readme.txt
----------------------------------------------------------------------
diff --git a/java64/readme.txt b/java64/readme.txt
deleted file mode 100644
index c4bd115..0000000
--- a/java64/readme.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-AMCL is very simple to build for Java. This version is optimal for a 64-bit
-Virtual Machine.
-
-First - decide the modulus type and curve type you want to use. Edit ROM.java
-where indicated. You might want to use one of the curves whose details are
-already in there.
-
-Three example API files are provided, MPIN.java which
-supports our M-Pin (tm) protocol, ECDH.java which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.java
-which supports the RSA method. The first can be tested using the
-TestMPIN.java driver programs, the second can be tested using TestECDH.java
-and TestECM.java, and the third with TestRSA.java
-
-In the ROM.java file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The program bngen.cpp generates the ROM details for a
-BN curve, and the program ecgen.cpp generates the ROM for EC curves.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-Don't forget to delete all .class files before rebuilding projects.
-
-For a quick jumpstart:-
-
-del *.class
-javac TestMPIN.java
-java TestMPIN
-
[12/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/readme.txt
----------------------------------------------------------------------
diff --git a/swift/readme.txt b/swift/readme.txt
deleted file mode 100644
index 708054d..0000000
--- a/swift/readme.txt
+++ /dev/null
@@ -1,45 +0,0 @@
-AMCL is very simple to build for Swift.
-
-First - decide the modulus and curve type you want to use. Edit rom.swift
-where indicated. You will probably want to use one of the curves whose
-details are already in there.
-
-Three example API files are provided, mpin.swift which
-supports our M-Pin (tm) protocol, ecdh.swift which supports elliptic
-curve key exchange, digital signature and public key crypto, and rsa.swift
-which supports the RSA method. The first can be tested using the
-TestMPIN.swift driver programs, the second can be tested using TestECDH.swift
-and TestECM.swift, and the third with TestRSA.swift
-
-In the rom.swift file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-For a quick jumpstart:-
-
-From a terminal window in a /lib directory create a dynamic library using the command
-
-swiftc big.swift rom.swift dbig.swift rand.swift hash.swift fp.swift fp2.swift ecp.swift ecp2.swift aes.swift gcm.swift fp4.swift fp12.swift ff.swift pair.swift rsa.swift ecdh.swift mpin.swift -Ounchecked -whole-module-optimization -emit-library -emit-module -module-name clint
-
-This creates the files
-
-libclint.dylib
-clint.swiftmodule
-
-Copy these to a project directory, which contains only the files
-
-TestECDH.swift
-TestRSA.swift
-TestMPIN.swift
-
-And create and run the projects by issuing the commands
-
-swift -lclint -I. TestMPIN.swift
-swift -lclint -I. TestECDH.swift
-swift -lclint -I. TestRSA.swift
-
-Note that classes and methods that need to be exposed to consuming programs,
-should be made "public" when and if needed. Here we have done this as needed
-just for these example programs
-
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/rom.swift
----------------------------------------------------------------------
diff --git a/swift/rom.swift b/swift/rom.swift
deleted file mode 100644
index aaf6c76..0000000
--- a/swift/rom.swift
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// rom.swift
-//
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-final public class ROM{
- static let NLEN:Int=9
- static let CHUNK:Int=32
- static let DNLEN:Int=2*NLEN
-
-/*** Enter Some Field details here ***/
- // BN Curve
- static let MODBITS:Int32 = 254 /* Number of bits in Modulus */
- static let MOD8:Int32 = 3 /* Modulus mod 8 */
- // Curve 25519
-// static let MODBITS:Int32=255
-// static let MOD8:Int32=5
-
- // NIST256 or Brainpool
-// static let MODBITS:Int32=256
-// static let MOD8:Int32=7
-
- // MF254
-// static let MODBITS:Int32=254
-// static let MOD8:Int32=7
- // MS255
-// static let MODBITS:Int32 = 255
-// static let MOD8:Int32 = 3
- // MF256
-// static let MODBITS:Int32 = 256
-// static let MOD8:Int32 = 7
- // MS256
-// static let MODBITS:Int32 = 256
-// static let MOD8:Int32 = 3
-
- // ANSSI
-// static let MODBITS:Int32 = 256
-// static let MOD8:Int32 = 3
-
- static let BASEBITS:Int32=29
- static let OMASK:Int32=Int32(-1)<<Int32(MODBITS%BASEBITS)
- static let MASK:Int32=((Int32(1)<<BASEBITS)-Int32(1))
- static let TBITS:Int32=MODBITS%BASEBITS; // Number of active bits in top word
- static let TMASK:Int32=(Int32(1)<<TBITS)-1;
- static let MODBYTES:Int32=32
- static let NEXCESS:Int32 = (Int32(1)<<(Int32(CHUNK)-BASEBITS-1))
- static let FEXCESS:Int32 = (Int32(1)<<(BASEBITS*Int32(NLEN)-MODBITS));
-
- /* Don't Modify from here... */
- static let NOT_SPECIAL=0
- static let PSEUDO_MERSENNE=1
- static let MONTGOMERY_FRIENDLY=2
- static let WEIERSTRASS=0
- static let EDWARDS=1
- static let MONTGOMERY=2
- /* ...to here */
-
-
- /* Finite field support - for RSA, DH etc. */
- static let FF_BITS:Int=2048; /* Finite Field Size in bits - must be 256.2^n */
- static public let FFLEN=(FF_BITS/256)
- static public let HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// static let MODTYPE=PSEUDO_MERSENNE
-// static let Modulus:[Int32]=[0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
-// static let MConst:Int32=19
-
-// NIST-256 Modulus
-// static let MODTYPE=NOT_SPECIAL
-// static let Modulus:[Int32]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF]
-// static let MConst:Int32=1
-
-// MF254 Modulus
-// static let MODTYPE=MONTGOMERY_FRIENDLY
-// static let Modulus:[Int32]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF]
-// static let MConst:Int32=0x3F8100
-// MS255 Modulus
-// static let MODTYPE = PSEUDO_MERSENNE
-// static let Modulus:[Int32]=[0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
-// static let MConst:Int32=0x2FD
-// MF256 Modulus
-// static let MODTYPE = MONTGOMERY_FRIENDLY
-// static let Modulus:[Int32]=[0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF]
-// static let MConst:Int32=0xFFA800
-// MS256 Modulus
-// static let MODTYPE = PSEUDO_MERSENNE
-// static let Modulus:[Int32]=[0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF]
-// static let MConst:Int32 = 0xBD
- // Brainpool Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Int32]=[0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57]
-// static let MConst:Int32 = 0xEFD89B9
- // ANSSI Modulus
-// static let MODTYPE = NOT_SPECIAL
-// static let Modulus:[Int32]=[0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17]
-// static let MConst:Int32 = 0x164E1155
-
- // BNCX Curve Modulus
- static let MODTYPE = NOT_SPECIAL
- static let Modulus:[Int32]=[0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000]
- static let MConst:Int32=0x19789E85
-
-
- // START SPECIFY CURVE DETAILS HERE
- //*********************************************************************************
- // Original Curve25519
- // static let CURVETYPE=MONTGOMERY
- // static let CURVE_A:Int32 = 486662
- // static let CURVE_B:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- // static let CURVE_Order:[Int32]=[0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000]
- // static let CURVE_Gx:[Int32]=[0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Gy:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-// Ed25519 Curve
- //static let CURVETYPE=EDWARDS
- //static let CURVE_A:Int32 = -1
- //static let CURVE_B:[Int32]=[0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C]
- //static let CURVE_Order:[Int32]=[0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000]
- //static let CURVE_Gx:[Int32]=[0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936]
- //static let CURVE_Gy:[Int32]=[0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666]
-
-// NIST-256 Curve
- // static let CURVETYPE=WEIERSTRASS
- // static let CURVE_A:Int32 = -3;
- // static let CURVE_B:[Int32]=[0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635]
- // static let CURVE_Order:[Int32]=[0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF]
- // static let CURVE_Gx:[Int32]=[0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1]
- // static let CURVE_Gy:[Int32]=[0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342]
-
- // MF254 Modulus, Weierstrass Curve w-254-mont
- // static let CURVETYPE=WEIERSTRASS
- // static let CURVE_A:Int32 = -3
- // static let CURVE_B:[Int32]=[0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF]
- // static let CURVE_Order:[Int32]=[0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF]
- // static let CURVE_Gx:[Int32]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Gy:[Int32]=[0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F]
-
- // MF254 Modulus, Edwards Curve ed-254-mont
- // static let CURVETYPE = EDWARDS
- // static let CURVE_A:Int32 = -1
- // static let CURVE_B:[Int32]=[0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Order:[Int32]=[0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F]
- // static let CURVE_Gx:[Int32]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- // static let CURVE_Gy:[Int32]=[0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6]
-
- // MF254 Modulus, Montgomery Curve
- //static let CURVETYPE = MONTGOMERY
- //static let CURVE_A:Int32 = -55790;
- //static let CURVE_B:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Int32]=[0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F]
- //static let CURVE_Gx:[Int32]=[0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // MS255 Modulus, Weierstrass Curve
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int32 = -3
- //static let CURVE_B:[Int32]=[0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
- //static let CURVE_Order:[Int32]=[0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF]
- //static let CURVE_Gx:[Int32]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A]
-
- // MS255 Modulus, Edwards Curve
- //static let CURVETYPE = EDWARDS
- //static let CURVE_A:Int32 = -1
- //static let CURVE_B:[Int32]=[0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Int32]=[0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF]
- //static let CURVE_Gx:[Int32]=[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78]
-
- // MS255 Modulus, Montgomery Curve
- //static let CURVETYPE=MONTGOMERY
- //static let CURVE_A:Int32 = -240222
- //static let CURVE_B:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Int32]=[0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF]
- //static let CURVE_Gx:[Int32]=[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // MF256 Modulus, Weierstrass Curve
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int32 = -3;
- //static let CURVE_B:[Int32]=[0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Int32]=[0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF]
- //static let CURVE_Gx:[Int32]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C]
-
- // MF256, Edwards Curve
- //static let CURVETYPE = EDWARDS
- //static let CURVE_A:Int32 = -1
- //static let CURVE_B:[Int32]=[0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Int32]=[0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF]
- //static let CURVE_Gx:[Int32]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4]
-
- // MF256 Modulus, Montgomery Curve
- //static let CURVETYPE = MONTGOMERY
- //static let CURVE_A:Int32 = -54314
- //static let CURVE_B:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Int32]=[0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF]
- //static let CURVE_Gx:[Int32]=[0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // MS256, Weierstrass Curve
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int32 = -3
- //static let CURVE_B:[Int32]=[0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Int32]=[0x751A825,0x559014A,0x9971808,0x1904EBD4,0x1FFFFE43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF]
- //static let CURVE_Gx:[Int32]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x2B56C77,0x1FA31836,0x253B042,0x185F26EB,0xDD6BD02,0x4B66777,0x1B5FF20B,0xA783C8C,0x696F18]
-
- // MS256, Edwards Curve
- //static let CURVETYPE = EDWARDS
- //static let CURVE_A:Int32 = -1;
- //static let CURVE_B:[Int32]=[0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Order:[Int32]=[0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF]
- //static let CURVE_Gx:[Int32]=[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x131CADBA,0x3FB7DA9,0x134C0FDC,0x14DAC704,0x46BFBE2,0x1859CFD0,0x1B6E8F4C,0x3C5424E,0x7D0AB4]
-
- // MS256 Modulus, Montgomery Curve
- //static let CURVETYPE = MONTGOMERY
- //static let CURVE_A:Int32 = -61370
- //static let CURVE_B:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
- //static let CURVE_Order:[Int32]=[0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF]
- //static let CURVE_Gx:[Int32]=[0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- //static let CURVE_Gy:[Int32]=[0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0] // not used
-
- // Brainpool
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int32 = -3
- //static let CURVE_B:[Int32]=[0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61]
- //static let CURVE_Order:[Int32]=[0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57]
- //static let CURVE_Gx:[Int32]=[0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB]
- //static let CURVE_Gy:[Int32]=[0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C]
-
- // ANSSI
- //static let CURVETYPE = WEIERSTRASS
- //static let CURVE_A:Int32 = -3;
- //static let CURVE_B:[Int32]=[0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F]
- //static let CURVE_Order:[Int32]=[0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17]
- //static let CURVE_Gx:[Int32]=[0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4]
- //static let CURVE_Gy:[Int32]=[0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0]
-
- // BNCX Curve
-
- static let CURVETYPE = WEIERSTRASS
- static let CURVE_A:Int32 = 0
- static let CURVE_B:[Int32]=[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Order:[Int32]=[0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000]
- static let CURVE_Bnx:[Int32]=[0x3C012B1,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_Cru:[Int32]=[0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000,0x0,0x0]
- static let CURVE_Fra:[Int32]=[0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908]
- static let CURVE_Frb:[Int32]=[0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7]
- static let CURVE_Pxa:[Int32]=[0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D]
- static let CURVE_Pxb:[Int32]=[0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9]
- static let CURVE_Pya:[Int32]=[0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED]
- static let CURVE_Pyb:[Int32]=[0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C]
- static let CURVE_Gx:[Int32]=[0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000]
- static let CURVE_Gy:[Int32]=[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]
- static let CURVE_W:[[Int32]]=[[0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]]
-
-
- static let CURVE_SB:[[[Int32]]]=[[[0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000]]]
-
- static let CURVE_WB:[[Int32]]=[[0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200,0x0,0x0,0x0,0x0],[0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000,0x0,0x0],[0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000,0x0,0x0],[0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200,0x0,0x0,0x0,0x0]]
-
- static let CURVE_BB:[[[Int32]]]=[[[0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000]],[[0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0],[0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0],[0xF004AC2,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0],[0xF6AFA0A,0x108E0531,0x1241B
38F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000],[0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0]]]
-
- static let USE_GLV = true
- static let USE_GS_G2 = true
- static let USE_GS_GT = true
- static let GT_STRONG = true
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/rsa.swift
----------------------------------------------------------------------
diff --git a/swift/rsa.swift b/swift/rsa.swift
deleted file mode 100644
index 1c6ac27..0000000
--- a/swift/rsa.swift
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// rsa.swift
-//
-//
-// Created by Michael Scott on 25/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-/* RSA API high-level functions */
-
-final public class rsa_private_key {
- var p:FF
- var q:FF
- var dp:FF
- var dq:FF
- var c:FF
-
- public init(_ n: Int)
- {
- p=FF(n);
- q=FF(n);
- dp=FF(n);
- dq=FF(n);
- c=FF(n);
- }
-}
-
-final public class rsa_public_key
-{
- var e:Int32
- var n:FF
-
- public init(_ m:Int)
- {
- e=0;
- n=FF(m);
- }
-}
-
-final public class RSA {
-
- static public let RFS=Int(ROM.MODBYTES)*ROM.FFLEN
-
- /* generate an RSA key pair */
-
- static public func KEY_PAIR(rng: RAND,_ e:Int32,_ PRIV:rsa_private_key,_ PUB:rsa_public_key)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- let n=PUB.n.getlen()/2;
- let t = FF(n);
- let p1=FF(n);
- let q1=FF(n);
-
- while true
- {
-
- PRIV.p.random(rng);
- while PRIV.p.lastbits(2) != 3 {PRIV.p.inc(1)}
- while !FF.prime(PRIV.p,rng) {PRIV.p.inc(4)}
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if p1.cfactor(e) {continue}
- break;
- }
-
- while true
- {
- PRIV.q.random(rng);
- while PRIV.q.lastbits(2) != 3 {PRIV.q.inc(1)}
- while !FF.prime(PRIV.q,rng) {PRIV.q.inc(4)}
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if q1.cfactor(e) {continue}
-
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()==0) {PRIV.dp.add(t)}
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()==0) {PRIV.dq.add(t)}
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
- /* Mask Generation Function */
-
- static func MGF1(Z: [UInt8],_ olen:Int,inout _ K:[UInt8])
- {
- let H=HASH();
- let hlen=HASH.len;
-
- var k=0;
- for var i=0;i<K.count;i++ {K[i]=0}
-
- var cthreshold=Int32(olen/hlen); if (olen%hlen != 0) {cthreshold++}
- for var counter:Int32=0;counter<cthreshold;counter++
- {
- H.process_array(Z);
- H.process_num(counter);
- var B=H.hash();
-
- if (k+hlen>olen) {for var i=0;i<olen%hlen;i++ {K[k++]=B[i]}}
- else {for var i=0;i<hlen;i++ {K[k++]=B[i]}}
- }
- }
-
- static public func printBinary(array: [UInt8])
- {
- for var i=0;i<array.count;i++
- {
- let h=String(array[i],radix:16)
- print("\(h)", terminator: "")
- }
- print("");
- }
- /* OAEP Message Encoding for Encryption */
- static public func OAEP_ENCODE(m:[UInt8],_ rng:RAND,_ p:[UInt8]?) -> [UInt8]
- {
- let olen=RFS-1;
- let mlen=m.count;
- var f=[UInt8](count:RSA.RFS,repeatedValue:0)
-
- let H=HASH();
- let hlen=HASH.len;
- var SEED=[UInt8](count:hlen,repeatedValue:0)
- let seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) {return [UInt8]()}
-
- var DBMASK=[UInt8](count:olen-seedlen,repeatedValue:0)
-
- if ((p) != nil) {H.process_array(p!)}
- var h=H.hash();
- for var i=0;i<hlen;i++ {f[i]=h[i]}
-
- let slen=olen-mlen-hlen-seedlen-1;
-
- for var i=0;i<slen;i++ {f[hlen+i]=0}
- f[hlen+slen]=1;
- for var i=0;i<mlen;i++ {f[hlen+slen+1+i]=m[i]}
-
- for var i=0;i<seedlen;i++ {SEED[i]=rng.getByte()}
- RSA.MGF1(SEED,olen-seedlen,&DBMASK)
-
- for var i=0;i<olen-seedlen;i++ {DBMASK[i]^=f[i]}
- RSA.MGF1(DBMASK,seedlen,&f)
-
- for var i=0;i<seedlen;i++ {f[i]^=SEED[i]}
-
- for var i=0;i<olen-seedlen;i++ {f[i+seedlen]=DBMASK[i]}
-
- /* pad to length RFS */
- let d:Int=1;
- for var i=RFS-1;i>=d;i--
- {f[i]=f[i-d]}
- for var i=d-1;i>=0;i--
- {f[i]=0}
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- static public func OAEP_DECODE(p: [UInt8]?,inout _ f:[UInt8]) -> [UInt8]
- {
- let olen=RFS-1
- var k:Int
- let H=HASH()
- var hlen=HASH.len
- var SEED=[UInt8](count:hlen,repeatedValue:0)
- var seedlen=hlen
- var CHASH=[UInt8](count:hlen,repeatedValue:0)
- seedlen=32; hlen=32
- if olen<seedlen+hlen+1 {return [UInt8()]}
- var DBMASK=[UInt8](count:olen-seedlen,repeatedValue:0)
- for var i=0;i<olen-seedlen;i++ {DBMASK[i]=0}
-
- if (f.count<RSA.RFS)
- {
- let d=RSA.RFS-f.count;
- for var i=RSA.RFS-1;i>=d;i--
- {f[i]=f[i-d]}
- for var i=d-1;i>=0;i--
- {f[i]=0}
-
- }
-
- if (p != nil) {H.process_array(p!)}
- var h=H.hash();
- for var i=0;i<hlen;i++ {CHASH[i]=h[i]}
-
- let x=f[0];
-
- for var i=seedlen;i<olen;i++
- {DBMASK[i-seedlen]=f[i+1]}
-
- RSA.MGF1(DBMASK,seedlen,&SEED);
- for var i=0;i<seedlen;i++ {SEED[i]^=f[i+1]}
- RSA.MGF1(SEED,olen-seedlen,&f);
- for var i=0;i<olen-seedlen;i++ {DBMASK[i]^=f[i]}
-
- var comp=true;
- for var i=0;i<hlen;i++
- {
- if (CHASH[i] != DBMASK[i]) {comp=false}
- }
-
- for var i=0;i<olen-seedlen-hlen;i++
- {DBMASK[i]=DBMASK[i+hlen]}
-
- for var i=0;i<hlen;i++
- {SEED[i]=0;CHASH[i]=0;}
-
- for k=0;;k++
- {
- if (k>=olen-seedlen-hlen) {return [UInt8]()}
- if (DBMASK[k] != 0) {break}
- }
-
- let t=DBMASK[k];
- if (!comp || x != 0 || t != 0x01)
- {
- for var i=0;i<olen-seedlen;i++ {DBMASK[i]=0}
- return [UInt8]()
- }
-
- var r=[UInt8](count:olen-seedlen-hlen-k-1,repeatedValue:0)
-
- for var i=0;i<olen-seedlen-hlen-k-1;i++
- {r[i]=DBMASK[i+k+1]}
-
- for var i=0;i<olen-seedlen;i++ {DBMASK[i]=0}
-
- return r;
- }
- /* destroy the Private Key structure */
- static public func PRIVATE_KEY_KILL(PRIV: rsa_private_key)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
- /* RSA encryption with the public key */
- static public func ENCRYPT(PUB: rsa_public_key,_ F:[UInt8],inout _ G:[UInt8])
- {
- let n=PUB.n.getlen()
- let f=FF(n)
-
- FF.fromBytes(f,F)
- f.power(PUB.e,PUB.n)
- f.toBytes(&G)
- }
- /* RSA decryption with the private key */
- static public func DECRYPT(PRIV: rsa_private_key,_ G:[UInt8],inout _ F:[UInt8])
- {
- let n=PRIV.p.getlen()
- let g=FF(2*n)
-
- FF.fromBytes(g,G)
- let jp=g.dmod(PRIV.p)
- var jq=g.dmod(PRIV.q)
-
- jp.skpow(PRIV.dp,PRIV.p)
- jq.skpow(PRIV.dq,PRIV.q)
-
- g.zero()
- g.dscopy(jp)
- jp.mod(PRIV.q)
- if (FF.comp(jp,jq)>0) {jq.add(PRIV.q)}
- jq.sub(jp)
- jq.norm()
-
- var t=FF.mul(PRIV.c,jq)
- jq=t.dmod(PRIV.q)
-
- t=FF.mul(jq,PRIV.p)
- g.add(t);
- g.norm();
-
- g.toBytes(&F);
- }
-
-}
-
[42/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpinfullSingle.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpinfullSingle.c b/c/tests/test_mpinfullSingle.c
deleted file mode 100755
index c2a657d..0000000
--- a/c/tests/test_mpinfullSingle.c
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test M-Pin Full Single pass */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y1[PGS],y2[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y1={sizeof(y1),sizeof(y1),y1};
- octet Y2={sizeof(y2),sizeof(y2),y2};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of client ID */
- char hcid[32];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
-
- /* Hash values of messages */
- char hm[HASH_BYTES];
- octet HM={sizeof(hm),sizeof(hm), hm};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on device */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- /* Precomputed values stored on device */
- char g1[12*PFS],g2[12*PFS];
- octet G1={0,sizeof(g1),g1};
- octet G2={0,sizeof(g2),g2};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- char r[PGS],z[2*PFS+1],w[PGS],t[2*PFS+1];
- char ck[PAS],sk[PAS];
- octet R={0,sizeof(r),r};
- octet Z={0,sizeof(z),z};
- octet W={0,sizeof(w),w};
- octet T={0,sizeof(t),t};
- octet SK={0,sizeof(sk),sk};
- octet CK={0,sizeof(ck),ck};
-
- int TimeValue = 0;
-
- PIN1 = 1234;
- PIN2 = 1234;
-
- /* Assign the End-User an ID */
- char* user = "testuser@miracl.com";
- OCT_jstring(&ID,user);
- printf("CLIENT: ID %s\n", user);
-
- int date = 0;
- char seed[100] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- /* unrandom seed value! */
- SEED.len=100;
- for (i=0;i<100;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* This encoding makes Time permit look random */
- if (MPIN_ENCODING(&RNG,&TP)!=0) printf("Encoding error\n");
- printf("Encoded Time Permit= "); OCT_output(&TP);
- if (MPIN_DECODING(&TP)!=0) printf("Decoding error\n");
- printf("Decoded Time Permit= "); OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Client precomputation */
- MPIN_PRECOMPUTE(&TOKEN,&HCID,&G1,&G2);
-
- /* Client */
- TimeValue = MPIN_GET_TIME();
- printf("TimeValue %d \n", TimeValue);
- rtn = MPIN_CLIENT(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,NULL,&UT,&TP,NULL,TimeValue,&Y1);
- if (rtn != 0) {
- printf("MPIN_CLIENT ERROR %d\n", rtn);
- return 1;
- }
- printf("Y1 = 0x");
- OCT_output(&Y1);
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Client sends Z=r.ID to Server */
- MPIN_GET_G1_MULTIPLE(&RNG,1,&R,&HCID,&Z);
-
- /* Server */
- rtn = MPIN_SERVER(date,&HID,&HTID,&Y2,&ServerSecret,NULL,&UT,&SEC,&E,&F,pID,NULL,TimeValue);
-
- printf("Y2 = 0x");
- OCT_output(&Y2);
- if (rtn != 0) {
- printf("FAILURE Invalid Token Error Code %d\n", rtn);
- return 1;
- } else {
- printf("SUCCESS Error Code %d\n", rtn);
- }
-
- /* Server sends T=w.ID to client */
- MPIN_GET_G1_MULTIPLE(&RNG,0,&W,&HTID,&T);
- printf("T = 0x");
- OCT_output(&T);
-
- MPIN_HASH_ALL(&HCID,NULL,&UT,&SEC,&Y1,&Z,&T,&HM);
- MPIN_CLIENT_KEY(&G1,&G2,PIN2,&R,&X,&HM,&T,&CK);
- printf("Client Key = ");
- OCT_output(&CK);
-
- MPIN_HASH_ALL(&HCID,NULL,&UT,&SEC,&Y2,&Z,&T,&HM);
- MPIN_SERVER_KEY(&Z,&ServerSecret,&W,&HM,&HID,NULL,&UT,&SK);
- printf("Server Key = ");
- OCT_output(&SK);
-
- if (!OCT_comp(&CK,&SK)) {
- printf("FAILURE Keys are different\n");
- return 1;
- }
-
- printf("SUCCESS\n");
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_mpinfull_random.c
----------------------------------------------------------------------
diff --git a/c/tests/test_mpinfull_random.c b/c/tests/test_mpinfull_random.c
deleted file mode 100755
index 1638464..0000000
--- a/c/tests/test_mpinfull_random.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test good token and correct PIN with D-TA */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "config.h"
-#include "mpin.h"
-
-// Define PIN range:
-#define MAX_RANGE 10000
-
-void rand_str(char *dest, size_t length,csprng *RNG) {
- BIG r;
- char charset[] = "0123456789@.*"
- "abcdefghijklmnopqrstuvwxyz"
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
- while (length-- > 0) {
- BIG_random(r,RNG);
- size_t index = r[0] % (sizeof charset);
- *dest++ = charset[index];
- }
- *dest = '\0';
-}
-
-int main()
-{
- int i,PIN1,PIN2,rtn,err,iter;
-
- char id[256];
- octet ID = {0,sizeof(id),id};
-
- char x[PGS],y[PGS];
- octet X={sizeof(x), sizeof(x),x};
- octet Y={sizeof(y),sizeof(y),y};
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- /* Hash values of client ID */
- char hcid[HASH_BYTES];
- octet HCID={sizeof(hcid),sizeof(hcid), hcid};
- char hsid[HASH_BYTES];
- octet HSID={sizeof(hsid),sizeof(hsid), hsid};
-
- /* Hash values of messages */
- char hm[HASH_BYTES];
- octet HM={sizeof(hm),sizeof(hm), hm};
-
- /* Client secret and shares */
- char cs1[2*PFS+1], cs2[2*PFS+1], sec[2*PFS+1];
- octet SEC={sizeof(sec),sizeof(sec),sec};
- octet CS1={sizeof(cs1),sizeof(cs1), cs1};
- octet CS2={sizeof(cs2),sizeof(cs2), cs2};
-
- /* Server secret and shares */
- char ss1[4*PFS], ss2[4*PFS], serverSecret[4*PFS];
- octet ServerSecret={sizeof(serverSecret),sizeof(serverSecret),serverSecret};
- octet SS1={sizeof(ss1),sizeof(ss1),ss1};
- octet SS2={sizeof(ss2),sizeof(ss2),ss2};
-
- /* Time Permit and shares */
- char tp1[2*PFS+1], tp2[2*PFS+1], tp[2*PFS+1];
- octet TP={sizeof(tp),sizeof(tp),tp};
- octet TP1={sizeof(tp1),sizeof(tp1),tp1};
- octet TP2={sizeof(tp2),sizeof(tp2),tp2};
-
- /* Token stored on computer */
- char token[2*PFS+1];
- octet TOKEN={sizeof(token),sizeof(token),token};
-
- /* Precomputed values stored on device */
- char g1[12*PFS],g2[12*PFS];
- octet G1={0,sizeof(g1),g1};
- octet G2={0,sizeof(g2),g2};
-
- char ut[2*PFS+1],u[2*PFS+1];
- octet UT={sizeof(ut),sizeof(ut),ut};
- octet U={sizeof(u),sizeof(u),u};
-
- char hid[2*PFS+1],htid[2*PFS+1];
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
-
- char e[12*PFS], f[12*PFS];
- octet E={sizeof(e),sizeof(e),e};
- octet F={sizeof(f),sizeof(f),f};
-
- char r[PGS],z[2*PFS+1],w[PGS],t[2*PFS+1];
- char ck[PAS],sk[PAS];
- octet R={0,sizeof(r),r};
- octet Z={0,sizeof(z),z};
- octet W={0,sizeof(w),w};
- octet T={0,sizeof(t),t};
- octet SK={0,sizeof(sk),sk};
- octet CK={0,sizeof(ck),ck};
-
- octet *pID;
-
- int date = 0;
-
- unsigned long ran;
- int byte_count = 32;
- FILE *fp;
- char seed[32] = {0};
- octet SEED = {sizeof(seed),sizeof(seed),seed};
- csprng RNG;
-#ifdef __linux__
- fp = fopen("/dev/urandom", "r");
- fread(&seed, 1, byte_count, fp);
- fclose(fp);
-#else
- /* non random seed value! */
- time((time_t *)&ran);
- SEED.val[0]=ran;
- SEED.val[1]=ran>>8;
- SEED.val[2]=ran>>16;
- SEED.val[3]=ran>>24;
- for (i=4;i<byte_count;i++) SEED.val[i]=i+1;
-#endif
- printf("SEED 0x");
- OCT_output(&SEED);
-
- /* initialise random number generator */
- MPIN_CREATE_CSPRNG(&RNG,&SEED);
-
- for(iter=1; iter<nRandomTests+1; iter++)
- {
- /* Generate Client master secret for MIRACL and Customer */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("MASTER SECRET MIRACL:= 0x");
- OCT_output(&MS1);
- printf("MASTER SECRET CUSTOMER:= 0x");
- OCT_output(&MS2);
-
- /* Generate server secret shares */
- rtn = MPIN_GET_SERVER_SECRET(&MS1,&SS1);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS1,&SS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_SERVER_SECRET(&MS2,&SS2);
- if (rtn != 0) {
- printf("MPIN_GET_SERVER_SECRET(&MS2,&SS2) Error %d\n", rtn);
- return 1;
- }
- printf("SS1 = 0x");
- OCT_output(&SS1);
- printf("SS2 = 0x");
- OCT_output(&SS2);
-
- /* Combine server secret share */
- rtn = MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G2(&SS1, &SS2, &ServerSecret) Error %d\n", rtn);
- return 1;
- }
- printf("ServerSecret = 0x");
- OCT_output(&ServerSecret);
-
- /* Assign the End-User an ID */
- rand_str(id,256,&RNG);
- OCT_jstring(&ID,id);
- printf("CLIENT: ID %s\n", id);
-
- srand(time(NULL));
- PIN1 = rand()%MAX_RANGE; // Get random between 0 and MAX_RANGE
- PIN2 = PIN1;
- printf("PIN1 %d PIN2 %d\n", PIN1, PIN2);
-
- /* Hash ID */
- MPIN_HASH_ID(&ID,&HCID);
- OCT_output(&HCID);
-
- /* When set only send hashed IDs to server */
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &ID;
-#endif
-
- /* Generate client secret shares */
- rtn = MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS1,&HCID,&CS1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_SECRET(&MS2,&HCID,&CS2) Error %d\n", rtn);
- return 1;
- }
- printf("CS1 = 0x");
- OCT_output(&CS1);
- printf("CS2 = 0x");
- OCT_output(&CS2);
-
- /* Combine client secret shares : TOKEN is the full client secret */
- rtn = MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&CS1, &CS2, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Client Secret = 0x");
- OCT_output(&TOKEN);
-
- /* Generate Time Permit shares */
- date = MPIN_today();
- printf("Date %d \n", date);
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS1,&HCID,&TP1) Error %d\n", rtn);
- return 1;
- }
- rtn = MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2);
- if (rtn != 0) {
- printf("MPIN_GET_CLIENT_PERMIT(date,&MS2,&HCID,&TP2) Error %d\n", rtn);
- return 1;
- }
- printf("TP1 = 0x");
- OCT_output(&TP1);
- printf("TP2 = 0x");
- OCT_output(&TP2);
-
- /* Combine Time Permit shares */
- rtn = MPIN_RECOMBINE_G1(&TP1, &TP2, &TP);
- if (rtn != 0) {
- printf("MPIN_RECOMBINE_G1(&TP1, &TP2, &TP) Error %d\n", rtn);
- return 1;
- }
- printf("Time Permit = 0x");
- OCT_output(&TP);
-
- /* This encoding makes Time permit look random */
- if (MPIN_ENCODING(&RNG,&TP)!=0) printf("Encoding error\n");
- printf("Encoded Time Permit= "); OCT_output(&TP);
- if (MPIN_DECODING(&TP)!=0) printf("Decoding error\n");
- printf("Decoded Time Permit= "); OCT_output(&TP);
-
- /* Client extracts PIN1 from secret to create Token */
- rtn = MPIN_EXTRACT_PIN(&ID, PIN1, &TOKEN);
- if (rtn != 0) {
- printf("MPIN_EXTRACT_PIN( &ID, PIN, &TOKEN) Error %d\n", rtn);
- return 1;
- }
- printf("Token = 0x");
- OCT_output(&TOKEN);
-
- /* Client precomputation */
- MPIN_PRECOMPUTE(&TOKEN,&HCID,&G1,&G2);
-
- /* Client first pass */
- rtn = MPIN_CLIENT_1(date,&ID,&RNG,&X,PIN2,&TOKEN,&SEC,&U,&UT,&TP);
- if (rtn != 0) {
- printf("MPIN_CLIENT_1 ERROR %d\n", rtn);
- return 1;
- }
-
- /* Client sends Z=r.ID to Server */
- MPIN_GET_G1_MULTIPLE(&RNG,1,&R,&HCID,&Z);
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,&HID,&HTID);
-
- /* Server generates Random number Y and sends it to Client */
- rtn = MPIN_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("MPIN_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- printf("Y = 0x");
- OCT_output(&Y);
-
- /* Server sends T=w.ID to client */
- MPIN_GET_G1_MULTIPLE(&RNG,0,&W,&HTID,&T);
- printf("T = 0x");
- OCT_output(&T);
-
- /* Client second pass */
- rtn = MPIN_CLIENT_2(&X,&Y,&SEC);
- if (rtn != 0) {
- printf("MPIN_CLIENT_2(&X,&Y,&SEC) Error %d\n", rtn);
- }
- printf("V = 0x");
- OCT_output(&SEC);
-
- /* Server second pass */
- rtn = MPIN_SERVER_2(date,&HID,&HTID,&Y,&ServerSecret,&U,&UT,&SEC,&E,&F);
- if (rtn != 0) {
- err=MPIN_KANGAROO(&E,&F);
- if (err==0) {
- printf("FAILURE Invalid Token Error Code %d\n", rtn);
- } else {
- printf("FAILURE PIN Error %d, Error Code %d\n",err, rtn);
- }
- }
-
- MPIN_HASH_ALL(&HCID,&U,&UT,&SEC,&Y,&Z,&T,&HM);
- MPIN_CLIENT_KEY(&G1,&G2,PIN2,&R,&X,&HM,&T,&CK);
- printf("Client Key = ");
- OCT_output(&CK);
-
- /* Server will use the hashed ID if anonymous connection required.
- MPIN_HASH_ID(&ID,&HSID);
- MPIN_HASH_ALL(&HSID,NULL,&UT,&SEC,&Y,&Z,&T,&HM);
- */
- MPIN_SERVER_KEY(&Z,&ServerSecret,&W,&HM,&HID,NULL,&UT,&SK);
- printf("Server Key = ");
- OCT_output(&SK);
-
- if (!OCT_comp(&CK,&SK)) {
- printf("Iteration %d FAILURE keys are different\n", iter);
- return 1;
- } else {
- printf("Iteration %d SUCCESS\n\n", iter);
- }
- }
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_rsa.c
----------------------------------------------------------------------
diff --git a/c/tests/test_rsa.c b/c/tests/test_rsa.c
deleted file mode 100755
index d2aa8a3..0000000
--- a/c/tests/test_rsa.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-#include <stdio.h>
-#include <time.h>
-#include "rsa.h"
-
-int main()
-{
- int i,bytes,res;
- unsigned long ran;
- char m[RFS],ml[RFS],c[RFS],e[RFS],raw[100];
- rsa_public_key pub;
- rsa_private_key priv;
- csprng RNG;
- octet M={0,sizeof(m),m};
- octet ML={0,sizeof(ml),ml};
- octet C={0,sizeof(c),c};
- octet E={0,sizeof(e),e};
- octet RAW={0,sizeof(raw),raw};
-
- time((time_t *)&ran);
-
- RAW.len=100; /* fake random seed source */
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=4;i<100;i++) RAW.val[i]=i;
-
- RSA_CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-
- printf("Generating public/private key pair\n");
- RSA_KEY_PAIR(&RNG,65537,&priv,&pub);
-
- printf("Encrypting test string\n");
- OCT_jstring(&M,(char *)"Hello World\n");
- RSA_OAEP_ENCODE(&M,&RNG,NULL,&E); /* OAEP encode message m to e */
-
- RSA_ENCRYPT(&pub,&E,&C); /* encrypt encoded message */
- printf("Ciphertext= "); OCT_output(&C);
-
- printf("Decrypting test string\n");
- RSA_DECRYPT(&priv,&C,&ML); /* ... and then decrypt it */
-
- RSA_OAEP_DECODE(NULL,&ML); /* decode it */
- OCT_output_string(&ML);
-
- if (!OCT_comp(&M,&ML))
- {
- printf("FAILURE RSA Encryption failed");
- return 1;
- }
-
- OCT_clear(&M); OCT_clear(&ML); /* clean up afterwards */
- OCT_clear(&C); OCT_clear(&RAW); OCT_clear(&E);
-
- RSA_KILL_CSPRNG(&RNG);
-
- RSA_PRIVATE_KEY_KILL(&priv);
-
- printf("SUCCESS\n");
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_version.c
----------------------------------------------------------------------
diff --git a/c/tests/test_version.c b/c/tests/test_version.c
deleted file mode 100755
index a3f726c..0000000
--- a/c/tests/test_version.c
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test version function */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "amcl.h"
-#include "config.h"
-#include "version.h"
-
-int main()
-{
- char info[200] = {0};
- version(info);
- printf("%s\n", info);
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_wcc.c
----------------------------------------------------------------------
diff --git a/c/tests/test_wcc.c b/c/tests/test_wcc.c
deleted file mode 100755
index d5204fa..0000000
--- a/c/tests/test_wcc.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Test WCC with and without time permits */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "wcc.h"
-#include "utils.h"
-
-int main()
-{
- int i,rtn;
-
- /* Master secret */
- char ms[PGS];
- octet MS={sizeof(ms),sizeof(ms),ms};
-
- // sender key
- char akeyG1[2*PFS+1];
- octet AKeyG1={0,sizeof(akeyG1), akeyG1};
-
- // receiver key
- char bkeyG2[4*PFS];
- octet BKeyG2={0,sizeof(bkeyG2), bkeyG2};
-
- char hv[HASH_BYTES],alice_id[256],bob_id[256];
- octet HV={0,sizeof(hv),hv};
-
- octet IdA={0,sizeof(alice_id),alice_id};
- octet IdB={0,sizeof(bob_id),bob_id};
-
- char x[PGS];
- octet X={sizeof(x),sizeof(x),x};
- char y[PGS];
- octet Y={sizeof(y),sizeof(y),y};
- char w[PGS];
- octet W={sizeof(w),sizeof(w),w};
- char pia[PGS];
- octet PIA={sizeof(pia),sizeof(pia),pia};
- char pib[PGS];
- octet PIB={sizeof(pib),sizeof(pib),pib};
-
- char pgg1[2*PFS+1];
- octet PgG1={0,sizeof(pgg1), pgg1};
-
- char pag1[2*PFS+1];
- octet PaG1={0,sizeof(pag1), pag1};
-
- char pbg2[4*PFS];
- octet PbG2={0,sizeof(pbg2), pbg2};
-
- char seed[32] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- char message1[256];
- octet MESSAGE1 = {0, sizeof(message1), message1};
- OCT_jstring(&MESSAGE1,"Hello Bob");
-
- char t1[16]; // Tag
- char t2[16]; // Tag
- char k1[16]; // AES Key
- char k2[16]; // AES Key
- char iv[12]; // IV - Initialisation vector
- char c[100]; // Ciphertext
- char p[100]; // Recovered Plaintext
- octet T1={sizeof(t1),sizeof(t1),t1};
- octet T2={sizeof(t2),sizeof(t2),t2};
- octet K1={0,sizeof(k1),k1};
- octet K2={0,sizeof(k2),k2};
- octet IV={0,sizeof(iv),iv};
- octet C={0,sizeof(c),c};
- octet P={0,sizeof(p),p};
-
- int date;
-
- int hashDoneOn = 1;
- int hashDoneOff = 0;
-
- date = 0;
-
- /* unrandom seed value! */
- SEED.len=32;
- for (i=0;i<32;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- WCC_CREATE_CSPRNG(&RNG,&SEED);
-
- /* TA: Generate master secret */
- rtn = WCC_RANDOM_GENERATE(&RNG,&MS);
- if (rtn != 0) {
- printf("TA WCC_RANDOM_GENERATE(&RNG,&MS) Error %d\n", rtn);
- return 1;
- }
-
- // Alice's ID
- OCT_jstring(&IdA,"alice@miracl.com");
-
- // TA: Generate Alices's sender key
- WCC_HASH_ID(&IdA,&HV);
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOn,&MS,&HV,&AKeyG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-
- // Bob's ID
- OCT_jstring(&IdB,"bob@miracl.com");
-
- // TA: Generate Bob's receiver key
- WCC_HASH_ID(&IdB,&HV);
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOn,&MS,&HV,&BKeyG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&X);
- if (rtn != 0) {
- printf("Alice WCC_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn);
- return 1;
- }
-
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOff,&X,&IdA,&PaG1);
- if (rtn != 0) {
- printf("Alice WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&W);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOff,&W,&IdA,&PgG1);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
-
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOff,&Y,&IdB,&PbG2);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
- // Bob calculates AES Key
- WCC_RECEIVER_KEY(date, &Y, &W, &PIA, &PIB, &PaG1, &PgG1, &BKeyG2, NULL, &IdA, &K2);
- if (rtn != 0) {
- printf("Bob WCC_RECEIVER_KEY() Error %d\n", rtn);
- return 1;
- }
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
- // Alice calculates AES Key
- rtn = WCC_SENDER_KEY(date, &X, &PIA, &PIB, &PbG2, &PgG1, &AKeyG1, NULL, &IdB, &K1);
- if (rtn != 0) {
- printf("Alice WCC_SENDER_KEY() Error %d\n", rtn);
- return 1;
- }
-
- if (!OCT_comp(&K1,&K2))
- {
- printf("FAILURE No Time Permit Test. OCT_comp(&K1,&K2)\n");
- return 1;
- }
-
- WCC_KILL_CSPRNG(&RNG);
-
- printf("SUCCESS\n");
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_wcc_gcm.c
----------------------------------------------------------------------
diff --git a/c/tests/test_wcc_gcm.c b/c/tests/test_wcc_gcm.c
deleted file mode 100755
index 5cef3a9..0000000
--- a/c/tests/test_wcc_gcm.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-#include <stdlib.h>
-#include <string.h>
-#include "amcl.h"
-#include "wcc.h"
-#include "utils.h"
-
-
-int main()
-{
- char* KT="feffe9928665731c6d6a8f9467308308";
- char* MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- char* HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
- char* NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
- // Tag should be 619cc5aefffe0bfa462af43c1699d050
-
- int lenM=strlen(MT)/2;
- int lenH=strlen(HT)/2;
- int lenK=strlen(KT)/2;
- int lenIV=strlen(NT)/2;
-
- char t1[16]; // Tag
- char t2[16]; // Tag
- char k[16]; // AES Key
- char h[64]; // Header - to be included in Authentication, but not encrypted
- char iv[100]; // IV - Initialisation vector
- char m[100]; // Plaintext to be encrypted/authenticated
- char c[100]; // Ciphertext
- char p[100]; // Recovered Plaintext
- octet T1={sizeof(t1),sizeof(t1),t1};
- octet T2={sizeof(t2),sizeof(t2),t2};
- octet K={0,sizeof(k),k};
- octet H={0,sizeof(h),h};
- octet IV={0,sizeof(iv),iv};
- octet M={0,sizeof(m),m};
- octet C={0,sizeof(c),c};
- octet P={0,sizeof(p),p};
- M.len=lenM;
- K.len=lenK;
- H.len=lenH;
- IV.len=lenIV;
-
- hex2bytes(MT, m);
- hex2bytes(HT, h);
- hex2bytes(NT, iv);
- hex2bytes(KT, k);
-
- printf("Plaintext: ");
- OCT_output(&M);
- printf("\n");
-
- WCC_AES_GCM_ENCRYPT(&K, &IV, &H, &M, &C, &T1);
-
- printf("Ciphertext: ");
- OCT_output(&C);
- printf("\n");
-
- printf("Encryption Tag: ");
- OCT_output(&T1);
- printf("\n");
-
- WCC_AES_GCM_DECRYPT(&K, &IV, &H, &C, &P, &T2);
-
- printf("Plaintext: ");
- OCT_output(&P);
- printf("\n");
-
- printf("Decryption Tag: ");
- OCT_output(&T2);
- printf("\n");
-
- if (!OCT_comp(&M,&P))
- {
- printf("FAILURE Decryption\n");
- return 1;
- }
-
- if (!OCT_comp(&T1,&T2))
- {
- printf("FAILURE TAG mismatch\n");
- return 1;
- }
-
- printf("SUCCESS\n");
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/tests/test_wcc_random.c
----------------------------------------------------------------------
diff --git a/c/tests/test_wcc_random.c b/c/tests/test_wcc_random.c
deleted file mode 100755
index 5749adf..0000000
--- a/c/tests/test_wcc_random.c
+++ /dev/null
@@ -1,469 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* Test WCC with two TAs and time permits for random values */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "config.h"
-#include "wcc.h"
-
-#define DEBUG
-
-void rand_str(char *dest, size_t length,csprng *RNG) {
- BIG r;
- char charset[] = "0123456789@.*"
- "abcdefghijklmnopqrstuvwxyz"
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
- while (length-- > 0) {
- BIG_random(r,RNG);
- size_t index = r[0] % (sizeof charset);
- *dest++ = charset[index];
- }
- *dest = '\0';
-}
-
-int main()
-{
- int i,rtn,iter;
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- // Sender keys
- char a1keyG1[2*PFS+1], a2keyG1[2*PFS+1];
- octet A1KeyG1={0,sizeof(a1keyG1), a1keyG1};
- octet A2KeyG1={0,sizeof(a2keyG1), a2keyG1};
- char akeyG1[2*PFS+1];
- octet AKeyG1={0,sizeof(akeyG1), akeyG1};
-
- // Sender time permits
- char a1TPG1[2*PFS+1], a2TPG1[2*PFS+1];
- octet A1TPG1={sizeof(a1TPG1),sizeof(a1TPG1), a1TPG1};
- octet A2TPG1={sizeof(a2TPG1),sizeof(a2TPG1), a2TPG1};
- char aTPG1[2*PFS+1];
- octet ATPG1={0,sizeof(aTPG1), aTPG1};
-
- // Receiver keys
- char b1keyG2[4*PFS], b2keyG2[4*PFS];
- octet B1KeyG2={0,sizeof(b1keyG2), b1keyG2};
- octet B2KeyG2={0,sizeof(b2keyG2), b2keyG2};
- char bkeyG2[4*PFS];
- octet BKeyG2={0,sizeof(bkeyG2), bkeyG2};
-
- // Receiver time permits
- char b1TPG2[4*PFS], b2TPG2[4*PFS];
- octet B1TPG2={sizeof(b1TPG2),sizeof(b1TPG2), b1TPG2};
- octet B2TPG2={sizeof(b2TPG2),sizeof(b2TPG2), b2TPG2};
- char bTPG2[4*PFS];
- octet BTPG2={0,sizeof(bTPG2), bTPG2};
-
- char ahv[HASH_BYTES],alice_id[256],bhv[HASH_BYTES],bob_id[256];
- octet AHV={0,sizeof(ahv),ahv};
- octet BHV={0,sizeof(bhv),bhv};
-
- octet IdA={0,sizeof(alice_id),alice_id};
- octet IdB={0,sizeof(bob_id),bob_id};
-
- char x[PGS];
- octet X={sizeof(x),sizeof(x),x};
- char y[PGS];
- octet Y={sizeof(y),sizeof(y),y};
- char w[PGS];
- octet W={sizeof(w),sizeof(w),w};
- char pia[PGS];
- octet PIA={sizeof(pia),sizeof(pia),pia};
- char pib[PGS];
- octet PIB={sizeof(pib),sizeof(pib),pib};
-
- char pgg1[2*PFS+1];
- octet PgG1={0,sizeof(pgg1), pgg1};
-
- char pag1[2*PFS+1];
- octet PaG1={0,sizeof(pag1), pag1};
-
- char pbg2[4*PFS];
- octet PbG2={0,sizeof(pbg2), pbg2};
-
- char message1[256];
- char message2[256];
- octet MESSAGE1 = {0, sizeof(message1), message1};
- octet MESSAGE2 = {0, sizeof(message2), message2};
-
- char t1[16]; // Tag
- char t2[16]; // Tag
- char k1[16]; // AES Key
- char k2[16]; // AES Key
- char iv[12]; // IV - Initialisation vector
- char c[100]; // Ciphertext
- char p[100]; // Recovered Plaintext
- octet T1={sizeof(t1),sizeof(t1),t1};
- octet T2={sizeof(t2),sizeof(t2),t2};
- octet K1={0,sizeof(k1),k1};
- octet K2={0,sizeof(k2),k2};
- octet IV={0,sizeof(iv),iv};
- octet C={0,sizeof(c),c};
- octet P={0,sizeof(p),p};
-
- int date;
- date = WCC_today();
- printf("Date %d \n", date);
-
- int hashDoneOn = 1;
- int hashDoneOff = 0;
-
- OCT_jstring(&MESSAGE1,"Hello Bob");
- OCT_jstring(&MESSAGE2,"Hello Alice");
-
- unsigned long ran;
- int byte_count = 32;
- FILE *fp;
- char seed[32] = {0};
- octet SEED = {sizeof(seed),sizeof(seed),seed};
- csprng RNG;
-
-#ifdef __linux__
- size_t readSize;
- fp = fopen("/dev/urandom", "r");
- readSize = fread(&seed, 1, byte_count, fp);
- fclose(fp);
-#else
- /* non random seed value! */
- time((time_t *)&ran);
- SEED.val[0]=ran;
- SEED.val[1]=ran>>8;
- SEED.val[2]=ran>>16;
- SEED.val[3]=ran>>24;
- for (i=4;i<byte_count;i++) SEED.val[i]=i+1;
-#endif
- printf("SEED 0x");
- OCT_output(&SEED);
-
- /* initialise random number generator */
- WCC_CREATE_CSPRNG(&RNG,&SEED);
-
- for(iter=1; iter<nRandomTests+1; iter++) {
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = WCC_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("TA WCC_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0) {
- printf("TA WCC_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("TA MASTER SECRET MIRACL: ");
- OCT_output(&MS1);
- printf("TA MASTER SECRET CUSTOMER: ");
- OCT_output(&MS2);
-
- // Alice's ID
- rand_str(alice_id,256,&RNG);
- OCT_jstring(&IdA,alice_id);
- printf("ALICE ID: %s\n", alice_id);
-
- // TA: Generate Alice's sender key
- WCC_HASH_ID(&IdA,&AHV);
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOn,&MS1,&AHV,&A1KeyG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_MULTIPLE(hashDoneOn,&MS1,&AHV,&A1KeyG1) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOn,&MS2,&AHV,&A2KeyG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_MULTIPLE(hashDoneOn,&MS2,&AHV,&A2KeyG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA A1KeyG1: ");
- OCT_output(&A1KeyG1);
- printf("TA A2KeyG1: ");
- OCT_output(&A2KeyG1);
-
- rtn = WCC_RECOMBINE_G1(&A1KeyG1, &A2KeyG1, &AKeyG1);
- if (rtn != 0) {
- printf("TA WCC_RECOMBINE_G1(&A1KeyG1, &A2KeyG1, &AKeyG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA Alice's sender key: ");
- OCT_output(&AKeyG1);
-
- // TA: Generate Alice's G1 time permit
- rtn = WCC_GET_G1_PERMIT(date,&MS1,&AHV,&A1TPG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_PERMIT(date,&MS1,&AHV,&A1TPG1) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G1_PERMIT(date,&MS2,&AHV,&A2TPG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_PERMIT(date,&MS2,&AHV,&A2TPG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA A1TPG1: ");
- OCT_output(&A1TPG1);
- printf("TA A2TPG1: ");
- OCT_output(&A2TPG1);
-
- rtn = WCC_RECOMBINE_G1(&A1TPG1, &A2TPG1, &ATPG1);
- if (rtn != 0) {
- printf("Alice WCC_RECOMBINE_G1(&A1TPG1, &A2TPG1, &ATPG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA Alice's sender time permit: ");
- OCT_output(&ATPG1);
-
- // Bob's ID
- rand_str(bob_id,256,&RNG);
- OCT_jstring(&IdB,bob_id);
- printf("BOB ID: %s\n", bob_id);
-
- // TA: Generate Bob's receiver key
- WCC_HASH_ID(&IdB,&BHV);
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOn,&MS1,&BHV,&B1KeyG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_MULTIPLE(hashDoneOn,&MS1,&BHV,&B1KeyG2) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOn,&MS2,&BHV,&B2KeyG2);
- if (rtn != 0) {
- printf("Bob WCC_GET_G2_MULTIPLE(hashDoneOn,&MS2,&BHV,&B2KeyG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA B1KeyG2: ");
- OCT_output(&B1KeyG2);
- printf("TA B2KeyG2: ");
- OCT_output(&B2KeyG2);
-
- rtn = WCC_RECOMBINE_G2(&B1KeyG2, &B2KeyG2, &BKeyG2);
- if (rtn != 0) {
- printf("Bob WCC_RECOMBINE_G2(&B1KeyG1, &B2KeyG1, &BKeyG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA Bob's receiver key: ");
- OCT_output(&BKeyG2);
-
- // TA: Generate Bob's receiver time permit
- rtn = WCC_GET_G2_PERMIT(date,&MS1,&BHV,&B1TPG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_PERMIT(date,&MS1,&BHV,&B1TPG2) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G2_PERMIT(date,&MS2,&BHV,&B2TPG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_PERMIT(date,&MS2,&BHV,&B2TPG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA B1TPG2: ");
- OCT_output(&B1TPG2);
- printf("TA B2TPG2: ");
- OCT_output(&B2TPG2);
-
- rtn = WCC_RECOMBINE_G2(&B1TPG2, &B2TPG2, &BTPG2);
- if (rtn != 0) {
- printf("Bob WCC_RECOMBINE_G2(&B1TPG2, &B2TPG2, &BTPG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA Bob's receiver time permit: ");
- OCT_output(&BTPG2);
- printf("\n");
-
- printf("Alice\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&X);
- if (rtn != 0) {
- printf("Alice WCC_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn);
- return 1;
- }
- #ifdef DEBUG
- printf("Alice X: ");
- OCT_output(&X);
- printf("\n");
- #endif
-
- rtn = WCC_GET_G1_TPMULT(date,&X,&IdA,&PaG1);
- if (rtn != 0) {
- printf("Alice WCC_GET_G1_TPMULT(date,&X,&IdA,&PaG1) Error %d\n", rtn);
- return 1;
- }
-
- printf("Alice sends IdA and PaG1 to Bob\n\n");
- printf("Alice IdA: ");
- OCT_output_string(&IdA);
- printf("\n");
- printf("Alice PaG1: ");
- OCT_output(&PaG1);
- printf("\n");
-
- printf("Bob\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&W);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn);
- return 1;
- }
- #ifdef DEBUG
- printf("Bob W: ");
- OCT_output(&W);
- printf("\n");
- #endif
- rtn = WCC_GET_G1_TPMULT(date,&W,&IdA,&PgG1);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_TPMULT(date,&W,&IdA,&PgG1) Error %d\n", rtn);
- return 1;
- }
- #ifdef DEBUG
- printf("PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
- #endif
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
- #ifdef DEBUG
- printf("Bob Y: ");
- OCT_output(&Y);
- printf("\n");
- #endif
- rtn = WCC_GET_G2_TPMULT(date,&Y,&IdB,&PbG2);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_TPMULT(date,&Y,&IdB,&PbG2) Error %d\n", rtn);
- return 1;
- }
- #ifdef DEBUG
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
- #endif
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
- #ifdef DEBUG
- printf("Bob PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Bob PIB: ");
- OCT_output(&PIB);
- printf("\n");
- #endif
-
- // Bob calculates AES Key
- WCC_RECEIVER_KEY(date, &Y, &W, &PIA, &PIB, &PaG1, &PgG1, &BKeyG2, &BTPG2, &IdA, &K2);
- if (rtn != 0) {
- printf("Bob WCC_RECEIVER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Bob AES Key: ");
- OCT_output(&K2);
-
- printf("Bob sends IdB, PbG2 and PgG1 to Alice\n\n");
- printf("Bob IdB: ");
- OCT_output_string(&IdB);
- printf("\n");
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
- printf("Bob PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
-
- printf("Alice\n");
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
- #ifdef DEBUG
- printf("Alice PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Alice PIB: ");
- OCT_output(&PIB);
- printf("\n");
- #endif
-
- // Alice calculates AES Key
- rtn = WCC_SENDER_KEY(date, &X, &PIA, &PIB, &PbG2, &PgG1, &AKeyG1, &ATPG1, &IdB, &K1);
- if (rtn != 0) {
- printf("Alice WCC_SENDER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Alice AES Key: ");
- OCT_output(&K1);
-
- // Send message
- IV.len=12;
- for (i=0;i<IV.len;i++)
- IV.val[i]=i+1;
- printf("Alice: IV ");
- OCT_output(&IV);
-
- printf("Alice: Message to encrypt for Bob: ");
- OCT_output_string(&MESSAGE1);
- printf("\n");
-
- WCC_AES_GCM_ENCRYPT(&K1, &IV, &IdA, &MESSAGE1, &C, &T1);
-
- printf("Alice: Ciphertext: ");
- OCT_output(&C);
-
- printf("Alice: Encryption Tag: ");
- OCT_output(&T1);
- printf("\n");
-
- WCC_AES_GCM_DECRYPT(&K2, &IV, &IdA, &C, &P, &T2);
-
- printf("Bob: Decrypted message received from Alice: ");
- OCT_output_string(&P);
- printf("\n");
-
- printf("Bob: Decryption Tag: ");
- OCT_output(&T2);
- printf("\n");
-
- if (!OCT_comp(&MESSAGE1,&P)) {
- printf("FAILURE Decryption\n");
- return 1;
- }
-
- if (!OCT_comp(&T1,&T2)) {
- printf("FAILURE TAG mismatch\n");
- return 1;
- }
- printf("Iteration %d SUCCESS \n\n", iter);
- }
-
- WCC_KILL_CSPRNG(&RNG);
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/testwcc.c
----------------------------------------------------------------------
diff --git a/c/testwcc.c b/c/testwcc.c
deleted file mode 100755
index f01300d..0000000
--- a/c/testwcc.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* Demonstrate WCC with one TA and no time permits */
-
-/* Build executible after installation:
- gcc -std=c99 -g testwcc.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl -lwcc -o testwcc */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "wcc.h"
-
-#define DEBUG
-
-int main()
-{
- int i,rtn;
-
- /* Master secret */
- char ms[PGS];
- octet MS={sizeof(ms),sizeof(ms),ms};
-
- // sender keys
- char akeyG1[2*PFS+1];
- octet AKeyG1={0,sizeof(akeyG1), akeyG1};
-
- // receiver keys
- char bkeyG2[4*PFS];
- octet BKeyG2={0,sizeof(bkeyG2), bkeyG2};
-
- char hv[HASH_BYTES],alice_id[256],bob_id[256];
- octet HV={0,sizeof(hv),hv};
-
- octet IdA={0,sizeof(alice_id),alice_id};
- octet IdB={0,sizeof(bob_id),bob_id};
-
- char x[PGS];
- octet X={sizeof(x),sizeof(x),x};
- char y[PGS];
- octet Y={sizeof(y),sizeof(y),y};
- char w[PGS];
- octet W={sizeof(w),sizeof(w),w};
- char pia[PGS];
- octet PIA={sizeof(pia),sizeof(pia),pia};
- char pib[PGS];
- octet PIB={sizeof(pib),sizeof(pib),pib};
-
- char pgg1[2*PFS+1];
- octet PgG1={0,sizeof(pgg1), pgg1};
-
- char pag1[2*PFS+1];
- octet PaG1={0,sizeof(pag1), pag1};
-
- char pbg2[4*PFS];
- octet PbG2={0,sizeof(pbg2), pbg2};
-
- char seed[32] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- char message1[256];
- octet MESSAGE1 = {0, sizeof(message1), message1};
- OCT_jstring(&MESSAGE1,"Hello Bob");
-
- char t1[16]; // Tag
- char t2[16]; // Tag
- char k1[16]; // AES Key
- char k2[16]; // AES Key
- char iv[12]; // IV - Initialisation vector
- char c[100]; // Ciphertext
- char p[100]; // Recovered Plaintext
- octet T1={sizeof(t1),sizeof(t1),t1};
- octet T2={sizeof(t2),sizeof(t2),t2};
- octet K1={0,sizeof(k1),k1};
- octet K2={0,sizeof(k2),k2};
- octet IV={0,sizeof(iv),iv};
- octet C={0,sizeof(c),c};
- octet P={0,sizeof(p),p};
-
- int date;
-
- int hashDoneOn = 1;
- int hashDoneOff = 0;
-
- date = 0;
-#ifdef DEBUG
- printf("Date %d \n", date);
-#endif
-
- /* unrandom seed value! */
- SEED.len=32;
- for (i=0;i<32;i++) SEED.val[i]=i+1;
-#ifdef DEBUG
- printf("SEED: ");
- OCT_output(&SEED);
- printf("\n");
-#endif
-
- /* initialise random number generator */
- WCC_CREATE_CSPRNG(&RNG,&SEED);
-
- /* TA: Generate master secret */
- rtn = WCC_RANDOM_GENERATE(&RNG,&MS);
- if (rtn != 0) {
- printf("TA WCC_RANDOM_GENERATE(&RNG,&MS) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("TA MASTER SECRET: ");
- OCT_output(&MS);
- printf("\n");
-#endif
-
- // Alice's ID
- OCT_jstring(&IdA,"alice@miracl.com");
-
- // TA: Generate Alices's sender key
- WCC_HASH_ID(&IdA,&HV);
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOn,&MS,&HV,&AKeyG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("TA Alice's sender key: ");
- OCT_output(&AKeyG1);
-#endif
-
- // Bob's ID
- OCT_jstring(&IdB,"bob@miracl.com");
-
- // TA: Generate Bob's receiver key
- WCC_HASH_ID(&IdB,&HV);
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOn,&MS,&HV,&BKeyG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("TA Bob's receiver key: ");
- OCT_output(&BKeyG2);
- printf("\n");
-#endif
-
- printf("Alice\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&X);
- if (rtn != 0) {
- printf("Alice WCC_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Alice X: ");
- OCT_output(&X);
- printf("\n");
-#endif
-
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOff,&X,&IdA,&PaG1);
- if (rtn != 0) {
- printf("Alice WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-
- printf("Alice sends IdA and PaG1 to Bob\n\n");
- printf("Alice IdA: ");
- OCT_output_string(&IdA);
- printf("\n");
- printf("Alice PaG1: ");
- OCT_output(&PaG1);
- printf("\n");
-
- printf("Bob\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&W);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob W: ");
- OCT_output(&W);
- printf("\n");
-#endif
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOff,&W,&IdA,&PgG1);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
-#endif
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob Y: ");
- OCT_output(&Y);
- printf("\n");
-#endif
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOff,&Y,&IdB,&PbG2);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_MULTIPLE() Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
-#endif
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
-#ifdef DEBUG
- printf("Bob PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Bob PIB: ");
- OCT_output(&PIB);
- printf("\n");
-#endif
-
- // Bob calculates AES Key
- WCC_RECEIVER_KEY(date, &Y, &W, &PIA, &PIB, &PaG1, &PgG1, &BKeyG2, NULL, &IdA, &K2);
- if (rtn != 0) {
- printf("Bob WCC_RECEIVER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Bob AES Key: ");
- OCT_output(&K2);
-
- printf("Bob sends IdB, PbG2 and PgG1 to Alice\n\n");
- printf("Bob IdB: ");
- OCT_output_string(&IdB);
- printf("\n");
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
- printf("Bob PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
-
- printf("Alice\n");
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
-#ifdef DEBUG
- printf("Alice PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Alice PIB: ");
- OCT_output(&PIB);
- printf("\n");
-#endif
-
- // Alice calculates AES Key
- rtn = WCC_SENDER_KEY(date, &X, &PIA, &PIB, &PbG2, &PgG1, &AKeyG1, NULL, &IdB, &K1);
- if (rtn != 0) {
- printf("Alice WCC_SENDER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Alice AES Key: ");
- OCT_output(&K1);
-
-
- // Send message
- IV.len=12;
- for (i=0;i<IV.len;i++)
- IV.val[i]=i+1;
- printf("Alice: IV ");
- OCT_output(&IV);
-
- printf("Alice: Message to encrypt for Bob: ");
- OCT_output_string(&MESSAGE1);
- printf("\n");
-
- WCC_AES_GCM_ENCRYPT(&K1, &IV, &IdA, &MESSAGE1, &C, &T1);
-
- printf("Alice: Ciphertext: ");
- OCT_output(&C);
-
- printf("Alice: Encryption Tag: ");
- OCT_output(&T1);
- printf("\n");
-
- WCC_AES_GCM_DECRYPT(&K2, &IV, &IdA, &C, &P, &T2);
-
- printf("Bob: Decrypted message received from Alice: ");
- OCT_output_string(&P);
- printf("\n");
-
- printf("Bob: Decryption Tag: ");
- OCT_output(&T2);
- printf("\n");
-
- if (!OCT_comp(&MESSAGE1,&P)) {
- printf("FAILURE Decryption\n");
- return 1;
- }
-
- if (!OCT_comp(&T1,&T2)) {
- printf("FAILURE TAG mismatch\n");
- return 1;
- }
-
- WCC_KILL_CSPRNG(&RNG);
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/testwcc_dta.c
----------------------------------------------------------------------
diff --git a/c/testwcc_dta.c b/c/testwcc_dta.c
deleted file mode 100755
index d05d70f..0000000
--- a/c/testwcc_dta.c
+++ /dev/null
@@ -1,438 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* Demonstrate WCC with two TAs and time permits */
-
-/* Build executible after installation:
- gcc -std=c99 -g testwcc_dta.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl -lwcc -o testwcc_dta */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-#include "wcc.h"
-
-#define DEBUG
-
-int main()
-{
- int i,rtn;
-
- /* Master secret shares */
- char ms1[PGS], ms2[PGS];
- octet MS1={sizeof(ms1),sizeof(ms1),ms1};
- octet MS2={sizeof(ms2),sizeof(ms2),ms2};
-
- // Sender keys
- char a1keyG1[2*PFS+1], a2keyG1[2*PFS+1];
- octet A1KeyG1={0,sizeof(a1keyG1), a1keyG1};
- octet A2KeyG1={0,sizeof(a2keyG1), a2keyG1};
- char akeyG1[2*PFS+1];
- octet AKeyG1={0,sizeof(akeyG1), akeyG1};
-
- // Sender time permits
- char a1TPG1[2*PFS+1], a2TPG1[2*PFS+1];
- octet A1TPG1={sizeof(a1TPG1),sizeof(a1TPG1), a1TPG1};
- octet A2TPG1={sizeof(a2TPG1),sizeof(a2TPG1), a2TPG1};
- char aTPG1[2*PFS+1];
- octet ATPG1={0,sizeof(aTPG1), aTPG1};
-
- // Receiver keys
- char b1keyG2[4*PFS], b2keyG2[4*PFS];
- octet B1KeyG2={0,sizeof(b1keyG2), b1keyG2};
- octet B2KeyG2={0,sizeof(b2keyG2), b2keyG2};
- char bkeyG2[4*PFS];
- octet BKeyG2={0,sizeof(bkeyG2), bkeyG2};
-
- // Receiver time permits
- char b1TPG2[4*PFS], b2TPG2[4*PFS];
- octet B1TPG2={sizeof(b1TPG2),sizeof(b1TPG2), b1TPG2};
- octet B2TPG2={sizeof(b2TPG2),sizeof(b2TPG2), b2TPG2};
- char bTPG2[4*PFS];
- octet BTPG2={0,sizeof(bTPG2), bTPG2};
-
- char ahv[HASH_BYTES],alice_id[256],bhv[HASH_BYTES],bob_id[256];
- octet AHV={0,sizeof(ahv),ahv};
- octet BHV={0,sizeof(bhv),bhv};
-
- octet IdA={0,sizeof(alice_id),alice_id};
- octet IdB={0,sizeof(bob_id),bob_id};
-
- char x[PGS];
- octet X={sizeof(x),sizeof(x),x};
- char y[PGS];
- octet Y={sizeof(y),sizeof(y),y};
- char w[PGS];
- octet W={sizeof(w),sizeof(w),w};
- char pia[PGS];
- octet PIA={sizeof(pia),sizeof(pia),pia};
- char pib[PGS];
- octet PIB={sizeof(pib),sizeof(pib),pib};
-
- char pgg1[2*PFS+1];
- octet PgG1={0,sizeof(pgg1), pgg1};
-
- char pag1[2*PFS+1];
- octet PaG1={0,sizeof(pag1), pag1};
-
- char pbg2[4*PFS];
- octet PbG2={0,sizeof(pbg2), pbg2};
-
- char seed[32] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- char message1[256];
- char message2[256];
- octet MESSAGE1 = {0, sizeof(message1), message1};
- octet MESSAGE2 = {0, sizeof(message2), message2};
-
- char t1[16]; // Tag
- char t2[16]; // Tag
- char k1[16]; // AES Key
- char k2[16]; // AES Key
- char iv[12]; // IV - Initialisation vector
- char c[100]; // Ciphertext
- char p[100]; // Recovered Plaintext
- octet T1={sizeof(t1),sizeof(t1),t1};
- octet T2={sizeof(t2),sizeof(t2),t2};
- octet K1={0,sizeof(k1),k1};
- octet K2={0,sizeof(k2),k2};
- octet IV={0,sizeof(iv),iv};
- octet C={0,sizeof(c),c};
- octet P={0,sizeof(p),p};
-
- int date;
- date = WCC_today();
- printf("Date %d \n", date);
-
- int hashDoneOn = 1;
- int hashDoneOff = 0;
-
- OCT_jstring(&MESSAGE1,"Hello Bob");
- OCT_jstring(&MESSAGE2,"Hello Alice");
-
- /* unrandom seed value! */
- SEED.len=32;
- for (i=0;i<32;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- WCC_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = WCC_RANDOM_GENERATE(&RNG,&MS1);
- if (rtn != 0) {
- printf("TA WCC_RANDOM_GENERATE(&RNG,&MS1) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_RANDOM_GENERATE(&RNG,&MS2);
- if (rtn != 0)
- {
- printf("TA WCC_RANDOM_GENERATE(&RNG,&MS2) Error %d\n", rtn);
- return 1;
- }
- printf("TA MASTER SECRET MIRACL: ");
- OCT_output(&MS1);
- printf("TA MASTER SECRET CUSTOMER: ");
- OCT_output(&MS2);
-
- // Alice's ID
- OCT_jstring(&IdA,"alice@miracl.com");
-
- // TA: Generate Alice's sender key
- WCC_HASH_ID(&IdA,&AHV);
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOn,&MS1,&AHV,&A1KeyG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_MULTIPLE(hashDoneOn,&MS1,&AHV,&A1KeyG1) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOn,&MS2,&AHV,&A2KeyG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_MULTIPLE(hashDoneOn,&MS2,&AHV,&A2KeyG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA A1KeyG1: ");
- OCT_output(&A1KeyG1);
- printf("TA A2KeyG1: ");
- OCT_output(&A2KeyG1);
-
- rtn = WCC_RECOMBINE_G1(&A1KeyG1, &A2KeyG1, &AKeyG1);
- if (rtn != 0) {
- printf("TA WCC_RECOMBINE_G1(&A1KeyG1, &A2KeyG1, &AKeyG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA Alice's sender key: ");
- OCT_output(&AKeyG1);
-
- // TA: Generate Alice's G1 time permit
- rtn = WCC_GET_G1_PERMIT(date,&MS1,&AHV,&A1TPG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_PERMIT(date,&MS1,&AHV,&A1TPG1) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G1_PERMIT(date,&MS2,&AHV,&A2TPG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_PERMIT(date,&MS2,&AHV,&A2TPG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA A1TPG1: ");
- OCT_output(&A1TPG1);
- printf("TA A2TPG1: ");
- OCT_output(&A2TPG1);
-
- rtn = WCC_RECOMBINE_G1(&A1TPG1, &A2TPG1, &ATPG1);
- if (rtn != 0) {
- printf("Alice WCC_RECOMBINE_G1(&A1TPG1, &A2TPG1, &ATPG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA Alice's sender time permit: ");
- OCT_output(&ATPG1);
-
- // Bob's ID
- OCT_jstring(&IdB,"bob@miracl.com");
-
- // TA: Generate Bob's receiver key
- WCC_HASH_ID(&IdB,&BHV);
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOn,&MS1,&BHV,&B1KeyG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_MULTIPLE(hashDoneOn,&MS1,&BHV,&B1KeyG2) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOn,&MS2,&BHV,&B2KeyG2);
- if (rtn != 0) {
- printf("Bob WCC_GET_G2_MULTIPLE(hashDoneOn,&MS2,&BHV,&B2KeyG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA B1KeyG2: ");
- OCT_output(&B1KeyG2);
- printf("TA B2KeyG2: ");
- OCT_output(&B2KeyG2);
-
- rtn = WCC_RECOMBINE_G2(&B1KeyG2, &B2KeyG2, &BKeyG2);
- if (rtn != 0) {
- printf("Bob WCC_RECOMBINE_G2(&B1KeyG1, &B2KeyG1, &BKeyG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA Bob's receiver key: ");
- OCT_output(&BKeyG2);
-
- // TA: Generate Bob's receiver time permit
- rtn = WCC_GET_G2_PERMIT(date,&MS1,&BHV,&B1TPG2);
- if (rtn != 0)
- {
- printf("TA WCC_GET_G2_PERMIT(date,&MS1,&BHV,&B1TPG2) Error %d\n", rtn);
- return 1;
- }
- rtn = WCC_GET_G2_PERMIT(date,&MS2,&BHV,&B2TPG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_PERMIT(date,&MS2,&BHV,&B2TPG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA B1TPG2: ");
- OCT_output(&B1TPG2);
- printf("TA B2TPG2: ");
- OCT_output(&B2TPG2);
-
- rtn = WCC_RECOMBINE_G2(&B1TPG2, &B2TPG2, &BTPG2);
- if (rtn != 0) {
- printf("Bob WCC_RECOMBINE_G2(&B1TPG2, &B2TPG2, &BTPG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA Bob's receiver time permit: ");
- OCT_output(&BTPG2);
- printf("\n");
-
- printf("Alice\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&X);
- if (rtn != 0) {
- printf("Alice WCC_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Alice X: ");
- OCT_output(&X);
- printf("\n");
-#endif
-
- rtn = WCC_GET_G1_TPMULT(date,&X,&IdA,&PaG1);
- if (rtn != 0) {
- printf("Alice WCC_GET_G1_TPMULT(date,&X,&IdA,&PaG1) Error %d\n", rtn);
- return 1;
- }
-
- printf("Alice sends IdA and PaG1 to Bob\n\n");
- printf("Alice IdA: ");
- OCT_output_string(&IdA);
- printf("\n");
- printf("Alice PaG1: ");
- OCT_output(&PaG1);
- printf("\n");
-
- printf("Bob\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&W);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob W: ");
- OCT_output(&W);
- printf("\n");
-#endif
- rtn = WCC_GET_G1_TPMULT(date,&W,&IdA,&PgG1);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_TPMULT(date,&W,&IdA,&PgG1) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
-#endif
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob Y: ");
- OCT_output(&Y);
- printf("\n");
-#endif
- rtn = WCC_GET_G2_TPMULT(date,&Y,&IdB,&PbG2);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_TPMULT(date,&Y,&IdB,&PbG2) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
-#endif
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
-#ifdef DEBUG
- printf("Bob PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Bob PIB: ");
- OCT_output(&PIB);
- printf("\n");
-#endif
-
- // Bob calculates AES Key
- WCC_RECEIVER_KEY(date, &Y, &W, &PIA, &PIB, &PaG1, &PgG1, &BKeyG2, &BTPG2, &IdA, &K2);
- if (rtn != 0) {
- printf("Bob WCC_RECEIVER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Bob AES Key: ");
- OCT_output(&K2);
-
- printf("Bob sends IdB, PbG2 and PgG1 to Alice\n\n");
- printf("Bob IdB: ");
- OCT_output_string(&IdB);
- printf("\n");
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
- printf("Bob PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
-
- printf("Alice\n");
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
-#ifdef DEBUG
- printf("Alice PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Alice PIB: ");
- OCT_output(&PIB);
- printf("\n");
-#endif
-
- // Alice calculates AES Key
- rtn = WCC_SENDER_KEY(date, &X, &PIA, &PIB, &PbG2, &PgG1, &AKeyG1, &ATPG1, &IdB, &K1);
- if (rtn != 0) {
- printf("Alice WCC_SENDER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Alice AES Key: ");
- OCT_output(&K1);
-
- // Send message
- IV.len=12;
- for (i=0;i<IV.len;i++)
- IV.val[i]=i+1;
- printf("Alice: IV ");
- OCT_output(&IV);
-
- printf("Alice: Message to encrypt for Bob: ");
- OCT_output_string(&MESSAGE1);
- printf("\n");
-
- WCC_AES_GCM_ENCRYPT(&K1, &IV, &IdA, &MESSAGE1, &C, &T1);
-
- printf("Alice: Ciphertext: ");
- OCT_output(&C);
-
- printf("Alice: Encryption Tag: ");
- OCT_output(&T1);
- printf("\n");
-
- WCC_AES_GCM_DECRYPT(&K2, &IV, &IdA, &C, &P, &T2);
-
- printf("Bob: Decrypted message received from Alice: ");
- OCT_output_string(&P);
- printf("\n");
-
- printf("Bob: Decryption Tag: ");
- OCT_output(&T2);
- printf("\n");
-
- if (!OCT_comp(&MESSAGE1,&P)) {
- printf("FAILURE Decryption\n");
- return 1;
- }
-
- if (!OCT_comp(&T1,&T2)) {
- printf("FAILURE TAG mismatch\n");
- return 1;
- }
-
- WCC_KILL_CSPRNG(&RNG);
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/testwcc_tp.c
----------------------------------------------------------------------
diff --git a/c/testwcc_tp.c b/c/testwcc_tp.c
deleted file mode 100755
index 280fa85..0000000
--- a/c/testwcc_tp.c
+++ /dev/null
@@ -1,357 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* Demonstrate WCC with time permits */
-
-/* Build executible after installation:
- gcc -std=c99 -g testwcc_dta.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl -lwcc -o testwcc_dta */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-#include "wcc.h"
-
-#define DEBUG
-
-int main()
-{
- int i,rtn;
-
- /* Master secret shares */
- char ms[PGS];
- octet MS={sizeof(ms),sizeof(ms),ms};
-
- // Sender key
- char akeyG1[2*PFS+1];
- octet AKeyG1={0,sizeof(akeyG1), akeyG1};
-
- // Sender time permits
- char aTPG1[2*PFS+1];
- octet ATPG1={sizeof(aTPG1),sizeof(aTPG1), aTPG1};
-
- // Receiver keys
- char bkeyG2[4*PFS];
- octet BKeyG2={0,sizeof(bkeyG2), bkeyG2};
-
- // Receiver time permits
- char bTPG2[4*PFS];
- octet BTPG2={sizeof(bTPG2),sizeof(bTPG2), bTPG2};
-
- char ahv[HASH_BYTES],alice_id[256],bhv[HASH_BYTES],bob_id[256];
- octet AHV={0,sizeof(ahv),ahv};
- octet BHV={0,sizeof(bhv),bhv};
-
- octet IdA={0,sizeof(alice_id),alice_id};
- octet IdB={0,sizeof(bob_id),bob_id};
-
- char x[PGS];
- octet X={sizeof(x),sizeof(x),x};
- char y[PGS];
- octet Y={sizeof(y),sizeof(y),y};
- char w[PGS];
- octet W={sizeof(w),sizeof(w),w};
- char pia[PGS];
- octet PIA={sizeof(pia),sizeof(pia),pia};
- char pib[PGS];
- octet PIB={sizeof(pib),sizeof(pib),pib};
-
- char pgg1[2*PFS+1];
- octet PgG1={0,sizeof(pgg1), pgg1};
-
- char pag1[2*PFS+1];
- octet PaG1={0,sizeof(pag1), pag1};
-
- char pbg2[4*PFS];
- octet PbG2={0,sizeof(pbg2), pbg2};
-
- char seed[32] = {0};
- octet SEED = {0,sizeof(seed),seed};
- csprng RNG;
-
- char message1[256];
- char message2[256];
- octet MESSAGE1 = {0, sizeof(message1), message1};
- octet MESSAGE2 = {0, sizeof(message2), message2};
-
- char t1[16]; // Tag
- char t2[16]; // Tag
- char k1[16]; // AES Key
- char k2[16]; // AES Key
- char iv[12]; // IV - Initialisation vector
- char c[100]; // Ciphertext
- char p[100]; // Recovered Plaintext
- octet T1={sizeof(t1),sizeof(t1),t1};
- octet T2={sizeof(t2),sizeof(t2),t2};
- octet K1={0,sizeof(k1),k1};
- octet K2={0,sizeof(k2),k2};
- octet IV={0,sizeof(iv),iv};
- octet C={0,sizeof(c),c};
- octet P={0,sizeof(p),p};
-
- int date;
- date = WCC_today();
- printf("Date %d \n", date);
-
- int hashDoneOn = 1;
- int hashDoneOff = 0;
-
- OCT_jstring(&MESSAGE1,"Hello Bob");
- OCT_jstring(&MESSAGE2,"Hello Alice");
-
- /* unrandom seed value! */
- SEED.len=32;
- for (i=0;i<32;i++) SEED.val[i]=i+1;
-
- /* initialise random number generator */
- WCC_CREATE_CSPRNG(&RNG,&SEED);
-
- /* Generate Client master secret for MIRACL and Customer */
- rtn = WCC_RANDOM_GENERATE(&RNG,&MS);
- if (rtn != 0) {
- printf("TA WCC_RANDOM_GENERATE(&RNG,&MS) Error %d\n", rtn);
- return 1;
- }
- printf("TA MASTER SECRET: ");
- OCT_output(&MS);
-
- // Alice's ID
- OCT_jstring(&IdA,"alice@miracl.com");
-
- // TA: Generate Alice's sender key
- WCC_HASH_ID(&IdA,&AHV);
- rtn = WCC_GET_G1_MULTIPLE(hashDoneOn,&MS,&AHV,&AKeyG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_MULTIPLE(hashDoneOn,&MS,&AHV,&AKeyG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA Alice's sender key: ");
- OCT_output(&AKeyG1);
-
- // TA: Generate Alice's G1 time permit
- rtn = WCC_GET_G1_PERMIT(date,&MS,&AHV,&ATPG1);
- if (rtn != 0) {
- printf("TA WCC_GET_G1_PERMIT(date,&MS,&AHV,&ATPG1) Error %d\n", rtn);
- return 1;
- }
- printf("TA Alice's sender time permit: ");
- OCT_output(&ATPG1);
-
- // Bob's ID
- OCT_jstring(&IdB,"bob@miracl.com");
-
- // TA: Generate Bob's receiver key
- WCC_HASH_ID(&IdB,&BHV);
- rtn = WCC_GET_G2_MULTIPLE(hashDoneOn,&MS,&BHV,&BKeyG2);
- if (rtn != 0) {
- printf("TA WCC_GET_G2_MULTIPLE(hashDoneOn,&MS,&BHV,&BKeyG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA Bob's receiver key: ");
- OCT_output(&BKeyG2);
-
- // TA: Generate Bob's receiver time permit
- rtn = WCC_GET_G2_PERMIT(date,&MS,&BHV,&BTPG2);
- if (rtn != 0)
- {
- printf("TA WCC_GET_G2_PERMIT(date,&MS,&BHV,&BTPG2) Error %d\n", rtn);
- return 1;
- }
- printf("TA Bob's receiver time permit: ");
- OCT_output(&BTPG2);
- printf("\n");
-
- printf("Alice\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&X);
- if (rtn != 0) {
- printf("Alice WCC_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Alice X: ");
- OCT_output(&X);
- printf("\n");
-#endif
-
- rtn = WCC_GET_G1_TPMULT(date,&X,&IdA,&PaG1);
- if (rtn != 0) {
- printf("Alice WCC_GET_G1_TPMULT(date,&X,&IdA,&PaG1) Error %d\n", rtn);
- return 1;
- }
-
- printf("Alice sends IdA and PaG1 to Bob\n\n");
- printf("Alice IdA: ");
- OCT_output_string(&IdA);
- printf("\n");
- printf("Alice PaG1: ");
- OCT_output(&PaG1);
- printf("\n");
-
- printf("Bob\n");
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&W);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob W: ");
- OCT_output(&W);
- printf("\n");
-#endif
- rtn = WCC_GET_G1_TPMULT(date,&W,&IdA,&PgG1);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_TPMULT(date,&W,&IdA,&PgG1) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
-#endif
-
- rtn = WCC_RANDOM_GENERATE(&RNG,&Y);
- if (rtn != 0) {
- printf("Bob WCC_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob Y: ");
- OCT_output(&Y);
- printf("\n");
-#endif
- rtn = WCC_GET_G2_TPMULT(date,&Y,&IdB,&PbG2);
- if (rtn != 0) {
- printf("Bob WCC_GET_G1_TPMULT(date,&Y,&IdB,&PbG2) Error %d\n", rtn);
- return 1;
- }
-#ifdef DEBUG
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
-#endif
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
-#ifdef DEBUG
- printf("Bob PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Bob PIB: ");
- OCT_output(&PIB);
- printf("\n");
-#endif
-
- // Bob calculates AES Key
- WCC_RECEIVER_KEY(date, &Y, &W, &PIA, &PIB, &PaG1, &PgG1, &BKeyG2, &BTPG2, &IdA, &K2);
- if (rtn != 0) {
- printf("Bob WCC_RECEIVER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Bob AES Key: ");
- OCT_output(&K2);
-
- printf("Bob sends IdB, PbG2 and PgG1 to Alice\n\n");
- printf("Bob IdB: ");
- OCT_output_string(&IdB);
- printf("\n");
- printf("Bob PbG2: ");
- OCT_output(&PbG2);
- printf("\n");
- printf("Bob PgG1: ");
- OCT_output(&PgG1);
- printf("\n");
-
- printf("Alice\n");
-
- // pia = Hq(PaG1,PbG2,PgG1,IdB)
- WCC_Hq(&PaG1,&PbG2,&PgG1,&IdB,&PIA);
-
- // pib = Hq(PbG2,PaG1,PgG1,IdA)
- WCC_Hq(&PbG2,&PaG1,&PgG1,&IdA,&PIB);
-
-#ifdef DEBUG
- printf("Alice PIA: ");
- OCT_output(&PIA);
- printf("\n");
- printf("Alice PIB: ");
- OCT_output(&PIB);
- printf("\n");
-#endif
-
- // Alice calculates AES Key
- rtn = WCC_SENDER_KEY(date, &X, &PIA, &PIB, &PbG2, &PgG1, &AKeyG1, &ATPG1, &IdB, &K1);
- if (rtn != 0) {
- printf("Alice WCC_SENDER_KEY() Error %d\n", rtn);
- return 1;
- }
- printf("Alice AES Key: ");
- OCT_output(&K1);
-
- // Send message
- IV.len=12;
- for (i=0;i<IV.len;i++)
- IV.val[i]=i+1;
- printf("Alice: IV ");
- OCT_output(&IV);
-
- printf("Alice: Message to encrypt for Bob: ");
- OCT_output_string(&MESSAGE1);
- printf("\n");
-
- WCC_AES_GCM_ENCRYPT(&K1, &IV, &IdA, &MESSAGE1, &C, &T1);
-
- printf("Alice: Ciphertext: ");
- OCT_output(&C);
-
- printf("Alice: Encryption Tag: ");
- OCT_output(&T1);
- printf("\n");
-
- WCC_AES_GCM_DECRYPT(&K2, &IV, &IdA, &C, &P, &T2);
-
- printf("Bob: Decrypted message received from Alice: ");
- OCT_output_string(&P);
- printf("\n");
-
- printf("Bob: Decryption Tag: ");
- OCT_output(&T2);
- printf("\n");
-
- if (!OCT_comp(&MESSAGE1,&P)) {
- printf("FAILURE Decryption\n");
- return 1;
- }
-
- if (!OCT_comp(&T1,&T2)) {
- printf("FAILURE TAG mismatch\n");
- return 1;
- }
-
- WCC_KILL_CSPRNG(&RNG);
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/utils.c
----------------------------------------------------------------------
diff --git a/c/utils.c b/c/utils.c
deleted file mode 100755
index 592780e..0000000
--- a/c/utils.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "amcl.h"
-#include "utils.h"
-
-void hex2bytes(char *hex, char *bin)
-{
- int i;
- char v;
- int len=strlen(hex);
- for (i = 0; i < len/2; i++) {
- char c = hex[2*i];
- if (c >= '0' && c <= '9') {
- v = c - '0';
- } else if (c >= 'A' && c <= 'F') {
- v = c - 'A' + 10;
- } else if (c >= 'a' && c <= 'f') {
- v = c - 'a' + 10;
- } else {
- v = 0;
- }
- v <<= 4;
- c = hex[2*i + 1];
- if (c >= '0' && c <= '9') {
- v += c - '0';
- } else if (c >= 'A' && c <= 'F') {
- v += c - 'A' + 10;
- } else if (c >= 'a' && c <= 'f') {
- v += c - 'a' + 10;
- } else {
- v = 0;
- }
- bin[i] = v;
- }
-}
-
-/*! \brief Generate a random six digit one time password
- *
- * Generates a random six digit one time password
- *
- * @param RNG random number generator
- * @return OTP One Time Password
- */
-int generateOTP(csprng* RNG)
-{
- int OTP=0;
-
- int i = 0;
- int val = 0;
- char byte[6] = {0};
-
- /* Generate random 6 digit random value */
- for (i=0;i<6;i++)
- {
- byte[i]=RAND_byte(RNG);
- val = byte[i];
- OTP = ((abs(val) % 10) * pow(10.0,i)) + OTP;
- }
-
- return OTP;
-}
-
-/*! \brief Generate a random Octet
- *
- * Generate a random Octet
- *
- * @param RNG random number generator
- * @return randomValue random Octet
- */
-void generateRandom(csprng *RNG,octet *randomValue)
-{
- int i;
- for (i=0;i<randomValue->len;i++)
- randomValue->val[i]=RAND_byte(RNG);
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/utils.h
----------------------------------------------------------------------
diff --git a/c/utils.h b/c/utils.h
deleted file mode 100755
index d1cbae0..0000000
--- a/c/utils.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-#ifndef UTILS_H
-#define UTILS_H
-
-#include "amcl.h"
-#include <math.h>
-
-DLL_EXPORT void hex2bytes(char *hex, char *bin);
-DLL_EXPORT void generateRandom(csprng*, octet*);
-DLL_EXPORT int generateOTP(csprng*);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/version.c
----------------------------------------------------------------------
diff --git a/c/version.c b/c/version.c
deleted file mode 100755
index 8c2d899..0000000
--- a/c/version.c
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-#include "version.h"
-
-
-/*! \brief Print version number and information about the build
- *
- * Print version number and information about the build
- *
- */
-void version(char* info)
-{
- sprintf(info,"Version: %d.%d.%d OS: %s FIELD CHOICE: %s CURVE TYPE: %s WORD_LENGTH: %d", AMCL_VERSION_MAJOR, AMCL_VERSION_MINOR, AMCL_VERSION_PATCH, OS, FIELD_CHOICE, CURVE_TYPE, CHUNK);
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/version.h
----------------------------------------------------------------------
diff --git a/c/version.h b/c/version.h
deleted file mode 100755
index 18a899f..0000000
--- a/c/version.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-#ifndef VERSION_H
-#define VERSION_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "amcl.h"
-
-DLL_EXPORT void version(char* info);
-
-#endif
[16/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/TestMPINInstall.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/TestMPINInstall.py b/pythonCFFI/TestMPINInstall.py
deleted file mode 100755
index 3c36c55..0000000
--- a/pythonCFFI/TestMPINInstall.py
+++ /dev/null
@@ -1,703 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-import os
-import unittest
-import json
-import hashlib
-
-from mpin import ffi, G1, G2, HASH_BYTES, IVL, libmpin, PAS, PFS, PGS, toHex
-
-# Master Secret Shares
-MS1 = ffi.new("octet*")
-MS1val = ffi.new("char []", PGS)
-MS1[0].val = MS1val
-MS1[0].max = PGS
-MS1[0].len = PGS
-
-MS2 = ffi.new("octet*")
-MS2val = ffi.new("char []", PGS)
-MS2[0].val = MS2val
-MS2[0].max = PGS
-MS2[0].len = PGS
-
-# Client secret and shares
-CS1 = ffi.new("octet*")
-CS1val = ffi.new("char []", G1)
-CS1[0].val = CS1val
-CS1[0].max = G1
-CS1[0].len = G1
-
-CS2 = ffi.new("octet*")
-CS2val = ffi.new("char []", G1)
-CS2[0].val = CS2val
-CS2[0].max = G1
-CS2[0].len = G1
-
-SEC = ffi.new("octet*")
-SECval = ffi.new("char []", G1)
-SEC[0].val = SECval
-SEC[0].max = G1
-SEC[0].len = G1
-
-# Server secret and shares
-SS1 = ffi.new("octet*")
-SS1val = ffi.new("char []", G2)
-SS1[0].val = SS1val
-SS1[0].max = G2
-SS1[0].len = G2
-
-SS2 = ffi.new("octet*")
-SS2val = ffi.new("char []", G2)
-SS2[0].val = SS2val
-SS2[0].max = G2
-SS2[0].len = G2
-
-SERVER_SECRET = ffi.new("octet*")
-SERVER_SECRETval = ffi.new("char []", G2)
-SERVER_SECRET[0].val = SERVER_SECRETval
-SERVER_SECRET[0].max = G2
-SERVER_SECRET[0].len = G2
-
-# Time Permit and shares
-TP1 = ffi.new("octet*")
-TP1val = ffi.new("char []", G1)
-TP1[0].val = TP1val
-TP1[0].max = G1
-TP1[0].len = G1
-
-TP2 = ffi.new("octet*")
-TP2val = ffi.new("char []", G1)
-TP2[0].val = TP2val
-TP2[0].max = G1
-TP2[0].len = G1
-
-TIME_PERMIT = ffi.new("octet*")
-TIME_PERMITval = ffi.new("char []", G1)
-TIME_PERMIT[0].val = TIME_PERMITval
-TIME_PERMIT[0].max = G1
-TIME_PERMIT[0].len = G1
-
-# Token stored on computer
-TOKEN = ffi.new("octet*")
-TOKENval = ffi.new("char []", G1)
-TOKEN[0].val = TOKENval
-TOKEN[0].max = G1
-TOKEN[0].len = G1
-
-UT = ffi.new("octet*")
-UTval = ffi.new("char []", G1)
-UT[0].val = UTval
-UT[0].max = G1
-UT[0].len = G1
-
-U = ffi.new("octet*")
-Uval = ffi.new("char []", G1)
-U[0].val = Uval
-U[0].max = G1
-U[0].len = G1
-
-X = ffi.new("octet*")
-Xval = ffi.new("char []", PGS)
-X[0].val = Xval
-X[0].max = PGS
-X[0].len = PGS
-
-Y = ffi.new("octet*")
-Yval = ffi.new("char []", PGS)
-Y[0].val = Yval
-Y[0].max = PGS
-Y[0].len = PGS
-
-lenEF = 12 * PFS
-E = ffi.new("octet*")
-Eval = ffi.new("char []", lenEF)
-E[0].val = Eval
-E[0].max = lenEF
-E[0].len = lenEF
-
-F = ffi.new("octet*")
-Fval = ffi.new("char []", lenEF)
-F[0].val = Fval
-F[0].max = lenEF
-F[0].len = lenEF
-
-# H(ID)
-HID = ffi.new("octet*")
-HIDval = ffi.new("char []", G1)
-HID[0].val = HIDval
-HID[0].max = G1
-HID[0].len = G1
-
-# H(T|H(ID))
-HTID = ffi.new("octet*")
-HTIDval = ffi.new("char []", G1)
-HTID[0].val = HTIDval
-HTID[0].max = G1
-HTID[0].len = G1
-
-
-class TestMPIN(unittest.TestCase):
- """Tests M-Pin crypto code"""
-
- def setUp(self):
-
- # Form MPin ID
- endUserData = {
- "issued": "2013-10-19T06:12:28Z",
- "userID": "testUser@miracl.com",
- "mobile": 1,
- "salt": "e985da112a378c222cfc2f7226097b0c"
- }
- mpin_id = json.dumps(endUserData)
-
- self.MPIN_ID = ffi.new("octet*")
- self.MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id)
- self.MPIN_ID[0].val = self.MPIN_IDval
- self.MPIN_ID[0].max = len(mpin_id)
- self.MPIN_ID[0].len = len(mpin_id)
-
- # Hash value of MPIN_ID
- self.HASH_MPIN_ID = ffi.new("octet*")
- self.HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- self.HASH_MPIN_ID[0].val = self.HASH_MPIN_IDval
- self.HASH_MPIN_ID[0].max = HASH_BYTES
- self.HASH_MPIN_ID[0].len = HASH_BYTES
- libmpin.MPIN_HASH_ID(self.MPIN_ID, self.HASH_MPIN_ID)
-
- # Assign a seed value
- seedHex = "3ade3d4a5c698e8910bf92f25d97ceeb7c25ed838901a5cb5db2cf25434c1fe76c7f79b7af2e5e1e4988e4294dbd9bd9fa3960197fb7aec373609fb890d74b16a4b14b2ae7e23b75f15d36c21791272372863c4f8af39980283ae69a79cf4e48e908f9e0"
- self.seed = seedHex.decode("hex")
- self.RAW = ffi.new("octet*")
- self.RAWval = ffi.new("char [%s]" % len(self.seed), self.seed)
- self.RAW[0].val = self.RAWval
- self.RAW[0].len = len(self.seed)
- self.RAW[0].max = len(self.seed)
-
- self.date = 16238
-
- def test_1(self):
- """test_1 Good PIN and good token"""
- PIN1 = 1234
- PIN2 = 1234
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate Client master secret share for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- self.assertEqual(rtn, 0)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, self.HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, self.HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS1, self.HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS2, self.HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Client extracts PIN from secret to create Token
- PIN1 = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(self.MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(self.date, self.MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(self.date, self.MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- self.assertEqual(rtn, 0)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(self.date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- self.assertEqual(rtn, 0)
-
- def test_2(self):
- """test_2 Bad PIN and good token"""
- PIN1 = 1234
- PIN2 = 2000
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate Client master secret share for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- self.assertEqual(rtn, 0)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, self.HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, self.HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS1, self.HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS2, self.HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Client extracts PIN from secret to create Token
- PIN1 = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(self.MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(self.date, self.MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(self.date, self.MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- self.assertEqual(rtn, 0)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(self.date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- self.assertEqual(rtn, -19)
-
- def test_3(self):
- """test_3 Good PIN and bad token"""
- PIN1 = 1234
- PIN2 = 1234
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate Client master secret share for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- self.assertEqual(rtn, 0)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, self.HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, self.HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS1, self.HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS2, self.HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Client extracts PIN from secret to create Token
- PIN1 = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(self.MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(self.date, self.MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(self.date, self.MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- self.assertEqual(rtn, 0)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
-
- # Server second pass
- # clientSecret aka V is equal to UT to model a bad token
- rtn = libmpin.MPIN_SERVER_2(self.date, HID, HTID, Y, SERVER_SECRET, U, UT, UT, E, F)
- self.assertEqual(rtn, -19)
-
- def test_4(self):
- """test_4 Test hash function"""
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
-
- for i in range(1, 10000):
- bytesStr = os.urandom(128)
- hash_object2 = hashlib.sha256(bytesStr)
- digest = hash_object2.hexdigest()
- MPIN_ID = ffi.new("octet*")
- MPIN_IDval = ffi.new("char [%s]" % len(bytesStr), bytesStr)
- MPIN_ID[0].val = MPIN_IDval
- MPIN_ID[0].max = len(bytesStr)
- MPIN_ID[0].len = len(bytesStr)
- libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
- self.assertEqual(digest, toHex(HASH_MPIN_ID))
-
- def test_5(self):
- """test_5 Make sure all client secret are unique"""
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate master secret share
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
-
- s = set()
- match = 0
- for i in range(1, 1000):
- rand_val = os.urandom(32)
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char [%s]" % HASH_BYTES, rand_val)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- cs1Hex = toHex(CS1)
- if cs1Hex in s:
- match = 1
- self.assertEqual(match, 0)
- s.add(cs1Hex)
-
- def test_6(self):
- """test_6 Make sure all one time passwords are random i.e. they should collide"""
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- s = set()
- match = 0
- for i in range(1, 10000):
- OTP = libmpin.generateOTP(RNG)
- if OTP in s:
- # print i
- match = 1
- s.add(OTP)
- self.assertEqual(match, 1)
-
- def test_7(self):
- """test_7 Make sure all random values are random i.e. they should collide"""
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate 100 byte random number
- RANDOMlen = 3
- RANDOM = ffi.new("octet*")
- RANDOMval = ffi.new("char []", RANDOMlen)
- RANDOM[0].val = RANDOMval
- RANDOM[0].max = RANDOMlen
- RANDOM[0].len = RANDOMlen
-
- s = set()
- match = 0
- for i in range(1, 10000):
- libmpin.generateRandom(RNG, RANDOM)
- random = toHex(RANDOM)
- if random in s:
- # print i
- match = 1
- s.add(random)
- self.assertEqual(match, 1)
-
- def test_8(self):
- """test_8 AES-GCM: Successful encryption and decryption"""
-
- # Generate 16 byte key
- key_val = os.urandom(PAS)
- AES_KEY = ffi.new("octet*")
- AES_KEYval = ffi.new("char [%s]" % PAS, key_val)
- AES_KEY[0].val = AES_KEYval
- AES_KEY[0].max = PAS
- AES_KEY[0].len = PAS
-
- # Generate 12 byte IV
- iv_val = os.urandom(IVL)
- IV = ffi.new("octet*")
- IVval = ffi.new("char [%s]" % IVL, iv_val)
- IV[0].val = IVval
- IV[0].max = IVL
- IV[0].len = IVL
-
- # Generate a 32 byte random header
- header_val = os.urandom(32)
- HEADER = ffi.new("octet*")
- HEADERval = ffi.new("char [%s]" % len(header_val), header_val)
- HEADER[0].val = HEADERval
- HEADER[0].max = len(header_val)
- HEADER[0].len = len(header_val)
-
- # Plaintext input
- plaintext1 = "A test message"
- PLAINTEXT1 = ffi.new("octet*")
- PLAINTEXT1val = ffi.new("char [%s]" % len(plaintext1), plaintext1)
- PLAINTEXT1[0].val = PLAINTEXT1val
- PLAINTEXT1[0].max = len(plaintext1)
- PLAINTEXT1[0].len = len(plaintext1)
- # print "Input message: %s" % ffi.string(PLAINTEXT1[0].val, PLAINTEXT1[0].len)
-
- # Ciphertext
- CIPHERTEXT = ffi.new("octet*")
- CIPHERTEXTval = ffi.new("char []", len(plaintext1))
- CIPHERTEXT[0].val = CIPHERTEXTval
- CIPHERTEXT[0].max = len(plaintext1)
-
- # 16 byte authentication tag
- TAG1 = ffi.new("octet*")
- TAG1val = ffi.new("char []", PAS)
- TAG1[0].val = TAG1val
- TAG1[0].max = PAS
-
- libmpin.MPIN_AES_GCM_ENCRYPT(AES_KEY, IV, HEADER, PLAINTEXT1, CIPHERTEXT, TAG1)
- # Plaintext output
- PLAINTEXT2 = ffi.new("octet*")
- PLAINTEXT2val = ffi.new("char []", CIPHERTEXT[0].len)
- PLAINTEXT2[0].val = PLAINTEXT2val
- PLAINTEXT2[0].max = CIPHERTEXT[0].len
- PLAINTEXT2[0].len = CIPHERTEXT[0].len
-
- # 16 byte authentication tag
- TAG2 = ffi.new("octet*")
- TAG2val = ffi.new("char []", PAS)
- TAG2[0].val = TAG2val
- TAG2[0].max = PAS
-
- libmpin.MPIN_AES_GCM_DECRYPT(AES_KEY, IV, HEADER, CIPHERTEXT, PLAINTEXT2, TAG2)
- self.assertEqual(toHex(TAG1), toHex(TAG2))
- self.assertEqual(toHex(PLAINTEXT1), toHex(PLAINTEXT2))
- # print "Output message: %s" % ffi.string(PLAINTEXT2[0].val, PLAINTEXT2[0].len)
-
- def test_9(self):
- """test_9 AES-GCM: Failed encryption and decryption by changing a ciphertext byte"""
-
- # Generate 16 byte key
- key_val = os.urandom(PAS)
- AES_KEY = ffi.new("octet*")
- AES_KEYval = ffi.new("char [%s]" % PAS, key_val)
- AES_KEY[0].val = AES_KEYval
- AES_KEY[0].max = PAS
- AES_KEY[0].len = PAS
-
- # Generate 12 byte IV
- iv_val = os.urandom(IVL)
- IV = ffi.new("octet*")
- IVval = ffi.new("char [%s]" % IVL, iv_val)
- IV[0].val = IVval
- IV[0].max = IVL
- IV[0].len = IVL
-
- # Generate a 32 byte random header
- header_val = os.urandom(32)
- HEADER = ffi.new("octet*")
- HEADERval = ffi.new("char [%s]" % len(header_val), header_val)
- HEADER[0].val = HEADERval
- HEADER[0].max = len(header_val)
- HEADER[0].len = len(header_val)
-
- # Plaintext input
- plaintext1 = "A test message"
- PLAINTEXT1 = ffi.new("octet*")
- PLAINTEXT1val = ffi.new("char [%s]" % len(plaintext1), plaintext1)
- PLAINTEXT1[0].val = PLAINTEXT1val
- PLAINTEXT1[0].max = len(plaintext1)
- PLAINTEXT1[0].len = len(plaintext1)
- # print "Input message: %s" % ffi.string(PLAINTEXT1[0].val, PLAINTEXT1[0].len)
-
- # Ciphertext
- CIPHERTEXT = ffi.new("octet*")
- CIPHERTEXTval = ffi.new("char []", len(plaintext1))
- CIPHERTEXT[0].val = CIPHERTEXTval
- CIPHERTEXT[0].max = len(plaintext1)
-
- # 16 byte authentication tag
- TAG1 = ffi.new("octet*")
- TAG1val = ffi.new("char []", PAS)
- TAG1[0].val = TAG1val
- TAG1[0].max = PAS
-
- libmpin.MPIN_AES_GCM_ENCRYPT(AES_KEY, IV, HEADER, PLAINTEXT1, CIPHERTEXT, TAG1)
-
- # Change one byte of ciphertext
- CIPHERTEXT[0].val[0] = "\xa5"
-
- # Plaintext output
- PLAINTEXT2 = ffi.new("octet*")
- PLAINTEXT2val = ffi.new("char []", CIPHERTEXT[0].len)
- PLAINTEXT2[0].val = PLAINTEXT2val
- PLAINTEXT2[0].max = CIPHERTEXT[0].len
- PLAINTEXT2[0].len = CIPHERTEXT[0].len
-
- # 16 byte authentication tag
- TAG2 = ffi.new("octet*")
- TAG2val = ffi.new("char []", PAS)
- TAG2[0].val = TAG2val
- TAG2[0].max = PAS
-
- libmpin.MPIN_AES_GCM_DECRYPT(AES_KEY, IV, HEADER, CIPHERTEXT, PLAINTEXT2, TAG2)
- self.assertNotEqual(toHex(TAG1), toHex(TAG2))
- self.assertNotEqual(toHex(PLAINTEXT1), toHex(PLAINTEXT2))
- # print "Output message: %s" % ffi.string(PLAINTEXT2[0].val, PLAINTEXT2[0].len)
-
- def test_10(self):
- """test_10 AES-GCM: Failed encryption and decryption by changing a header byte"""
-
- # Generate 16 byte key
- key_val = os.urandom(PAS)
- AES_KEY = ffi.new("octet*")
- AES_KEYval = ffi.new("char [%s]" % PAS, key_val)
- AES_KEY[0].val = AES_KEYval
- AES_KEY[0].max = PAS
- AES_KEY[0].len = PAS
-
- # Generate 12 byte IV
- iv_val = os.urandom(IVL)
- IV = ffi.new("octet*")
- IVval = ffi.new("char [%s]" % IVL, iv_val)
- IV[0].val = IVval
- IV[0].max = IVL
- IV[0].len = IVL
-
- # Generate a 32 byte random header
- header_val = os.urandom(32)
- HEADER = ffi.new("octet*")
- HEADERval = ffi.new("char [%s]" % len(header_val), header_val)
- HEADER[0].val = HEADERval
- HEADER[0].max = len(header_val)
- HEADER[0].len = len(header_val)
-
- # Plaintext input
- plaintext1 = "A test message"
- PLAINTEXT1 = ffi.new("octet*")
- PLAINTEXT1val = ffi.new("char [%s]" % len(plaintext1), plaintext1)
- PLAINTEXT1[0].val = PLAINTEXT1val
- PLAINTEXT1[0].max = len(plaintext1)
- PLAINTEXT1[0].len = len(plaintext1)
- # print "Input message: %s" % ffi.string(PLAINTEXT1[0].val, PLAINTEXT1[0].len)
-
- # Ciphertext
- CIPHERTEXT = ffi.new("octet*")
- CIPHERTEXTval = ffi.new("char []", len(plaintext1))
- CIPHERTEXT[0].val = CIPHERTEXTval
- CIPHERTEXT[0].max = len(plaintext1)
-
- # 16 byte authentication tag
- TAG1 = ffi.new("octet*")
- TAG1val = ffi.new("char []", PAS)
- TAG1[0].val = TAG1val
- TAG1[0].max = PAS
-
- libmpin.MPIN_AES_GCM_ENCRYPT(AES_KEY, IV, HEADER, PLAINTEXT1, CIPHERTEXT, TAG1)
- # Plaintext output
- PLAINTEXT2 = ffi.new("octet*")
- PLAINTEXT2val = ffi.new("char []", CIPHERTEXT[0].len)
- PLAINTEXT2[0].val = PLAINTEXT2val
- PLAINTEXT2[0].max = CIPHERTEXT[0].len
- PLAINTEXT2[0].len = CIPHERTEXT[0].len
-
- # Change one byte of header
- HEADER[0].val[0] = "\xa5"
-
- # 16 byte authentication tag
- TAG2 = ffi.new("octet*")
- TAG2val = ffi.new("char []", PAS)
- TAG2[0].val = TAG2val
- TAG2[0].max = PAS
-
- libmpin.MPIN_AES_GCM_DECRYPT(AES_KEY, IV, HEADER, CIPHERTEXT, PLAINTEXT2, TAG2)
- self.assertNotEqual(toHex(TAG1), toHex(TAG2))
- self.assertEqual(toHex(PLAINTEXT1), toHex(PLAINTEXT2))
-
-if __name__ == '__main__':
- # Run tests
- unittest.main()
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/TimeMPIN.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/TimeMPIN.py b/pythonCFFI/TimeMPIN.py
deleted file mode 100755
index 5273322..0000000
--- a/pythonCFFI/TimeMPIN.py
+++ /dev/null
@@ -1,331 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-import sys
-import timeit
-import warnings
-
-from mpin import ffi, G1, G2, HASH_BYTES, libmpin, PGS, toHex
-
-warnings.filterwarnings("ignore")
-
-
-def time_func(stmt, n=10, setup='from __main__ import *'):
- t = timeit.Timer(stmt, setup)
- total_time = t.timeit(n)
- iter_time = total_time / n
- iter_per_sec = n / total_time
- print "func:%s nIter:%s total_time:%s iter_time:%s iter_per_sec: %s" % (stmt, n, total_time, iter_time, iter_per_sec)
-
-if (len(sys.argv) == 2) and (sys.argv[1] == "DEBUG"):
- DEBUG = True
-else:
- DEBUG = False
-
-nIter = 1000
-
-if __name__ == "__main__":
- # Print hex values
- DEBUG = False
- MULTI_PASS = False
-
- # Seed
- seedHex = "79dd3f23c70bb529a8e3b221cf62da0dd4bd3ca35bd0c515cd9cde5ffa6a5c4d"
- seed = seedHex.decode("hex")
-
- # Identity
- identity = "alice@miracl.com"
- MPIN_ID = ffi.new("octet*")
- MPIN_IDval = ffi.new("char [%s]" % len(identity), identity)
- MPIN_ID[0].val = MPIN_IDval
- MPIN_ID[0].max = len(identity)
- MPIN_ID[0].len = len(identity)
-
- # Master Secret Shares
- MS1 = ffi.new("octet*")
- MS1val = ffi.new("char []", PGS)
- MS1[0].val = MS1val
- MS1[0].max = PGS
- MS1[0].len = PGS
-
- MS2 = ffi.new("octet*")
- MS2val = ffi.new("char []", PGS)
- MS2[0].val = MS2val
- MS2[0].max = PGS
- MS2[0].len = PGS
-
- # Hash value of MPIN_ID
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
-
- # Client secret and shares
- CS1 = ffi.new("octet*")
- CS1val = ffi.new("char []", G1)
- CS1[0].val = CS1val
- CS1[0].max = G1
- CS1[0].len = G1
-
- CS2 = ffi.new("octet*")
- CS2val = ffi.new("char []", G1)
- CS2[0].val = CS2val
- CS2[0].max = G1
- CS2[0].len = G1
-
- SEC = ffi.new("octet*")
- SECval = ffi.new("char []", G1)
- SEC[0].val = SECval
- SEC[0].max = G1
- SEC[0].len = G1
-
- # Server secret and shares
- SS1 = ffi.new("octet*")
- SS1val = ffi.new("char []", G2)
- SS1[0].val = SS1val
- SS1[0].max = G2
- SS1[0].len = G2
-
- SS2 = ffi.new("octet*")
- SS2val = ffi.new("char []", G2)
- SS2[0].val = SS2val
- SS2[0].max = G2
- SS2[0].len = G2
-
- SERVER_SECRET = ffi.new("octet*")
- SERVER_SECRETval = ffi.new("char []", G2)
- SERVER_SECRET[0].val = SERVER_SECRETval
- SERVER_SECRET[0].max = G2
- SERVER_SECRET[0].len = G2
-
- # Time Permit and shares
- TP1 = ffi.new("octet*")
- TP1val = ffi.new("char []", G1)
- TP1[0].val = TP1val
- TP1[0].max = G1
- TP1[0].len = G1
-
- TP2 = ffi.new("octet*")
- TP2val = ffi.new("char []", G1)
- TP2[0].val = TP2val
- TP2[0].max = G1
- TP2[0].len = G1
-
- TIME_PERMIT = ffi.new("octet*")
- TIME_PERMITval = ffi.new("char []", G1)
- TIME_PERMIT[0].val = TIME_PERMITval
- TIME_PERMIT[0].max = G1
- TIME_PERMIT[0].len = G1
-
- # Token stored on computer
- TOKEN = ffi.new("octet*")
- TOKENval = ffi.new("char []", G1)
- TOKEN[0].val = TOKENval
- TOKEN[0].max = G1
- TOKEN[0].len = G1
-
- # H(ID)
- HID = ffi.new("octet*")
- HIDval = ffi.new("char []", G1)
- HID[0].val = HIDval
- HID[0].max = G1
- HID[0].len = G1
-
- # H(T|H(ID))
- HTID = ffi.new("octet*")
- HTIDval = ffi.new("char []", G1)
- HTID[0].val = HTIDval
- HTID[0].max = G1
- HTID[0].len = G1
-
- UT = ffi.new("octet*")
- UTval = ffi.new("char []", G1)
- UT[0].val = UTval
- UT[0].max = G1
- UT[0].len = G1
-
- U = ffi.new("octet*")
- Uval = ffi.new("char []", G1)
- U[0].val = Uval
- U[0].max = G1
- U[0].len = G1
-
- X = ffi.new("octet*")
- Xval = ffi.new("char []", PGS)
- X[0].val = Xval
- X[0].max = PGS
- X[0].len = PGS
-
- Y = ffi.new("octet*")
- Yval = ffi.new("char []", PGS)
- Y[0].val = Yval
- Y[0].max = PGS
- Y[0].len = PGS
-
- E = ffi.NULL
- F = ffi.NULL
-
- date = libmpin.MPIN_today()
- if date:
- HID = ffi.NULL
- U = ffi.NULL
- else:
- HTID = ffi.NULL
- UT = ffi.NULL
-
- # Assign a seed value
- RAW = ffi.new("octet*")
- RAWval = ffi.new("char [%s]" % len(seed), seed)
- RAW[0].val = RAWval
- RAW[0].len = len(seed)
- RAW[0].max = len(seed)
- if DEBUG:
- print "RAW: %s" % toHex(RAW)
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, RAW)
-
- # Hash MPIN_ID
- libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
- if DEBUG:
- print "MPIN_ID: %s" % toHex(MPIN_ID)
- print "HASH_MPIN_ID: %s" % toHex(HASH_MPIN_ID)
-
- # Generate master secret for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,MS1) Error %s", rtn
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,MS2) Error %s" % rtn
- if DEBUG:
- print "MS1: %s" % toHex(MS1)
- print "MS2: %s" % toHex(MS2)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- if rtn != 0:
- print "libmpin.MPIN_GET_SERVER_SECRET(MS1,SS1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- if rtn != 0:
- print "libmpin.MPIN_GET_SERVER_SECRET(MS2,SS2) Error %s" % rtn
- if DEBUG:
- print "SS1: %s" % toHex(SS1)
- print "SS2: %s" % toHex(SS2)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G2( SS1, SS2, SERVER_SECRET) Error %s" % rtn
- if DEBUG:
- print "SERVER_SECRET: %s" % toHex(SERVER_SECRET)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_SECRET(MS1,HASH_MPIN_ID,CS1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, HASH_MPIN_ID, CS2)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_SECRET(MS2,HASH_MPIN_ID,CS2) Error %s" % rtn
- if DEBUG:
- print "CS1: %s" % toHex(CS1)
- print "CS2: %s" % toHex(CS2)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G1( CS1, CS2, TOKEN) Error %s" % rtn
- print "Client Secret: %s" % toHex(TOKEN)
-
- # Generate Time Permit shares
- if DEBUG:
- print "Date %s" % date
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS1, HASH_MPIN_ID, TP1)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_PERMIT(date,MS1,HASH_MPIN_ID,TP1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS2, HASH_MPIN_ID, TP2)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_PERMIT(date,MS2,HASH_MPIN_ID,TP2) Error %s" % rtn
- if DEBUG:
- print "TP1: %s" % toHex(TP1)
- print "TP2: %s" % toHex(TP2)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT) Error %s" % rtn
- if DEBUG:
- print "TIME_PERMIT: %s" % toHex(TIME_PERMIT)
-
- # Client extracts PIN from secret to create Token
- PIN = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN, TOKEN)
- if rtn != 0:
- print "libmpin.MPIN_EXTRACT_PIN( MPIN_ID, PIN, TOKEN) Error %s" % rtn
- print "Token: %s" % toHex(TOKEN)
-
- if MULTI_PASS:
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(date, MPIN_ID, RNG, X, PIN, TOKEN, SEC, U, UT, TIME_PERMIT)
- if rtn != 0:
- print "MPIN_CLIENT_1 ERROR %s" % rtn
- if DEBUG:
- print "X: %s" % toHex(X)
-
- # Server calculates H(ID) and H(T|H(ID)) (if time permits enabled),
- # and maps them to points on the curve HID and HTID resp.
- libmpin.MPIN_SERVER_1(date, MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,Y) Error %s" % rtn
- if DEBUG:
- print "Y: %s" % toHex(Y)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- if rtn != 0:
- print "libmpin.MPIN_CLIENT_2(X,Y,SEC) Error %s" % rtn
- if DEBUG:
- print "V: %s" % toHex(SEC)
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- if rtn != 0:
- print "ERROR: Multi Pass %s is not authenticated" % identity
- else:
- print "SUCCESS: Multi Pass %s is authenticated" % identity
- else:
- # Client
- TimeValue = libmpin.MPIN_GET_TIME()
- time_func('libmpin.MPIN_CLIENT(date, MPIN_ID, RNG, X, PIN, TOKEN, SEC, U, UT, TIME_PERMIT, ffi.NULL, TimeValue, Y)', nIter)
- if DEBUG:
- print "X: %s" % toHex(X)
-
- # Server
- time_func('libmpin.MPIN_SERVER(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F, MPIN_ID, ffi.NULL, TimeValue)', nIter)
- rtn = libmpin.MPIN_SERVER(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F, MPIN_ID, ffi.NULL, TimeValue)
- if rtn != 0:
- print "ERROR: Single Pass %s is not authenticated" % identity
- else:
- print "SUCCESS: Single Pass %s is authenticated" % identity
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/TimeMPINFull.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/TimeMPINFull.py b/pythonCFFI/TimeMPINFull.py
deleted file mode 100755
index 6ca5022..0000000
--- a/pythonCFFI/TimeMPINFull.py
+++ /dev/null
@@ -1,444 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-import sys
-import timeit
-import warnings
-
-from mpin import ffi, G1, G2, HASH_BYTES, libmpin, PAS, PFS, PGS, toHex
-
-warnings.filterwarnings("ignore")
-
-
-def time_func(stmt, n=10, setup='from __main__ import *'):
- t = timeit.Timer(stmt, setup)
- exec_time = t.timeit(n)
- iter_time = exec_time / n
- iter_per_sec = n / exec_time
- print "func:%s nIter:%s exec_time:%s iter_time:%s iter_per_sec: %s" % (stmt, n, exec_time, iter_time, iter_per_sec)
- return exec_time
-
-if (len(sys.argv) == 2) and (sys.argv[1] == "DEBUG"):
- DEBUG = True
-else:
- DEBUG = False
-
-nIter = 100
-
-if __name__ == "__main__":
- # Print hex values
- DEBUG = False
- SINGLE_PASS = True
- TIME_PERMITS = True
-
- if TIME_PERMITS:
- date = libmpin.MPIN_today()
- else:
- date = 0
-
- # Seed
- seedHex = "79dd3f23c70bb529a8e3b221cf62da0dd4bd3ca35bd0c515cd9cde5ffa6a5c4d"
- seed = seedHex.decode("hex")
-
- # Identity
- identity = "alice@miracl.com"
- MPIN_ID = ffi.new("octet*")
- MPIN_IDval = ffi.new("char [%s]" % len(identity), identity)
- MPIN_ID[0].val = MPIN_IDval
- MPIN_ID[0].max = len(identity)
- MPIN_ID[0].len = len(identity)
-
- # Master Secret Shares
- MS1 = ffi.new("octet*")
- MS1val = ffi.new("char []", PGS)
- MS1[0].val = MS1val
- MS1[0].max = PGS
- MS1[0].len = PGS
-
- MS2 = ffi.new("octet*")
- MS2val = ffi.new("char []", PGS)
- MS2[0].val = MS2val
- MS2[0].max = PGS
- MS2[0].len = PGS
-
- # Hash value of MPIN_ID
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
-
- # Client secret and shares
- CS1 = ffi.new("octet*")
- CS1val = ffi.new("char []", G1)
- CS1[0].val = CS1val
- CS1[0].max = G1
- CS1[0].len = G1
-
- CS2 = ffi.new("octet*")
- CS2val = ffi.new("char []", G1)
- CS2[0].val = CS2val
- CS2[0].max = G1
- CS2[0].len = G1
-
- SEC = ffi.new("octet*")
- SECval = ffi.new("char []", G1)
- SEC[0].val = SECval
- SEC[0].max = G1
- SEC[0].len = G1
-
- # Server secret and shares
- SS1 = ffi.new("octet*")
- SS1val = ffi.new("char []", G2)
- SS1[0].val = SS1val
- SS1[0].max = G2
- SS1[0].len = G2
-
- SS2 = ffi.new("octet*")
- SS2val = ffi.new("char []", G2)
- SS2[0].val = SS2val
- SS2[0].max = G2
- SS2[0].len = G2
-
- SERVER_SECRET = ffi.new("octet*")
- SERVER_SECRETval = ffi.new("char []", G2)
- SERVER_SECRET[0].val = SERVER_SECRETval
- SERVER_SECRET[0].max = G2
- SERVER_SECRET[0].len = G2
-
- # Time Permit and shares
- TP1 = ffi.new("octet*")
- TP1val = ffi.new("char []", G1)
- TP1[0].val = TP1val
- TP1[0].max = G1
- TP1[0].len = G1
-
- TP2 = ffi.new("octet*")
- TP2val = ffi.new("char []", G1)
- TP2[0].val = TP2val
- TP2[0].max = G1
- TP2[0].len = G1
-
- TIME_PERMIT = ffi.new("octet*")
- TIME_PERMITval = ffi.new("char []", G1)
- TIME_PERMIT[0].val = TIME_PERMITval
- TIME_PERMIT[0].max = G1
- TIME_PERMIT[0].len = G1
-
- # Token stored on computer
- TOKEN = ffi.new("octet*")
- TOKENval = ffi.new("char []", G1)
- TOKEN[0].val = TOKENval
- TOKEN[0].max = G1
- TOKEN[0].len = G1
-
- # H(ID)
- HID = ffi.new("octet*")
- HIDval = ffi.new("char []", G1)
- HID[0].val = HIDval
- HID[0].max = G1
- HID[0].len = G1
-
- # H(T|H(ID))
- HTID = ffi.new("octet*")
- HTIDval = ffi.new("char []", G1)
- HTID[0].val = HTIDval
- HTID[0].max = G1
- HTID[0].len = G1
-
- UT = ffi.new("octet*")
- UTval = ffi.new("char []", G1)
- UT[0].val = UTval
- UT[0].max = G1
- UT[0].len = G1
-
- U = ffi.new("octet*")
- Uval = ffi.new("char []", G1)
- U[0].val = Uval
- U[0].max = G1
- U[0].len = G1
-
- X = ffi.new("octet*")
- Xval = ffi.new("char []", PGS)
- X[0].val = Xval
- X[0].max = PGS
- X[0].len = PGS
-
- Y = ffi.new("octet*")
- Yval = ffi.new("char []", PGS)
- Y[0].val = Yval
- Y[0].max = PGS
- Y[0].len = PGS
-
- E = ffi.NULL
- F = ffi.NULL
-
- # MPIN Full
- R = ffi.new("octet*")
- Rval = ffi.new("char []", PGS)
- R[0].val = Rval
- R[0].max = PGS
- R[0].len = PGS
-
- W = ffi.new("octet*")
- Wval = ffi.new("char []", PGS)
- W[0].val = Wval
- W[0].max = PGS
- W[0].len = PGS
-
- Z = ffi.new("octet*")
- Zval = ffi.new("char []", G1)
- Z[0].val = Zval
- Z[0].max = G1
- Z[0].len = G1
-
- T = ffi.new("octet*")
- Tval = ffi.new("char []", G1)
- T[0].val = Tval
- T[0].max = G1
- T[0].len = G1
-
- TATE1 = ffi.new("octet*")
- TATE1val = ffi.new("char []", 12*PFS)
- TATE1[0].val = TATE1val
- TATE1[0].max = 12*PFS
- TATE1[0].len = 12*PFS
-
- TATE2 = ffi.new("octet*")
- TATE2val = ffi.new("char []", 12*PFS)
- TATE2[0].val = TATE2val
- TATE2[0].max = 12*PFS
- TATE2[0].len = 12*PFS
-
- SK = ffi.new("octet*")
- SKval = ffi.new("char []", PAS)
- SK[0].val = SKval
- SK[0].max = PAS
- SK[0].len = PAS
-
- CK = ffi.new("octet*")
- CKval = ffi.new("char []", PAS)
- CK[0].val = CKval
- CK[0].max = PAS
- CK[0].len = PAS
-
- if date:
- HID = ffi.NULL
- U = ffi.NULL
- prHID = HTID
- else:
- HTID = ffi.NULL
- UT = ffi.NULL
- prHID = HID
-
- # Assign a seed value
- RAW = ffi.new("octet*")
- RAWval = ffi.new("char [%s]" % len(seed), seed)
- RAW[0].val = RAWval
- RAW[0].len = len(seed)
- RAW[0].max = len(seed)
- if DEBUG:
- print "RAW: %s" % toHex(RAW)
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, RAW)
-
- # Hash MPIN_ID
- libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
- if DEBUG:
- print "MPIN_ID: %s" % toHex(MPIN_ID)
- print "HASH_MPIN_ID: %s" % toHex(HASH_MPIN_ID)
-
- # Generate master secret for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,MS1) Error %s", rtn
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,MS2) Error %s" % rtn
- if DEBUG:
- print "MS1: %s" % toHex(MS1)
- print "MS2: %s" % toHex(MS2)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- if rtn != 0:
- print "libmpin.MPIN_GET_SERVER_SECRET(MS1,SS1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- if rtn != 0:
- print "libmpin.MPIN_GET_SERVER_SECRET(MS2,SS2) Error %s" % rtn
- if DEBUG:
- print "SS1: %s" % toHex(SS1)
- print "SS2: %s" % toHex(SS2)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G2( SS1, SS2, SERVER_SECRET) Error %s" % rtn
- if DEBUG:
- print "SERVER_SECRET: %s" % toHex(SERVER_SECRET)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_SECRET(MS1,HASH_MPIN_ID,CS1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, HASH_MPIN_ID, CS2)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_SECRET(MS2,HASH_MPIN_ID,CS2) Error %s" % rtn
- if DEBUG:
- print "CS1: %s" % toHex(CS1)
- print "CS2: %s" % toHex(CS2)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G1( CS1, CS2, TOKEN) Error %s" % rtn
- print "Client Secret: %s" % toHex(TOKEN)
-
- # Generate Time Permit shares
- if DEBUG:
- print "Date %s" % date
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS1, HASH_MPIN_ID, TP1)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_PERMIT(date,MS1,HASH_MPIN_ID,TP1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS2, HASH_MPIN_ID, TP2)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_PERMIT(date,MS2,HASH_MPIN_ID,TP2) Error %s" % rtn
- if DEBUG:
- print "TP1: %s" % toHex(TP1)
- print "TP2: %s" % toHex(TP2)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT) Error %s" % rtn
- if DEBUG:
- print "TIME_PERMIT: %s" % toHex(TIME_PERMIT)
-
- # Client extracts PIN from secret to create Token
- PIN = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN, TOKEN)
- if rtn != 0:
- print "libmpin.MPIN_EXTRACT_PIN( MPIN_ID, PIN, TOKEN) Error %s" % rtn
- print "Token: %s" % toHex(TOKEN)
-
- if SINGLE_PASS:
- print "M-Pin Single Pass"
- clientTime = 0
- serverTime = 0
- TimeValue = libmpin.MPIN_GET_TIME()
- # Client precomputation
- time_func('libmpin.MPIN_PRECOMPUTE(TOKEN,HASH_MPIN_ID,TATE1,TATE2)', nIter)
-
- # Client MPIN
- ct1 = time_func('libmpin.MPIN_CLIENT(date, MPIN_ID, RNG, X, PIN, TOKEN, SEC, U, UT, TIME_PERMIT, ffi.NULL, TimeValue, Y)', nIter)
- clientTime = clientTime + ct1
- if DEBUG:
- print "X: %s" % toHex(X)
-
- # Client sends Z=r.ID to Server
- ct2 = time_func('libmpin.MPIN_GET_G1_MULTIPLE(RNG,1,R,HASH_MPIN_ID,Z)', nIter)
- clientTime = clientTime + ct2
-
- # Server MPIN
- st1 = time_func('libmpin.MPIN_SERVER(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F, MPIN_ID, ffi.NULL, TimeValue)', nIter)
- serverTime = serverTime + st1
- rtn = libmpin.MPIN_SERVER(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F, MPIN_ID, ffi.NULL, TimeValue)
- if rtn != 0:
- print "ERROR: Single Pass %s is not authenticated" % identity
- else:
- print "SUCCESS: Single Pass %s is authenticated" % identity
-
- # Server sends T=w.ID to client
- st2 = time_func('libmpin.MPIN_GET_G1_MULTIPLE(RNG,0,W,prHID,T)', nIter)
- serverTime = serverTime + st2
- print "T: %s" % toHex(T)
-
- ct3 = time_func('libmpin.MPIN_CLIENT_KEY(TATE1,TATE2,PIN,R,X,T,CK)', nIter)
- clientTime = clientTime + ct3
- print "Client Key: %s" % toHex(CK)
-
- st3 = time_func('libmpin.MPIN_SERVER_KEY(Z,SERVER_SECRET,W,U,UT,SK)', nIter)
- serverTime = serverTime + st3
- print "Server Key: %s" % toHex(SK)
-
- assert toHex(CK) == toHex(SK), "CK == SK"
-
- iter_time = clientTime / nIter
- iter_per_sec = nIter / clientTime
- print "Client nIter:%s time:%s iter_time:%s iter_per_sec: %s" % (nIter, clientTime, iter_time, iter_per_sec)
- iter_time = serverTime / nIter
- iter_per_sec = nIter / serverTime
- print "Server nIter:%s time:%s iter_time:%s iter_per_sec: %s" % (nIter, serverTime, iter_time, iter_per_sec)
-
- else:
- print "M-Pin Multi Pass"
- rtn = libmpin.MPIN_PRECOMPUTE(TOKEN, HASH_MPIN_ID, TATE1, TATE2)
- if rtn != 0:
- print "MPIN_PERCOMPUTE ERROR %s" % rtn
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(date, MPIN_ID, RNG, X, PIN, TOKEN, SEC, U, UT, TIME_PERMIT)
- if rtn != 0:
- print "MPIN_CLIENT_1 ERROR %s" % rtn
- if DEBUG:
- print "X: %s" % toHex(X)
-
- # Server calculates H(ID) and H(T|H(ID)) (if time permits enabled),
- # and maps them to points on the curve HID and HTID resp.
- libmpin.MPIN_SERVER_1(date, MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,Y) Error %s" % rtn
- if DEBUG:
- print "Y: %s" % toHex(Y)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- if rtn != 0:
- print "libmpin.MPIN_CLIENT_2(X,Y,SEC) Error %s" % rtn
- if DEBUG:
- print "V: %s" % toHex(SEC)
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- if rtn != 0:
- print "ERROR: Multi Pass %s is not authenticated" % identity
- else:
- print "SUCCESS: Multi Pass %s is authenticated" % identity
-
- # Server sends T=w.ID to client
- libmpin.MPIN_GET_G1_MULTIPLE(RNG, 0, W, prHID, T)
-
- # Client sends Z=r.ID to Server
- rtn = libmpin.MPIN_GET_G1_MULTIPLE(RNG, 1, R, HASH_MPIN_ID, Z)
- if rtn != 0:
- print "ERROR: Generating Z %s" % rtn
-
- libmpin.MPIN_CLIENT_KEY(TATE1, TATE2, PIN, R, X, T, CK)
- print "Client Key: %s" % toHex(CK)
-
- libmpin.MPIN_SERVER_KEY(Z, SERVER_SECRET, W, U, UT, SK)
- print "Server Key: %s" % toHex(SK)
-
- assert toHex(CK) == toHex(SK), "CK == SK"
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/mpin.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/mpin.py b/pythonCFFI/mpin.py
deleted file mode 100755
index 7032e45..0000000
--- a/pythonCFFI/mpin.py
+++ /dev/null
@@ -1,572 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-
-
-"""
-mpin
-
-This module use cffi to access the c functions in the mpin library.
-
-There is also an example usage program in this file.
-
-"""
-import cffi
-import platform
-
-# MPIN Group Size
-PGS = 32
-# MPIN Field Size
-PFS = 32
-G1 = 2*PFS + 1
-G2 = 4*PFS
-# Hash Size
-HASH_BYTES = 32
-# AES-GCM IV length
-IVL = 12
-# MPIN Symmetric Key Size
-PAS = 16
-
-ffi = cffi.FFI()
-ffi.cdef("""
-typedef struct {
-unsigned int ira[21]; /* random number... */
-int rndptr; /* ...array & pointer */
-unsigned int borrow;
-int pool_ptr;
-char pool[32]; /* random pool */
-} csprng;
-
-typedef struct
-{
- int len;
- int max;
- char *val;
-} octet;
-
-extern unsigned int MPIN_GET_TIME(void);
-extern void MPIN_Y(int,octet *,octet *);
-extern void MPIN_HASH_ID(octet *,octet *);
-extern int MPIN_EXTRACT_PIN(octet *,int,octet *);
-extern int MPIN_CLIENT(int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *V,octet *U,octet *UT,octet *TP, octet* MESSAGE, int t, octet *y);
-extern int MPIN_CLIENT_1(int,octet *,csprng *,octet *,int,octet *,octet *,octet *,octet *,octet *);
-extern int MPIN_RANDOM_GENERATE(csprng *,octet *);
-extern int MPIN_CLIENT_2(octet *,octet *,octet *);
-extern void MPIN_SERVER_1(int,octet *,octet *,octet *);
-extern int MPIN_SERVER_2(int,octet *,octet *,octet *,octet *,octet *,octet *,octet *,octet *,octet *);
-extern int MPIN_SERVER(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE, int t);
-extern int MPIN_RECOMBINE_G1(octet *,octet *,octet *);
-extern int MPIN_RECOMBINE_G2(octet *,octet *,octet *);
-extern int MPIN_KANGAROO(octet *,octet *);
-
-extern int MPIN_ENCODING(csprng *,octet *);
-extern int MPIN_DECODING(octet *);
-
-extern unsigned int MPIN_today(void);
-extern void MPIN_CREATE_CSPRNG(csprng *,octet *);
-extern void MPIN_KILL_CSPRNG(csprng *);
-extern int MPIN_PRECOMPUTE(octet *,octet *,octet *,octet *);
-extern int MPIN_SERVER_KEY(octet *Z,octet *SS,octet *w,octet *p,octet *I,octet *U,octet *UT,octet *K);
-extern int MPIN_CLIENT_KEY(octet *g1,octet *g2,int pin,octet *r,octet *x,octet *p,octet *T,octet *K);
-extern int MPIN_GET_G1_MULTIPLE(csprng *,int,octet *,octet *,octet *);
-extern int MPIN_GET_CLIENT_SECRET(octet *,octet *,octet *);
-extern int MPIN_GET_CLIENT_PERMIT(int,octet *,octet *,octet *);
-extern int MPIN_GET_SERVER_SECRET(octet *,octet *);
-extern int MPIN_TEST_PAIRING(octet *,octet *);
-extern void hex2bytes(char *hex, char *bin);
-extern void generateRandom(csprng*, octet*);
-extern int generateOTP(csprng*);
-extern void MPIN_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
-extern void MPIN_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
-extern void MPIN_HASH_ALL(octet *I,octet *U,octet *CU,octet *V,octet *Y,octet *R,octet *W,octet *H);
-
-""")
-
-if (platform.system() == 'Windows'):
- libmpin = ffi.dlopen("libmpin.dll")
-elif (platform.system() == 'Darwin'):
- libmpin = ffi.dlopen("libmpin.dylib")
-else:
- libmpin = ffi.dlopen("libmpin.so")
-
-
-def toHex(octetValue):
- """Converts an octet type into a string
-
- Add all the values in an octet into an array. This arrays is then
- converted to a string and hex encoded.
-
- Args::
-
- octetValue. An octet type
-
- Returns::
-
- String
-
- Raises:
- Exception
- """
- i = 0
- val = []
- while i < octetValue[0].len:
- val.append(octetValue[0].val[i])
- i = i+1
- return ''.join(val).encode("hex")
-
-if __name__ == "__main__":
- # Print hex values
- DEBUG = False
- SINGLE_PASS = False
- TIME_PERMITS = True
- MPIN_FULL = False
- PIN_ERROR = True
- USE_ANONYMOUS = False
-
- if TIME_PERMITS:
- date = libmpin.MPIN_today()
- else:
- date = 0
-
- # Seed
- seedHex = "3ade3d4a5c698e8910bf92f25d97ceeb7c25ed838901a5cb5db2cf25434c1fe76c7f79b7af2e5e1e4988e4294dbd9bd9fa3960197fb7aec373609fb890d74b16a4b14b2ae7e23b75f15d36c21791272372863c4f8af39980283ae69a79cf4e48e908f9e0"
- seed = seedHex.decode("hex")
-
- # Identity
- identity = raw_input("Please enter identity:")
- MPIN_ID = ffi.new("octet*")
- MPIN_IDval = ffi.new("char [%s]" % len(identity), identity)
- MPIN_ID[0].val = MPIN_IDval
- MPIN_ID[0].max = len(identity)
- MPIN_ID[0].len = len(identity)
-
- # Master Secret Shares
- MS1 = ffi.new("octet*")
- MS1val = ffi.new("char []", PGS)
- MS1[0].val = MS1val
- MS1[0].max = PGS
- MS1[0].len = PGS
-
- MS2 = ffi.new("octet*")
- MS2val = ffi.new("char []", PGS)
- MS2[0].val = MS2val
- MS2[0].max = PGS
- MS2[0].len = PGS
-
- # Hash value of MPIN_ID
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
-
- # Client secret and shares
- CS1 = ffi.new("octet*")
- CS1val = ffi.new("char []", G1)
- CS1[0].val = CS1val
- CS1[0].max = G1
- CS1[0].len = G1
-
- CS2 = ffi.new("octet*")
- CS2val = ffi.new("char []", G1)
- CS2[0].val = CS2val
- CS2[0].max = G1
- CS2[0].len = G1
-
- SEC = ffi.new("octet*")
- SECval = ffi.new("char []", G1)
- SEC[0].val = SECval
- SEC[0].max = G1
- SEC[0].len = G1
-
- # Server secret and shares
- SS1 = ffi.new("octet*")
- SS1val = ffi.new("char []", G2)
- SS1[0].val = SS1val
- SS1[0].max = G2
- SS1[0].len = G2
-
- SS2 = ffi.new("octet*")
- SS2val = ffi.new("char []", G2)
- SS2[0].val = SS2val
- SS2[0].max = G2
- SS2[0].len = G2
-
- SERVER_SECRET = ffi.new("octet*")
- SERVER_SECRETval = ffi.new("char []", G2)
- SERVER_SECRET[0].val = SERVER_SECRETval
- SERVER_SECRET[0].max = G2
- SERVER_SECRET[0].len = G2
-
- # Time Permit and shares
- TP1 = ffi.new("octet*")
- TP1val = ffi.new("char []", G1)
- TP1[0].val = TP1val
- TP1[0].max = G1
- TP1[0].len = G1
-
- TP2 = ffi.new("octet*")
- TP2val = ffi.new("char []", G1)
- TP2[0].val = TP2val
- TP2[0].max = G1
- TP2[0].len = G1
-
- TIME_PERMIT = ffi.new("octet*")
- TIME_PERMITval = ffi.new("char []", G1)
- TIME_PERMIT[0].val = TIME_PERMITval
- TIME_PERMIT[0].max = G1
- TIME_PERMIT[0].len = G1
-
- # Token stored on computer
- TOKEN = ffi.new("octet*")
- TOKENval = ffi.new("char []", G1)
- TOKEN[0].val = TOKENval
- TOKEN[0].max = G1
- TOKEN[0].len = G1
-
- # H(ID)
- HID = ffi.new("octet*")
- HIDval = ffi.new("char []", G1)
- HID[0].val = HIDval
- HID[0].max = G1
- HID[0].len = G1
-
- # H(T|H(ID))
- HTID = ffi.new("octet*")
- HTIDval = ffi.new("char []", G1)
- HTID[0].val = HTIDval
- HTID[0].max = G1
- HTID[0].len = G1
-
- UT = ffi.new("octet*")
- UTval = ffi.new("char []", G1)
- UT[0].val = UTval
- UT[0].max = G1
- UT[0].len = G1
-
- U = ffi.new("octet*")
- Uval = ffi.new("char []", G1)
- U[0].val = Uval
- U[0].max = G1
- U[0].len = G1
-
- X = ffi.new("octet*")
- Xval = ffi.new("char []", PGS)
- X[0].val = Xval
- X[0].max = PGS
- X[0].len = PGS
-
- Y = ffi.new("octet*")
- Yval = ffi.new("char []", PGS)
- Y[0].val = Yval
- Y[0].max = PGS
- Y[0].len = PGS
-
- E = ffi.new("octet*")
- Eval = ffi.new("char []", 12*PFS)
- E[0].val = Eval
- E[0].max = 12*PFS
- E[0].len = 12*PFS
-
- F = ffi.new("octet*")
- Fval = ffi.new("char []", 12*PFS)
- F[0].val = Fval
- F[0].max = 12*PFS
- F[0].len = 12*PFS
-
- # MPIN Full
- R = ffi.new("octet*")
- Rval = ffi.new("char []", PGS)
- R[0].val = Rval
- R[0].max = PGS
- R[0].len = PGS
-
- W = ffi.new("octet*")
- Wval = ffi.new("char []", PGS)
- W[0].val = Wval
- W[0].max = PGS
- W[0].len = PGS
-
- Z = ffi.new("octet*")
- Zval = ffi.new("char []", G1)
- Z[0].val = Zval
- Z[0].max = G1
- Z[0].len = G1
-
- T = ffi.new("octet*")
- Tval = ffi.new("char []", G1)
- T[0].val = Tval
- T[0].max = G1
- T[0].len = G1
-
- TATE1 = ffi.new("octet*")
- TATE1val = ffi.new("char []", 12*PFS)
- TATE1[0].val = TATE1val
- TATE1[0].max = 12*PFS
- TATE1[0].len = 12*PFS
-
- TATE2 = ffi.new("octet*")
- TATE2val = ffi.new("char []", 12*PFS)
- TATE2[0].val = TATE2val
- TATE2[0].max = 12*PFS
- TATE2[0].len = 12*PFS
-
- SK = ffi.new("octet*")
- SKval = ffi.new("char []", PAS)
- SK[0].val = SKval
- SK[0].max = PAS
- SK[0].len = PAS
-
- CK = ffi.new("octet*")
- CKval = ffi.new("char []", PAS)
- CK[0].val = CKval
- CK[0].max = PAS
- CK[0].len = PAS
-
- # Hash value of transmission
- HM = ffi.new("octet*")
- HMval = ffi.new("char []", HASH_BYTES)
- HM[0].val = HMval
- HM[0].max = HASH_BYTES
- HM[0].len = HASH_BYTES
-
- if date:
- prHID = HTID
- if not PIN_ERROR:
- U = ffi.NULL
- else:
- HTID = ffi.NULL
- UT = ffi.NULL
- prHID = HID
- TIME_PERMIT = ffi.NULL
-
- if not PIN_ERROR:
- E = ffi.NULL
- F = ffi.NULL
-
- # Assign a seed value
- RAW = ffi.new("octet*")
- RAWval = ffi.new("char [%s]" % len(seed), seed)
- RAW[0].val = RAWval
- RAW[0].len = len(seed)
- RAW[0].max = len(seed)
- if DEBUG:
- print "RAW: %s" % toHex(RAW)
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, RAW)
-
- # Hash MPIN_ID
- libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
- if DEBUG:
- print "MPIN_ID: %s" % toHex(MPIN_ID)
- print "HASH_MPIN_ID: %s" % toHex(HASH_MPIN_ID)
-
- if USE_ANONYMOUS:
- pID = HASH_MPIN_ID
- else:
- pID = MPIN_ID
-
- # Generate master secret for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,MS1) Error %s", rtn
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,MS2) Error %s" % rtn
- if DEBUG:
- print "MS1: %s" % toHex(MS1)
- print "MS2: %s" % toHex(MS2)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- if rtn != 0:
- print "libmpin.MPIN_GET_SERVER_SECRET(MS1,SS1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- if rtn != 0:
- print "libmpin.MPIN_GET_SERVER_SECRET(MS2,SS2) Error %s" % rtn
- if DEBUG:
- print "SS1: %s" % toHex(SS1)
- print "SS2: %s" % toHex(SS2)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G2( SS1, SS2, SERVER_SECRET) Error %s" % rtn
- if DEBUG:
- print "SERVER_SECRET: %s" % toHex(SERVER_SECRET)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_SECRET(MS1,HASH_MPIN_ID,CS1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, HASH_MPIN_ID, CS2)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_SECRET(MS2,HASH_MPIN_ID,CS2) Error %s" % rtn
- if DEBUG:
- print "CS1: %s" % toHex(CS1)
- print "CS2: %s" % toHex(CS2)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G1( CS1, CS2, TOKEN) Error %s" % rtn
- print "Client Secret: %s" % toHex(TOKEN)
-
- # Generate Time Permit shares
- if DEBUG:
- print "Date %s" % date
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS1, HASH_MPIN_ID, TP1)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_PERMIT(date,MS1,HASH_MPIN_ID,TP1) Error %s" % rtn
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS2, HASH_MPIN_ID, TP2)
- if rtn != 0:
- print "libmpin.MPIN_GET_CLIENT_PERMIT(date,MS2,HASH_MPIN_ID,TP2) Error %s" % rtn
- if DEBUG:
- print "TP1: %s" % toHex(TP1)
- print "TP2: %s" % toHex(TP2)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- if rtn != 0:
- print "libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT) Error %s" % rtn
- if DEBUG:
- print "TIME_PERMIT: %s" % toHex(TIME_PERMIT)
-
- # Client extracts PIN from secret to create Token
- PIN = int(raw_input("Please enter four digit PIN to create M-Pin Token:"))
- rtn = libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN, TOKEN)
- if rtn != 0:
- print "libmpin.MPIN_EXTRACT_PIN( MPIN_ID, PIN, TOKEN) Error %s" % rtn
- print "Token: %s" % toHex(TOKEN)
-
- if SINGLE_PASS:
- print "M-Pin Single Pass"
- PIN = int(raw_input("Please enter PIN to authenticate:"))
- TimeValue = libmpin.MPIN_GET_TIME()
- if DEBUG:
- print "TimeValue %s" % TimeValue
-
- # Client precomputation
- if MPIN_FULL:
- libmpin.MPIN_PRECOMPUTE(TOKEN, HASH_MPIN_ID, TATE1, TATE2)
-
- # Client MPIN
- rtn = libmpin.MPIN_CLIENT(date, MPIN_ID, RNG, X, PIN, TOKEN, SEC, U, UT, TIME_PERMIT, ffi.NULL, TimeValue, Y)
- if rtn != 0:
- print "MPIN_CLIENT ERROR %s" % rtn
- if DEBUG:
- print "X: %s" % toHex(X)
-
- # Client sends Z=r.ID to Server
- if MPIN_FULL:
- libmpin.MPIN_GET_G1_MULTIPLE(RNG, 1, R, HASH_MPIN_ID, Z)
-
- # Server MPIN
- rtn = libmpin.MPIN_SERVER(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F, pID, ffi.NULL, TimeValue)
- if rtn != 0:
- print "ERROR: Single Pass %s is not authenticated" % identity
- if PIN_ERROR:
- err = libmpin.MPIN_KANGAROO(E, F)
- print "Client PIN error %d " % err
- else:
- print "SUCCESS: Single Pass %s is authenticated" % identity
-
- # Server sends T=w.ID to client
- if MPIN_FULL:
- libmpin.MPIN_GET_G1_MULTIPLE(RNG, 0, W, prHID, T)
- print "T: %s" % toHex(T)
-
- if MPIN_FULL:
- libmpin.MPIN_HASH_ALL(prHID,U,UT,SEC,Y,Z,T,HM);
-
- libmpin.MPIN_CLIENT_KEY(TATE1, TATE2, PIN, R, X, HM, T, CK)
- print "Client AES Key: %s" % toHex(CK)
-
- libmpin.MPIN_SERVER_KEY(Z, SERVER_SECRET, W, HM, HID, U, UT, SK)
- print "Server AES Key: %s" % toHex(SK)
-
- else:
- print "M-Pin Multi Pass"
- PIN = int(raw_input("Please enter PIN to authenticate:"))
- if MPIN_FULL:
- rtn = libmpin.MPIN_PRECOMPUTE(TOKEN, HASH_MPIN_ID, TATE1, TATE2)
- if rtn != 0:
- print "MPIN_PERCOMPUTE ERROR %s" % rtn
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(date, MPIN_ID, RNG, X, PIN, TOKEN, SEC, U, UT, TIME_PERMIT)
- if rtn != 0:
- print "MPIN_CLIENT_1 ERROR %s" % rtn
- if DEBUG:
- print "X: %s" % toHex(X)
-
- # Server calculates H(ID) and H(T|H(ID)) (if time permits enabled),
- # and maps them to points on the curve HID and HTID resp.
- libmpin.MPIN_SERVER_1(date, pID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- if rtn != 0:
- print "libmpin.MPIN_RANDOM_GENERATE(RNG,Y) Error %s" % rtn
- if DEBUG:
- print "Y: %s" % toHex(Y)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- if rtn != 0:
- print "libmpin.MPIN_CLIENT_2(X,Y,SEC) Error %s" % rtn
- if DEBUG:
- print "V: %s" % toHex(SEC)
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- if rtn != 0:
- print "ERROR: Multi Pass %s is not authenticated" % identity
- if PIN_ERROR:
- err = libmpin.MPIN_KANGAROO(E, F)
- print "Client PIN error %d " % err
- else:
- print "SUCCESS: Multi Pass %s is authenticated" % identity
-
- # Client sends Z=r.ID to Server
- if MPIN_FULL:
- rtn = libmpin.MPIN_GET_G1_MULTIPLE(RNG, 1, R, HASH_MPIN_ID, Z)
- if rtn != 0:
- print "ERROR: Generating Z %s" % rtn
-
- # Server sends T=w.ID to client
- if MPIN_FULL:
- rtn = libmpin.MPIN_GET_G1_MULTIPLE(RNG, 0, W, prHID, T)
- if rtn != 0:
- print "ERROR: Generating T %s" % rtn
-
- libmpin.MPIN_HASH_ALL(HASH_MPIN_ID,U,UT,SEC,Y,Z,T,HM);
-
- rtn = libmpin.MPIN_CLIENT_KEY(TATE1, TATE2, PIN, R, X, HM, T, CK)
- if rtn != 0:
- print "ERROR: Generating CK %s" % rtn
- print "Client AES Key: %s" % toHex(CK)
-
- rtn = libmpin.MPIN_SERVER_KEY(Z, SERVER_SECRET, W, HM, HID, U, UT, SK)
- if rtn != 0:
- print "ERROR: Generating SK %s" % rtn
- print "Server AES Key: %s" % toHex(SK)
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/wcc.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/wcc.py b/pythonCFFI/wcc.py
deleted file mode 100755
index efd991d..0000000
--- a/pythonCFFI/wcc.py
+++ /dev/null
@@ -1,478 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-
-
-"""
-wcc
-
-This module use cffi to access the c functions in the WCC library.
-
-There is also an example usage program in this file.
-
-"""
-import cffi
-import platform
-
-# WCC Group Size
-PGS = 32
-# WCC Field Size
-PFS = 32
-G1 = 2*PFS + 1
-G2 = 4*PFS
-# Length of hash
-HASH_BYTES = 32
-# AES-GCM IV length
-IVL = 12
-# AES Key length
-PAS = 16
-
-ffi = cffi.FFI()
-ffi.cdef("""
-typedef struct {
-unsigned int ira[21]; /* random number... */
-int rndptr; /* ...array & pointer */
-unsigned int borrow;
-int pool_ptr;
-char pool[32]; /* random pool */
-} csprng;
-
-typedef struct
-{
- int len;
- int max;
- char *val;
-} octet;
-
-extern int WCC_RANDOM_GENERATE(csprng *RNG,octet* S);
-extern void WCC_Hq(octet *A,octet *B,octet *C,octet *D,octet *h);
-extern int WCC_GET_G2_MULTIPLE(int hashDone,octet *S,octet *ID,octet *VG2);
-extern int WCC_GET_G1_MULTIPLE(int hashDone,octet *S,octet *ID,octet *VG1);
-extern int WCC_GET_G1_TPMULT(int date, octet *S,octet *ID,octet *VG1);
-extern int WCC_GET_G2_TPMULT(int date, octet *S,octet *ID,octet *VG2);
-extern int WCC_GET_G1_PERMIT(int date,octet *S,octet *HID,octet *G1TP);
-extern int WCC_GET_G2_PERMIT(int date,octet *S,octet *HID,octet *G2TP);
-extern int WCC_SENDER_KEY(int date, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *ATPG1Oct, octet *IdBOct, octet *AESKeyOct);
-extern int WCC_RECEIVER_KEY(int date, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct,octet *BTPG2Oct, octet *IdAOct, octet *AESKeyOct);
-extern void WCC_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
-extern void WCC_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
-extern void WCC_HASH_ID(octet *,octet *);
-extern int WCC_RECOMBINE_G1(octet *,octet *,octet *);
-extern int WCC_RECOMBINE_G2(octet *,octet *,octet *);
-extern unsigned int WCC_today(void);
-extern void WCC_CREATE_CSPRNG(csprng *,octet *);
-extern void WCC_KILL_CSPRNG(csprng *RNG);
-extern void version(char* info);
-
-""")
-
-if (platform.system() == 'Windows'):
- libwcc = ffi.dlopen("libwcc.dll")
-elif (platform.system() == 'Darwin'):
- libwcc = ffi.dlopen("libwcc.dylib")
-else:
- libwcc = ffi.dlopen("libwcc.so")
-
-
-def toHex(octetValue):
- """Converts an octet type into a string
-
- Add all the values in an octet into an array. This arrays is then
- converted to a string and hex encoded.
-
- Args::
-
- octetValue. An octet type
-
- Returns::
-
- String
-
- Raises:
- Exception
- """
- i = 0
- val = []
- while i < octetValue[0].len:
- val.append(octetValue[0].val[i])
- i = i+1
- return ''.join(val).encode("hex")
-
-
-if __name__ == "__main__":
- # Print hex values
- DEBUG = False
-
- build_version = ffi.new("char []", 256)
- libwcc.version(build_version)
- print ffi.string(build_version)
-
- # Seed
- seedHex = "0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20"
- seed = seedHex.decode("hex")
-
- # Master Secret Shares
- MS1 = ffi.new("octet*")
- MS1val = ffi.new("char []", PGS)
- MS1[0].val = MS1val
- MS1[0].max = PGS
- MS1[0].len = PGS
-
- MS2 = ffi.new("octet*")
- MS2val = ffi.new("char []", PGS)
- MS2[0].val = MS2val
- MS2[0].max = PGS
- MS2[0].len = PGS
-
- # Alice Identity
- alice_id = raw_input("Please enter Alice's identity:")
- IdA = ffi.new("octet*")
- IdAval = ffi.new("char [%s]" % len(alice_id), alice_id)
- IdA[0].val = IdAval
- IdA[0].max = len(alice_id)
- IdA[0].len = len(alice_id)
-
- # Hash value of IdA
- AHV = ffi.new("octet*")
- AHVval = ffi.new("char []", HASH_BYTES)
- AHV[0].val = AHVval
- AHV[0].max = HASH_BYTES
- AHV[0].len = HASH_BYTES
-
- # Bob Identity
- bob_id = raw_input("Please enter Bob's identity:")
- IdB = ffi.new("octet*")
- IdBval = ffi.new("char [%s]" % len(bob_id), bob_id)
- IdB[0].val = IdBval
- IdB[0].max = len(bob_id)
- IdB[0].len = len(bob_id)
-
- # Hash value of IdB
- BHV = ffi.new("octet*")
- BHVval = ffi.new("char []", HASH_BYTES)
- BHV[0].val = BHVval
- BHV[0].max = HASH_BYTES
- BHV[0].len = HASH_BYTES
-
- # Sender keys
- A1KeyG1 = ffi.new("octet*")
- A1KeyG1val = ffi.new("char []", G1)
- A1KeyG1[0].val = A1KeyG1val
- A1KeyG1[0].max = G1
- A1KeyG1[0].len = G1
-
- A2KeyG1 = ffi.new("octet*")
- A2KeyG1val = ffi.new("char []", G1)
- A2KeyG1[0].val = A2KeyG1val
- A2KeyG1[0].max = G1
- A2KeyG1[0].len = G1
-
- AKeyG1 = ffi.new("octet*")
- AKeyG1val = ffi.new("char []", G1)
- AKeyG1[0].val = AKeyG1val
- AKeyG1[0].max = G1
- AKeyG1[0].len = G1
-
- # Receiver keys
- B1KeyG2 = ffi.new("octet*")
- B1KeyG2val = ffi.new("char []", G2)
- B1KeyG2[0].val = B1KeyG2val
- B1KeyG2[0].max = G2
- B1KeyG2[0].len = G2
-
- B2KeyG2 = ffi.new("octet*")
- B2KeyG2val = ffi.new("char []", G2)
- B2KeyG2[0].val = B2KeyG2val
- B2KeyG2[0].max = G2
- B2KeyG2[0].len = G2
-
- BKeyG2 = ffi.new("octet*")
- BKeyG2val = ffi.new("char []", G2)
- BKeyG2[0].val = BKeyG2val
- BKeyG2[0].max = G2
- BKeyG2[0].len = G2
-
- # Sender time permits
- A1TPG1 = ffi.new("octet*")
- A1TPG1val = ffi.new("char []", G1)
- A1TPG1[0].val = A1TPG1val
- A1TPG1[0].max = G1
- A1TPG1[0].len = G1
-
- A2TPG1 = ffi.new("octet*")
- A2TPG1val = ffi.new("char []", G1)
- A2TPG1[0].val = A2TPG1val
- A2TPG1[0].max = G1
- A2TPG1[0].len = G1
-
- ATPG1 = ffi.new("octet*")
- ATPG1val = ffi.new("char []", G1)
- ATPG1[0].val = ATPG1val
- ATPG1[0].max = G1
- ATPG1[0].len = G1
-
- # Receiver time permits
- B1TPG2 = ffi.new("octet*")
- B1TPG2val = ffi.new("char []", G2)
- B1TPG2[0].val = B1TPG2val
- B1TPG2[0].max = G2
- B1TPG2[0].len = G2
-
- B2TPG2 = ffi.new("octet*")
- B2TPG2val = ffi.new("char []", G2)
- B2TPG2[0].val = B2TPG2val
- B2TPG2[0].max = G2
- B2TPG2[0].len = G2
-
- BTPG2 = ffi.new("octet*")
- BTPG2val = ffi.new("char []", G2)
- BTPG2[0].val = BTPG2val
- BTPG2[0].max = G2
- BTPG2[0].len = G2
-
- # AES Keys
- KEY1 = ffi.new("octet*")
- KEY1val = ffi.new("char []", PAS)
- KEY1[0].val = KEY1val
- KEY1[0].max = PAS
- KEY1[0].len = PAS
-
- KEY2 = ffi.new("octet*")
- KEY2val = ffi.new("char []", PAS)
- KEY2[0].val = KEY2val
- KEY2[0].max = PAS
- KEY2[0].len = PAS
-
- X = ffi.new("octet*")
- Xval = ffi.new("char []", PGS)
- X[0].val = Xval
- X[0].max = PGS
- X[0].len = PGS
-
- Y = ffi.new("octet*")
- Yval = ffi.new("char []", PGS)
- Y[0].val = Yval
- Y[0].max = PGS
- Y[0].len = PGS
-
- W = ffi.new("octet*")
- Wval = ffi.new("char []", PGS)
- W[0].val = Wval
- W[0].max = PGS
- W[0].len = PGS
-
- PIA = ffi.new("octet*")
- PIAval = ffi.new("char []", PGS)
- PIA[0].val = PIAval
- PIA[0].max = PGS
- PIA[0].len = PGS
-
- PIB = ffi.new("octet*")
- PIBval = ffi.new("char []", PGS)
- PIB[0].val = PIBval
- PIB[0].max = PGS
- PIB[0].len = PGS
-
- PaG1 = ffi.new("octet*")
- PaG1val = ffi.new("char []", G1)
- PaG1[0].val = PaG1val
- PaG1[0].max = G1
- PaG1[0].len = G1
-
- PgG1 = ffi.new("octet*")
- PgG1val = ffi.new("char []", G1)
- PgG1[0].val = PgG1val
- PgG1[0].max = G1
- PgG1[0].len = G1
-
- PbG2 = ffi.new("octet*")
- PbG2val = ffi.new("char []", G2)
- PbG2[0].val = PbG2val
- PbG2[0].max = G2
- PbG2[0].len = G2
-
- # Assign a seed value
- RAW = ffi.new("octet*")
- RAWval = ffi.new("char [%s]" % len(seed), seed)
- RAW[0].val = RAWval
- RAW[0].len = len(seed)
- RAW[0].max = len(seed)
- if DEBUG:
- print "RAW: %s" % toHex(RAW)
-
- # random number generator
- RNG = ffi.new("csprng*")
- libwcc.WCC_CREATE_CSPRNG(RNG, RAW)
-
- # Today's date in epoch days
- date = libwcc.WCC_today()
- if DEBUG:
- print "Date %s" % date
-
- # Hash IdA
- libwcc.WCC_HASH_ID(IdA, AHV)
- if DEBUG:
- print "IdA: %s" % toHex(IdA)
- print "AHV: %s" % toHex(AHV)
-
- # Hash IdB
- libwcc.WCC_HASH_ID(IdB, BHV)
- if DEBUG:
- print "IdB: %s" % toHex(IdB)
- print "BHV: %s" % toHex(BHV)
-
- # Generate master secret for MIRACL and Customer
- rtn = libwcc.WCC_RANDOM_GENERATE(RNG, MS1)
- if rtn != 0:
- print "libwcc.WCC_RANDOM_GENERATE(RNG,MS1) Error %s", rtn
- rtn = libwcc.WCC_RANDOM_GENERATE(RNG, MS2)
- if rtn != 0:
- print "libwcc.WCC_RANDOM_GENERATE(RNG,MS2) Error %s" % rtn
- if DEBUG:
- print "MS1: %s" % toHex(MS1)
- print "MS2: %s" % toHex(MS2)
-
- # Generate Alice's sender key shares
- rtn = libwcc.WCC_GET_G1_MULTIPLE(1,MS1, AHV, A1KeyG1)
- if rtn != 0:
- print "libwcc.WCC_GET_G1_MULTIPLE(MS1,AHV,A1KeyG1) Error %s" % rtn
- rtn = libwcc.WCC_GET_G1_MULTIPLE(1,MS2, AHV, A2KeyG1)
- if rtn != 0:
- print "libwcc.WCC_GET_G1_MULTIPLE(MS2,AHV,A2KeyG1) Error %s" % rtn
- if DEBUG:
- print "A1KeyG1: %s" % toHex(A1KeyG1)
- print "A2KeyG1: %s" % toHex(A2KeyG1)
-
- # Combine Alices's sender key shares
- rtn = libwcc.WCC_RECOMBINE_G1(A1KeyG1, A2KeyG1, AKeyG1)
- if rtn != 0:
- print "libwcc.WCC_RECOMBINE_G1(A1KeyG1, A2KeyG1, AKeyG1) Error %s" % rtn
- print "AKeyG1: %s" % toHex(AKeyG1)
-
- # Generate Alice's sender time permit shares
- rtn = libwcc.WCC_GET_G1_PERMIT(date, MS1, AHV, A1TPG1)
- if rtn != 0:
- print "libwcc.WCC_GET_G1_PERMIT(date,MS1,AHV,A1TPG1) Error %s" % rtn
- rtn = libwcc.WCC_GET_G1_PERMIT(date, MS2, AHV, A2TPG1)
- if rtn != 0:
- print "libwcc.WCC_GET_G1_PERMIT(date,MS2,AHV,A2TPG1) Error %s" % rtn
- if DEBUG:
- print "A1TPG1: %s" % toHex(A1TPG1)
- print "A2TPG1: %s" % toHex(A2TPG1)
-
- # Combine Alice's sender Time Permit shares
- rtn = libwcc.WCC_RECOMBINE_G1(A1TPG1, A2TPG1, ATPG1)
- if rtn != 0:
- print "libwcc.WCC_RECOMBINE_G1(A1TPG1, A2TPG1, ATPG1) Error %s" % rtn
- print "ATPG1: %s" % toHex(ATPG1)
-
- # Generate Bob's receiver secret key shares
- rtn = libwcc.WCC_GET_G2_MULTIPLE(1,MS1, BHV, B1KeyG2)
- if rtn != 0:
- print "libwcc.WCC_GET_G2_MULTIPLE(MS1,BHV,B1KeyG2) Error %s" % rtn
- rtn = libwcc.WCC_GET_G2_MULTIPLE(1,MS2, BHV, B2KeyG2)
- if rtn != 0:
- print "libwcc.WCC_GET_G2_MULTIPLE(MS2,BHV,B2KeyG2) Error %s" % rtn
- if DEBUG:
- print "B1KeyG2: %s" % toHex(B1KeyG2)
- print "B2KeyG2: %s" % toHex(B2KeyG2)
-
- # Combine Bobs's receiver secret key shares
- rtn = libwcc.WCC_RECOMBINE_G2(B1KeyG2, B2KeyG2, BKeyG2)
- if rtn != 0:
- print "libwcc.WCC_RECOMBINE_G2(B1KeyG2, B2KeyG2, BKeyG2) Error %s" % rtn
- print "BKeyG2: %s" % toHex(BKeyG2)
-
- # Generate Bob's receiver time permit shares
- rtn = libwcc.WCC_GET_G2_PERMIT(date, MS1, BHV, B1TPG2)
- if rtn != 0:
- print "libwcc.WCC_GET_G2_PERMIT(date,MS1,BHV,B1TPG2) Error %s" % rtn
- rtn = libwcc.WCC_GET_G2_PERMIT(date, MS2, BHV, B2TPG2)
- if rtn != 0:
- print "libwcc.WCC_GET_G2_PERMIT(date,MS2,BHV,B2TPG2) Error %s" % rtn
- if DEBUG:
- print "B1TPG2: %s" % toHex(B1TPG2)
- print "B2TPG2: %s" % toHex(B2TPG2)
-
- # Combine Bob's receiver time permit shares
- rtn = libwcc.WCC_RECOMBINE_G2(B1TPG2, B2TPG2, BTPG2)
- if rtn != 0:
- print "libwcc.WCC_RECOMBINE_G2(B1TPG2, B2TPG2, BTPG2) Error %s" % rtn
- print "BTPG2: %s" % toHex(BTPG2)
-
- rtn = libwcc.WCC_RANDOM_GENERATE(RNG, X)
- if rtn != 0:
- print "libwcc.WCC_RANDOM_GENERATE(RNG,X) Error %s", rtn
- if DEBUG:
- print "X: %s" % toHex(X)
-
- rtn = libwcc.WCC_GET_G1_TPMULT(date,X,IdA,PaG1);
- if rtn != 0:
- print "libwcc.WCC_GET_G1_TPMULT(date,X,IdA,PaG1) Error %s", rtn
- if DEBUG:
- print "PaG1: %s" % toHex(PaG1)
-
- rtn = libwcc.WCC_RANDOM_GENERATE(RNG, W)
- if rtn != 0:
- print "libwcc.WCC_RANDOM_GENERATE(RNG,W) Error %s", rtn
- if DEBUG:
- print "W: %s" % toHex(W)
-
- rtn = libwcc.WCC_GET_G1_TPMULT(date,W,IdA,PgG1);
- if rtn != 0:
- print "libwcc.WCC_GET_G1_TPMULT(date,W,IdA,PgG1) Error %s", rtn
- if DEBUG:
- print "PgG1: %s" % toHex(PgG1)
-
- rtn = libwcc.WCC_RANDOM_GENERATE(RNG, Y)
- if rtn != 0:
- print "libwcc.WCC_RANDOM_GENERATE(RNG,Y) Error %s", rtn
- if DEBUG:
- print "Y: %s" % toHex(Y)
-
- rtn = libwcc.WCC_GET_G2_TPMULT(date,Y,IdB,PbG2);
- if rtn != 0:
- print "libwcc.WCC_GET_G1_TPMULT(date,Y,IdB,PbG2) Error %s", rtn
- if DEBUG:
- print "PbG2: %s" % toHex(PbG2)
-
- # PIA = Hq(PaG1,PbG2,PgG1,IdB)
- libwcc.WCC_Hq(PaG1,PbG2,PgG1,IdB,PIA);
- if DEBUG:
- print "PIA: %s" % toHex(PIA)
-
- # PIB = Hq(PbG2,PaG1,PgG1,IdA)
- libwcc.WCC_Hq(PbG2,PaG1,PgG1,IdA,PIB);
- if DEBUG:
- print "PIB: %s" % toHex(PIB)
-
- # Alice calculates AES Key
- rtn = libwcc.WCC_SENDER_KEY(date, X, PIA, PIB, PbG2, PgG1, AKeyG1, ATPG1, IdB, KEY1)
- if rtn != 0:
- print "libwcc.WCC_SENDER_KEY(date, X, PIA, PIB, PbG2, PgG1, AKeyG1, ATPG1, IdB, KEY1) Error %s" % rtn
- print "{0}'s AES Key: {1}".format(alice_id, toHex(KEY1))
-
- # Bob calculates AES Key
- rtn = libwcc.WCC_RECEIVER_KEY(date, Y, W, PIA, PIB, PaG1, PgG1, BKeyG2, BTPG2, IdA, KEY2)
- if rtn != 0:
- print "libwcc.WCC_RECEIVER_KEY(date, Y, W, PIA, PIB, PaG1, PgG1, BKeyG2, BTPG2, IdA, KEY2) Error %s" % rtn
- print "{0}'s AES Key: {1}".format(bob_id, toHex(KEY2))
-
- libwcc.WCC_KILL_CSPRNG(RNG)
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/readme.txt
----------------------------------------------------------------------
diff --git a/readme.txt b/readme.txt
new file mode 100644
index 0000000..5469379
--- /dev/null
+++ b/readme.txt
@@ -0,0 +1,41 @@
+The Apache Milagro Cryptographic Library
+
+Note that the AMCL currently comes in two versions, version 2.2
+and version 3.1
+
+AMCL v2.2 is presented in what might be called a pre-library state.
+
+In the various supported languages the source code is made available,
+but it is not organised into rigid packages/crates/jars/whatever
+It is expected that the consumer will themselves take this final step,
+depending on the exact requirements of their project.
+
+Note that version 2.2 is no longer supported.
+
+AMCL v3.1 uses a standard Python 3 script to build libraries in all
+supported languages. New users should use this version.
+
+The main improvement is that AMCL v3 can optionally simultaneously support
+multiple elliptic curves and RSA key sizes within a single appliction.
+
+Note that AMCL is largely configured at compile time. In version 3 this
+configuration is handled by the Python script.
+
+AMCL is available in 32-bit and 64-bit versions in most languages. Limited
+support for 16-bit processors is provided by the C version.
+
+Now languages like to remain "standard" irrespective of the underlying
+hardware. However when it comes to optimal performance, it is impossible
+to remain architecture-agnostic. If a processor supports 64-bit
+instructions that operate on 64-bit registers, it will be a waste not to
+use them. Therefore the 64-bit language versions should always be used
+on 64-bit processors.
+
+Version 3.1 is a major "under the hood" upgrade. Field arithmetic is
+performed using ideas from http://eprint.iacr.org/2017/437 to ensure
+that critical calculations are performed in constant time. This strongly
+mitigates against side-channel attacks. Exception-free formulae are
+now used for Weierstrass elliptic curves. A new standardised script
+builds for the same set of curves across all languages.
+
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/TestECDH.swift
----------------------------------------------------------------------
diff --git a/swift/TestECDH.swift b/swift/TestECDH.swift
deleted file mode 100644
index 7070770..0000000
--- a/swift/TestECDH.swift
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// TestECDH.swift
-//
-//
-// Created by Michael Scott on 02/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-import clint // comment out for Xcode
-
-public func TestECDH()
-{
- let pp=String("M0ng00se");
-
- let EGS=ECDH.EGS
- let EFS=ECDH.EFS
- let EAS=AES.KS
-
- var S1=[UInt8](count:EGS,repeatedValue:0)
- var W0=[UInt8](count:2*EFS+1,repeatedValue:0)
- var W1=[UInt8](count:2*EFS+1,repeatedValue:0)
- var Z0=[UInt8](count:EFS,repeatedValue:0)
- var Z1=[UInt8](count:EFS,repeatedValue:0)
- var RAW=[UInt8](count:100,repeatedValue:0)
- var SALT=[UInt8](count:8,repeatedValue:0)
- var P1=[UInt8](count:3,repeatedValue:0)
- var P2=[UInt8](count:4,repeatedValue:0)
- var V=[UInt8](count:2*EFS+1,repeatedValue:0)
- var M=[UInt8](count:17,repeatedValue:0)
- var T=[UInt8](count:12,repeatedValue:0)
- var CS=[UInt8](count:EGS,repeatedValue:0)
- var DS=[UInt8](count:EGS,repeatedValue:0)
-
- let rng=RAND()
-
- rng.clean();
- for var i=0;i<100;i++ {RAW[i]=UInt8(i&0xff)}
-
- rng.seed(100,RAW)
-
-
- for var i=0;i<8;i++ {SALT[i]=UInt8(i+1)} // set Salt
-
- print("Alice's Passphrase= "+pp)
- let PW=[UInt8](pp.utf8)
-
- /* private key S0 of size EGS bytes derived from Password and Salt */
-
- var S0=ECDH.PBKDF2(PW,SALT,1000,EGS)
- print("Alice's private key= 0x",terminator: ""); ECDH.printBinary(S0)
-
- /* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(nil,&S0,&W0);
-
- print("Alice's public key= 0x",terminator: ""); ECDH.printBinary(W0)
-
- var res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
-
- if res != 0
- {
- print("ECP Public Key is invalid!");
- return;
- }
-
- /* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,&S1,&W1)
-
- print("Servers private key= 0x",terminator: ""); ECDH.printBinary(S1)
-
- print("Servers public key= 0x",terminator: ""); ECDH.printBinary(W1);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1)
- if res != 0
- {
- print("ECP Public Key is invalid!")
- return
- }
-
- /* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,&Z0)
- ECDH.ECPSVDP_DH(S1,W0,&Z1)
-
- var same=true
- for var i=0;i<EFS;i++
- {
- if Z0[i] != Z1[i] {same=false}
- }
-
- if (!same)
- {
- print("*** ECPSVDP-DH Failed")
- return
- }
-
- let KEY=ECDH.KDF1(Z0,EAS)
-
- print("Alice's DH Key= 0x",terminator: ""); ECDH.printBinary(KEY)
- print("Servers DH Key= 0x",terminator: ""); ECDH.printBinary(KEY)
-
- print("Testing ECIES")
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3
-
- for var i=0;i<=16;i++ {M[i]=UInt8(i&0xff)}
-
- let C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,&V,&T)
-
- print("Ciphertext= ")
- print("V= 0x",terminator: ""); ECDH.printBinary(V)
- print("C= 0x",terminator: ""); ECDH.printBinary(C)
- print("T= 0x",terminator: ""); ECDH.printBinary(T)
-
- M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1)
- if M.count==0
- {
- print("*** ECIES Decryption Failed\n")
- return
- }
- else {print("Decryption succeeded")}
-
- print("Message is 0x"); ECDH.printBinary(M)
-
- print("Testing ECDSA")
-
- if ECDH.ECPSP_DSA(rng,S0,M,&CS,&DS) != 0
- {
- print("***ECDSA Signature Failed")
- return
- }
- print("Signature= ")
- print("C= 0x",terminator: ""); ECDH.printBinary(CS)
- print("D= 0x",terminator: ""); ECDH.printBinary(DS)
-
- if ECDH.ECPVP_DSA(W0,M,CS,DS) != 0
- {
- print("***ECDSA Verification Failed")
- return
- }
- else {print("ECDSA Signature/Verification succeeded ")}
-
-}
-
-TestECDH() // comment out for Xcode
[31/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/PAIR.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/PAIR.go b/go/amcl-go/PAIR.go
deleted file mode 100644
index 8a7de9f..0000000
--- a/go/amcl-go/PAIR.go
+++ /dev/null
@@ -1,541 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve Pairing functions */
-
-package amcl
-
-//import "fmt"
-
-/* Line function */
-func line(A *ECP2, B *ECP2, Qx *FP, Qy *FP) *FP12 {
- P := NewECP2()
-
- P.copy(A)
- ZZ := NewFP2copy(P.getz())
- ZZ.sqr()
- var D int
- if A == B {
- D = A.dbl()
- } else {
- D = A.add(B)
- }
-
- if D < 0 {
- return NewFP12int(1)
- }
-
- Z3 := NewFP2copy(A.getz())
-
- var a *FP4
- var b *FP4
- c := NewFP4int(0)
-
- if D == 0 { /* Addition */
- X := NewFP2copy(B.getx())
- Y := NewFP2copy(B.gety())
- T := NewFP2copy(P.getz())
- T.mul(Y)
- ZZ.mul(T)
-
- NY := NewFP2copy(P.gety())
- NY.neg()
- ZZ.add(NY)
- Z3.pmul(Qy)
- T.mul(P.getx())
- X.mul(NY)
- T.add(X)
- a = NewFP4fp2s(Z3, T)
- ZZ.neg()
- ZZ.pmul(Qx)
- b = NewFP4fp2(ZZ)
- } else { /* Doubling */
- X := NewFP2copy(P.getx())
- Y := NewFP2copy(P.gety())
- T := NewFP2copy(P.getx())
- T.sqr()
- T.imul(3)
-
- Y.sqr()
- Y.add(Y)
- Z3.mul(ZZ)
- Z3.pmul(Qy)
-
- X.mul(T)
- X.sub(Y)
- a = NewFP4fp2s(Z3, X)
- T.neg()
- ZZ.mul(T)
- ZZ.pmul(Qx)
- b = NewFP4fp2(ZZ)
- }
- return NewFP12fp4s(a, b, c)
-}
-
-/* Optimal R-ate pairing */
-func ate(P *ECP2, Q *ECP) *FP12 {
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- x := NewBIGints(CURVE_Bnx)
- n := NewBIGcopy(x)
- K := NewECP2()
- var lv *FP12
- n.pmul(6)
- n.dec(2)
- n.norm()
- P.affine()
- Q.affine()
- Qx := NewFPcopy(Q.getx())
- Qy := NewFPcopy(Q.gety())
-
- A := NewECP2()
- r := NewFP12int(1)
-
- A.copy(P)
- nb := n.nbits()
-
- for i := nb - 2; i >= 1; i-- {
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
-
- if n.bit(i) == 1 {
- lv = line(A, P, Qx, Qy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
-
- /* R-ate fixup */
-
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
-
- return r
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-func ate2(P *ECP2, Q *ECP, R *ECP2, S *ECP) *FP12 {
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- x := NewBIGints(CURVE_Bnx)
- n := NewBIGcopy(x)
- K := NewECP2()
- var lv *FP12
- n.pmul(6)
- n.dec(2)
- n.norm()
- P.affine()
- Q.affine()
- R.affine()
- S.affine()
-
- Qx := NewFPcopy(Q.getx())
- Qy := NewFPcopy(Q.gety())
- Sx := NewFPcopy(S.getx())
- Sy := NewFPcopy(S.gety())
-
- A := NewECP2()
- B := NewECP2()
- r := NewFP12int(1)
-
- A.copy(P)
- B.copy(R)
- nb := n.nbits()
-
- for i := nb - 2; i >= 1; i-- {
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
- lv = line(B, B, Sx, Sy)
- r.smul(lv)
-
- if n.bit(i) == 1 {
- lv = line(A, P, Qx, Qy)
- r.smul(lv)
- lv = line(B, R, Sx, Sy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv = line(A, A, Qx, Qy)
- r.smul(lv)
-
- lv = line(B, B, Sx, Sy)
- r.smul(lv)
-
- /* R-ate fixup */
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv = line(A, K, Qx, Qy)
- r.smul(lv)
-
- K.copy(R)
- K.frob(f)
- B.neg()
- lv = line(B, K, Sx, Sy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv = line(B, K, Sx, Sy)
- r.smul(lv)
-
- return r
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-func fexp(m *FP12) *FP12 {
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- x := NewBIGints(CURVE_Bnx)
- r := NewFP12copy(m)
-
- /* Easy part of final exp */
- lv := NewFP12copy(r)
- lv.inverse()
- r.conj()
-
- r.mul(lv)
- lv.copy(r)
- r.frob(f)
- r.frob(f)
- r.mul(lv)
- /* Hard part of final exp */
- lv.copy(r)
- lv.frob(f)
- x0 := NewFP12copy(lv)
- x0.frob(f)
- lv.mul(r)
- x0.mul(lv)
- x0.frob(f)
- x1 := NewFP12copy(r)
- x1.conj()
- x4 := r.pow(x)
-
- x3 := NewFP12copy(x4)
- x3.frob(f)
-
- x2 := x4.pow(x)
-
- x5 := NewFP12copy(x2)
- x5.conj()
- lv = x2.pow(x)
-
- x2.frob(f)
- r.copy(x2)
- r.conj()
-
- x4.mul(r)
- x2.frob(f)
-
- r.copy(lv)
- r.frob(f)
- lv.mul(r)
-
- lv.usqr()
- lv.mul(x4)
- lv.mul(x5)
- r.copy(x3)
- r.mul(x5)
- r.mul(lv)
- lv.mul(x2)
- r.usqr()
- r.mul(lv)
- r.usqr()
- lv.copy(r)
- lv.mul(x1)
- r.mul(x0)
- lv.usqr()
- r.mul(lv)
- r.reduce()
- return r
-}
-
-/* GLV method */
-func glv(e *BIG) []*BIG {
- t := NewBIGint(0)
- q := NewBIGints(CURVE_Order)
- var u []*BIG
- var v []*BIG
-
- for i := 0; i < 2; i++ {
- t.copy(NewBIGints(CURVE_W[i])) // why not just t=new BIG(ROM.CURVE_W[i]);
- d := mul(t, e)
- v = append(v, NewBIGcopy(d.div(q)))
- u = append(u, NewBIGint(0))
- }
- u[0].copy(e)
- for i := 0; i < 2; i++ {
- for j := 0; j < 2; j++ {
- t.copy(NewBIGints(CURVE_SB[j][i]))
- t.copy(modmul(v[j], t, q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
-}
-
-/* Galbraith & Scott Method */
-func gs(e *BIG) []*BIG {
- t := NewBIGint(0)
- q := NewBIGints(CURVE_Order)
- var u []*BIG
- var v []*BIG
- for i := 0; i < 4; i++ {
- t.copy(NewBIGints(CURVE_WB[i]))
- d := mul(t, e)
- v = append(v, NewBIGcopy(d.div(q)))
- u = append(u, NewBIGint(0))
- }
- u[0].copy(e)
- for i := 0; i < 4; i++ {
- for j := 0; j < 4; j++ {
- t.copy(NewBIGints(CURVE_BB[j][i]))
- t.copy(modmul(v[j], t, q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
-}
-
-/* Multiply P by e in group G1 */
-func G1mul(P *ECP, e *BIG) *ECP {
- var R *ECP
- if USE_GLV {
- P.affine()
- R = NewECP()
- R.copy(P)
- Q := NewECP()
- Q.copy(P)
- q := NewBIGints(CURVE_Order)
- cru := NewFPbig(NewBIGints(CURVE_Cru))
- t := NewBIGint(0)
- u := glv(e)
- Q.getx().mul(cru)
-
- np := u[0].nbits()
- t.copy(modneg(u[0], q))
- nn := t.nbits()
- if nn < np {
- u[0].copy(t)
- R.neg()
- }
-
- np = u[1].nbits()
- t.copy(modneg(u[1], q))
- nn = t.nbits()
- if nn < np {
- u[1].copy(t)
- Q.neg()
- }
-
- R = R.mul2(u[0], Q, u[1])
-
- } else {
- R = P.mul(e)
- }
- return R
-}
-
-/* Multiply P by e in group G2 */
-func G2mul(P *ECP2, e *BIG) *ECP2 {
- var R *ECP2
- if USE_GS_G2 {
- var Q []*ECP2
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- q := NewBIGints(CURVE_Order)
- u := gs(e)
-
- t := NewBIGint(0)
- P.affine()
- Q = append(Q, NewECP2())
- Q[0].copy(P)
- for i := 1; i < 4; i++ {
- Q = append(Q, NewECP2())
- Q[i].copy(Q[i-1])
- Q[i].frob(f)
- }
- for i := 0; i < 4; i++ {
- np := u[i].nbits()
- t.copy(modneg(u[i], q))
- nn := t.nbits()
- if nn < np {
- u[i].copy(t)
- Q[i].neg()
- }
- }
- R = mul4(Q, u)
-
- } else {
- R = P.mul(e)
- }
- return R
-}
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
-func GTpow(d *FP12, e *BIG) *FP12 {
- var r *FP12
- if USE_GS_GT {
- var g []*FP12
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- q := NewBIGints(CURVE_Order)
- t := NewBIGint(0)
-
- u := gs(e)
-
- g = append(g, NewFP12copy(d))
- for i := 1; i < 4; i++ {
- g = append(g, NewFP12int(0))
- g[i].copy(g[i-1])
- g[i].frob(f)
- }
- for i := 0; i < 4; i++ {
- np := u[i].nbits()
- t.copy(modneg(u[i], q))
- nn := t.nbits()
- if nn < np {
- u[i].copy(t)
- g[i].conj()
- }
- }
- r = pow4(g, u)
- } else {
- r = d.pow(e)
- }
- return r
-}
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-func GTmember(m *FP12) bool {
- if m.isunity() {
- return false
- }
- r := NewFP12copy(m)
- r.conj()
- r.mul(m)
- if !r.isunity() {
- return false
- }
-
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
-
- r.copy(m)
- r.frob(f)
- r.frob(f)
- w := NewFP12copy(r)
- w.frob(f)
- w.frob(f)
- w.mul(m)
- if !GT_STRONG {
- if !w.equals(r) {
- return false
- }
- x := NewBIGints(CURVE_Bnx)
- r.copy(m)
- w = r.pow(x)
- w = w.pow(x)
- r.copy(w)
- r.sqr()
- r.mul(w)
- r.sqr()
- w.copy(m)
- w.frob(f)
- }
- return w.equals(r)
-}
-
-/*
-func main() {
-
- Q:=NewECPbigs(NewBIGints(CURVE_Gx),NewBIGints(CURVE_Gy))
- P:=NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa),NewBIGints(CURVE_Pxb)),NewFP2bigs(NewBIGints(CURVE_Pya),NewBIGints(CURVE_Pyb)))
-
- r:=NewBIGints(CURVE_Order)
- xa:=NewBIGints(CURVE_Pxa)
-
- fmt.Printf("P= "+P.toString())
- fmt.Printf("\n");
- fmt.Printf("Q= "+Q.toString());
- fmt.Printf("\n");
-
- //m:=NewBIGint(17)
-
- e:=ate(P,Q)
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-
- e=fexp(e)
- // e=GTpow(e,m);
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n");
- GLV:=glv(r)
-
- fmt.Printf("GLV[0]= "+GLV[0].toString())
- fmt.Printf("\n")
-
- fmt.Printf("GLV[0]= "+GLV[1].toString())
- fmt.Printf("\n")
-
- G:=NewECP(); G.copy(Q)
- R:=NewECP2(); R.copy(P)
-
-
- e=ate(R,Q)
- e=fexp(e)
-
- e=GTpow(e,xa)
- fmt.Printf("\ne= "+e.toString());
- fmt.Printf("\n")
-
- R=G2mul(R,xa)
- e=ate(R,G)
- e=fexp(e)
-
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-
- G=G1mul(G,xa)
- e=ate(P,G)
- e=fexp(e)
- fmt.Printf("\ne= "+e.toString())
- fmt.Printf("\n")
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/RAND.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/RAND.go b/go/amcl-go/RAND.go
deleted file mode 100644
index eb92107..0000000
--- a/go/amcl-go/RAND.go
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-package amcl
-
-import (
- "sync"
-)
-
-//import "fmt"
-
-const rand_NK int = 21
-const rand_NJ int = 6
-const rand_NV int = 8
-
-type RAND struct {
- sync.Mutex
- ira [rand_NK]uint32 /* random number... */
- rndptr int
- borrow uint32
- pool_ptr int
- pool [32]byte
-}
-
-/* Terminate and clean up */
-func (R *RAND) Clean() { /* kill internal state */
- R.pool_ptr = 0
- R.rndptr = 0
- for i := 0; i < 32; i++ {
- R.pool[i] = 0
- }
- for i := 0; i < rand_NK; i++ {
- R.ira[i] = 0
- }
- R.borrow = 0
-}
-
-func NewRAND() *RAND {
- R := new(RAND)
- R.Clean()
- return R
-}
-
-func (R *RAND) sbrand() uint32 { /* Marsaglia & Zaman random number generator */
- R.rndptr++
- if R.rndptr < rand_NK {
- return R.ira[R.rndptr]
- }
- R.rndptr = 0
- k := rand_NK - rand_NJ
- for i := 0; i < rand_NK; i++ { /* calculate next NK values */
- if k == rand_NK {
- k = 0
- }
- t := R.ira[k]
- pdiff := t - R.ira[i] - R.borrow
- if pdiff < t {
- R.borrow = 0
- }
- if pdiff > t {
- R.borrow = 1
- }
- R.ira[i] = pdiff
- k++
- }
-
- return R.ira[0]
-}
-
-func (R *RAND) sirand(seed uint32) {
- var m uint32 = 1
- R.borrow = 0
- R.rndptr = 0
- R.ira[0] ^= seed
- for i := 1; i < rand_NK; i++ { /* fill initialisation vector */
- in := (rand_NV * i) % rand_NK
- R.ira[in] ^= m /* note XOR */
- t := m
- m = seed - m
- seed = t
- }
-
- for i := 0; i < 10000; i++ {
- R.sbrand()
- } /* "warm-up" & stir the generator */
-}
-
-func (R *RAND) fill_pool() {
-
- sh := NewHASH()
- for i := 0; i < 128; i++ {
- sh.Process(byte(R.sbrand() & 0xff))
- }
- R.pool = sh.Hash()
- R.pool_ptr = 0
-}
-
-func pack(b [4]byte) uint32 { /* pack 4 bytes into a 32-bit Word */
- return (((uint32(b[3])) & 0xff) << 24) | ((uint32(b[2]) & 0xff) << 16) | ((uint32(b[1]) & 0xff) << 8) | (uint32(b[0]) & 0xff)
-}
-
-/* Initialize RNG with some real entropy from some external source */
-func (R *RAND) Seed(rawlen int, raw []byte) { /* initialise from at least 128 byte string of raw random entropy */
- var b [4]byte
- sh := NewHASH()
- R.pool_ptr = 0
-
- for i := 0; i < rand_NK; i++ {
- R.ira[i] = 0
- }
-
- if rawlen > 0 {
- for i := 0; i < rawlen; i++ {
- sh.Process(raw[i])
- }
- digest := sh.Hash()
-
- /* initialise PRNG from distilled randomness */
-
- for i := 0; i < 8; i++ {
- b[0] = digest[4*i]
- b[1] = digest[4*i+1]
- b[2] = digest[4*i+2]
- b[3] = digest[4*i+3]
- R.sirand(pack(b))
- }
- }
- R.fill_pool()
-}
-
-/* get random byte */
-func (R *RAND) GetByte() byte {
- R.Lock()
- defer R.Unlock()
-
- r := R.pool[R.pool_ptr]
- R.pool_ptr++
-
- if R.pool_ptr >= 32 {
- R.fill_pool()
- }
- return byte(r & 0xff)
-}
-
-/* test main program */
-/*
-func main() {
- var raw [100]byte
- rng:=NewRAND()
-
- rng.Clean()
- for i:=0;i<100;i++ {raw[i]=byte(i)}
-
- rng.Seed(100,raw[:])
-
- for i:=0;i<1000;i++ {
- fmt.Printf("%03d ",rng.GetByte())
- }
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/ROM.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/ROM.go b/go/amcl-go/ROM.go
deleted file mode 100644
index 0a4ceb9..0000000
--- a/go/amcl-go/ROM.go
+++ /dev/null
@@ -1,353 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-package amcl
-
-const NOT_SPECIAL int = 0
-const PSEUDO_MERSENNE int = 1
-const MONTGOMERY_FRIENDLY int = 2
-const WEIERSTRASS int = 0
-const EDWARDS int = 1
-const MONTGOMERY int = 2
-
-const NLEN int = 5
-const DNLEN int = 2 * NLEN
-const CHUNK int = 64
-const MODBYTES uint = 32
-
-/*** Enter Some Field details here ***/
-// Curve 25519
-//const MODBITS uint=255
-//const MOD8 uint=5
-// NIST256 or Brainpool
-//const MODBITS uint=256
-//const MOD8 uint=7
-// MF254
-//const MODBITS uint=254
-//const MOD8 uint=7
-// MS255
-//const MODBITS uint= 255
-//const MOD8 uint= 3
-// MF256
-//const MODBITS uint=256
-//const MOD8 uint=7
-// MS256
-//const MODBITS uint= 256
-//const MOD8 uint= 3
-// ANSSI
-//const MODBITS uint= 256
-//const MOD8 uint= 3
-// BN Curve
-const MODBITS uint = 254 /* Number of bits in Modulus */
-const MOD8 uint = 3 /* Modulus mod 8 */
-
-/* Don't Modify from here... */
-const MASK int64 = ((int64(1) << BASEBITS) - 1)
-const BASEBITS uint = 56
-const OMASK int64 = ((int64(-1)) << (MODBITS % BASEBITS))
-const HBITS uint = (BASEBITS / 2)
-const HMASK int64 = ((int64(1) << HBITS) - 1)
-const TBITS uint = MODBITS % BASEBITS // Number of active bits in top word
-const TMASK int64 = (int64(1) << TBITS) - 1
-const FF_BITS int = 2048 /* Finite Field Size in bits - must be 256.2^n */
-const FFLEN int = (FF_BITS / 256)
-const HFLEN int = (FFLEN / 2) /* Useful for half-size RSA private key operations */
-
-const NEXCESS int = (1 << (uint(CHUNK) - BASEBITS - 1))
-const FEXCESS int64 = (int64(1) << (BASEBITS*uint(NLEN) - MODBITS))
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-//const MODTYPE int=PSEUDO_MERSENNE
-//var Modulus = [...]int64 {0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//const MConst int64=0x13
-// NIST-256 Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus = [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFF,0x0,0x1000000,0xFFFFFFFF}
-//const MConst int64=0x1
-// MF254 Modulus
-//const MODTYPE int=MONTGOMERY_FRIENDLY
-//var Modulus= [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-//const MConst int64=0x3F810000
-// MS255 Modulus
-//const MODTYPE int= 1
-//var Modulus= [...]int64 {0xFFFFFFFFFFFD03,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//const MConst int64=0x2FD
-// MF256 Modulus
-//const MODTYPE int= 2
-//var Modulus= [...]int64 {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFA7FFFF}
-//const MConst int64=0xFFA80000
-// MS256 Modulus
-//const MODTYPE int= 1
-//var Modulus= [...]int64 {0xFFFFFFFFFFFF43,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFF}
-//const MConst int64=0xBD
-// Brainpool
-//const MODTYPE int= NOT_SPECIAL
-//var Modulus= [...]int64 {0x13481D1F6E5377,0xF623D526202820,0x909D838D726E3B,0xA1EEA9BC3E660A,0xA9FB57DB}
-//const MConst int64 =0xA75590CEFD89B9
-// ANSSI
-//const MODTYPE int= 0
-//var Modulus= [...]int64{0xFCF353D86E9C03,0xADBCABC8CA6DE8,0xE8CE42435B3961,0xB3AD58F10126D,0xF1FD178C}
-//const MConst int64=0x97483A164E1155
-// BNCX Curve Modulus
-const MODTYPE int = NOT_SPECIAL
-
-var Modulus = [...]int64{0x6623EF5C1B55B3, 0xD6EE18093EE1BE, 0x647A6366D3243F, 0x8702A0DB0BDDF, 0x24000000}
-
-const MConst int64 = 0x4E205BF9789E85
-
-// BN Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]int64 {0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482}
-//const MConst int64=0x435E50D79435E5
-// BNT Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]int64 {0x9DBBFEEEB4A713,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB}
-//const MConst int64=0xC5A872D914C4E5
-// BNT2 Curve
-//const MODTYPE int=NOT_SPECIAL
-//var Modulus= [...]int64 {0xB2DC2BB460A48B,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482}
-//const MConst int64=0xFE6A47A6505CDD
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-//const CURVETYPE int=EDWARDS
-//const CURVE_A int = -1
-//var CURVE_B = [...]int64 {0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE}
-//var CURVE_Order = [...]int64 {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000}
-//var CURVE_Gx = [...]int64 {0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3}
-//var CURVE_Gy = [...]int64 {0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666}
-
-// NIST-256 Curve
-//const CURVETYPE int=WEIERSTRASS
-//const CURVE_A int = -3
-//var CURVE_B = [...]int64 {0xCE3C3E27D2604B,0x6B0CC53B0F63B,0x55769886BC651D,0xAA3A93E7B3EBBD,0x5AC635D8}
-//var CURVE_Order = [...]int64 {0xB9CAC2FC632551,0xFAADA7179E84F3,0xFFFFFFFFFFBCE6,0xFFFFFF,0xFFFFFFFF}
-//var CURVE_Gx =[...]int64 {0xA13945D898C296,0x7D812DEB33A0F4,0xE563A440F27703,0xE12C4247F8BCE6,0x6B17D1F2}
-//var CURVE_Gy =[...]int64 {0xB6406837BF51F5,0x33576B315ECECB,0x4A7C0F9E162BCE,0xFE1A7F9B8EE7EB,0x4FE342E2}
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//const CURVETYPE int= 0
-//const CURVE_A int = -3
-//var CURVE_B = [...]int64 {0xFFFFFFFFFFD08D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-//var CURVE_Order=[...]int64 {0xA419C4AF8DF83F,0x8BEA0DA375C06F,0xFFFFFFFFFFEB81,0xFFFFFFFFFFFFFF,0x3F80FFFF}
-//var CURVE_Gx =[...]int64 {0x2,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x65DF37F90D4EBC,0x38E3F8511931AD,0x75BD778AEBDFB7,0x3B2E56014AE15A,0x140E3FD3}
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64 {0x367B,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x52D0FDAF2701E5,0x9A840E3212187C,0xD502363F4E3632,0xD6A4C335951D00,0x19F0E690}
-
-// MF254 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int= -55790
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-//var CURVE_Order=[...]int64 {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF}
-//var CURVE_Gx =[...]int64 {0x3,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-
-// MS255 Modulus, Weierstrass Curve
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0xFFFFFFFFFFAB46,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//var CURVE_Order=[...]int64 {0x8FAC983C594AEB,0x38283AD2B3DFAB,0xFFFFFFFFFF864A,0xFFFFFFFFFFFFFF,0x7FFFFFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0};
-//var CURVE_Gy =[...]int64 {0x33FF6769CB44BA,0xC78CDDFDA60D17,0xF9B2FF7D177DB6,0xEDBA7833921EBF,0x6F7A6AC0}
-
-// MS255 Modulus, Edwards Curve
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64{0xEA97,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64{0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF}
-//var CURVE_Gx =[...]int64{0x4,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64{0x2A255BD08736A0,0x4B8AED445A45BA,0xDD8E0C47E55291,0x4A7BB545EC254C,0x26CB7853}
-
-// MS255 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int=-240222
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF}
-//var CURVE_Gx =[...]int64 {0x4,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0};
-
-// MF256 Modulus, Weierstrass Curve
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0x14E6A,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0x10C5E1A79857EB,0x7513E6E5074B9D,0xFFFFFFFFFFFC51,0xFFFFFFFFFFFFFF,0xFFA7FFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x7954C2B724D2A,0x47EB8D94DC6610,0x26123DAE289569,0xBE1808CE7BABBA,0x20887C87}
-
-// MF256, Edwards Curve
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64 {0x350A,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0xEAA722F2F3C908,0x5E648DFEA68D7D,0xF3DB2C1AACA0C0,0xF8CC4D5AEAEBEE,0xDAD8D4F8}
-
-// MF256 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int= -54314
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-//var CURVE_Order=[...]int64 {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF}
-//var CURVE_Gx =[...]int64 {0x8,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-
-// MS256, Weierstrass Curve
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0x25581,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xAB20294751A825,0x8275EA265C6020,0xFFFFFFFFFFE43C,0xFFFFFFFFFFFFFF,0xFFFFFFFF}
-//var CURVE_Gx =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0xF46306C2B56C77,0x2F9375894EC10B,0x6CCEEEDD6BD02C,0xC1E466D7FC82C9,0x696F1853}
-
-// MS256, Edwards Curve
-//const CURVETYPE int= 1
-//const CURVE_A int= -1
-//var CURVE_B = [...]int64 {0x3BEE,0x0,0x0,0x0,0x0}
-//var CURVE_Order=[...]int64 {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF}
-//var CURVE_Gx =[...]int64 {0xD,0x0,0x0,0x0,0x0}
-//var CURVE_Gy =[...]int64 {0x7F6FB5331CADBA,0x6D63824D303F70,0xB39FA046BFBE2A,0x2A1276DBA3D330,0x7D0AB41E}
-
-// MS256 Modulus, Montgomery Curve
-//const CURVETYPE int=MONTGOMERY
-//const CURVE_A int=-61370
-//var CURVE_B = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-//var CURVE_Order= [...]int64 {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF}
-//var CURVE_Gx = [...]int64 {0xb,0x0,0x0,0x0,0x0}
-//var CURVE_Gy = [...]int64 {0x0,0x0,0x0,0x0,0x0} // not used
-
-// Brainpool
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0xE58101FEE92B04,0xEBC4AF2F49256A,0x733D0B76B7BF93,0x30D84EA4FE66A7,0x662C61C4}
-//var CURVE_Order= [...]int64 {0x1E0E82974856A7,0x7AA3B561A6F790,0x909D838D718C39,0xA1EEA9BC3E660A,0xA9FB57DB}
-//var CURVE_Gx = [...]int64 {0xA191562E1305F4,0x42C47AAFBC2B79,0xB23A656149AFA1,0xC1CFE7B7732213,0xA3E8EB3C}
-//var CURVE_Gy = [...]int64 {0xABE8F35B25C9BE,0xB6DE39D027001D,0xE14644417E69BC,0x3439C56D7F7B22,0x2D996C82}
-
-// ANSSI
-//const CURVETYPE int= 0
-//const CURVE_A int= -3
-//var CURVE_B = [...]int64 {0x75ED967B7BB73F,0xC9AE4B1A18030,0x754A44C00FDFEC,0x5428A9300D4ABA,0xEE353FCA}
-//var CURVE_Order=[...]int64 {0xFDD459C6D655E1,0x67E140D2BF941F,0xE8CE42435B53DC,0xB3AD58F10126D,0xF1FD178C}
-//var CURVE_Gx =[...]int64 {0xC97A2DD98F5CFF,0xD2DCAF98B70164,0x4749D423958C27,0x56C139EB31183D,0xB6B3D4C3}
-//var CURVE_Gy =[...]int64 {0x115A1554062CFB,0xC307E8E4C9E183,0xF0F3ECEF8C2701,0xC8B204911F9271,0x6142E0F7}
-
-// BNCX Curve
-
-const CURVETYPE int = WEIERSTRASS
-const CURVE_A int = 0
-
-var CURVE_B = [...]int64{0x2, 0x0, 0x0, 0x0, 0x0}
-var CURVE_Order = [...]int64{0x11C0A636EB1F6D, 0xD6EE0CC906CEBE, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}
-var CURVE_Bnx = [...]int64{0x3C012B1, 0x40, 0x0, 0x0, 0x0}
-var CURVE_Cru = [...]int64{0xE0931794235C97, 0xDF6471EF875631, 0xCA83F1440BD, 0x480000, 0x0}
-var CURVE_Fra = [...]int64{0xD9083355C80EA3, 0x7326F173F8215B, 0x8AACA718986867, 0xA63A0164AFE18B, 0x1359082F}
-var CURVE_Frb = [...]int64{0x8D1BBC06534710, 0x63C7269546C062, 0xD9CDBC4E3ABBD8, 0x623628A900DC53, 0x10A6F7D0}
-var CURVE_Pxa = [...]int64{0x851CEEE4D2EC74, 0x85BFA03E2726C0, 0xF5C34BBB907C, 0x7053B256358B25, 0x19682D2C}
-var CURVE_Pxb = [...]int64{0xA58E8B2E29CFE1, 0x97B0C209C30F47, 0x37A8E99743F81B, 0x3E19F64AA011C9, 0x1466B9EC}
-var CURVE_Pya = [...]int64{0xFBFCEBCF0BE09F, 0xB33D847EC1B30C, 0x157DAEE2096361, 0x72332B8DD81E22, 0xA79EDD9}
-var CURVE_Pyb = [...]int64{0x904B228898EE9D, 0x4EA569D2EDEBED, 0x512D8D3461C286, 0xECC4C09035C6E4, 0x6160C39}
-var CURVE_Gx = [...]int64{0x6623EF5C1B55B2, 0xD6EE18093EE1BE, 0x647A6366D3243F, 0x8702A0DB0BDDF, 0x24000000}
-var CURVE_Gy = [...]int64{0x1, 0x0, 0x0, 0x0, 0x0}
-var CURVE_W = [2][5]int64{{0x546349162FEB83, 0xB40381200, 0x6000, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}
-var CURVE_SB = [2][2][5]int64{{{0x5463491DB010E4, 0xB40381280, 0x6000, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}, {{0x7802561, 0x80, 0x0, 0x0, 0x0}, {0xBD5D5D20BB33EA, 0xD6EE0188CEBCBD, 0x647A6366D2643F, 0x8702A0DB0BDDF, 0x24000000}}}
-var CURVE_WB = [4][5]int64{{0x1C2118567A84B0, 0x3C012B040, 0x2000, 0x0, 0x0}, {0xCDF995BE220475, 0x94EDA8CA7F9A36, 0x8702A0DC07E, 0x300000, 0x0}, {0x66FCCAE0F10B93, 0x4A76D4653FCD3B, 0x4381506E03F, 0x180000, 0x0}, {0x1C21185DFAAA11, 0x3C012B0C0, 0x2000, 0x0, 0x0}}
-var CURVE_BB = [4][4][5]int64{{{0x11C0A6332B0CBD, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x7802562, 0x80, 0x0, 0x0, 0x0}}, {{0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBD, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x11C0A6332B0CBC, 0xD6EE0CC906CE7E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}}, {{0x7802562, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}, {0x7802561, 0x80, 0x0, 0x0, 0x0}}, {{0x3C012B2, 0x40, 0x0, 0x0, 0x0}, {0xF004AC2, 0x100, 0x0, 0x0, 0x0}, {0x11C0A62F6AFA0A, 0xD6EE0CC906CE3E, 0x647A6366D2C43F, 0x8702A0DB0BDDF, 0x24000000}, {0x3C012B2, 0x40, 0x0, 0x0, 0x0}}}
-
-// BN Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_A int= 0
-var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]int64 {0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482}
-var CURVE_Bnx=[...]int64 {0x80000000000001,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]int64 {0x80000000000007,0x6CD,0x40000000024909,0x49B362,0x0}
-var CURVE_Fra=[...]int64 {0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619}
-var CURVE_Frb=[...]int64 {0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69}
-var CURVE_Pxa=[...]int64 {0xAB2C7935FD0CB4,0xE319E4FCC57C2B,0x24F6DF763B05A5,0xF55EA7EA335FB7,0x95B04D4}
-var CURVE_Pxb=[...]int64 {0xA07D0790962455,0x86BE3D27AA5E38,0x89E05747F39D6D,0xC08347B49D42BF,0x5D4D8A7}
-var CURVE_Pya=[...]int64 {0xADCE687A08A46C,0x2B30E98A4191F9,0x4C3784B1F16908,0x25E5313FA16D1C,0xABF2ABF}
-var CURVE_Pyb=[...]int64 {0xDF88D405F306EC,0x82076ADD13A0E6,0x1E47819D6A5C04,0xE679DABDB38627,0x18769A87}
-var CURVE_Gx =[...]int64 {0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482}
-var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]int64{{0x3,0x80000000000204,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]int64 {{{0x4,0x80000000000285,0x6181,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482}}}
-var CURVE_WB=[4][5]int64 {{0x80000000000000,0x80000000000040,0x2080,0x0,0x0},{0x80000000000005,0x54A,0x8000000001C707,0x312241,0x0},{0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120,0x0},{0x80000000000001,0x800000000000C1,0x2080,0x0,0x0}}
-var CURVE_BB=[4][4][5]int64 {{{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x2,0x81,0x0,0x0,0x0}},{{0x1,0x81,0x0,0x0,0x0},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482}},{{0x2,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0},{0x1,0x81,0x0,0x0,0x0}},{{0x80000000000002,0x40,0x0,0x0,0x0},{0x2,0x102,0x0,0x0,0x0},{0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x80000000000002,0x40,0x0,0x0,0x0}}}
-*/
-
-// BNT Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_A int= 0
-var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]int64 {0x75777E8D30210D,0xD43492B2CB363A,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}
-var CURVE_Bnx=[...]int64 {0x806000004081,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]int64 {0xEB53D5AB4FCD87,0x82A5F2BAB11FAD,0x47651504C9764C,0x4801B1,0x0}
-var CURVE_Fra=[...]int64 {0xF5D14EADC80022,0x4904D6FACCE359,0xF190A13211BE6C,0xC9BBC4394F6509,0x1328A292}
-var CURVE_Frb=[...]int64 {0xA7EAB040ECA6F1,0xC513DF997D764,0x450657A3DEB01E,0x9B5B3D15AAA6A1,0x10D87E48}
-var CURVE_Pxa=[...]int64 {0x8987E2288E65BB,0xAD1CAA6313BE,0x325041548B7CCC,0x4C1339EBCC055,0x14483FCD}
-var CURVE_Pxb=[...]int64 {0x67888808DBE2C0,0x7FE1F81E34853A,0xA631A51B57B95,0x384EC302DA3FC5,0x87F46B3}
-var CURVE_Pya=[...]int64 {0x202C47E020CA1D,0xB4167E8399F36C,0xC6E5439F72C94C,0x102B0BD74A2C69,0x14E8C29C}
-var CURVE_Pyb=[...]int64 {0xD8437C716628F2,0x27E167BCB7DC6B,0xA82C7572681D0A,0x62454BD1EDEC18,0x17AFE2A4}
-var CURVE_Gx =[...]int64 {0x9DBBFEEEB4A712,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB}
-var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]int64{{0x26430061838403,0x81218241998384,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]int64 {{{0x2743C061840504,0x81218241998404,0x6001,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x4F347E2BAC9D0A,0x5313107131B2B6,0x3696F8D5EFAE87,0x6517014EFA0BAB,0x240120DB}}}
-var CURVE_WB=[4][5]int64 {{0x6140602080C080,0x806080C08880C1,0x2000,0x0,0x0},{0xB53904088C4A85,0xAD2FA352DC6C36,0xDA436358868EDE,0x300120,0x0},{0x5ADCB204464583,0x5697D1A96E363B,0x6D21B1AC43476F,0x180090,0x0},{0x62412020814181,0x806080C0888141,0x2000,0x0,0x0}}
-var CURVE_BB=[4][4][5]int64 {{{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x100C000008102,0x80,0x0,0x0,0x0}},{{0x100C000008101,0x80,0x0,0x0,0x0},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}},{{0x100C000008102,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0},{0x100C000008101,0x80,0x0,0x0,0x0}},{{0x806000004082,0x40,0x0,0x0,0x0},{0x2018000010202,0x100,0x0,0x0,0x0},{0x7476BE8D2FA00A,0xD43492B2CB35BA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x806000004082,0x40,0x0,0x0,0x0}}}
-*/
-
-// BNT2 Curve
-/*
-const CURVETYPE int=WEIERSTRASS
-const CURVE_A int= 0
-var CURVE_B = [...]int64 {0x2,0x0,0x0,0x0,0x0}
-var CURVE_Order=[...]int64 {0xFB71A511AA2BF5,0x8DE127B73833D7,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}
-var CURVE_Bnx=[...]int64 {0x20100608205,0x40,0x0,0x0,0x0}
-var CURVE_Cru=[...]int64 {0x5027444866BD33,0x5B773016470EFB,0xC3617BECF23675,0x480006,0x0}
-var CURVE_Fra=[...]int64 {0xB268C973AEF062,0xC69B33C3BCE492,0xF67FA37F195BBC,0x29E8CAB6BD0A41,0x124E0B8D}
-var CURVE_Frb=[...]int64 {0x736240B1B429,0xCD48F52D196D56,0x18BBE650E72612,0x17268FF6FA43DE,0x11B1F8F5}
-var CURVE_Pxa=[...]int64 {0xCC92399F40A3C8,0xCDA4E96611784A,0x7B056961706B35,0x9693C6318279D7,0x16FC17CF}
-var CURVE_Pxb=[...]int64 {0x557A8AD8549540,0x6F7BE6F6510610,0x565907A95D17DB,0xBD5975909C8188,0x1EB5B500}
-var CURVE_Pya=[...]int64 {0x7BECC514220513,0x4A78860E737B14,0x51B83935F12684,0x761422AA9D4DFA,0x1E8EE498}
-var CURVE_Pyb=[...]int64 {0xB9328F577CE78E,0xB746E26FA5781F,0xA93DBC1FB8E27E,0xBAE33BDBA29D76,0x23CEF4CD}
-var CURVE_Gx =[...]int64 {0xB2DC2BB460A48A,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482}
-var CURVE_Gy =[...]int64 {0x1,0x0,0x0,0x0,0x0}
-var CURVE_W=[2][5]int64 {{0xB76282A1347083,0x60301399E1D10,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}}
-var CURVE_SB=[2][2][5]int64 {{{0xB76684A1F5748C,0x60301399E1D90,0x6000,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0x440F227075BB72,0x87DE267D9A16C7,0xF3B89CFFFC1CF,0x410F5AADB74E20,0x24000482}}}
-var CURVE_WB=[4][5]int64 {{0x9272D48A70A224,0x20100688A0945,0x2000,0x0,0x0},{0x5A572CF030EF19,0x9651763543721D,0x8240FD48A1B9A3,0x300004,0x0},{0xAD2C96F848B88F,0xCB28BB1AA1B92E,0x41207EA450DCD1,0x180002,0x0},{0x9276D68B31A62D,0x20100688A09C5,0x2000,0x0,0x0}}
-var CURVE_BB=[4][4][5]int64 {{{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x40200C1040A,0x80,0x0,0x0,0x0}},{{0x40200C10409,0x80,0x0,0x0,0x0},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}},{{0x40200C1040A,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0},{0x40200C10409,0x80,0x0,0x0,0x0}},{{0x20100608206,0x40,0x0,0x0,0x0},{0x80401820812,0x100,0x0,0x0,0x0},{0xFB6DA310E927EA,0x8DE127B7383357,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x20100608206,0x40,0x0,0x0,0x0}}}
-*/
-
-const USE_GLV bool = true
-const USE_GS_G2 bool = true
-const USE_GS_GT bool = true
-const GT_STRONG bool = true
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/RSA.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/RSA.go b/go/amcl-go/RSA.go
deleted file mode 100644
index 5b1cf5b..0000000
--- a/go/amcl-go/RSA.go
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-package amcl
-
-import "fmt"
-
-const RSA_RFS int = int(MODBYTES) * FFLEN
-
-type rsa_private_key struct {
- p, q, dp, dq, c *FF
-}
-
-func New_rsa_private_key(n int) *rsa_private_key {
- SK := new(rsa_private_key)
- SK.p = NewFFint(n)
- SK.q = NewFFint(n)
- SK.dp = NewFFint(n)
- SK.dq = NewFFint(n)
- SK.c = NewFFint(n)
- return SK
-}
-
-type rsa_public_key struct {
- e int
- n *FF
-}
-
-func New_rsa_public_key(m int) *rsa_public_key {
- PK := new(rsa_public_key)
- PK.e = 0
- PK.n = NewFFint(m)
- return PK
-}
-
-func RSA_KEY_PAIR(rng *RAND, e int, PRIV *rsa_private_key, PUB *rsa_public_key) { /* IEEE1363 A16.11/A16.12 more or less */
- n := PUB.n.getlen() / 2
- t := NewFFint(n)
- p1 := NewFFint(n)
- q1 := NewFFint(n)
-
- for true {
- PRIV.p.random(rng)
- for PRIV.p.lastbits(2) != 3 {
- PRIV.p.inc(1)
- }
- for !prime(PRIV.p, rng) {
- PRIV.p.inc(4)
- }
-
- p1.copy(PRIV.p)
- p1.dec(1)
-
- if p1.cfactor(e) {
- continue
- }
- break
- }
-
- for true {
- PRIV.q.random(rng)
- for PRIV.q.lastbits(2) != 3 {
- PRIV.q.inc(1)
- }
- for !prime(PRIV.q, rng) {
- PRIV.q.inc(4)
- }
-
- q1.copy(PRIV.q)
- q1.dec(1)
-
- if q1.cfactor(e) {
- continue
- }
-
- break
- }
-
- PUB.n = ff_mul(PRIV.p, PRIV.q)
- PUB.e = e
-
- t.copy(p1)
- t.shr()
- PRIV.dp.set(e)
- PRIV.dp.invmodp(t)
- if PRIV.dp.parity() == 0 {
- PRIV.dp.add(t)
- }
- PRIV.dp.norm()
-
- t.copy(q1)
- t.shr()
- PRIV.dq.set(e)
- PRIV.dq.invmodp(t)
- if PRIV.dq.parity() == 0 {
- PRIV.dq.add(t)
- }
- PRIV.dq.norm()
-
- PRIV.c.copy(PRIV.p)
- PRIV.c.invmodp(PRIV.q)
-
-}
-
-/* Mask Generation Function */
-
-func RSA_MGF1(Z []byte, olen int, K []byte) {
- H := NewHASH()
- hlen := 32
-
- var k int = 0
- for i := 0; i < len(K); i++ {
- K[i] = 0
- }
-
- cthreshold := olen / hlen
- if olen%hlen != 0 {
- cthreshold++
- }
- for counter := 0; counter < cthreshold; counter++ {
- H.Process_array(Z)
- H.Process_num(int32(counter))
- B := H.Hash()
-
- if k+hlen > olen {
- for i := 0; i < olen%hlen; i++ {
- K[k] = B[i]
- k++
- }
- } else {
- for i := 0; i < hlen; i++ {
- K[k] = B[i]
- k++
- }
- }
- }
-}
-
-func RSA_printBinary(array []byte) {
- for i := 0; i < len(array); i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
-
-/* OAEP Message Encoding for Encryption */
-func RSA_OAEP_ENCODE(m []byte, rng *RAND, p []byte) []byte {
- olen := RSA_RFS - 1
- mlen := len(m)
- var f [RSA_RFS]byte
-
- H := NewHASH()
- hlen := 32
- var SEED [32]byte
- seedlen := hlen
- if mlen > olen-hlen-seedlen-1 {
- return nil
- }
-
- var DBMASK [RSA_RFS - 1 - 32]byte
-
- if p != nil {
- H.Process_array(p)
- }
- h := H.Hash()
- for i := 0; i < hlen; i++ {
- f[i] = h[i]
- }
-
- slen := olen - mlen - hlen - seedlen - 1
-
- for i := 0; i < slen; i++ {
- f[hlen+i] = 0
- }
- f[hlen+slen] = 1
- for i := 0; i < mlen; i++ {
- f[hlen+slen+1+i] = m[i]
- }
-
- for i := 0; i < seedlen; i++ {
- SEED[i] = rng.GetByte()
- }
- RSA_MGF1(SEED[:], olen-seedlen, DBMASK[:])
-
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] ^= f[i]
- }
- RSA_MGF1(DBMASK[:], seedlen, f[:])
-
- for i := 0; i < seedlen; i++ {
- f[i] ^= SEED[i]
- }
-
- for i := 0; i < olen-seedlen; i++ {
- f[i+seedlen] = DBMASK[i]
- }
-
- /* pad to length RFS */
- d := 1
- for i := RSA_RFS - 1; i >= d; i-- {
- f[i] = f[i-d]
- }
- for i := d - 1; i >= 0; i-- {
- f[i] = 0
- }
- return f[:]
-}
-
-/* OAEP Message Decoding for Decryption */
-func RSA_OAEP_DECODE(p []byte, f []byte) []byte {
- olen := RSA_RFS - 1
-
- H := NewHASH()
- hlen := 32
- var SEED [32]byte
- seedlen := hlen
- var CHASH [32]byte
-
- if olen < seedlen+hlen+1 {
- return nil
- }
- var DBMASK [RSA_RFS - 1 - 32]byte
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] = 0
- }
-
- if len(f) < RSA_RFS {
- d := RSA_RFS - len(f)
- for i := RSA_RFS - 1; i >= d; i-- {
- f[i] = f[i-d]
- }
- for i := d - 1; i >= 0; i-- {
- f[i] = 0
- }
- }
-
- if p != nil {
- H.Process_array(p)
- }
- h := H.Hash()
- for i := 0; i < hlen; i++ {
- CHASH[i] = h[i]
- }
-
- x := f[0]
-
- for i := seedlen; i < olen; i++ {
- DBMASK[i-seedlen] = f[i+1]
- }
-
- RSA_MGF1(DBMASK[:], seedlen, SEED[:])
- for i := 0; i < seedlen; i++ {
- SEED[i] ^= f[i+1]
- }
- RSA_MGF1(SEED[:], olen-seedlen, f)
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] ^= f[i]
- }
-
- comp := true
- for i := 0; i < hlen; i++ {
- if CHASH[i] != DBMASK[i] {
- comp = false
- }
- }
-
- for i := 0; i < olen-seedlen-hlen; i++ {
- DBMASK[i] = DBMASK[i+hlen]
- }
-
- for i := 0; i < hlen; i++ {
- SEED[i] = 0
- CHASH[i] = 0
- }
-
- var k int
- for k = 0; ; k++ {
- if k >= olen-seedlen-hlen {
- return nil
- }
- if DBMASK[k] != 0 {
- break
- }
- }
-
- t := DBMASK[k]
- if !comp || x != 0 || t != 0x01 {
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] = 0
- }
- return nil
- }
-
- var r = make([]byte, olen-seedlen-hlen-k-1)
-
- for i := 0; i < olen-seedlen-hlen-k-1; i++ {
- r[i] = DBMASK[i+k+1]
- }
-
- for i := 0; i < olen-seedlen; i++ {
- DBMASK[i] = 0
- }
-
- return r
-}
-
-/* destroy the Private Key structure */
-func RSA_PRIVATE_KEY_KILL(PRIV *rsa_private_key) {
- PRIV.p.zero()
- PRIV.q.zero()
- PRIV.dp.zero()
- PRIV.dq.zero()
- PRIV.c.zero()
-}
-
-/* RSA encryption with the public key */
-func RSA_ENCRYPT(PUB *rsa_public_key, F []byte, G []byte) {
- n := PUB.n.getlen()
- f := NewFFint(n)
-
- ff_fromBytes(f, F)
- f.power(PUB.e, PUB.n)
- f.toBytes(G)
-}
-
-/* RSA decryption with the private key */
-func RSA_DECRYPT(PRIV *rsa_private_key, G []byte, F []byte) {
- n := PRIV.p.getlen()
- g := NewFFint(2 * n)
-
- ff_fromBytes(g, G)
- jp := g.dmod(PRIV.p)
- jq := g.dmod(PRIV.q)
-
- jp.skpow(PRIV.dp, PRIV.p)
- jq.skpow(PRIV.dq, PRIV.q)
-
- g.zero()
- g.dscopy(jp)
- jp.mod(PRIV.q)
- if ff_comp(jp, jq) > 0 {
- jq.add(PRIV.q)
- }
- jq.sub(jp)
- jq.norm()
-
- t := ff_mul(PRIV.c, jq)
- jq = t.dmod(PRIV.q)
-
- t = ff_mul(jq, PRIV.p)
- g.add(t)
- g.norm()
-
- g.toBytes(F)
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/UTILS.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/UTILS.go b/go/amcl-go/UTILS.go
deleted file mode 100644
index b9b9ecb..0000000
--- a/go/amcl-go/UTILS.go
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-// Generate random six digit value
-func GENERATE_OTP(rng *RAND) int {
- OTP := 0
- mult := 1
- for i := 0; i < 6; i++ {
- val := int(rng.GetByte())
- if val < 0 {
- val = -val
- }
- val = val % 10
- OTP = val*mult + OTP
- mult = mult * 10
- }
- return OTP
-}
-
-// Generate a random byte array
-func GENERATE_RANDOM(rng *RAND, randomLen int) []byte {
- random := make([]byte, randomLen)
- for i := 0; i < randomLen; i++ {
- random[i] = rng.GetByte()
- }
- return random
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/UTILS_test.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/UTILS_test.go b/go/amcl-go/UTILS_test.go
deleted file mode 100644
index 17058cc..0000000
--- a/go/amcl-go/UTILS_test.go
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-import (
- "encoding/hex"
- "fmt"
- "testing"
-)
-
-func TestGENERATE_OTP(t *testing.T) {
- cases := []int{751847, 625436, 628111, 611804, 148564, 202193, 794783, 631944, 544480, 384313}
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate the one time passwords
- for _, want := range cases {
- got := GENERATE_OTP(rng)
- if got != want {
- t.Errorf("One Time Passord %d != %d", got, want)
- }
- }
-}
-
-func TestGENERATE_RANDOM(t *testing.T) {
- cases := []string{"57d662d39b1b245da469e89c", "155babf8de4204e68a656f42", "727e1980e01f996d977a0a34", "7b6c39221d89546895153f10", "32e40e9ad6f50dab3f5ec63f", "f6962a1fc5add13277900871", "93ae541acd6dc3264c19a12a", "faf196291d0820c611d3fcd4", "ba0602f0f6df1908dbcffe5b", "9e93cf35ccd5141e367cf2fd"}
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate the one time passwords
- for _, want := range cases {
- val := GENERATE_RANDOM(rng, 12)
- got := hex.EncodeToString(val)
- if got != want {
- t.Errorf("One Time Passord %s != %s", got, want)
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/crypto.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/crypto.go b/go/amcl-go/crypto.go
deleted file mode 100644
index e2b8bbb..0000000
--- a/go/amcl-go/crypto.go
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-const EAS int = 16
-const EGS int = int(MODBYTES)
-const EFS int = int(MODBYTES)
-const HASH_BYTES int = 32
-const IVS int = 12
-const G1S = 2*EFS + 1
-const G2S = 4 * EFS
-const GTS = 12 * EFS
-
-/* create random secret S. Use GO RNG */
-func MPIN_RANDOM_GENERATE_WRAP(RNG *RAND) (int, []byte) {
- var S [EGS]byte
- errorCode := MPIN_RANDOM_GENERATE(RNG, S[:])
- return errorCode, S[:]
-}
-
-/* Extract Server Secret SS=S*Q where Q is fixed generator in G2 and S is master secret */
-func MPIN_GET_SERVER_SECRET_WRAP(S []byte) (int, []byte) {
- var SS [G2S]byte
- errorCode := MPIN_GET_SERVER_SECRET(S[:], SS[:])
- return errorCode, SS[:]
-}
-
-/* R=R1+R2 in group G1 */
-func MPIN_RECOMBINE_G1_WRAP(R1 []byte, R2 []byte) (int, []byte) {
- var R [G1S]byte
- errorCode := MPIN_RECOMBINE_G1(R1[:], R2[:], R[:])
- return errorCode, R[:]
-}
-
-/* W=W1+W2 in group G2 */
-func MPIN_RECOMBINE_G2_WRAP(W1 []byte, W2 []byte) (int, []byte) {
- var W [G2S]byte
- errorCode := MPIN_RECOMBINE_G2(W1[:], W2[:], W[:])
- return errorCode, W[:]
-}
-
-/* Client secret CS=S*H(ID) where ID is client ID and S is master secret */
-/* CID is hashed externally */
-func MPIN_GET_CLIENT_SECRET_WRAP(S []byte, ID []byte) (int, []byte) {
- var CS [G1S]byte
- errorCode := MPIN_GET_CLIENT_SECRET(S[:], ID[:], CS[:])
- return errorCode, CS[:]
-}
-
-/* Time Permit TP=S*(date|H(ID)) where S is master secret */
-func MPIN_GET_CLIENT_PERMIT_WRAP(date int, S []byte, ID []byte) (int, []byte) {
- var TP [G1S]byte
- errorCode := MPIN_GET_CLIENT_PERMIT(date, S[:], ID[:], TP[:])
- return errorCode, TP[:]
-}
-
-/* Extract PIN from CS for identity CID to form TOKEN */
-func MPIN_EXTRACT_PIN_WRAP(ID []byte, PIN int, CS []byte) (int, []byte) {
- CSIn := make([]byte, G1S)
- copy(CSIn, CS)
- errorCode := MPIN_EXTRACT_PIN(ID[:], PIN, CSIn[:])
- return errorCode, CSIn[:]
-}
-
-/* One pass MPIN Client. Using GO RNG */
-func MPIN_CLIENT_WRAP(date, TimeValue, PIN int, RNG *RAND, ID, X, TOKEN, TP, MESSAGE []byte) (int, []byte, []byte, []byte, []byte, []byte) {
- var Y [EGS]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- errorCode := MPIN_CLIENT(date, ID, RNG, X[:], PIN, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, TimeValue, Y[:])
- return errorCode, X[:], Y[:], SEC[:], U[:], UT[:]
-}
-
-// Precompute values for use by the client side of M-Pin Full
-func MPIN_PRECOMPUTE_WRAP(TOKEN []byte, ID []byte) (int, []byte, []byte) {
- var GT1 [GTS]byte
- var GT2 [GTS]byte
- errorCode := MPIN_PRECOMPUTE(TOKEN[:], ID[:], GT1[:], GT2[:])
- return errorCode, GT1[:], GT2[:]
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if typ=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
- Use GO RNG
-*/
-func MPIN_GET_G1_MULTIPLE_WRAP(RNG *RAND, typ int, X, G []byte) (int, []byte, []byte) {
- var Z [G1S]byte
- errorCode := MPIN_GET_G1_MULTIPLE(RNG, typ, X[:], G[:], Z[:])
- return errorCode, X[:], Z[:]
-}
-
-/* One pass MPIN Server */
-func MPIN_SERVER_WRAP(date int, TimeValue int, SS, U, UT, V, ID, MESSAGE []byte) (int, []byte, []byte, []byte, []byte, []byte) {
- var HID [G1S]byte
- var HTID [G1S]byte
- var Y [EGS]byte
- var E [GTS]byte
- var F [GTS]byte
-
- errorCode := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:], E[:], F[:], ID[:], MESSAGE[:], TimeValue)
-
- return errorCode, HID[:], HTID[:], Y[:], E[:], F[:]
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-func MPIN_SERVER_KEY_WRAP(Z, SS, W, U, UT []byte) (int, []byte) {
- var SK [EAS]byte
- errorCode := MPIN_SERVER_KEY(Z[:], SS[:], W[:], U[:], UT[:], SK[:])
- return errorCode, SK[:]
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-func MPIN_CLIENT_KEY_WRAP(PIN int, GT1, GT2, R, X, T []byte) (int, []byte) {
- var CK [EAS]byte
- errorCode := MPIN_CLIENT_KEY(GT1[:], GT2[:], PIN, R[:], X[:], T[:], CK[:])
- return errorCode, CK[:]
-}
-
-/* Extract big type PIN.hash(ID) from CS to form TOKEN */
-func MPIN_EXTRACT_BIG_PIN_WRAP(ID, PIN, CS []byte) (int, []byte) {
- TOKEN := make([]byte, G1S)
- pin := fromBytes(PIN)
- P := ECP_fromBytes(CS)
- if P.is_infinity() {
- return MPIN_INVALID_POINT, TOKEN[:]
- }
- h := Hashit(0, ID)
- R := mapit(h)
-
- R = R.mul(pin)
- P.sub(R)
-
- P.toBytes(TOKEN)
-
- return 0, TOKEN[:]
-}
-
-/* Add big type PIN.hash(ID) to TOKEN for identity ID to form CS */
-func MPIN_ADD_BIG_PIN_WRAP(ID, PIN, TOKEN []byte) (int, []byte) {
- CS := make([]byte, G1S)
- pin := fromBytes(PIN)
- P := ECP_fromBytes(TOKEN)
- if P.is_infinity() {
- return MPIN_INVALID_POINT, CS[:]
- }
- h := Hashit(0, ID)
- R := mapit(h)
-
- R = R.mul(pin)
- P.add(R)
-
- P.toBytes(CS)
-
- return 0, CS[:]
-}
-
-/* dst = a ^ b ^ c */
-func XORBytes(a, b, c []byte) ([]byte, int) {
- n := len(a)
- dst := make([]byte, n)
- if (len(b) != n) || (len(c) != n) {
- return dst[:], 1
- }
- for i := 0; i < n; i++ {
- dst[i] = a[i] ^ b[i] ^ c[i]
- }
- return dst[:], 0
-}
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
-func MPIN_SERVER_1_WRAP(date int, ID []byte) ([]byte, []byte) {
- var HID [G1S]byte
- var HTID [G1S]byte
- MPIN_SERVER_1(date, ID, HID[:], HTID[:])
- return HID[:], HTID[:]
-}
-
-/* Implement step 2 of MPin protocol on server side */
-func MPIN_SERVER_2_WRAP(date int, HID []byte, HTID []byte, Y []byte, SS []byte, U []byte, UT []byte, V []byte) (int, []byte, []byte) {
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- errorCode := MPIN_SERVER_2(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:], E[:], F[:])
- return errorCode, E[:], F[:]
-}
-
-/* Implement step 1 on client side of MPin protocol */
-func MPIN_CLIENT_1_WRAP(date int, ID []byte, rng *RAND, X []byte, PIN int, TOKEN []byte, TP []byte) (int, []byte, []byte, []byte, []byte) {
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- errorCode := MPIN_CLIENT_1(date, ID[:], rng, X[:], PIN, TOKEN[:], SEC[:], U[:], UT[:], TP[:])
- return errorCode, X[:], SEC[:], U[:], UT[:]
-}
-
-/* Implement step 2 on client side of MPin protocol */
-func MPIN_CLIENT_2_WRAP(X []byte, Y []byte, SEC []byte) (int, []byte) {
- errorCode := MPIN_CLIENT_2(X[:], Y[:], SEC[:])
- return errorCode, SEC[:]
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/crypto_test.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/crypto_test.go b/go/amcl-go/crypto_test.go
deleted file mode 100644
index 710204e..0000000
--- a/go/amcl-go/crypto_test.go
+++ /dev/null
@@ -1,1194 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-import (
- "crypto/rand"
- "encoding/hex"
- "fmt"
- mathrand "math/rand"
- "testing"
-
- "github.com/stretchr/testify/assert"
-)
-
-const nIter int = 1000
-
-func TestCryptoGoodPIN(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoBadPIN(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- ////// Client //////
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- ////// Server //////
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoBadToken(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, _, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Send UT as V to model bad token
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], UT[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoRandom(t *testing.T) {
- want := 0
-
- for i := 0; i < nIter; i++ {
-
- // Seed value for Random Number Generator (RNG)
- seed := make([]byte, 16)
- rand.Read(seed)
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Epoch time in days
- date := MPIN_today()
-
- // Epoch time in seconds
- timeValue := MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := mathrand.Intn(10000)
- // PIN variable to authenticate
- PIN2 := PIN1
-
- // Assign the End-User a random ID
- ID := make([]byte, 16)
- rand.Read(ID)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
- }
-}
-
-func TestCryptoGoodSignature(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Authenticate
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoSignatureExpired(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- timeValue += 10
- // Authenticate
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoBadSignature(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Authenticate
- MESSAGE[0] = 00
- got, _, _, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoPINError(t *testing.T) {
- want := 1
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, _, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- _, _, _, _, E, F := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
-
- got := MPIN_KANGAROO(E[:], F[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoMPINFull(t *testing.T) {
- want := "0afc948b03b2733a0663571f86411a07"
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Precomputation
- _, G1, G2 := MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID)
-
- // Send U, UT, V, timeValue and Message to server
- var X [EGS]byte
- _, XOut, _, V, U, UT := MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
-
- // Send Z=r.ID to Server
- var R [EGS]byte
- _, ROut, Z := MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:])
-
- // Authenticate
- _, _, HTID, _, _, _ := MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
-
- // send T=w.ID to client
- var W [EGS]byte
- _, WOut, T := MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:])
-
- _, AES_KEY_SERVER := MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], U[:], UT[:])
- got := hex.EncodeToString(AES_KEY_SERVER[:])
- if got != want {
- t.Errorf("%s != %s", want, got)
- }
-
- _, AES_KEY_CLIENT := MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], T[:])
- got = hex.EncodeToString(AES_KEY_CLIENT[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Subtract a 256 bit PIN
-func TestCrypoSubBigPIN(t *testing.T) {
- want := "042182235070802ebc33633e70e6628f48fd896e86dfc40c81227caa2792367a581d461dbba6efa30896c71f427df335885142cc6fb64ba082ff9573b9276475c0"
-
- IDHex := "7465737455736572406365727469766f782e636f6d"
- ID, err := hex.DecodeString(IDHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- TOKENHex := "0422a522b5c05d06cde3a65872656ab596e111c4ea7c0c349bac26f0bdaf7d5f0a1ea8a0cab99d06677cfbc3c8d667e7b0af33b9ed4df007b0ccc8c2b77353bbe6"
- TOKEN, err := hex.DecodeString(TOKENHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- assert.Equal(t, nil, err, "Should be equal")
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate big PIN - 256 bits
- errorCode, PIN := MPIN_RANDOM_GENERATE_WRAP(rng)
- assert.Equal(t, 0, errorCode, "Should be equal")
-
- // Extract big PIN
- errorCode, TK := MPIN_EXTRACT_BIG_PIN_WRAP(ID[:], PIN[:], TOKEN[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(TK[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Add a 256 bit PIN
-func TestCrypoAddBigPIN(t *testing.T) {
- want := "0422a522b5c05d06cde3a65872656ab596e111c4ea7c0c349bac26f0bdaf7d5f0a1ea8a0cab99d06677cfbc3c8d667e7b0af33b9ed4df007b0ccc8c2b77353bbe6"
-
- IDHex := "7465737455736572406365727469766f782e636f6d"
- ID, err := hex.DecodeString(IDHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- TOKENHex := "042182235070802ebc33633e70e6628f48fd896e86dfc40c81227caa2792367a581d461dbba6efa30896c71f427df335885142cc6fb64ba082ff9573b9276475c0"
- TOKEN, err := hex.DecodeString(TOKENHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- PINHex := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3"
- PIN, err := hex.DecodeString(PINHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- // Extract big PIN
- errorCode, TK := MPIN_ADD_BIG_PIN_WRAP(ID[:], PIN[:], TOKEN[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(TK[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Split key
-func TestCryptoSplitKey(t *testing.T) {
- want := "64b36b7a0395e61350de8839adb019d5ae2134052b8533e7c4bbab3965e0af1b"
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- assert.Equal(t, nil, err, "Should be equal")
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate big PIN - 256 bits
- errorCode, PIN := MPIN_RANDOM_GENERATE_WRAP(rng)
- assert.Equal(t, 0, errorCode, "Should be equal")
- PINHex := hex.EncodeToString(PIN[:])
- PINGoldHex := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3"
- assert.Equal(t, PINGoldHex, PINHex, "Should be equal")
-
- n := len(PIN)
- // Split key by C = PIN ^ A ^ B
- A := GENERATE_RANDOM(rng, n)
-
- B := GENERATE_RANDOM(rng, n)
-
- C, errorCode := XORBytes(PIN[:], A[:], B[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(C[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-// Combine key shares
-func TestCryptoCombineKey(t *testing.T) {
- want := "1b18b8b882daf76a18bf2278fe4e15c62eed8131e708573375fd81a8415014b3"
-
- CHex := "64b36b7a0395e61350de8839adb019d5ae2134052b8533e7c4bbab3965e0af1b"
- C, err := hex.DecodeString(CHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- AHex := "c5add1327790087193ae541acd6dc3264c19a12afaf196291d0820c611d3fcd4"
- A, err := hex.DecodeString(AHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- BHex := "ba0602f0f6df1908dbcffe5b9e93cf35ccd5141e367cf2fdac4e0a573563477c"
- B, err := hex.DecodeString(BHex)
- assert.Equal(t, nil, err, "Should be equal")
-
- // Combine key shares PIN = A ^ B ^ C
- PIN, errorCode := XORBytes(C[:], A[:], B[:])
- assert.Equal(t, 0, errorCode, "Should be equal")
- got := hex.EncodeToString(PIN[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoTwoPassGoodPIN(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoTwoPassBadPIN(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoTwoPassBadToken(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, _ = MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- // Send UT as V to model bad token
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], UT[:])
- assert.Equal(t, want, got, "Should be equal")
-}
-
-func TestCryptoRandomTwoPass(t *testing.T) {
- want := 0
-
- for i := 0; i < nIter; i++ {
-
- // Seed value for Random Number Generator (RNG)
- seed := make([]byte, 16)
- rand.Read(seed)
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Epoch time in days
- date := MPIN_today()
-
- // PIN variable to create token
- PIN1 := mathrand.Intn(10000)
- // PIN variable to authenticate
- PIN2 := PIN1
-
- // Assign the End-User a random ID
- ID := make([]byte, 16)
- rand.Read(ID)
-
- // Generate Master Secret Share 1
- _, MS1 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Generate Master Secret Share 2
- _, MS2 := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- _, SS1 := MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
-
- // Generate server secret share 2
- _, SS2 := MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
-
- // Combine server secret shares
- _, SS := MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
-
- // Generate client secret share 1
- _, CS1 := MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
-
- // Generate client secret share 2
- _, CS2 := MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
-
- // Combine client secret shares
- CS := make([]byte, G1S)
- _, CS = MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
-
- // Generate time permit share 1
- _, TP1 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
-
- // Generate time permit share 2
- _, TP2 := MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
-
- // Combine time permit shares
- _, TP := MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
-
- // Create token
- _, TOKEN := MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
-
- // Client Pass 1
- var X [EGS]byte
- _, _, SEC, U, UT := MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
-
- // Server Pass 1
- HID, HTID := MPIN_SERVER_1_WRAP(date, ID)
- _, Y := MPIN_RANDOM_GENERATE_WRAP(rng)
-
- // Client Pass 2
- _, V := MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
-
- // Server Pass 2
- got, _, _ := MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- assert.Equal(t, want, got, "Should be equal")
-
- }
-}
[26/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/AES.java
----------------------------------------------------------------------
diff --git a/java64/AES.java b/java64/AES.java
deleted file mode 100755
index 08bb2fe..0000000
--- a/java64/AES.java
+++ /dev/null
@@ -1,648 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* AES Encryption */
-
-
-public class AES {
- int mode;
- private int[] fkey=new int[44];
- private int[] rkey=new int[44];
- public byte[] f=new byte[16];
-
-
- public static final int ECB=0;
- public static final int CBC=1;
- public static final int CFB1=2;
- public static final int CFB2=3;
- public static final int CFB4=5;
- public static final int OFB1=14;
- public static final int OFB2=15;
- public static final int OFB4=17;
- public static final int OFB8=21;
- public static final int OFB16=29;
-
- private static final byte[] InCo={(byte)0xB,(byte)0xD,(byte)0x9,(byte)0xE}; /* Inverse Coefficients */
-
- public static final int KS=16; /* Key Size in bytes */
- public static final int BS=16; /* Block Size */
-
- private static final byte[] ptab=
- {(byte)1,(byte)3,(byte)5,(byte)15,(byte)17,(byte)51,(byte)85,(byte)255,(byte)26,(byte)46,(byte)114,(byte)150,(byte)161,(byte)248,(byte)19,(byte)53,
- (byte)95,(byte)225,(byte)56,(byte)72,(byte)216,(byte)115,(byte)149,(byte)164,(byte)247,(byte)2,(byte)6,(byte)10,(byte)30,(byte)34,(byte)102,(byte)170,
- (byte)229,(byte)52,(byte)92,(byte)228,(byte)55,(byte)89,(byte)235,(byte)38,(byte)106,(byte)190,(byte)217,(byte)112,(byte)144,(byte)171,(byte)230,(byte)49,
- (byte)83,(byte)245,(byte)4,(byte)12,(byte)20,(byte)60,(byte)68,(byte)204,(byte)79,(byte)209,(byte)104,(byte)184,(byte)211,(byte)110,(byte)178,(byte)205,
- (byte)76,(byte)212,(byte)103,(byte)169,(byte)224,(byte)59,(byte)77,(byte)215,(byte)98,(byte)166,(byte)241,(byte)8,(byte)24,(byte)40,(byte)120,(byte)136,
- (byte)131,(byte)158,(byte)185,(byte)208,(byte)107,(byte)189,(byte)220,(byte)127,(byte)129,(byte)152,(byte)179,(byte)206,(byte)73,(byte)219,(byte)118,(byte)154,
- (byte)181,(byte)196,(byte)87,(byte)249,(byte)16,(byte)48,(byte)80,(byte)240,(byte)11,(byte)29,(byte)39,(byte)105,(byte)187,(byte)214,(byte)97,(byte)163,
- (byte)254,(byte)25,(byte)43,(byte)125,(byte)135,(byte)146,(byte)173,(byte)236,(byte)47,(byte)113,(byte)147,(byte)174,(byte)233,(byte)32,(byte)96,(byte)160,
- (byte)251,(byte)22,(byte)58,(byte)78,(byte)210,(byte)109,(byte)183,(byte)194,(byte)93,(byte)231,(byte)50,(byte)86,(byte)250,(byte)21,(byte)63,(byte)65,
- (byte)195,(byte)94,(byte)226,(byte)61,(byte)71,(byte)201,(byte)64,(byte)192,(byte)91,(byte)237,(byte)44,(byte)116,(byte)156,(byte)191,(byte)218,(byte)117,
- (byte)159,(byte)186,(byte)213,(byte)100,(byte)172,(byte)239,(byte)42,(byte)126,(byte)130,(byte)157,(byte)188,(byte)223,(byte)122,(byte)142,(byte)137,(byte)128,
- (byte)155,(byte)182,(byte)193,(byte)88,(byte)232,(byte)35,(byte)101,(byte)175,(byte)234,(byte)37,(byte)111,(byte)177,(byte)200,(byte)67,(byte)197,(byte)84,
- (byte)252,(byte)31,(byte)33,(byte)99,(byte)165,(byte)244,(byte)7,(byte)9,(byte)27,(byte)45,(byte)119,(byte)153,(byte)176,(byte)203,(byte)70,(byte)202,
- (byte)69,(byte)207,(byte)74,(byte)222,(byte)121,(byte)139,(byte)134,(byte)145,(byte)168,(byte)227,(byte)62,(byte)66,(byte)198,(byte)81,(byte)243,(byte)14,
- (byte)18,(byte)54,(byte)90,(byte)238,(byte)41,(byte)123,(byte)141,(byte)140,(byte)143,(byte)138,(byte)133,(byte)148,(byte)167,(byte)242,(byte)13,(byte)23,
- (byte)57,(byte)75,(byte)221,(byte)124,(byte)132,(byte)151,(byte)162,(byte)253,(byte)28,(byte)36,(byte)108,(byte)180,(byte)199,(byte)82,(byte)246,(byte)1};
-
- private static final byte[] ltab=
- {(byte)0,(byte)255,(byte)25,(byte)1,(byte)50,(byte)2,(byte)26,(byte)198,(byte)75,(byte)199,(byte)27,(byte)104,(byte)51,(byte)238,(byte)223,(byte)3,
- (byte)100,(byte)4,(byte)224,(byte)14,(byte)52,(byte)141,(byte)129,(byte)239,(byte)76,(byte)113,(byte)8,(byte)200,(byte)248,(byte)105,(byte)28,(byte)193,
- (byte)125,(byte)194,(byte)29,(byte)181,(byte)249,(byte)185,(byte)39,(byte)106,(byte)77,(byte)228,(byte)166,(byte)114,(byte)154,(byte)201,(byte)9,(byte)120,
- (byte)101,(byte)47,(byte)138,(byte)5,(byte)33,(byte)15,(byte)225,(byte)36,(byte)18,(byte)240,(byte)130,(byte)69,(byte)53,(byte)147,(byte)218,(byte)142,
- (byte)150,(byte)143,(byte)219,(byte)189,(byte)54,(byte)208,(byte)206,(byte)148,(byte)19,(byte)92,(byte)210,(byte)241,(byte)64,(byte)70,(byte)131,(byte)56,
- (byte)102,(byte)221,(byte)253,(byte)48,(byte)191,(byte)6,(byte)139,(byte)98,(byte)179,(byte)37,(byte)226,(byte)152,(byte)34,(byte)136,(byte)145,(byte)16,
- (byte)126,(byte)110,(byte)72,(byte)195,(byte)163,(byte)182,(byte)30,(byte)66,(byte)58,(byte)107,(byte)40,(byte)84,(byte)250,(byte)133,(byte)61,(byte)186,
- (byte)43,(byte)121,(byte)10,(byte)21,(byte)155,(byte)159,(byte)94,(byte)202,(byte)78,(byte)212,(byte)172,(byte)229,(byte)243,(byte)115,(byte)167,(byte)87,
- (byte)175,(byte)88,(byte)168,(byte)80,(byte)244,(byte)234,(byte)214,(byte)116,(byte)79,(byte)174,(byte)233,(byte)213,(byte)231,(byte)230,(byte)173,(byte)232,
- (byte)44,(byte)215,(byte)117,(byte)122,(byte)235,(byte)22,(byte)11,(byte)245,(byte)89,(byte)203,(byte)95,(byte)176,(byte)156,(byte)169,(byte)81,(byte)160,
- (byte)127,(byte)12,(byte)246,(byte)111,(byte)23,(byte)196,(byte)73,(byte)236,(byte)216,(byte)67,(byte)31,(byte)45,(byte)164,(byte)118,(byte)123,(byte)183,
- (byte)204,(byte)187,(byte)62,(byte)90,(byte)251,(byte)96,(byte)177,(byte)134,(byte)59,(byte)82,(byte)161,(byte)108,(byte)170,(byte)85,(byte)41,(byte)157,
- (byte)151,(byte)178,(byte)135,(byte)144,(byte)97,(byte)190,(byte)220,(byte)252,(byte)188,(byte)149,(byte)207,(byte)205,(byte)55,(byte)63,(byte)91,(byte)209,
- (byte)83,(byte)57,(byte)132,(byte)60,(byte)65,(byte)162,(byte)109,(byte)71,(byte)20,(byte)42,(byte)158,(byte)93,(byte)86,(byte)242,(byte)211,(byte)171,
- (byte)68,(byte)17,(byte)146,(byte)217,(byte)35,(byte)32,(byte)46,(byte)137,(byte)180,(byte)124,(byte)184,(byte)38,(byte)119,(byte)153,(byte)227,(byte)165,
- (byte)103,(byte)74,(byte)237,(byte)222,(byte)197,(byte)49,(byte)254,(byte)24,(byte)13,(byte)99,(byte)140,(byte)128,(byte)192,(byte)247,(byte)112,(byte)7};
-
- private static final byte[] fbsub=
- {(byte)99,(byte)124,(byte)119,(byte)123,(byte)242,(byte)107,(byte)111,(byte)197,(byte)48,(byte)1,(byte)103,(byte)43,(byte)254,(byte)215,(byte)171,(byte)118,
- (byte)202,(byte)130,(byte)201,(byte)125,(byte)250,(byte)89,(byte)71,(byte)240,(byte)173,(byte)212,(byte)162,(byte)175,(byte)156,(byte)164,(byte)114,(byte)192,
- (byte)183,(byte)253,(byte)147,(byte)38,(byte)54,(byte)63,(byte)247,(byte)204,(byte)52,(byte)165,(byte)229,(byte)241,(byte)113,(byte)216,(byte)49,(byte)21,
- (byte)4,(byte)199,(byte)35,(byte)195,(byte)24,(byte)150,(byte)5,(byte)154,(byte)7,(byte)18,(byte)128,(byte)226,(byte)235,(byte)39,(byte)178,(byte)117,
- (byte)9,(byte)131,(byte)44,(byte)26,(byte)27,(byte)110,(byte)90,(byte)160,(byte)82,(byte)59,(byte)214,(byte)179,(byte)41,(byte)227,(byte)47,(byte)132,
- (byte)83,(byte)209,(byte)0,(byte)237,(byte)32,(byte)252,(byte)177,(byte)91,(byte)106,(byte)203,(byte)190,(byte)57,(byte)74,(byte)76,(byte)88,(byte)207,
- (byte)208,(byte)239,(byte)170,(byte)251,(byte)67,(byte)77,(byte)51,(byte)133,(byte)69,(byte)249,(byte)2,(byte)127,(byte)80,(byte)60,(byte)159,(byte)168,
- (byte)81,(byte)163,(byte)64,(byte)143,(byte)146,(byte)157,(byte)56,(byte)245,(byte)188,(byte)182,(byte)218,(byte)33,(byte)16,(byte)255,(byte)243,(byte)210,
- (byte)205,(byte)12,(byte)19,(byte)236,(byte)95,(byte)151,(byte)68,(byte)23,(byte)196,(byte)167,(byte)126,(byte)61,(byte)100,(byte)93,(byte)25,(byte)115,
- (byte)96,(byte)129,(byte)79,(byte)220,(byte)34,(byte)42,(byte)144,(byte)136,(byte)70,(byte)238,(byte)184,(byte)20,(byte)222,(byte)94,(byte)11,(byte)219,
- (byte)224,(byte)50,(byte)58,(byte)10,(byte)73,(byte)6,(byte)36,(byte)92,(byte)194,(byte)211,(byte)172,(byte)98,(byte)145,(byte)149,(byte)228,(byte)121,
- (byte)231,(byte)200,(byte)55,(byte)109,(byte)141,(byte)213,(byte)78,(byte)169,(byte)108,(byte)86,(byte)244,(byte)234,(byte)101,(byte)122,(byte)174,(byte)8,
- (byte)186,(byte)120,(byte)37,(byte)46,(byte)28,(byte)166,(byte)180,(byte)198,(byte)232,(byte)221,(byte)116,(byte)31,(byte)75,(byte)189,(byte)139,(byte)138,
- (byte)112,(byte)62,(byte)181,(byte)102,(byte)72,(byte)3,(byte)246,(byte)14,(byte)97,(byte)53,(byte)87,(byte)185,(byte)134,(byte)193,(byte)29,(byte)158,
- (byte)225,(byte)248,(byte)152,(byte)17,(byte)105,(byte)217,(byte)142,(byte)148,(byte)155,(byte)30,(byte)135,(byte)233,(byte)206,(byte)85,(byte)40,(byte)223,
- (byte)140,(byte)161,(byte)137,(byte)13,(byte)191,(byte)230,(byte)66,(byte)104,(byte)65,(byte)153,(byte)45,(byte)15,(byte)176,(byte)84,(byte)187,(byte)22};
-
- private static final byte[] rbsub=
- {(byte)82,(byte)9,(byte)106,(byte)213,(byte)48,(byte)54,(byte)165,(byte)56,(byte)191,(byte)64,(byte)163,(byte)158,(byte)129,(byte)243,(byte)215,(byte)251,
- (byte)124,(byte)227,(byte)57,(byte)130,(byte)155,(byte)47,(byte)255,(byte)135,(byte)52,(byte)142,(byte)67,(byte)68,(byte)196,(byte)222,(byte)233,(byte)203,
- (byte)84,(byte)123,(byte)148,(byte)50,(byte)166,(byte)194,(byte)35,(byte)61,(byte)238,(byte)76,(byte)149,(byte)11,(byte)66,(byte)250,(byte)195,(byte)78,
- (byte)8,(byte)46,(byte)161,(byte)102,(byte)40,(byte)217,(byte)36,(byte)178,(byte)118,(byte)91,(byte)162,(byte)73,(byte)109,(byte)139,(byte)209,(byte)37,
- (byte)114,(byte)248,(byte)246,(byte)100,(byte)134,(byte)104,(byte)152,(byte)22,(byte)212,(byte)164,(byte)92,(byte)204,(byte)93,(byte)101,(byte)182,(byte)146,
- (byte)108,(byte)112,(byte)72,(byte)80,(byte)253,(byte)237,(byte)185,(byte)218,(byte)94,(byte)21,(byte)70,(byte)87,(byte)167,(byte)141,(byte)157,(byte)132,
- (byte)144,(byte)216,(byte)171,(byte)0,(byte)140,(byte)188,(byte)211,(byte)10,(byte)247,(byte)228,(byte)88,(byte)5,(byte)184,(byte)179,(byte)69,(byte)6,
- (byte)208,(byte)44,(byte)30,(byte)143,(byte)202,(byte)63,(byte)15,(byte)2,(byte)193,(byte)175,(byte)189,(byte)3,(byte)1,(byte)19,(byte)138,(byte)107,
- (byte)58,(byte)145,(byte)17,(byte)65,(byte)79,(byte)103,(byte)220,(byte)234,(byte)151,(byte)242,(byte)207,(byte)206,(byte)240,(byte)180,(byte)230,(byte)115,
- (byte)150,(byte)172,(byte)116,(byte)34,(byte)231,(byte)173,(byte)53,(byte)133,(byte)226,(byte)249,(byte)55,(byte)232,(byte)28,(byte)117,(byte)223,(byte)110,
- (byte)71,(byte)241,(byte)26,(byte)113,(byte)29,(byte)41,(byte)197,(byte)137,(byte)111,(byte)183,(byte)98,(byte)14,(byte)170,(byte)24,(byte)190,(byte)27,
- (byte)252,(byte)86,(byte)62,(byte)75,(byte)198,(byte)210,(byte)121,(byte)32,(byte)154,(byte)219,(byte)192,(byte)254,(byte)120,(byte)205,(byte)90,(byte)244,
- (byte)31,(byte)221,(byte)168,(byte)51,(byte)136,(byte)7,(byte)199,(byte)49,(byte)177,(byte)18,(byte)16,(byte)89,(byte)39,(byte)128,(byte)236,(byte)95,
- (byte)96,(byte)81,(byte)127,(byte)169,(byte)25,(byte)181,(byte)74,(byte)13,(byte)45,(byte)229,(byte)122,(byte)159,(byte)147,(byte)201,(byte)156,(byte)239,
- (byte)160,(byte)224,(byte)59,(byte)77,(byte)174,(byte)42,(byte)245,(byte)176,(byte)200,(byte)235,(byte)187,(byte)60,(byte)131,(byte)83,(byte)153,(byte)97,
- (byte)23,(byte)43,(byte)4,(byte)126,(byte)186,(byte)119,(byte)214,(byte)38,(byte)225,(byte)105,(byte)20,(byte)99,(byte)85,(byte)33,(byte)12,(byte)125};
-
- private static final byte[] rco=
- {(byte)1,(byte)2,(byte)4,(byte)8,(byte)16,(byte)32,(byte)64,(byte)128,(byte)27,(byte)54,(byte)108,(byte)216,(byte)171,(byte)77,(byte)154,(byte)47};
-
- private static final int[] ftable=
- {0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c};
-
- private static final int[] rtable=
- {0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0};
-
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static int ROTL8(int x)
- {
- return (((x)<<8)|((x)>>>24));
- }
-
- private static int ROTL16(int x)
- {
- return (((x)<<16)|((x)>>>16));
- }
-
- private static int ROTL24(int x)
- {
- return (((x)<<24)|((x)>>>8));
- }
-
- private static int pack(byte[] b)
- { /* pack bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
- private static byte[] unpack(int a)
- { /* unpack bytes from a word */
- byte [] b=new byte[4];
- b[0]=(byte)(a);
- b[1]=(byte)(a>>>8);
- b[2]=(byte)(a>>>16);
- b[3]=(byte)(a>>>24);
- return b;
- }
-
- private static byte bmul(byte x,byte y)
- { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- int ix=((int)x)&0xff;
- int iy=((int)y)&0xff;
- int lx=((int)ltab[ix])&0xff;
- int ly=((int)ltab[iy])&0xff;
- if (x!=0 && y!=0) return ptab[(lx+ly)%255];
- else return (byte)0;
- }
-
- // if (x && y)
-
- private static int SubByte(int a)
- {
- byte [] b=unpack(a);
- b[0]=fbsub[(int)b[0]&0xff];
- b[1]=fbsub[(int)b[1]&0xff];
- b[2]=fbsub[(int)b[2]&0xff];
- b[3]=fbsub[(int)b[3]&0xff];
- return pack(b);
- }
-
- private static byte product(int x,int y)
- { /* dot product of two 4-byte arrays */
- byte [] xb;//=new byte[4];
- byte [] yb;//=new byte[4];
- xb=unpack(x);
- yb=unpack(y);
-
- return (byte)(bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]));
- }
-
- private static int InvMixCol(int x)
- { /* matrix Multiplication */
- int y,m;
- byte [] b=new byte[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
- }
-
-/* reset cipher */
- public void reset(int m,byte[] iv)
- { /* reset mode, or reset iv */
- mode=m;
- for (int i=0;i<16;i++)
- f[i]=0;
- if (mode!=ECB && iv!=null)
- for (int i=0;i<16;i++)
- f[i]=iv[i];
- }
-
- public byte[] getreg()
- {
- byte [] ir=new byte[16];
- for (int i=0;i<16;i++) ir[i]=f[i];
- return ir;
- }
-
-/* Initialise cipher */
- public void init(int m,byte[] key,byte[] iv)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nk;
- int [] CipherKey=new int[4];
- byte [] b=new byte[4];
- nk=4;
- reset(m,iv);
- N=44;
-
- for (i=j=0;i<nk;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=key[j+k];
- CipherKey[i]=pack(b);
- }
- for (i=0;i<nk;i++) fkey[i]=CipherKey[i];
- for (j=nk,k=0;j<N;j+=nk,k++)
- {
- fkey[j]=fkey[j-nk]^SubByte(ROTL24(fkey[j-1]))^((int)rco[k])&0xff;
- for (i=1;i<nk && (i+j)<N;i++)
- fkey[i+j]=fkey[i+j-nk]^fkey[i+j-1];
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0;j<4;j++) rkey[j+N-4]=fkey[j];
- for (i=4;i<N-4;i+=4)
- {
- k=N-4-i;
- for (j=0;j<4;j++) rkey[k+j]=InvMixCol(fkey[i+j]);
- }
- for (j=N-4;j<N;j++) rkey[j-N+4]=fkey[j];
- }
-
-/* Encrypt a single block */
- public void ecb_encrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=fkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=fkey[k]^ftable[p[0]&0xff]^
- ROTL8(ftable[(p[1]>>>8)&0xff])^
- ROTL16(ftable[(p[2]>>>16)&0xff])^
- ROTL24(ftable[(p[3]>>>24)&0xff]);
- q[1]=fkey[k+1]^ftable[p[1]&0xff]^
- ROTL8(ftable[(p[2]>>>8)&0xff])^
- ROTL16(ftable[(p[3]>>>16)&0xff])^
- ROTL24(ftable[(p[0]>>>24)&0xff]);
- q[2]=fkey[k+2]^ftable[p[2]&0xff]^
- ROTL8(ftable[(p[3]>>>8)&0xff])^
- ROTL16(ftable[(p[0]>>>16)&0xff])^
- ROTL24(ftable[(p[1]>>>24)&0xff]);
- q[3]=fkey[k+3]^ftable[p[3]&0xff]^
- ROTL8(ftable[(p[0]>>>8)&0xff])^
- ROTL16(ftable[(p[1]>>>16)&0xff])^
- ROTL24(ftable[(p[2]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=fkey[k]^((int)fbsub[p[0]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[3]>>>24)&0xff]&0xff);
-
- q[1]=fkey[k+1]^((int)fbsub[p[1]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[0]>>>24)&0xff]&0xff);
-
- q[2]=fkey[k+2]^((int)fbsub[p[2]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[1]>>>24)&0xff]&0xff);
-
- q[3]=fkey[k+3]^((int)fbsub[(p[3])&0xff]&0xff)^
- ROTL8((int)fbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[2]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
- }
-
-/* Decrypt a single block */
- public void ecb_decrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=rkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=rkey[k]^rtable[p[0]&0xff]^
- ROTL8(rtable[(p[3]>>>8)&0xff])^
- ROTL16(rtable[(p[2]>>>16)&0xff])^
- ROTL24(rtable[(p[1]>>>24)&0xff]);
- q[1]=rkey[k+1]^rtable[p[1]&0xff]^
- ROTL8(rtable[(p[0]>>>8)&0xff])^
- ROTL16(rtable[(p[3]>>>16)&0xff])^
- ROTL24(rtable[(p[2]>>>24)&0xff]);
- q[2]=rkey[k+2]^rtable[p[2]&0xff]^
- ROTL8(rtable[(p[1]>>>8)&0xff])^
- ROTL16(rtable[(p[0]>>>16)&0xff])^
- ROTL24(rtable[(p[3]>>>24)&0xff]);
- q[3]=rkey[k+3]^rtable[p[3]&0xff]^
- ROTL8(rtable[(p[2]>>>8)&0xff])^
- ROTL16(rtable[(p[1]>>>16)&0xff])^
- ROTL24(rtable[(p[0]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=rkey[k]^((int)rbsub[p[0]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[1]>>>24)&0xff]&0xff);
- q[1]=rkey[k+1]^((int)rbsub[p[1]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[2]>>>24)&0xff]&0xff);
- q[2]=rkey[k+2]^((int)rbsub[p[2]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[3]>>>24)&0xff]&0xff);
- q[3]=rkey[k+3]^((int)rbsub[p[3]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[0]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
-
- }
-
-/* Encrypt using selected mode of operation */
- public int encrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
-// Supported Modes of Operation
-
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_encrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++) buff[j]^=f[j];
- ecb_encrypt(buff);
- for (j=0;j<16;j++) f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- buff[j]^=st[j];
- f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
- default:
- return 0;
- }
- }
-
-/* Decrypt using selected mode of operation */
- public int decrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
- // Supported modes of operation
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_decrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++)
- {
- st[j]=f[j];
- f[j]=buff[j];
- }
- ecb_decrypt(buff);
- for (j=0;j<16;j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
-
- default:
- return 0;
- }
- }
-
-/* Clean up and delete left-overs */
- public void end()
- { // clean up
- int i;
- for (i=0;i<44;i++)
- fkey[i]=rkey[i]=0;
- for (i=0;i<16;i++)
- f[i]=0;
- }
-/*
- public static void main(String[] args) {
- int i;
-
- byte[] key=new byte[16];
- byte[] block=new byte[16];
- byte[] iv=new byte[16];
-
- for (i=0;i<16;i++) key[i]=0;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=(byte)i;
- for (i=0;i<16;i++) block[i]=(byte)i;
-
- AES a=new AES();
-
- a.init(CBC,key,iv);
- System.out.println("Plain= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.encrypt(block);
-
- System.out.println("Encrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.reset(CBC,iv);
- a.decrypt(block);
-
- System.out.println("Decrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.end();
-
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/BIG.java
----------------------------------------------------------------------
diff --git a/java64/BIG.java b/java64/BIG.java
deleted file mode 100755
index 737fd1a..0000000
--- a/java64/BIG.java
+++ /dev/null
@@ -1,902 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-public class BIG {
- private long[] w=new long[ROM.NLEN];
-/* Constructors */
- public BIG()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(long[] x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x[i];
- }
-
- public long get(int i)
- {
- return w[i];
- }
-
- public void set(int i,long x)
- {
- w[i]=x;
- }
-
- public void xortop(long x)
- {
- w[ROM.NLEN-1]^=x;
- }
-
- public void ortop(long x)
- {
- w[ROM.NLEN-1]|=x;
- }
-
-/* calculate Field Excess */
- public static long EXCESS(BIG a)
- {
- return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS));
- }
-
-/* test for zero */
- public boolean iszilch() {
- for (int i=0;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* set to one */
- public void one()
- {
- w[0]=1;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* Test for equal to one */
- public boolean isunity()
- {
- for (int i=1;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- if (w[0]!=1) return false;
- return true;
- }
-
-/* Copy from another BIG */
- public void copy(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public void copy(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- public void cswap(BIG b,int d)
- {
- int i;
- long t,c=(long)d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- t=c&(w[i]^b.w[i]);
- w[i]^=t;
- b.w[i]^=t;
- }
- }
-
- public void cmove(BIG g,int d)
- {
- int i;
- long t,b=-d;
-
- for (i=0;i<ROM.NLEN;i++)
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- public long norm() {
- long d,carry=0;
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- w[ROM.NLEN-1]=(w[ROM.NLEN-1]+carry);
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS));
- }
-
-/* Shift right by less than a word */
- public long fshr(int k) {
- long r=w[0]&(((long)1<<k)-1); /* shifted out part */
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=(w[i]>>k)|((w[i+1]<<(ROM.BASEBITS-k))&ROM.MASK);
- w[ROM.NLEN-1]=w[ROM.NLEN-1]>>k;
- return r;
- }
-
-/* general shift right */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.NLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- w[ROM.NLEN-m-1]=w[ROM.NLEN-1]>>n;
- for (int i=ROM.NLEN-m;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* Shift right by less than a word */
- public long fshl(int k) {
- w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<k))|(w[ROM.NLEN-2]>>(ROM.BASEBITS-k));
- for (int i=ROM.NLEN-2;i>0;i--)
- w[i]=((w[i]<<k)&ROM.MASK)|(w[i-1]>>(ROM.BASEBITS-k));
- w[0]=(w[0]<<k)&ROM.MASK;
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in ff.c */
- }
-
-/* general shift left */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.NLEN-1]=((w[ROM.NLEN-1-m]<<n))|(w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.NLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.MASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return number of bits */
- public int nbits() {
- int bts,k=ROM.NLEN-1;
- long c;
- norm();
- while (k>=0 && w[k]==0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
- public String toRawString()
- {
- BIG b=new BIG(this);
- String s="(";
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- s+=Long.toHexString(b.w[i]); s+=",";
- }
- s+=Long.toHexString(b.w[ROM.NLEN-1]); s+=")";
- return s;
- }
-
-/* Convert to Hex String */
- public String toString() {
- BIG b;
- String s="";
- int len=nbits();
-
- if (len%4==0) len/=4;
- else {len/=4; len++;}
- if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2;
-
- for (int i=len-1;i>=0;i--)
- {
- b=new BIG(this);
- b.shr(i*4);
- s+=Long.toHexString(b.w[0]&15);
- }
- return s;
- }
-
-/* return this+x */
- public BIG plus(BIG x) {
- BIG s=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-
-/* this+=x */
- public void add(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this+=x, where x is int */
- public void inc(int x) {
- norm();
- w[0]+=x;
- }
-
-/* return this.x */
- public BIG minus(BIG x) {
- BIG d=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-
-/* this-=x */
- public void sub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* reverse subtract this=x-this */
- public void rsub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i]-w[i];
- }
-
-/* this-=x where x is int */
- public void dec(int x) {
- norm();
- w[0]-=(long)x;
- }
-
-/* this*=x, where x is small int<NEXCESS */
- public void imul(int c)
- {
- for (int i=0;i<ROM.NLEN;i++) w[i]*=c;
- }
-
-/* convert this BIG to byte array */
- public void tobytearray(byte[] b,int n)
- {
- norm();
- BIG c=new BIG(this);
-
- for (int i=ROM.MODBYTES-1;i>=0;i--)
- {
- b[i+n]=(byte)c.w[0];
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- public static BIG frombytearray(byte[] b,int n)
- {
- BIG m=new BIG(0);
-
- for (int i=0;i<ROM.MODBYTES;i++)
- {
- m.fshl(8); m.w[0]+=(int)b[i+n]&0xff;
- //m.inc((int)b[i]&0xff);
- }
- return m;
- }
-
- public void toBytes(byte[] b)
- {
- tobytearray(b,0);
- }
-
- public static BIG fromBytes(byte[] b)
- {
- return frombytearray(b,0);
- }
-
-
-/* set this[i]+=x*y+c, and return high part */
-
- public long muladd(long a,long b,long c,int i)
- {
- long x0,x1,y0,y1;
- x0=a&ROM.HMASK;
- x1=(a>>ROM.HBITS);
- y0=b&ROM.HMASK;
- y1=(b>>ROM.HBITS);
- long bot=x0*y0;
- long top=x1*y1;
- long mid=x0*y1+x1*y0;
- x0=mid&ROM.HMASK;
- x1=(mid>>ROM.HBITS);
- bot+=x0<<ROM.HBITS; bot+=c; bot+=w[i];
- top+=x1;
- long carry=bot>>ROM.BASEBITS;
- bot&=ROM.MASK;
- top+=carry;
- w[i]=bot;
- return top;
- }
-
-/* this*=x, where x is >NEXCESS */
- public long pmul(int c)
- {
- long ak,carry=0;
- norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- ak=w[i];
- w[i]=0;
- carry=muladd(ak,(long)c,carry,i);
- }
- return carry;
- }
-
-/* this*=c and catch overflow in DBIG */
- public DBIG pxmul(int c)
- {
- DBIG m=new DBIG(0);
- long carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- carry=m.muladd(w[j],(long)c,carry,j);
- m.w[ROM.NLEN]=carry;
- return m;
- }
-
-/* divide by 3 */
- public int div3()
- {
- long ak,base,carry=0;
- norm();
- base=((long)1<<ROM.BASEBITS);
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- ak=(carry*base+w[i]);
- w[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
- }
-
-/* return a*b where result fits in a BIG */
- public static BIG smul(BIG a,BIG b)
- {
- long carry;
- BIG c=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- if (i+j<ROM.NLEN) carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- }
- return c;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(BIG a,BIG b)
- {
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* set x = x mod 2^m */
- public void mod2m(int m)
- {
- int i,wd,bt;
- long msk;
-
- wd=m/ROM.BASEBITS;
- bt=m%ROM.BASEBITS;
- msk=((long)1<<bt)-1;
- w[wd]&=msk;
- for (i=wd+1;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* Arazi and Qi inversion mod 256 */
- public static int invmod256(int a)
- {
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- public void invmod2m()
- {
- int i;
- BIG U=new BIG(0);
- BIG b=new BIG(0);
- BIG c=new BIG(0);;
-
- U.inc(invmod256(lastbits(8)));
-
- for (i=8;i<256;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- BIG t1=BIG.smul(U,b); t1.shr(i);
- c.copy(this); c.shr(i); c.mod2m(i);
-
- BIG t2=BIG.smul(U,c); t2.mod2m(i);
- t1.add(t2);
- b=BIG.smul(t1,U); t1.copy(b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm();
- t1.shl(i);
- U.add(t1);
- }
- this.copy(U);
- }
-
-/* reduce this mod m */
- public void mod(BIG m)
- {
- int k=0;
-
- norm();
- if (comp(this,m)<0) return;
- do
- {
- m.fshl(1);
- k++;
- } while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.fshr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- }
-
-/* divide this by m */
- public void div(BIG m)
- {
- int k=0;
- norm();
- BIG e=new BIG(1);
- BIG b=new BIG(this);
- zero();
-
- while (comp(b,m)>=0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k>0)
- {
- m.fshr(1);
- e.fshr(1);
- if (comp(b,m)>=0)
- {
- add(e);
- norm();
- b.sub(m);
- b.norm();
- }
- k--;
- }
- }
-
-/* return parity */
- public int parity()
- {
- return (int)(w[0]%2);
- }
-
-/* return n-th bit */
- public int bit(int n)
- {
- if ((w[n/ROM.BASEBITS]&((long)1<<(n%ROM.BASEBITS)))>0) return 1;
- else return 0;
- }
-
-/* return n last bits */
- public int lastbits(int n)
- {
- int msk=(1<<n)-1;
- norm();
- return ((int)w[0])&msk;
- }
-
-/* get 8*MODBYTES size random number */
- public static BIG random(RAND rng)
- {
- BIG m=new BIG(0);
- int i,b,j=0,r=0;
-
-/* generate random BIG */
- for (i=0;i<8*ROM.MODBYTES;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- public static BIG randomnum(BIG q,RAND rng)
- {
- DBIG d=new DBIG(0);
- int i,b,j=0,r=0;
- for (i=0;i<2*ROM.MODBITS;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- d.shl(1); d.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- BIG m=d.mod(q);
- return m;
- }
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
- public static int[] nafbits(BIG x,BIG x3,int i)
- {
- int[] n=new int[3];
- int nb=x3.bit(i)-x.bit(i);
- int j;
- n[1]=1;
- n[0]=0;
- if (nb==0) {n[0]=0; return n;}
- if (i==0) {n[0]=nb; return n;}
- if (nb>0) n[0]=1;
- else n[0]=(-1);
-
- for (j=i-1;j>0;j--)
- {
- n[1]++;
- n[0]*=2;
- nb=x3.bit(j)-x.bit(j);
- if (nb>0) n[0]+=1;
- if (nb<0) n[0]-=1;
- if (n[0]>5 || n[0]<-5) break;
- }
-
- if (n[0]%2!=0 && j!=0)
- { /* backtrack */
- if (nb>0) n[0]=(n[0]-1)/2;
- if (nb<0) n[0]=(n[0]+1)/2;
- n[1]--;
- }
- while (n[0]%2==0)
- { /* remove trailing zeros */
- n[0]/=2;
- n[2]++;
- n[1]--;
- }
- return n;
- }
-
-/* return a*b as DBIG */
- public static DBIG mul(BIG a,BIG b)
- {
- DBIG c=new DBIG(0);
- long carry;
- a.norm();
- b.norm();
-
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- c.w[ROM.NLEN+i]=carry;
- }
-
- return c;
- }
-
-/* return a^2 as DBIG */
- public static DBIG sqr(BIG a)
- {
- DBIG c=new DBIG(0);
- long carry;
- a.norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=i+1;j<ROM.NLEN;j++)
- carry=c.muladd(2*a.w[i],a.w[j],carry,i+j);
- c.w[ROM.NLEN+i]=carry;
- }
-
- for (int i=0;i<ROM.NLEN;i++)
- c.w[2*i+1]+=c.muladd(a.w[i],a.w[i],0,2*i);
-
- c.norm();
- return c;
- }
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
- public static BIG mod(DBIG d)
- {
- BIG b;
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- long v,tw;
- BIG t=d.split(ROM.MODBITS);
- b=new BIG(d);
-
- v=t.pmul((int)ROM.MConst);
- tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1]&=ROM.TMASK;
- t.w[0]+=(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
-
- b.add(t);
- b.norm();
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- for (int i=0;i<ROM.NLEN;i++)
- d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1);
-
- b=new BIG(0);
-
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- }
-
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- BIG md=new BIG(ROM.Modulus);
- long m,carry;
- for (int i=0;i<ROM.NLEN;i++)
- {
- if (ROM.MConst==-1) m=(-d.w[i])&ROM.MASK;
- else
- {
- if (ROM.MConst==1) m=d.w[i];
- else m=(ROM.MConst*d.w[i])&ROM.MASK;
- }
-
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- carry=d.muladd(m,md.w[j],carry,i+j);
- d.w[ROM.NLEN+i]+=carry;
- }
-
- b=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- }
-
- return b;
- }
-
-/* return a*b mod m */
- public static BIG modmul(BIG a,BIG b,BIG m)
- {
- a.mod(m);
- b.mod(m);
- DBIG d=mul(a,b);
- return d.mod(m);
- }
-
-/* return a^2 mod m */
- public static BIG modsqr(BIG a,BIG m)
- {
- a.mod(m);
- DBIG d=sqr(a);
- return d.mod(m);
- }
-
-/* return -a mod m */
- public static BIG modneg(BIG a,BIG m)
- {
- a.mod(m);
- return m.minus(a);
- }
-
-/* return this^e mod m */
- public BIG powmod(BIG e,BIG m)
- {
- int bt;
- norm();
- e.norm();
- BIG a=new BIG(1);
- BIG z=new BIG(e);
- BIG s=new BIG(this);
- while (true)
- {
- bt=z.parity();
- z.fshr(1);
- if (bt==1) a=modmul(a,s,m);
- if (z.iszilch()) break;
- s=modsqr(s,m);
- }
- return a;
- }
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- public int jacobi(BIG p)
- {
- int n8,k,m=0;
- BIG t=new BIG(0);
- BIG x=new BIG(0);
- BIG n=new BIG(0);
- BIG zilch=new BIG(0);
- BIG one=new BIG(1);
- if (p.parity()==0 || comp(this,zilch)==0 || comp(p,one)<=0) return 0;
- norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (comp(n,one)>0)
- {
- if (comp(x,zilch)==0) return 0;
- n8=n.lastbits(3);
- k=0;
- while (x.parity()==0)
- {
- k++;
- x.shr(1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(x.lastbits(2)-1)/4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
- }
-
-/* this=1/this mod p. Binary method */
- public void invmodp(BIG p)
- {
- mod(p);
- BIG u=new BIG(this);
-
- BIG v=new BIG(p);
- BIG x1=new BIG(1);
- BIG x2=new BIG(0);
- BIG t=new BIG(0);
- BIG one=new BIG(1);
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr(1);
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()==0)
- {
- v.shr(1);
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0) copy(x1);
- else copy(x2);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/DBIG.java
----------------------------------------------------------------------
diff --git a/java64/DBIG.java b/java64/DBIG.java
deleted file mode 100755
index 02e64ef..0000000
--- a/java64/DBIG.java
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-public class DBIG {
- protected long[] w=new long[ROM.DNLEN];
-
-/* Constructors */
- public DBIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.DNLEN;i++)
- w[i]=0;
- }
-
- public DBIG(DBIG x)
- {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]=x.w[i];
- }
-
- public DBIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=x.get(i);
-
- w[ROM.NLEN-1]=x.get(ROM.NLEN-1)&ROM.MASK; /* top word normalized */
- w[ROM.NLEN]=x.get(ROM.NLEN-1)>>ROM.BASEBITS;
-
- for (int i=ROM.NLEN+1;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* get and set digits of this */
- public long get(int i)
- {
- return w[i];
- }
-
- public void set(int i,long x)
- {
- w[i]=x;
- }
-
- public void inc(int i,long x)
- {
- w[i]+=x;
- }
-
-/* test this=0? */
- public boolean iszilch() {
- for (int i=0;i<ROM.DNLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* normalise this */
- public void norm() {
- long d,carry=0;
- for (int i=0;i<ROM.DNLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- w[ROM.DNLEN-1]=(w[ROM.DNLEN-1]+carry);
- }
-
-/* shift this right by k bits */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.DNLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- w[ROM.DNLEN-m-1]=w[ROM.DNLEN-1]>>n;
- for (int i=ROM.DNLEN-m;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* shift this left by k bits */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<n))|(w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.DNLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.MASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return number of bits in this */
- public int nbits() {
- int bts,k=ROM.DNLEN-1;
- long c;
- norm();
- while (w[k]==0 && k>=0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
-/* convert this to string */
- public String toString() {
- DBIG b;
- String s="";
- int len=nbits();
- if (len%4==0) len>>=2; //len/=4;
- else {len>>=2; len++;}
-
- for (int i=len-1;i>=0;i--)
- {
- b=new DBIG(this);
- b.shr(i*4);
- s+=Long.toHexString(b.w[0]&15);
- }
- return s;
- }
-
-/* return this+x */
-/*
- public DBIG plus(DBIG x) {
- DBIG s=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-*/
-/* return this-x */
-/*
- public DBIG minus(DBIG x) {
- DBIG d=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-*/
-/* this+=x */
- public void add(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this-=x */
- public void sub(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* set this[i]+=x*y+c, and return high part */
-/* This is time critical */
-/* What if you knew the bottom half in advance ?? */
- public long muladd(long a,long b,long c,int i)
- {
- long x0,x1,y0,y1;
- x0=a&ROM.HMASK;
- x1=(a>>ROM.HBITS);
- y0=b&ROM.HMASK;
- y1=(b>>ROM.HBITS);
- long bot=x0*y0;
- long top=x1*y1;
- long mid=x0*y1+x1*y0;
- x0=mid&ROM.HMASK;
- x1=(mid>>ROM.HBITS);
- bot+=x0<<ROM.HBITS; bot+=c; bot+=w[i];
- top+=x1;
- long carry=bot>>ROM.BASEBITS;
- bot&=ROM.MASK;
- top+=carry;
- w[i]=bot;
- return top;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(DBIG a,DBIG b)
- {
- for (int i=ROM.DNLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- public BIG mod(BIG c)
- {
- int k=0;
- norm();
- DBIG m=new DBIG(c);
-
- if (comp(this,m)<0) return new BIG(this);
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return new BIG(this);
- }
-
-/* reduces this DBIG mod a DBIG in place */
-/* public void mod(DBIG m)
- {
- int k=0;
- if (comp(this,m)<0) return;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return;
-
- }*/
-
-/* return this/c */
- public BIG div(BIG c)
- {
- int k=0;
- DBIG m=new DBIG(c);
- BIG a=new BIG(0);
- BIG e=new BIG(1);
- norm();
-
- while (comp(this,m)>=0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k>0)
- {
- m.shr(1);
- e.shr(1);
- if (comp(this,m)>0)
- {
- a.add(e);
- a.norm();
- sub(m);
- norm();
- }
- k--;
- }
- return a;
- }
-
-/* split DBIG at position n, return higher half, keep lower half */
- public BIG split(int n)
- {
- BIG t=new BIG(0);
- int m=n%ROM.BASEBITS;
- long nw,carry=w[ROM.DNLEN-1]<<(ROM.BASEBITS-m);
-
- for (int i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--)
- {
- nw=(w[i]>>m)|carry;
- carry=(w[i]<<(ROM.BASEBITS-m))&ROM.MASK;
- t.set(i-ROM.NLEN+1,nw);
- }
- w[ROM.NLEN-1]&=(((long)1<<m)-1);
- return t;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ECDH.java
----------------------------------------------------------------------
diff --git a/java64/ECDH.java b/java64/ECDH.java
deleted file mode 100755
index 35a9a18..0000000
--- a/java64/ECDH.java
+++ /dev/null
@@ -1,528 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve API high-level functions */
-
-public final class ECDH {
- public static final int INVALID_PUBLIC_KEY=-2;
- public static final int ERROR=-3;
- public static final int INVALID=-4;
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int EAS=AES.KS;
- public static final int EBS=AES.BS;
-
-/* Convert Integer to n-byte array */
- private static byte[] inttoBytes(int n,int len)
- {
- int i;
- byte[] b=new byte[len];
-
- for (i=0;i<len;i++) b[i]=0;
- i=len;
- while (n>0 && i>0)
- {
- i--;
- b[i]=(byte)(n&0xff);
- n/=256;
- }
- return b;
- }
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
- public static byte[] KDF1(byte[] Z,int olen)
- {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] K=new byte[olen];
-
- byte[] B;
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); if (counter>0) H.process_num(counter);
- B=H.hash();
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- }
-
- public static byte[] KDF2(byte[] Z,byte[] P,int olen)
- {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] K=new byte[olen];
-
- byte[] B=new byte[hlen];
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=1;counter<=cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter); H.process_array(P);
- B=H.hash();
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- }
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
- public static byte[] PBKDF2(byte[] Pass,byte[] Salt,int rep,int olen)
- {
- int i,j,k,len,d,opt;
- d=olen/32; if (olen%32!=0) d++;
- byte[] F=new byte[EFS];
- byte[] U=new byte[EFS];
- byte[] S=new byte[Salt.length+4];
-
- byte[] K=new byte[d*EFS];
- opt=0;
-
- for (i=1;i<=d;i++)
- {
- for (j=0;j<Salt.length;j++) S[j]=Salt[j];
- byte[] N=inttoBytes(i,4);
- for (j=0;j<4;j++) S[Salt.length+j]=N[j];
-
- HMAC(S,Pass,F);
-
- for (j=0;j<EFS;j++) U[j]=F[j];
- for (j=2;j<=rep;j++)
- {
- HMAC(U,Pass,U);
- for (k=0;k<EFS;k++) F[k]^=U[k];
- }
- for (j=0;j<EFS;j++) K[opt++]=F[j];
- }
- byte[] key=new byte[olen];
- for (i=0;i<olen;i++) key[i]=K[i];
- return key;
- }
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
- public static int HMAC(byte[] M,byte[] K,byte[] tag)
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int b;
- byte[] B;
- byte[] K0=new byte[64];
- int olen=tag.length;
-
- b=K0.length;
- if (olen<4 || olen>HASH.len) return 0;
-
- for (int i=0;i<b;i++) K0[i]=0;
-
- HASH H=new HASH();
-
- if (K.length > b)
- {
- H.process_array(K); B=H.hash();
- for (int i=0;i<32;i++) K0[i]=B[i];
- }
- else
- for (int i=0;i<K.length;i++ ) K0[i]=K[i];
-
- for (int i=0;i<b;i++) K0[i]^=0x36;
- H.process_array(K0); H.process_array(M); B=H.hash();
-
- for (int i=0;i<b;i++) K0[i]^=0x6a;
- H.process_array(K0); H.process_array(B); B=H.hash();
-
- for (int i=0;i<olen;i++) tag[i]=B[i];
-
- return 1;
- }
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
- public static byte[] AES_CBC_IV0_ENCRYPT(byte[] K,byte[] M)
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- AES a=new AES();
- boolean fin;
- int i,j,ipt,opt;
- byte[] buff=new byte[16];
- int clen=16+(M.length/16)*16;
-
- byte[] C=new byte[clen];
- int padlen;
-
- a.init(AES.CBC,K,null);
-
- ipt=opt=0;
- fin=false;
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- if (ipt<M.length) buff[i]=M[ipt++];
- else {fin=true; break;}
- }
- if (fin) break;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- }
-
-/* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i;j<16;j++) buff[j]=(byte)padlen;
-
- a.encrypt(buff);
-
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- a.end();
- return C;
- }
-
-/* returns plaintext if all consistent, else returns null string */
- public static byte[] AES_CBC_IV0_DECRYPT(byte[] K,byte[] C)
- { /* padding is removed */
- AES a=new AES();
- int i,ipt,opt,ch;
- byte[] buff=new byte[16];
- byte[] MM=new byte[C.length];
- boolean fin,bad;
- int padlen;
- ipt=opt=0;
-
- a.init(AES.CBC,K,null);
-
- if (C.length==0) return new byte[0];
- ch=C[ipt++];
-
- fin=false;
-
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- buff[i]=(byte)ch;
- if (ipt>=C.length) {fin=true; break;}
- else ch=C[ipt++];
- }
- a.decrypt(buff);
- if (fin) break;
- for (i=0;i<16;i++)
- MM[opt++]=buff[i];
- }
-
- a.end();
- bad=false;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=true;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=true;
-
- if (!bad) for (i=0;i<16-padlen;i++)
- MM[opt++]=buff[i];
-
- if (bad) return new byte[0];
-
- byte[] M=new byte[opt];
- for (i=0;i<opt;i++) M[i]=MM[i];
-
- return M;
- }
-
-/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
- public static int KEY_PAIR_GENERATE(RAND RNG,byte[] S,byte[] W)
- {
- BIG r,gx,gy,s,wx,wy;
- ECP G,WP;
- int res=0;
- byte[] T=new byte[EFS];
-
- gx=new BIG(ROM.CURVE_Gx);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- gy=new BIG(ROM.CURVE_Gy);
- G=new ECP(gx,gy);
- }
- else
- G=new ECP(gx);
-
- r=new BIG(ROM.CURVE_Order);
-
- if (RNG==null)
- {
- s=BIG.fromBytes(S);
- }
- else
- {
- s=BIG.randomnum(r,RNG);
-
- s.toBytes(T);
- for (int i=0;i<EGS;i++) S[i]=T[i];
- }
-
- WP=G.mul(s);
- WP.toBytes(W);
-
- return res;
- }
-
-/* validate public key. Set full=true for fuller check */
- public static int PUBLIC_KEY_VALIDATE(boolean full,byte[] W)
- {
- BIG r;
- ECP WP=ECP.fromBytes(W);
- int res=0;
-
- r=new BIG(ROM.CURVE_Order);
-
- if (WP.is_infinity()) res=INVALID_PUBLIC_KEY;
- if (res==0 && full)
- {
- WP=WP.mul(r);
- if (!WP.is_infinity()) res=INVALID_PUBLIC_KEY;
- }
- return res;
- }
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
- public static int ECPSVDP_DH(byte[] S,byte[] WD,byte[] Z)
- {
- BIG r,s,wx,wy,z;
- int valid;
- ECP W;
- int res=0;
- byte[] T=new byte[EFS];
-
- s=BIG.fromBytes(S);
-
- W=ECP.fromBytes(WD);
- if (W.is_infinity()) res=ERROR;
-
- if (res==0)
- {
- r=new BIG(ROM.CURVE_Order);
- s.mod(r);
- W=W.mul(s);
- if (W.is_infinity()) res=ERROR;
- else
- {
- W.getX().toBytes(T);
- for (int i=0;i<EFS;i++) Z[i]=T[i];
- }
- }
- return res;
- }
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
- public static int ECPSP_DSA(RAND RNG,byte[] S,byte[] F,byte[] C,byte[] D)
- {
- byte[] T=new byte[EFS];
- BIG gx,gy,r,s,f,c,d,u,vx;
- ECP G,V;
-
- HASH H=new HASH();
- H.process_array(F);
- byte[] B=H.hash();
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- s=BIG.fromBytes(S);
- f=BIG.fromBytes(B);
-
- c=new BIG(0);
- d=new BIG(0);
- V=new ECP();
-
- do {
- u=BIG.randomnum(r,RNG);
-
- V.copy(G);
- V=V.mul(u);
- vx=V.getX();
- c.copy(vx);
- c.mod(r);
- if (c.iszilch()) continue;
- u.invmodp(r);
- d.copy(BIG.modmul(s,c,r));
- d.add(f);
- d.copy(BIG.modmul(u,d,r));
- } while (d.iszilch());
-
- c.toBytes(T);
- for (int i=0;i<EFS;i++) C[i]=T[i];
- d.toBytes(T);
- for (int i=0;i<EFS;i++) D[i]=T[i];
- return 0;
- }
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
- public static int ECPVP_DSA(byte[] W,byte[] F, byte[] C,byte[] D)
- {
- BIG r,gx,gy,f,c,d,h2;
- int res=0;
- ECP G,WP,P;
- int valid;
-
- HASH H=new HASH();
- H.process_array(F);
- byte[] B=H.hash();
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- c=BIG.fromBytes(C);
- d=BIG.fromBytes(D);
- f=BIG.fromBytes(B);
-
- if (c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0)
- res=INVALID;
-
- if (res==0)
- {
- d.invmodp(r);
- f.copy(BIG.modmul(f,d,r));
- h2=BIG.modmul(c,d,r);
-
- WP=ECP.fromBytes(W);
- if (WP.is_infinity()) res=ERROR;
- else
- {
- P=new ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if (P.is_infinity()) res=INVALID;
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c)!=0) res=INVALID;
- }
- }
- }
-
- return res;
- }
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
- public static byte[] ECIES_ENCRYPT(byte[] P1,byte[] P2,RAND RNG,byte[] W,byte[] M,byte[] V,byte[] T)
- {
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] U=new byte[EGS];
-
- if (KEY_PAIR_GENERATE(RNG,U,V)!=0) return new byte[0];
- if (ECPSVDP_DH(U,W,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
-
- byte[] K=KDF2(VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] C=AES_CBC_IV0_ENCRYPT(K1,M);
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(AC,K2,T);
-
- return C;
- }
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
- public static byte[] ECIES_DECRYPT(byte[] P1,byte[] P2,byte[] V,byte[] C,byte[] T,byte[] U)
- {
-
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] TAG=new byte[T.length];
-
- if (ECPSVDP_DH(U,V,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
- byte[] K=KDF2(VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] M=AES_CBC_IV0_DECRYPT(K1,C);
-
- if (M.length==0) return M;
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
-
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(AC,K2,TAG);
-
- boolean same=true;
- for (i=0;i<T.length;i++) if (T[i]!=TAG[i]) same=false;
- if (!same) return new byte[0];
-
- return M;
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ECP.java
----------------------------------------------------------------------
diff --git a/java64/ECP.java b/java64/ECP.java
deleted file mode 100755
index 01db5d8..0000000
--- a/java64/ECP.java
+++ /dev/null
@@ -1,929 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve Point class */
-
-public final class ECP {
- private FP x;
- private FP y;
- private FP z;
- private boolean INF;
-
-/* Constructor - set to O */
- public ECP() {
- INF=true;
- x=new FP(0);
- y=new FP(1);
- z=new FP(1);
- }
-/* test for O point-at-infinity */
- public boolean is_infinity() {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.reduce(); y.reduce(); z.reduce();
- return (x.iszilch() && y.equals(z));
- }
- else return INF;
- }
-/* Conditional swap of P and Q dependant on d */
- private void cswap(ECP Q,int d)
- {
- x.cswap(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cswap(Q.y,d);
- z.cswap(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- bd=bd&(INF^Q.INF);
- INF^=bd;
- Q.INF^=bd;
- }
- }
-
-/* Conditional move of Q to P dependant on d */
- private void cmove(ECP Q,int d)
- {
- x.cmove(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cmove(Q.y,d);
- z.cmove(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- INF^=(INF^Q.INF)&bd;
- }
- }
-
-/* return 1 if b==c, no branching */
- private static int teq(int b,int c)
- {
- int x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
- }
-
-/* Constant time select from pre-computed table */
- private void select(ECP W[],int b)
- {
- ECP MP=new ECP();
- int m=b>>31;
- int babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m&1));
- }
-
-
-/* Test P == Q */
- public boolean equals(ECP Q) {
- if (is_infinity() && Q.is_infinity()) return true;
- if (is_infinity() || Q.is_infinity()) return false;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP zs2=new FP(z); zs2.sqr();
- FP zo2=new FP(Q.z); zo2.sqr();
- FP zs3=new FP(zs2); zs3.mul(z);
- FP zo3=new FP(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.equals(zo3)) return false;
- }
- else
- {
- FP a=new FP(0);
- FP b=new FP(0);
- a.copy(x); a.mul(Q.z); a.reduce();
- b.copy(Q.x); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- a.copy(y); a.mul(Q.z); a.reduce();
- b.copy(Q.y); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- }
- }
- return true;
- }
-
-/* this=P */
- public void copy(ECP P)
- {
- x.copy(P.x);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(P.y);
- z.copy(P.z);
- INF=P.INF;
- }
-/* this=-this */
- public void neg() {
- if (is_infinity()) return;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- y.neg(); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.neg(); x.reduce();
- }
- return;
- }
-/* set this=O */
- public void inf() {
- INF=true;
- x.zero();
- y.one();
- z.one();
- // y=new FP(1);
- // z=new FP(1);
- }
-
-/* Calculate RHS of curve equation */
- public static FP RHS(FP x) {
- x.norm();
- FP r=new FP(x);
- r.sqr();
-
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- { // x^3+Ax+B
- FP b=new FP(new BIG(ROM.CURVE_B));
- r.mul(x);
- if (ROM.CURVE_A==-3)
- {
- FP cx=new FP(x);
- cx.imul(3);
- cx.neg(); cx.norm();
- r.add(cx);
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- FP b=new FP(new BIG(ROM.CURVE_B));
-
- FP one=new FP(1);
- b.mul(r);
- b.sub(one);
- if (ROM.CURVE_A==-1) r.neg();
- r.sub(one);
-
- b.inverse();
-
- r.mul(b);
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { // x^3+Ax^2+x
- FP x3=new FP(0);
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
- }
-
-/* set (x,y) from two BIGs */
- public ECP(BIG ix,BIG iy) {
- x=new FP(ix);
- y=new FP(iy);
- z=new FP(1);
- FP rhs=RHS(x);
-
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- if (rhs.jacobi()==1) INF=false;
- else inf();
- }
- else
- {
- FP y2=new FP(y);
- y2.sqr();
- if (y2.equals(rhs)) INF=false;
- else inf();
- }
- }
-/* set (x,y) from BIG and a bit */
- public ECP(BIG ix,int s) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- FP ny=rhs.sqrt();
- if (ny.redc().parity()!=s) ny.neg();
- y.copy(ny);
- INF=false;
- }
- else inf();
- }
-
-/* set from x - calculate y from curve equation */
- public ECP(BIG ix) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(rhs.sqrt());
- INF=false;
- }
- else INF=true;
- }
-
-/* set to affine - from (x,y,z) to (x,y) */
- public void affine() {
- if (is_infinity()) return;
- FP one=new FP(1);
- if (z.equals(one)) return;
- z.inverse();
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP z2=new FP(z);
- z2.sqr();
- x.mul(z2); x.reduce();
- y.mul(z2);
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.mul(z); x.reduce();
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- x.mul(z); x.reduce();
- }
- z.copy(one);
- }
-/* extract x as a BIG */
- public BIG getX()
- {
- affine();
- return x.redc();
- }
-/* extract y as a BIG */
- public BIG getY()
- {
- affine();
- return y.redc();
- }
-
-/* get sign of Y */
- public int getS()
- {
- affine();
- BIG y=getY();
- return y.parity();
- }
-/* extract x as an FP */
- public FP getx()
- {
- return x;
- }
-/* extract y as an FP */
- public FP gety()
- {
- return y;
- }
-/* extract z as an FP */
- public FP getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) b[0]=0x04;
- else b[0]=0x02;
-
- affine();
- x.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+1]=t[i];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- y.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+ROM.MODBYTES+1]=t[i];
- }
- }
-/* convert from byte array to point */
- public static ECP fromBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- BIG p=new BIG(ROM.Modulus);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+1];
- BIG px=BIG.fromBytes(t);
- if (BIG.comp(px,p)>=0) return new ECP();
-
- if (b[0]==0x04)
- {
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES+1];
- BIG py=BIG.fromBytes(t);
- if (BIG.comp(py,p)>=0) return new ECP();
- return new ECP(px,py);
- }
- else return new ECP(px);
- }
-/* convert to hex string */
- public String toString() {
- if (is_infinity()) return "infinity";
- affine();
- if (ROM.CURVETYPE==ROM.MONTGOMERY) return "("+x.redc().toString()+")";
- else return "("+x.redc().toString()+","+y.redc().toString()+")";
- }
-/* this*=2 */
- public void dbl() {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF) return;
- if (y.iszilch())
- {
- inf();
- return;
- }
-
- FP w1=new FP(x);
- FP w6=new FP(z);
- FP w2=new FP(0);
- FP w3=new FP(x);
- FP w8=new FP(x);
-
- if (ROM.CURVE_A==-3)
- {
- w6.sqr();
- w1.copy(w6);
- w1.neg();
- w3.add(w1);
- w8.add(w6);
- w3.mul(w8);
- w8.copy(w3);
- w8.imul(3);
- }
- else
- {
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
- }
-
- w2.copy(y); w2.sqr();
- w3.copy(x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
- // w1.norm();
-
- x.copy(w8); x.sqr();
- x.add(w1);
- x.add(w1);
- // x.reduce();
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8); y.mul(w3);
- // w2.norm();
- y.sub(w2);
- // y.reduce();
- // z.reduce();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP C=new FP(x);
- FP D=new FP(y);
- FP H=new FP(z);
- FP J=new FP(0);
-
- x.mul(y); x.add(x);
- C.sqr();
- D.sqr();
- if (ROM.CURVE_A==-1) C.neg();
- y.copy(C); y.add(D);
- // y.norm();
- H.sqr(); H.add(H);
- z.copy(y);
- J.copy(y); J.sub(H);
- x.mul(J);
- C.sub(D);
- y.mul(C);
- z.mul(J);
-
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- FP A=new FP(x);
- FP B=new FP(x);
- FP AA=new FP(0);
- FP BB=new FP(0);
- FP C=new FP(0);
-
- if (INF) return;
-
- A.add(z);
- AA.copy(A); AA.sqr();
- B.sub(z);
- BB.copy(B); BB.sqr();
- C.copy(AA); C.sub(BB);
- // C.norm();
-
- x.copy(AA); x.mul(BB);
-
- A.copy(C); A.imul((ROM.CURVE_A+2)/4);
-
- BB.add(A);
- z.copy(BB); z.mul(C);
- // x.reduce();
- // z.reduce();
- x.norm();
- z.norm();
- }
- return;
- }
-
-/* this+=Q */
- public void add(ECP Q) {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF)
- {
- copy(Q);
- return;
- }
- if (Q.INF) return;
-
- boolean aff=false;
-
- FP one=new FP(1);
- if (Q.z.equals(one)) aff=true;
-
- FP A,C;
- FP B=new FP(z);
- FP D=new FP(z);
- if (!aff)
- {
- A=new FP(Q.z);
- C=new FP(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A=new FP(x);
- C=new FP(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return;
- }
- else
- {
- INF=true;
- return;
- }
- }
-
- if (!aff) z.mul(Q.z);
- z.mul(B);
-
- FP e=new FP(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- x.copy(D); x.sqr(); x.sub(e);
-
- A.sub(x);
- y.copy(A); y.mul(D);
- C.mul(B); y.sub(C);
-
- // x.reduce();
- // y.reduce();
- // z.reduce();
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP b=new FP(new BIG(ROM.CURVE_B));
- FP A=new FP(z);
- FP B=new FP(0);
- FP C=new FP(x);
- FP D=new FP(y);
- FP E=new FP(0);
- FP F=new FP(0);
- FP G=new FP(0);
- // FP H=new FP(0);
- // FP I=new FP(0);
-
- A.mul(Q.z);
- B.copy(A); B.sqr();
- C.mul(Q.x);
- D.mul(Q.y);
-
- E.copy(C); E.mul(D); E.mul(b);
- F.copy(B); F.sub(E);
- G.copy(B); G.add(E);
- C.add(D);
-
- if (ROM.CURVE_A==1)
- {
- E.copy(D); D.sub(C);
- }
-
- B.copy(x); B.add(y);
- D.copy(Q.x); D.add(Q.y);
- B.mul(D);
- B.sub(C);
- B.mul(F);
- x.copy(A); x.mul(B);
-
- if (ROM.CURVE_A==1)
- {
- C.copy(E); C.mul(G);
- }
- if (ROM.CURVE_A==-1)
- {
- C.mul(G);
- }
- y.copy(A); y.mul(C);
- z.copy(F); z.mul(G);
- // x.reduce(); y.reduce(); z.reduce();
- x.norm(); y.norm(); z.norm();
- }
- return;
- }
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- public void dadd(ECP Q,ECP W) {
- FP A=new FP(x);
- FP B=new FP(x);
- FP C=new FP(Q.x);
- FP D=new FP(Q.x);
- FP DA=new FP(0);
- FP CB=new FP(0);
-
- A.add(z);
- B.sub(z);
-
- C.add(Q.z);
- D.sub(Q.z);
-
- DA.copy(D); DA.mul(A);
- CB.copy(C); CB.mul(B);
-
- A.copy(DA); A.add(CB); A.sqr();
- B.copy(DA); B.sub(CB); B.sqr();
-
- x.copy(A);
- z.copy(W.x); z.mul(B);
-
- if (z.iszilch()) inf();
- else INF=false;
-
- // x.reduce();
- x.norm();
- }
-/* this-=Q */
- public void sub(ECP Q) {
- Q.neg();
- add(Q);
- Q.neg();
- }
-
- public static void multiaffine(int m,ECP[] P)
- {
- int i;
- FP t1=new FP(0);
- FP t2=new FP(0);
-
- FP[] work=new FP[m];
-
- for (i=0;i<m;i++)
- work[i]=new FP(0);
-
- work[0].one();
- work[1].copy(P[0].z);
-
- for (i=2;i<m;i++)
- {
- work[i].copy(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* constant time multiply by small integer of length bts - use ladder */
- public ECP pinmul(int e,int bts) {
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- return this.mul(new BIG(e));
- else
- {
- int nb,i,b;
- ECP P=new ECP();
- ECP R0=new ECP();
- ECP R1=new ECP(); R1.copy(this);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- }
-
-/* return e.this */
-
- public ECP mul(BIG e) {
- if (e.iszilch() || is_infinity()) return new ECP();
- ECP P=new ECP();
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
-/* use Ladder */
- int nb,i,b;
- ECP D=new ECP();
- ECP R0=new ECP(); R0.copy(this);
- ECP R1=new ECP(); R1.copy(this);
- R1.dbl();
- D.copy(this); D.affine();
- nb=e.nbits();
- for (i=nb-2;i>=0;i--)
- {
- b=e.bit(i);
- P.copy(R1);
- P.dadd(R0,D);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- }
- else
- {
-// fixed size windows
- int i,b,nb,m,s,ns;
- BIG mt=new BIG();
- BIG t=new BIG();
- ECP Q=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4];
-
- affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+(t.nbits()+3)/4;
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(byte)(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=(byte)t.lastbits(5);
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C); /* apply correction */
- }
- P.affine();
- return P;
- }
-/* Return e.this+f.Q */
-
- public ECP mul2(BIG e,ECP Q,BIG f) {
- BIG te=new BIG();
- BIG tf=new BIG();
- BIG mt=new BIG();
- ECP S=new ECP();
- ECP T=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+1)/2];
- int i,s,ns,nb;
- byte a,b;
-
- affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
- W[1]=new ECP(); W[1].copy(this); W[1].sub(Q);
- W[2]=new ECP(); W[2].copy(this); W[2].add(Q);
- S.copy(Q); S.dbl();
- W[0]=new ECP(); W[0].copy(W[1]); W[0].sub(S);
- W[3]=new ECP(); W[3].copy(W[2]); W[3].add(S);
- T.copy(this); T.dbl();
- W[5]=new ECP(); W[5].copy(W[1]); W[5].add(T);
- W[6]=new ECP(); W[6].copy(W[2]); W[6].add(T);
- W[4]=new ECP(); W[4].copy(W[5]); W[4].sub(S);
- W[7]=new ECP(); W[7].copy(W[6]); W[7].add(S);
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s=te.parity();
- te.inc(1); te.norm(); ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm();
- te.cmove(mt,s);
- T.cmove(this,ns);
- C.copy(T);
-
- s=tf.parity();
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm();
- tf.cmove(mt,s);
- S.cmove(Q,ns);
- C.add(S);
-
- mt.copy(te); mt.add(tf); mt.norm();
- nb=1+(mt.nbits()+1)/2;
-
-// convert exponent to signed 2-bit window
- for (i=0;i<nb;i++)
- {
- a=(byte)(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- b=(byte)(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=(byte)(4*a+b);
- }
- w[nb]=(byte)(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-/*
- public static void main(String[] args) {
-
- BIG Gx=new BIG(ROM.CURVE_Gx);
- BIG Gy;
- ECP P;
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) Gy=new BIG(ROM.CURVE_Gy);
- BIG r=new BIG(ROM.CURVE_Order);
-
- //r.dec(7);
-
- System.out.println("Gx= "+Gx.toString());
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) System.out.println("Gy= "+Gy.toString());
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) P=new ECP(Gx,Gy);
- else P=new ECP(Gx);
-
- System.out.println("P= "+P.toString());
-
- ECP R=P.mul(r);
- //for (int i=0;i<10000;i++)
- // R=P.mul(r);
-
- System.out.println("R= "+R.toString());
- } */
-}
-
[17/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/README.md
----------------------------------------------------------------------
diff --git a/js/tests/README.md b/js/tests/README.md
deleted file mode 100644
index 477e136..0000000
--- a/js/tests/README.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# JavaScript tests
-
-## Description
-
-These tests read test vector files that have been generated from the C code
-implementation of MPin. There are two test vector files; BNCX.json for three pass
-and BNCSOnePass.json for one pass. The only curve tested in BNCX.
-
-### Dependencies
-
-Install the following node.js modules to run the tests
-
-npm install assert
-npm install fs
-npm install crypto
-
-### Configuration
-
-If required set DEBUG = true in config.js to enable more verbose output.
-
-### Run tests
-
-./run_test.sh
-
-To run individual tests look inside the script for guidance.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/config.js
----------------------------------------------------------------------
diff --git a/js/tests/config.js b/js/tests/config.js
deleted file mode 100755
index 818bdc1..0000000
--- a/js/tests/config.js
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-var DEBUG = false;
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/find_duplicates.py
----------------------------------------------------------------------
diff --git a/js/tests/find_duplicates.py b/js/tests/find_duplicates.py
deleted file mode 100755
index f9c6772..0000000
--- a/js/tests/find_duplicates.py
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-
-
-"""
- Find any duplicates in a list of x values
-"""
-
-import sys
-import json
-import json
-
-values = json.load(open("./randomX.json", "r"))
-s = set()
-for x in values:
- if x in s:
- print "TEST FAILED"
- sys.exit(1)
- else:
- s.add(x)
-print "TEST PASSED"
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/run_test.sh
----------------------------------------------------------------------
diff --git a/js/tests/run_test.sh b/js/tests/run_test.sh
deleted file mode 100755
index c6415f1..0000000
--- a/js/tests/run_test.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-# javascript tests
-#
-# This script runs tests that compares the js
-# with the expected output from the c code
-#
-# usage: ./run_test.sh
-
-output_file="log.txt"
-if [[ -f "$output_file" ]]
-then
- echo "rm $output_file"
- rm $output_file
-fi
-
-ln -s BNCX.json testVectors.json
-ln -s BNCXOnePass.json testVectorsOnePass.json
-
-echo "cp ../MPIN.js ."
-cp ../MPIN.js .
-sed -i 's/var MPIN/MPIN/' MPIN.js
-
-echo "TEST 1: node test_add_shares.js"
-echo "TEST 1: node test_add_shares.js" > $output_file
-node test_add_shares.js >> $output_file 2>&1
-
-echo "TEST 2: node test_token.js"
-echo "TEST 2: node test_token.js" >> $output_file
-node test_token.js >> $output_file 2>&1
-
-echo "TEST 3: node test_pass1.js"
-echo "TEST 3: node test_pass1.js" >> $output_file
-node test_pass1.js >> $output_file 2>&1
-
-echo "TEST 4: node test_pass2.js"
-echo "TEST 4: node test_pass2.js" >> $output_file
-node test_pass2.js >> $output_file 2>&1
-
-echo "TEST 5: node test_randomX.js"
-echo "TEST 5: node test_randomX.js" >> $output_file
-node test_randomX.js >> $output_file 2>&1
-./find_duplicates.py >> $output_file 2>&1
-
-echo "TEST 6: node test_sha256.js"
-echo "TEST 6: node test_sha265.js" >> $output_file
-node test_sha256.js >> $output_file 2>&1
-
-echo "TEST 7: node test_onepass.js"
-echo "TEST 7: node test_onepass.js" >> $output_file
-node test_onepass.js >> $output_file 2>&1
-
-error=$(grep -i error "${output_file}" )
-if [[ -n "$error" ]]; then
- echo "ERROR. Please review ${output_file}"
- exit 1
-fi
-
-failed=$(grep FAILED "${output_file}" )
-if [[ -n "$failed" ]]; then
- echo "A TEST HAS FAILED. Please review ${output_file}"
- echo "A TEST HAS FAILED. Please review ${output_file}" >> $output_file
-else
- echo "ALL TESTS PASSED"
- echo "ALL TESTS PASSED" >> $output_file
-fi
-
-rm testVectors.json
-rm testVectorsOnePass.json
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/test_add_shares.js
----------------------------------------------------------------------
diff --git a/js/tests/test_add_shares.js b/js/tests/test_add_shares.js
deleted file mode 100755
index 8d97ac6..0000000
--- a/js/tests/test_add_shares.js
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-console.log("Testing addition of shares");
-var assert = require('assert');
-var fs = require('fs');
-
-// Javascript files from the PIN pad are included here:
-eval(fs.readFileSync('../DBIG.js')+'');
-eval(fs.readFileSync('../BIG.js')+'');
-eval(fs.readFileSync('../FP.js')+'');
-eval(fs.readFileSync('../ROM.js')+'');
-eval(fs.readFileSync('../HASH.js')+'');
-eval(fs.readFileSync('../RAND.js')+'');
-eval(fs.readFileSync('../AES.js')+'');
-eval(fs.readFileSync('../GCM.js')+'');
-eval(fs.readFileSync('../ECP.js')+'');
-eval(fs.readFileSync('../FP2.js')+'');
-eval(fs.readFileSync('../ECP2.js')+'');
-eval(fs.readFileSync('../FP4.js')+'');
-eval(fs.readFileSync('../FP12.js')+'');
-eval(fs.readFileSync('../PAIR.js')+'');
-eval(fs.readFileSync('./MPIN.js')+'');
-eval(fs.readFileSync('../MPINAuth.js')+'');
-
-// Configuration file
-eval(fs.readFileSync('./config.js')+'');
-
-// Load test vectors
-var vectors = require('./testVectors.json');
-
-// Turn on DEBUG mode in MPINAuth
-MPINAuth.DEBUG = DEBUG;
-
-for(var vector in vectors)
- {
- console.log("Test "+vectors[vector].test_no);
- // Client secrets
- if (DEBUG){console.log("CS1 "+vectors[vector].CS1);}
- if (DEBUG){console.log("CS2 "+vectors[vector].CS2);}
- if (DEBUG){console.log("CLIENT_SECRET "+vectors[vector].CLIENT_SECRET);}
- var client_secret = MPINAuth.addShares(vectors[vector].CS1, vectors[vector].CS2);
- if (DEBUG){console.log("client_secret "+client_secret);}
- try
- {
- assert.equal(client_secret, vectors[vector].CLIENT_SECRET, "Client Secret Addition failed");
- }
- catch(err)
- {
- txt="Error description: " + err.message;
- console.error(txt);
- console.log("TEST FAILED");
- return;
- }
- // Time permits
- if (DEBUG){console.log("TP1 "+vectors[vector].TP1);}
- if (DEBUG){console.log("TP2 "+vectors[vector].TP2);}
- if (DEBUG){console.log("TIME_PERMIT "+vectors[vector].TIME_PERMIT);}
- var time_permit = MPINAuth.addShares(vectors[vector].TP1, vectors[vector].TP2);
- if (DEBUG){console.log("time_permit "+time_permit);}
- try
- {
- assert.equal(time_permit, vectors[vector].TIME_PERMIT, "Time Permit Addition failed");
- }
- catch(err)
- {
- txt="Error description: " + err.message;
- console.error(txt);
- console.log("TEST FAILED");
- return;
- }
- }
-console.log("TEST PASSED");
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/test_onepass.js
----------------------------------------------------------------------
diff --git a/js/tests/test_onepass.js b/js/tests/test_onepass.js
deleted file mode 100755
index 6304cdb..0000000
--- a/js/tests/test_onepass.js
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-console.log("Testing client request generation");
-var assert = require('assert');
-var fs = require('fs');
-
-// Javascript files from the PIN pad are included here:
-eval(fs.readFileSync('../DBIG.js')+'');
-eval(fs.readFileSync('../BIG.js')+'');
-eval(fs.readFileSync('../FP.js')+'');
-eval(fs.readFileSync('../ROM.js')+'');
-eval(fs.readFileSync('../HASH.js')+'');
-eval(fs.readFileSync('../RAND.js')+'');
-eval(fs.readFileSync('../AES.js')+'');
-eval(fs.readFileSync('../GCM.js')+'');
-eval(fs.readFileSync('../ECP.js')+'');
-eval(fs.readFileSync('../FP2.js')+'');
-eval(fs.readFileSync('../ECP2.js')+'');
-eval(fs.readFileSync('../FP4.js')+'');
-eval(fs.readFileSync('../FP12.js')+'');
-eval(fs.readFileSync('../PAIR.js')+'');
-eval(fs.readFileSync('./MPIN.js')+'');
-eval(fs.readFileSync('../MPINAuth.js')+'');
-
-// Configuration file
-eval(fs.readFileSync('./config.js')+'');
-
-// Load test vectors
-var vectors = require('./testVectorsOnePass.json');
-
-// Set OTP switch
-var requestOTP = 1;
-// Set WID
-var accessNumber = 123456;
-
-// Turn on DEBUG mode in MPINAuth
-MPINAuth.DEBUG = DEBUG;
-
-var RAW=[];
-for (i=0;i<100;i++) RAW[i]=i;
-var RAW_hex = MPIN.bytestostring(RAW);
-
-// Initiaize RNG
-MPINAuth.initializeRNG(RAW_hex);
-
-for(var vector in vectors)
- {
- console.log("Test "+vectors[vector].test_no);
- if (DEBUG){console.log("MPIN_ID_HEX "+vectors[vector].MPIN_ID_HEX);}
- if (DEBUG){console.log("TIME_PERMIT "+vectors[vector].TIME_PERMIT);}
- if (DEBUG){console.log("TOKEN "+vectors[vector].TOKEN);}
- if (DEBUG){console.log("PIN2 "+vectors[vector].PIN2);}
- if (DEBUG){console.log("X "+vectors[vector].X);}
- if (DEBUG){console.log("Y "+vectors[vector].Y);}
- if (DEBUG){console.log("U "+vectors[vector].U);}
- if (DEBUG){console.log("UT "+vectors[vector].UT);}
- if (DEBUG){console.log("TimeValue "+vectors[vector].TimeValue);}
- if (DEBUG){console.log("DATE "+vectors[vector].DATE);}
- if (DEBUG){console.log("SEC "+vectors[vector].SEC);}
- var passSingle = MPINAuth.passRequest(vectors[vector].MPIN_ID_HEX, vectors[vector].TOKEN, vectors[vector].TIME_PERMIT, vectors[vector].PIN2, requestOTP, accessNumber, vectors[vector].DATE, vectors[vector].TimeValue, vectors[vector].X);
- if (DEBUG){console.dir("passSingle "+passSingle);}
- try
- {
- if (!vectors[vector].DATE){assert.equal(passSingle.U, vectors[vector].U, "U generation failed");}
- assert.equal(passSingle.UT, vectors[vector].UT, "UT generation failed");
- assert.equal(passSingle.V, vectors[vector].SEC, "V generation failed");
- }
- catch(err)
- {
- txt="Error description: " + err.message;
- console.error(txt);
- var cur_date = new Date();
- console.log("TEST FAILED: "+cur_date.toISOString());
- return;
- }
- }
-console.log("TEST PASSED");
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/test_pass1.js
----------------------------------------------------------------------
diff --git a/js/tests/test_pass1.js b/js/tests/test_pass1.js
deleted file mode 100755
index 5258087..0000000
--- a/js/tests/test_pass1.js
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-console.log("Testing pass one request generation");
-var assert = require('assert');
-var fs = require('fs');
-
-// Javascript files from the PIN pad are included here:
-eval(fs.readFileSync('../DBIG.js')+'');
-eval(fs.readFileSync('../BIG.js')+'');
-eval(fs.readFileSync('../FP.js')+'');
-eval(fs.readFileSync('../ROM.js')+'');
-eval(fs.readFileSync('../HASH.js')+'');
-eval(fs.readFileSync('../RAND.js')+'');
-eval(fs.readFileSync('../AES.js')+'');
-eval(fs.readFileSync('../GCM.js')+'');
-eval(fs.readFileSync('../ECP.js')+'');
-eval(fs.readFileSync('../FP2.js')+'');
-eval(fs.readFileSync('../ECP2.js')+'');
-eval(fs.readFileSync('../FP4.js')+'');
-eval(fs.readFileSync('../FP12.js')+'');
-eval(fs.readFileSync('../PAIR.js')+'');
-eval(fs.readFileSync('./MPIN.js')+'');
-eval(fs.readFileSync('../MPINAuth.js')+'');
-
-// Configuration file
-eval(fs.readFileSync('./config.js')+'');
-
-// Load test vectors
-var vectors = require('./testVectors.json');
-
-// Turn on DEBUG mode in MPINAuth
-MPINAuth.DEBUG = DEBUG;
-
-var RAW=[];
-for (i=0;i<100;i++) RAW[i]=i;
-var RAW_hex = MPIN.bytestostring(RAW);
-
-// Initiaize RNG
-MPINAuth.initializeRNG(RAW_hex);
-
-for(var vector in vectors)
- {
- console.log("Test "+vectors[vector].test_no);
- if (DEBUG){console.log("MPIN_ID_HEX "+vectors[vector].MPIN_ID_HEX);}
- if (DEBUG){console.log("TIME_PERMIT "+vectors[vector].TIME_PERMIT);}
- if (DEBUG){console.log("TOKEN "+vectors[vector].TOKEN);}
- if (DEBUG){console.log("PIN2 "+vectors[vector].PIN2);}
- if (DEBUG){console.log("X "+vectors[vector].X);}
- if (DEBUG){console.log("U "+vectors[vector].U);}
- if (DEBUG){console.log("UT "+vectors[vector].UT);}
- var pass1 = MPINAuth.pass1Request(vectors[vector].MPIN_ID_HEX, vectors[vector].TOKEN, vectors[vector].TIME_PERMIT, vectors[vector].PIN2, vectors[vector].DATE, vectors[vector].X);
- if (DEBUG){console.dir("pass1 "+pass1);}
- try
- {
- assert.equal(pass1.U, vectors[vector].U, "U generation failed");
- assert.equal(pass1.UT, vectors[vector].UT, "UT generation failed");
- }
- catch(err)
- {
- txt="Error description: " + err.message;
- console.error(txt);
- var cur_date = new Date();
- console.log("TEST FAILED: "+cur_date.toISOString());
- return;
- }
- }
-console.log("TEST PASSED");
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/test_pass2.js
----------------------------------------------------------------------
diff --git a/js/tests/test_pass2.js b/js/tests/test_pass2.js
deleted file mode 100755
index 09a27d4..0000000
--- a/js/tests/test_pass2.js
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-console.log("Testing pass two request generation");
-var assert = require('assert');
-var fs = require('fs');
-
-// Javascript files from the PIN pad are included here:
-eval(fs.readFileSync('../DBIG.js')+'');
-eval(fs.readFileSync('../BIG.js')+'');
-eval(fs.readFileSync('../FP.js')+'');
-eval(fs.readFileSync('../ROM.js')+'');
-eval(fs.readFileSync('../HASH.js')+'');
-eval(fs.readFileSync('../RAND.js')+'');
-eval(fs.readFileSync('../AES.js')+'');
-eval(fs.readFileSync('../GCM.js')+'');
-eval(fs.readFileSync('../ECP.js')+'');
-eval(fs.readFileSync('../FP2.js')+'');
-eval(fs.readFileSync('../ECP2.js')+'');
-eval(fs.readFileSync('../FP4.js')+'');
-eval(fs.readFileSync('../FP12.js')+'');
-eval(fs.readFileSync('../PAIR.js')+'');
-eval(fs.readFileSync('./MPIN.js')+'');
-eval(fs.readFileSync('../MPINAuth.js')+'');
-
-// Configuration file
-eval(fs.readFileSync('./config.js')+'');
-
-// Load test vectors
-var vectors = require('./testVectors.json');
-
-// Turn on DEBUG mode in MPINAuth
-MPINAuth.DEBUG = DEBUG;
-
-// Set OTP switch
-var requestOTP = 1;
-// Set WID
-var accessNumber = 123456;
-
-for(var vector in vectors)
- {
- console.log("Test "+vectors[vector].test_no);
- if (DEBUG){console.log("X "+vectors[vector].X);}
- if (DEBUG){console.log("Y "+vectors[vector].Y);}
- if (DEBUG){console.log("SEC "+vectors[vector].SEC);}
- MPINAuth.X = MPINAuth.hextobytes(vectors[vector].X);
- MPINAuth.SEC = MPINAuth.hextobytes(vectors[vector].SEC);
- var pass2 = MPINAuth.pass2Request(vectors[vector].Y, requestOTP, accessNumber);
- if (DEBUG){console.dir("pass2 "+pass2);}
- try
- {
- assert.equal(pass2.V, vectors[vector].V, "V generation failed");
- }
- catch(err)
- {
- txt="Error description: " + err.message;
- console.error(txt);
- var cur_date = new Date();
- console.log("TEST FAILED: "+cur_date.toISOString());
- return;
- }
- }
-console.log("TEST PASSED");
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/test_randomX.js
----------------------------------------------------------------------
diff --git a/js/tests/test_randomX.js b/js/tests/test_randomX.js
deleted file mode 100755
index 9c7e8bb..0000000
--- a/js/tests/test_randomX.js
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-console.log("Testing randomX");
-var assert = require('assert');
-var fs = require('fs');
-var crypto = require('crypto');
-
-// Javascript files from the PIN pad are included here:
-eval(fs.readFileSync('../DBIG.js')+'');
-eval(fs.readFileSync('../BIG.js')+'');
-eval(fs.readFileSync('../FP.js')+'');
-eval(fs.readFileSync('../ROM.js')+'');
-eval(fs.readFileSync('../HASH.js')+'');
-eval(fs.readFileSync('../RAND.js')+'');
-eval(fs.readFileSync('../AES.js')+'');
-eval(fs.readFileSync('../GCM.js')+'');
-eval(fs.readFileSync('../ECP.js')+'');
-eval(fs.readFileSync('../FP2.js')+'');
-eval(fs.readFileSync('../ECP2.js')+'');
-eval(fs.readFileSync('../FP4.js')+'');
-eval(fs.readFileSync('../FP12.js')+'');
-eval(fs.readFileSync('../PAIR.js')+'');
-eval(fs.readFileSync('./MPIN.js')+'');
-eval(fs.readFileSync('../MPINAuth.js')+'');
-
-// Configuration file
-eval(fs.readFileSync('./config.js')+'');
-
-// Turn on DEBUG mode in MPINAuth
-MPINAuth.DEBUG = DEBUG;
-
-var x_vals=[];
-
-// Initiaize RNG
-var seed = crypto.randomBytes(32);
-var seed_hex = seed.toString("hex");
-MPINAuth.initializeRNG(seed_hex);
-
-mpin_id_hex = "7b226d6f62696c65223a20312c2022697373756564223a2022323031342d31322d31385431303a32303a32395a222c2022757365724944223a20223531306263313033353530616465636332316438393730303835323763323666406365727469766f782e636f6d222c202273616c74223a202234656233336433356366323963653161227d";
-token_hex = "040128e30db2a7e5a26770498f558eab68920f58b4f707e738390160b2b4883bfb0521fe217597f279286818496a303e8d4b1a7e97b9c30d6c9fae99362c043e26";
-timePermit_hex = "041019f24b3dbae8727fef08323e38fd36dcd1193f6de3286e7c4b224c539850a8200ee94fa5c45fa3350b14d015ebc4834ac57c4705712206655252a1a57939be";
-PIN = 777
-date = 16639
-
-// Assign values of x to array
-for(var i = 0; i < 10;i++)
- {
- var pass1 = MPINAuth.pass1Request(mpin_id_hex, token_hex, timePermit_hex, PIN, date, null);
- x_hex = MPIN.bytestostring(MPINAuth.X);
- if(DEBUG){console.log("iter: "+i+" X: "+x_hex);}
- x_vals.push(x_hex);
- }
-
-// Model re-rendering of page
-var seed = crypto.randomBytes(32);
-var seed_hex = seed.toString("hex");
-MPINAuth.initializeRNG(seed_hex);
-
-// Assign values of x to array
-for(var i = 0; i < 10;i++)
- {
- var pass1 = MPINAuth.pass1Request(mpin_id_hex, token_hex, timePermit_hex, PIN, date, null);
- x_hex = MPIN.bytestostring(MPINAuth.X);
- if(DEBUG){console.log("iter: "+i+" X: "+x_hex);}
- x_vals.push(x_hex);
- }
-
-if(DEBUG){console.dir(x_vals);}
-
-// Write values to file for further processing
-x_json = JSON.stringify(x_vals);
-if(DEBUG){console.log(x_json);}
-var output_file = "./randomX.json";
-fs.writeFile(output_file, x_json, function(err) {
- if(err) {
- console.log(err);
- console.log("Error writing to "+output_file);
- }
-});
-console.log(output_file+" generated");
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/test_sha256.js
----------------------------------------------------------------------
diff --git a/js/tests/test_sha256.js b/js/tests/test_sha256.js
deleted file mode 100755
index ceabd4b..0000000
--- a/js/tests/test_sha256.js
+++ /dev/null
@@ -1,92 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-console.log("Testing sha256");
-var assert = require('assert');
-var fs = require('fs');
-var crypto = require('crypto');
-
-// Javascript files from the PIN pad are included here:
-eval(fs.readFileSync('../DBIG.js')+'');
-eval(fs.readFileSync('../BIG.js')+'');
-eval(fs.readFileSync('../FP.js')+'');
-eval(fs.readFileSync('../ROM.js')+'');
-eval(fs.readFileSync('../HASH.js')+'');
-eval(fs.readFileSync('../RAND.js')+'');
-eval(fs.readFileSync('../AES.js')+'');
-eval(fs.readFileSync('../GCM.js')+'');
-eval(fs.readFileSync('../ECP.js')+'');
-eval(fs.readFileSync('../FP2.js')+'');
-eval(fs.readFileSync('../ECP2.js')+'');
-eval(fs.readFileSync('../FP4.js')+'');
-eval(fs.readFileSync('../FP12.js')+'');
-eval(fs.readFileSync('../PAIR.js')+'');
-eval(fs.readFileSync('./MPIN.js')+'');
-eval(fs.readFileSync('../MPINAuth.js')+'');
-
-// Configuration file
-eval(fs.readFileSync('./config.js')+'');
-
-// Turn on DEBUG mode in MPINAuth
-MPINAuth.DEBUG = DEBUG;
-
-// Compare M-Pin sha256 with crypto version
-for (i=0;i<100;i++)
- {
- console.log("Test "+i);
- // Data for mpin_id
- var randomUser = crypto.randomBytes(32);
- var userID = randomUser.toString("hex");
- var cur_date = new Date();
- var issued = cur_date.toISOString();
- var salt = crypto.randomBytes(16);
- var salt_hex = salt.toString("hex");
-
- // Form MPin ID
- var endUserdata = {
- "issued": issued,
- "userID": userID,
- "mobile": 1,
- "salt": salt_hex
- };
- mpin_id = JSON.stringify(endUserdata);
- hash_mpin_id_hex1 = crypto.createHash('sha256').update(mpin_id).digest('hex');
-
- var mpin_id_bytes =MPIN.stringtobytes(mpin_id);
- var hash_mpin_id_bytes=[];
- hash_mpin_id_bytes = MPIN.HASH_ID(mpin_id_bytes)
- var hash_mpin_id_hex2 = MPIN.bytestostring(hash_mpin_id_bytes);
-
- if (DEBUG){console.log("hash_mpin_id_hex1: "+hash_mpin_id_hex1 + "\nhash_mpin_id_hex2: "+hash_mpin_id_hex2);}
- try
- {
- assert.equal(hash_mpin_id_hex1, hash_mpin_id_hex2, "sha256 test failed");
- }
- catch(err)
- {
- txt="Error description: " + err.message;
- console.error(txt);
- var cur_date = new Date();
- console.log("TEST FAILED: "+cur_date.toISOString());
- return;
- }
-
-
-
- }
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/test_token.js
----------------------------------------------------------------------
diff --git a/js/tests/test_token.js b/js/tests/test_token.js
deleted file mode 100755
index c82ffc5..0000000
--- a/js/tests/test_token.js
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-console.log("Testing token generation");
-var assert = require('assert');
-var fs = require('fs');
-
-// Javascript files from the PIN pad are included here:
-eval(fs.readFileSync('../DBIG.js')+'');
-eval(fs.readFileSync('../BIG.js')+'');
-eval(fs.readFileSync('../FP.js')+'');
-eval(fs.readFileSync('../ROM.js')+'');
-eval(fs.readFileSync('../HASH.js')+'');
-eval(fs.readFileSync('../RAND.js')+'');
-eval(fs.readFileSync('../AES.js')+'');
-eval(fs.readFileSync('../GCM.js')+'');
-eval(fs.readFileSync('../ECP.js')+'');
-eval(fs.readFileSync('../FP2.js')+'');
-eval(fs.readFileSync('../ECP2.js')+'');
-eval(fs.readFileSync('../FP4.js')+'');
-eval(fs.readFileSync('../FP12.js')+'');
-eval(fs.readFileSync('../PAIR.js')+'');
-eval(fs.readFileSync('./MPIN.js')+'');
-eval(fs.readFileSync('../MPINAuth.js')+'');
-
-// Configuration file
-eval(fs.readFileSync('./config.js')+'');
-
-// Load test vectors
-var vectors = require('./testVectors.json');
-
-// Turn on DEBUG mode in MPINAuth
-MPINAuth.DEBUG = DEBUG;
-
-for(var vector in vectors)
- {
- console.log("Test "+vectors[vector].test_no);
- if (DEBUG){console.log("PIN "+vectors[vector].PIN1);}
- if (DEBUG){console.log("CLIENT_SECRET "+vectors[vector].CLIENT_SECRET);}
- if (DEBUG){console.log("MPIN_ID_HEX "+vectors[vector].MPIN_ID_HEX);}
- if (DEBUG){console.log("TOKEN "+vectors[vector].TOKEN);}
- var token = MPINAuth.calculateMPinToken(vectors[vector].MPIN_ID_HEX, vectors[vector].PIN1, vectors[vector].CLIENT_SECRET);
- if (DEBUG){console.log("token "+token);}
- try
- {
- assert.equal(token, vectors[vector].TOKEN, "Token generation failed");
- }
- catch(err)
- {
- txt="Error description: " + err.message;
- console.error(txt);
- console.log("TEST FAILED");
- return;
- }
- }
-console.log("TEST PASSED");
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/linux.md
----------------------------------------------------------------------
diff --git a/linux.md b/linux.md
deleted file mode 100644
index 40556e0..0000000
--- a/linux.md
+++ /dev/null
@@ -1,55 +0,0 @@
-<h2>Software dependencies</h2>
-
-CMake is required to build the library and can usually be installed from
-the operating system package manager.
-
-<ul type="disc">
- <li>sudo apt-get install cmake</li>
-</ul>
-
-If not, then you can download it from www.cmake.org
-
-The C Foreign Function Interface for Python <a href="https://cffi.readthedocs.org/en/latest/">CFFI</a> module
-is also required if you wish to use the Python module.
-
-<ul type="disc">
- <li>sudo pip install cffi</li>
-</ul>
-
-In order to build the documentation <a href="http://www.stack.nl/~dimitri/doxygen/">doxygen</a> is required.
-
-<h2>Build Instructions</h2>
-
-<p>The default build is for 32 bit machines</p>
-
-<ol type="disc">
- <li>mkdir Release</li>
- <li>cd Release</li>
- <li>cmake ..</li>
- <li>make</li>
- <li>make test</li>
- <li>make doc</li>
- <li>sudo make install</li>
-</ol>
-
-<p>The build can be configured using by setting flags on the command line i.e.</p>
-
-<ol type="disc">
- <li>cmake -DWORD_LENGTH=64 ..</li>
-</ol>
-
-<h2>Uninstall software</h2>
-
-<ul type="disc">
- <li>sudo make uninstall</li>
-</ul>
-
-<h2>Building an installer</h2>
-
-<p>After having built the libraries you can build a binary installer and a source distribution by running this command</p>
-
-<ul type="disc">
- <li>make package</li>
-</ul>
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/mac.md
----------------------------------------------------------------------
diff --git a/mac.md b/mac.md
deleted file mode 100644
index 8c24982..0000000
--- a/mac.md
+++ /dev/null
@@ -1,56 +0,0 @@
-<h2>Software dependencies</h2>
-
-Install <a href="http://brew.sh/">Homebrew</a>
-
-<ul type="disc">
- <li>ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"</li>
-</ul>
-
-Install <a href="http://www.cmake.org/download/">cmake</a>
-
-<ul type="disc">
- <li>brew install cmake</li>
-</ul>
-
-The C Foreign Function Interface for Python <a href="https://cffi.readthedocs.org/en/latest/">CFFI</a> module
-is also required if you wish to use the Python module.
-
-<ul type="disc">
- <li>brew install pkg-config libffi</li>
- <li>sudo pip install cffi</li>
-</ul>
-
-In order to build the documentation <a href="http://www.stack.nl/~dimitri/doxygen/">doxygen</a> is required.
-
-<ul type="disc">
- <li>brew install doxygen</li>
-</ul>
-
-<h2>Build Instructions</h2>
-
-<p>The default build is for 32 bit machines</p>
-
-<ol type="disc">
- <li>mkdir Release</li>
- <li>cd Release</li>
- <li>cmake ..</li>
- <li>make</li>
- <li>make test</li>
- <li>make doc</li>
- <li>sudo make install</li>
-</ol>
-
-<p>The build can be configured using by setting flags on the command line i.e.</p>
-
-<ol type="disc">
- <li>cmake -DWORD_LENGTH=64 ..</li>
-</ol>
-
-<h2>Uninstall software</h2>
-
-<ul type="disc">
- <li>sudo make uninstall</li>
-</ul>
-
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/pythonCFFI/CMakeLists.txt b/pythonCFFI/CMakeLists.txt
deleted file mode 100644
index 557a8e6..0000000
--- a/pythonCFFI/CMakeLists.txt
+++ /dev/null
@@ -1,138 +0,0 @@
-# Install M-PIN module
-
-if(BUILD_MPIN)
- if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/mpin.py DESTINATION "${PYTHON_SITE_PACKAGES}" PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
-
- if (USE_ANONYMOUS)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestMPINAnonInstall.py DESTINATION bin PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- else (USE_ANONYMOUS)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestMPINInstall.py DESTINATION bin PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif (USE_ANONYMOUS)
-
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- # Windows specific code
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/mpin.py DESTINATION lib)
- if (USE_ANONYMOUS)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestMPINAnonInstall.py DESTINATION lib)
- else (USE_ANONYMOUS)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestMPINInstall.py DESTINATION lib)
- endif (USE_ANONYMOUS)
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- # Mac OS X specific code
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/mpin.py DESTINATION "${PYTHON_SITE_PACKAGES}" PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
-
- if (USE_ANONYMOUS)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestMPINAnonInstall.py DESTINATION bin PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- else (USE_ANONYMOUS)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestMPINInstall.py DESTINATION bin PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif (USE_ANONYMOUS)
-
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-
- file(COPY mpin.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
- if (USE_ANONYMOUS)
- file(COPY TestMPINAnonInstall.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
- add_test (TestMPINAnonInstall python TestMPINAnonInstall.py)
- else (USE_ANONYMOUS)
- file(COPY TestMPINInstall.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
- add_test (TestMPINInstall python TestMPINInstall.py)
- endif (USE_ANONYMOUS)
-
-
- if(FIELD_CHOICE STREQUAL "BNCX")
- if (USE_ANONYMOUS)
- file(COPY TestMPINAnon.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
- add_test (TestMPINAnonBNCX python TestMPINAnon.py)
- else (USE_ANONYMOUS)
- file(COPY TestMPIN.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
- add_test (TestMPINBNCX python TestMPIN.py)
- endif (USE_ANONYMOUS)
- endif(FIELD_CHOICE STREQUAL "BNCX")
-
-
-endif(BUILD_MPIN)
-
-
-if(BUILD_SOK)
- if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/sok.py DESTINATION "${PYTHON_SITE_PACKAGES}" PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestSOKInstall.py DESTINATION bin PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- # Windows specific code
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/sok.py DESTINATION lib)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestSOKInstall.py DESTINATION lib)
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- # Mac OS X specific code
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/sok.py DESTINATION "${PYTHON_SITE_PACKAGES}" PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/TestSOKInstall.py DESTINATION bin PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-
- file(COPY sok.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
- file(COPY TestSOKInstall.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
-
- add_test (TestSOKInstall python TestSOKInstall.py)
-endif(BUILD_SOK)
-
-
-if(BUILD_WCC)
- if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/wcc.py DESTINATION "${PYTHON_SITE_PACKAGES}" PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- # Windows specific code
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/wcc.py DESTINATION lib)
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- # Mac OS X specific code
- INSTALL(FILES ${PROJECT_SOURCE_DIR}/pythonCFFI/wcc.py DESTINATION "${PYTHON_SITE_PACKAGES}" PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-
- file(COPY wcc.py DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI/")
-endif(BUILD_WCC)
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/README.md
----------------------------------------------------------------------
diff --git a/pythonCFFI/README.md b/pythonCFFI/README.md
deleted file mode 100644
index e672502..0000000
--- a/pythonCFFI/README.md
+++ /dev/null
@@ -1,15 +0,0 @@
-This directory contains the python module that
-interacts with the c code using CFFI.
-
-To run all MPIN tests
-
-./TestMPINInstall.py -v
-
-To run all SOK tests
-
-./TestSOKInstall.py -v
-
-To run all WCC tests
-
-./TestWCCInstall.py -v
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/TestMPIN.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/TestMPIN.py b/pythonCFFI/TestMPIN.py
deleted file mode 100755
index 24cb516..0000000
--- a/pythonCFFI/TestMPIN.py
+++ /dev/null
@@ -1,326 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-import unittest
-import json
-
-from mpin import ffi, G1, G2, HASH_BYTES, libmpin, PFS, PGS, toHex
-
-# Master Secret Shares
-MS1 = ffi.new("octet*")
-MS1val = ffi.new("char []", PGS)
-MS1[0].val = MS1val
-MS1[0].max = PGS
-MS1[0].len = PGS
-
-MS2 = ffi.new("octet*")
-MS2val = ffi.new("char []", PGS)
-MS2[0].val = MS2val
-MS2[0].max = PGS
-MS2[0].len = PGS
-
-# Client secret and shares
-CS1 = ffi.new("octet*")
-CS1val = ffi.new("char []", G1)
-CS1[0].val = CS1val
-CS1[0].max = G1
-CS1[0].len = G1
-
-CS2 = ffi.new("octet*")
-CS2val = ffi.new("char []", G1)
-CS2[0].val = CS2val
-CS2[0].max = G1
-CS2[0].len = G1
-
-SEC = ffi.new("octet*")
-SECval = ffi.new("char []", G1)
-SEC[0].val = SECval
-SEC[0].max = G1
-SEC[0].len = G1
-
-# Server secret and shares
-SS1 = ffi.new("octet*")
-SS1val = ffi.new("char []", G2)
-SS1[0].val = SS1val
-SS1[0].max = G2
-SS1[0].len = G2
-
-SS2 = ffi.new("octet*")
-SS2val = ffi.new("char []", G2)
-SS2[0].val = SS2val
-SS2[0].max = G2
-SS2[0].len = G2
-
-SERVER_SECRET = ffi.new("octet*")
-SERVER_SECRETval = ffi.new("char []", G2)
-SERVER_SECRET[0].val = SERVER_SECRETval
-SERVER_SECRET[0].max = G2
-SERVER_SECRET[0].len = G2
-
-# Time Permit and shares
-TP1 = ffi.new("octet*")
-TP1val = ffi.new("char []", G1)
-TP1[0].val = TP1val
-TP1[0].max = G1
-TP1[0].len = G1
-
-TP2 = ffi.new("octet*")
-TP2val = ffi.new("char []", G1)
-TP2[0].val = TP2val
-TP2[0].max = G1
-TP2[0].len = G1
-
-TIME_PERMIT = ffi.new("octet*")
-TIME_PERMITval = ffi.new("char []", G1)
-TIME_PERMIT[0].val = TIME_PERMITval
-TIME_PERMIT[0].max = G1
-TIME_PERMIT[0].len = G1
-
-# Token stored on computer
-TOKEN = ffi.new("octet*")
-TOKENval = ffi.new("char []", G1)
-TOKEN[0].val = TOKENval
-TOKEN[0].max = G1
-TOKEN[0].len = G1
-
-UT = ffi.new("octet*")
-UTval = ffi.new("char []", G1)
-UT[0].val = UTval
-UT[0].max = G1
-UT[0].len = G1
-
-U = ffi.new("octet*")
-Uval = ffi.new("char []", G1)
-U[0].val = Uval
-U[0].max = G1
-U[0].len = G1
-
-X = ffi.new("octet*")
-Xval = ffi.new("char []", PGS)
-X[0].val = Xval
-X[0].max = PGS
-X[0].len = PGS
-
-Y = ffi.new("octet*")
-Yval = ffi.new("char []", PGS)
-Y[0].val = Yval
-Y[0].max = PGS
-Y[0].len = PGS
-
-lenEF = 12 * PFS
-E = ffi.new("octet*")
-Eval = ffi.new("char []", lenEF)
-E[0].val = Eval
-E[0].max = lenEF
-E[0].len = lenEF
-
-F = ffi.new("octet*")
-Fval = ffi.new("char []", lenEF)
-F[0].val = Fval
-F[0].max = lenEF
-F[0].len = lenEF
-
-# H(ID)
-HID = ffi.new("octet*")
-HIDval = ffi.new("char []", G1)
-HID[0].val = HIDval
-HID[0].max = G1
-HID[0].len = G1
-
-# H(T|H(ID))
-HTID = ffi.new("octet*")
-HTIDval = ffi.new("char []", G1)
-HTID[0].val = HTIDval
-HTID[0].max = G1
-HTID[0].len = G1
-
-
-class TestMPIN(unittest.TestCase):
- """Tests M-Pin crypto code"""
-
- def setUp(self):
-
- # Form MPin ID
- endUserData = {
- "issued": "2013-10-19T06:12:28Z",
- "userID": "testUser@miracl.com",
- "mobile": 1,
- "salt": "e985da112a378c222cfc2f7226097b0c"
- }
- mpin_id = json.dumps(endUserData)
-
- self.MPIN_ID = ffi.new("octet*")
- self.MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id)
- self.MPIN_ID[0].val = self.MPIN_IDval
- self.MPIN_ID[0].max = len(mpin_id)
- self.MPIN_ID[0].len = len(mpin_id)
-
- # Hash value of MPIN_ID
- self.HASH_MPIN_ID = ffi.new("octet*")
- self.HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- self.HASH_MPIN_ID[0].val = self.HASH_MPIN_IDval
- self.HASH_MPIN_ID[0].max = HASH_BYTES
- self.HASH_MPIN_ID[0].len = HASH_BYTES
- libmpin.MPIN_HASH_ID(self.MPIN_ID, self.HASH_MPIN_ID)
-
- # Assign a seed value
- seedHex = "3ade3d4a5c698e8910bf92f25d97ceeb7c25ed838901a5cb5db2cf25434c1fe76c7f79b7af2e5e1e4988e4294dbd9bd9fa3960197fb7aec373609fb890d74b16a4b14b2ae7e23b75f15d36c21791272372863c4f8af39980283ae69a79cf4e48e908f9e0"
- self.seed = seedHex.decode("hex")
- self.RAW = ffi.new("octet*")
- self.RAWval = ffi.new("char [%s]" % len(self.seed), self.seed)
- self.RAW[0].val = self.RAWval
- self.RAW[0].len = len(self.seed)
- self.RAW[0].max = len(self.seed)
-
- self.date = 16238
-
- def test_1(self):
- """test_1 Good PIN and good token"""
- vectors = json.load(open("./MPINTestVectors.json", "r"))
- for vector in vectors:
- print "Test vector {}".format(vector['test_no'])
-
- PIN1 = vector['PIN1']
- PIN2 = vector['PIN2']
- date = vector['DATE']
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- MS1_HEX = vector['MS1']
- MS2_HEX = vector['MS2']
-
- ms1_bin = MS1_HEX.decode("hex")
- MS1 = ffi.new("octet*")
- MS1val = ffi.new("char [%s]" % len(ms1_bin), ms1_bin)
- MS1[0].val = MS1val
- MS1[0].max = PGS
- MS1[0].len = PGS
-
- ms2_bin = MS2_HEX.decode("hex")
- MS2 = ffi.new("octet*")
- MS2val = ffi.new("char [%s]" % len(ms2_bin), ms2_bin)
- MS2[0].val = MS2val
- MS2[0].max = PGS
- MS2[0].len = PGS
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['SS1'], toHex(SS1))
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['SS2'], toHex(SS2))
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['SERVER_SECRET'], toHex(SERVER_SECRET))
-
- mpin_id = vector['MPIN_ID_HEX'].decode("hex")
- MPIN_ID = ffi.new("octet*")
- MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id)
- MPIN_ID[0].val = MPIN_IDval
- MPIN_ID[0].max = len(mpin_id)
- MPIN_ID[0].len = len(mpin_id)
-
- # Hash value of MPIN_ID
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
- libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
- self.assertEqual(vector['HASH_MPIN_ID_HEX'], toHex(HASH_MPIN_ID))
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['CS1'], toHex(CS1))
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['CS2'], toHex(CS2))
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['CLIENT_SECRET'], toHex(TOKEN))
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS1, HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TP1'], toHex(TP1))
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS2, HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TP2'], toHex(TP2))
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TIME_PERMIT'], toHex(TIME_PERMIT))
-
- # Client extracts PIN from secret to create Token
- rtn = libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TOKEN'], toHex(TOKEN))
-
- x = vector['X'].decode("hex")
- X = ffi.new("octet*")
- Xval = ffi.new("char [%s]" % PGS, x)
- X[0].val = Xval
- X[0].max = PGS
- X[0].len = PGS
-
- # Client first pass. Use X value from test vectors
- rtn = libmpin.MPIN_CLIENT_1(date, MPIN_ID, ffi.NULL, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['X'], toHex(X))
- self.assertEqual(vector['U'], toHex(U))
- self.assertEqual(vector['UT'], toHex(UT))
- self.assertEqual(vector['SEC'], toHex(SEC))
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(date, MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- # rtn = libmpin.MPIN_RANDOM_GENERATE(RNG,Y)
- # self.assertEqual(rtn, 0)
-
- # Use Y value from test vectors
- y = vector['Y'].decode("hex")
- Y = ffi.new("octet*")
- Yval = ffi.new("char [%s]" % PGS, y)
- Y[0].val = Yval
- Y[0].max = PGS
- Y[0].len = PGS
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['V'], toHex(SEC))
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- self.assertEqual(rtn, vector['SERVER_OUTPUT'])
-
-if __name__ == '__main__':
- # Run tests
- unittest.main()
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/TestMPINAnon.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/TestMPINAnon.py b/pythonCFFI/TestMPINAnon.py
deleted file mode 100755
index ae332c5..0000000
--- a/pythonCFFI/TestMPINAnon.py
+++ /dev/null
@@ -1,326 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-import unittest
-import json
-
-from mpin import ffi, G1, G2, HASH_BYTES, libmpin, PFS, PGS, toHex
-
-# Master Secret Shares
-MS1 = ffi.new("octet*")
-MS1val = ffi.new("char []", PGS)
-MS1[0].val = MS1val
-MS1[0].max = PGS
-MS1[0].len = PGS
-
-MS2 = ffi.new("octet*")
-MS2val = ffi.new("char []", PGS)
-MS2[0].val = MS2val
-MS2[0].max = PGS
-MS2[0].len = PGS
-
-# Client secret and shares
-CS1 = ffi.new("octet*")
-CS1val = ffi.new("char []", G1)
-CS1[0].val = CS1val
-CS1[0].max = G1
-CS1[0].len = G1
-
-CS2 = ffi.new("octet*")
-CS2val = ffi.new("char []", G1)
-CS2[0].val = CS2val
-CS2[0].max = G1
-CS2[0].len = G1
-
-SEC = ffi.new("octet*")
-SECval = ffi.new("char []", G1)
-SEC[0].val = SECval
-SEC[0].max = G1
-SEC[0].len = G1
-
-# Server secret and shares
-SS1 = ffi.new("octet*")
-SS1val = ffi.new("char []", G2)
-SS1[0].val = SS1val
-SS1[0].max = G2
-SS1[0].len = G2
-
-SS2 = ffi.new("octet*")
-SS2val = ffi.new("char []", G2)
-SS2[0].val = SS2val
-SS2[0].max = G2
-SS2[0].len = G2
-
-SERVER_SECRET = ffi.new("octet*")
-SERVER_SECRETval = ffi.new("char []", G2)
-SERVER_SECRET[0].val = SERVER_SECRETval
-SERVER_SECRET[0].max = G2
-SERVER_SECRET[0].len = G2
-
-# Time Permit and shares
-TP1 = ffi.new("octet*")
-TP1val = ffi.new("char []", G1)
-TP1[0].val = TP1val
-TP1[0].max = G1
-TP1[0].len = G1
-
-TP2 = ffi.new("octet*")
-TP2val = ffi.new("char []", G1)
-TP2[0].val = TP2val
-TP2[0].max = G1
-TP2[0].len = G1
-
-TIME_PERMIT = ffi.new("octet*")
-TIME_PERMITval = ffi.new("char []", G1)
-TIME_PERMIT[0].val = TIME_PERMITval
-TIME_PERMIT[0].max = G1
-TIME_PERMIT[0].len = G1
-
-# Token stored on computer
-TOKEN = ffi.new("octet*")
-TOKENval = ffi.new("char []", G1)
-TOKEN[0].val = TOKENval
-TOKEN[0].max = G1
-TOKEN[0].len = G1
-
-UT = ffi.new("octet*")
-UTval = ffi.new("char []", G1)
-UT[0].val = UTval
-UT[0].max = G1
-UT[0].len = G1
-
-U = ffi.new("octet*")
-Uval = ffi.new("char []", G1)
-U[0].val = Uval
-U[0].max = G1
-U[0].len = G1
-
-X = ffi.new("octet*")
-Xval = ffi.new("char []", PGS)
-X[0].val = Xval
-X[0].max = PGS
-X[0].len = PGS
-
-Y = ffi.new("octet*")
-Yval = ffi.new("char []", PGS)
-Y[0].val = Yval
-Y[0].max = PGS
-Y[0].len = PGS
-
-lenEF = 12 * PFS
-E = ffi.new("octet*")
-Eval = ffi.new("char []", lenEF)
-E[0].val = Eval
-E[0].max = lenEF
-E[0].len = lenEF
-
-F = ffi.new("octet*")
-Fval = ffi.new("char []", lenEF)
-F[0].val = Fval
-F[0].max = lenEF
-F[0].len = lenEF
-
-# H(ID)
-HID = ffi.new("octet*")
-HIDval = ffi.new("char []", G1)
-HID[0].val = HIDval
-HID[0].max = G1
-HID[0].len = G1
-
-# H(T|H(ID))
-HTID = ffi.new("octet*")
-HTIDval = ffi.new("char []", G1)
-HTID[0].val = HTIDval
-HTID[0].max = G1
-HTID[0].len = G1
-
-
-class TestMPIN(unittest.TestCase):
- """Tests M-Pin crypto code"""
-
- def setUp(self):
-
- # Form MPin ID
- endUserData = {
- "issued": "2013-10-19T06:12:28Z",
- "userID": "testUser@miracl.com",
- "mobile": 1,
- "salt": "e985da112a378c222cfc2f7226097b0c"
- }
- mpin_id = json.dumps(endUserData)
-
- self.MPIN_ID = ffi.new("octet*")
- self.MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id)
- self.MPIN_ID[0].val = self.MPIN_IDval
- self.MPIN_ID[0].max = len(mpin_id)
- self.MPIN_ID[0].len = len(mpin_id)
-
- # Hash value of MPIN_ID
- self.HASH_MPIN_ID = ffi.new("octet*")
- self.HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- self.HASH_MPIN_ID[0].val = self.HASH_MPIN_IDval
- self.HASH_MPIN_ID[0].max = HASH_BYTES
- self.HASH_MPIN_ID[0].len = HASH_BYTES
- libmpin.MPIN_HASH_ID(self.MPIN_ID, self.HASH_MPIN_ID)
-
- # Assign a seed value
- seedHex = "3ade3d4a5c698e8910bf92f25d97ceeb7c25ed838901a5cb5db2cf25434c1fe76c7f79b7af2e5e1e4988e4294dbd9bd9fa3960197fb7aec373609fb890d74b16a4b14b2ae7e23b75f15d36c21791272372863c4f8af39980283ae69a79cf4e48e908f9e0"
- self.seed = seedHex.decode("hex")
- self.RAW = ffi.new("octet*")
- self.RAWval = ffi.new("char [%s]" % len(self.seed), self.seed)
- self.RAW[0].val = self.RAWval
- self.RAW[0].len = len(self.seed)
- self.RAW[0].max = len(self.seed)
-
- self.date = 16238
-
- def test_1(self):
- """test_1 Good PIN and good token"""
- vectors = json.load(open("./MPINTestVectors.json", "r"))
- for vector in vectors:
- print "Test vector {}".format(vector['test_no'])
-
- PIN1 = vector['PIN1']
- PIN2 = vector['PIN2']
- date = vector['DATE']
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- MS1_HEX = vector['MS1']
- MS2_HEX = vector['MS2']
-
- ms1_bin = MS1_HEX.decode("hex")
- MS1 = ffi.new("octet*")
- MS1val = ffi.new("char [%s]" % len(ms1_bin), ms1_bin)
- MS1[0].val = MS1val
- MS1[0].max = PGS
- MS1[0].len = PGS
-
- ms2_bin = MS2_HEX.decode("hex")
- MS2 = ffi.new("octet*")
- MS2val = ffi.new("char [%s]" % len(ms2_bin), ms2_bin)
- MS2[0].val = MS2val
- MS2[0].max = PGS
- MS2[0].len = PGS
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['SS1'], toHex(SS1))
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['SS2'], toHex(SS2))
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['SERVER_SECRET'], toHex(SERVER_SECRET))
-
- mpin_id = vector['MPIN_ID_HEX'].decode("hex")
- MPIN_ID = ffi.new("octet*")
- MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id)
- MPIN_ID[0].val = MPIN_IDval
- MPIN_ID[0].max = len(mpin_id)
- MPIN_ID[0].len = len(mpin_id)
-
- # Hash value of MPIN_ID
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
- libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
- self.assertEqual(vector['HASH_MPIN_ID_HEX'], toHex(HASH_MPIN_ID))
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['CS1'], toHex(CS1))
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['CS2'], toHex(CS2))
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['CLIENT_SECRET'], toHex(TOKEN))
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS1, HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TP1'], toHex(TP1))
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(date, MS2, HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TP2'], toHex(TP2))
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TIME_PERMIT'], toHex(TIME_PERMIT))
-
- # Client extracts PIN from secret to create Token
- rtn = libmpin.MPIN_EXTRACT_PIN(MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['TOKEN'], toHex(TOKEN))
-
- x = vector['X'].decode("hex")
- X = ffi.new("octet*")
- Xval = ffi.new("char [%s]" % PGS, x)
- X[0].val = Xval
- X[0].max = PGS
- X[0].len = PGS
-
- # Client first pass. Use X value from test vectors
- rtn = libmpin.MPIN_CLIENT_1(date, MPIN_ID, ffi.NULL, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['X'], toHex(X))
- self.assertEqual(vector['U'], toHex(U))
- self.assertEqual(vector['UT'], toHex(UT))
- self.assertEqual(vector['SEC'], toHex(SEC))
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(date, HASH_MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- # rtn = libmpin.MPIN_RANDOM_GENERATE(RNG,Y)
- # self.assertEqual(rtn, 0)
-
- # Use Y value from test vectors
- y = vector['Y'].decode("hex")
- Y = ffi.new("octet*")
- Yval = ffi.new("char [%s]" % PGS, y)
- Y[0].val = Yval
- Y[0].max = PGS
- Y[0].len = PGS
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
- self.assertEqual(vector['V'], toHex(SEC))
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- self.assertEqual(rtn, vector['SERVER_OUTPUT'])
-
-if __name__ == '__main__':
- # Run tests
- unittest.main()
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/pythonCFFI/TestMPINAnonInstall.py
----------------------------------------------------------------------
diff --git a/pythonCFFI/TestMPINAnonInstall.py b/pythonCFFI/TestMPINAnonInstall.py
deleted file mode 100755
index 7d67721..0000000
--- a/pythonCFFI/TestMPINAnonInstall.py
+++ /dev/null
@@ -1,703 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-"""
-import os
-import unittest
-import json
-import hashlib
-
-from mpin import ffi, G1, G2, HASH_BYTES, IVL, libmpin, PAS, PFS, PGS, toHex
-
-# Master Secret Shares
-MS1 = ffi.new("octet*")
-MS1val = ffi.new("char []", PGS)
-MS1[0].val = MS1val
-MS1[0].max = PGS
-MS1[0].len = PGS
-
-MS2 = ffi.new("octet*")
-MS2val = ffi.new("char []", PGS)
-MS2[0].val = MS2val
-MS2[0].max = PGS
-MS2[0].len = PGS
-
-# Client secret and shares
-CS1 = ffi.new("octet*")
-CS1val = ffi.new("char []", G1)
-CS1[0].val = CS1val
-CS1[0].max = G1
-CS1[0].len = G1
-
-CS2 = ffi.new("octet*")
-CS2val = ffi.new("char []", G1)
-CS2[0].val = CS2val
-CS2[0].max = G1
-CS2[0].len = G1
-
-SEC = ffi.new("octet*")
-SECval = ffi.new("char []", G1)
-SEC[0].val = SECval
-SEC[0].max = G1
-SEC[0].len = G1
-
-# Server secret and shares
-SS1 = ffi.new("octet*")
-SS1val = ffi.new("char []", G2)
-SS1[0].val = SS1val
-SS1[0].max = G2
-SS1[0].len = G2
-
-SS2 = ffi.new("octet*")
-SS2val = ffi.new("char []", G2)
-SS2[0].val = SS2val
-SS2[0].max = G2
-SS2[0].len = G2
-
-SERVER_SECRET = ffi.new("octet*")
-SERVER_SECRETval = ffi.new("char []", G2)
-SERVER_SECRET[0].val = SERVER_SECRETval
-SERVER_SECRET[0].max = G2
-SERVER_SECRET[0].len = G2
-
-# Time Permit and shares
-TP1 = ffi.new("octet*")
-TP1val = ffi.new("char []", G1)
-TP1[0].val = TP1val
-TP1[0].max = G1
-TP1[0].len = G1
-
-TP2 = ffi.new("octet*")
-TP2val = ffi.new("char []", G1)
-TP2[0].val = TP2val
-TP2[0].max = G1
-TP2[0].len = G1
-
-TIME_PERMIT = ffi.new("octet*")
-TIME_PERMITval = ffi.new("char []", G1)
-TIME_PERMIT[0].val = TIME_PERMITval
-TIME_PERMIT[0].max = G1
-TIME_PERMIT[0].len = G1
-
-# Token stored on computer
-TOKEN = ffi.new("octet*")
-TOKENval = ffi.new("char []", G1)
-TOKEN[0].val = TOKENval
-TOKEN[0].max = G1
-TOKEN[0].len = G1
-
-UT = ffi.new("octet*")
-UTval = ffi.new("char []", G1)
-UT[0].val = UTval
-UT[0].max = G1
-UT[0].len = G1
-
-U = ffi.new("octet*")
-Uval = ffi.new("char []", G1)
-U[0].val = Uval
-U[0].max = G1
-U[0].len = G1
-
-X = ffi.new("octet*")
-Xval = ffi.new("char []", PGS)
-X[0].val = Xval
-X[0].max = PGS
-X[0].len = PGS
-
-Y = ffi.new("octet*")
-Yval = ffi.new("char []", PGS)
-Y[0].val = Yval
-Y[0].max = PGS
-Y[0].len = PGS
-
-lenEF = 12 * PFS
-E = ffi.new("octet*")
-Eval = ffi.new("char []", lenEF)
-E[0].val = Eval
-E[0].max = lenEF
-E[0].len = lenEF
-
-F = ffi.new("octet*")
-Fval = ffi.new("char []", lenEF)
-F[0].val = Fval
-F[0].max = lenEF
-F[0].len = lenEF
-
-# H(ID)
-HID = ffi.new("octet*")
-HIDval = ffi.new("char []", G1)
-HID[0].val = HIDval
-HID[0].max = G1
-HID[0].len = G1
-
-# H(T|H(ID))
-HTID = ffi.new("octet*")
-HTIDval = ffi.new("char []", G1)
-HTID[0].val = HTIDval
-HTID[0].max = G1
-HTID[0].len = G1
-
-
-class TestMPIN(unittest.TestCase):
- """Tests M-Pin crypto code"""
-
- def setUp(self):
-
- # Form MPin ID
- endUserData = {
- "issued": "2013-10-19T06:12:28Z",
- "userID": "testUser@miracl.com",
- "mobile": 1,
- "salt": "e985da112a378c222cfc2f7226097b0c"
- }
- mpin_id = json.dumps(endUserData)
-
- self.MPIN_ID = ffi.new("octet*")
- self.MPIN_IDval = ffi.new("char [%s]" % len(mpin_id), mpin_id)
- self.MPIN_ID[0].val = self.MPIN_IDval
- self.MPIN_ID[0].max = len(mpin_id)
- self.MPIN_ID[0].len = len(mpin_id)
-
- # Hash value of MPIN_ID
- self.HASH_MPIN_ID = ffi.new("octet*")
- self.HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- self.HASH_MPIN_ID[0].val = self.HASH_MPIN_IDval
- self.HASH_MPIN_ID[0].max = HASH_BYTES
- self.HASH_MPIN_ID[0].len = HASH_BYTES
- libmpin.MPIN_HASH_ID(self.MPIN_ID, self.HASH_MPIN_ID)
-
- # Assign a seed value
- seedHex = "3ade3d4a5c698e8910bf92f25d97ceeb7c25ed838901a5cb5db2cf25434c1fe76c7f79b7af2e5e1e4988e4294dbd9bd9fa3960197fb7aec373609fb890d74b16a4b14b2ae7e23b75f15d36c21791272372863c4f8af39980283ae69a79cf4e48e908f9e0"
- self.seed = seedHex.decode("hex")
- self.RAW = ffi.new("octet*")
- self.RAWval = ffi.new("char [%s]" % len(self.seed), self.seed)
- self.RAW[0].val = self.RAWval
- self.RAW[0].len = len(self.seed)
- self.RAW[0].max = len(self.seed)
-
- self.date = 16238
-
- def test_1(self):
- """test_1 Good PIN and good token"""
- PIN1 = 1234
- PIN2 = 1234
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate Client master secret share for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- self.assertEqual(rtn, 0)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, self.HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, self.HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS1, self.HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS2, self.HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Client extracts PIN from secret to create Token
- PIN1 = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(self.MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(self.date, self.MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(self.date, self.HASH_MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- self.assertEqual(rtn, 0)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(self.date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- self.assertEqual(rtn, 0)
-
- def test_2(self):
- """test_2 Bad PIN and good token"""
- PIN1 = 1234
- PIN2 = 2000
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate Client master secret share for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- self.assertEqual(rtn, 0)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, self.HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, self.HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS1, self.HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS2, self.HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Client extracts PIN from secret to create Token
- PIN1 = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(self.MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(self.date, self.MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(self.date, self.HASH_MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- self.assertEqual(rtn, 0)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
-
- # Server second pass
- rtn = libmpin.MPIN_SERVER_2(self.date, HID, HTID, Y, SERVER_SECRET, U, UT, SEC, E, F)
- self.assertEqual(rtn, -19)
-
- def test_3(self):
- """test_3 Good PIN and bad token"""
- PIN1 = 1234
- PIN2 = 1234
-
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate Client master secret share for MIRACL and Customer
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS2)
- self.assertEqual(rtn, 0)
-
- # Generate server secret shares
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS1, SS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_SERVER_SECRET(MS2, SS2)
- self.assertEqual(rtn, 0)
-
- # Combine server secret shares
- rtn = libmpin.MPIN_RECOMBINE_G2(SS1, SS2, SERVER_SECRET)
- self.assertEqual(rtn, 0)
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, self.HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS2, self.HASH_MPIN_ID, CS2)
- self.assertEqual(rtn, 0)
-
- # Combine client secret shares : TOKEN is the full client secret
- rtn = libmpin.MPIN_RECOMBINE_G1(CS1, CS2, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Generate Time Permit shares
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS1, self.HASH_MPIN_ID, TP1)
- self.assertEqual(rtn, 0)
- rtn = libmpin.MPIN_GET_CLIENT_PERMIT(self.date, MS2, self.HASH_MPIN_ID, TP2)
- self.assertEqual(rtn, 0)
-
- # Combine Time Permit shares
- rtn = libmpin.MPIN_RECOMBINE_G1(TP1, TP2, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Client extracts PIN from secret to create Token
- PIN1 = 1234
- rtn = libmpin.MPIN_EXTRACT_PIN(self.MPIN_ID, PIN1, TOKEN)
- self.assertEqual(rtn, 0)
-
- # Client first pass
- rtn = libmpin.MPIN_CLIENT_1(self.date, self.MPIN_ID, RNG, X, PIN2, TOKEN, SEC, U, UT, TIME_PERMIT)
- self.assertEqual(rtn, 0)
-
- # Server calculates H(ID) and H(T|H(ID))
- libmpin.MPIN_SERVER_1(self.date, self.HASH_MPIN_ID, HID, HTID)
-
- # Server generates Random number Y and sends it to Client
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, Y)
- self.assertEqual(rtn, 0)
-
- # Client second pass
- rtn = libmpin.MPIN_CLIENT_2(X, Y, SEC)
- self.assertEqual(rtn, 0)
-
- # Server second pass
- # clientSecret aka V is equal to UT to model a bad token
- rtn = libmpin.MPIN_SERVER_2(self.date, HID, HTID, Y, SERVER_SECRET, U, UT, UT, E, F)
- self.assertEqual(rtn, -19)
-
- def test_4(self):
- """test_4 Test hash function"""
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char []", HASH_BYTES)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
-
- for i in range(1, 10000):
- bytesStr = os.urandom(128)
- hash_object2 = hashlib.sha256(bytesStr)
- digest = hash_object2.hexdigest()
- MPIN_ID = ffi.new("octet*")
- MPIN_IDval = ffi.new("char [%s]" % len(bytesStr), bytesStr)
- MPIN_ID[0].val = MPIN_IDval
- MPIN_ID[0].max = len(bytesStr)
- MPIN_ID[0].len = len(bytesStr)
- libmpin.MPIN_HASH_ID(MPIN_ID, HASH_MPIN_ID)
- self.assertEqual(digest, toHex(HASH_MPIN_ID))
-
- def test_5(self):
- """test_5 Make sure all client secret are unique"""
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate master secret share
- rtn = libmpin.MPIN_RANDOM_GENERATE(RNG, MS1)
- self.assertEqual(rtn, 0)
-
- s = set()
- match = 0
- for i in range(1, 1000):
- rand_val = os.urandom(32)
- HASH_MPIN_ID = ffi.new("octet*")
- HASH_MPIN_IDval = ffi.new("char [%s]" % HASH_BYTES, rand_val)
- HASH_MPIN_ID[0].val = HASH_MPIN_IDval
- HASH_MPIN_ID[0].max = HASH_BYTES
- HASH_MPIN_ID[0].len = HASH_BYTES
-
- # Generate client secret shares
- rtn = libmpin.MPIN_GET_CLIENT_SECRET(MS1, HASH_MPIN_ID, CS1)
- self.assertEqual(rtn, 0)
- cs1Hex = toHex(CS1)
- if cs1Hex in s:
- match = 1
- self.assertEqual(match, 0)
- s.add(cs1Hex)
-
- def test_6(self):
- """test_6 Make sure all one time passwords are random i.e. they should collide"""
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- s = set()
- match = 0
- for i in range(1, 10000):
- OTP = libmpin.generateOTP(RNG)
- if OTP in s:
- # print i
- match = 1
- s.add(OTP)
- self.assertEqual(match, 1)
-
- def test_7(self):
- """test_7 Make sure all random values are random i.e. they should collide"""
- # random number generator
- RNG = ffi.new("csprng*")
- libmpin.MPIN_CREATE_CSPRNG(RNG, self.RAW)
-
- # Generate 100 byte random number
- RANDOMlen = 3
- RANDOM = ffi.new("octet*")
- RANDOMval = ffi.new("char []", RANDOMlen)
- RANDOM[0].val = RANDOMval
- RANDOM[0].max = RANDOMlen
- RANDOM[0].len = RANDOMlen
-
- s = set()
- match = 0
- for i in range(1, 10000):
- libmpin.generateRandom(RNG, RANDOM)
- random = toHex(RANDOM)
- if random in s:
- # print i
- match = 1
- s.add(random)
- self.assertEqual(match, 1)
-
- def test_8(self):
- """test_8 AES-GCM: Successful encryption and decryption"""
-
- # Generate 16 byte key
- key_val = os.urandom(PAS)
- AES_KEY = ffi.new("octet*")
- AES_KEYval = ffi.new("char [%s]" % PAS, key_val)
- AES_KEY[0].val = AES_KEYval
- AES_KEY[0].max = PAS
- AES_KEY[0].len = PAS
-
- # Generate 12 byte IV
- iv_val = os.urandom(IVL)
- IV = ffi.new("octet*")
- IVval = ffi.new("char [%s]" % IVL, iv_val)
- IV[0].val = IVval
- IV[0].max = IVL
- IV[0].len = IVL
-
- # Generate a 32 byte random header
- header_val = os.urandom(32)
- HEADER = ffi.new("octet*")
- HEADERval = ffi.new("char [%s]" % len(header_val), header_val)
- HEADER[0].val = HEADERval
- HEADER[0].max = len(header_val)
- HEADER[0].len = len(header_val)
-
- # Plaintext input
- plaintext1 = "A test message"
- PLAINTEXT1 = ffi.new("octet*")
- PLAINTEXT1val = ffi.new("char [%s]" % len(plaintext1), plaintext1)
- PLAINTEXT1[0].val = PLAINTEXT1val
- PLAINTEXT1[0].max = len(plaintext1)
- PLAINTEXT1[0].len = len(plaintext1)
- # print "Input message: %s" % ffi.string(PLAINTEXT1[0].val, PLAINTEXT1[0].len)
-
- # Ciphertext
- CIPHERTEXT = ffi.new("octet*")
- CIPHERTEXTval = ffi.new("char []", len(plaintext1))
- CIPHERTEXT[0].val = CIPHERTEXTval
- CIPHERTEXT[0].max = len(plaintext1)
-
- # 16 byte authentication tag
- TAG1 = ffi.new("octet*")
- TAG1val = ffi.new("char []", PAS)
- TAG1[0].val = TAG1val
- TAG1[0].max = PAS
-
- libmpin.MPIN_AES_GCM_ENCRYPT(AES_KEY, IV, HEADER, PLAINTEXT1, CIPHERTEXT, TAG1)
- # Plaintext output
- PLAINTEXT2 = ffi.new("octet*")
- PLAINTEXT2val = ffi.new("char []", CIPHERTEXT[0].len)
- PLAINTEXT2[0].val = PLAINTEXT2val
- PLAINTEXT2[0].max = CIPHERTEXT[0].len
- PLAINTEXT2[0].len = CIPHERTEXT[0].len
-
- # 16 byte authentication tag
- TAG2 = ffi.new("octet*")
- TAG2val = ffi.new("char []", PAS)
- TAG2[0].val = TAG2val
- TAG2[0].max = PAS
-
- libmpin.MPIN_AES_GCM_DECRYPT(AES_KEY, IV, HEADER, CIPHERTEXT, PLAINTEXT2, TAG2)
- self.assertEqual(toHex(TAG1), toHex(TAG2))
- self.assertEqual(toHex(PLAINTEXT1), toHex(PLAINTEXT2))
- # print "Output message: %s" % ffi.string(PLAINTEXT2[0].val, PLAINTEXT2[0].len)
-
- def test_9(self):
- """test_9 AES-GCM: Failed encryption and decryption by changing a ciphertext byte"""
-
- # Generate 16 byte key
- key_val = os.urandom(PAS)
- AES_KEY = ffi.new("octet*")
- AES_KEYval = ffi.new("char [%s]" % PAS, key_val)
- AES_KEY[0].val = AES_KEYval
- AES_KEY[0].max = PAS
- AES_KEY[0].len = PAS
-
- # Generate 12 byte IV
- iv_val = os.urandom(IVL)
- IV = ffi.new("octet*")
- IVval = ffi.new("char [%s]" % IVL, iv_val)
- IV[0].val = IVval
- IV[0].max = IVL
- IV[0].len = IVL
-
- # Generate a 32 byte random header
- header_val = os.urandom(32)
- HEADER = ffi.new("octet*")
- HEADERval = ffi.new("char [%s]" % len(header_val), header_val)
- HEADER[0].val = HEADERval
- HEADER[0].max = len(header_val)
- HEADER[0].len = len(header_val)
-
- # Plaintext input
- plaintext1 = "A test message"
- PLAINTEXT1 = ffi.new("octet*")
- PLAINTEXT1val = ffi.new("char [%s]" % len(plaintext1), plaintext1)
- PLAINTEXT1[0].val = PLAINTEXT1val
- PLAINTEXT1[0].max = len(plaintext1)
- PLAINTEXT1[0].len = len(plaintext1)
- # print "Input message: %s" % ffi.string(PLAINTEXT1[0].val, PLAINTEXT1[0].len)
-
- # Ciphertext
- CIPHERTEXT = ffi.new("octet*")
- CIPHERTEXTval = ffi.new("char []", len(plaintext1))
- CIPHERTEXT[0].val = CIPHERTEXTval
- CIPHERTEXT[0].max = len(plaintext1)
-
- # 16 byte authentication tag
- TAG1 = ffi.new("octet*")
- TAG1val = ffi.new("char []", PAS)
- TAG1[0].val = TAG1val
- TAG1[0].max = PAS
-
- libmpin.MPIN_AES_GCM_ENCRYPT(AES_KEY, IV, HEADER, PLAINTEXT1, CIPHERTEXT, TAG1)
-
- # Change one byte of ciphertext
- CIPHERTEXT[0].val[0] = "\xa5"
-
- # Plaintext output
- PLAINTEXT2 = ffi.new("octet*")
- PLAINTEXT2val = ffi.new("char []", CIPHERTEXT[0].len)
- PLAINTEXT2[0].val = PLAINTEXT2val
- PLAINTEXT2[0].max = CIPHERTEXT[0].len
- PLAINTEXT2[0].len = CIPHERTEXT[0].len
-
- # 16 byte authentication tag
- TAG2 = ffi.new("octet*")
- TAG2val = ffi.new("char []", PAS)
- TAG2[0].val = TAG2val
- TAG2[0].max = PAS
-
- libmpin.MPIN_AES_GCM_DECRYPT(AES_KEY, IV, HEADER, CIPHERTEXT, PLAINTEXT2, TAG2)
- self.assertNotEqual(toHex(TAG1), toHex(TAG2))
- self.assertNotEqual(toHex(PLAINTEXT1), toHex(PLAINTEXT2))
- # print "Output message: %s" % ffi.string(PLAINTEXT2[0].val, PLAINTEXT2[0].len)
-
- def test_10(self):
- """test_10 AES-GCM: Failed encryption and decryption by changing a header byte"""
-
- # Generate 16 byte key
- key_val = os.urandom(PAS)
- AES_KEY = ffi.new("octet*")
- AES_KEYval = ffi.new("char [%s]" % PAS, key_val)
- AES_KEY[0].val = AES_KEYval
- AES_KEY[0].max = PAS
- AES_KEY[0].len = PAS
-
- # Generate 12 byte IV
- iv_val = os.urandom(IVL)
- IV = ffi.new("octet*")
- IVval = ffi.new("char [%s]" % IVL, iv_val)
- IV[0].val = IVval
- IV[0].max = IVL
- IV[0].len = IVL
-
- # Generate a 32 byte random header
- header_val = os.urandom(32)
- HEADER = ffi.new("octet*")
- HEADERval = ffi.new("char [%s]" % len(header_val), header_val)
- HEADER[0].val = HEADERval
- HEADER[0].max = len(header_val)
- HEADER[0].len = len(header_val)
-
- # Plaintext input
- plaintext1 = "A test message"
- PLAINTEXT1 = ffi.new("octet*")
- PLAINTEXT1val = ffi.new("char [%s]" % len(plaintext1), plaintext1)
- PLAINTEXT1[0].val = PLAINTEXT1val
- PLAINTEXT1[0].max = len(plaintext1)
- PLAINTEXT1[0].len = len(plaintext1)
- # print "Input message: %s" % ffi.string(PLAINTEXT1[0].val, PLAINTEXT1[0].len)
-
- # Ciphertext
- CIPHERTEXT = ffi.new("octet*")
- CIPHERTEXTval = ffi.new("char []", len(plaintext1))
- CIPHERTEXT[0].val = CIPHERTEXTval
- CIPHERTEXT[0].max = len(plaintext1)
-
- # 16 byte authentication tag
- TAG1 = ffi.new("octet*")
- TAG1val = ffi.new("char []", PAS)
- TAG1[0].val = TAG1val
- TAG1[0].max = PAS
-
- libmpin.MPIN_AES_GCM_ENCRYPT(AES_KEY, IV, HEADER, PLAINTEXT1, CIPHERTEXT, TAG1)
- # Plaintext output
- PLAINTEXT2 = ffi.new("octet*")
- PLAINTEXT2val = ffi.new("char []", CIPHERTEXT[0].len)
- PLAINTEXT2[0].val = PLAINTEXT2val
- PLAINTEXT2[0].max = CIPHERTEXT[0].len
- PLAINTEXT2[0].len = CIPHERTEXT[0].len
-
- # Change one byte of header
- HEADER[0].val[0] = "\xa5"
-
- # 16 byte authentication tag
- TAG2 = ffi.new("octet*")
- TAG2val = ffi.new("char []", PAS)
- TAG2[0].val = TAG2val
- TAG2[0].max = PAS
-
- libmpin.MPIN_AES_GCM_DECRYPT(AES_KEY, IV, HEADER, CIPHERTEXT, PLAINTEXT2, TAG2)
- self.assertNotEqual(toHex(TAG1), toHex(TAG2))
- self.assertEqual(toHex(PLAINTEXT1), toHex(PLAINTEXT2))
-
-if __name__ == '__main__':
- # Run tests
- unittest.main()
[46/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/ff.c
----------------------------------------------------------------------
diff --git a/c/ff.c b/c/ff.c
deleted file mode 100755
index 684a8f3..0000000
--- a/c/ff.c
+++ /dev/null
@@ -1,1050 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL basic functions for Large Finite Field support */
-
-#include "amcl.h"
-
-#define P_MBITS MODBYTES*8
-#define P_MB (P_MBITS%BASEBITS)
-#define P_OMASK ((chunk)(-1)<<(P_MBITS%BASEBITS))
-#define P_EXCESS(a) ((a[NLEN-1]&P_OMASK)>>(P_MB))
-#define P_FEXCESS ((chunk)1<<(BASEBITS*NLEN-P_MBITS))
-#define P_TBITS (P_MBITS%BASEBITS)
-
-/* set x = x mod 2^m */
-static void BIG_mod2m(BIG x,int m)
-{
- int i,wd,bt;
- chunk msk;
-// if (m>=MODBITS) return;
- wd=m/BASEBITS;
- bt=m%BASEBITS;
- msk=((chunk)1<<bt)-1;
- x[wd]&=msk;
- for (i=wd+1;i<NLEN;i++) x[i]=0;
-}
-
-/* Arazi and Qi inversion mod 256 */
-static int invmod256(int a)
-{
- int i,m,U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
-}
-
-/* a=1/a mod 2^256. This is very fast! */
-void BIG_invmod2m(BIG a)
-{
- int i;
- BIG U,t1,b,c;
- BIG_zero(U);
- BIG_inc(U,invmod256(BIG_lastbits(a,8)));
-
- for (i=8;i<256;i<<=1)
- {
- BIG_copy(b,a); BIG_mod2m(b,i); // bottom i bits of a
- BIG_smul(t1,U,b); BIG_shr(t1,i); // top i bits of U*b
- BIG_copy(c,a); BIG_shr(c,i); BIG_mod2m(c,i); // top i bits of a
- BIG_smul(b,U,c); BIG_mod2m(b,i); // bottom i bits of U*c
- BIG_add(t1,t1,b);
- BIG_smul(b,t1,U); BIG_copy(t1,b); // (t1+b)*U
-
- BIG_mod2m(t1,i); // bottom i bits of (t1+b)*U
-
- BIG_one(b); BIG_shl(b,i); BIG_sub(t1,b,t1); BIG_norm(t1);
- BIG_shl(t1,i);
- BIG_add(U,U,t1);
- }
- BIG_copy(a,U);
-}
-
-/*
-void FF_rcopy(BIG x[],const BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_rcopy(x[i],y[i]);
-}
-*/
-
-/* x=y */
-void FF_copy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_copy(x[i],y[i]);
-}
-
-/* x=y<<n */
-static void FF_dsucopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- {
- BIG_copy(x[n+i],y[i]);
- BIG_zero(x[i]);
- }
-}
-
-/* x=y */
-static void FF_dscopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- {
- BIG_copy(x[i],y[i]);
- BIG_zero(x[n+i]);
- }
-}
-
-/* x=y>>n */
-static void FF_sducopy(BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_copy(x[i],y[n+i]);
-}
-
-/* set to zero */
-void FF_zero(BIG x[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_zero(x[i]);
-}
-
-/* test equals 0 */
-int FF_iszilch(BIG x[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- if (!BIG_iszilch(x[i])) return 0;
- return 1;
-}
-
-/* shift right by 256-bit words */
-static void FF_shrw(BIG a[],int n)
-{
- int i;
- for (i=0;i<n;i++) {BIG_copy(a[i],a[i+n]);BIG_zero(a[i+n]);}
-}
-
-/* shift left by 256-bit words */
-static void FF_shlw(BIG a[],int n)
-{
- int i;
- for (i=0;i<n;i++) {BIG_copy(a[i+n],a[i]); BIG_zero(a[i]);}
-}
-
-/* extract last bit */
-int FF_parity(BIG x[])
-{
- return BIG_parity(x[0]);
-}
-
-/* extract last m bits */
-int FF_lastbits(BIG x[],int m)
-{
- return BIG_lastbits(x[0],m);
-}
-
-/* x=1 */
-void FF_one(BIG x[],int n)
-{
- int i;
- BIG_one(x[0]);
- for (i=1;i<n;i++)
- BIG_zero(x[i]);
-}
-
-/* x=m, where m is 32-bit int */
-void FF_init(BIG x[],sign32 m,int n)
-{
- int i;
- BIG_zero(x[0]);
-#if CHUNK<64
- x[0][0]=(chunk)(m&MASK);
- x[0][1]=(chunk)(m>>BASEBITS);
-#else
- x[0][0]=(chunk)m;
-#endif
- for (i=1;i<n;i++)
- BIG_zero(x[i]);
-}
-
-/* compare x and y - must be normalised */
-int FF_comp(BIG x[],BIG y[],int n)
-{
- int i,j;
- for (i=n-1;i>=0;i--)
- {
- j=BIG_comp(x[i],y[i]);
- if (j!=0) return j;
- }
- return 0;
-}
-
-/* recursive add */
-static void FF_radd(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_add(z[zp+i],x[xp+i],y[yp+i]);
-}
-
-/* recursive inc */
-static void FF_rinc(BIG z[],int zp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_add(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* recursive sub */
-static void FF_rsub(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_sub(z[zp+i],x[xp+i],y[yp+i]);
-}
-
-/* recursive dec */
-static void FF_rdec(BIG z[],int zp,BIG y[],int yp,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_sub(z[zp+i],z[zp+i],y[yp+i]);
-}
-
-/* simple add */
-void FF_add(BIG z[],BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_add(z[i],x[i],y[i]);
-}
-
-/* simple sub */
-void FF_sub(BIG z[],BIG x[],BIG y[],int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_sub(z[i],x[i],y[i]);
-}
-
-/* increment/decrement by a small integer */
-void FF_inc(BIG x[],int m,int n)
-{
- BIG_inc(x[0],m);
- FF_norm(x,n);
-}
-
-void FF_dec(BIG x[],int m,int n)
-{
- BIG_dec(x[0],m);
- FF_norm(x,n);
-}
-
-/* normalise - but hold any overflow in top part unless n<0 */
-static void FF_rnorm(BIG z[],int zp,int n)
-{
- int i,trunc=0;
- chunk carry;
- if (n<0)
- { /* -v n signals to do truncation */
- n=-n;
- trunc=1;
- }
- for (i=0;i<n-1;i++)
- {
- carry=BIG_norm(z[zp+i]);
- z[zp+i][NLEN-1]^=carry<<P_TBITS; /* remove it */
- z[zp+i+1][0]+=carry;
- }
- carry=BIG_norm(z[zp+n-1]);
- if (trunc) z[zp+n-1][NLEN-1]^=carry<<P_TBITS;
-}
-
-void FF_norm(BIG z[],int n)
-{
- FF_rnorm(z,0,n);
-}
-
-/* shift left by one bit */
-void FF_shl(BIG x[],int n)
-{
- int i;
- chunk carry,delay_carry=0;
- for (i=0;i<n-1;i++)
- {
- carry=BIG_fshl(x[i],1);
- x[i][0]|=delay_carry;
- x[i][NLEN-1]^=carry<<P_TBITS;
- delay_carry=carry;
- }
- BIG_fshl(x[n-1],1);
- x[n-1][0]|=delay_carry;
-}
-
-/* shift right by one bit */
-void FF_shr(BIG x[],int n)
-{
- int i;
- chunk carry;
- for (i=n-1;i>0;i--)
- {
- carry=BIG_fshr(x[i],1);
- x[i-1][NLEN-1]|=carry<<P_TBITS;
- }
- BIG_fshr(x[0],1);
-}
-
-void FF_output(BIG x[],int n)
-{
- int i;
- FF_norm(x,n);
- for (i=n-1;i>=0;i--)
- {
- BIG_output(x[i]);// printf(" ");
- }
-}
-
-/* Convert FFs to/from octet strings */
-void FF_toOctet(octet *w,BIG x[],int n)
-{
- int i;
- w->len=n*MODBYTES;
- for (i=0;i<n;i++)
- {
- BIG_toBytes(&(w->val[(n-i-1)*MODBYTES]),x[i]);
- }
-}
-
-void FF_fromOctet(BIG x[],octet *w,int n)
-{
- int i;
- for (i=0;i<n;i++)
- {
- BIG_fromBytes(x[i],&(w->val[(n-i-1)*MODBYTES]));
- }
-}
-
-/* in-place swapping using xor - side channel resistant */
-static void FF_cswap(BIG a[],BIG b[],int d,int n)
-{
- int i;
- for (i=0;i<n;i++)
- BIG_cswap(a[i],b[i],d);
- return;
-}
-
-/* z=x*y, t is workspace */
-static void FF_karmul(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_mul(t[tp],x[xp],y[yp]);
- BIG_split(z[zp+1],z[zp],t[tp],256);
- return;
- }
-
- nd2=n/2;
- FF_radd(z,zp,x,xp,x,xp+nd2,nd2);
-#if CHUNK<64
- FF_rnorm(z,zp,nd2); /* needs this if recursion level too deep */
-#endif
- FF_radd(z,zp+nd2,y,yp,y,yp+nd2,nd2);
-#if CHUNK<64
- FF_rnorm(z,zp+nd2,nd2);
-#endif
- FF_karmul(t,tp,z,zp,z,zp+nd2,t,tp+n,nd2);
- FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_karmul(z,zp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- FF_rdec(t,tp,z,zp,n);
- FF_rdec(t,tp,z,zp+n,n);
- FF_rinc(z,zp+nd2,t,tp,n);
- FF_rnorm(z,zp,2*n);
-}
-
-static void FF_karsqr(BIG z[],int zp,BIG x[],int xp,BIG t[],int tp,int n)
-{
- int nd2;
- if (n==1)
- {
- BIG_sqr(t[tp],x[xp]);
- BIG_split(z[zp+1],z[zp],t[tp],256);
- return;
- }
- nd2=n/2;
- FF_karsqr(z,zp,x,xp,t,tp+n,nd2);
- FF_karsqr(z,zp+n,x,xp+nd2,t,tp+n,nd2);
- FF_karmul(t,tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,n);
- FF_rinc(z,zp+nd2,t,tp,n);
-
- FF_rnorm(z,zp+nd2,n); /* was FF_rnorm(z,zp,2*n) */
-}
-
-static void FF_karmul_lower(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
-{ /* Calculates Least Significant bottom half of x*y */
- int nd2;
- if (n==1)
- { /* only calculate bottom half of product */
- // BIG_mul(d,x[xp],y[yp]);
- // BIG_split(z[zp],z[zp],d,256);
- BIG_smul(z[zp],x[xp],y[yp]);
- return;
- }
- nd2=n/2;
-
- FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
- FF_karmul_lower(t,tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,nd2);
- FF_karmul_lower(t,tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- FF_rinc(z,zp+nd2,t,tp,nd2);
- FF_rnorm(z,zp+nd2,-nd2); /* truncate it */
-}
-
-static void FF_karmul_upper(BIG z[],BIG x[],BIG y[],BIG t[],int n)
-{ /* Calculates Most Significant upper half of x*y, given lower part */
- int i,nd2;
-
- nd2=n/2;
- FF_radd(z,n,x,0,x,nd2,nd2);
- FF_radd(z,n+nd2,y,0,y,nd2,nd2);
-
- FF_karmul(t,0,z,n+nd2,z,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- FF_karmul(z,n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- FF_rdec(t,0,z,n,n); /* t=t-a1b1 */
- FF_rinc(z,nd2,z,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- FF_rdec(z,nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- FF_rnorm(z,0,-n); /* a0b0 now in z - truncate it */
- FF_rdec(t,0,z,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- FF_rinc(z,nd2,t,0,n);
-
- FF_rnorm(z,nd2,n);
-}
-
-/* z=x*y */
-void FF_mul(BIG z[],BIG x[],BIG y[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN];
-#else
- BIG t[2*n];
-#endif
- FF_karmul(z,0,x,0,y,0,t,0,n);
-}
-
-/* return low part of product */
-static void FF_lmul(BIG z[],BIG x[],BIG y[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN];
-#else
- BIG t[2*n];
-#endif
- FF_karmul_lower(z,0,x,0,y,0,t,0,n);
-}
-
-/* Set b=b mod c */
-void FF_mod(BIG b[],BIG c[],int n)
-{
- int k=0;
-
- FF_norm(b,n);
- if (FF_comp(b,c,n)<0)
- return;
- do
- {
- FF_shl(c,n);
- k++;
- } while (FF_comp(b,c,n)>=0);
-
- while (k>0)
- {
- FF_shr(c,n);
- if (FF_comp(b,c,n)>=0)
- {
- FF_sub(b,b,c,n);
- FF_norm(b,n);
- }
- k--;
- }
-}
-
-/* z=x^2 */
-void FF_sqr(BIG z[],BIG x[],int n)
-{
-#ifndef C99
- BIG t[2*FFLEN];
-#else
- BIG t[2*n];
-#endif
- FF_karsqr(z,0,x,0,t,0,n);
-}
-
-/* r=t mod modulus, N is modulus, ND is Montgomery Constant */
-static void FF_reduce(BIG r[],BIG T[],BIG N[],BIG ND[],int n)
-{ /* fast karatsuba Montgomery reduction */
-#ifndef C99
- BIG t[2*FFLEN];
- BIG m[FFLEN];
-#else
- BIG t[2*n];
- BIG m[n];
-#endif
- FF_sducopy(r,T,n); /* keep top half of T */
- FF_karmul_lower(m,0,T,0,ND,0,t,0,n); /* m=T.(1/N) mod R */
-
- FF_karmul_upper(T,N,m,t,n); /* T=mN */
- FF_sducopy(m,T,n);
-
- FF_add(r,r,N,n);
- FF_sub(r,r,m,n);
- FF_norm(r,n);
-}
-
-
-/* Set r=a mod b */
-/* a is of length - 2*n */
-/* r,b is of length - n */
-void FF_dmod(BIG r[],BIG a[],BIG b[],int n)
-{
- int len,k;
-#ifndef C99
- BIG m[2*FFLEN];
- BIG x[2*FFLEN];
-#else
- BIG m[2*n];
- BIG x[2*n];
-#endif
- FF_copy(x,a,2*n);
- FF_norm(x,2*n);
- FF_dsucopy(m,b,n); k=256*n;
-
- while (k>0)
- {
- // len=2*n-((256*n-k)/256); // reduce length as numbers get smaller?
- FF_shr(m,2*n);
-
- if (FF_comp(x,m,2*n)>=0)
- {
- FF_sub(x,x,m,2*n);
- FF_norm(x,2*n);
- }
-
- k--;
- }
- FF_copy(r,x,n);
- FF_mod(r,b,n);
-}
-
-/* Set r=1/a mod p. Binary method - a<p on entry */
-
-void FF_invmodp(BIG r[],BIG a[],BIG p[],int n)
-{
-#ifndef C99
- BIG u[FFLEN],v[FFLEN],x1[FFLEN],x2[FFLEN],t[FFLEN],one[FFLEN];
-#else
- BIG u[n],v[n],x1[n],x2[n],t[n],one[n];
-#endif
- FF_copy(u,a,n);
- FF_copy(v,p,n);
- FF_one(one,n);
- FF_copy(x1,one,n);
- FF_zero(x2,n);
-
-// reduce n in here as well!
- while (FF_comp(u,one,n)!=0 && FF_comp(v,one,n)!=0)
- {
- while (FF_parity(u)==0)
- {
- FF_shr(u,n);
- if (FF_parity(x1)!=0)
- {
- FF_add(x1,p,x1,n);
- FF_norm(x1,n);
- }
- FF_shr(x1,n);
- }
- while (FF_parity(v)==0)
- {
- FF_shr(v,n);
- if (FF_parity(x2)!=0)
- {
- FF_add(x2,p,x2,n);
- FF_norm(x2,n);
- }
- FF_shr(x2,n);
- }
- if (FF_comp(u,v,n)>=0)
- {
-
- FF_sub(u,u,v,n);
- FF_norm(u,n);
- if (FF_comp(x1,x2,n)>=0) FF_sub(x1,x1,x2,n);
- else
- {
- FF_sub(t,p,x2,n);
- FF_add(x1,x1,t,n);
- }
- FF_norm(x1,n);
- }
- else
- {
- FF_sub(v,v,u,n);
- FF_norm(v,n);
- if (FF_comp(x2,x1,n)>=0) FF_sub(x2,x2,x1,n);
- else
- {
- FF_sub(t,p,x1,n);
- FF_add(x2,x2,t,n);
- }
- FF_norm(x2,n);
- }
- }
- if (FF_comp(u,one,n)==0)
- FF_copy(r,x1,n);
- else
- FF_copy(r,x2,n);
-}
-
-/* nesidue mod m */
-static void FF_nres(BIG a[],BIG m[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
-
- FF_dsucopy(d,a,n);
- FF_dmod(a,d,m,n);
-}
-
-static void FF_redc(BIG a[],BIG m[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- FF_mod(a,m,n);
- FF_dscopy(d,a,n);
- FF_reduce(a,d,m,ND,n);
- FF_mod(a,m,n);
-}
-
-/* U=1/a mod 2^m - Arazi & Qi */
-static void FF_invmod2m(BIG U[],BIG a[],int n)
-{
- int i;
-#ifndef C99
- BIG t1[FFLEN],b[FFLEN],c[FFLEN];
-#else
- BIG t1[n],b[n],c[n];
-#endif
- FF_zero(U,n);
- BIG_copy(U[0],a[0]);
- BIG_invmod2m(U[0]);
-
- for (i=1;i<n;i<<=1)
- {
- FF_copy(b,a,i);
- FF_mul(t1,U,b,i); FF_shrw(t1,i); // top half to bottom half, top half=0
-
- FF_copy(c,a,2*i); FF_shrw(c,i); // top half of c
- FF_lmul(b,U,c,i); // should set top half of b=0
- FF_add(t1,t1,b,i); FF_norm(t1,2*i);
- FF_lmul(b,t1,U,i); FF_copy(t1,b,i);
- FF_one(b,i); FF_shlw(b,i);
- FF_sub(t1,b,t1,2*i); FF_norm(t1,2*i);
- FF_shlw(t1,i);
- FF_add(U,U,t1,2*i);
- }
- FF_norm(U,n);
-}
-
-void FF_random(BIG x[],csprng *rng,int n)
-{
- int i;
- for (i=0;i<n;i++)
- {
- BIG_random(x[i],rng);
- }
-/* make sure top bit is 1 */
- while (BIG_nbits(x[n-1])<MODBYTES*8) BIG_random(x[n-1],rng);
-}
-
-/* generate random x mod p */
-void FF_randomnum(BIG x[],BIG p[],csprng *rng,int n)
-{
- int i;
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- for (i=0;i<2*n;i++)
- {
- BIG_random(d[i],rng);
- }
- FF_dmod(x,d,p,n);
-}
-
-static void FF_modmul(BIG z[],BIG x[],BIG y[],BIG p[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- chunk ex=P_EXCESS(x[n-1]);
- chunk ey=P_EXCESS(y[n-1]);
- if ((ex+1)*(ey+1)+1>=P_FEXCESS)
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d %d\n",ex,ey);
-#endif
- FF_mod(x,p,n);
- }
- FF_mul(d,x,y,n);
- FF_reduce(z,d,p,ND,n);
-}
-
-static void FF_modsqr(BIG z[],BIG x[],BIG p[],BIG ND[],int n)
-{
-#ifndef C99
- BIG d[2*FFLEN];
-#else
- BIG d[2*n];
-#endif
- chunk ex=P_EXCESS(x[n-1]);
- if ((ex+1)*(ex+1)+1>=P_FEXCESS)
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d\n",ex);
-#endif
- FF_mod(x,p,n);
- }
- FF_sqr(d,x,n);
- FF_reduce(z,d,p,ND,n);
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */
-void FF_skpow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG R0[FFLEN],R1[FFLEN],ND[FFLEN];
-#else
- BIG R0[n],R1[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_one(R0,n);
- FF_copy(R1,x,n);
- FF_nres(R0,p,n);
- FF_nres(R1,p,n);
-
- for (i=8*MODBYTES*n-1;i>=0;i--)
- {
- b=BIG_bit(e[i/256],i%256);
- FF_modmul(r,R0,R1,p,ND,n);
-
- FF_cswap(R0,R1,b,n);
- FF_modsqr(R0,R0,p,ND,n);
-
- FF_copy(R1,r,n);
- FF_cswap(R0,R1,b,n);
- }
- FF_copy(r,R0,n);
- FF_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p using side-channel resistant Montgomery Ladder, for short e */
-void FF_skspow(BIG r[],BIG x[],BIG e,BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG R0[FFLEN],R1[FFLEN],ND[FFLEN];
-#else
- BIG R0[n],R1[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
- FF_one(R0,n);
- FF_copy(R1,x,n);
- FF_nres(R0,p,n);
- FF_nres(R1,p,n);
- for (i=8*MODBYTES-1;i>=0;i--)
- {
- b=BIG_bit(e,i);
- FF_modmul(r,R0,R1,p,ND,n);
- FF_cswap(R0,R1,b,n);
- FF_modsqr(R0,R0,p,ND,n);
- FF_copy(R1,r,n);
- FF_cswap(R0,R1,b,n);
- }
- FF_copy(r,R0,n);
- FF_redc(r,p,ND,n);
-}
-
-/* raise to an integer power - right-to-left method */
-void FF_power(BIG r[],BIG x[],int e,BIG p[],int n)
-{
- int i,b,f=1;
-#ifndef C99
- BIG w[FFLEN],ND[FFLEN];
-#else
- BIG w[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
-
- FF_copy(w,x,n);
- FF_nres(w,p,n);
-
- if (e==2)
- {
- FF_modsqr(r,w,p,ND,n);
- }
- else for (;;)
- {
- if (e%2==1)
- {
- if (f) FF_copy(r,w,n);
- else FF_modmul(r,r,w,p,ND,n);
- f=0;
- }
- e>>=1;
- if (e==0) break;
- FF_modsqr(w,w,p,ND,n);
- }
-
- FF_redc(r,p,ND,n);
-}
-
-/* r=x^e mod p, faster but not side channel resistant */
-void FF_pow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
-{
- int i,b;
-#ifndef C99
- BIG w[FFLEN],ND[FFLEN];
-#else
- BIG w[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
- FF_copy(w,x,n);
- FF_one(r,n);
- FF_nres(r,p,n);
- FF_nres(w,p,n);
- for (i=8*MODBYTES*n-1;i>=0;i--)
- {
- FF_modsqr(r,r,p,ND,n);
- b=BIG_bit(e[i/256],i%256);
- if (b==1) FF_modmul(r,r,w,p,ND,n);
- }
- FF_redc(r,p,ND,n);
-}
-
-/* double exponentiation r=x^e.y^f mod p */
-void FF_pow2(BIG r[],BIG x[],BIG e,BIG y[],BIG f,BIG p[],int n)
-{
- int i,eb,fb;
-#ifndef C99
- BIG xn[FFLEN],yn[FFLEN],xy[FFLEN],ND[FFLEN];
-#else
- BIG xn[n],yn[n],xy[n],ND[n];
-#endif
- FF_invmod2m(ND,p,n);
- FF_copy(xn,x,n);
- FF_copy(yn,y,n);
- FF_nres(xn,p,n);
- FF_nres(yn,p,n);
- FF_modmul(xy,xn,yn,p,ND,n);
- FF_one(r,n);
- FF_nres(r,p,n);
-
- for (i=8*MODBYTES-1;i>=0;i--)
- {
- eb=BIG_bit(e,i);
- fb=BIG_bit(f,i);
- FF_modsqr(r,r,p,ND,n);
- if (eb==1)
- {
- if (fb==1) FF_modmul(r,r,xy,p,ND,n);
- else FF_modmul(r,r,xn,p,ND,n);
- }
- else
- {
- if (fb==1) FF_modmul(r,r,yn,p,ND,n);
- }
- }
- FF_redc(r,p,ND,n);
-}
-
-static sign32 igcd(sign32 x,sign32 y)
-{ /* integer GCD, returns GCD of x and y */
- sign32 r;
- if (y==0) return x;
- while ((r=x%y)!=0)
- x=y,y=r;
- return y;
-}
-
-/* quick and dirty check for common factor with s */
-int FF_cfactor(BIG w[],sign32 s,int n)
-{
- int r;
- sign32 g;
-#ifndef C99
- BIG x[FFLEN],y[FFLEN];
-#else
- BIG x[n],y[n];
-#endif
- FF_init(y,s,n);
- FF_copy(x,w,n);
- FF_norm(x,n);
-
-// if (FF_parity(x)==0) return 1;
- do
- {
- FF_sub(x,x,y,n);
- FF_norm(x,n);
- while (!FF_iszilch(x,n) && FF_parity(x)==0) FF_shr(x,n);
- }
- while (FF_comp(x,y,n)>0);
-#if CHUNK<32
- g=x[0][0]+((sign32)(x[0][1])<<BASEBITS);
-#else
- g=(sign32)x[0][0];
-#endif
- r=igcd(s,g);
-//printf("r= %d\n",r);
- if (r>1) return 1;
- return 0;
-}
-
-/* Miller-Rabin test for primality. Slow. */
-int FF_prime(BIG p[],csprng *rng,int n)
-{
- int i,j,loop,s=0;
-#ifndef C99
- BIG d[FFLEN],x[FFLEN],unity[FFLEN],nm1[FFLEN];
-#else
- BIG d[n],x[n],unity[n],nm1[n];
-#endif
- sign32 sf=4849845;/* 3*5*.. *19 */
-
- FF_norm(p,n);
- if (FF_cfactor(p,sf,n)) return 0;
-
- FF_one(unity,n);
- FF_sub(nm1,p,unity,n);
- FF_norm(nm1,n);
- FF_copy(d,nm1,n);
-
- while (FF_parity(d)==0)
- {
- FF_shr(d,n);
- s++;
- }
- if (s==0) return 0;
-
- for (i=0;i<10;i++)
- {
- FF_randomnum(x,p,rng,n);
- FF_pow(x,x,d,p,n);
- if (FF_comp(x,unity,n)==0 || FF_comp(x,nm1,n)==0) continue;
- loop=0;
- for (j=1;j<s;j++)
- {
- FF_power(x,x,2,p,n);
- if (FF_comp(x,unity,n)==0) return 0;
- if (FF_comp(x,nm1,n)==0 ) {loop=1; break;}
- }
- if (loop) continue;
- return 0;
- }
- return 1;
-}
-
-/*
-BIG P[4]= {{0x1670957,0x1568CD3C,0x2595E5,0xEED4F38,0x1FC9A971,0x14EF7E62,0xA503883,0x9E1E05E,0xBF59E3},{0x1844C908,0x1B44A798,0x3A0B1E7,0xD1B5B4E,0x1836046F,0x87E94F9,0x1D34C537,0xF7183B0,0x46D07},{0x17813331,0x19E28A90,0x1473A4D6,0x1CACD01F,0x1EEA8838,0xAF2AE29,0x1F85292A,0x1632585E,0xD945E5},{0x919F5EF,0x1567B39F,0x19F6AD11,0x16CE47CF,0x9B36EB1,0x35B7D3,0x483B28C,0xCBEFA27,0xB5FC21}};
-
-int main()
-{
- int i;
- BIG p[4],e[4],x[4],r[4];
- csprng rng;
- char raw[100];
- for (i=0;i<100;i++) raw[i]=i;
- RAND_seed(&rng,100,raw);
-
-
- FF_init(x,3,4);
-
- FF_copy(p,P,4);
- FF_copy(e,p,4);
- FF_dec(e,1,4);
- FF_norm(e,4);
-
-
-
- printf("p= ");FF_output(p,4); printf("\n");
- if (FF_prime(p,&rng,4)) printf("p is a prime\n");
- printf("e= ");FF_output(e,4); printf("\n");
-
- FF_skpow(r,x,e,p,4);
- printf("r= ");FF_output(r,4); printf("\n");
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/fp.c
----------------------------------------------------------------------
diff --git a/c/fp.c b/c/fp.c
deleted file mode 100755
index aa858cc..0000000
--- a/c/fp.c
+++ /dev/null
@@ -1,559 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL mod p functions */
-/* Small Finite Field arithmetic */
-/* SU=m, SU is Stack Usage (NOT_SPECIAL Modulus) */
-
-#include "amcl.h"
-
-/* Fast Modular Reduction Methods */
-
-/* r=d mod m */
-/* d MUST be normalised */
-/* Products must be less than pR in all cases !!! */
-/* So when multiplying two numbers, their product *must* be less than MODBITS+BASEBITS*NLEN */
-/* Results *may* be one bit bigger than MODBITS */
-
-#if MODTYPE == PSEUDO_MERSENNE
-/* r=d mod m */
-
-void FP_nres(BIG a) {}
-
-void FP_redc(BIG a) {}
-
-/* reduce a DBIG to a BIG exploiting the special form of the modulus */
-void FP_mod(BIG r,DBIG d)
-{
- BIG t,b,m;
- chunk v,tw;
- BIG_split(t,b,d,MODBITS);
-
-/* Note that all of the excess gets pushed into t. So if squaring a value with a 4-bit excess, this results in
- t getting all 8 bits of the excess product! So products must be less than pR which is Montgomery compatible */
-
- if (MConst < NEXCESS)
- {
- BIG_imul(t,t,MConst);
-
- BIG_norm(t);
- tw=t[NLEN-1];
- t[NLEN-1]&=TMASK;
- t[0]+=MConst*((tw>>TBITS));
- }
- else
- {
- v=BIG_pmul(t,t,MConst);
- tw=t[NLEN-1];
- t[NLEN-1]&=TMASK;
-#if CHUNK == 16
- t[1]+=muladd(MConst,((tw>>TBITS)+(v<<(BASEBITS-TBITS))),0,&t[0]);
-#else
- t[0]+=MConst*((tw>>TBITS)+(v<<(BASEBITS-TBITS)));
-#endif
- }
- BIG_add(r,t,b);
- BIG_norm(r);
-}
-#endif
-
-#if MODTYPE == MONTGOMERY_FRIENDLY
-
-/* convert to Montgomery n-residue form */
-void FP_nres(BIG a)
-{
- DBIG d;
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_dscopy(d,a);
- BIG_dshl(d,NLEN*BASEBITS);
- BIG_dmod(a,d,m);
-}
-
-/* convert back to regular form */
-void FP_redc(BIG a)
-{
- DBIG d;
- BIG_dzero(d);
- BIG_dscopy(d,a);
- FP_mod(a,d);
-}
-
-/* fast modular reduction from DBIG to BIG exploiting special form of the modulus */
-void FP_mod(BIG a,DBIG d)
-{
- int i;
- chunk k;
-
- for (i=0;i<NLEN;i++)
- d[NLEN+i]+=muladd(d[i],MConst-1,d[i],&d[NLEN+i-1]);
-
- BIG_sducopy(a,d);
- BIG_norm(a);
-}
-
-#endif
-
-#if MODTYPE == NOT_SPECIAL
-
-/* convert BIG a to Montgomery n-residue form */
-/* SU= 120 */
-void FP_nres(BIG a)
-{
- DBIG d;
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_dscopy(d,a);
- BIG_dshl(d,NLEN*BASEBITS);
- BIG_dmod(a,d,m);
-}
-
-/* SU= 80 */
-/* convert back to regular form */
-void FP_redc(BIG a)
-{
- DBIG d;
- BIG_dzero(d);
- BIG_dscopy(d,a);
- FP_mod(a,d);
-}
-
-/* reduce a DBIG to a BIG using Montgomery's no trial division method */
-/* d is expected to be dnormed before entry */
-/* SU= 112 */
-void FP_mod(BIG a,DBIG d)
-{
- int i,j;
- chunk m,carry;
- BIG md;
-
-#ifdef dchunk
- dchunk sum;
- chunk sp;
-#endif
-
- BIG_rcopy(md,Modulus);
-
-#ifdef COMBA
-
-/* Faster to Combafy it.. Let the compiler unroll the loops! */
-
- sum=d[0];
- for (j=0;j<NLEN;j++)
- {
- for (i=0;i<j;i++) sum+=(dchunk)d[i]*md[j-i];
- if (MConst==-1) sp=(-(chunk)sum)&MASK;
- else
- {
- if (MConst==1) sp=((chunk)sum)&MASK;
- else sp=((chunk)sum*MConst)&MASK;
- }
- d[j]=sp; sum+=(dchunk)sp*md[0]; /* no need for &MASK here! */
- sum=d[j+1]+(sum>>BASEBITS);
- }
-
- for (j=NLEN;j<DNLEN-2;j++)
- {
- for (i=j-NLEN+1;i<NLEN;i++) sum+=(dchunk)d[i]*md[j-i];
- d[j]=(chunk)sum&MASK;
- sum=d[j+1]+(sum>>BASEBITS);
- }
-
- sum+=(dchunk)d[NLEN-1]*md[NLEN-1];
- d[DNLEN-2]=(chunk)sum&MASK;
- sum=d[DNLEN-1]+(sum>>BASEBITS);
- d[DNLEN-1]=(chunk)sum&MASK;
-
- BIG_sducopy(a,d);
- BIG_norm(a);
-
-#else
- for (i=0;i<NLEN;i++)
- {
- if (MConst==-1) m=(-d[i])&MASK;
- else
- {
- if (MConst==1) m=d[i];
- else m=(MConst*d[i])&MASK;
- }
- carry=0;
- for (j=0;j<NLEN;j++)
- carry=muladd(m,md[j],carry,&d[i+j]);
- d[NLEN+i]+=carry;
- }
- BIG_sducopy(a,d);
- BIG_norm(a);
-
-#endif
-}
-
-#endif
-
-/* test x==0 ? */
-/* SU= 48 */
-int FP_iszilch(BIG x)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_mod(x,m);
- return BIG_iszilch(x);
-}
-
-/* output FP */
-/* SU= 48 */
-void FP_output(BIG r)
-{
- BIG c;
- BIG_copy(c,r);
- FP_redc(c);
- BIG_output(c);
-}
-
-void FP_rawoutput(BIG r)
-{
- BIG_rawoutput(r);
-}
-
-#ifdef GET_STATS
-int tsqr=0,rsqr=0,tmul=0,rmul=0;
-int tadd=0,radd=0,tneg=0,rneg=0;
-int tdadd=0,rdadd=0,tdneg=0,rdneg=0;
-#endif
-
-/* r=a*b mod Modulus */
-/* product must be less that p.R - and we need to know this in advance! */
-/* SU= 88 */
-void FP_mul(BIG r,BIG a,BIG b)
-{
- DBIG d;
- chunk ea=EXCESS(a);
- chunk eb=EXCESS(b);
- if ((ea+1)*(eb+1)+1>=FEXCESS)
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d %d\n",ea,eb);
-#endif
- FP_reduce(a); /* it is sufficient to fully reduce just one of them < p */
-#ifdef GET_STATS
- rmul++;
- }
- tmul++;
-#else
- }
-#endif
-
- BIG_mul(d,a,b);
- FP_mod(r,d);
-}
-
-/* multiplication by an integer, r=a*c */
-/* SU= 136 */
-void FP_imul(BIG r,BIG a,int c)
-{
- DBIG d;
- BIG m;
- int s=0;
- chunk afx;
- BIG_norm(a);
- if (c<0)
- {
- c=-c;
- s=1;
- }
- afx=(EXCESS(a)+1)*(c+1)+1;
- if (c<NEXCESS && afx<FEXCESS)
- BIG_imul(r,a,c);
- else
- {
- if (afx<FEXCESS)
- {
- BIG_pmul(r,a,c);
- }
- else
- {
- BIG_rcopy(m,Modulus);
- BIG_pxmul(d,a,c);
- BIG_dmod(r,d,m);
- }
- }
- if (s) FP_neg(r,r);
- BIG_norm(r);
-}
-
-/* Set r=a^2 mod m */
-/* SU= 88 */
-void FP_sqr(BIG r,BIG a)
-{
- DBIG d;
- chunk ea=EXCESS(a);
- if ((ea+1)*(ea+1)+1>=FEXCESS)
- {
-#ifdef DEBUG_REDUCE
- printf("Product too large - reducing it %d\n",ea);
-#endif
- FP_reduce(a);
-#ifdef GET_STATS
- rsqr++;
- }
- tsqr++;
-#else
- }
-#endif
- BIG_sqr(d,a);
- FP_mod(r,d);
-}
-
-/* SU= 16 */
-/* Set r=a+b */
-void FP_add(BIG r,BIG a,BIG b)
-{
- BIG_add(r,a,b);
- if (EXCESS(r)+2>=FEXCESS) /* +2 because a and b not normalised */
- {
-#ifdef DEBUG_REDUCE
- printf("Sum too large - reducing it %d\n",EXCESS(r));
-#endif
- FP_reduce(r);
-#ifdef GET_STATS
- radd++;
- }
- tadd++;
-#else
- }
-#endif
-}
-
-/* Set r=a-b mod m */
-/* SU= 56 */
-void FP_sub(BIG r,BIG a,BIG b)
-{
- BIG n;
- FP_neg(n,b);
- FP_add(r,a,n);
-}
-
-/* SU= 48 */
-/* Fully reduce a mod Modulus */
-void FP_reduce(BIG a)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_mod(a,m);
-}
-
-/* Set r=-a mod Modulus */
-/* SU= 64 */
-void FP_neg(BIG r,BIG a)
-{
- int sb;
- chunk ov;
- BIG m,t;
-
- BIG_rcopy(m,Modulus);
- BIG_norm(a);
-
- ov=EXCESS(a);
- sb=1; while(ov!=0) {sb++;ov>>=1;} /* only unpredictable branch */
-
- BIG_fshl(m,sb);
- BIG_sub(r,m,a);
-
- if (EXCESS(r)>=FEXCESS)
- {
-#ifdef DEBUG_REDUCE
- printf("Negation too large - reducing it %d\n",EXCESS(r));
-#endif
- FP_reduce(r);
-#ifdef GET_STATS
- rneg++;
- }
- tneg++;
-#else
- }
-#endif
-
-}
-
-/* Set r=a/2. */
-/* SU= 56 */
-void FP_div2(BIG r,BIG a)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_norm(a);
- if (BIG_parity(a)==0)
- {
- BIG_copy(r,a);
- BIG_fshr(r,1);
- }
- else
- {
- BIG_add(r,a,m);
- BIG_norm(r);
- BIG_fshr(r,1);
- }
-}
-
-/* set w=1/x */
-void FP_inv(BIG w,BIG x)
-{
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_copy(w,x);
- FP_redc(w);
-
- BIG_invmodp(w,w,m);
- FP_nres(w);
-}
-
-/* SU=8 */
-/* set n=1 */
-void FP_one(BIG n)
-{
- BIG_one(n); FP_nres(n);
-}
-
-/* Set r=a^b mod Modulus */
-/* SU= 136 */
-void FP_pow(BIG r,BIG a,BIG b)
-{
- BIG w,z,zilch;
- int bt;
- BIG_zero(zilch);
-
- BIG_norm(b);
- BIG_copy(z,b);
- BIG_copy(w,a);
- FP_one(r);
- while(1)
- {
- bt=BIG_parity(z);
- BIG_fshr(z,1);
- if (bt) FP_mul(r,r,w);
- if (BIG_comp(z,zilch)==0) break;
- FP_sqr(w,w);
- }
- FP_reduce(r);
-}
-
-/* is r a QR? */
-int FP_qr(BIG r)
-{
- int j;
- BIG m;
- BIG_rcopy(m,Modulus);
- FP_redc(r);
- j=BIG_jacobi(r,m);
- FP_nres(r);
- if (j==1) return 1;
- return 0;
-
-}
-
-/* Set a=sqrt(b) mod Modulus */
-/* SU= 160 */
-void FP_sqrt(BIG r,BIG a)
-{
- BIG v,i,b;
- BIG m;
- BIG_rcopy(m,Modulus);
- BIG_mod(a,m);
- BIG_copy(b,m);
- if (MOD8==5)
- {
- BIG_dec(b,5); BIG_norm(b); BIG_fshr(b,3); /* (p-5)/8 */
- BIG_copy(i,a); BIG_fshl(i,1);
- FP_pow(v,i,b);
- FP_mul(i,i,v); FP_mul(i,i,v);
- BIG_dec(i,1);
- FP_mul(r,a,v); FP_mul(r,r,i);
- BIG_mod(r,m);
- }
- if (MOD8==3 || MOD8==7)
- {
- BIG_inc(b,1); BIG_norm(b); BIG_fshr(b,2); /* (p+1)/4 */
- FP_pow(r,a,b);
- }
-}
-
-/*
-int main()
-{
-
- BIG r;
-
- FP_one(r);
- FP_sqr(r,r);
-
- BIG_output(r);
-
- int i,carry;
- DBIG c={0,0,0,0,0,0,0,0};
- BIG a={1,2,3,4};
- BIG b={3,4,5,6};
- BIG r={11,12,13,14};
- BIG s={23,24,25,15};
- BIG w;
-
-// printf("NEXCESS= %d\n",NEXCESS);
-// printf("MConst= %d\n",MConst);
-
- BIG_copy(b,Modulus);
- BIG_dec(b,1);
- BIG_norm(b);
-
- BIG_randomnum(r); BIG_norm(r); BIG_mod(r,Modulus);
-// BIG_randomnum(s); norm(s); BIG_mod(s,Modulus);
-
-// BIG_output(r);
-// BIG_output(s);
-
- BIG_output(r);
- FP_nres(r);
- BIG_output(r);
- BIG_copy(a,r);
- FP_redc(r);
- BIG_output(r);
- BIG_dscopy(c,a);
- FP_mod(r,c);
- BIG_output(r);
-
-
-// exit(0);
-
-// copy(r,a);
- printf("r= "); BIG_output(r);
- BIG_modsqr(r,r,Modulus);
- printf("r^2= "); BIG_output(r);
-
- FP_nres(r);
- FP_sqrt(r,r);
- FP_redc(r);
- printf("r= "); BIG_output(r);
- BIG_modsqr(r,r,Modulus);
- printf("r^2= "); BIG_output(r);
-
-
-// for (i=0;i<100000;i++) FP_sqr(r,r);
-// for (i=0;i<100000;i++)
- FP_sqrt(r,r);
-
- BIG_output(r);
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/fp12.c
----------------------------------------------------------------------
diff --git a/c/fp12.c b/c/fp12.c
deleted file mode 100755
index 51f41cc..0000000
--- a/c/fp12.c
+++ /dev/null
@@ -1,688 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-#include "amcl.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP12_iszilch(FP12 *x)
-{
- if (FP4_iszilch(&(x->a)) && FP4_iszilch(&(x->b)) && FP4_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP12_isunity(FP12 *x)
-{
- if (FP4_isunity(&(x->a)) && FP4_iszilch(&(x->b)) && FP4_iszilch(&(x->c))) return 1;
- return 0;
-}
-
-/* FP12 copy w=x */
-/* SU= 16 */
-void FP12_copy(FP12 *w,FP12 *x)
-{
- if (x==w) return;
- FP4_copy(&(w->a),&(x->a));
- FP4_copy(&(w->b),&(x->b));
- FP4_copy(&(w->c),&(x->c));
-}
-
-/* FP12 w=1 */
-/* SU= 8 */
-void FP12_one(FP12 *w)
-{
- FP4_one(&(w->a));
- FP4_zero(&(w->b));
- FP4_zero(&(w->c));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP12_equals(FP12 *x,FP12 *y)
-{
- if (FP4_equals(&(x->a),&(y->a)) && FP4_equals(&(x->b),&(y->b)) && FP4_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* Set w=conj(x) */
-/* SU= 8 */
-void FP12_conj(FP12 *w,FP12 *x)
-{
- FP12_copy(w,x);
- FP4_conj(&(w->a),&(w->a));
- FP4_nconj(&(w->b),&(w->b));
- FP4_conj(&(w->c),&(w->c));
-}
-
-/* Create FP12 from FP4 */
-/* SU= 8 */
-void FP12_from_FP4(FP12 *w,FP4 *a)
-{
- FP4_copy(&(w->a),a);
- FP4_zero(&(w->b));
- FP4_zero(&(w->c));
-}
-
-/* Create FP12 from 3 FP4's */
-/* SU= 16 */
-void FP12_from_FP4s(FP12 *w,FP4 *a,FP4 *b,FP4 *c)
-{
- FP4_copy(&(w->a),a);
- FP4_copy(&(w->b),b);
- FP4_copy(&(w->c),c);
-}
-
-/* Granger-Scott Unitary Squaring. This does not benefit from lazy reduction */
-/* SU= 600 */
-void FP12_usqr(FP12 *w,FP12 *x)
-{
- FP4 A,B,C,D;
-
- FP4_copy(&A,&(x->a));
-
- FP4_sqr(&(w->a),&(x->a));
- FP4_add(&D,&(w->a),&(w->a));
- FP4_add(&(w->a),&D,&(w->a));
-
-#if CHUNK<64
- FP4_norm(&(w->a));
-#endif
-
- FP4_nconj(&A,&A);
-
- FP4_add(&A,&A,&A);
- FP4_add(&(w->a),&(w->a),&A);
- FP4_sqr(&B,&(x->c));
- FP4_times_i(&B);
-
- FP4_add(&D,&B,&B);
- FP4_add(&B,&B,&D);
-#if CHUNK<64
- FP4_norm(&B);
-#endif
- FP4_sqr(&C,&(x->b));
-
- FP4_add(&D,&C,&C);
- FP4_add(&C,&C,&D);
-
-#if CHUNK<64
- FP4_norm(&C);
-#endif
- FP4_conj(&(w->b),&(x->b));
- FP4_add(&(w->b),&(w->b),&(w->b));
- FP4_nconj(&(w->c),&(x->c));
-
- FP4_add(&(w->c),&(w->c),&(w->c));
- FP4_add(&(w->b),&B,&(w->b));
- FP4_add(&(w->c),&C,&(w->c));
- FP12_reduce(w); /* reduce here as in pow function repeated squarings would trigger multiple reductions */
-
-}
-
-/* FP12 squaring w=x^2 */
-/* SU= 600 */
-void FP12_sqr(FP12 *w,FP12 *x)
-{
-/* Use Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-
- FP4 A,B,C,D;
-
- FP4_sqr(&A,&(x->a));
- FP4_mul(&B,&(x->b),&(x->c));
- FP4_add(&B,&B,&B);
- FP4_sqr(&C,&(x->c));
- FP4_mul(&D,&(x->a),&(x->b));
- FP4_add(&D,&D,&D);
- FP4_add(&(w->c),&(x->a),&(x->c));
- FP4_add(&(w->c),&(x->b),&(w->c));
-
- FP4_sqr(&(w->c),&(w->c));
-
- FP4_copy(&(w->a),&A);
-
- FP4_add(&A,&A,&B);
-#if CHUNK<64
- FP4_norm(&A);
-#endif
- FP4_add(&A,&A,&C);
- FP4_add(&A,&A,&D);
-#if CHUNK<64
- FP4_norm(&A);
-#endif
- FP4_neg(&A,&A);
- FP4_times_i(&B);
- FP4_times_i(&C);
-
- FP4_add(&(w->a),&(w->a),&B);
- FP4_add(&(w->b),&C,&D);
- FP4_add(&(w->c),&(w->c),&A);
-
- FP12_norm(w);
-}
-
-/* FP12 full multiplication w=w*y */
-
-
-/* SU= 896 */
-/* FP12 full multiplication w=w*y */
-void FP12_mul(FP12 *w,FP12 *y)
-{
- FP4 z0,z1,z2,z3,t0,t1;
-
- FP4_mul(&z0,&(w->a),&(y->a));
- FP4_mul(&z2,&(w->b),&(y->b)); //
-
- FP4_add(&t0,&(w->a),&(w->b));
- FP4_add(&t1,&(y->a),&(y->b)); //
- FP4_mul(&z1,&t0,&t1);
- FP4_add(&t0,&(w->b),&(w->c));
-
- FP4_add(&t1,&(y->b),&(y->c)); //
- FP4_mul(&z3,&t0,&t1);
-
- FP4_neg(&t0,&z0);
- FP4_neg(&t1,&z2);
-
- FP4_add(&z1,&z1,&t0); // z1=z1-z0
-#if CHUNK<64
- FP4_norm(&z1);
-#endif
- FP4_add(&(w->b),&z1,&t1);
-// z1=z1-z2
- FP4_add(&z3,&z3,&t1); // z3=z3-z2
- FP4_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP4_add(&t0,&(w->a),&(w->c));
-
- FP4_add(&t1,&(y->a),&(y->c));
- FP4_mul(&t0,&t1,&t0);
- FP4_add(&z2,&z2,&t0);
-
- FP4_mul(&t0,&(w->c),&(y->c));
- FP4_neg(&t1,&t0);
-#if CHUNK<64
- FP4_norm(&z2);
- FP4_norm(&z3);
- FP4_norm(&(w->b));
-#endif
- FP4_add(&(w->c),&z2,&t1);
- FP4_add(&z3,&z3,&t1);
- FP4_times_i(&t0);
- FP4_add(&(w->b),&(w->b),&t0);
-
- FP4_times_i(&z3);
- FP4_add(&(w->a),&z0,&z3);
-
- FP12_norm(w);
-}
-
-/* FP12 multiplication w=w*y */
-/* SU= 744 */
-/* catering for special case that arises from special form of ATE pairing line function */
-void FP12_smul(FP12 *w,FP12 *y)
-{
- FP4 z0,z2,z3,t0,t1;
-
- FP4_copy(&z3,&(w->b));
- FP4_mul(&z0,&(w->a),&(y->a));
- FP4_pmul(&z2,&(w->b),&(y->b).a);
- FP4_add(&(w->b),&(w->a),&(w->b));
- FP4_copy(&t1,&(y->a));
- FP2_add(&t1.a,&t1.a,&(y->b).a);
-
- FP4_mul(&(w->b),&(w->b),&t1);
- FP4_add(&z3,&z3,&(w->c));
- FP4_pmul(&z3,&z3,&(y->b).a);
- FP4_neg(&t0,&z0);
- FP4_neg(&t1,&z2);
-
- FP4_add(&(w->b),&(w->b),&t0); // z1=z1-z0
-#if CHUNK<64
- FP4_norm(&(w->b));
-#endif
- FP4_add(&(w->b),&(w->b),&t1); // z1=z1-z2
-
- FP4_add(&z3,&z3,&t1); // z3=z3-z2
- FP4_add(&z2,&z2,&t0); // z2=z2-z0
-
- FP4_add(&t0,&(w->a),&(w->c));
-
- FP4_mul(&t0,&(y->a),&t0);
- FP4_add(&(w->c),&z2,&t0);
-
- FP4_times_i(&z3);
- FP4_add(&(w->a),&z0,&z3);
-
- FP12_norm(w);
-}
-
-/* Set w=1/x */
-/* SU= 600 */
-void FP12_inv(FP12 *w,FP12 *x)
-{
- FP4 f0,f1,f2,f3;
- FP12_norm(x);
-
- FP4_sqr(&f0,&(x->a));
- FP4_mul(&f1,&(x->b),&(x->c));
- FP4_times_i(&f1);
- FP4_sub(&f0,&f0,&f1); /* y.a */
-
- FP4_sqr(&f1,&(x->c));
- FP4_times_i(&f1);
- FP4_mul(&f2,&(x->a),&(x->b));
- FP4_sub(&f1,&f1,&f2); /* y.b */
-
- FP4_sqr(&f2,&(x->b));
- FP4_mul(&f3,&(x->a),&(x->c));
- FP4_sub(&f2,&f2,&f3); /* y.c */
-
- FP4_mul(&f3,&(x->b),&f2);
- FP4_times_i(&f3);
- FP4_mul(&(w->a),&f0,&(x->a));
- FP4_add(&f3,&(w->a),&f3);
- FP4_mul(&(w->c),&f1,&(x->c));
- FP4_times_i(&(w->c));
-
- FP4_add(&f3,&(w->c),&f3);
- FP4_inv(&f3,&f3);
-
- FP4_mul(&(w->a),&f0,&f3);
- FP4_mul(&(w->b),&f1,&f3);
- FP4_mul(&(w->c),&f2,&f3);
-
-}
-
-/* constant time powering by small integer of max length bts */
-
-void FP12_pinpow(FP12 *r,int e,int bts)
-{
- int i,b;
- FP12 R[2];
-
- FP12_one(&R[0]);
- FP12_copy(&R[1],r);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- FP12_mul(&R[1-b],&R[b]);
- FP12_usqr(&R[b],&R[b]);
- }
- FP12_copy(r,&R[0]);
-}
-
-/* SU= 528 */
-/* set r=a^b */
-/* Note this is simple square and multiply, so not side-channel safe */
-
-void FP12_pow(FP12 *r,FP12 *a,BIG b)
-{
- FP12 w;
- BIG z,zilch;
- int bt;
- BIG_zero(zilch);
- BIG_norm(b);
- BIG_copy(z,b);
- FP12_copy(&w,a);
- FP12_one(r);
-
- while(1)
- {
- bt=BIG_parity(z);
- BIG_shr(z,1);
- if (bt)
- FP12_mul(r,&w);
- if (BIG_comp(z,zilch)==0) break;
- FP12_usqr(&w,&w);
- }
-
- FP12_reduce(r);
-}
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
-void FP12_pow4(FP12 *p,FP12 *q,BIG u[4])
-{
- int i,j,a[4],nb,m;
- FP12 g[8],c,s[2];
- BIG t[4],mt;
- sign8 w[NLEN*BASEBITS+1];
-
- for (i=0;i<4;i++)
- BIG_copy(t[i],u[i]);
-
- FP12_copy(&g[0],&q[0]); FP12_conj(&s[0],&q[1]); FP12_mul(&g[0],&s[0]); /* P/Q */
- FP12_copy(&g[1],&g[0]);
- FP12_copy(&g[2],&g[0]);
- FP12_copy(&g[3],&g[0]);
- FP12_copy(&g[4],&q[0]); FP12_mul(&g[4],&q[1]); /* P*Q */
- FP12_copy(&g[5],&g[4]);
- FP12_copy(&g[6],&g[4]);
- FP12_copy(&g[7],&g[4]);
-
- FP12_copy(&s[1],&q[2]); FP12_conj(&s[0],&q[3]); FP12_mul(&s[1],&s[0]); /* R/S */
- FP12_conj(&s[0],&s[1]); FP12_mul(&g[1],&s[0]);
- FP12_mul(&g[2],&s[1]);
- FP12_mul(&g[5],&s[0]);
- FP12_mul(&g[6],&s[1]);
- FP12_copy(&s[1],&q[2]); FP12_mul(&s[1],&q[3]); /* R*S */
- FP12_conj(&s[0],&s[1]); FP12_mul(&g[0],&s[0]);
- FP12_mul(&g[3],&s[1]);
- FP12_mul(&g[4],&s[0]);
- FP12_mul(&g[7],&s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
- FP12_one(&c);
-
- BIG_zero(mt);
- for (i=0;i<4;i++)
- {
- if (BIG_parity(t[i])==0)
- {
- BIG_inc(t[i],1); BIG_norm(t[i]);
- FP12_mul(&c,&q[i]);
- }
- BIG_add(mt,mt,t[i]); BIG_norm(mt);
- }
-
- FP12_conj(&c,&c);
- nb=1+BIG_nbits(mt);
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=BIG_lastbits(t[i],2)-2;
- BIG_dec(t[i],a[i]); BIG_norm(t[i]);
- BIG_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
- FP12_copy(p,&g[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- m=w[i]>>7;
- j=(w[i]^m)-m; /* j=abs(w[i]) */
- j=(j-1)/2;
- FP12_copy(&s[0],&g[j]);
- FP12_conj(&s[1],&g[j]);
- FP12_usqr(p,p);
- FP12_mul(p,&s[m&1]);
- }
- FP12_mul(p,&c); /* apply correction */
- FP12_reduce(p);
-}
-
-/* Set w=w^p using Frobenius */
-/* SU= 160 */
-void FP12_frob(FP12 *w,FP2 *f)
-{
- FP2 f2,f3;
- FP2_sqr(&f2,f); /* f2=f^2 */
- FP2_mul(&f3,&f2,f); /* f3=f^3 */
-
- FP4_frob(&(w->a),&f3);
- FP4_frob(&(w->b),&f3);
- FP4_frob(&(w->c),&f3);
-
- FP4_pmul(&(w->b),&(w->b),f);
- FP4_pmul(&(w->c),&(w->c),&f2);
-}
-
-/* SU= 8 */
-/* normalise all components of w */
-void FP12_norm(FP12 *w)
-{
- FP4_norm(&(w->a));
- FP4_norm(&(w->b));
- FP4_norm(&(w->c));
-}
-
-/* SU= 8 */
-/* reduce all components of w */
-void FP12_reduce(FP12 *w)
-{
- FP4_reduce(&(w->a));
- FP4_reduce(&(w->b));
- FP4_reduce(&(w->c));
-}
-
-/* trace function w=trace(x) */
-/* SU= 8 */
-void FP12_trace(FP4 *w,FP12 *x)
-{
- FP4_imul(w,&(x->a),3);
- FP4_reduce(w);
-}
-
-/* SU= 8 */
-/* Output w in hex */
-void FP12_output(FP12 *w)
-{
- printf("[");
- FP4_output(&(w->a));
- printf(",");
- FP4_output(&(w->b));
- printf(",");
- FP4_output(&(w->c));
- printf("]");
-}
-
-/* SU= 64 */
-/* Convert g to octet string w */
-void FP12_toOctet(octet *W,FP12 *g)
-{
- BIG a;
- W->len=12*MODBYTES;
-
- BIG_copy(a,(*g).a.a.a); FP_redc(a); BIG_toBytes(&(W->val[0]),a);
- BIG_copy(a,(*g).a.a.b); FP_redc(a); BIG_toBytes(&(W->val[MODBYTES]),a);
- BIG_copy(a,(*g).a.b.a); FP_redc(a); BIG_toBytes(&(W->val[2*MODBYTES]),a);
- BIG_copy(a,(*g).a.b.b); FP_redc(a); BIG_toBytes(&(W->val[3*MODBYTES]),a);
-
- BIG_copy(a,(*g).b.a.a); FP_redc(a); BIG_toBytes(&(W->val[4*MODBYTES]),a);
- BIG_copy(a,(*g).b.a.b); FP_redc(a); BIG_toBytes(&(W->val[5*MODBYTES]),a);
- BIG_copy(a,(*g).b.b.a); FP_redc(a); BIG_toBytes(&(W->val[6*MODBYTES]),a);
- BIG_copy(a,(*g).b.b.b); FP_redc(a); BIG_toBytes(&(W->val[7*MODBYTES]),a);
-
- BIG_copy(a,(*g).c.a.a); FP_redc(a); BIG_toBytes(&(W->val[8*MODBYTES]),a);
- BIG_copy(a,(*g).c.a.b); FP_redc(a); BIG_toBytes(&(W->val[9*MODBYTES]),a);
- BIG_copy(a,(*g).c.b.a); FP_redc(a); BIG_toBytes(&(W->val[10*MODBYTES]),a);
- BIG_copy(a,(*g).c.b.b); FP_redc(a); BIG_toBytes(&(W->val[11*MODBYTES]),a);
-}
-
-/* SU= 24 */
-/* Restore g from octet string w */
-void FP12_fromOctet(FP12 *g,octet *W)
-{
- BIG_fromBytes((*g).a.a.a,&W->val[0]); FP_nres((*g).a.a.a);
- BIG_fromBytes((*g).a.a.b,&W->val[MODBYTES]); FP_nres((*g).a.a.b);
- BIG_fromBytes((*g).a.b.a,&W->val[2*MODBYTES]); FP_nres((*g).a.b.a);
- BIG_fromBytes((*g).a.b.b,&W->val[3*MODBYTES]); FP_nres((*g).a.b.b);
- BIG_fromBytes((*g).b.a.a,&W->val[4*MODBYTES]); FP_nres((*g).b.a.a);
- BIG_fromBytes((*g).b.a.b,&W->val[5*MODBYTES]); FP_nres((*g).b.a.b);
- BIG_fromBytes((*g).b.b.a,&W->val[6*MODBYTES]); FP_nres((*g).b.b.a);
- BIG_fromBytes((*g).b.b.b,&W->val[7*MODBYTES]); FP_nres((*g).b.b.b);
- BIG_fromBytes((*g).c.a.a,&W->val[8*MODBYTES]); FP_nres((*g).c.a.a);
- BIG_fromBytes((*g).c.a.b,&W->val[9*MODBYTES]); FP_nres((*g).c.a.b);
- BIG_fromBytes((*g).c.b.a,&W->val[10*MODBYTES]); FP_nres((*g).c.b.a);
- BIG_fromBytes((*g).c.b.b,&W->val[11*MODBYTES]); FP_nres((*g).c.b.b);
-}
-
-/*
-int main(){
- FP2 f,w0,w1;
- FP4 t0,t1,t2;
- FP12 w,t,lv;
- BIG a,b;
- BIG p;
-
- //Test w^(P^4) = w mod p^2
-// BIG_randomnum(a);
-// BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,1); BIG_inc(b,2); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w0,a,b);
-
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,3); BIG_inc(b,4); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w1,a,b);
-
- FP4_from_FP2s(&t0,&w0,&w1);
- FP4_reduce(&t0);
-
-// BIG_randomnum(a);
-// BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,5); BIG_inc(b,6); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w0,a,b);
-
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
-
- BIG_zero(a); BIG_zero(b); BIG_inc(a,7); BIG_inc(b,8); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w1,a,b);
-
- FP4_from_FP2s(&t1,&w0,&w1);
- FP4_reduce(&t1);
-
-// BIG_randomnum(a);
-// BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,9); BIG_inc(b,10); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w0,a,b);
-
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
- BIG_zero(a); BIG_zero(b); BIG_inc(a,11); BIG_inc(b,12); FP_nres(a); FP_nres(b);
- FP2_from_zps(&w1,a,b);
-
- FP4_from_FP2s(&t2,&w0,&w1);
- FP4_reduce(&t2);
-
- FP12_from_FP4s(&w,&t0,&t1,&t2);
-
- FP12_copy(&t,&w);
-
- printf("w= ");
- FP12_output(&w);
- printf("\n");
-
- BIG_rcopy(p,Modulus);
- //BIG_zero(p); BIG_inc(p,7);
-
- FP12_pow(&w,&w,p);
-
- printf("w^p= ");
- FP12_output(&w);
- printf("\n");
-
- FP2_gfc(&f,12);
- FP12_frob(&t,&f);
- printf("w^p= ");
- FP12_output(&t);
- printf("\n");
-
-//exit(0);
-
- FP12_pow(&w,&w,p);
- //printf("w^p^2= ");
- //FP12_output(&w);
- //printf("\n");
- FP12_pow(&w,&w,p);
- //printf("w^p^3= ");
- //FP12_output(&w);
- //printf("\n");
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- printf("w^p^6= ");
- FP12_output(&w);
- printf("\n");
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- printf("w^p^8= ");
- FP12_output(&w);
- printf("\n");
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- FP12_pow(&w,&w,p);
- printf("w^p^11= ");
- FP12_output(&w);
- printf("\n");
-
- // BIG_zero(p); BIG_inc(p,7); BIG_norm(p);
- FP12_pow(&w,&w,p);
-
- printf("w^p12= ");
- FP12_output(&w);
- printf("\n");
-//exit(0);
-
- FP12_inv(&t,&w);
- printf("1/w mod p^4 = ");
- FP12_output(&t);
- printf("\n");
-
- FP12_inv(&w,&t);
- printf("1/(1/w) mod p^4 = ");
- FP12_output(&w);
- printf("\n");
-
-
-
- FP12_inv(&lv,&w);
-//printf("w= "); FP12_output(&w); printf("\n");
- FP12_conj(&w,&w);
-//printf("w= "); FP12_output(&w); printf("\n");
-//exit(0);
- FP12_mul(&w,&w,&lv);
-//printf("w= "); FP12_output(&w); printf("\n");
- FP12_copy(&lv,&w);
- FP12_frob(&w,&f);
- FP12_frob(&w,&f);
- FP12_mul(&w,&w,&lv);
-
-//printf("w= "); FP12_output(&w); printf("\n");
-//exit(0);
-
-w.unitary=0;
-FP12_conj(&lv,&w);
- printf("rx= "); FP12_output(&lv); printf("\n");
-FP12_inv(&lv,&w);
- printf("ry= "); FP12_output(&lv); printf("\n");
-
-
- return 0;
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/fp2.c
----------------------------------------------------------------------
diff --git a/c/fp2.c b/c/fp2.c
deleted file mode 100755
index 618815b..0000000
--- a/c/fp2.c
+++ /dev/null
@@ -1,421 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^2 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-#include "amcl.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP2_iszilch(FP2 *x)
-{
- BIG m;
- FP2_reduce(x);
- if (BIG_iszilch(x->a) && BIG_iszilch(x->b)) return 1;
- return 0;
-}
-
-/* Move b to a if d=1 */
-void FP2_cmove(FP2 *f,FP2 *g,int d)
-{
- BIG_cmove(f->a,g->a,d);
- BIG_cmove(f->b,g->b,d);
-}
-
-/* test x==1 ? */
-/* SU= 48 */
-int FP2_isunity(FP2 *x)
-{
- BIG one;
- FP_one(one);
- FP2_reduce(x);
- if (BIG_comp(x->a,one)==0 && BIG_iszilch(x->b)) return 1;
- return 0;
-}
-
-/* SU= 8 */
-/* Fully reduce a and b mod Modulus */
-void FP2_reduce(FP2 *w)
-{
- FP_reduce(w->a);
- FP_reduce(w->b);
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP2_equals(FP2 *x,FP2 *y)
-{
- FP2_reduce(x); FP2_reduce(y);
- if (BIG_comp(x->a,y->a)==0 && BIG_comp(x->b,y->b)==0)
- return 1;
- return 0;
-}
-
-/* Create FP2 from two FPs */
-/* SU= 16 */
-void FP2_from_FPs(FP2 *w,BIG x,BIG y)
-{
- BIG_copy(w->a,x);
- BIG_copy(w->b,y);
-}
-
-/* Create FP2 from two BIGS */
-/* SU= 16 */
-void FP2_from_BIGs(FP2 *w,BIG x,BIG y)
-{
- BIG_copy(w->a,x);
- BIG_copy(w->b,y);
- FP_nres(w->a); FP_nres(w->b);
-}
-
-/* Create FP2 from FP */
-/* SU= 8 */
-void FP2_from_FP(FP2 *w,BIG x)
-{
- BIG_copy(w->a,x);
- BIG_zero(w->b);
-}
-
-/* Create FP2 from BIG */
-/* SU= 8 */
-void FP2_from_BIG(FP2 *w,BIG x)
-{
- BIG_copy(w->a,x); FP_nres(w->a);
- BIG_zero(w->b);
-}
-
-/* FP2 copy w=x */
-/* SU= 16 */
-void FP2_copy(FP2 *w,FP2 *x)
-{
- if (w==x) return;
- BIG_copy(w->a,x->a);
- BIG_copy(w->b,x->b);
-}
-
-/* FP2 set w=0 */
-/* SU= 8 */
-void FP2_zero(FP2 *w)
-{
- BIG_zero(w->a);
- BIG_zero(w->b);
-}
-
-/* FP2 set w=1 */
-/* SU= 48 */
-void FP2_one(FP2 *w)
-{
- BIG one;
- FP_one(one);
- FP2_from_FP(w,one);
-}
-
-/* Set w=-x */
-/* SU= 88 */
-void FP2_neg(FP2 *w,FP2 *x)
-{ /* Just one neg! */
- BIG m,t;
- FP2_norm(x);
- FP_add(m,x->a,x->b);
- FP_neg(m,m);
- BIG_norm(m);
- FP_add(t,m,x->b);
- FP_add(w->b,m,x->a);
- BIG_copy(w->a,t);
-}
-
-/* Set w=conj(x) */
-/* SU= 16 */
-void FP2_conj(FP2 *w,FP2 *x)
-{
- BIG_copy(w->a,x->a);
- FP_neg(w->b,x->b);
-}
-
-/* Set w=x+y */
-/* SU= 16 */
-void FP2_add(FP2 *w,FP2 *x,FP2 *y)
-{
- FP_add(w->a,x->a,y->a);
- FP_add(w->b,x->b,y->b);
-}
-
-/* Set w=x-y */
-/* SU= 16 */
-void FP2_sub(FP2 *w,FP2 *x,FP2 *y)
-{
- FP2 m;
- FP2_neg(&m,y);
- FP2_add(w,x,&m);
-}
-
-/* Set w=s*x, where s is FP */
-/* SU= 16 */
-void FP2_pmul(FP2 *w,FP2 *x,BIG s)
-{
- FP_mul(w->a,x->a,s);
- FP_mul(w->b,x->b,s);
-}
-
-/* SU= 16 */
-/* Set w=s*x, where s is int */
-void FP2_imul(FP2 *w,FP2 *x,int s)
-{
- FP_imul(w->a,x->a,s);
- FP_imul(w->b,x->b,s);
-}
-
-/* Set w=x^2 */
-/* SU= 128 */
-void FP2_sqr(FP2 *w,FP2 *x)
-{
- BIG w1,w3,mb;
-
- FP_mul(w3,x->a,x->b); /* norms x */
- FP_add(w1,x->a,x->b); /* w1#2 w1=2 */
- FP_neg(mb,x->b); /* mb#2 mb=1 */
- FP_add(w->a,x->a,mb); /* w2#3 w2=3 */
- FP_mul(w->a,w1,w->a); /* w->a#2 w->a=1 w1&w2=6 w1*w2=2 */
-
- FP_add(w->b,w3,w3); /* w->b#4 w->b=2 */
-
- FP2_norm(w);
-
-}
-
-
-/* Set w=x*y */
-/* SU= 168 */
-void FP2_mul(FP2 *w,FP2 *x,FP2 *y)
-{
- BIG w1,w2,w5,mw;
-
- FP_mul(w1,x->a,y->a); /* norms x */
- FP_mul(w2,x->b,y->b); /* and y */
-
- FP_add(w5,x->a,x->b);
-
- FP_add(w->b,y->a,y->b);
-
- FP_mul(w->b,w->b,w5);
- FP_add(mw,w1,w2);
- FP_neg(mw,mw);
-
- FP_add(w->b,w->b,mw);
- FP_add(mw,w1,mw);
- FP_add(w->a,w1,mw);
-
- FP2_norm(w);
-
-}
-
-/* output FP2 in hex format [a,b] */
-/* SU= 16 */
-void FP2_output(FP2 *w)
-{
- FP2_reduce(w);
- FP_redc(w->a); FP_redc(w->b);
- printf("[");BIG_output(w->a);printf(",");BIG_output(w->b);printf("]");
- FP_nres(w->a); FP_nres(w->b);
-}
-
-/* SU= 8 */
-void FP2_rawoutput(FP2 *w)
-{
- printf("[");BIG_rawoutput(w->a);printf(",");BIG_rawoutput(w->b);printf("]");
-}
-
-
-/* Set w=1/x */
-/* SU= 128 */
-void FP2_inv(FP2 *w,FP2 *x)
-{
- BIG m,w1,w2;
- BIG_rcopy(m,Modulus);
- FP2_norm(x);
- FP_sqr(w1,x->a);
- FP_sqr(w2,x->b);
- FP_add(w1,w1,w2);
-
- FP_redc(w1);
- BIG_invmodp(w1,w1,m);
- FP_nres(w1);
- FP_mul(w->a,x->a,w1);
- FP_neg(w1,w1);
- FP_mul(w->b,x->b,w1);
-// FP2_norm(w);
-}
-
-
-/* Set w=x/2 */
-/* SU= 16 */
-void FP2_div2(FP2 *w,FP2 *x)
-{
- FP_div2(w->a,x->a);
- FP_div2(w->b,x->b);
-}
-
-/* Set w*=(1+sqrt(-1)) */
-/* where X^2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
-
-/* SU= 128 */
-void FP2_mul_ip(FP2 *w)
-{
- FP2 t;
- BIG z;
-
- FP2_norm(w);
- FP2_copy(&t,w);
-
- BIG_copy(z,w->a);
- FP_neg(w->a,w->b);
- BIG_copy(w->b,z);
-
- FP2_add(w,&t,w);
- FP2_norm(w);
-}
-
-/* Set w/=(1+sqrt(-1)) */
-/* SU= 88 */
-void FP2_div_ip(FP2 *w)
-{
- FP2 t;
- FP2_norm(w);
- FP_add(t.a,w->a,w->b);
- FP_sub(t.b,w->b,w->a);
- FP2_div2(w,&t);
-}
-
-/* SU= 8 */
-/* normalise a and b components of w */
-void FP2_norm(FP2 *w)
-{
- BIG_norm(w->a);
- BIG_norm(w->b);
-}
-
-/* Set w=a^b mod m */
-/* SU= 208 */
-void FP2_pow(FP2 *r,FP2* a,BIG b)
-{
- FP2 w;
- BIG z,one,zilch;
- int bt;
-
- BIG_norm(b);
- BIG_copy(z,b);
- FP2_copy(&w,a);
- FP_one(one);
- BIG_zero(zilch);
- FP2_from_FP(r,one);
- while(1)
- {
- bt=BIG_parity(z);
- BIG_shr(z,1);
- if (bt) FP2_mul(r,r,&w);
- if (BIG_comp(z,zilch)==0) break;
- FP2_sqr(&w,&w);
- }
- FP2_reduce(r);
-}
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if u is QR */
-
-int FP2_sqrt(FP2 *w,FP2 *u)
-{
- BIG w1,w2,q;
- FP2_copy(w,u);
- if (FP2_iszilch(w)) return 1;
-
- BIG_rcopy(q,Modulus);
- FP_sqr(w1,w->b);
- FP_sqr(w2,w->a);
- FP_add(w1,w1,w2);
- if (!FP_qr(w1))
- {
- FP2_zero(w);
- return 0;
- }
- FP_sqrt(w1,w1);
- FP_add(w2,w->a,w1);
- FP_div2(w2,w2);
- if (!FP_qr(w2))
- {
- FP_sub(w2,w->a,w1);
- FP_div2(w2,w2);
- if (!FP_qr(w2))
- {
- FP2_zero(w);
- return 0;
- }
- }
- FP_sqrt(w2,w2);
- BIG_copy(w->a,w2);
- FP_add(w2,w2,w2);
- FP_redc(w2);
- BIG_invmodp(w2,w2,q);
- FP_nres(w2);
- FP_mul(w->b,w->b,w2);
- return 1;
-}
-
-/*
-int main()
-{
- int i;
- FP2 w,z;
- BIG a,b,e;
- BIG pp1,pm1;
- BIG_unity(a); BIG_unity(b);
- FP2_from_BIGs(&w,a,b);
-// for (i=0;i<100;i++)
-// {
-// BIG_randomnum(a); BIG_randomnum(b);
-// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
-// FP2_from_FPs(&w,a,b);
-// FP2_output(&w);
-// FP2_inv(&z,&w);
-// FP2_output(&z);
-// FP2_inv(&z,&z);
-// FP2_output(&z);
-// FP2_output(&w);
-// if (FP2_comp(&w,&z)!=1) printf("error \n");
-// else printf("OK \n");
-// }
-//exit(0);
- printf("w= "); FP2_output(&w); printf("\n");
- BIG_zero(e); BIG_inc(e,27);
- FP2_pow(&w,&w,e);
- FP2_output(&w);
-exit(0);
- BIG_rcopy(pp1,Modulus);
- BIG_rcopy(pm1,Modulus);
- BIG_inc(pp1,1);
- BIG_dec(pm1,1);
- BIG_norm(pp1);
- BIG_norm(pm1);
- FP2_pow(&w,&w,pp1);
- FP2_pow(&w,&w,pm1);
- FP2_output(&w);
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/fp4.c
----------------------------------------------------------------------
diff --git a/c/fp4.c b/c/fp4.c
deleted file mode 100755
index 0dafe0d..0000000
--- a/c/fp4.c
+++ /dev/null
@@ -1,636 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^4 functions */
-/* SU=m, m is Stack Usage (no lazy )*/
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-#include "amcl.h"
-
-/* test x==0 ? */
-/* SU= 8 */
-int FP4_iszilch(FP4 *x)
-{
- if (FP2_iszilch(&(x->a)) && FP2_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test x==1 ? */
-/* SU= 8 */
-int FP4_isunity(FP4 *x)
-{
- if (FP2_isunity(&(x->a)) && FP2_iszilch(&(x->b))) return 1;
- return 0;
-}
-
-/* test is w real? That is in a+ib test b is zero */
-int FP4_isreal(FP4 *w)
-{
- return FP2_iszilch(&(w->b));
-}
-
-/* return 1 if x==y, else 0 */
-/* SU= 16 */
-int FP4_equals(FP4 *x,FP4 *y)
-{
- if (FP2_equals(&(x->a),&(y->a)) && FP2_equals(&(x->b),&(y->b)))
- return 1;
- return 0;
-}
-
-/* set FP4 from two FP2s */
-/* SU= 16 */
-void FP4_from_FP2s(FP4 *w,FP2 * x,FP2* y)
-{
- FP2_copy(&(w->a), x);
- FP2_copy(&(w->b), y);
-}
-
-/* set FP4 from FP2 */
-/* SU= 8 */
-void FP4_from_FP2(FP4 *w,FP2 *x)
-{
- FP2_copy(&(w->a), x);
- FP2_zero(&(w->b));
-}
-
-/* FP4 copy w=x */
-/* SU= 16 */
-void FP4_copy(FP4 *w,FP4 *x)
-{
- if (w==x) return;
- FP2_copy(&(w->a), &(x->a));
- FP2_copy(&(w->b), &(x->b));
-}
-
-/* FP4 w=0 */
-/* SU= 8 */
-void FP4_zero(FP4 *w)
-{
- FP2_zero(&(w->a));
- FP2_zero(&(w->b));
-}
-
-/* FP4 w=1 */
-/* SU= 8 */
-void FP4_one(FP4 *w)
-{
- FP2_one(&(w->a));
- FP2_zero(&(w->b));
-}
-
-/* Set w=-x */
-/* SU= 160 */
-void FP4_neg(FP4 *w,FP4 *x)
-{ /* Just one field neg */
- FP2 m,t;
- FP2_add(&m,&(x->a),&(x->b));
- FP2_neg(&m,&m);
- FP2_norm(&m);
- FP2_add(&t,&m,&(x->b));
- FP2_add(&(w->b),&m,&(x->a));
- FP2_copy(&(w->a),&t);
-}
-
-/* Set w=conj(x) */
-/* SU= 16 */
-void FP4_conj(FP4 *w,FP4 *x)
-{
- FP2_copy(&(w->a), &(x->a));
- FP2_neg(&(w->b), &(x->b));
- FP2_norm(&(w->b));
-}
-
-/* Set w=-conj(x) */
-/* SU= 16 */
-void FP4_nconj(FP4 *w,FP4 *x)
-{
- FP2_copy(&(w->b),&(x->b));
- FP2_neg(&(w->a), &(x->a));
- FP2_norm(&(w->a));
-}
-
-/* Set w=x+y */
-/* SU= 16 */
-void FP4_add(FP4 *w,FP4 *x,FP4 *y)
-{
- FP2_add(&(w->a), &(x->a), &(y->a));
- FP2_add(&(w->b), &(x->b), &(y->b));
-}
-
-/* Set w=x-y */
-/* SU= 160 */
-void FP4_sub(FP4 *w,FP4 *x,FP4 *y)
-{
- FP4 my;
- FP4_neg(&my, y);
- FP4_add(w, x, &my);
-
-}
-/* SU= 8 */
-/* reduce all components of w mod Modulus */
-void FP4_reduce(FP4 *w)
-{
- FP2_reduce(&(w->a));
- FP2_reduce(&(w->b));
-}
-
-/* SU= 8 */
-/* normalise all elements of w */
-void FP4_norm(FP4 *w)
-{
- FP2_norm(&(w->a));
- FP2_norm(&(w->b));
-}
-
-/* Set w=s*x, where s is FP2 */
-/* SU= 16 */
-void FP4_pmul(FP4 *w,FP4 *x,FP2 *s)
-{
- FP2_mul(&(w->a),&(x->a),s);
- FP2_mul(&(w->b),&(x->b),s);
-}
-
-/* SU= 16 */
-/* Set w=s*x, where s is int */
-void FP4_imul(FP4 *w,FP4 *x,int s)
-{
- FP2_imul(&(w->a),&(x->a),s);
- FP2_imul(&(w->b),&(x->b),s);
-}
-
-/* Set w=x^2 */
-/* SU= 232 */
-void FP4_sqr(FP4 *w,FP4 *x)
-{
- FP2 t1,t2,t3;
-
- FP2_mul(&t3,&(x->a),&(x->b)); /* norms x */
- FP2_copy(&t2,&(x->b));
- FP2_add(&t1,&(x->a),&(x->b));
- FP2_mul_ip(&t2);
-
- FP2_add(&t2,&(x->a),&t2);
-
- FP2_mul(&(w->a),&t1,&t2);
-
- FP2_copy(&t2,&t3);
- FP2_mul_ip(&t2);
-
- FP2_add(&t2,&t2,&t3);
-
- FP2_neg(&t2,&t2);
- FP2_add(&(w->a),&(w->a),&t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
- FP2_add(&(w->b),&t3,&t3); /* b=2ab */
-
- FP4_norm(w);
-}
-
-/* Set w=x*y */
-/* SU= 312 */
-void FP4_mul(FP4 *w,FP4 *x,FP4 *y)
-{
-
- FP2 t1,t2,t3,t4;
- FP2_mul(&t1,&(x->a),&(y->a)); /* norms x */
- FP2_mul(&t2,&(x->b),&(y->b)); /* and y */
- FP2_add(&t3,&(y->b),&(y->a));
- FP2_add(&t4,&(x->b),&(x->a));
-
-
- FP2_mul(&t4,&t4,&t3); /* (xa+xb)(ya+yb) */
- FP2_sub(&t4,&t4,&t1);
-#if CHUNK<64
- FP2_norm(&t4);
-#endif
- FP2_sub(&(w->b),&t4,&t2);
- FP2_mul_ip(&t2);
- FP2_add(&(w->a),&t2,&t1);
-
- FP4_norm(w);
-}
-
-/* output FP4 in format [a,b] */
-/* SU= 8 */
-void FP4_output(FP4 *w)
-{
- printf("[");
- FP2_output(&(w->a));
- printf(",");
- FP2_output(&(w->b));
- printf("]");
-}
-
-/* SU= 8 */
-void FP4_rawoutput(FP4 *w)
-{
- printf("[");
- FP2_rawoutput(&(w->a));
- printf(",");
- FP2_rawoutput(&(w->b));
- printf("]");
-}
-
-/* Set w=1/x */
-/* SU= 160 */
-void FP4_inv(FP4 *w,FP4 *x)
-{
- FP2 t1,t2;
- FP2_sqr(&t1,&(x->a));
- FP2_sqr(&t2,&(x->b));
- FP2_mul_ip(&t2);
- FP2_sub(&t1,&t1,&t2);
- FP2_inv(&t1,&t1);
- FP2_mul(&(w->a),&t1,&(x->a));
- FP2_neg(&t1,&t1);
- FP2_mul(&(w->b),&t1,&(x->b));
-}
-
-/* w*=i where i = sqrt(-1+sqrt(-1)) */
-/* SU= 200 */
-void FP4_times_i(FP4 *w)
-{
- BIG z;
- FP2 s,t;
-#if CHUNK<64
- FP4_norm(w);
-#endif
- FP2_copy(&t,&(w->b));
-
- FP2_copy(&s,&t);
-
- BIG_copy(z,s.a);
- FP_neg(s.a,s.b);
- BIG_copy(s.b,z);
-
- FP2_add(&t,&t,&s);
-#if CHUNK<64
- FP2_norm(&t);
-#endif
- FP2_copy(&(w->b),&(w->a));
- FP2_copy(&(w->a),&t);
-}
-
-/* Set w=w^p using Frobenius */
-/* SU= 16 */
-void FP4_frob(FP4 *w,FP2 *f)
-{
- FP2_conj(&(w->a),&(w->a));
- FP2_conj(&(w->b),&(w->b));
- FP2_mul( &(w->b),f,&(w->b));
-}
-
-/* Set r=a^b mod m */
-/* SU= 240 */
-void FP4_pow(FP4 *r,FP4* a,BIG b)
-{
- FP4 w;
- BIG z,zilch;
- int bt;
-
- BIG_zero(zilch);
- BIG_norm(b);
- BIG_copy(z,b);
- FP4_copy(&w,a);
- FP4_one(r);
-
- while(1)
- {
- bt=BIG_parity(z);
- BIG_shr(z,1);
- if (bt) FP4_mul(r,r,&w);
- if (BIG_comp(z,zilch)==0) break;
- FP4_sqr(&w,&w);
- }
- FP4_reduce(r);
-}
-
-/* SU= 304 */
-/* XTR xtr_a function */
-void FP4_xtr_A(FP4 *r,FP4 *w,FP4 *x,FP4 *y,FP4 *z)
-{
- FP4 t1,t2;
-
- FP4_copy(r,x);
-
- FP4_sub(&t1,w,y);
-
- FP4_pmul(&t1,&t1,&(r->a));
- FP4_add(&t2,w,y);
- FP4_pmul(&t2,&t2,&(r->b));
- FP4_times_i(&t2);
-
- FP4_add(r,&t1,&t2);
- FP4_add(r,r,z);
-
- FP4_norm(r);
-}
-
-/* SU= 152 */
-/* XTR xtr_d function */
-void FP4_xtr_D(FP4 *r,FP4 *x)
-{
- FP4 w;
- FP4_copy(r,x);
- FP4_conj(&w,r);
- FP4_add(&w,&w,&w);
- FP4_sqr(r,r);
- FP4_sub(r,r,&w);
- FP4_reduce(r); /* reduce here as multiple calls trigger automatic reductions */
-}
-
-/* SU= 728 */
-/* r=x^n using XTR method on traces of FP12s */
-void FP4_xtr_pow(FP4 *r,FP4 *x,BIG n)
-{
- int i,par,nb;
- BIG v;
- FP2 w;
- FP4 t,a,b,c;
-
- BIG_zero(v); BIG_inc(v,3);
- FP2_from_BIG(&w,v);
- FP4_from_FP2(&a,&w);
- FP4_copy(&b,x);
- FP4_xtr_D(&c,x);
-
- BIG_norm(n); par=BIG_parity(n); BIG_copy(v,n); BIG_shr(v,1);
- if (par==0) {BIG_dec(v,1); BIG_norm(v);}
-
- nb=BIG_nbits(v);
-
- for (i=nb-1;i>=0;i--)
- {
- if (!BIG_bit(v,i))
- {
- FP4_copy(&t,&b);
- FP4_conj(x,x);
- FP4_conj(&c,&c);
- FP4_xtr_A(&b,&a,&b,x,&c);
- FP4_conj(x,x);
- FP4_xtr_D(&c,&t);
- FP4_xtr_D(&a,&a);
- }
- else
- {
- FP4_conj(&t,&a);
- FP4_xtr_D(&a,&b);
- FP4_xtr_A(&b,&c,&b,x,&t);
- FP4_xtr_D(&c,&c);
- }
- }
- if (par==0) FP4_copy(r,&c);
- else FP4_copy(r,&b);
- FP4_reduce(r);
-}
-
-/* SU= 872 */
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-void FP4_xtr_pow2(FP4 *r,FP4 *ck,FP4 *cl,FP4 *ckml,FP4 *ckm2l,BIG a,BIG b)
-{
- int i,f2,nb;
- BIG d,e,w;
- FP4 t,cu,cv,cumv,cum2v;
-
- BIG_norm(a);
- BIG_norm(b);
- BIG_copy(e,a);
- BIG_copy(d,b);
- FP4_copy(&cu,ck);
- FP4_copy(&cv,cl);
- FP4_copy(&cumv,ckml);
- FP4_copy(&cum2v,ckm2l);
-
- f2=0;
- while (BIG_parity(d)==0 && BIG_parity(e)==0)
- {
- BIG_shr(d,1);
- BIG_shr(e,1);
- f2++;
- }
- while (BIG_comp(d,e)!=0)
- {
- if (BIG_comp(d,e)>0)
- {
- BIG_imul(w,e,4); BIG_norm(w);
- if (BIG_comp(d,w)<=0)
- {
- BIG_copy(w,d);
- BIG_copy(d,e);
- BIG_sub(e,w,e); BIG_norm(e);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_conj(&cum2v,&cumv);
- FP4_copy(&cumv,&cv);
- FP4_copy(&cv,&cu);
- FP4_copy(&cu,&t);
- }
- else if (BIG_parity(d)==0)
- {
- BIG_shr(d,1);
- FP4_conj(r,&cum2v);
- FP4_xtr_A(&t,&cu,&cumv,&cv,r);
- FP4_xtr_D(&cum2v,&cumv);
- FP4_copy(&cumv,&t);
- FP4_xtr_D(&cu,&cu);
- }
- else if (BIG_parity(e)==1)
- {
- BIG_sub(d,d,e); BIG_norm(d);
- BIG_shr(d,1);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_xtr_D(&cu,&cu);
- FP4_xtr_D(&cum2v,&cv);
- FP4_conj(&cum2v,&cum2v);
- FP4_copy(&cv,&t);
- }
- else
- {
- BIG_copy(w,d);
- BIG_copy(d,e); BIG_shr(d,1);
- BIG_copy(e,w);
- FP4_xtr_D(&t,&cumv);
- FP4_conj(&cumv,&cum2v);
- FP4_conj(&cum2v,&t);
- FP4_xtr_D(&t,&cv);
- FP4_copy(&cv,&cu);
- FP4_copy(&cu,&t);
- }
- }
- if (BIG_comp(d,e)<0)
- {
- BIG_imul(w,d,4); BIG_norm(w);
- if (BIG_comp(e,w)<=0)
- {
- BIG_sub(e,e,d); BIG_norm(e);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_copy(&cum2v,&cumv);
- FP4_copy(&cumv,&cu);
- FP4_copy(&cu,&t);
- }
- else if (BIG_parity(e)==0)
- {
- BIG_copy(w,d);
- BIG_copy(d,e); BIG_shr(d,1);
- BIG_copy(e,w);
- FP4_xtr_D(&t,&cumv);
- FP4_conj(&cumv,&cum2v);
- FP4_conj(&cum2v,&t);
- FP4_xtr_D(&t,&cv);
- FP4_copy(&cv,&cu);
- FP4_copy(&cu,&t);
- }
- else if (BIG_parity(d)==1)
- {
- BIG_copy(w,e);
- BIG_copy(e,d);
- BIG_sub(w,w,d); BIG_norm(w);
- BIG_copy(d,w); BIG_shr(d,1);
- FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
- FP4_conj(&cumv,&cumv);
- FP4_xtr_D(&cum2v,&cu);
- FP4_conj(&cum2v,&cum2v);
- FP4_xtr_D(&cu,&cv);
- FP4_copy(&cv,&t);
- }
- else
- {
- BIG_shr(d,1);
- FP4_conj(r,&cum2v);
- FP4_xtr_A(&t,&cu,&cumv,&cv,r);
- FP4_xtr_D(&cum2v,&cumv);
- FP4_copy(&cumv,&t);
- FP4_xtr_D(&cu,&cu);
- }
- }
- }
- FP4_xtr_A(r,&cu,&cv,&cumv,&cum2v);
- for (i=0;i<f2;i++) FP4_xtr_D(r,r);
- FP4_xtr_pow(r,r,d);
-}
-/*
-int main(){
- FP2 w0,w1,f;
- FP4 w,t;
- FP4 c1,c2,c3,c4,cr;
- BIG a,b;
- BIG e,e1,e2;
- BIG p,md;
-
-
- BIG_rcopy(md,Modulus);
- //Test w^(P^4) = w mod p^2
- BIG_zero(a); BIG_inc(a,27);
- BIG_zero(b); BIG_inc(b,45);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,33);
- BIG_zero(b); BIG_inc(b,54);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&w,&w0,&w1);
- FP4_reduce(&w);
-
- printf("w= ");
- FP4_output(&w);
- printf("\n");
-
-
- FP4_copy(&t,&w);
-
-
- BIG_copy(p,md);
- FP4_pow(&w,&w,p);
-
- printf("w^p= ");
- FP4_output(&w);
- printf("\n");
-//exit(0);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- FP4_frob(&t,&f);
- printf("w^p= ");
- FP4_output(&t);
- printf("\n");
-
- FP4_pow(&w,&w,p);
- FP4_pow(&w,&w,p);
- FP4_pow(&w,&w,p);
- printf("w^p4= ");
- FP4_output(&w);
- printf("\n");
-
-// Test 1/(1/x) = x mod p^4
- FP4_from_FP2s(&w,&w0,&w1);
- printf("Test Inversion \nw= ");
- FP4_output(&w);
- printf("\n");
-
- FP4_inv(&w,&w);
- printf("1/w mod p^4 = ");
- FP4_output(&w);
- printf("\n");
-
- FP4_inv(&w,&w);
- printf("1/(1/w) mod p^4 = ");
- FP4_output(&w);
- printf("\n");
-
- BIG_zero(e); BIG_inc(e,12);
-
-
-
- // FP4_xtr_A(&w,&t,&w,&t,&t);
- FP4_xtr_pow(&w,&w,e);
-
- printf("w^e= ");
- FP4_output(&w);
- printf("\n");
-
-
- BIG_zero(a); BIG_inc(a,37);
- BIG_zero(b); BIG_inc(b,17);
- FP2_from_BIGs(&w0,a,b);
-
- BIG_zero(a); BIG_inc(a,49);
- BIG_zero(b); BIG_inc(b,31);
- FP2_from_BIGs(&w1,a,b);
-
- FP4_from_FP2s(&c1,&w0,&w1);
- FP4_from_FP2s(&c2,&w0,&w1);
- FP4_from_FP2s(&c3,&w0,&w1);
- FP4_from_FP2s(&c4,&w0,&w1);
-
- BIG_zero(e1); BIG_inc(e1,3331);
- BIG_zero(e2); BIG_inc(e2,3372);
-
- FP4_xtr_pow2(&w,&c1,&w,&c2,&c3,e1,e2);
-
- printf("c^e= ");
- FP4_output(&w);
- printf("\n");
-
-
- return 0;
-}
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/gcm.c
----------------------------------------------------------------------
diff --git a/c/gcm.c b/c/gcm.c
deleted file mode 100755
index c36b3fb..0000000
--- a/c/gcm.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-/* SU=m, m is Stack Usage */
-
-#include <stdlib.h>
-#include <string.h>
-#include "amcl.h"
-
-#define NB 4
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{ /* pack bytes into a 32-bit Word */
- return ((unsign32)b[0]<<24)|((unsign32)b[1]<<16)|((unsign32)b[2]<<8)|(unsign32)b[3];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{ /* unpack bytes from a word */
- b[3]=MR_TOBYTE(a);
- b[2]=MR_TOBYTE(a>>8);
- b[1]=MR_TOBYTE(a>>16);
- b[0]=MR_TOBYTE(a>>24);
-}
-
-static void precompute(gcm *g,uchar *H)
-{ /* precompute small 2k bytes gf2m table of x^n.H */
- int i,j;
- unsign32 *last,*next,b;
-
- for (i=j=0;i<NB;i++,j+=4) g->table[0][i]=pack((uchar *)&H[j]);
-
- for (i=1;i<128;i++)
- {
- next=g->table[i]; last=g->table[i-1]; b=0;
- for (j=0;j<NB;j++) {next[j]=b|(last[j])>>1; b=last[j]<<31;}
- if (b) next[0]^=0xE1000000; /* irreducible polynomial */
- }
-}
-
-/* SU= 32 */
-static void gf2mul(gcm *g)
-{ /* gf2m mul - Z=H*X mod 2^128 */
- int i,j,m,k;
- unsign32 P[4];
- uchar b;
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8; m=0;
- for (i=0;i<128;i++)
- {
- b=(g->stateX[m]>>(--j))&1;
- if (b) for (k=0;k<NB;k++) P[k]^=g->table[i][k];
- if (j==0)
- {
- j=8; m++;
- if (m==16) break;
- }
- }
- for (i=j=0;i<NB;i++,j+=4) unpack(P[i],(uchar *)&g->stateX[j]);
-}
-
-/* SU= 32 */
-static void GCM_wrap(gcm *g)
-{ /* Finish off GHASH */
- int i,j;
- unsign32 F[4];
- uchar L[16];
-
-/* convert lengths from bytes to bits */
- F[0]=(g->lenA[0]<<3)|(g->lenA[1]&0xE0000000)>>29;
- F[1]=g->lenA[1]<<3;
- F[2]=(g->lenC[0]<<3)|(g->lenC[1]&0xE0000000)>>29;
- F[3]=g->lenC[1]<<3;
- for (i=j=0;i<NB;i++,j+=4) unpack(F[i],(uchar *)&L[j]);
-
- for (i=0;i<16;i++) g->stateX[i]^=L[i];
- gf2mul(g);
-}
-
-static int GCM_ghash(gcm *g,char *plain,int len)
-{
- int i,j=0;
- unsign32 counter;
- uchar B[16];
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- g->stateX[i]^=plain[j++];
- g->lenC[1]++; if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 48 */
-/* Initialize GCM mode */
-void GCM_init(gcm* g,char *key,int niv,char *iv)
-{ /* iv size niv is usually 12 bytes (96 bits). AES key is 16 bytes */
- int i;
- uchar H[16];
- for (i=0;i<16;i++) {H[i]=0; g->stateX[i]=0;}
-
- AES_init(&(g->a),ECB,key,iv);
- AES_ecb_encrypt(&(g->a),H); /* E(K,0) */
- precompute(g,H);
-
- g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
- if (niv==12)
- {
- for (i=0;i<12;i++) g->a.f[i]=iv[i];
- unpack((unsign32)1,(uchar *)&(g->a.f[12])); /* initialise IV */
- for (i=0;i<16;i++) g->Y_0[i]=g->a.f[i];
- }
- else
- {
- g->status=GCM_ACCEPTING_CIPHER;
- GCM_ghash(g,iv,niv); /* GHASH(H,0,IV) */
- GCM_wrap(g);
- for (i=0;i<16;i++) {g->a.f[i]=g->stateX[i];g->Y_0[i]=g->a.f[i];g->stateX[i]=0;}
- g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
- }
- g->status=GCM_ACCEPTING_HEADER;
-}
-
-/* SU= 24 */
-/* Add Header data - included but not encrypted */
-int GCM_add_header(gcm* g,char *header,int len)
-{ /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- int i,j=0;
- if (g->status!=GCM_ACCEPTING_HEADER) return 0;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- g->stateX[i]^=header[j++];
- g->lenA[1]++; if (g->lenA[1]==0) g->lenA[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_ACCEPTING_CIPHER;
- return 1;
-}
-
-/* SU= 48 */
-/* Add Plaintext - included and encrypted */
-int GCM_add_plain(gcm *g,char *cipher,char *plain,int len)
-{ /* Add plaintext to extract ciphertext, len is length of plaintext. */
- int i,j=0;
- unsign32 counter;
- uchar B[16];
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- counter=pack((uchar *)&(g->a.f[12]));
- counter++;
- unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
- for (i=0;i<16;i++) B[i]=g->a.f[i];
- AES_ecb_encrypt(&(g->a),B); /* encrypt it */
-
- for (i=0;i<16 && j<len;i++)
- {
- cipher[j]=plain[j]^B[i];
- g->stateX[i]^=cipher[j++];
- g->lenC[1]++; if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 48 */
-/* Add Ciphertext - decrypts to plaintext */
-int GCM_add_cipher(gcm *g,char *plain,char *cipher,int len)
-{ /* Add ciphertext to extract plaintext, len is length of ciphertext. */
- int i,j=0;
- unsign32 counter;
- uchar B[16];
- if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
- if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
-
- while (j<len)
- {
- counter=pack((uchar *)&(g->a.f[12]));
- counter++;
- unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
- for (i=0;i<16;i++) B[i]=g->a.f[i];
- AES_ecb_encrypt(&(g->a),B); /* encrypt it */
- for (i=0;i<16 && j<len;i++)
- {
- plain[j]=cipher[j]^B[i];
- g->stateX[i]^=cipher[j++];
- g->lenC[1]++; if (g->lenC[1]==0) g->lenC[0]++;
- }
- gf2mul(g);
- }
- if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
- return 1;
-}
-
-/* SU= 16 */
-/* Finish and extract Tag */
-void GCM_finish(gcm *g,char *tag)
-{ /* Finish off GHASH and extract tag (MAC) */
- int i;
-
- GCM_wrap(g);
-
-/* extract tag */
- if (tag!=NULL)
- {
- AES_ecb_encrypt(&(g->a),g->Y_0); /* E(K,Y0) */
- for (i=0;i<16;i++) g->Y_0[i]^=g->stateX[i];
- for (i=0;i<16;i++) {tag[i]=g->Y_0[i];g->Y_0[i]=g->stateX[i]=0;}
- }
- g->status=GCM_FINISHED;
- AES_end(&(g->a));
-}
-
-
-// Compile with
-// gcc -O2 amcl_gcm.c amcl_aes.c -o amcl_gcm.exe
-/* SU= 16
-*/
-/*
-static void hex2bytes(char *hex,char *bin)
-{
- int i;
- char v;
- int len=strlen(hex);
- for (i = 0; i < len/2; i++) {
- char c = hex[2*i];
- if (c >= '0' && c <= '9') {
- v = c - '0';
- } else if (c >= 'A' && c <= 'F') {
- v = c - 'A' + 10;
- } else if (c >= 'a' && c <= 'f') {
- v = c - 'a' + 10;
- } else {
- v = 0;
- }
- v <<= 4;
- c = hex[2*i + 1];
- if (c >= '0' && c <= '9') {
- v += c - '0';
- } else if (c >= 'A' && c <= 'F') {
- v += c - 'A' + 10;
- } else if (c >= 'a' && c <= 'f') {
- v += c - 'a' + 10;
- } else {
- v = 0;
- }
- bin[i] = v;
- }
-}
-*/
-/*
-int main()
-{
- int i;
-
- char* KT="feffe9928665731c6d6a8f9467308308";
- char* MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- char* HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
-// char* NT="cafebabefacedbaddecaf888";
-// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
- char* NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
-
- int len=strlen(MT)/2;
- int lenH=strlen(HT)/2;
- int lenK=strlen(KT)/2;
- int lenIV=strlen(NT)/2;
-
- char T[16]; // Tag
- char K[16]; // AES Key
- char H[64]; // Header - to be included in Authentication, but not encrypted
- char N[100]; // IV - Initialisation vector
- char M[100]; // Plaintext to be encrypted/authenticated
- char C[100]; // Ciphertext
- char P[100]; // Recovered Plaintext
-
- gcm g;
-
- hex2bytes(MT, M);
- hex2bytes(HT, H);
- hex2bytes(NT, N);
- hex2bytes(KT, K);
-
- printf("Plaintext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)M[i]);
- printf("\n");
-
- GCM_init(&g,K,lenIV,N);
- GCM_add_header(&g,H,lenH);
- GCM_add_plain(&g,C,M,len);
- GCM_finish(&g,T);
-
- printf("Ciphertext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)C[i]);
- printf("\n");
-
- printf("Tag=\n");
- for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
- printf("\n");
-
- GCM_init(&g,K,lenIV,N);
- GCM_add_header(&g,H,lenH);
- GCM_add_cipher(&g,P,C,len);
- GCM_finish(&g,T);
-
- printf("Plaintext=\n");
- for (i=0;i<len;i++) printf("%02x",(unsigned char)P[i]);
- printf("\n");
-
- printf("Tag=\n");
- for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
- printf("\n");
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/hash.c
----------------------------------------------------------------------
diff --git a/c/hash.c b/c/hash.c
deleted file mode 100755
index 2d11437..0000000
--- a/c/hash.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256)
- *
- * Generates a 256 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only. Could/Should be speeded
- * up by unwinding loops in HASH_transform(), and assembly patches.
- */
-/* SU=m, m is Stack Usage */
-
-#include "amcl.h"
-
-#define H0 0x6A09E667L
-#define H1 0xBB67AE85L
-#define H2 0x3C6EF372L
-#define H3 0xA54FF53AL
-#define H4 0x510E527FL
-#define H5 0x9B05688CL
-#define H6 0x1F83D9ABL
-#define H7 0x5BE0CD19L
-
-static const unsign32 K[64]={
-0x428a2f98L,0x71374491L,0xb5c0fbcfL,0xe9b5dba5L,0x3956c25bL,0x59f111f1L,0x923f82a4L,0xab1c5ed5L,
-0xd807aa98L,0x12835b01L,0x243185beL,0x550c7dc3L,0x72be5d74L,0x80deb1feL,0x9bdc06a7L,0xc19bf174L,
-0xe49b69c1L,0xefbe4786L,0x0fc19dc6L,0x240ca1ccL,0x2de92c6fL,0x4a7484aaL,0x5cb0a9dcL,0x76f988daL,
-0x983e5152L,0xa831c66dL,0xb00327c8L,0xbf597fc7L,0xc6e00bf3L,0xd5a79147L,0x06ca6351L,0x14292967L,
-0x27b70a85L,0x2e1b2138L,0x4d2c6dfcL,0x53380d13L,0x650a7354L,0x766a0abbL,0x81c2c92eL,0x92722c85L,
-0xa2bfe8a1L,0xa81a664bL,0xc24b8b70L,0xc76c51a3L,0xd192e819L,0xd6990624L,0xf40e3585L,0x106aa070L,
-0x19a4c116L,0x1e376c08L,0x2748774cL,0x34b0bcb5L,0x391c0cb3L,0x4ed8aa4aL,0x5b9cca4fL,0x682e6ff3L,
-0x748f82eeL,0x78a5636fL,0x84c87814L,0x8cc70208L,0x90befffaL,0xa4506cebL,0xbef9a3f7L,0xc67178f2L};
-
-#define PAD 0x80
-#define ZERO 0
-
-/* functions */
-
-#define S(n,x) (((x)>>n) | ((x)<<(32-n)))
-#define R(n,x) ((x)>>n)
-
-#define Ch(x,y,z) ((x&y)^(~(x)&z))
-#define Maj(x,y,z) ((x&y)^(x&z)^(y&z))
-#define Sig0(x) (S(2,x)^S(13,x)^S(22,x))
-#define Sig1(x) (S(6,x)^S(11,x)^S(25,x))
-#define theta0(x) (S(7,x)^S(18,x)^R(3,x))
-#define theta1(x) (S(17,x)^S(19,x)^R(10,x))
-
-/* SU= 72 */
-static void HASH_transform(hash *sh)
-{ /* basic transformation step */
- unsign32 a,b,c,d,e,f,g,h,t1,t2;
- int j;
- for (j=16;j<64;j++)
- sh->w[j]=theta1(sh->w[j-2])+sh->w[j-7]+theta0(sh->w[j-15])+sh->w[j-16];
-
- a=sh->h[0]; b=sh->h[1]; c=sh->h[2]; d=sh->h[3];
- e=sh->h[4]; f=sh->h[5]; g=sh->h[6]; h=sh->h[7];
-
- for (j=0;j<64;j++)
- { /* 64 times - mush it up */
- t1=h+Sig1(e)+Ch(e,f,g)+K[j]+sh->w[j];
- t2=Sig0(a)+Maj(a,b,c);
- h=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
- }
-
- sh->h[0]+=a; sh->h[1]+=b; sh->h[2]+=c; sh->h[3]+=d;
- sh->h[4]+=e; sh->h[5]+=f; sh->h[6]+=g; sh->h[7]+=h;
-}
-
-/* Initialise Hash function */
-void HASH_init(hash *sh)
-{ /* re-initialise */
- int i;
- for (i=0;i<64;i++) sh->w[i]=0L;
- sh->length[0]=sh->length[1]=0L;
- sh->h[0]=H0;
- sh->h[1]=H1;
- sh->h[2]=H2;
- sh->h[3]=H3;
- sh->h[4]=H4;
- sh->h[5]=H5;
- sh->h[6]=H6;
- sh->h[7]=H7;
-}
-
-/* process a single byte */
-void HASH_process(hash *sh,int byte)
-{ /* process the next message byte */
- int cnt;
-//printf("byt= %x\n",byte);
- cnt=(int)((sh->length[0]/32)%16);
-
- sh->w[cnt]<<=8;
- sh->w[cnt]|=(unsign32)(byte&0xFF);
-
- sh->length[0]+=8;
- if (sh->length[0]==0L) { sh->length[1]++; sh->length[0]=0L; }
- if ((sh->length[0]%512)==0) HASH_transform(sh);
-}
-
-/* SU= 24 */
-/* Generate 32-byte Hash */
-void HASH_hash(hash *sh,char digest[32])
-{ /* pad message and finish - supply digest */
- int i;
- unsign32 len0,len1;
- len0=sh->length[0];
- len1=sh->length[1];
- HASH_process(sh,PAD);
- while ((sh->length[0]%512)!=448) HASH_process(sh,ZERO);
- sh->w[14]=len1;
- sh->w[15]=len0;
- HASH_transform(sh);
- for (i=0;i<32;i++)
- { /* convert to bytes */
- digest[i]=(char)((sh->h[i/4]>>(8*(3-i%4))) & 0xffL);
- }
- HASH_init(sh);
-}
-
-/* test program: should produce digest */
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-
-/*
-#include <stdio.h>
-#include "amcl.h"
-
-char test[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-
-int main()
-{
- char digest[32];
- int i;
- hash sh;
- HASH_init(&sh);
- for (i=0;test[i]!=0;i++)
- HASH_process(&sh,test[i]);
-
- HASH_hash(&sh,digest);
- for (i=0;i<32;i++) printf("%02x",(unsigned char)digest[i]);
- printf("\n");
- return 0;
-}
-
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/maxstack.c
----------------------------------------------------------------------
diff --git a/c/maxstack.c b/c/maxstack.c
deleted file mode 100755
index 3eb436f..0000000
--- a/c/maxstack.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- How to determine maximum stack usage
- 1. Compile this file *with no optimization*, for example gcc -c maxstack.c
- 2. Rename your main() function to mymain()
- 3. Compile with normal level of optimization, linking to maxstack.o for example gcc maxstack.o -O3 myprogram.c -o myprogam
- 4. Execute myprogram
- 5. Program runs, at end prints out maximum stack usage
-
- Caveat Code!
- Mike Scott October 2014
-*/
-
-#include <stdio.h>
-
-#define MAXSTACK 65536 /* greater than likely stack requirement */
-
-extern void mymain();
-
-void start()
-{
- char stack[MAXSTACK];
- int i;
- for (i=0;i<MAXSTACK;i++) stack[i]=0x55;
-}
-
-void finish()
-{
- char stack[MAXSTACK];
- int i;
- for (i=0;i<MAXSTACK;i++)
- if (stack[i]!=0x55) break;
- printf("Max Stack usage = %d\n",MAXSTACK-i);
-}
-
-int main()
-{
- start();
-
- mymain();
-
- finish();
- return 0;
-}
[02/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/rsa.c
----------------------------------------------------------------------
diff --git a/version22/c/rsa.c b/version22/c/rsa.c
new file mode 100644
index 0000000..d5898bd
--- /dev/null
+++ b/version22/c/rsa.c
@@ -0,0 +1,394 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* RSA Functions - see main program below */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "rsa.h"
+
+#define ROUNDUP(a,b) ((a)-1)/(b)+1
+
+/* general purpose hash function w=hash(p|n|x|y) */
+static int hashit(int sha,octet *p,int n,octet *w)
+{
+ int i,c[4],hlen;
+ hash256 sha256;
+ hash512 sha512;
+ char hh[64];
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_init(&sha256);
+ break;
+ case SHA384:
+ HASH384_init(&sha512);
+ break;
+ case SHA512:
+ HASH512_init(&sha512);
+ break;
+ }
+
+ hlen=sha;
+
+ if (p!=NULL) for (i=0; i<p->len; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,p->val[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,p->val[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,p->val[i]);
+ break;
+ }
+ }
+ if (n>=0)
+ {
+ c[0]=(n>>24)&0xff;
+ c[1]=(n>>16)&0xff;
+ c[2]=(n>>8)&0xff;
+ c[3]=(n)&0xff;
+ for (i=0; i<4; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,c[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,c[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,c[i]);
+ break;
+ }
+ }
+ }
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_hash(&sha256,hh);
+ break;
+ case SHA384:
+ HASH384_hash(&sha512,hh);
+ break;
+ case SHA512:
+ HASH512_hash(&sha512,hh);
+ break;
+ }
+
+ OCT_empty(w);
+ OCT_jbytes(w,hh,hlen);
+ for (i=0; i<hlen; i++) hh[i]=0;
+
+ return hlen;
+}
+
+/* generate an RSA key pair */
+void RSA_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key *PRIV,rsa_public_key *PUB,octet *P, octet* Q)
+{
+ /* IEEE1363 A16.11/A16.12 more or less */
+ BIG t[HFLEN],p1[HFLEN],q1[HFLEN];
+
+ if (RNG!=NULL)
+ {
+
+ for (;;)
+ {
+
+ FF_random(PRIV->p,RNG,HFLEN);
+ while (FF_lastbits(PRIV->p,2)!=3) FF_inc(PRIV->p,1,HFLEN);
+ while (!FF_prime(PRIV->p,RNG,HFLEN))
+ FF_inc(PRIV->p,4,HFLEN);
+
+ FF_copy(p1,PRIV->p,HFLEN);
+ FF_dec(p1,1,HFLEN);
+
+ if (FF_cfactor(p1,e,HFLEN)) continue;
+ break;
+ }
+
+ for (;;)
+ {
+ FF_random(PRIV->q,RNG,HFLEN);
+ while (FF_lastbits(PRIV->q,2)!=3) FF_inc(PRIV->q,1,HFLEN);
+ while (!FF_prime(PRIV->q,RNG,HFLEN))
+ FF_inc(PRIV->q,4,HFLEN);
+
+ FF_copy(q1,PRIV->q,HFLEN);
+ FF_dec(q1,1,HFLEN);
+ if (FF_cfactor(q1,e,HFLEN)) continue;
+
+ break;
+ }
+
+ }
+ else
+ {
+ FF_fromOctet(PRIV->p,P,HFLEN);
+ FF_fromOctet(PRIV->q,Q,HFLEN);
+
+ FF_copy(p1,PRIV->p,HFLEN);
+ FF_dec(p1,1,HFLEN);
+
+ FF_copy(q1,PRIV->q,HFLEN);
+ FF_dec(q1,1,HFLEN);
+ }
+
+ FF_mul(PUB->n,PRIV->p,PRIV->q,HFLEN);
+ PUB->e=e;
+
+ FF_copy(t,p1,HFLEN);
+ FF_shr(t,HFLEN);
+ FF_init(PRIV->dp,e,HFLEN);
+ FF_invmodp(PRIV->dp,PRIV->dp,t,HFLEN);
+ if (FF_parity(PRIV->dp)==0) FF_add(PRIV->dp,PRIV->dp,t,HFLEN);
+ FF_norm(PRIV->dp,HFLEN);
+
+ FF_copy(t,q1,HFLEN);
+ FF_shr(t,HFLEN);
+ FF_init(PRIV->dq,e,HFLEN);
+ FF_invmodp(PRIV->dq,PRIV->dq,t,HFLEN);
+ if (FF_parity(PRIV->dq)==0) FF_add(PRIV->dq,PRIV->dq,t,HFLEN);
+ FF_norm(PRIV->dq,HFLEN);
+
+ FF_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN);
+
+ return;
+}
+
+/* Mask Generation Function */
+
+void MGF1(int sha,octet *z,int olen,octet *mask)
+{
+ char h[64];
+ octet H= {0,sizeof(h),h};
+ int hlen=sha;
+ int counter,cthreshold;
+
+ OCT_empty(mask);
+
+ cthreshold=ROUNDUP(olen,hlen);
+ for (counter=0; counter<cthreshold; counter++)
+ {
+ hashit(sha,z,counter,&H);
+ if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen);
+ else OCT_joctet(mask,&H);
+ }
+ OCT_clear(&H);
+}
+
+/* SHAXXX identifier strings */
+const char SHA256ID[]= {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
+const char SHA384ID[]= {0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30};
+const char SHA512ID[]= {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
+
+/* PKCS 1.5 padding of a message to be signed */
+/* NOTE: length of output encoded in w->max */
+
+int PKCS15(int sha,octet *m,octet *w)
+{
+ int olen=w->max;
+ int hlen=sha;
+ int idlen=19;
+ char h[64];
+ octet H= {0,sizeof(h),h};
+
+ if (olen<idlen+hlen+10) return 0;
+ hashit(sha,m,-1,&H);
+
+ OCT_empty(w);
+ OCT_jbyte(w,0x00,1);
+ OCT_jbyte(w,0x01,1);
+ OCT_jbyte(w,0xff,olen-idlen-hlen-3);
+ OCT_jbyte(w,0x00,1);
+
+ if (hlen==32) OCT_jbytes(w,(char *)SHA256ID,idlen);
+ if (hlen==48) OCT_jbytes(w,(char *)SHA384ID,idlen);
+ if (hlen==64) OCT_jbytes(w,(char *)SHA512ID,idlen);
+
+ OCT_joctet(w,&H);
+
+ return 1;
+}
+
+/* OAEP Message Encoding for Encryption */
+/* NOTE: length of output encoded in f->max */
+
+int OAEP_ENCODE(int sha,octet *m,csprng *RNG,octet *p,octet *f)
+{
+ int slen,olen=f->max-1;
+ int mlen=m->len;
+ int hlen,seedlen;
+ char dbmask[MAX_RSA_BYTES],seed[64];
+ octet DBMASK= {0,sizeof(dbmask),dbmask};
+ octet SEED= {0,sizeof(seed),seed};
+
+ hlen=seedlen=sha;
+ if (mlen>olen-hlen-seedlen-1) return 0;
+ if (m==f) return 0; /* must be distinct octets */
+
+ hashit(sha,p,-1,f);
+
+ slen=olen-mlen-hlen-seedlen-1;
+
+ OCT_jbyte(f,0,slen);
+ OCT_jbyte(f,0x1,1);
+ OCT_joctet(f,m);
+
+ OCT_rand(&SEED,RNG,seedlen);
+
+ MGF1(sha,&SEED,olen-seedlen,&DBMASK);
+
+ OCT_xor(&DBMASK,f);
+ MGF1(sha,&DBMASK,seedlen,f);
+
+ OCT_xor(f,&SEED);
+
+ OCT_joctet(f,&DBMASK);
+
+ OCT_pad(f,f->max);
+ OCT_clear(&SEED);
+ OCT_clear(&DBMASK);
+
+ return 1;
+}
+
+/* OAEP Message Decoding for Decryption */
+
+int OAEP_DECODE(int sha,octet *p,octet *f)
+{
+ int comp,x,t;
+ int i,k,olen=f->max-1;
+ int hlen,seedlen;
+ char dbmask[MAX_RSA_BYTES],seed[64],chash[64];
+ octet DBMASK= {0,sizeof(dbmask),dbmask};
+ octet SEED= {0,sizeof(seed),seed};
+ octet CHASH= {0,sizeof(chash),chash};
+
+ seedlen=hlen=sha;
+ if (olen<seedlen+hlen+1) return 0;
+ if (!OCT_pad(f,olen+1)) return 0;
+ hashit(sha,p,-1,&CHASH);
+
+ x=f->val[0];
+ for (i=seedlen; i<olen; i++)
+ DBMASK.val[i-seedlen]=f->val[i+1];
+ DBMASK.len=olen-seedlen;
+
+ MGF1(sha,&DBMASK,seedlen,&SEED);
+ for (i=0; i<seedlen; i++) SEED.val[i]^=f->val[i+1];
+ MGF1(sha,&SEED,olen-seedlen,f);
+ OCT_xor(&DBMASK,f);
+
+ comp=OCT_ncomp(&CHASH,&DBMASK,hlen);
+
+ OCT_shl(&DBMASK,hlen);
+
+ OCT_clear(&SEED);
+ OCT_clear(&CHASH);
+
+ for (k=0;; k++)
+ {
+ if (k>=DBMASK.len)
+ {
+ OCT_clear(&DBMASK);
+ return 0;
+ }
+ if (DBMASK.val[k]!=0) break;
+ }
+
+ t=DBMASK.val[k];
+ if (!comp || x!=0 || t!=0x01)
+ {
+ OCT_clear(&DBMASK);
+ return 0;
+ }
+
+ OCT_shl(&DBMASK,k+1);
+ OCT_copy(f,&DBMASK);
+ OCT_clear(&DBMASK);
+
+ return 1;
+}
+
+/* destroy the Private Key structure */
+void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV)
+{
+ FF_zero(PRIV->p,HFLEN);
+ FF_zero(PRIV->q,HFLEN);
+ FF_zero(PRIV->dp,HFLEN);
+ FF_zero(PRIV->dq,HFLEN);
+ FF_zero(PRIV->c,HFLEN);
+}
+
+/* RSA encryption with the public key */
+void RSA_ENCRYPT(rsa_public_key *PUB,octet *F,octet *G)
+{
+ BIG f[FFLEN];
+ FF_fromOctet(f,F,FFLEN);
+
+ FF_power(f,f,PUB->e,PUB->n,FFLEN);
+
+ FF_toOctet(G,f,FFLEN);
+}
+
+/* RSA decryption with the private key */
+void RSA_DECRYPT(rsa_private_key *PRIV,octet *G,octet *F)
+{
+ BIG g[FFLEN],t[FFLEN],jp[HFLEN],jq[HFLEN];
+
+ FF_fromOctet(g,G,FFLEN);
+
+ FF_dmod(jp,g,PRIV->p,HFLEN);
+ FF_dmod(jq,g,PRIV->q,HFLEN);
+
+ FF_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN);
+ FF_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN);
+
+
+ FF_zero(g,FFLEN);
+ FF_copy(g,jp,HFLEN);
+ FF_mod(jp,PRIV->q,HFLEN);
+ if (FF_comp(jp,jq,HFLEN)>0)
+ FF_add(jq,jq,PRIV->q,HFLEN);
+ FF_sub(jq,jq,jp,HFLEN);
+ FF_norm(jq,HFLEN);
+
+ FF_mul(t,PRIV->c,jq,HFLEN);
+ FF_dmod(jq,t,PRIV->q,HFLEN);
+
+ FF_mul(t,jq,PRIV->p,HFLEN);
+ FF_add(g,t,g,FFLEN);
+ FF_norm(g,FFLEN);
+
+ FF_toOctet(F,g,FFLEN);
+
+ return;
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/rsa.h
----------------------------------------------------------------------
diff --git a/version22/c/rsa.h b/version22/c/rsa.h
new file mode 100644
index 0000000..b2c6ea0
--- /dev/null
+++ b/version22/c/rsa.h
@@ -0,0 +1,99 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/**
+ * @file rsa.h
+ * @author Mike Scott and Kealan McCusker
+ * @date 2nd June 2015
+ * @brief RSA Header file for implementation of RSA protocol
+ *
+ * declares functions
+ *
+ */
+
+#ifndef RSA_H
+#define RSA_H
+
+#include "amcl.h"
+
+#define MAX_RSA_BYTES 512 // Maximum of 4096
+#define HASH_TYPE_RSA SHA256 /**< Chosen Hash algorithm */
+#define RFS MODBYTES*FFLEN /**< RSA Public Key Size in bytes */
+
+/* RSA Auxiliary Functions */
+
+/** @brief RSA Key Pair Generator
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param e the encryption exponent
+ @param PRIV the output RSA private key
+ @param PUB the output RSA public key
+ @param P Input prime number. Used when R is equal to NULL for testing
+ @param Q Inpuy prime number. Used when R is equal to NULL for testing
+ */
+extern void RSA_KEY_PAIR(csprng *R,sign32 e,rsa_private_key* PRIV,rsa_public_key* PUB,octet *P, octet* Q);
+/** @brief PKCS V1.5 padding of a message prior to RSA signature
+ *
+ @param h is the hash type
+ @param M is the input message
+ @param W is the output encoding, ready for RSA signature
+ @return 1 if OK, else 0
+ */
+extern int PKCS15(int h,octet *M,octet *W);
+/** @brief OAEP padding of a message prior to RSA encryption
+ *
+ @param h is the hash type
+ @param M is the input message
+ @param R is a pointer to a cryptographically secure random number generator
+ @param P are input encoding parameter string (could be NULL)
+ @param F is the output encoding, ready for RSA encryption
+ @return 1 if OK, else 0
+ */
+extern int OAEP_ENCODE(int h,octet *M,csprng *R,octet *P,octet *F);
+/** @brief OAEP unpadding of a message after RSA decryption
+ *
+ Unpadding is done in-place
+ @param h is the hash type
+ @param P are input encoding parameter string (could be NULL)
+ @param F is input padded message, unpadded on output
+ @return 1 if OK, else 0
+ */
+extern int OAEP_DECODE(int h,octet *P,octet *F);
+/** @brief RSA encryption of suitably padded plaintext
+ *
+ @param PUB the input RSA public key
+ @param F is input padded message
+ @param G is the output ciphertext
+ */
+extern void RSA_ENCRYPT(rsa_public_key* PUB,octet *F,octet *G);
+/** @brief RSA decryption of ciphertext
+ *
+ @param PRIV the input RSA private key
+ @param G is the input ciphertext
+ @param F is output plaintext (requires unpadding)
+
+ */
+extern void RSA_DECRYPT(rsa_private_key* PRIV,octet *G,octet *F);
+/** @brief Destroy an RSA private Key
+ *
+ @param PRIV the input RSA private key. Destroyed on output.
+ */
+extern void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV);
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/testecdh.c
----------------------------------------------------------------------
diff --git a/version22/c/testecdh.c b/version22/c/testecdh.c
new file mode 100644
index 0000000..31e4944
--- /dev/null
+++ b/version22/c/testecdh.c
@@ -0,0 +1,207 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "ecdh.h"
+#include "randapi.h"
+
+int ecdh(csprng *RNG)
+{
+ int i,res;
+ char *pp="M0ng00se";
+ /* These octets are automatically protected against buffer overflow attacks */
+ /* Note salt must be big enough to include an appended word */
+ /* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
+ /* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
+ char s0[2*EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],key[EAS],salt[40],pw[40];
+ octet S0= {0,sizeof(s0),s0};
+ octet S1= {0,sizeof(s1),s1};
+ octet W0= {0,sizeof(w0),w0};
+ octet W1= {0,sizeof(w1),w1};
+ octet Z0= {0,sizeof(z0),z0};
+ octet Z1= {0,sizeof(z1),z1};
+ octet KEY= {0,sizeof(key),key};
+ octet SALT= {0,sizeof(salt),salt};
+ octet PW= {0,sizeof(pw),pw};
+
+ SALT.len=8;
+ for (i=0; i<8; i++) SALT.val[i]=i+1; // set Salt
+
+ printf("Alice's Passphrase= %s\n",pp);
+
+ OCT_empty(&PW);
+ OCT_jstring(&PW,pp); // set Password from string
+
+ /* private key S0 of size EGS bytes derived from Password and Salt */
+
+ PBKDF2(HASH_TYPE_ECC,&PW,&SALT,1000,EGS,&S0);
+
+ printf("Alices private key= 0x");
+ OCT_output(&S0);
+
+ /* Generate Key pair S/W */
+
+ ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
+ printf("Alices public key= 0x");
+ OCT_output(&W0);
+
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
+ if (res!=0)
+ {
+ printf("ECP Public Key is invalid!\n");
+ return 0;
+ }
+
+ /* Random private key for other party */
+ ECP_KEY_PAIR_GENERATE(RNG,&S1,&W1);
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
+ if (res!=0)
+ {
+ printf("ECP Public Key is invalid!\n");
+ return 0;
+ }
+ printf("Servers private key= 0x");
+ OCT_output(&S1);
+ printf("Servers public key= 0x");
+ OCT_output(&W1);
+
+ /* Calculate common key using DH - IEEE 1363 method */
+
+ ECPSVDP_DH(&S0,&W1,&Z0);
+ ECPSVDP_DH(&S1,&W0,&Z1);
+
+ if (!OCT_comp(&Z0,&Z1))
+ {
+ printf("*** ECPSVDP-DH Failed\n");
+ return 0;
+ }
+
+ KDF2(HASH_TYPE_ECC,&Z0,NULL,EAS,&KEY);
+
+ printf("Alice's DH Key= 0x");
+ OCT_output(&KEY);
+ printf("Servers DH Key= 0x");
+ OCT_output(&KEY);
+
+#if CURVETYPE != MONTGOMERY
+
+ char ds[EGS],p1[30],p2[30],v[2*EFS+1],m[32],c[64],t[32],cs[EGS];
+ octet DS= {0,sizeof(ds),ds};
+ octet CS= {0,sizeof(cs),cs};
+ octet P1= {0,sizeof(p1),p1};
+ octet P2= {0,sizeof(p2),p2};
+ octet V= {0,sizeof(v),v};
+ octet M= {0,sizeof(m),m};
+ octet C= {0,sizeof(c),c};
+ octet T= {0,sizeof(t),t};
+
+ printf("Testing ECIES\n");
+
+ P1.len=3;
+ P1.val[0]=0x0;
+ P1.val[1]=0x1;
+ P1.val[2]=0x2;
+ P2.len=4;
+ P2.val[0]=0x0;
+ P2.val[1]=0x1;
+ P2.val[2]=0x2;
+ P2.val[3]=0x3;
+
+ M.len=17;
+ for (i=0; i<=16; i++) M.val[i]=i;
+
+ ECP_ECIES_ENCRYPT(HASH_TYPE_ECC,&P1,&P2,RNG,&W1,&M,12,&V,&C,&T);
+
+ printf("Ciphertext= \n");
+ printf("V= 0x");
+ OCT_output(&V);
+ printf("C= 0x");
+ OCT_output(&C);
+ printf("T= 0x");
+ OCT_output(&T);
+
+ if (!ECP_ECIES_DECRYPT(HASH_TYPE_ECC,&P1,&P2,&V,&C,&T,&S1,&M))
+ {
+ printf("*** ECIES Decryption Failed\n");
+ return 0;
+ }
+ else printf("Decryption succeeded\n");
+
+ printf("Message is 0x");
+ OCT_output(&M);
+
+
+ printf("Testing ECDSA\n");
+
+ if (ECPSP_DSA(HASH_TYPE_ECC,RNG,NULL,&S0,&M,&CS,&DS)!=0)
+ {
+ printf("***ECDSA Signature Failed\n");
+ return 0;
+ }
+
+ printf("Signature C = 0x");
+ OCT_output(&CS);
+ printf("Signature D = 0x");
+ OCT_output(&DS);
+
+ if (ECPVP_DSA(HASH_TYPE_ECC,&W0,&M,&CS,&DS)!=0)
+ {
+ printf("***ECDSA Verification Failed\n");
+ return 0;
+ }
+ else
+ {
+ printf("ECDSA Signature/Verification succeeded\n");
+ }
+
+#endif
+
+ return 0;
+}
+
+int main()
+{
+ int i;
+ unsigned long ran;
+
+ char raw[100];
+ octet RAW= {0,sizeof(raw),raw};
+ csprng RNG; /* Crypto Strong RNG */
+
+ time((time_t *)&ran);
+
+ RAW.len=100; /* fake random seed source */
+ RAW.val[0]=ran;
+ RAW.val[1]=ran>>8;
+ RAW.val[2]=ran>>16;
+ RAW.val[3]=ran>>24;
+ for (i=0; i<100; i++) RAW.val[i]=i+1;
+
+ CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
+
+ ecdh(&RNG);
+
+ KILL_CSPRNG(&RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/testmpin.c
----------------------------------------------------------------------
diff --git a/version22/c/testmpin.c b/version22/c/testmpin.c
new file mode 100644
index 0000000..f3ba165
--- /dev/null
+++ b/version22/c/testmpin.c
@@ -0,0 +1,313 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* test driver and function exerciser for MPIN Functions */
+/* Version 3.0 - supports Time Permits */
+
+/* Build executible after installation:
+
+ gcc -std=c99 -g ./testmpin.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl -lmpin -o testmpin
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "mpin.h"
+#include "randapi.h"
+
+#define PERMITS /* for time permits ON or OFF */
+#define PINERROR /* For PIN ERROR detection ON or OFF */
+#define FULL /* for M-Pin Full or M-Pin regular */
+//#define SINGLE_PASS /* SINGLE PASS M-Pin */
+
+int mpin(csprng *RNG)
+{
+ int pin,rtn,err;
+#ifdef PERMITS
+ int date=MPIN_today();
+#else
+ int date=0;
+#endif
+ char x[PGS],s[PGS],y[PGS],client_id[100],sst[4*PFS],token[2*PFS+1],sec[2*PFS+1],permit[2*PFS+1],xcid[2*PFS+1],xid[2*PFS+1],e[12*PFS],f[12*PFS];
+ char hcid[PFS],hsid[PFS],hid[2*PFS+1],htid[2*PFS+1],h[PGS];
+#ifdef FULL
+ char r[PGS],z[2*PFS+1],w[PGS],t[2*PFS+1];
+ char g1[12*PFS],g2[12*PFS];
+ char ck[PAS],sk[PAS];
+#endif
+ octet S= {0,sizeof(s),s};
+ octet X= {0,sizeof(x),x};
+ octet Y= {0,sizeof(y),y};
+ octet H= {0,sizeof(h),h};
+ octet CLIENT_ID= {0,sizeof(client_id),client_id};
+ octet SST= {0,sizeof(sst),sst};
+ octet TOKEN= {0,sizeof(token),token};
+ octet SEC= {0,sizeof(sec),sec};
+ octet PERMIT= {0,sizeof(permit),permit};
+ octet xCID= {0,sizeof(xcid),xcid};
+ octet xID= {0,sizeof(xid),xid};
+ octet HCID= {0,sizeof(hcid),hcid};
+ octet HSID= {0,sizeof(hsid),hsid};
+ octet HID= {0,sizeof(hid),hid};
+ octet HTID= {0,sizeof(htid),htid};
+ octet E= {0,sizeof(e),e};
+ octet F= {0,sizeof(f),f};
+#ifdef FULL
+ octet R= {0,sizeof(r),r};
+ octet Z= {0,sizeof(z),z};
+ octet W= {0,sizeof(w),w};
+ octet T= {0,sizeof(t),t};
+ octet G1= {0,sizeof(g1),g1};
+ octet G2= {0,sizeof(g2),g2};
+ octet SK= {0,sizeof(sk),sk};
+ octet CK= {0,sizeof(ck),ck};
+#endif
+ octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
+ char idhex[100];
+
+ /* Trusted Authority set-up */
+ MPIN_RANDOM_GENERATE(RNG,&S);
+ printf("Master Secret= ");
+ OCT_output(&S);
+
+ /* Create Client Identity */
+ OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HCID); /* Either Client or TA calculates Hash(ID) - you decide! */
+
+ printf("Client ID Hash= ");
+ OCT_output(&HCID);
+ printf("\n");
+
+ OCT_toHex(&CLIENT_ID,idhex);
+ printf("Client ID= %s\n",idhex);// OCT_toHex(&CLIENT_ID); printf("\n");
+
+ /* Client and Server are issued secrets by DTA */
+ MPIN_GET_SERVER_SECRET(&S,&SST);
+ printf("Server Secret= ");
+ OCT_output(&SST);
+
+ MPIN_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
+ printf("Client Secret= ");
+ OCT_output(&TOKEN);
+
+ /* Client extracts PIN from secret to create Token */
+ pin=1234;
+ printf("Client extracts PIN= %d\n",pin);
+ MPIN_EXTRACT_PIN(HASH_TYPE_MPIN,&CLIENT_ID,pin,&TOKEN);
+ printf("Client Token= ");
+ OCT_output(&TOKEN);
+
+#ifdef FULL
+ MPIN_PRECOMPUTE(&TOKEN,&HCID,NULL,&G1,&G2);
+#endif
+
+#ifdef PERMITS
+ /* Client gets "Time Permit" from DTA */
+ printf("Client gets Time Permit\n");
+
+ MPIN_GET_CLIENT_PERMIT(HASH_TYPE_MPIN,date,&S,&HCID,&PERMIT);
+ printf("Time Permit= ");
+ OCT_output(&PERMIT);
+
+ /* This encoding makes Time permit look random */
+ if (MPIN_ENCODING(RNG,&PERMIT)!=0) printf("Encoding error\n");
+ /* printf("Encoded Time Permit= "); OCT_output(&PERMIT); */
+ if (MPIN_DECODING(&PERMIT)!=0) printf("Decoding error\n");
+ /* printf("Decoded Time Permit= "); OCT_output(&PERMIT); */
+#endif
+
+ /* MPin Protocol */
+
+ /* Client enters PIN */
+ printf("\nPIN= ");
+ if(scanf("%d",&pin)) {};
+ /* to avoid silly compile error */
+ getchar();
+
+ /* Set date=0 and PERMIT=NULL if time permits not in use
+
+ Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
+ If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
+ Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
+
+ HSID - hashed client ID as calculated by the server
+ HCID - hashed client ID as calculated by the client
+
+ IMPORTANT: To save space and time..
+ If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
+ If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
+ If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
+
+ */
+
+ pxID=&xID;
+ pxCID=&xCID;
+ pHID=&HID;
+ pHTID=&HTID;
+ pE=&E;
+ pF=&F;
+ pPERMIT=&PERMIT;
+
+#ifdef PERMITS
+ prHID=pHTID;
+#ifndef PINERROR
+ pxID=NULL;
+// pHID=NULL; //new
+#endif
+#else
+ prHID=pHID;
+ pPERMIT=NULL;
+ pxCID=NULL;
+ pHTID=NULL;
+#endif
+#ifndef PINERROR
+ pE=NULL;
+ pF=NULL;
+#endif
+
+ /* When set only send hashed IDs to server */
+ octet *pID;
+#ifdef USE_ANONYMOUS
+ pID = &HCID;
+#else
+ pID = &CLIENT_ID;
+#endif
+
+#ifdef SINGLE_PASS
+ int timeValue;
+ printf("MPIN Single Pass\n");
+ timeValue = MPIN_GET_TIME();
+
+ rtn=MPIN_CLIENT(HASH_TYPE_MPIN,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
+
+ if (rtn != 0)
+ {
+ printf("MPIN_CLIENT ERROR %d\n", rtn);
+ return 1;
+ }
+
+#ifdef FULL
+ MPIN_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */
+#endif
+
+
+ rtn=MPIN_SERVER(HASH_TYPE_MPIN,date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,pID,NULL,timeValue);
+
+#ifdef FULL
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HSID); // new
+ MPIN_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w */
+#endif
+
+#else // SINGLE_PASS
+ printf("MPIN Multi Pass\n");
+ if (MPIN_CLIENT_1(HASH_TYPE_MPIN,date,&CLIENT_ID,RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
+ {
+ printf("Error from Client side - First Pass\n");
+ return 0;
+ }
+
+ /* Send U=x.ID to server, and recreate secret from token and pin */
+
+#ifdef FULL
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HCID);
+ MPIN_GET_G1_MULTIPLE(RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r, DH component */
+#endif
+
+ /* Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
+ MPIN_SERVER_1(HASH_TYPE_MPIN,date,pID,pHID,pHTID);
+
+ /* Server generates Random number Y and sends it to Client */
+ MPIN_RANDOM_GENERATE(RNG,&Y);
+
+#ifdef FULL
+ MPIN_HASH_ID(HASH_TYPE_MPIN,&CLIENT_ID,&HSID); //new
+ MPIN_GET_G1_MULTIPLE(RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w, DH component */
+#endif
+
+ /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
+ if (MPIN_CLIENT_2(&X,&Y,&SEC)!=0)
+ {
+ printf("Error from Client side - Second Pass\n");
+ return 1;
+ }
+
+ /* Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
+ /* If PIN error not required, set E and F = NULL */
+ rtn=MPIN_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF);
+#endif // SINGLE_PASS
+
+ if (rtn!=0)
+ {
+ printf("Server says - Bad Pin.\n");
+#ifdef PINERROR
+
+ err=MPIN_KANGAROO(&E,&F);
+ if (err) printf("(Client PIN is out by %d)\n",err);
+
+#endif
+ return 1;
+ }
+ else
+ {
+ printf("Server says - PIN is good! You really are ");
+ OCT_output_string(&CLIENT_ID);
+ printf(".\n");
+ }
+
+#ifdef FULL
+ MPIN_HASH_ALL(HASH_TYPE_MPIN,&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H); // new
+ MPIN_CLIENT_KEY(HASH_TYPE_MPIN,&G1,&G2,pin,&R,&X,&H,&T,&CK); // new H
+ printf("Client Key = ");
+ OCT_output(&CK);
+
+ MPIN_HASH_ALL(HASH_TYPE_MPIN,&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
+ MPIN_SERVER_KEY(HASH_TYPE_MPIN,&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK); // new H,pHID
+ printf("Server Key = ");
+ OCT_output(&SK);
+#endif
+ return 0;
+}
+
+int main()
+{
+ int i;
+ unsigned long ran;
+
+ char raw[100];
+ octet RAW= {0,sizeof(raw),raw};
+ csprng RNG; /* Crypto Strong RNG */
+
+ time((time_t *)&ran);
+
+ RAW.len=100; /* fake random seed source */
+ RAW.val[0]=ran;
+ RAW.val[1]=ran>>8;
+ RAW.val[2]=ran>>16;
+ RAW.val[3]=ran>>24;
+ for (i=0; i<100; i++) RAW.val[i]=i+1;
+
+ CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
+
+ mpin(&RNG);
+
+ KILL_CSPRNG(&RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/testrsa.c
----------------------------------------------------------------------
diff --git a/version22/c/testrsa.c b/version22/c/testrsa.c
new file mode 100644
index 0000000..247ba97
--- /dev/null
+++ b/version22/c/testrsa.c
@@ -0,0 +1,104 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* test driver and function exerciser for RSA API Functions */
+
+#include <stdio.h>
+#include <time.h>
+#include "rsa.h"
+#include "randapi.h"
+
+int rsa(csprng *RNG)
+{
+ char m[RFS],ml[RFS],c[RFS],e[RFS],s[RFS];
+ rsa_public_key pub;
+ rsa_private_key priv;
+
+ octet M= {0,sizeof(m),m};
+ octet ML= {0,sizeof(ml),ml};
+ octet C= {0,sizeof(c),c};
+ octet E= {0,sizeof(e),e};
+ octet S= {0,sizeof(s),s};
+
+ printf("Generating public/private key pair\n");
+ RSA_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL);
+
+ printf("Encrypting test string\n");
+ OCT_jstring(&M,(char *)"Hello World\n");
+
+ OAEP_ENCODE(HASH_TYPE_RSA,&M,RNG,NULL,&E); /* OAEP encode message m to e */
+
+ RSA_ENCRYPT(&pub,&E,&C); /* encrypt encoded message */
+ printf("Ciphertext= ");
+ OCT_output(&C);
+
+ printf("Decrypting test string\n");
+ RSA_DECRYPT(&priv,&C,&ML); /* ... and then decrypt it */
+
+ OAEP_DECODE(HASH_TYPE_RSA,NULL,&ML); /* decode it */
+ OCT_output_string(&ML);
+
+ printf("Signing message\n");
+ PKCS15(HASH_TYPE_RSA,&M,&C);
+
+ RSA_DECRYPT(&priv,&C,&S); /* create signature in S */
+
+ printf("Signature= ");
+ OCT_output(&S);
+
+ RSA_ENCRYPT(&pub,&S,&ML);
+
+ if (OCT_comp(&C,&ML)) printf("Signature is valid\n");
+ else printf("Signature is INVALID\n");
+
+ RSA_PRIVATE_KEY_KILL(&priv);
+
+ OCT_clear(&M);
+ OCT_clear(&ML); /* clean up afterwards */
+ OCT_clear(&C);
+ OCT_clear(&E);
+
+ return 0;
+}
+
+int main()
+{
+ int i;
+ unsigned long ran;
+
+ char raw[100];
+ octet RAW= {0,sizeof(raw),raw};
+ csprng RNG; /* Crypto Strong RNG */
+
+ time((time_t *)&ran);
+
+ RAW.len=100; /* fake random seed source */
+ RAW.val[0]=ran;
+ RAW.val[1]=ran>>8;
+ RAW.val[2]=ran>>16;
+ RAW.val[3]=ran>>24;
+ for (i=0; i<100; i++) RAW.val[i]=i+1;
+
+ CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
+
+ rsa(&RNG);
+
+ KILL_CSPRNG(&RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/x509.c
----------------------------------------------------------------------
diff --git a/version22/c/x509.c b/version22/c/x509.c
new file mode 100644
index 0000000..6a59294
--- /dev/null
+++ b/version22/c/x509.c
@@ -0,0 +1,1079 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL X.509 Functions */
+
+// To run test program, define HAS_MAIN
+// gcc x509.c ecdh.c rsa.c amcl.a -o x509.exe
+
+#define HAS_MAIN
+
+#include <stdio.h>
+#include "ecdh.h"
+#include "rsa.h"
+#include "x509.h"
+
+// ASN.1 tags
+
+#define ANY 0x00
+#define SEQ 0x30
+#define OID 0x06
+#define INT 0x02
+#define NUL 0x05
+#define ZER 0x00
+#define UTF 0x0C
+#define UTC 0x17
+#define LOG 0x01
+#define BIT 0x03
+#define OCT 0x04
+#define STR 0x13
+#define SET 0x31
+#define IA5 0x16
+
+// Supported Encryption Methods
+
+#define ECC 1
+#define RSA 2
+#define ECC_H256 11
+#define ECC_H384 12
+#define ECC_H512 13
+#define RSA_H256 21
+#define RSA_H384 22
+#define RSA_H512 23
+
+// return xxxxxxxxxxxxxxxx | xxxx | xxxx
+// 2048 | 2 | 3 -> 2048-bit RSA with SHA512
+
+#define H256 2
+#define H384 3
+#define H512 4
+
+// Define some OIDs
+
+// Elliptic Curve with SHA256
+static char eccsha256[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x02};
+static octet ECCSHA256= {8,sizeof(eccsha256),eccsha256};
+
+// Elliptic Curve with SHA384
+static char eccsha384[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x03};
+static octet ECCSHA384= {8,sizeof(eccsha384),eccsha384};
+
+// Elliptic Curve with SHA512
+static char eccsha512[8]= {0x2a,0x86,0x48,0xce,0x3d,0x04,0x03,0x04};
+static octet ECCSHA512= {8,sizeof(eccsha512),eccsha512};
+
+// EC Public Key
+static char ecpk[7]= {0x2a,0x86,0x48,0xce,0x3d,0x02,0x01};
+static octet ECPK= {7,sizeof(ecpk),ecpk};
+
+// C25519 curve
+static char prime25519[9]= {0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01}; /*****/
+static octet PRIME25519= {9,sizeof(prime25519),prime25519};
+
+// NIST256 curve
+static char prime256v1[8]= {0x2a,0x86,0x48,0xce,0x3d,0x03,0x01,0x07};
+static octet PRIME256V1= {8,sizeof(prime256v1),prime256v1};
+
+// NIST384 curve
+static char secp384r1[5]= {0x2B,0x81,0x04,0x00,0x22};
+static octet SECP384R1= {5,sizeof(secp384r1),secp384r1};
+
+// NIST521 curve
+static char secp521r1[5]= {0x2B,0x81,0x04,0x00,0x23};
+static octet SECP521R1= {5,sizeof(secp521r1),secp521r1};
+
+// RSA Public Key
+static char rsapk[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01};
+static octet RSAPK= {9,sizeof(rsapk),rsapk};
+
+// RSA with SHA256
+static char rsasha256[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b};
+static octet RSASHA256= {9,sizeof(rsasha256),rsasha256};
+
+// RSA with SHA384
+static char rsasha384[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0c};
+static octet RSASHA384= {9,sizeof(rsasha384),rsasha384};
+
+// RSA with SHA512
+static char rsasha512[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0d};
+static octet RSASHA512= {9,sizeof(rsasha512),rsasha512};
+
+#ifdef HAS_MAIN
+// countryName
+static char cn[3]= {0x55,0x04,0x06};
+static octet CN= {3,sizeof(cn),cn};
+
+// stateName
+// static char sn[3]= {0x55,0x04,0x08};
+// static octet SN= {3,sizeof(sn),sn};
+
+// localName
+// static char ln[3]= {0x55,0x04,0x07};
+// static octet LN= {3,sizeof(ln),ln};
+
+// orgName
+static char on[3]= {0x55,0x04,0x0A};
+static octet ON= {3,sizeof(on),on};
+
+// unitName
+// static char un[3]= {0x55,0x04,0x0B};
+// static octet UN= {3,sizeof(un),un};
+
+// myName
+// static char mn[3]= {0x55,0x04,0x03};
+// static octet MN= {3,sizeof(mn),mn};
+
+// emailName
+static char en[9]= {0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x09,0x01};
+static octet EN= {9,sizeof(en),en};
+#endif // HAS_MAIN
+
+/* Check expected TAG and return ASN.1 field length. If tag=0 skip check. */
+static int getalen(int tag,char *b,int j)
+{
+ int len;
+
+ if (tag!=0 && (unsigned char)b[j]!=tag) return -1; // not a valid tag
+ j++;
+
+ if ((unsigned char)b[j]==0x81)
+ {
+ j++;
+ len=(unsigned char)b[j];
+ }
+ else if ((unsigned char)b[j]==0x82)
+ {
+ j++;
+ len=256*b[j++];
+ len+=(unsigned char)b[j];
+ }
+ else
+ {
+ len=(unsigned char)b[j];
+ if (len>127) return -1;
+ }
+ return len;
+}
+
+/* jump over length field */
+static int skip(int len)
+{
+ if (len<128) return 2;
+ if (len>=128 && len<256) return 3;
+ return 4;
+}
+
+/* round length up to nearest 8-byte length */
+static int bround(int len)
+{
+ if (len%8==0) return len;
+ return len+(8-len%8);
+
+}
+
+// Input signed cert as octet, and extract signature
+// Return 0 for failure, ECC for Elliptic Curve signature, RSA for RSA signature
+// Note that signature type is not provided here - its the type of the public key that
+// is used to verify it that matters, and which determines for example the curve to be used!
+
+pktype X509_extract_cert_sig(octet *sc,octet *sig)
+{
+ int i,j,k,fin,len,rlen,sj,ex;
+ char soid[9];
+ octet SOID= {0,sizeof(soid),soid};
+ pktype ret;
+
+ ret.type=0;
+ ret.hash=0;
+
+ j=0;
+
+ len=getalen(SEQ,sc->val,j); // Check for expected SEQ clause, and get length
+ if (len<0) return ret; // if not a SEQ clause, there is a problem, exit
+ j+=skip(len); // skip over length to clause contents. Add len to skip clause
+
+ if (len+j!=sc->len) return ret;
+
+ len=getalen(SEQ,sc->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // jump over cert to signature OID
+
+ len=getalen(SEQ,sc->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ sj=j+len; // Needed to jump over signature OID
+
+// dive in to extract OID
+ len=getalen(OID,sc->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ fin=j+len;
+ SOID.len=len;
+ for (i=0; j<fin; j++)
+ SOID.val[i++]= sc->val[j];
+
+ // check OID here..
+
+ if (OCT_comp(&ECCSHA256,&SOID))
+ {
+ ret.type=ECC;
+ ret.hash=H256;
+ }
+ if (OCT_comp(&ECCSHA384,&SOID))
+ {
+ ret.type=ECC;
+ ret.hash=H384;
+ }
+ if (OCT_comp(&ECCSHA512,&SOID))
+ {
+ ret.type=ECC;
+ ret.hash=H512;
+ }
+ if (OCT_comp(&RSASHA256,&SOID))
+ {
+ ret.type=RSA;
+ ret.hash=H256;
+ }
+ if (OCT_comp(&RSASHA384,&SOID))
+ {
+ ret.type=RSA;
+ ret.hash=H384;
+ }
+ if (OCT_comp(&RSASHA512,&SOID))
+ {
+ ret.type=RSA;
+ ret.hash=H512;
+ }
+
+ if (ret.type==0) return ret; // unsupported type
+
+ j=sj; // jump out to signature
+
+ len=getalen(BIT,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+ j++;
+ len--; // skip bit shift (hopefully 0!)
+
+ if (ret.type==ECC)
+ {
+ // signature in the form (r,s)
+ len=getalen(SEQ,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ // pick up r part of signature
+ len=getalen(INT,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ if (sc->val[j]==0)
+ {
+ // skip leading zero
+ j++;
+ len--;
+ }
+ rlen=bround(len);
+
+ ex=rlen-len;
+ sig->len=2*rlen;
+
+ i=0;
+ for (k=0; k<ex; k++)
+ sig->val[i++]=0;
+
+ fin=j+len;
+ for (; j<fin; j++)
+ sig->val[i++]= sc->val[j];
+
+ // pick up s part of signature
+ len=getalen(INT,sc->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ if (sc->val[j]==0)
+ {
+ // skip leading zeros
+ j++;
+ len--;
+ }
+ rlen=bround(len);
+ ex=rlen-len;
+ for (k=0; k<ex; k++)
+ sig->val[i++]=0;
+
+ fin=j+len;
+ for (; j<fin; j++)
+ sig->val[i++]= sc->val[j];
+
+ }
+ if (ret.type==RSA)
+ {
+ rlen=bround(len);
+ ex=rlen-len;
+
+ sig->len=rlen;
+ i=0;
+ for (k=0; k<ex; k++)
+ sig->val[i++]=0;
+
+ fin=j+len;
+ for (; j<fin; j++)
+ sig->val[i++]= sc->val[j];
+
+ }
+ if (ret.hash==H256) ret.curve=NIST256;
+ if (ret.hash==H384) ret.curve=NIST384;
+ if (ret.hash==H512) ret.curve=NIST521;
+
+ return ret;
+}
+
+// Extract certificate from signed cert
+int X509_extract_cert(octet *sc,octet *cert)
+{
+ int i,j,fin,len,k;
+
+ j=0;
+ len=getalen(SEQ,sc->val,j);
+
+ if (len<0) return 0;
+ j+=skip(len);
+
+ k=j;
+
+ len=getalen(SEQ,sc->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ fin=j+len;
+ cert->len=fin-k;
+ for (i=k; i<fin; i++) cert->val[i-k]=sc->val[i];
+
+ return 1;
+}
+
+// Extract Public Key from inside Certificate
+pktype X509_extract_public_key(octet *c,octet *key)
+{
+ int i,j,fin,len,sj;
+ char koid[12]; /*****/
+ octet KOID= {0,sizeof(koid),koid};
+ pktype ret;
+
+ ret.type=ret.hash=0;
+ ret.curve=-1;
+
+ j=0;
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ if (len+j!=c->len) return ret;
+
+ len=getalen(0,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; //jump over version clause
+
+ len=getalen(INT,c->val,j);
+
+ if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // jump over signature algorithm
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // skip issuer
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // skip validity
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len)+len; // skip subject
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len); //
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+// ** Maybe dive in and check Public Key OIDs here?
+// ecpublicKey & prime256v1, secp384r1 or secp521r1 for ECC
+// rsapublicKey for RSA
+
+ sj=j+len;
+
+ len=getalen(OID,c->val,j);
+ if (len<0) return ret;
+ j+=skip(len);
+
+ fin=j+len;
+ KOID.len=len;
+ for (i=0; j<fin; j++)
+ KOID.val[i++]= c->val[j];
+
+ ret.type=0;
+ if (OCT_comp(&ECPK,&KOID)) ret.type=ECC;
+ if (OCT_comp(&RSAPK,&KOID)) ret.type=RSA;
+
+ if (ret.type==0) return ret;
+
+ if (ret.type==ECC)
+ {
+ // which elliptic curve?
+ len=getalen(OID,c->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len);
+
+ fin=j+len;
+ KOID.len=len;
+ for (i=0; j<fin; j++)
+ KOID.val[i++]= c->val[j];
+
+ if (OCT_comp(&PRIME25519,&KOID)) ret.curve=C25519; /*****/
+ if (OCT_comp(&PRIME256V1,&KOID)) ret.curve=NIST256;
+ if (OCT_comp(&SECP384R1,&KOID)) ret.curve=NIST384;
+ if (OCT_comp(&SECP521R1,&KOID)) ret.curve=NIST521;
+ }
+
+ j=sj; // skip to actual Public Key
+
+ len=getalen(BIT,c->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len); //
+ j++;
+ len--; // skip bit shift (hopefully 0!)
+
+// extract key
+ if (ret.type==ECC)
+ {
+ key->len=len;
+ fin=j+len;
+ for (i=0; j<fin; j++)
+ key->val[i++]= c->val[j];
+
+ }
+ if (ret.type==RSA)
+ {
+ // Key is (modulus,exponent) - assume exponent is 65537
+ len=getalen(SEQ,c->val,j);
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len); //
+
+ len=getalen(INT,c->val,j); // get modulus
+ if (len<0)
+ {
+ ret.type=0;
+ return ret;
+ }
+ j+=skip(len); //
+ if (c->val[j]==0)
+ {
+ j++;
+ len--; // remove leading zero
+ }
+
+ key->len=len;
+ fin=j+len;
+ for (i=0; j<fin; j++)
+ key->val[i++]= c->val[j];
+
+ }
+ return ret;
+}
+
+// Find pointer to main sections of cert, before extracting individual field
+// Find index to issuer in cert
+int X509_find_issuer(octet *c)
+{
+ int j,len;
+ j=0;
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ if (len+j!=c->len) return 0;
+
+ len=getalen(0,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; //jump over version clause
+
+ len=getalen(INT,c->val,j);
+
+ if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; // jump over signature algorithm
+
+ return j;
+}
+
+// Find index to validity period
+int X509_find_validity(octet *c)
+{
+ int j,len;
+ j=X509_find_issuer(c);
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; // skip issuer
+
+ return j;
+}
+
+// Find index to subject in cert
+int X509_find_subject(octet *c)
+{
+ int j,len;
+ j=X509_find_validity(c);
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len; // skip validity
+
+ return j;
+}
+
+// NOTE: When extracting cert information, we actually return just an index to the data inside the cert, and maybe its length
+// So no memory is assigned to store cert info. It is the callers responsibility to allocate such memory if required, and copy
+// cert information into it.
+
+// Find entity property indicated by SOID, given start of issuer or subject field. Return index in cert, flen=length of field
+
+int X509_find_entity_property(octet *c,octet *SOID,int start,int *flen)
+{
+ int i,j,k,fin,len,tlen;
+ char foid[50]; /*****/
+ octet FOID= {0,sizeof(foid),foid};
+
+ j=start;
+
+ tlen=getalen(SEQ,c->val,j);
+ if (tlen<0) return 0;
+ j+=skip(tlen);
+
+ for (k=j; j<k+tlen;)
+ {
+ // search for Owner OID
+ len=getalen(SET,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ len=getalen(OID,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ fin=j+len; // extract OID
+ FOID.len=len;
+ for (i=0; j<fin; j++)
+ FOID.val[i++]= c->val[j];
+ len=getalen(ANY,c->val,j); // get text, could be any type
+ if (len<0) return 0;
+
+ j+=skip(len);
+ if (OCT_comp(&FOID,SOID))
+ {
+ // if its the right one return
+ *flen=len;
+ return j;
+ }
+ j+=len; // skip over it
+ }
+ *flen=0; /*****/
+ return 0;
+}
+
+// Find start date of certificate validity period
+int X509_find_start_date(octet *c,int start)
+{
+ int j,len;
+ j=start;
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ len=getalen(UTC,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+ return j;
+}
+
+// Find expiry date of certificate validity period
+int X509_find_expiry_date(octet *c,int start)
+{
+ int j,len;
+ j=start;
+
+ len=getalen(SEQ,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ len=getalen(UTC,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len)+len;
+
+ len=getalen(UTC,c->val,j);
+ if (len<0) return 0;
+ j+=skip(len);
+
+ return j;
+}
+
+void print_out(char *des,octet *c,int index,int len)
+{
+ int i;
+ printf("%s [",des);
+ for (i=0; i<len; i++)
+ printf("%c",c->val[index+i]);
+ printf("]\n");
+}
+
+void print_date(char *des,octet *c,int index)
+{
+ int i=index;
+ printf("%s [",des);
+ if (i==0) printf("]\n");
+ else printf("20%c%c-%c%c-%c%c %c%c:%c%c:%c%c]\n",c->val[i],c->val[i+1],c->val[i+2],c->val[i+3],c->val[i+4],c->val[i+5],c->val[i+6],c->val[i+7],c->val[i+8],c->val[i+9],c->val[i+10],c->val[i+11]);
+}
+
+
+#ifdef HAS_MAIN
+
+/* test driver program */
+// Sample Certs. Uncomment one CA cert and one example cert. Note that AMCL library must be built to support given curve.
+// Sample Certs all created using OpenSSL - see http://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
+// Note - SSL currently only supports NIST curves. Howevever version 1.1.0 of OpenSSL now supports C25519
+
+#if CHOICE==C25519
+// ** CA is RSA 2048-bit based - for use with C25519 build of the library - assumes use of SHA256 in Certs
+
+char ca_b64[]="MIID6zCCAtOgAwIBAgIJALJxywTGMUA7MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTAeFw0xNjA2MzAxNzQyNDFaFw0yMTA2MzAxNzQyNDFaMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPCTPcPWgiI0ka5Czd0ZzW+gTaMEe9QW7FGu5+9fS6ALrCpdbxdwDX8+OQXZuQJpLYEAIq1pDh3fVQguH/jUM9gQQrS2Lmz3KhXC/J3yv85FRotCGv13ztapMedTy2IxzbtPvoQQc+IAlUPX6DtD8JqBoAstrlQUnkMChKztMGR2OERdjNzXmXm+KMMPlZzk+EvRwCornVA+SB5QAWj7y/3ISFo0y1WG8ewoQEx3HQYrjXbQP1VTdiLW7dHPQP86XKoTMtTBEYWuFhKB9ClCeu4Qqqxqa9UPIVfdro7SoZScCt+OX4KhzLnOCFupoLxE+yTDhDpYcCcmI1yglCv9DpMCAwEAAaNQME4wHQYDVR0OBBYEFFH18YEMoxms7121N/nQ+Wm3b5smMB8GA1UdIwQYMBaAFFH18YEMoxms7121N/nQ+Wm3b5smMAwGA1UdEwQFMAMBAf8wDQYJKo
ZIhvcNAQELBQADggEBALCUob0y2O4DSzsqG76yrtCxXWxDdgjSkHKzwFK62BzZK5EuCDJrVgCyoLX0SvYvoT9x0wtS+bxJ7TNEGn7Rkp5/iSQCUSF7sVRoHqzErk70xVKKDy5FS+zre8k08nJrtRg2u1PmY95NO1SE96BtUVLs+8rQuqEX283tqlmqE/SF2+lxOb0WaVrya4oCJfj/XT83pRTcd5w9i7huWltMbKbagkmlQ/5q9Ayp/Jh1lLXmxr+/xEbZ2xEop/y+mgVF0vLxap7R5toBA0Yk7vvirlYv0hZGqGi5lBc9VeUqm1H/7XCi5xRU3AtJ4QRk4Z1xUa4qAPKfiqlPKd1dVe3Ah3w=";
+
+// an ECC 255-bit CA-signed cert
+char cert_b64[]="MIICqjCCAZICCQCk9jKdJYtnjDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARsYWJzMRMwEQYDVQQDDApNaWtlIFNjb3R0MSQwIgYJKoZIhvcNAQkBFhVtaWtlLnNjb3R0QG1pcmFjbC5jb20wHhcNMTYwNjMwMTc0NjQ4WhcNMTYwNzMwMTc0NjQ4WjCBjDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARsYWJzMRgwFgYDVQQDDA9LZWFsYW4gTWNDdXNrZXIxIDAeBgkqhkiG9w0BCQEWEWtlYWxhbkBtaXJhY2wuY29tMDkwFAYHKoZIzj0CAQYJKwYBBAHaRw8BAyEASiRQmhO9PP+SqodOhXYrnSlcyAOog63E6a4KLDFvAzEwDQYJKoZIhvcNAQELBQADggEBALByfCM/EhdqWBrEnDHtH2/U8xr1eSylHdcfnDSDR+X6KXH5rIJ/397lZQMHB6QSsEiVrWzfFDFPPjDN3xEDsZw09ZTT+L8Wi5P3UKR1gtawQCx3ciKEywAU1CU2dV05gvyebqIsbFUyH7jOlj6/1hIx9zaiLcoEex6D55MYQuWo664HF3CNdJFk1k4HF+fclRhyl4iryp0F9p0Wl5vyn96kg0NwaBZG860oCWDHZsjRq1JeSSaRf9CKNXWbQwjByeEcDphpprqmoVcI60cC0TvZZm1x4y7vjCXLD6uCDw3P7fnSp40yce64+IKUr8/cS+QYus58KHdLaLXsojZHL3c=";
+#endif
+
+#if CHOICE==NIST256
+
+// ** CA is RSA 2048-bit based - for use with NIST256 build of library - assumes use of SHA256 in Certs
+// RSA 2048 Self-Signed CA cert
+char ca_b64[]="MIIDuzCCAqOgAwIBAgIJAP44jcM1MOROMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTExMjYwOTUwMzlaFw0yMDExMjUwOTUwMzlaMHQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUs7/nri9J8zw8rW8JVszXP0ZqeLoQJaq2X28ebm8x5VT3okr9rnBjFjpx0YKQCAFQf8iSOOYuNpDvtZ/YpsjPbk2rg5sLY9G0eUMqrTuZ7moPSxnrXS5evizjD9Z9HqaqeNEYD3sPouPg+lhU1oAUQjUTJVFhEr1x0EnSEYbbrWtY9ZDSuZv+d4NIeqqPOYFd1yZc+LYZyQbAAQqwRLNPZH/rnIykLa6I7w7mGT7H6SBz2O09BtgpTHhalL40ecXa4ZOEze0xwzlc+mEFIrnmdadg3vQrJt42RVbo3LN6RfDIqUZOMOtQW/53pUR1lIpCwVWJTiOpmSEIEqhhjFq0CAwEAAaNQME4wHQYDVR0OBBYEFJrz6LHeT6FcjRahpUC3hAMxKRTCMB8GA1UdIwQYMBaAFJrz6LHeT6FcjRahpUC3hAMxKRTCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADqkqCYVa3X8XO9Ufu6XIUoZafFPRjSeJXvEIWqlbm7ixJ
Z2FPOvf2eMc5RCZYigNKhsxru5Ojw0lPcpa8DDmEsdZDf7p0vlmf7T7xH9gtoInh4DzgI8HRHFc8R/z2/jLX7nlLoopKX5yp7F1gRACg0pd4tGpQ6EnBNcYZZghFH9UIRDmx+vDlwDCu8vyRPt35orrEiI4XGq/QkvxxAb5YWxQ4i06064ULfyCI7suu3KoobdM1aAaA8zhpOOBXKbq+Wi9IGFe/wiEMHLmfHdt9CBTjIWb//IHji4RT05kCmTVrx97pb7EHafuL3L10mM5cpTyBWKnb4kMFtx9yw+S2U=";
+// an RSA 2048 CA-signed cert
+//char cert_b64[]="MIIDcjCCAloCAQEwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEwMzQzMFoXDTE3MTEyNTEwMzQzMFowgYkxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpVm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARNSUtFMSYwJAYJKoZIhvcNAQkBFhdtaWtlLnNjb3R0QGNlcnRpdm94LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIoxaQHFQzfyNChrw+3i7FjRFMHZ4zspkjkAcJW21LdBCqrxU+sdjyBoSFlrlafQOHshbrEP93AKX1bfaYbuV4fzq7OlRaLxaK+b+xrOJdewMI2WZ5OwEzj3onZATISogIoB6dTdzJ41NuxuMqQ/DqOnVrRA0SoIespbQhB8FGHBLw0hJATBzUk+bqOIt0HmnMp2EbYgtuG4lYINU/lD3Qt16SunUukWRLtxqJkioie+dkhP2zm+bOlSVmeQb4Wp8AI14OKkTfkdYC8qCxb5eabg90Q33rQUhNwRQHhHwopZwD/BgodasoSrPfwUlj0awh6y87eMGcik5Q/mjkCk5MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAFrd7R/67ClkbLhpiX++6QTOa47siUAB9v+Qil9hZfhPNeeM589ixYkD4zH5pOK2B0ea+CXEKkanQ6lXx9KV86yS7fq6Yww7wO0diecusHd0+P82i46Tq0nm8nlsnAuhYoFRUGa2m2D
kB1HSsB0ts8DjzFLySonFjSSLHDU0ox9/uFbJMzipy3ijAA4XM0N4jRrUfrmxpA7DOOsbEbGkvvB7VK9+s9PHE/4dJTwhSteplUnhxVFkkDo/JwaLx4/IEQRlCF3KEQ5s3AwRHnbrIjOY2yONxHBtJEp7QN5aOHruwvMNRNheCBPiQJyLitUsFGr4voANmobkrFgYtu0tRMQ==";
+// an ECC 256 CA-signed cert
+char cert_b64[]="MIICojCCAYoCAQMwDQYJKoZIhvcNAQELBQAwdDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTEyNjEzNDcyOVoXDTE3MTEyNTEzNDcyOVowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATO2iZiQZsXxzwBKnufKfZcsctNXZ4PmfJm638PmX9DQ3Xdb+nD5VxiOakNcB9xf5im8CriiOF5Z/7yPGyzUMbdMA0GCSqGSIb3DQEBCwUAA4IBAQAK5fMgGCCiPts8hMUZvYDpu8hd7qtPKPBc10QUccHb7PGrhqf/Ex2Gpj1aaURmx7SGZG0HX97LtkdW8KQpEoyaa60r7cjVA589TznxXKSGg5ggVoFJNpuZUm7VcolLjwIgTxtGbPzrvVMiZ4cl4PwFePXVKTl4f8XkOFX5gLmVSuCf729lEBmpx3IzqGmTjmnBixaApUElOKVeL7hiUKP3TqMUxZN+QNJBq4Mh9K9h4Sks2oneLwBwhMqQvpmcOb/7SucJn5N0IgJoGaMbfX0oCJJID1NSbagUSbFD1XciR2Ng9VtvnRP+htmEQ7jtww8phFdrWt5M5zPGOHUppqDx";
+
+// ** CA is ECC 256 based - for use with NIST256 build of library
+// ECC 256 Self-Signed CA cert
+//char ca_b64[]="MIIB7TCCAZOgAwIBAgIJANp4nGS/VYj2MAoGCCqGSM49BAMCMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xNTExMjYxMzI0MTBaFw0yMDExMjUxMzI0MTBaMFMxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPb6IjYNKyfbEtL1aafzW1jrn6ALn3PnGm7AyX+pcvwG0GKmb3Z/uHzhT4GysNE0/GB1n4Y/mrORQIm2X98rRs6jUDBOMB0GA1UdDgQWBBSfXUNkgJVklIhuXq4DCnVYhsdzwDAfBgNVHSMEGDAWgBSfXUNkgJVklIhuXq4DCnVYhsdzwDAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIQDrZJ1tshwTl/jabU2i49EOgbWe0ZgE3QZywJclf5IVwwIgVmz79AAf7e098lyrOKYAqbwjHVyMZGfmkNNGIuIhp/Q=";
+// an ECC 256 CA-signed cert
+//char cert_b64[]="MIIBvjCCAWQCAQEwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMjc1N1oXDTE3MTEyNTEzMjc1N1owgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEY42H52TfWMLueKB1o2Sq8uKaKErbHJ2GRAxrnJdNxex0hxZF5FUx7664BbPUolKhpvKTnJxDq5/gMqXzpKgR6DAKBggqhkjOPQQDAgNIADBFAiEA0ew08Xg32g7BwheslVKwXo9XRRx4kygYha1+cn0tvaUCIEKCEwnosZlAckjcZt8aHN5zslE9K9Y7XxTErTstthKc";
+// an RSA 2048 CA-signed cert
+//char cert_b64[]="MIICiDCCAi4CAQIwCgYIKoZIzj0EAwIwUzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE1MTEyNjEzMzcwNVoXDTE3MTEyNTEzMzcwNVowgYExCzAJBgNVBAYTAklFMQ8wDQYDVQQIDAZJZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjPBVwmPg8Gwx0+8xekmomptA0BDwS7NUfBetqDqNMNyji0bSe8LAfpciU7NW/HWfUE1lndCqSDDwnMJmwC5e3GAl/Bus+a+z8ruEhWGbn95xrHXFkOawbRlXuS7UcEQCvPr8KQHhNsg4cyV7Hn527CPUl27n+WN8/pANo01cTN/dQaK87naU0Mid09vktlMKSN0zyJOnc5CsaTLs+vCRKJ9sUL3d4IQIA2y7gvrTe+iY/QI26nqhGpNWYyFkAdy9PdHUEnDI6JsfF7jFh37yG7XEgDDA3asp/oi1T1+ZoASj2boL++opdqCzDndeWwzDWAWuvJ9wULd80ti6x737ZAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIgCDwgl98+9moBo+etaLt8MvB/z5Ti6i9neRTZkvoFl7YCIQDq//M3OB757fepErRzIQo3aFAFYjOooi6WdSqP3XqGIg==";
+
+#endif
+
+#if CHOICE==NIST384
+
+// ** CA is RSA 3072-bit based - for use with NIST384 build of library - assumes use of SHA384 in Certs
+// RSA 3072 Self-Signed CA cert
+char ca_b64[]="MIIElzCCAv+gAwIBAgIJAJA+8OyEeK4FMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTAeFw0xNTExMjYxNDQ0MDBaFw0yMDExMjUxNDQ0MDBaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwETWlrZTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANvNO8ahsanxzqwkp3A3bujwObJoP3xpOiAAxwGbW867wx4EqBjPRZP+Wcm9Du6e4Fx9U7tHrOLocIUUBcRrmxUJ7Z375hX0cV9yuoYPNv0o2klJhB8+i4YXddkOrSmDLV4r46Ytt1/gjImziat6ZJALdd/uIuhaXwjzy1fFqSEBpkzhrFwFP9MG+5CgbRQed+YxZ10l/rjk+h3LKq9UFsxRCMPYhBFgmEKAVTMnbTfNNxawTRCKtK7nxxruGvAEM+k0ge5rvybERQ0NxtizefBSsB3Q6QVZOsRJiyC0HQhE6ZBHn4h3A5nHUZwPeh71KShw3uMPPB3Kp1pb/1Euq8azyXSshEMPivvgcGJSlm2b/xqsyrT1tie82MqB0APYAtbx3i5q8p+rD143NiNO8fzCq/J+EV82rVyvqDxf7AaTdJqDbZmnFRbIcrLcQdigWZdSjc+WxrCeOtebRmRknuUmetsCUPVzGv71PLMUNQ2qEiq8KGWmnMBJYVMl96bPxwIDAQABo1AwTjAdBgNVHQ4EFgQUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwHwYDVR0jBB
gwFoAUsSjrHeZ5TNI2tMcQd6wUnFpU8DcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAYEADlnC1gYIHpVf4uSuBpYNHMO324hhGajHNraHYQAoYc0bW4OcKi0732ib5CHDrV3LCxjxF4lxZVo61gatg5LnfJYldXc0vP0GQRcaqC6lXlLb8ZJ0O3oPgZkAqpzc+AQxYW1wFxbzX8EJU0stSwAuxkgs9bwg8tTxIhDutrcjQl3osnAqGDyM+7VAG5QLRMzxiZumyD7s/xBUOa+L6OKXf4QRr/SH/rPU8H+ENaNkv4PApSVzCgTBPOFBIzqEuO4hcQI0laUopsp2kK1w6wYB5oY/rR/O6lNNfB2WEtfdIhdbQru4cUE3boKerM8Mjd21RuerAuK4X8cbDudHIFsaopGSNuzZwPo/bu0OsmZkORxvdjahHJ0G3/6jM6nEDoIy6mXUCGOUOMhGQKCa8TYlZdPKz29QIxk6HA1wCA38MxUo/29Z7oYw27Mx3x8Gcr+UA4vc+oBN3IEzRmhRZKAYQ10MhYPx3NmYGZBDqHvT06oG5hysTCtlVzx0Tm+o01JQ";
+// an RSA 3072 CA-signed cert
+//char cert_b64[]="MIIEWzCCAsMCAQYwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE0NDY0MloXDTE3MTEyNTE0NDY0MlowgYQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ8wDQYDVQQDDAZtc2NvdHQxHzAdBgkqhkiG9w0BCQEWEG1zY290dEBpbmRpZ28uaWUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC6SrDiE4BpTEks1YpX209q8iH0dfvhGO8hi1rGYFYnz+eeiOvPdXiCdIPVPbGwxQGMEnZQV1X0KupYJw3LR2EsXhN4LZBxnQZmDvUXsTU+Ft/CKZUxVoXpNMxzwl70RC6XeUpPxvdPXa78AnfLL/DsOKsxCfNaKYZZ6G53L6Y69+HrCbyM7g2KrZ9/K/FXS1veMpRj9EbA6Mcdv1TUDNK2fTDV952AQO3kC3+PqywdVgPvntraAoQomrni+tcFW7UXe2Sk7DRcF/acBSuo2UtP3m9UWNL+8HOXvtRqmhns55Vj4DxKuPln759UBS7WZ11apCvC3BvCHR/k3WRf9PQWnW2cmT73/kEShvTRi8h7F9RWvYTEF1MuwSVy+l51q8O3rJU4XxnLm/YbtIGXZUf5Rqb0985zQkA+6rip/OSc8X5a3OV3kp38U7tXJ5sqBMg9RdIIz42cmiRLG5NYSj0/T6zjYEdwj3SYEBoPN/7UGSmhu8fdxS7JYPNpOsgeiu8CAwEAATANBgkqhkiG9w0BAQwFAAOCAY
EAyxxEg0hWLFuN2fiukX6vqzSDx5Ac8w1JI4W/bamRd7iDZfHQYqyPDZi9s07I2PcGbByj2oqoyGiIEBLbsljdIEF4D229h2kisn1gA9O+0IM44EgjhBTUoNDgC+SbfJrXlU2GZ1XI3OWjbK7+1wiv0NaBShbbiPgSdjQBP8S+9W7lyyIrZEM1J7maBdepie1BS//DUDmpQzEi0UlB1J+HmQpyZsnT97J9uIPKsK4t2/+iOiknl6iS4GzAQKMLqj2yIBRf/O44ZZ6UZIKLtI4PCVS/8H5Lrg3AC0kr4ZkPAXzefUiTwyLVkqYSxSSTvtb3BpgOxIbmA6juFid0rvUyjN4fuDQkxl3PZyQwIHjpz33HyKrmo4BZ8Dg4JT8LCsQgd0AaD3r0QOS5FdLhkb+rD8EMSsCoOCEtPI6lqLJCrGOQWj7zbcUdPOEsczWMI9hSfK3u/P9+gOUBUFkb0gBIn3WvNuHifIHpsZ5bzbR+SGtu5Tgc7CCCPyNgz1Beb247";
+// an ECC 384 CA-signed cert
+char cert_b64[]="MIIDCDCCAXACAQcwDQYJKoZIhvcNAQEMBQAwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARNaWtlMB4XDTE1MTEyNjE1MzU1M1oXDTE3MTEyNTE1MzU1M1owYDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEQMA4GA1UECgwHQ2VydGl2bzENMAsGA1UECwwETGFiczENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ1J+FT5mxxYEM4aYKM0CvZHmh8JFXzoBmzibabrvyTz79+1QOrR+6MEEsKtmJIYPJi+GsQ0PmjF2HmJncM1zeQh7DQYJf2Xc8p5Vjd8//6YREBVfN3UIyrl87MSucy+mjANBgkqhkiG9w0BAQwFAAOCAYEAmuwa64+K1qlCELpcnCyWwMhSb+Zsw0Hh6q/BfxalZhsX1UFEwE9nHoVJcokaEEYF4u4AYXU5rdysRHxYBfgMbohguTT7sJwCfve2JqpqvhQOkGDG1DB4Ho4y7NPPYB2+UMd7JMD0TOcHXdgQ8FtAE0ClD8VkW0gAC0lCrbQbynfLoUjIWqg3w2g79hvdZPgRt208nFiHuezynOaEFePoXl8CxHInsxAnMaJn2fEs5/QH67pwD65mPdNFsvlr0zdzYcceqEmEHpRAXFOQAJtffGjWAGGX/CsghLuqlpdCiTGA1B53XoXKJvArr/kHpTNMsU1NnkQIHZ5n4USCo4QgL6n9nwem7U2mYBYjmxPi5Y3JJnTZz4zUnv0bD0vSwoivnFZox9H6qTAkeIX1ojJ2ujxWHNOMvOFb6nU2gqNZj2vYcO38OIrK9gwM9lm4FF20YBuf
h+WOzQthrHJv0YuQt3NuDQEMkvz+23YvzZlr+e2XqDlMhyR01Kk0MXeLGGcv";
+
+// ** CA is ECC 384 based - - for use with NIST384 build of library - assumes use of SHA384 in Certs
+// ECC 384 Self-Signed CA Cert
+//char ca_b64[]="MIICSTCCAc6gAwIBAgIJAIwHpOFSZLXnMAoGCCqGSM49BAMDMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTAeFw0xNTExMjYxNTQ0NTlaFw0yMDExMjUxNTQ0NTlaMGIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UEAwwEbWlrZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABOEPMYBqzIn1hJAMZ0aEVxQ08gBF2aSfWtEJtmKj64014w7VfWdeFQSIMP9SjmhatFbAvxep8xgcwbeAobGTqCgUp+0EdFZR1ktKSND/S+UDU1YSNCFRvlNTJ6YmXUkW36NQME4wHQYDVR0OBBYEFDQxIZoKNniNuW91UMJ1KWEjs045MB8GA1UdIwQYMBaAFDQxIZoKNniNuW91UMJ1KWEjs045MAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwMDaQAwZgIxANbml6sp5A92qQiCM/OtBf+TbXpSpIO83TuNP9V2lsphp0CEX3KwAuqBXB95m9/xWAIxAOXAT2LqieSbUh4fpxcdaeY01RoGtD2AQch1a6BuIugcQqTfqLcXy7D51R70R729sA==";
+// an ECC 384 CA-signed cert
+//char cert_b64[]="MIICCjCCAZACAQgwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE1NTIxMFoXDTE3MTEyNTE1NTIxMFowgYIxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xETAPBgNVBAoMCENlcnRpdm94MQ0wCwYDVQQLDARMYWJzMQ0wCwYDVQQDDARtaWtlMR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEf2Qm6jH2U+vhAApsMqH9gzGCH8rk+mUwFSD3Uud4NiyPBqrJRC1eetVvr3cYb6ucDTa15km6QKvZZrsRW+Z4ZpryoEE6esmD4XPLrtrOtoxtxFNRhiMmT/M9zcrfMJC5MAoGCCqGSM49BAMDA2gAMGUCMF0x6PAvvnJR3riZdUPC4OWFC2K3eiz3QuLCdFOZVIqX7mkLftdS8BtzusXWMMgFCQIxALJNMKLs39P9wYQHu1C+v9ieltQr20C+WVYxqUvgL/KTdxd9dzc3wseZRDT1CydqOA==";
+// an RSA 3072 CA-signed cert
+//char cert_b64[]="MIIDFjCCAp4CAQkwCgYIKoZIzj0EAwMwYjELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDDARtaWtlMB4XDTE1MTEyNjE2MTYwNloXDTE3MTEyNTE2MTYwNlowYzELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGl2b3gxDTALBgNVBAsMBGxhYnMxDzANBgNVBAMMBmtlYWxhbjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAK5QhVjR+UGt3ZWPSGicpviqaOhxXmmvOepdl5Seqr+Iweb3IuEDgtHGwrw/EEgWlKPfS/2LW9ncptdNbVQh7+2rojj7ZtedrAK5p7I9b22f2U3sSHIqjtTT0BjqzL0qEwy/ATqbf93Tcr3yT0Ygh3yzbvn4zodrWQZK8kkN3PQKkiHBCuIxo+8MlTs8d99dl1hbJ84MYZuPmhrkB4oLEAt8+srtL+a4Yd0wPhuCYrLjBnYkD9TlcWLWWh8/iwXiznrY8gQsXSveQNzQjcmHilZrTlTL2dnyI2v7BAXXHSwo6UeES0n064fnYTr3JB0GArMcty6RD3E7xr64HNzzTE2+8cDxufNvU0tq2Z72oZ9cAReHUL5P6mLfORI+AhtCHrXGJch/F07ZX9h8UFpzok8NK5++Q7lHKuezTYRRPlDL5hDB3BUpBwvILdqujcbNil04cuLRBNT/WgqRXEBRjlHLgZaLChFV2VSJ9Z1Uke2lfm5X2O0XPQLhjMSiuvr4HwIDAQABMAoGCCqGSM49BAMDA2YAMGMCLxHSQAYP2EsuIpR4TzDDSIlsw4BBsD7W0ZfH91v9J0j5UWQJD/
yNjMtyA2Qlkq/0AjB+SJQbLgycNJH5SnR/X5wx26/62ln9s0swUtlCYVtNzyEQ3YRHSZbmTbh16RUT7Ak=";
+
+#endif
+
+#if CHOICE==NIST521
+
+// ** CA is ECC 521 based - - for use with NIST521 build of library - assumes use of SHA512 in Certs
+// ECC 521 Self-Signed CA Cert
+char ca_b64[]="MIIC+TCCAlqgAwIBAgIJAKlppiHsRpY8MAoGCCqGSM49BAMEMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTAeFw0xNTEyMDExMzE5MjZaFw0yMDExMzAxMzE5MjZaMIGUMQswCQYDVQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAsMBExhYnMxDzANBgNVBAMMBm1zY290dDEfMB0GCSqGSIb3DQEJARYQbXNjb3R0QGluZGlnby5pZTCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAKUj6Qa4Vr1vyango8XHlLIIEzY9IVppdpGUrMlNfo0Spu+AXGhnluwJTZXOYLi8jSIPEAL7vuwS5H6uPPIz1QWXALRETVYAQfK0pIfPHq+edTHVTXMcAUpdNla2d4LwYO7HpkSQFHd7aaDN3yVhSL2J0LBLgy0wGkEHuyK1O2r0xNu6o1AwTjAdBgNVHQ4EFgQU966PLshKffU/NRCivMmNq8RiRkAwHwYDVR0jBBgwFoAU966PLshKffU/NRCivMmNq8RiRkAwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDBAOBjAAwgYgCQgHkLczeTWXq5BfY0bsTOSNU8bYy39OhiQ8wr5rlXY0zOg0fDyokueL4dhkXp8FjbIyUfQBY5OMxjtcn2p+cXU+6MwJCAci61REgxZvjpf1X8pGeSsOKa7GhfsfVnbQm+LQmjVmhMHbVRk
Q4h93CENN4MH/86XNozO9USh+ydTislAcXvCb0";
+// an ECC 521 CA-signed cert
+char cert_b64[]="MIICZjCCAccCAQMwCgYIKoZIzj0EAwQwgZQxCzAJBgNVBAYTAklFMRAwDgYDVQQIDAdJcmVsYW5kMQ8wDQYDVQQHDAZEdWJsaW4xITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECwwETGFiczEPMA0GA1UEAwwGbXNjb3R0MR8wHQYJKoZIhvcNAQkBFhBtc2NvdHRAaW5kaWdvLmllMB4XDTE1MTIwMTEzMjkxN1oXDTE3MTEzMDEzMjkxN1owYTELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjERMA8GA1UECgwIQ2VydGlWb3gxDTALBgNVBAsMBExhYnMxDTALBgNVBAMMBE1pa2UwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABAAva/N4kP2LMSGJZ5tvULlfdNx2M/+xYeCrQkuFmY8sG+mdcUAaSx819fztn2jz1nfdTJnuj79AhfUOL8hlTW14BwErp3DnqWa7Y/rpSJP+AsnJ2bZg4yGUDfVy/Q0AQychSzJm2oGRfdliyBIc+2SoQJ/Rf0ZVKVJ5FfRbWUUiKqYUqjAKBggqhkjOPQQDBAOBjAAwgYgCQgFE1Y7d9aBdxpZqROtkdVNG8XBCTSlMX0fISWkSM8ZEiQfYf7YgXzLjk8wHnv04Mv6kmAuV0V1AHs2M0/753CYEfAJCAPZo801McsGe+3jYALrFFw9Wj7KQC/sFEJ7/I+PYyJtrlfTTqmV0IFKdJzjEsk7ic+Gd4Nbs6kIe1GyYbrcyC4wT";
+
+#endif
+
+char io[5000];
+octet IO= {0,sizeof(io),io};
+
+#define MAXMODBYTES 72
+#define MAXFFLEN 16
+
+char sig[MAXMODBYTES*MAXFFLEN];
+octet SIG= {0,sizeof(sig),sig};
+
+char r[MAXMODBYTES];
+octet R= {0,sizeof(r),r};
+
+char s[MAXMODBYTES];
+octet S= {0,sizeof(s),s};
+
+char cakey[MAXMODBYTES*MAXFFLEN];
+octet CAKEY= {0,sizeof(cakey),cakey};
+
+char certkey[MAXMODBYTES*MAXFFLEN];
+octet CERTKEY= {0,sizeof(certkey),certkey};
+
+char h[5000];
+octet H= {0,sizeof(h),h};
+
+char hh[5000];
+octet HH= {0,sizeof(hh),hh};
+
+char hp[RFS];
+octet HP= {0,sizeof(hp),hp};
+
+
+int main()
+{
+ int res,len,sha;
+ int c,ic;
+ rsa_public_key PK;
+ pktype st,ca,pt;
+
+ printf("First check signature on self-signed cert and extract CA public key\n");
+ OCT_frombase64(&IO,ca_b64);
+ printf("CA Self-Signed Cert= \n");
+ OCT_output(&IO);
+ printf("\n");
+
+ st=X509_extract_cert_sig(&IO,&SIG); // returns signature type
+
+ if (st.type==0)
+ {
+ printf("Unable to extract cert signature\n");
+ return 0;
+ }
+
+ if (st.type==ECC)
+ {
+ OCT_chop(&SIG,&S,SIG.len/2);
+ OCT_copy(&R,&SIG);
+ printf("ECC SIG= \n");
+ OCT_output(&R);
+ OCT_output(&S);
+ printf("\n");
+ }
+
+ if (st.type==RSA)
+ {
+ printf("RSA SIG= \n");
+ OCT_output(&SIG);
+ printf("\n");
+ }
+
+ if (st.hash==H256) printf("Hashed with SHA256\n");
+ if (st.hash==H384) printf("Hashed with SHA384\n");
+ if (st.hash==H512) printf("Hashed with SHA512\n");
+
+// Extract Cert from signed Cert
+
+ c=X509_extract_cert(&IO,&H);
+
+ printf("\nCert= \n");
+ OCT_output(&H);
+ printf("\n");
+
+// show some details
+ printf("Issuer Details\n");
+ ic=X509_find_issuer(&H);
+ c=X509_find_entity_property(&H,&ON,ic,&len);
+ print_out("owner=",&H,c,len);
+ c=X509_find_entity_property(&H,&CN,ic,&len);
+ print_out("country=",&H,c,len);
+ c=X509_find_entity_property(&H,&EN,ic,&len);
+ print_out("email=",&H,c,len);
+ printf("\n");
+
+ ca=X509_extract_public_key(&H,&CAKEY);
+
+ if (ca.type==0)
+ {
+ printf("Not supported by library\n");
+ return 0;
+ }
+ if (ca.type!=st.type)
+ {
+ printf("Not self-signed\n");
+ }
+
+ if (ca.type==ECC)
+ {
+ printf("EXTRACTED ECC PUBLIC KEY= \n");
+ OCT_output(&CAKEY);
+ }
+ if (ca.type==RSA)
+ {
+ printf("EXTRACTED RSA PUBLIC KEY= \n");
+ OCT_output(&CAKEY);
+ }
+ printf("\n");
+
+// Cert is self-signed - so check signature
+
+ printf("Checking Self-Signed Signature\n");
+ if (ca.type==ECC)
+ {
+ if (ca.curve!=CHOICE)
+ {
+ printf("Curve is not supported\n");
+ return 0;
+ }
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
+ if (res!=0)
+ {
+ printf("ECP Public Key is invalid!\n");
+ return 0;
+ }
+ else printf("ECP Public Key is Valid\n");
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+
+ if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
+ {
+ printf("***ECDSA Verification Failed\n");
+ return 0;
+ }
+ else
+ printf("ECDSA Signature/Verification succeeded \n");
+ }
+
+ if (ca.type==RSA)
+ {
+ PK.e=65537; // assuming this!
+ FF_fromOctet(PK.n,&CAKEY,FFLEN);
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+ PKCS15(sha,&H,&HP);
+
+ RSA_ENCRYPT(&PK,&SIG,&HH);
+
+ if (OCT_comp(&HP,&HH))
+ printf("RSA Signature/Verification succeeded \n");
+ else
+ {
+ printf("***RSA Verification Failed\n");
+ return 0;
+ }
+ }
+
+ printf("\nNext check CA signature on cert, and extract public key\n");
+
+ OCT_frombase64(&IO,cert_b64);
+ printf("Example Cert= \n");
+ OCT_output(&IO);
+ printf("\n");
+
+ st=X509_extract_cert_sig(&IO,&SIG);
+
+ if (st.type==0)
+ {
+ printf("Unable to check cert signature\n");
+ return 0;
+ }
+
+ if (st.type==ECC)
+ {
+ OCT_chop(&SIG,&S,SIG.len/2);
+ OCT_copy(&R,&SIG);
+ printf("SIG= \n");
+ OCT_output(&R);
+
+ OCT_output(&S);
+
+ printf("\n");
+ }
+
+ if (st.type==RSA)
+ {
+ printf("SIG= \n");
+ OCT_output(&SIG);
+ printf("\n");
+ }
+
+ c=X509_extract_cert(&IO,&H);
+
+ printf("Cert= \n");
+ OCT_output(&H);
+ printf("\n");
+
+ printf("Subject Details\n");
+ ic=X509_find_subject(&H);
+ c=X509_find_entity_property(&H,&ON,ic,&len);
+ print_out("owner=",&H,c,len);
+ c=X509_find_entity_property(&H,&CN,ic,&len);
+ print_out("country=",&H,c,len);
+ c=X509_find_entity_property(&H,&EN,ic,&len);
+ print_out("email=",&H,c,len);
+ printf("\n");
+
+ ic=X509_find_validity(&H);
+ c=X509_find_start_date(&H,ic);
+ print_date("start date= ",&H,c);
+ c=X509_find_expiry_date(&H,ic);
+ print_date("expiry date=",&H,c);
+ printf("\n");
+
+ pt=X509_extract_public_key(&H,&CERTKEY);
+
+ if (pt.type==0)
+ {
+ printf("Not supported by library\n");
+ return 0;
+ }
+
+ if (pt.type==ECC)
+ {
+ printf("EXTRACTED ECC PUBLIC KEY= \n");
+ OCT_output(&CERTKEY);
+ }
+ if (pt.type==RSA)
+ {
+ printf("EXTRACTED RSA PUBLIC KEY= \n");
+ OCT_output(&CERTKEY);
+ }
+
+ printf("\n");
+
+ /* Check CA signature */
+
+ if (ca.type==ECC)
+ {
+ printf("Checking CA's ECC Signature on Cert\n");
+ res=ECP_PUBLIC_KEY_VALIDATE(1,&CAKEY);
+ if (res!=0)
+ printf("ECP Public Key is invalid!\n");
+ else printf("ECP Public Key is Valid\n");
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+
+ if (ECPVP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
+ printf("***ECDSA Verification Failed\n");
+ else
+ printf("ECDSA Signature/Verification succeeded \n");
+ }
+
+ if (ca.type==RSA)
+ {
+ printf("Checking CA's RSA Signature on Cert\n");
+ PK.e=65537; // assuming this!
+ FF_fromOctet(PK.n,&CAKEY,FFLEN);
+
+ sha=0;
+
+ if (st.hash==H256) sha=SHA256;
+ if (st.hash==H384) sha=SHA384;
+ if (st.hash==H512) sha=SHA512;
+ if (st.hash==0)
+ {
+ printf("Hash Function not supported\n");
+ return 0;
+ }
+ PKCS15(sha,&H,&HP);
+
+ RSA_ENCRYPT(&PK,&SIG,&HH);
+
+ if (OCT_comp(&HP,&HH))
+ printf("RSA Signature/Verification succeeded \n");
+ else
+ printf("***RSA Verification Failed\n");
+
+ }
+
+ return 0;
+}
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/x509.h
----------------------------------------------------------------------
diff --git a/version22/c/x509.h b/version22/c/x509.h
new file mode 100644
index 0000000..b0f0941
--- /dev/null
+++ b/version22/c/x509.h
@@ -0,0 +1,113 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL x509 header file */
+
+/**
+ * @file x509.h
+ * @author Mike Scott and Kealan McCusker
+ * @date 19th May 2015
+ * @brief X509 function Header File
+ *
+ * defines structures
+ * declares functions
+ *
+ */
+
+#ifndef X509_H
+#define X509_H
+
+/**
+ * @brief Public key type
+ */
+typedef struct
+{
+ int type; /**< signature type (ECC or RSA) */
+ int hash; /**< hash type */
+ int curve; /**< elliptic curve used */
+} pktype;
+
+
+/* X.509 functions */
+/** @brief Extract certificate signature
+ *
+ @param c an X.509 certificate
+ @param s the extracted signature
+ @return 0 on failure, or indicator of signature type (ECC or RSA)
+
+*/
+extern pktype X509_extract_cert_sig(octet *c,octet *s);
+/** @brief
+ *
+ @param sc a signed certificate
+ @param c the extracted certificate
+ @return 0 on failure
+*/
+extern int X509_extract_cert(octet *sc,octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param k the extracted key
+ @return 0 on failure, or indicator of public key type (ECC or RSA)
+*/
+extern pktype X509_extract_public_key(octet *c,octet *k);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @return 0 on failure, or pointer to issuer field in cert
+*/
+extern int X509_find_issuer(octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @return 0 on failure, or pointer to validity field in cert
+*/
+extern int X509_find_validity(octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @return 0 on failure, or pointer to subject field in cert
+*/
+extern int X509_find_subject(octet *c);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param S is OID of property we are looking for
+ @param s is a pointer to the section of interest in the cert
+ @param f is pointer to the length of the property
+ @return 0 on failure, or pointer to the property
+*/
+extern int X509_find_entity_property(octet *c,octet *S,int s,int *f);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param s is a pointer to the start of the validity field
+ @return 0 on failure, or pointer to the start date
+*/
+extern int X509_find_start_date(octet *c,int s);
+/** @brief
+ *
+ @param c an X.509 certificate
+ @param s is a pointer to the start of the validity field
+ @return 0 on failure, or pointer to the expiry date
+*/
+extern int X509_find_expiry_date(octet *c,int s);
+
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/check.cpp
----------------------------------------------------------------------
diff --git a/version22/check.cpp b/version22/check.cpp
new file mode 100644
index 0000000..f0a31d9
--- /dev/null
+++ b/version22/check.cpp
@@ -0,0 +1,100 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* Utility to recommend best choice for BASEBITS
+
+(MINGW build)
+
+g++ -O2 check.cpp big.cpp miracl.a -o check.exe */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "big.h"
+
+using namespace std;
+
+Miracl precision=20;
+
+int main(int argc, char *argv[])
+{
+ int p,w,b,n,s,t,e,ex;
+ Big lhs,rhs;
+
+ argc--; argv++;
+
+ if (argc!=2)
+ {
+ printf("Bad arguments\n");
+ printf("check wordlength modulus-length\n");
+ printf("Wordlength can be 16, 32 or 64 (or 26 for Javascript)\n");
+ printf("Example:\n");
+ printf("check 32 256\n");
+ printf("Outputs choices for BASEBITS, number of words per Big, and number of spare bits\n");
+ printf("Normally choose for minimum words per Big, and maximum spare bits\n");
+ printf("(But >= 12 spare bits is enough, and tidier if BASEBITS =0 mod 4) \n");
+ exit(0);
+ }
+
+ n=atoi(argv[0]);
+ p=atoi(argv[1]); // Number of bits in prime modulus
+
+ if (n!=16 && n!=26 && n!=32 && n!=64)
+ {
+ printf("wordlength must be 16, 32 or 64\n");
+ return 0;
+ }
+
+ rhs=pow((Big)2,2*n-1);
+ e=3; // need at least 3 bits to allow adds and subtracts without normalisation
+ if (n==26)
+ {
+ rhs*=2; // no sign bit to worry about in Javascript
+ e=1; // not an issue for Javascript
+ }
+
+ for (b=n-e;b>=n-8;b--)
+ {
+ if (n==64 && b%2!=0) continue; // insist on even values for 64-bit builds
+ w=p/b; if (p%b!=0) w++;
+ s=w*b-p;
+
+ lhs=(w+2)*pow((Big)2,2*b); // sum of products plus carry plus one for redc
+
+ if (lhs>=rhs) {printf("Stability violation for BASEBITS= %d\n",b); continue;}
+ ex=1;
+ while (lhs<rhs)
+ {
+ ex*=2; lhs*=2;
+ }
+ ex/=2;
+
+
+// Top bits of Modulus must appear in top word of representation. Also at least 4 bits spare needed for field excess.
+ if (s<4 || s>=b) {printf("Not enough Fp spare for BASEBITS= %d\n",b); continue;}
+// At least 2 spare bits needed for FF excess
+ t=b*(1+(p-1)/b) - 8*(1+(p-1)/8);
+ if (t<2 || t>=b) {printf("Not enough FF spare for BASEBITS= %d\n",b);}
+
+ printf("Solution for BASEBITS= %d, Words Per Big=%d, Fp spare bits= %d, FF spare bits= %d (%d)\n",b,w,s,t,ex);
+ //break;
+ }
+
+ return 0;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/cs/readme.txt
----------------------------------------------------------------------
diff --git a/version22/cs/readme.txt b/version22/cs/readme.txt
new file mode 100644
index 0000000..de1039d
--- /dev/null
+++ b/version22/cs/readme.txt
@@ -0,0 +1,36 @@
+AMCL is very simple to build for C#.
+
+NOTE: The C# code is automatically generated from the Java code using
+the Java to C# Converter from Tangible Software Solutions. We noted a few minor
+fix-ups that were required when we tried the current version of the Converter.
+
+
+** In HASH384.cs and HASH512.cs change long to ulong. Remove castes in S() and R(). Add (ulong) caste
+in process()
+** Comment out debug "main" programs in files other than Test***.cs
+** In BIG.cs function mod() change "checked" to "unchecked"
+** In BIG.cs in modmul() change BIG.mod(m);BIG.mod(m) to a.mod(m);b.mod(m). Same in modsqr() and modneg()
+** In BIG.cs in jacobi() change BIG.mod(p) to x.mod(p) and BIG.mod(m) to t.mod(m)
+** In TestMPIN.java change line Scanner ...; pin=scan.next(); to pin = int.Parse(Console.ReadLine());
+
+
+Three example API files will be generated, MPIN.cs which
+supports our M-Pin (tm) protocol, ECDH.cs which supports elliptic
+curve key exchange, digital signature and public key crypto, and RSA.cs
+which supports the RSA method.
+
+In the ROM.cs file you must provide the curve constants for the curve you want to use.
+Several examples are provided in the Java code, if you are willing to convert and use one of these.
+
+When the translation is complete, for a quick jumpstart:-
+
+csc TestMPIN.cs MPIN.cs FP.cs BIG.cs DBIG.cs AES.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs FP2.cs ECP2.cs FP4.cs FP12.cs PAIR.cs RectangularArrays.cs
+
+or
+
+csc TestECDH.cs ECDH.cs FP.cs BIG.cs DBIG.cs AES.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs
+
+or
+
+csc TestRSA.cs RSA.cs FF.cs BIG.cs DBIG.cs HASH256.cs HASH384.cs HASH512.cs RAND.cs ROM.cs StringHelperClass.cs
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/ecgen.cpp
----------------------------------------------------------------------
diff --git a/version22/ecgen.cpp b/version22/ecgen.cpp
new file mode 100644
index 0000000..8abf112
--- /dev/null
+++ b/version22/ecgen.cpp
@@ -0,0 +1,125 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* ECGEN - Helper MIRACL program to generate constants for EC curves
+
+(MINGW build)
+
+g++ -O3 ecgen.cpp ecn.cpp big.cpp miracl.a -o ecgen.exe
+
+
+*/
+
+#include <iostream>
+#include "big.h"
+#include "zzn2.h"
+#include "ecn2.h"
+
+using namespace std;
+
+Miracl precision(20,0);
+
+Big output(int chunk,int w,Big t,Big m)
+{
+ Big last,y=t;
+
+ cout << "{";
+ for (int i=0;i<w;i++)
+ {
+ last=y%m;
+ cout << "0x" << last;
+ y/=m;
+ if (i==w-1) break;
+ if (chunk==64) cout << "L,";
+ else cout << ",";
+ }
+
+ if (chunk==64) cout << "L}";
+ else cout << "}";
+ return last;
+}
+
+#define NOT_SPECIAL 0
+#define PSEUDO_MERSENNE 1
+#define GENERALISED_MERSENNE 2
+#define MONTGOMERY_FRIENDLY 3
+
+#define WEIERSTRASS 0
+#define EDWARDS 1
+#define MONTGOMERY 2
+
+/*** Set Modulus and Curve Type Here ***/
+
+/* Fill in this bit.... */
+
+#define CHUNK 64 /* processor word size */
+#define MBITS 336 /* Modulus size in bits */
+
+/* This next from output of check.cpp program */
+#define BASEBITS 60
+
+#define WORDS (1+((MBITS-1)/BASEBITS))
+#define MODTYPE PSEUDO_MERSENNE
+#define CURVETYPE EDWARDS
+#define CURVE_A 1 // like A parameter in CURVE: y^2=x^3+Ax+B
+
+/* .....to here */
+
+
+int main()
+{
+ miracl *mip=&precision;
+ Big p,q,R,B;
+ Big m,x,y,w,t,c,n,r,a,b,gx,gy,D,C,MC;
+ int i,A;
+
+
+/* Fill in this bit... */
+
+ p=pow((Big)2,MBITS)-3; // Modulus
+ mip->IOBASE=16;
+ r=(char *)"200000000000000000000000000000000000000000071415FA9850C0BD6B87F93BAA7B2F95973E9FA805"; // Group Order
+ B=11111; // B parameter of elliptic curve
+ gx=(char *)"C"; // generator point
+ gy=(char *)"C0DC616B56502E18E1C161D007853D1B14B46C3811C7EF435B6DB5D5650CA0365DB12BEC68505FE8632";
+
+/* .....to here */
+
+ cout << "MOD8 = " << p%8 << endl;
+
+ m=pow((Big)2,BASEBITS);
+
+ cout << "Modulus="; MC=output(CHUNK,WORDS,p,m); cout << ";" << endl;
+
+#if MODTYPE==NOT_SPECIAL
+ cout << "MConst=0x" << inverse(m-p%m,m) << ";" << endl;
+#endif
+#if MODTYPE==MONTGOMERY_FRIENDLY
+ cout << "MConst=0x" << MC+1 << ";" << endl;
+#endif
+#if MODTYPE==PSEUDO_MERSENNE
+ cout << "MConst=0x" << pow((Big)2,MBITS)-p << ";" << endl;
+#endif
+
+ cout << "Order="; output(CHUNK,WORDS,r,m); cout << ";" << endl;
+ cout << "CURVE_B="; output(CHUNK,WORDS,B,m); cout << ";" << endl;
+ cout << "CURVE_Gx="; output(CHUNK,WORDS,gx,m); cout << ";" << endl;
+ cout << "CURVE_Gy="; output(CHUNK,WORDS,gy,m); cout << ";" << endl;
+
+}
[13/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/fp12.swift
----------------------------------------------------------------------
diff --git a/swift/fp12.swift b/swift/fp12.swift
deleted file mode 100644
index 05617be..0000000
--- a/swift/fp12.swift
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// fp12.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* CLINT Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-final class FP12
-{
- private final var a:FP4
- private final var b:FP4
- private final var c:FP4
-
- /* reduce all components of this mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- c.reduce()
- }
- /* normalise all components of this */
- func norm()
- {
- a.norm();
- b.norm();
- c.norm();
- }
- /* Constructors */
- init(_ d:FP4)
- {
- a=FP4(d)
- b=FP4(0)
- c=FP4(0)
- }
-
- init(_ d:Int32)
- {
- a=FP4(d)
- b=FP4(0)
- c=FP4(0)
- }
-
- init(_ d:FP4,_ e:FP4,_ f:FP4)
- {
- a=FP4(d)
- b=FP4(e)
- c=FP4(f)
- }
-
- init(_ x:FP12)
- {
- a=FP4(x.a)
- b=FP4(x.b)
- c=FP4(x.c)
- }
- /* test x==0 ? */
- func iszilch() -> Bool
- {
- reduce();
- return a.iszilch() && b.iszilch() && c.iszilch()
- }
- /* test x==1 ? */
- func isunity() -> Bool
- {
- let one=FP4(1)
- return a.equals(one) && b.iszilch() && c.iszilch()
- }
- /* return 1 if x==y, else 0 */
- func equals(x:FP12) -> Bool
- {
- return a.equals(x.a) && b.equals(x.b) && c.equals(x.c)
- }
- /* extract a from self */
- func geta() -> FP4
- {
- return a
- }
- /* extract b */
- func getb() -> FP4
- {
- return b
- }
- /* extract c */
- func getc() -> FP4
- {
- return c
- }
- /* copy self=x */
- func copy(x:FP12)
- {
- a.copy(x.a)
- b.copy(x.b)
- c.copy(x.c)
- }
- /* set self=1 */
- func one()
- {
- a.one()
- b.zero()
- c.zero()
- }
- /* self=conj(self) */
- func conj()
- {
- a.conj()
- b.nconj()
- c.conj()
- }
- /* Granger-Scott Unitary Squaring */
- func usqr()
- {
- let A=FP4(a)
- let B=FP4(c)
- let C=FP4(b)
- let D=FP4(0)
-
- a.sqr()
- D.copy(a); D.add(a)
- a.add(D)
-
- a.norm()
- A.nconj()
-
- A.add(A)
- a.add(A)
- B.sqr()
- B.times_i()
-
- D.copy(B); D.add(B)
- B.add(D)
- B.norm()
-
- C.sqr()
- D.copy(C); D.add(C)
- C.add(D)
- C.norm()
-
- b.conj()
- b.add(b)
- c.nconj()
-
- c.add(c)
- b.add(B)
- c.add(C)
- reduce()
-
- }
- /* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- func sqr()
- {
- let A=FP4(a)
- let B=FP4(b)
- let C=FP4(c)
- let D=FP4(a)
-
- A.sqr()
- B.mul(c)
- B.add(B)
- C.sqr()
- D.mul(b)
- D.add(D)
-
- c.add(a)
- c.add(b)
- c.sqr()
-
- a.copy(A)
-
- A.add(B)
- A.norm()
- A.add(C)
- A.add(D)
- A.norm()
-
- A.neg()
- B.times_i()
- C.times_i()
-
- a.add(B)
-
- b.copy(C); b.add(D)
- c.add(A)
-
- norm()
- }
-
- /* FP12 full multiplication this=this*y */
- func mul(y:FP12)
- {
- let z0=FP4(a)
- let z1=FP4(0)
- let z2=FP4(b)
- let z3=FP4(0)
- let t0=FP4(a)
- let t1=FP4(y.a)
-
- z0.mul(y.a)
- z2.mul(y.b)
-
- t0.add(b)
- t1.add(y.b)
-
- z1.copy(t0); z1.mul(t1)
- t0.copy(b); t0.add(c)
-
- t1.copy(y.b); t1.add(y.c)
- z3.copy(t0); z3.mul(t1)
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- z1.add(t0)
- z1.norm()
- b.copy(z1); b.add(t1)
-
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(a); t0.add(c)
- t1.copy(y.a); t1.add(y.c)
- t0.mul(t1)
- z2.add(t0)
-
- t0.copy(c); t0.mul(y.c)
- t1.copy(t0); t1.neg()
-
- z2.norm()
- z3.norm()
- b.norm()
-
- c.copy(z2); c.add(t1)
- z3.add(t1)
- t0.times_i()
- b.add(t0)
-
- z3.times_i()
- a.copy(z0); a.add(z3)
-
- norm()
- }
-
- /* Special case of multiplication arises from special form of ATE pairing line function */
- func smul(y:FP12)
- {
- let z0=FP4(a)
- let z2=FP4(b)
- let z3=FP4(b)
- let t0=FP4(0)
- let t1=FP4(y.a)
-
- z0.mul(y.a)
- z2.pmul(y.b.real())
- b.add(a)
- t1.real().add(y.b.real())
-
- b.mul(t1)
- z3.add(c)
- z3.pmul(y.b.real())
-
- t0.copy(z0); t0.neg()
- t1.copy(z2); t1.neg()
-
- b.add(t0)
- b.norm()
-
- b.add(t1)
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(a); t0.add(c)
- t0.mul(y.a)
- c.copy(z2); c.add(t0)
-
- z3.times_i()
- a.copy(z0); a.add(z3)
-
- norm()
- }
- /* self=1/self */
- func inverse()
- {
- let f0=FP4(a)
- let f1=FP4(b)
- let f2=FP4(a)
- let f3=FP4(0)
-
- norm()
- f0.sqr()
- f1.mul(c)
- f1.times_i()
- f0.sub(f1)
-
- f1.copy(c); f1.sqr()
- f1.times_i()
- f2.mul(b)
- f1.sub(f2)
-
- f2.copy(b); f2.sqr()
- f3.copy(a); f3.mul(c)
- f2.sub(f3)
-
- f3.copy(b); f3.mul(f2)
- f3.times_i()
- a.mul(f0)
- f3.add(a)
- c.mul(f1)
- c.times_i()
-
- f3.add(c)
- f3.inverse()
- a.copy(f0); a.mul(f3)
- b.copy(f1); b.mul(f3)
- c.copy(f2); c.mul(f3)
- }
-
- /* self=self^p using Frobenius */
- func frob(f:FP2)
- {
- let f2=FP2(f)
- let f3=FP2(f)
-
- f2.sqr()
- f3.mul(f2)
-
- a.frob(f3)
- b.frob(f3)
- c.frob(f3)
-
- b.pmul(f)
- c.pmul(f2)
- }
-
- /* trace function */
- func trace() -> FP4
- {
- let t=FP4(0)
- t.copy(a)
- t.imul(3)
- t.reduce()
- return t
- }
- /* convert from byte array to FP12 */
- static func fromBytes(w:[UInt8]) -> FP12
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
-
- for var i=0;i<RM;i++ {t[i]=w[i]}
- var a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+RM]}
- var b=BIG.fromBytes(t)
- var c=FP2(a,b)
-
- for var i=0;i<RM;i++ {t[i]=w[i+2*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+3*RM]}
- b=BIG.fromBytes(t)
- var d=FP2(a,b)
-
- let e=FP4(c,d)
-
- for var i=0;i<RM;i++ {t[i]=w[i+4*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+5*RM]}
- b=BIG.fromBytes(t)
- c=FP2(a,b)
-
- for var i=0;i<RM;i++ {t[i]=w[i+6*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+7*RM]}
- b=BIG.fromBytes(t)
- d=FP2(a,b)
-
- let f=FP4(c,d)
-
-
- for var i=0;i<RM;i++ {t[i]=w[i+8*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+9*RM]}
- b=BIG.fromBytes(t)
- c=FP2(a,b)
-
- for var i=0;i<RM;i++ {t[i]=w[i+10*RM]}
- a=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=w[i+11*RM]}
- b=BIG.fromBytes(t);
- d=FP2(a,b)
-
- let g=FP4(c,d)
-
- return FP12(e,f,g)
- }
-
- /* convert this to byte array */
- func toBytes(inout w:[UInt8])
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
-
- a.geta().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i]=t[i]}
- a.geta().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+RM]=t[i]}
- a.getb().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+2*RM]=t[i]}
- a.getb().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+3*RM]=t[i]}
-
- b.geta().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+4*RM]=t[i]}
- b.geta().getB().toBytes(&t);
- for var i=0;i<RM;i++ {w[i+5*RM]=t[i]}
- b.getb().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+6*RM]=t[i]}
- b.getb().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+7*RM]=t[i]}
-
- c.geta().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+8*RM]=t[i]}
- c.geta().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+9*RM]=t[i]}
- c.getb().getA().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+10*RM]=t[i]}
- c.getb().getB().toBytes(&t)
- for var i=0;i<RM;i++ {w[i+11*RM]=t[i]}
- }
- /* convert to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+","+c.toString()+"]")
- }
-
- /* self=self^e */
- /* Note this is simple square and multiply, so not side-channel safe */
- func pow(e:BIG) -> FP12
- {
- norm()
- e.norm()
- let w=FP12(self)
- let z=BIG(e)
- let r=FP12(1)
-
- while (true)
- {
- let bt=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.usqr()
- }
- r.reduce()
- return r
- }
- /* constant time powering by small integer of max length bts */
- func pinpow(e:Int32,_ bts:Int32)
- {
- var R=[FP12]()
- R.append(FP12(1));
- R.append(FP12(self));
-
- for var i=bts-1;i>=0;i--
- {
- let b=Int((e>>i)&1)
- R[1-b].mul(R[b])
- R[b].usqr()
- }
- copy(R[0]);
- }
-
- /* p=q0^u0.q1^u1.q2^u2.q3^u3 */
- /* Timing attack secure, but not cache attack secure */
-
- static func pow4(q:[FP12],_ u:[BIG]) -> FP12
- {
- var a=[Int32](count:4,repeatedValue:0)
- var g=[FP12]();
-
- for var i=0;i<8;i++ {g.append(FP12(0))}
- var s=[FP12]();
- for var i=0;i<2;i++ {s.append(FP12(0))}
-
- let c=FP12(1)
- let p=FP12(0)
-
- var t=[BIG]()
- for var i=0;i<4;i++
- {t.append(BIG(u[i]))}
-
- let mt=BIG(0);
- var w=[Int8](count:ROM.NLEN*Int(ROM.BASEBITS)+1,repeatedValue:0)
-
- g[0].copy(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0])
- g[1].copy(g[0])
- g[2].copy(g[0])
- g[3].copy(g[0])
- g[4].copy(q[0]); g[4].mul(q[1])
- g[5].copy(g[4])
- g[6].copy(g[4])
- g[7].copy(g[4])
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0])
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0])
- g[2].mul(s[1])
- g[5].mul(s[0])
- g[6].mul(s[1])
- s[1].copy(q[2]); s[1].mul(q[3])
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0])
- g[3].mul(s[1])
- g[4].mul(s[0])
- g[7].mul(s[1])
-
- /* if power is even add 1 to power, and add q to correction */
-
- for var i=0;i<4;i++
- {
- if t[i].parity()==0
- {
- t[i].inc(1); t[i].norm()
- c.mul(q[i])
- }
- mt.add(t[i]); mt.norm()
- }
- c.conj();
- let nb=1+mt.nbits();
-
- /* convert exponent to signed 1-bit window */
- for var j=0;j<nb;j++
- {
- for var i=0;i<4;i++
- {
- a[i]=(t[i].lastbits(2)-2)
- t[i].dec(a[i]); t[i].norm()
- t[i].fshr(1)
- }
- w[j]=Int8(8*a[0]+4*a[1]+2*a[2]+a[3])
- }
- w[nb]=Int8(8*t[0].lastbits(2)+4*t[1].lastbits(2))
- w[nb]+=Int8(2*t[2].lastbits(2)+t[3].lastbits(2))
- p.copy(g[(w[nb]-1)/2])
-
- for var i=nb-1;i>=0;i--
- {
- let m=w[i]>>7
- let j=(w[i]^m)-m /* j=abs(w[i]) */
- let k=Int((j-1)/2)
- s[0].copy(g[k]); s[1].copy(g[k]); s[1].conj()
- p.usqr()
- p.mul(s[Int(m&1)])
- }
- p.mul(c) /* apply correction */
- p.reduce()
- return p
- }
-
-
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/fp2.swift
----------------------------------------------------------------------
diff --git a/swift/fp2.swift b/swift/fp2.swift
deleted file mode 100644
index 3682e34..0000000
--- a/swift/fp2.swift
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// fp2.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-
-final class FP2
-{
- private var a:FP
- private var b:FP
-
- /* Constructors */
- init(_ c: Int32)
- {
- a=FP(c)
- b=FP(0)
- }
-
- init(_ x:FP2)
- {
- a=FP(x.a)
- b=FP(x.b)
- }
-
- init(_ c:FP,_ d:FP)
- {
- a=FP(c)
- b=FP(d)
- }
-
- init(_ c:BIG,_ d:BIG)
- {
- a=FP(c)
- b=FP(d)
- }
-
- init(_ c:FP)
- {
- a=FP(c)
- b=FP(0)
- }
-
- init(_ c:BIG)
- {
- a=FP(c)
- b=FP(0)
- }
-
- /* test this=0 ? */
- func iszilch() -> Bool
- {
- reduce()
- return (a.iszilch() && b.iszilch())
- }
-
- func cmove(g:FP2,_ d:Int32)
- {
- a.cmove(g.a,d)
- b.cmove(g.b,d)
- }
-
- /* test this=1 ? */
- func isunity() -> Bool
- {
- let one=FP(1)
- return (a.equals(one) && b.iszilch())
- }
-
- /* test this=x */
- func equals(x:FP2) -> Bool
- {
- return (a.equals(x.a) && b.equals(x.b));
- }
-
-
- /* reduce components mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- }
-
- /* normalise components of w */
- func norm()
- {
- a.norm()
- b.norm()
- }
-
- /* extract a */
- func getA() -> BIG
- {
- return a.redc()
- }
-
- /* extract b */
- func getB() -> BIG
- {
- return b.redc()
- }
-
- /* copy self=x */
- func copy(x:FP2)
- {
- a.copy(x.a)
- b.copy(x.b)
- }
-
- /* set self=0 */
- func zero()
- {
- a.zero()
- b.zero()
- }
-
- /* set self=1 */
- func one()
- {
- a.one()
- b.zero()
- }
-
- /* negate self mod Modulus */
- func neg()
- {
- norm();
- let m=FP(a)
- let t=FP(0)
-
- m.add(b)
- m.neg()
- m.norm()
- t.copy(m); t.add(b)
- b.copy(m)
- b.add(a)
- a.copy(t)
- }
-
- /* set to a-ib */
- func conj()
- {
- b.neg()
- }
-
- /* self+=a */
- func add(x:FP2)
- {
- a.add(x.a)
- b.add(x.b)
- }
-
- /* self-=a */
- func sub(x:FP2)
- {
- let m=FP2(x)
- m.neg()
- add(m)
- }
-
- /* self*=s, where s is an FP */
- func pmul(s:FP)
- {
- a.mul(s)
- b.mul(s)
- }
-
- /* self*=i, where i is an int */
- func imul(c:Int32)
- {
- a.imul(c);
- b.imul(c);
- }
-
- /* self*=self */
- func sqr()
- {
- norm();
-
- let w1=FP(a)
- let w3=FP(a)
- let mb=FP(b)
- w3.mul(b)
- w1.add(b)
- mb.neg()
- a.add(mb)
- a.mul(w1)
- b.copy(w3); b.add(w3)
- norm()
- }
- /* self*=y */
- func mul(y:FP2)
- {
- norm(); /* This is needed here as {a,b} is not normed before additions */
-
- let w1=FP(a)
- let w2=FP(b)
- let w5=FP(a)
- let mw=FP(0)
-
- w1.mul(y.a) // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b) // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(b) // w5=a+b
- b.copy(y.a); b.add(y.b) // b=y.a+y.b
-
- b.mul(w5)
- mw.copy(w1); mw.add(w2); mw.neg()
-
- b.add(mw); mw.add(w1)
- a.copy(w1); a.add(mw)
-
- norm()
-
- }
-
- /* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
- /* returns true if this is QR */
- func sqrt() -> Bool
- {
- if iszilch() {return true}
- var w1=FP(b)
- var w2=FP(a)
- w1.sqr(); w2.sqr(); w1.add(w2)
- if w1.jacobi() != 1 { zero(); return false; }
- w1=w1.sqrt()
- w2.copy(a); w2.add(w1); w2.div2()
- if w2.jacobi() != 1
- {
- w2.copy(a); w2.sub(w1); w2.div2()
- if w2.jacobi() != 1 { zero(); return false }
- }
- w2=w2.sqrt()
- a.copy(w2)
- w2.add(w2)
- w2.inverse()
- b.mul(w2)
- return true
- }
- /* output to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+"]")
- }
-
- func toRawString() -> String
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]")
- }
-
- /* self=1/self */
- func inverse()
- {
- norm();
- let w1=FP(a)
- let w2=FP(b)
-
- w1.sqr()
- w2.sqr()
- w1.add(w2)
- w1.inverse()
- a.mul(w1)
- w1.neg()
- b.mul(w1)
- }
-
- /* self/=2 */
- func div2()
- {
- a.div2();
- b.div2();
- }
-
- /* self*=sqrt(-1) */
- func times_i()
- {
- let z=FP(a)
- a.copy(b); a.neg()
- b.copy(z)
- }
-
- /* w*=(1+sqrt(-1)) */
- /* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- func mul_ip()
- {
- norm();
- let t=FP2(self)
- let z=FP(a)
- a.copy(b)
- a.neg()
- b.copy(z)
- add(t)
- norm()
- }
- /* w/=(1+sqrt(-1)) */
- func div_ip()
- {
- let t=FP2(0)
- norm()
- t.a.copy(a); t.a.add(b)
- t.b.copy(b); t.b.sub(a)
- copy(t)
- div2()
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/fp4.swift
----------------------------------------------------------------------
diff --git a/swift/fp4.swift b/swift/fp4.swift
deleted file mode 100644
index d86e59c..0000000
--- a/swift/fp4.swift
+++ /dev/null
@@ -1,513 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// fp4.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-final class FP4 {
- private final var a:FP2
- private final var b:FP2
-
- /* constructors */
- init(_ c:Int32)
- {
- a=FP2(c)
- b=FP2(0)
- }
-
- init(_ x:FP4)
- {
- a=FP2(x.a)
- b=FP2(x.b)
- }
-
- init(_ c:FP2,_ d:FP2)
- {
- a=FP2(c)
- b=FP2(d)
- }
-
- init(_ c:FP2)
- {
- a=FP2(c)
- b=FP2(0)
- }
- /* reduce all components of this mod Modulus */
- func reduce()
- {
- a.reduce()
- b.reduce()
- }
- /* normalise all components of this mod Modulus */
- func norm()
- {
- a.norm()
- b.norm()
- }
- /* test this==0 ? */
- func iszilch() -> Bool
- {
- reduce()
- return a.iszilch() && b.iszilch()
- }
- /* test this==1 ? */
- func isunity() -> Bool
- {
- let one=FP2(1);
- return a.equals(one) && b.iszilch()
- }
-
- /* test is w real? That is in a+ib test b is zero */
- func isreal() -> Bool
- {
- return b.iszilch();
- }
- /* extract real part a */
- func real() -> FP2
- {
- return a;
- }
-
- func geta() -> FP2
- {
- return a;
- }
- /* extract imaginary part b */
- func getb() -> FP2
- {
- return b;
- }
- /* test self=x? */
- func equals(x:FP4) -> Bool
- {
- return a.equals(x.a) && b.equals(x.b)
- }
- /* copy self=x */
- func copy(x:FP4)
- {
- a.copy(x.a)
- b.copy(x.b)
- }
- /* set this=0 */
- func zero()
- {
- a.zero()
- b.zero()
- }
- /* set this=1 */
- func one()
- {
- a.one()
- b.zero()
- }
- /* set self=-self */
- func neg()
- {
- let m=FP2(a)
- let t=FP2(0)
- m.add(b)
- m.neg()
- m.norm()
- t.copy(m); t.add(b)
- b.copy(m)
- b.add(a)
- a.copy(t)
- }
- /* self=conjugate(self) */
- func conj()
- {
- b.neg(); b.norm()
- }
- /* this=-conjugate(this) */
- func nconj()
- {
- a.neg(); a.norm()
- }
- /* self+=x */
- func add(x:FP4)
- {
- a.add(x.a)
- b.add(x.b)
- }
- /* self-=x */
- func sub(x:FP4)
- {
- let m=FP4(x)
- m.neg()
- add(m)
- }
-
- /* self*=s where s is FP2 */
- func pmul(s:FP2)
- {
- a.mul(s)
- b.mul(s)
- }
- /* self*=c where c is int */
- func imul(c:Int32)
- {
- a.imul(c)
- b.imul(c)
- }
- /* self*=self */
- func sqr()
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
- let t3=FP2(a)
-
- t3.mul(b)
- t1.add(b)
- t2.mul_ip()
-
- t2.add(a)
- a.copy(t1)
-
- a.mul(t2)
-
- t2.copy(t3)
- t2.mul_ip()
- t2.add(t3)
- t2.neg()
- a.add(t2)
-
- b.copy(t3)
- b.add(t3)
-
- norm()
- }
- /* self*=y */
- func mul(y:FP4)
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
- let t3=FP2(0)
- let t4=FP2(b)
-
- t1.mul(y.a)
- t2.mul(y.b)
- t3.copy(y.b)
- t3.add(y.a)
- t4.add(a)
-
- t4.mul(t3)
- t4.sub(t1)
- t4.norm()
-
- b.copy(t4)
- b.sub(t2)
- t2.mul_ip()
- a.copy(t2)
- a.add(t1)
-
- norm()
- }
- /* convert this to hex string */
- func toString() -> String
- {
- return ("["+a.toString()+","+b.toString()+"]")
- }
-
- func toRawString() -> String
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]")
- }
- /* self=1/self */
- func inverse()
- {
- norm();
-
- let t1=FP2(a)
- let t2=FP2(b)
-
- t1.sqr()
- t2.sqr()
- t2.mul_ip()
- t1.sub(t2)
- t1.inverse()
- a.mul(t1)
- t1.neg()
- b.mul(t1)
- }
-
- /* self*=i where i = sqrt(-1+sqrt(-1)) */
- func times_i()
- {
- norm();
- let s=FP2(b)
- let t=FP2(b)
- s.times_i()
- t.add(s)
- t.norm()
- b.copy(a)
- a.copy(t)
- }
-
- /* self=self^p using Frobenius */
- func frob(f:FP2)
- {
- a.conj()
- b.conj()
- b.mul(f)
- }
- /* self=self^e */
- func pow(e:BIG) -> FP4
- {
- norm()
- e.norm()
- let w=FP4(self)
- let z=BIG(e)
- let r=FP4(1)
- while (true)
- {
- let bt=z.parity()
- z.fshr(1)
- if bt==1 {r.mul(w)}
- if z.iszilch() {break}
- w.sqr()
- }
- r.reduce()
- return r
- }
- /* XTR xtr_a function */
- func xtr_A(w:FP4,_ y:FP4,_ z:FP4)
- {
- let r=FP4(w)
- let t=FP4(w)
- r.sub(y)
- r.pmul(a)
- t.add(y)
- t.pmul(b)
- t.times_i()
-
- copy(r)
- add(t)
- add(z)
-
- norm()
- }
- /* XTR xtr_d function */
- func xtr_D()
- {
- let w=FP4(self)
- sqr(); w.conj()
- w.add(w)
- sub(w)
- reduce()
- }
- /* r=x^n using XTR method on traces of FP12s */
- func xtr_pow(n:BIG) -> FP4
- {
- let a=FP4(3)
- let b=FP4(self)
- let c=FP4(b)
- c.xtr_D()
- let t=FP4(0)
- let r=FP4(0)
-
- n.norm();
- let par=n.parity()
- let v=BIG(n); v.fshr(1)
- if par==0 {v.dec(1); v.norm()}
-
- let nb=v.nbits()
- for var i=nb-1;i>=0;i--
- {
- if (v.bit(i) != 1)
- {
- t.copy(b)
- conj()
- c.conj()
- b.xtr_A(a,self,c)
- conj()
- c.copy(t)
- c.xtr_D()
- a.xtr_D()
- }
- else
- {
- t.copy(a); t.conj()
- a.copy(b)
- a.xtr_D()
- b.xtr_A(c,self,t)
- c.xtr_D()
- }
- }
- if par==0 {r.copy(c)}
- else {r.copy(b)}
- r.reduce()
- return r
- }
-
- /* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- func xtr_pow2(ck:FP4,_ ckml:FP4,_ ckm2l:FP4,_ a:BIG,_ b:BIG) -> FP4
- {
- a.norm(); b.norm()
- let e=BIG(a)
- let d=BIG(b)
- let w=BIG(0)
-
- let cu=FP4(ck) // can probably be passed in w/o copying
- let cv=FP4(self)
- let cumv=FP4(ckml)
- let cum2v=FP4(ckm2l)
- var r=FP4(0)
- let t=FP4(0)
-
- var f2:Int=0
- while d.parity()==0 && e.parity()==0
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e) != 0)
- {
- if BIG.comp(d,e)>0
- {
- w.copy(e); w.imul(4); w.norm()
- if BIG.comp(d,w)<=0
- {
- w.copy(d); d.copy(e)
- e.rsub(w); e.norm()
-
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv)
- cum2v.conj()
- cumv.copy(cv)
- cv.copy(cu)
- cu.copy(t)
-
- }
- else if d.parity()==0
- {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- else if e.parity()==1
- {
- d.sub(e); d.norm()
- d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cu.xtr_D()
- cum2v.copy(cv)
- cum2v.xtr_D()
- cum2v.conj()
- cv.copy(t)
- }
- else
- {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- }
- if BIG.comp(d,e)<0
- {
- w.copy(d); w.imul(4); w.norm()
- if BIG.comp(e,w)<=0
- {
- e.sub(d); e.norm()
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cum2v.copy(cumv)
- cumv.copy(cu)
- cu.copy(t)
- }
- else if e.parity()==0
- {
- w.copy(d)
- d.copy(e); d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v); cumv.conj()
- cum2v.copy(t); cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- else if d.parity()==1
- {
- w.copy(e)
- e.copy(d)
- w.sub(d); w.norm()
- d.copy(w); d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu,cumv,cum2v)
- cumv.conj()
- cum2v.copy(cu)
- cum2v.xtr_D()
- cum2v.conj()
- cu.copy(cv)
- cu.xtr_D()
- cv.copy(t)
- }
- else
- {
- d.fshr(1)
- r.copy(cum2v); r.conj()
- t.copy(cumv)
- t.xtr_A(cu,cv,r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- }
- }
- r.copy(cv)
- r.xtr_A(cu,cumv,cum2v)
- for var i=0;i<f2;i++
- {r.xtr_D()}
- r=r.xtr_pow(d)
- return r
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/gcm.swift
----------------------------------------------------------------------
diff --git a/swift/gcm.swift b/swift/gcm.swift
deleted file mode 100644
index 85ee8fd..0000000
--- a/swift/gcm.swift
+++ /dev/null
@@ -1,314 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// gcm.swift
-//
-//
-// Created by Michael Scott on 23/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-/*
-* Implementation of the AES-GCM Encryption/Authentication
-*
-* Some restrictions..
-* 1. Only for use with AES
-* 2. Returned tag is always 128-bits. Truncate at your own risk.
-* 3. The order of function calls must follow some rules
-*
-* Typical sequence of calls..
-* 1. call GCM_init
-* 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
-* 3. call GCM_add_header one last time with any length of header
-* 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
-* 5. call GCM_add_cipher one last time with any length of cipher/plaintext
-* 6. call GCM_finish to extract the tag.
-*
-* See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
-*/
-
-final class GCM {
- static let NB:Int=4
- static let GCM_ACCEPTING_HEADER:Int=0
- static let GCM_ACCEPTING_CIPHER:Int=1
- static let GCM_NOT_ACCEPTING_MORE:Int=2
- static let GCM_FINISHED:Int=3
- static let GCM_ENCRYPTING:Int=0
- static let GCM_DECRYPTING:Int=1
-
- private var table=[[UInt32]](count:128,repeatedValue:[UInt32](count:4,repeatedValue:0)) /* 2k bytes */
- private var stateX=[UInt8](count:16,repeatedValue:0)
- private var Y_0=[UInt8](count:16,repeatedValue:0)
-
- private var counter:Int=0
- private var lenA=[UInt32](count:2,repeatedValue:0)
- private var lenC=[UInt32](count:2,repeatedValue:0)
- private var status:Int=0
- private var a=AES()
-
- private static func pack(b: [UInt8]) -> UInt32
- { /* pack bytes into a 32-bit Word */
- var r=((UInt32(b[0])&0xff)<<24)|((UInt32(b[1])&0xff)<<16)
- r = r|((UInt32(b[2])&0xff)<<8)|(UInt32(b[3])&0xff)
- return r
- }
-
- private static func unpack(a: UInt32) -> [UInt8]
- { /* unpack bytes from a word */
- let b:[UInt8]=[UInt8((a>>24)&0xff),UInt8((a>>16)&0xff),UInt8((a>>8)&0xff),UInt8(a&0xff)];
- return b
- }
-
- private func precompute(H: [UInt8])
- {
- var b=[UInt8](count:4,repeatedValue:0)
- var j=0
- for var i=0;i<GCM.NB;i++
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- table[0][i]=GCM.pack(b);
- j+=4
- }
- for var i=1;i<128;i++
- {
- var c:UInt32=0
- for var j=0;j<GCM.NB;j++ {table[i][j]=c|(table[i-1][j])>>1; c=table[i-1][j]<<31;}
- if c != 0 {table[i][0]^=0xE1000000} /* irreducible polynomial */
- }
- }
-
- private func gf2mul()
- { /* gf2m mul - Z=H*X mod 2^128 */
- var P=[UInt32](count:4,repeatedValue:0)
-
- for var i=0;i<4;i++ {P[i]=0}
- var j=8; var m=0;
- for var i=0;i<128;i++
- {
- let c=(stateX[m]>>UInt8(--j))&1;
- if c != 0 {for var k=0;k<GCM.NB;k++ {P[k]^=table[i][k]}}
- if (j==0)
- {
- j=8; m++;
- if (m==16) {break}
- }
- }
- j=0
- for var i=0;i<GCM.NB;i++
- {
- var b=GCM.unpack(P[i])
- stateX[j]=b[0]; stateX[j+1]=b[1]; stateX[j+2]=b[2]; stateX[j+3]=b[3];
- j+=4
- }
- }
- private func wrap()
- { /* Finish off GHASH */
- var F=[UInt32](count:4,repeatedValue:0)
- var L=[UInt8](count:16,repeatedValue:0)
-
- /* convert lengths from bytes to bits */
- F[0]=(lenA[0]<<3)|(lenA[1]&0xE0000000)>>29
- F[1]=lenA[1]<<3;
- F[2]=(lenC[0]<<3)|(lenC[1]&0xE0000000)>>29
- F[3]=lenC[1]<<3;
- var j=0
- for var i=0;i<GCM.NB;i++
- {
- var b=GCM.unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3]
- j+=4
- }
- for var i=0;i<16;i++ {stateX[i]^=L[i]}
- gf2mul()
- }
-
- private func ghash(plain: [UInt8],_ len: Int) -> Bool
- {
- // var B=[UInt8](count:16,repeatedValue:0)
-
- if status==GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if (status != GCM.GCM_ACCEPTING_CIPHER) {return false}
-
- var j=0;
- while (j<len)
- {
- for var i=0;i<16 && j<len;i++
- {
- stateX[i]^=plain[j++];
- lenC[1]++; if lenC[1]==0 {lenC[0]++}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return true;
- }
-
- /* Initialize GCM mode */
- func init_it(key: [UInt8],_ niv: Int,_ iv: [UInt8])
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- var H=[UInt8](count:16,repeatedValue:0)
-
- for var i=0;i<16;i++ {H[i]=0; stateX[i]=0}
-
- a.init_it(AES.ECB,key,iv)
- a.ecb_encrypt(&H); /* E(K,0) */
- precompute(H)
-
- lenA[0]=0;lenC[0]=0;lenA[1]=0;lenC[1]=0;
- if (niv==12)
- {
- for var i=0;i<12;i++ {a.f[i]=iv[i]}
- var b=GCM.unpack(UInt32(1))
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* initialise IV */
- for var i=0;i<16;i++ {Y_0[i]=a.f[i]}
- }
- else
- {
- status=GCM.GCM_ACCEPTING_CIPHER;
- ghash(iv,niv) /* GHASH(H,0,IV) */
- wrap()
- for var i=0;i<16;i++ {a.f[i]=stateX[i];Y_0[i]=a.f[i];stateX[i]=0}
- lenA[0]=0;lenC[0]=0;lenA[1]=0;lenC[1]=0;
- }
- status=GCM.GCM_ACCEPTING_HEADER;
- }
-
- /* Add Header data - included but not encrypted */
- func add_header(header: [UInt8],_ len: Int) -> Bool
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- if status != GCM.GCM_ACCEPTING_HEADER {return false}
-
- var j=0
- while (j<len)
- {
- for var i=0;i<16 && j<len;i++
- {
- stateX[i]^=header[j++];
- lenA[1]++; if lenA[1]==0 {lenA[0]++}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_ACCEPTING_CIPHER}
- return true;
- }
- /* Add Plaintext - included and encrypted */
- func add_plain(plain: [UInt8],_ len: Int) -> [UInt8]
- {
- var B=[UInt8](count:16,repeatedValue:0)
- var b=[UInt8](count:4,repeatedValue:0)
-
- var cipher=[UInt8](count:len,repeatedValue:0)
- var counter:UInt32=0
- if status == GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if status != GCM.GCM_ACCEPTING_CIPHER {return [UInt8]()}
-
- var j=0
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=GCM.pack(b);
- counter++;
- b=GCM.unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for var i=0;i<16;i++ {B[i]=a.f[i]}
- a.ecb_encrypt(&B); /* encrypt it */
-
- for var i=0;i<16 && j<len;i++
- {
- cipher[j]=(plain[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if lenC[1]==0 {lenC[0]++}
- }
- gf2mul();
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return cipher;
- }
- /* Add Ciphertext - decrypts to plaintext */
- func add_cipher(cipher: [UInt8],_ len: Int) -> [UInt8]
- {
- var B=[UInt8](count:16,repeatedValue:0)
- var b=[UInt8](count:4,repeatedValue:0)
-
- var plain=[UInt8](count:len,repeatedValue:0)
- var counter:UInt32=0
-
- if status==GCM.GCM_ACCEPTING_HEADER {status=GCM.GCM_ACCEPTING_CIPHER}
- if status != GCM.GCM_ACCEPTING_CIPHER {return [UInt8]()}
-
- var j=0
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=GCM.pack(b);
- counter++;
- b=GCM.unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for var i=0;i<16;i++ {B[i]=a.f[i]}
- a.ecb_encrypt(&B); /* encrypt it */
- for var i=0;i<16 && j<len;i++
- {
- plain[j]=(cipher[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if lenC[1]==0 {lenC[0]++}
- }
- gf2mul()
- }
- if len%16 != 0 {status=GCM.GCM_NOT_ACCEPTING_MORE}
- return plain;
- }
-
- /* Finish and extract Tag */
- func finish(extract: Bool) -> [UInt8]
- { /* Finish off GHASH and extract tag (MAC) */
- var tag=[UInt8](count:16,repeatedValue:0)
-
- wrap();
- /* extract tag */
- if (extract)
- {
- a.ecb_encrypt(&Y_0); /* E(K,Y0) */
- for var i=0;i<16;i++ {Y_0[i]^=stateX[i]}
- for var i=0;i<16;i++ {tag[i]=Y_0[i];Y_0[i]=0;stateX[i]=0;}
- }
- status=GCM.GCM_FINISHED;
- a.end();
- return tag;
- }
-
- static func hex2bytes(s: String) -> [UInt8]
- {
- var array=Array(arrayLiteral: s)
- let len=array.count;
- var data=[UInt8](count:len/2,repeatedValue:0)
-
- for var i=0;i<len;i+=2
- {
- data[i / 2] = UInt8(strtoul(String(array[i]),nil,16)<<4)+UInt8(strtoul(String(array[i+1]),nil,16))
- }
- return data;
- }
-
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/hash.swift
----------------------------------------------------------------------
diff --git a/swift/hash.swift b/swift/hash.swift
deleted file mode 100644
index 1768971..0000000
--- a/swift/hash.swift
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// hash.swift
-//
-//
-// Created by Michael Scott on 17/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-// SHA256 Implementation
-//
-
-final class HASH{
-
- private var length=[UInt32](count:2,repeatedValue:0)
- private var h=[UInt32](count:8,repeatedValue:0)
- private var w=[UInt32](count:64,repeatedValue:0)
- static let H0:UInt32=0x6A09E667
- static let H1:UInt32=0xBB67AE85
- static let H2:UInt32=0x3C6EF372
- static let H3:UInt32=0xA54FF53A
- static let H4:UInt32=0x510E527F
- static let H5:UInt32=0x9B05688C
- static let H6:UInt32=0x1F83D9AB
- static let H7:UInt32=0x5BE0CD19
-
- static let len:Int=32
-
- static let K:[UInt32]=[
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2]
-
-
- private static func S(n: UInt32,_ x: UInt32) -> UInt32
- {
- return ((x>>n)|(x<<(32-n)))
- }
-
- private static func R(n: UInt32,_ x: UInt32) -> UInt32
- {
- return (x>>n)
- }
-
- private static func Ch(x: UInt32,_ y: UInt32,_ z:UInt32) -> UInt32
- {
- return ((x&y)^(~(x)&z))
- }
-
- private static func Maj(x: UInt32,_ y: UInt32,_ z:UInt32) -> UInt32
- {
- return ((x&y)^(x&z)^(y&z))
- }
-
- private static func Sig0(x: UInt32) -> UInt32
- {
- return (S(2,x)^S(13,x)^S(22,x))
- }
-
- private static func Sig1(x: UInt32) -> UInt32
- {
- return (S(6,x)^S(11,x)^S(25,x))
- }
-
- private static func theta0(x: UInt32) -> UInt32
- {
- return (S(7,x)^S(18,x)^R(3,x))
- }
-
- private static func theta1(x: UInt32) -> UInt32
- {
- return (S(17,x)^S(19,x)^R(10,x))
- }
-
- private func transform()
- { /* basic transformation step */
- var a,b,c,d,e,f,g,hh,t1,t2 :UInt32
- var j:Int
- for j=16;j<64;j++
- {
- w[j]=HASH.theta1(w[j-2])&+w[j-7]&+HASH.theta0(w[j-15])&+w[j-16]
- }
- a=h[0]; b=h[1]; c=h[2]; d=h[3]
- e=h[4]; f=h[5]; g=h[6]; hh=h[7]
-
- for j=0;j<64;j++
- { /* 64 times - mush it up */
- t1=hh&+HASH.Sig1(e)&+HASH.Ch(e,f,g)&+HASH.K[j]&+w[j]
- t2=HASH.Sig0(a)&+HASH.Maj(a,b,c)
- hh=g; g=f; f=e;
- e=d&+t1;
- d=c;
- c=b;
- b=a;
- a=t1&+t2;
- }
- h[0]=h[0]&+a; h[1]=h[1]&+b; h[2]=h[2]&+c; h[3]=h[3]&+d
- h[4]=h[4]&+e; h[5]=h[5]&+f; h[6]=h[6]&+g; h[7]=h[7]&+hh;
- }
-
- /* Re-Initialise Hash function */
- func init_it()
- { /* initialise */
- for var i=0;i<64;i++ {w[i]=0}
- length[0]=0; length[1]=0
- h[0]=HASH.H0;
- h[1]=HASH.H1;
- h[2]=HASH.H2;
- h[3]=HASH.H3;
- h[4]=HASH.H4;
- h[5]=HASH.H5;
- h[6]=HASH.H6;
- h[7]=HASH.H7;
- }
-
- init()
- {
- init_it()
- }
-
- /* process a single byte */
- func process(byt: UInt8)
- { /* process the next message byte */
- let cnt=Int((length[0]/32)%16)
- w[cnt]<<=8;
- w[cnt]|=(UInt32(byt)&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1]++; length[0]=0 }
- if ((length[0]%512)==0) {transform()}
- }
-
- /* process an array of bytes */
- func process_array(b: [UInt8])
- {
- for var i=0;i<b.count;i++ {process((b[i]))}
- }
-
- /* process a 32-bit integer */
- func process_num(n:Int32)
- {
- process(UInt8((n>>24)&0xff))
- process(UInt8((n>>16)&0xff))
- process(UInt8((n>>8)&0xff))
- process(UInt8(n&0xff))
- }
-
- /* Generate 32-byte Hash */
- func hash() -> [UInt8]
- { /* pad message and finish - supply digest */
- var digest=[UInt8](count:32,repeatedValue:0)
-
- let len0=length[0]
- let len1=length[1]
- process(0x80);
- while ((length[0]%512) != 448) {process(0)}
- w[14]=UInt32(len1)
- w[15]=len0;
- transform()
- for var i=0;i<HASH.len;i++
- { /* convert to bytes */
- digest[i]=UInt8((h[i/4]>>(8*(3-UInt32(i)%4))) & 0xff);
- }
- init_it();
- return digest;
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/main.swift
----------------------------------------------------------------------
diff --git a/swift/main.swift b/swift/main.swift
deleted file mode 100644
index a9bf70a..0000000
--- a/swift/main.swift
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// main.swift
-//
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-TestRSA()
-TestECDH()
-TestMPIN()
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/mpin.swift
----------------------------------------------------------------------
diff --git a/swift/mpin.swift b/swift/mpin.swift
deleted file mode 100644
index 66c876e..0000000
--- a/swift/mpin.swift
+++ /dev/null
@@ -1,728 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// mpin.swift
-//
-//
-// Created by Michael Scott on 08/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-final public class MPIN
-{
- static public let EFS=Int(ROM.MODBYTES)
- static public let EGS=Int(ROM.MODBYTES)
- static public let PAS:Int=16
- static let INVALID_POINT:Int = -14
- static let BAD_PARAMS:Int = -11
- static let WRONG_ORDER:Int = -18
- static public let BAD_PIN:Int = -19
-
- /* Configure your PIN here */
-
- static let MAXPIN:Int32 = 10000 /* PIN less than this */
- static let PBLEN:Int32 = 14 /* Number of bits in PIN */
- static let TS:Int = 10 /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- static let TRAP:Int = 200 /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
- /* Hash number (optional) and string to point on curve */
-
- private static func hashit(n:Int32,_ ID:[UInt8]) -> [UInt8]
- {
- let H=HASH()
- if n != 0 {H.process_num(n)}
- H.process_array(ID)
- let h=H.hash()
- return h
- }
-
- static func mapit(h:[UInt8]) -> ECP
- {
- let q=BIG(ROM.Modulus)
- let x=BIG.fromBytes(h)
- x.mod(q)
- var P=ECP(x,0)
- while (true)
- {
- if !P.is_infinity() {break}
- x.inc(1); x.norm();
- P=ECP(x,0);
- }
- return P
- }
-
- /* needed for SOK */
- static func mapit2(h:[UInt8]) -> ECP2
- {
- let q=BIG(ROM.Modulus)
- var x=BIG.fromBytes(h)
- let one=BIG(1)
- var Q=ECP2()
- x.mod(q);
- while (true)
- {
- let X=FP2(one,x);
- Q=ECP2(X);
- if !Q.is_infinity() {break}
- x.inc(1); x.norm();
- }
- /* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- let Fra=BIG(ROM.CURVE_Fra);
- let Frb=BIG(ROM.CURVE_Frb);
- let X=FP2(Fra,Frb);
- x=BIG(ROM.CURVE_Bnx);
-
- let T=ECP2(); T.copy(Q)
- T.mul(x); T.neg()
- let K=ECP2(); K.copy(T)
- K.dbl(); K.add(T); K.affine()
-
- K.frob(X)
- Q.frob(X); Q.frob(X); Q.frob(X)
- Q.add(T); Q.add(K)
- T.frob(X); T.frob(X)
- Q.add(T)
- Q.affine()
- return Q
- }
-
- /* return time in slots since epoch */
- static public func today() -> Int32
- {
- let date=NSDate()
- return (Int32(date.timeIntervalSince1970/(60*1440)))
- }
-
- /* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
- /* maps a random u to a point on the curve */
- static func map(u:BIG,_ cb:Int32) -> ECP
- {
- let x=BIG(u)
- let p=BIG(ROM.Modulus)
- x.mod(p)
- var P=ECP(x,cb)
- while (true)
- {
- if !P.is_infinity() {break}
- x.inc(1); x.norm()
- P=ECP(x,cb)
- }
- return P
- }
-
- /* returns u derived from P. Random value in range 1 to return value should then be added to u */
- static func unmap(inout u:BIG,_ P:ECP) -> Int32
- {
- let s=P.getS()
- var r:Int32=0
- let x=P.getX()
- u.copy(x)
- var R=ECP()
- while (true)
- {
- u.dec(1); u.norm()
- r++
- R=ECP(u,s)
- if !R.is_infinity() {break}
- }
- return r
- }
-
- static public func HASH_ID(ID:[UInt8]) -> [UInt8]
- {
- return hashit(0,ID)
- }
-
- /* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
- /* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
- /* Note that u and v are indistinguisible from random strings */
- static public func ENCODING(rng:RAND,inout _ E:[UInt8]) -> Int
- {
- var T=[UInt8](count:EFS,repeatedValue:0)
-
- for var i=0;i<EFS;i++ {T[i]=E[i+1]}
- var u=BIG.fromBytes(T);
- for var i=0;i<EFS;i++ {T[i]=E[i+EFS+1]}
- var v=BIG.fromBytes(T)
-
- let P=ECP(u,v);
- if P.is_infinity() {return INVALID_POINT}
-
- let p=BIG(ROM.Modulus)
- u=BIG.randomnum(p,rng)
-
- var su=rng.getByte();
- su%=2
-
- let W=MPIN.map(u,Int32(su))
- P.sub(W);
- let sv=P.getS();
- let rn=MPIN.unmap(&v,P)
- let m=rng.getByte();
- let incr:Int32=1+Int32(m)%rn
- v.inc(incr)
- E[0]=(su+UInt8(2*sv))
- u.toBytes(&T)
- for var i=0;i<EFS;i++ {E[i+1]=T[i]}
- v.toBytes(&T)
- for var i=0;i<EFS;i++ {E[i+EFS+1]=T[i]}
-
- return 0;
- }
-
- static public func DECODING(inout D:[UInt8]) -> Int
- {
- var T=[UInt8](count:EFS,repeatedValue:0)
-
- if (D[0]&0x04) != 0 {return INVALID_POINT}
-
- for var i=0;i<EFS;i++ {T[i]=D[i+1]}
- var u=BIG.fromBytes(T)
- for var i=0;i<EFS;i++ {T[i]=D[i+EFS+1]}
- var v=BIG.fromBytes(T)
-
- let su=D[0]&1
- let sv=(D[0]>>1)&1
- let W=map(u,Int32(su))
- let P=map(v,Int32(sv))
- P.add(W)
- u=P.getX()
- v=P.getY()
- D[0]=0x04
- u.toBytes(&T);
- for var i=0;i<EFS;i++ {D[i+1]=T[i]}
- v.toBytes(&T)
- for var i=0;i<EFS;i++ {D[i+EFS+1]=T[i]}
-
- return 0
- }
- /* R=R1+R2 in group G1 */
- static public func RECOMBINE_G1(R1:[UInt8],_ R2:[UInt8],inout _ R:[UInt8]) -> Int
- {
- let P=ECP.fromBytes(R1)
- let Q=ECP.fromBytes(R2)
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(&R)
- return 0;
- }
- /* W=W1+W2 in group G2 */
- static public func RECOMBINE_G2(W1:[UInt8],_ W2:[UInt8],inout _ W:[UInt8]) -> Int
- {
- let P=ECP2.fromBytes(W1)
- let Q=ECP2.fromBytes(W2)
-
- if P.is_infinity() || Q.is_infinity() {return INVALID_POINT}
-
- P.add(Q)
-
- P.toBytes(&W)
- return 0
- }
- /* create random secret S */
- static public func RANDOM_GENERATE(rng:RAND,inout _ S:[UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- let s=BIG.randomnum(r,rng)
-
- s.toBytes(&S);
- return 0;
- }
- /* Extract PIN from TOKEN for identity CID */
- static public func EXTRACT_PIN(CID:[UInt8],_ pin:Int32,inout _ TOKEN:[UInt8]) -> Int
- {
- let P=ECP.fromBytes(TOKEN)
- if P.is_infinity() {return INVALID_POINT}
- let h=MPIN.hashit(0,CID)
- var R=MPIN.mapit(h)
-
-
- R=R.pinmul(pin%MAXPIN,MPIN.PBLEN)
- P.sub(R)
-
- P.toBytes(&TOKEN)
-
- return 0
- }
- /* Implement step 2 on client side of MPin protocol */
- static public func CLIENT_2(X:[UInt8],_ Y:[UInt8],inout _ SEC:[UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- let P=ECP.fromBytes(SEC)
- if P.is_infinity() {return INVALID_POINT}
-
- let px=BIG.fromBytes(X)
- let py=BIG.fromBytes(Y)
- px.add(py)
- px.mod(r)
- px.rsub(r)
-
- PAIR.G1mul(P,px).toBytes(&SEC)
- return 0
- }
-
- /* Implement step 1 on client side of MPin protocol */
- static public func CLIENT_1(date:Int32,_ CLIENT_ID:[UInt8],_ rng:RAND?,inout _ X:[UInt8],_ pin:Int32,_ TOKEN:[UInt8],inout _ SEC:[UInt8],inout _ xID:[UInt8]?,inout _ xCID:[UInt8]?,_ PERMIT:[UInt8]) -> Int
- {
- let r=BIG(ROM.CURVE_Order)
- // let q=BIG(ROM.Modulus)
- var x:BIG
- if rng != nil
- {
- x=BIG.randomnum(r,rng!)
- x.toBytes(&X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- // var t=[UInt8](count:EFS,repeatedValue:0)
-
- var h=MPIN.hashit(0,CLIENT_ID)
- var P=mapit(h);
-
- let T=ECP.fromBytes(TOKEN);
- if T.is_infinity() {return INVALID_POINT}
-
- var W=P.pinmul(pin%MPIN.MAXPIN,MPIN.PBLEN)
- T.add(W)
- if date != 0
- {
- W=ECP.fromBytes(PERMIT)
- if W.is_infinity() {return INVALID_POINT}
- T.add(W);
- h=MPIN.hashit(date,h)
- W=MPIN.mapit(h);
- if xID != nil
- {
- P=PAIR.G1mul(P,x)
- P.toBytes(&xID!)
- W=PAIR.G1mul(W,x)
- P.add(W)
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if xCID != nil {P.toBytes(&xCID!)}
- }
- else
- {
- if xID != nil
- {
- P=PAIR.G1mul(P,x)
- P.toBytes(&xID!)
- }
- }
-
-
- T.toBytes(&SEC);
- return 0;
- }
- /* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- static public func GET_SERVER_SECRET(S:[UInt8],inout _ SST:[UInt8]) -> Int
- {
- var Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
-
- let s=BIG.fromBytes(S)
- Q=PAIR.G2mul(Q,s)
- Q.toBytes(&SST)
- return 0
- }
-
- /*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
- */
- static public func GET_G1_MULTIPLE(rng:RAND?,_ type:Int,inout _ X:[UInt8],_ G:[UInt8],inout _ W:[UInt8]) -> Int
- {
- var x:BIG
- let r=BIG(ROM.CURVE_Order)
- if rng != nil
- {
- x=BIG.randomnum(r,rng!)
- x.toBytes(&X)
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P:ECP
- if type==0
- {
- P=ECP.fromBytes(G)
- if P.is_infinity() {return INVALID_POINT}
- }
- else
- {P=MPIN.mapit(G)}
-
- PAIR.G1mul(P,x).toBytes(&W)
- return 0;
- }
- /* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
- /* CID is hashed externally */
- static public func GET_CLIENT_SECRET(inout S:[UInt8],_ CID:[UInt8],inout _ CST:[UInt8]) -> Int
- {
- return GET_G1_MULTIPLE(nil,1,&S,CID,&CST)
- }
- /* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- static public func GET_CLIENT_PERMIT(date:Int32,_ S:[UInt8],_ CID:[UInt8],inout _ CTT:[UInt8]) -> Int
- {
- let h=MPIN.hashit(date,CID)
- let P=MPIN.mapit(h)
-
- let s=BIG.fromBytes(S)
- PAIR.G1mul(P,s).toBytes(&CTT)
- return 0;
- }
-
- /* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- static public func SERVER_1(date:Int32,_ CID:[UInt8],inout _ HID:[UInt8]?,inout _ HTID:[UInt8])
- {
- var h=MPIN.hashit(0,CID)
- let P=MPIN.mapit(h)
-
- if date != 0
- {
- if HID != nil {P.toBytes(&HID!)}
- h=hashit(date,h)
- let R=MPIN.mapit(h)
- P.add(R)
- P.toBytes(&HTID)
- }
- else {P.toBytes(&HID!)}
- }
- /* Implement step 2 of MPin protocol on server side */
- static public func SERVER_2(date:Int32,_ HID:[UInt8]?,_ HTID:[UInt8],_ Y:[UInt8],_ SST:[UInt8],_ xID:[UInt8]?,_ xCID:[UInt8],_ mSEC:[UInt8],inout _ E:[UInt8]?,inout _ F:[UInt8]?) -> Int
- {
- _=BIG(ROM.Modulus);
- let Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
- let sQ=ECP2.fromBytes(SST)
- if sQ.is_infinity() {return INVALID_POINT}
-
- var R:ECP
- if date != 0
- {R=ECP.fromBytes(xCID)}
- else
- {
- if xID==nil {return MPIN.BAD_PARAMS}
- R=ECP.fromBytes(xID!)
- }
- if R.is_infinity() {return INVALID_POINT}
-
- let y=BIG.fromBytes(Y)
- var P:ECP
- if date != 0 {P=ECP.fromBytes(HTID)}
- else
- {
- if HID==nil {return MPIN.BAD_PARAMS}
- P=ECP.fromBytes(HID!)
- }
-
- if P.is_infinity() {return INVALID_POINT}
-
- P=PAIR.G1mul(P,y)
- P.add(R)
- R=ECP.fromBytes(mSEC)
- if R.is_infinity() {return MPIN.INVALID_POINT}
-
-
- var g=PAIR.ate2(Q,R,sQ,P)
- g=PAIR.fexp(g)
-
- if !g.isunity()
- {
- if HID != nil && xID != nil && E != nil && F != nil
- {
- g.toBytes(&E!)
- if date != 0
- {
- P=ECP.fromBytes(HID!)
- if P.is_infinity() {return MPIN.INVALID_POINT}
- R=ECP.fromBytes(xID!)
- if R.is_infinity() {return MPIN.INVALID_POINT}
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(&F!);
- }
- return MPIN.BAD_PIN;
- }
-
- return 0
- }
- /* Pollards kangaroos used to return PIN error */
- static public func KANGAROO(E:[UInt8],_ F:[UInt8]) -> Int
- {
- let ge=FP12.fromBytes(E)
- let gf=FP12.fromBytes(F)
- var distance=[Int]();
- let t=FP12(gf);
- var table=[FP12]()
-
- var s:Int=1
- for var m=0;m<Int(TS);m++
- {
- distance.append(s)
- table.append(FP12(t))
- s*=2
- t.usqr()
-
- }
- t.one()
- var dn:Int=0
- for var j=0;j<TRAP;j++
- {
- let i=Int(t.geta().geta().getA().lastbits(8))%TS
- t.mul(table[i])
- dn+=distance[i]
- }
- gf.copy(t); gf.conj()
- var steps=0; var dm:Int=0
- var res=0;
- while (dm-dn<Int(MAXPIN))
- {
- steps++;
- if steps>4*TRAP {break}
- let i=Int(ge.geta().geta().getA().lastbits(8))%TS
- ge.mul(table[i])
- dm+=distance[i]
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm
- break
- }
-
- }
- if steps>4*TRAP || dm-dn>=Int(MAXPIN) {res=0 } // Trap Failed - probable invalid token
- return res
- }
- /* Functions to support M-Pin Full */
-
- static public func PRECOMPUTE(TOKEN:[UInt8],_ CID:[UInt8],inout _ G1:[UInt8],inout _ G2:[UInt8]) -> Int
- {
- let T=ECP.fromBytes(TOKEN);
- if T.is_infinity() {return INVALID_POINT}
-
- let P=MPIN.mapit(CID)
-
- let Q=ECP2(FP2(BIG(ROM.CURVE_Pxa),BIG(ROM.CURVE_Pxb)),FP2(BIG(ROM.CURVE_Pya),BIG(ROM.CURVE_Pyb)))
-
- var g=PAIR.ate(Q,T)
- g=PAIR.fexp(g)
- g.toBytes(&G1)
-
- g=PAIR.ate(Q,P)
- g=PAIR.fexp(g)
- g.toBytes(&G2)
-
- return 0
- }
-
- /* calculate common key on client side */
- /* wCID = w.(A+AT) */
- static public func CLIENT_KEY(G1:[UInt8],_ G2:[UInt8],_ pin:Int32,_ R:[UInt8],_ X:[UInt8],_ wCID:[UInt8],inout _ CK:[UInt8]) -> Int
- {
- let H=HASH()
- var t=[UInt8](count:EFS,repeatedValue:0)
-
- let g1=FP12.fromBytes(G1)
- let g2=FP12.fromBytes(G2)
- let z=BIG.fromBytes(R)
- let x=BIG.fromBytes(X)
-
- var W=ECP.fromBytes(wCID)
- if W.is_infinity() {return INVALID_POINT}
-
- W=PAIR.G1mul(W,x)
-
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let r=BIG(ROM.CURVE_Order)
- let q=BIG(ROM.Modulus)
-
- let m=BIG(q)
- m.mod(r)
-
- let a=BIG(z)
- a.mod(m)
-
- let b=BIG(z)
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- var c=g1.trace()
- g2.copy(g1)
- g2.frob(f)
- let cp=g2.trace()
- g1.conj()
- g2.mul(g1)
- let cpm1=g2.trace()
- g2.mul(g1)
- let cpm2=g2.trace()
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b)
-
- c.geta().getA().toBytes(&t)
- H.process_array(t)
- c.geta().getB().toBytes(&t)
- H.process_array(t)
- c.getb().getA().toBytes(&t)
- H.process_array(t)
- c.getb().getB().toBytes(&t)
- H.process_array(t);
-
- W.getX().toBytes(&t)
- H.process_array(t)
- W.getY().toBytes(&t)
- H.process_array(t)
-
- t=H.hash()
- for var i=0;i<MPIN.PAS;i++ {CK[i]=t[i]}
-
- return 0
- }
- /* calculate common key on server side */
- /* Z=r.A - no time permits involved */
-
- static public func SERVER_KEY(Z:[UInt8],_ SST:[UInt8],_ W:[UInt8],_ xID:[UInt8],_ xCID:[UInt8]?,inout _ SK:[UInt8]) -> Int
- {
- let H=HASH();
- var t=[UInt8](count:EFS,repeatedValue:0)
-
- let sQ=ECP2.fromBytes(SST)
- if sQ.is_infinity() {return INVALID_POINT}
- let R=ECP.fromBytes(Z)
- if R.is_infinity() {return INVALID_POINT}
-
- var U:ECP
- if xCID != nil
- {U=ECP.fromBytes(xCID!)}
- else
- {U=ECP.fromBytes(xID)}
-
- if U.is_infinity() {return INVALID_POINT}
-
- let w=BIG.fromBytes(W)
- U=PAIR.G1mul(U,w)
- var g=PAIR.ate(sQ,R)
- g=PAIR.fexp(g)
-
- let c=g.trace()
- c.geta().getA().toBytes(&t)
- H.process_array(t)
- c.geta().getB().toBytes(&t)
- H.process_array(t)
- c.getb().getA().toBytes(&t)
- H.process_array(t)
- c.getb().getB().toBytes(&t)
- H.process_array(t);
-
- U.getX().toBytes(&t)
- H.process_array(t)
- U.getY().toBytes(&t)
- H.process_array(t)
-
- t=H.hash()
- for var i=0;i<MPIN.PAS;i++ {SK[i]=t[i]}
-
- return 0
- }
-
- /* return time since epoch */
- static public func GET_TIME() -> Int32
- {
- let date=NSDate()
- return (Int32(date.timeIntervalSince1970))
- }
-
- /* Generate Y = H(epoch, xCID/xID) */
- static public func GET_Y(TimeValue:Int32,_ xCID:[UInt8],inout _ Y:[UInt8])
- {
- let h = MPIN.hashit(TimeValue,xCID)
- let y = BIG.fromBytes(h)
- let q=BIG(ROM.CURVE_Order)
- y.mod(q)
- y.toBytes(&Y)
- }
- /* One pass MPIN Client */
- static public func CLIENT(date:Int32,_ CLIENT_ID:[UInt8],_ RNG:RAND?,inout _ X:[UInt8],_ pin:Int32,_ TOKEN:[UInt8],inout _ SEC:[UInt8],inout _ xID:[UInt8]?,inout _ xCID:[UInt8]?,_ PERMIT:[UInt8],_ TimeValue:Int32,inout _ Y:[UInt8]) -> Int
- {
- var rtn=0
-
- rtn = MPIN.CLIENT_1(date,CLIENT_ID,RNG,&X,pin,TOKEN,&SEC,&xID,&xCID,PERMIT)
-
- if rtn != 0 {return rtn}
-
- if date==0 {MPIN.GET_Y(TimeValue,xID!,&Y)}
- else {MPIN.GET_Y(TimeValue,xCID!,&Y)}
-
- rtn = MPIN.CLIENT_2(X,Y,&SEC)
- if (rtn != 0) {return rtn}
-
- return 0
- }
- /* One pass MPIN Server */
- static public func SERVER(date:Int32,inout _ HID:[UInt8]?,inout _ HTID:[UInt8],inout _ Y:[UInt8],_ SST:[UInt8],_ xID:[UInt8]?,_ xCID:[UInt8],_ SEC:[UInt8],inout _ E:[UInt8]?,inout _ F:[UInt8]?,_ CID:[UInt8],_ TimeValue:Int32) -> Int
- {
- var rtn=0
-
- var pID:[UInt8]
- if date == 0
- {pID = xID!}
- else
- {pID = xCID}
-
- SERVER_1(date,CID,&HID,&HTID);
-
- GET_Y(TimeValue,pID,&Y);
-
- rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,&E,&F);
- if rtn != 0 {return rtn}
-
- return 0
- }
-
- static public func printBinary(array: [UInt8])
- {
- for var i=0;i<array.count;i++
- {
- let h=String(format:"%02x",array[i])
- print("\(h)", terminator: "")
- }
- print(" ");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/pair.swift
----------------------------------------------------------------------
diff --git a/swift/pair.swift b/swift/pair.swift
deleted file mode 100644
index f768d36..0000000
--- a/swift/pair.swift
+++ /dev/null
@@ -1,501 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// pair.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* CLINT BN Curve Pairing functions */
-
-final class PAIR {
-
- /* Line function */
- static func line(A:ECP2,_ B:ECP2,_ Qx:FP,_ Qy:FP) -> FP12
- {
- let P=ECP2()
- var a:FP4
- var b:FP4
- var c:FP4
- P.copy(A);
- let ZZ=FP2(P.getz())
- ZZ.sqr();
- var D:Int
- if A===B {D=A.dbl()} /* Check this return value in clint_ec2.c */
- else {D=A.add(B)}
- if (D<0) {return FP12(1)}
- let Z3=FP2(A.getz())
- c=FP4(0)
- if D==0
- { /* Addition */
- let X=FP2(B.getx())
- let Y=FP2(B.gety())
- let T=FP2(P.getz())
- T.mul(Y)
- ZZ.mul(T)
-
- let NY=FP2(P.gety()); NY.neg()
- ZZ.add(NY)
- Z3.pmul(Qy)
- T.mul(P.getx())
- X.mul(NY)
- T.add(X)
- a=FP4(Z3,T)
- ZZ.neg()
- ZZ.pmul(Qx)
- b=FP4(ZZ)
- }
- else
- { /* Doubling */
- let X=FP2(P.getx())
- let Y=FP2(P.gety())
- let T=FP2(P.getx())
- T.sqr()
- T.imul(3)
-
- Y.sqr()
- Y.add(Y)
- Z3.mul(ZZ)
- Z3.pmul(Qy)
-
- X.mul(T)
- X.sub(Y)
- a=FP4(Z3,X)
- T.neg()
- ZZ.mul(T)
- ZZ.pmul(Qx)
- b=FP4(ZZ)
- }
- return FP12(a,b,c)
- }
- /* Optimal R-ate pairing */
- static func ate(P:ECP2,_ Q:ECP) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let x=BIG(ROM.CURVE_Bnx)
- let n=BIG(x)
- let K=ECP2()
-
- var lv:FP12
- n.pmul(6); n.dec(2); n.norm()
- P.affine()
- Q.affine()
- let Qx=FP(Q.getx())
- let Qy=FP(Q.gety())
-
- let A=ECP2()
- let r=FP12(1)
-
- A.copy(P)
- let nb=n.nbits()
-
- for var i=nb-2;i>=1;i--
- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- /* R-ate fixup */
-
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
-
- return r
- }
- /* Optimal R-ate double pairing e(P,Q).e(R,S) */
- static func ate2(P:ECP2,_ Q:ECP,_ R:ECP2,_ S:ECP) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let x=BIG(ROM.CURVE_Bnx)
- let n=BIG(x)
- let K=ECP2()
- var lv:FP12
- n.pmul(6); n.dec(2); n.norm()
- P.affine()
- Q.affine()
- R.affine()
- S.affine()
-
- let Qx=FP(Q.getx())
- let Qy=FP(Q.gety())
- let Sx=FP(S.getx())
- let Sy=FP(S.gety())
-
- let A=ECP2()
- let B=ECP2()
- let r=FP12(1)
-
- A.copy(P)
- B.copy(R)
- let nb=n.nbits()
-
- for var i=nb-2;i>=1;i--
- {
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
- if n.bit(i)==1
- {
- lv=line(A,P,Qx,Qy)
- r.smul(lv)
- lv=line(B,R,Sx,Sy)
- r.smul(lv)
- }
- r.sqr()
- }
-
- lv=line(A,A,Qx,Qy)
- r.smul(lv)
-
- lv=line(B,B,Sx,Sy)
- r.smul(lv)
-
- /* R-ate fixup */
- r.conj()
-
- K.copy(P)
- K.frob(f)
- A.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(A,K,Qx,Qy)
- r.smul(lv)
-
- K.copy(R)
- K.frob(f)
- B.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
- K.frob(f)
- K.neg()
- lv=line(B,K,Sx,Sy)
- r.smul(lv)
-
- return r
- }
-
- /* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- static func fexp(m:FP12) -> FP12
- {
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb));
- let x=BIG(ROM.CURVE_Bnx)
- let r=FP12(m)
-
- /* Easy part of final exp */
- var lv=FP12(r)
- lv.inverse()
- r.conj()
-
- r.mul(lv)
- lv.copy(r)
- r.frob(f)
- r.frob(f)
- r.mul(lv)
-
- /* Hard part of final exp */
- lv.copy(r)
- lv.frob(f)
- let x0=FP12(lv)
- x0.frob(f)
- lv.mul(r)
- x0.mul(lv)
- x0.frob(f)
- let x1=FP12(r)
- x1.conj()
- let x4=r.pow(x)
-
- let x3=FP12(x4)
- x3.frob(f)
-
- let x2=x4.pow(x)
-
- let x5=FP12(x2); x5.conj()
- lv=x2.pow(x)
-
- x2.frob(f)
- r.copy(x2); r.conj()
-
- x4.mul(r)
- x2.frob(f)
-
- r.copy(lv)
- r.frob(f)
- lv.mul(r)
-
- lv.usqr()
- lv.mul(x4)
- lv.mul(x5)
- r.copy(x3)
- r.mul(x5)
- r.mul(lv)
- lv.mul(x2)
- r.usqr()
- r.mul(lv)
- r.usqr()
- lv.copy(r)
- lv.mul(x1)
- r.mul(x0)
- lv.usqr()
- r.mul(lv)
- r.reduce()
- return r
- }
-
- /* GLV method */
- static func glv(e:BIG) -> [BIG]
- {
- let t=BIG(0)
- let q=BIG(ROM.CURVE_Order)
- var u=[BIG]();
- var v=[BIG]();
- for var j=0;j<2;j++
- {
- u.append(BIG(0))
- v.append(BIG(0))
- }
-
- for var i=0;i<2;i++
- {
- t.copy(BIG(ROM.CURVE_W[i]))
- let d=BIG.mul(t,e)
- v[i].copy(d.div(q))
- }
- u[0].copy(e);
- for var i=0;i<2;i++
- {
- for var j=0;j<2;j++
- {
- t.copy(BIG(ROM.CURVE_SB[j][i]))
- t.copy(BIG.modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
- }
- /* Galbraith & Scott Method */
- static func gs(e:BIG) -> [BIG]
- {
- let t=BIG(0)
- let q=BIG(ROM.CURVE_Order)
- var u=[BIG]();
- var v=[BIG]();
- for var j=0;j<4;j++
- {
- u.append(BIG(0))
- v.append(BIG(0))
- }
-
- for var i=0;i<4;i++
- {
- t.copy(BIG(ROM.CURVE_WB[i]))
- let d=BIG.mul(t,e)
- v[i].copy(d.div(q))
- }
- u[0].copy(e);
- for var i=0;i<4;i++
- {
- for var j=0;j<4;j++
- {
- t.copy(BIG(ROM.CURVE_BB[j][i]))
- t.copy(BIG.modmul(v[j],t,q))
- u[i].add(q)
- u[i].sub(t)
- u[i].mod(q)
- }
- }
- return u
- }
-
- /* Multiply P by e in group G1 */
- static func G1mul(P:ECP,_ e:BIG) -> ECP
- {
- var R:ECP
- if (ROM.USE_GLV)
- {
- P.affine()
- R=ECP()
- R.copy(P)
- let Q=ECP()
- Q.copy(P)
- let q=BIG(ROM.CURVE_Order)
- let cru=FP(BIG(ROM.CURVE_Cru))
- let t=BIG(0)
- var u=PAIR.glv(e)
- Q.getx().mul(cru);
-
- var np=u[0].nbits()
- t.copy(BIG.modneg(u[0],q))
- var nn=t.nbits()
- if (nn<np)
- {
- u[0].copy(t)
- R.neg()
- }
-
- np=u[1].nbits()
- t.copy(BIG.modneg(u[1],q))
- nn=t.nbits()
- if (nn<np)
- {
- u[1].copy(t)
- Q.neg()
- }
-
- R=R.mul2(u[0],Q,u[1])
- }
- else
- {
- R=P.mul(e)
- }
- return R
- }
-
- /* Multiply P by e in group G2 */
- static func G2mul(P:ECP2,_ e:BIG) -> ECP2
- {
- var R:ECP2
- if (ROM.USE_GS_G2)
- {
- var Q=[ECP2]()
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb));
- let q=BIG(ROM.CURVE_Order);
- var u=PAIR.gs(e);
-
- let t=BIG(0);
- P.affine()
- Q.append(ECP2())
- Q[0].copy(P);
- for var i=1;i<4;i++
- {
- Q.append(ECP2()); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
- for var i=0;i<4;i++
- {
- let np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- let nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
- /* f=f^e */
- /* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
- static func GTpow(d:FP12,_ e:BIG) -> FP12
- {
- var r:FP12
- if (ROM.USE_GS_GT)
- {
- var g=[FP12]()
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
- let q=BIG(ROM.CURVE_Order)
- let t=BIG(0)
-
- var u=gs(e)
- g.append(FP12(0))
- g[0].copy(d);
- for var i=1;i<4;i++
- {
- g.append(FP12(0)); g[i].copy(g[i-1])
- g[i].frob(f)
- }
- for var i=0;i<4;i++
- {
- let np=u[i].nbits()
- t.copy(BIG.modneg(u[i],q))
- let nn=t.nbits()
- if (nn<np)
- {
- u[i].copy(t)
- g[i].conj()
- }
- }
- r=FP12.pow4(g,u)
- }
- else
- {
- r=d.pow(e)
- }
- return r
- }
- /* test group membership */
- /* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
- static func GTmember(m:FP12) -> Bool
- {
- if m.isunity() {return false}
- let r=FP12(m)
- r.conj()
- r.mul(m)
- if !r.isunity() {return false}
-
- let f=FP2(BIG(ROM.CURVE_Fra),BIG(ROM.CURVE_Frb))
-
- r.copy(m); r.frob(f); r.frob(f)
- var w=FP12(r); w.frob(f); w.frob(f)
- w.mul(m)
- if !ROM.GT_STRONG
- {
- if !w.equals(r) {return false}
- let x=BIG(ROM.CURVE_Bnx)
- r.copy(m); w=r.pow(x); w=w.pow(x)
- r.copy(w); r.sqr(); r.mul(w); r.sqr()
- w.copy(m); w.frob(f)
- }
- return w.equals(r)
- }
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/rand.swift
----------------------------------------------------------------------
diff --git a/swift/rand.swift b/swift/rand.swift
deleted file mode 100644
index 1026433..0000000
--- a/swift/rand.swift
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// rand.swift
-//
-//
-// Created by Michael Scott on 17/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-// Cryptographic strong random number generator
-
-/* Marsaglia & Zaman Random number generator constants */
-final public class RAND {
- private static let NK:Int=21
- private static let NJ:Int=6
- private static let NV:Int=8
- private var ira=[UInt32](count:NK,repeatedValue:0)
- private var rndptr:Int=0
- private var borrow:UInt32=0
- private var pool_ptr:Int=0
- private var pool=[UInt8](count:32,repeatedValue:0)
-
- public func clean()
- {
- pool_ptr=0
- rndptr=0
- for var i=0;i<32;i++ {pool[i]=0}
- for var i=0;i<RAND.NK;i++ {ira[i]=0}
- borrow=0;
- }
-
- public init() {clean()}
-
- private func sbrand() -> UInt32
- { /* Marsaglia & Zaman random number generator */
- rndptr++;
- if rndptr<RAND.NK {return ira[rndptr]}
- rndptr=0;
- var k=RAND.NK-RAND.NJ
- for var i=0;i<RAND.NK;i++
- {
- if k==RAND.NK {k=0}
- let t=ira[k];
- let pdiff=t &- ira[i] &- borrow
- if pdiff<t {borrow=0}
- if pdiff>t {borrow=1}
- ira[i]=pdiff
- k++;
- }
- return ira[0]
- }
-
- func sirand(seed: UInt32)
- {
- var m:UInt32=1
- var s:UInt32=seed
- borrow=0;
- rndptr=0
- ira[0]^=s
- for var i=1;i<RAND.NK;i++
- { /* fill initialisation vector */
- let ipn=(RAND.NV*i)%RAND.NK
- ira[ipn]^=m
- let t=m
- m=s &- m
- s=t
- }
- for var i=0;i<10000;i++ {sbrand()}
- }
-
- private func fill_pool()
- {
- let sh=HASH()
- for var i=0;i<128;i++ {sh.process(UInt8(sbrand()&0xff))}
- pool=sh.hash()
- pool_ptr=0
- }
-
- private func pack(b: [UInt8]) -> UInt32
- {
- return (UInt32(b[3])<<24)|(UInt32(b[2])<<16)|(UInt32(b[1])<<8)|(UInt32(b[0]))
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public func seed(rawlen: Int,_ raw: [UInt8])
- { /* initialise from at least 128 byte string of raw random entropy */
- var digest=[UInt8]()
- var b=[UInt8](count:4, repeatedValue:0)
- let sh=HASH()
- pool_ptr=0
- for var i=0;i<RAND.NK;i++ {ira[i]=0}
- if rawlen>0
- {
- for var i=0;i<rawlen;i++ {sh.process(raw[i])}
- digest=sh.hash()
-
- for var i=0;i<8;i++
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3]
- sirand(pack(b))
- }
-
- }
- fill_pool()
- }
-
- public func getByte() -> UInt8
- {
- let r=pool[pool_ptr++]
- if pool_ptr>=32 {fill_pool()}
- return r
- }
-
-
-}
[19/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/tests/BNCX.json
----------------------------------------------------------------------
diff --git a/js/tests/BNCX.json b/js/tests/BNCX.json
deleted file mode 100644
index 7cf034b..0000000
--- a/js/tests/BNCX.json
+++ /dev/null
@@ -1 +0,0 @@
-[{"SS1": "1520a952de349f533b6aafdf89373840c6cedb5d80c10cbb77fd2977d1260f261bc1aab33387ea29d5a229d03b86b755a1cd958b5465b765789d45d69394254309dbeca19eb8d87e2b68b3b3313d518da6af44cbf7dc99db73345236e0f69ffb049ae528f8ea5f1f431e5292b50206951e0869e471140dbd044533d74c8f35bc", "SS2": "0b5dc395464513d1b8456fb4b1e131855a171693043115db8b9213fc5cb6ab060706ddf77a2d716129f095627102642c916f0528abc8c613dc4e3efc3685407206502735e18685ca4870db8dfaa6bcf65c0ca58426841ce84686b495a2a07f61167068abb790a36d2bd624a6ab2a7de51845d2b5adc990c1a5a339081607d01c", "DATE": 16574, "PIN2": 888, "PIN1": 888, "SERVER_SECRET": "1c73290d1a444dbf7d64d5ef22b152165f84b6bb1bbfb5b961de08294d7194fc0bb8652116b2e5a237706de08731a6b3089cad532a8fb1faa06a1deb36b037e00bcfcdcf98cd043a26cc6ee4b551c6307c57eb56ee5c005fd92d08598db9c47d0926edcb97b370b4542d5bb2ce4fd600b4657ec6abb3503e4172af59cc94d4a0", "SEC": "0402ecbb873cfd1a27d39d28a3e8cf25b9e11b8825aaea42874440e21505a0f5291745d9a15fc477f2228374bdf6a67633a3eb428f6622376ec4ec9522b8a75ee7", "T
P2": "04185f9348a8dc152fe4c5c9a3eafa39b8d49302b7c380b26eb50d7a855aef1c340e08b35442a02d2eaade3b1cc4a502b3cfa1532eecb7ea9f2664bd4b86123187", "TP1": "041a5cca30f0a4ce9ebf97052fed980adcba9d486dbe688b4793779f46e0269e8e01239cad9ab5205cfa2b679b9f63c8def786939ffa97e2a8f9d16ddb4f23a731", "CS1": "0401435d98ba070157b3f808c8f07a8ed7719f2717ec65baf631cd8d068a7a43930e9e700a8335caa36bc28c5c673e9fd132eb9b40c90cb66675b049860b07858e", "CS2": "0414130490c24aa99fbc55f242d11ffc5ffdf5c9c3f2430e24a23f068cb10fb6c405ded7a269a807ae2771a8c5984ec3d370a7cc565541b31dd44cd2cd3156b56d", "HASH_MPIN_ID_HEX": "d12467cfb19e88fa1af70615874ad467163a79b3bd666fdaf9ff3a4e76871967", "TIME_PERMIT": "04227accf008a0c0c10a27eb4ae833ef056613b3964c2d4f3b9f7a2dd84ec6a7c819eaa5b37faf57016f5806ac236549c39098bfd6ce50e0a2d1e8f7ea64ab838e", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20223635303366623332333137346332343639353133636337393930346263623435
406365727469766f782e636f6d222c202273616c74223a20226166666366356237333965666238386165616337656464396335663961643631227d", "TOKEN": "041739675948c978b2b4ac4b380d93783a4c7482f812b645b26f51dd407bf9c5121bb2cebb06e9b3c5f96b5d6619b52194d8b02e7df5de527497bc42bbf6aefbfc", "U": "040c11c1d9d9202c861ab7920823cb0c83af6bd679fc52ec9604099fbb2db78a8908b7c4d769e9d90f7d9b655526663a9e7bf82ddebb3626c6be0b20464dc2dc34", "SERVER_OUTPUT": 0, "V": "040b8ad73e1199b1e3a0d767accaf340fa1014dde6c5a188523f74c8f4d1318c15028387e61f456f5cede275edb1e04a81bf9214779a5dfb6731f60b21ff46f12c", "Y": "235e6cd2bac4f802c13c6513bce1c11cad6e51f45b2516cc8eb7edc256e5a203", "X": "064bcba79105dac17aab45a810cdc802fcec526fcd4b878f18407a0017481413", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"6503fb323174c2469513cc79904bcb45@certivox.com\", \"salt\": \"affcf5b739efb88aeac7edd9c5f9ad61\"}", "test_no": 0, "UT": "04155e8411542f9a2d7818c43e539d994f99dd9b8158bb2373704834f2a27fb59f116341daa21cedddb3d4393
bfaedc2cfdf2c0983d280e87a9b0e01043bab9557", "MS2": "2243a7cc0e5f776b5ca1426d481a1ce565fded749f242b46f0a14b09c7de37c0", "MS1": "0bc2261afc713cd48b8047112ade92077067c31c6e0a6d732c7d77ebdd0d5956", "CLIENT_SECRET": "0411e119359451da0b6c6f17eceb64a20598c33b213dea3b6891eadd131200c49712a352a5f8ddb3260667758b78ac7f2ed8da5b80926e0abfbaf89a8caed920b3"}, {"SS1": "0f468b9986919bdd7c2d5b1805b0281264fd9e33db0b658b065966733b78d36f1eb4f5981b41b7da15f1386ef10dab2cde16832131374f9fe8b707176c8f5c981c3b3c79218ab6f66746644ae7c321bd466248562832091eeaab9f781bb17378227ce7c682a39864645840036e21437c7132434bae53b3dc9e72bb0c2d2189c2", "SS2": "2171885f0771519da9f347fc923f947c6833a9d5d084005b906856262dd94d7b1ed457dad2ffa72cbc478b4031e7e2567c0ddca977bde0b494dec929f02e517b09aba69dc3f41588db9accfe370501879568b25c91a9f4152ee3d416dadacf481e4ac7c1cf2934e08cb8331a5782ca1cdaf3a83981614acf9b6c6780e7ff0f77", "DATE": 16574, "PIN2": 5299, "PIN1": 5299, "SERVER_SECRET": "03e47ee3315b9cbb277468ed5c488f2b0b3a262b15e628e0d5f4f12
9e64a1fad0cc84af7acedd5225e7d40df5155db23f4bfa290adff6ca31c4884488c2d55a10be2b0f01e7de752201c4090a3115322e0a76d29c5fcacbd4d049b50f0089bbd1235b5935d93d9c50b521b2ea8af29ac5f52e40125076e97d1395d1fa22b21f2", "SEC": "041abd94a1806a932a0281f8b71d97273dfa73a3b73e41725973e4269944a48457037943bf74f29f9652316a0802ffe914bf6dd721f356caef4fb93cf2a68795e0", "TP2": "04076852c9d627e10361db7a5d1338308c5d92312ddaa4996d4e3767b7bcc6eaa621c9a69d1264329cdf17007dffea8b8053a4dda479dafc775ef059f85add5230", "TP1": "0405c9437dbd17780b5fff9c12230b048a14c14d5f4d51e415c67d51e995f73a5b1a50c5259b6fdf92b704aca052670dd142e48992891b052d6e59ecc142be6a37", "CS1": "0412d3a065010d42084337a9d2e869cc44d7ce84b51c08a1f78cf7522c487f377b1810af8fb5c69ef5585c39eedd462fdf21681c970017aea3539eb1fc46136805", "CS2": "0420a2d7bb34dd1076fbe3ec090b0d33dba435ed26a4ca385e0a443ee4db9f13ed065e9d908a5e174a97335cba95866b5448ce53fae031d22e2102ad45b1d7df1b", "HASH_MPIN_ID_HEX": "55a884c2cf6ea921cf3238a9d489b22c68e096d96a021ceff6f8c220798229f4",
"TIME_PERMIT": "040340b91db12b2d3b403227d35043dbccdaab6ebb62955983bd06e5db8822b0261678235685c4cbb5a4169a6390481470fb788dc91a69056a4862ee3697094cad", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20226330323037316639626664303631353932393935363761383633383363343433406365727469766f782e636f6d222c202273616c74223a20226263633732346535636561373564343065316136633334633933633164333239227d", "TOKEN": "041d50f62c5bf35aad38b7cbd91a919919ff6abb5f7e6dee83450adc9b4900235320c1f4eb7bce4d14143d36c7b362aeed90afb48e84d83bee1c4cc133abf68adf", "U": "041a21408eeb64776ebcce3f814485476f55882cbd797fa6dfbeb6ce5c506081b209308b70ba69efd2594bbb88c2e09bdef9b9b3e49437f2f5f296dc6853661954", "SERVER_OUTPUT": 0, "V": "0405ddbf8a26e7958269f103e8ab5ef45c20cb845cade3041fc98075dd9b50e3d821a67a905a19b694404331986d1ea1e8543b18748efccceb25048584b4b20116", "Y": "1f62d44eb0a0add266210aa2209d3184abc9a9a53d14b6e877291df1d6ff41d7", "X": "104788b50
1987fbb438213927dc93a4493693d981f350924678f55787c2ffb76", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"c02071f9bfd06159299567a86383c443@certivox.com\", \"salt\": \"bcc724e5cea75d40e1a6c34c93c1d329\"}", "test_no": 1, "UT": "04047ac3439fe68dc9bab6d4a5511e7770ca1e4dd2a617eb3be500c3c95d669934028e2c0937d7542fd70ea7c623c3181aa832fe3c7160e458f6341c224c5c604d", "MS2": "0d4827f28c094a2c6a29e88c2fa6e36a9aac8e21c9196fb952b26435ac4fe448", "MS1": "1ad3a17e1667901e1e865164eb25480d3dde6d8b350af7ce701f4730f0d26b9a", "CLIENT_SECRET": "040b36db188c8dcd415a9a26e90f9bb043cf7ac0527ca43a5c71bfd95ae9c17c420afa015d0fe3ea8c4da06e9ff70fc444b0ee9f9a1f227baf2687da9e64c2a7a7"}, {"SS1": "21b27fe347dfa66bfb098f848f4a2b474ef9e23d6dce3d6927c8559a0ce901ff20896dbc80ec32c19f6c9d3eb248c397a50cf39bc875c256398ec3d75ec61e520b3bafe5970d46c2671a20ada5a9879f5661bd9f63f5d8fbc0cc56bcd39b9b7a23de3f98dca07e67c7668014e5367a979206b5c98611cfd597319154681daf43", "SS2": "08198a7a3d2820b8987842d2743d
bff22daf00078ebd5eaa3983d696f8a3eae91cb1314e7dddf0a47aa4b3570b80368b6573b5062767aaef9a5b9117484d7e5c0ca2f89d23469c747c4ed6cb30dad0000d85926ae5aa6de012ec4d56f35c5cd5231225762c78d43eb15b4d58615191d8302df6f25920ef7da9733bcaf5549f08", "DATE": 16574, "PIN2": 8009, "PIN1": 8009, "SERVER_SECRET": "022802cf792087f376c4b6aa8a980cd569e5f2a3f505b9e0455d3b67c5692d3711301dd42e732d6af6cdd7ba069f51342240b7d6478423ce063c8af04de0ebb70183bead7230e056c34ec775a4fe699bba00772ce5895db260a0a1106cff4b39094e1ecbe035af718f4f00d265bc18eb9cdbc65890ea94f9c95a5e1c8edfe15e", "SEC": "04057389030a78b7b6ea26f59248c37fea17b0e522e3699848ad5301cf1ede99291784540e7418afb2ea6d792fabe2a9b1b04b5871d0a3bc81f4b15d8043d9e283", "TP2": "041de5b1b6e33b2c07743e53b0fc02eb8cf0a480761864dad14966eedf9348dcb21c75bd9a3f56299e814e60ee9e1274eebc18f433cd107de65f5dfe3a67109718", "TP1": "041038ced7b5d89739230f0374851c0319b218c833f55cd09bc253be1077bcd12d11d5edded2d5d4aceb1a13263bda49ee8292f3ecbe07f9e40206da53a4923aaa", "CS1": "04239dd5403d85c
3b72638d4a4adcc7bf2046c80b9ac2ad56183025a7caebf18f8101ed98295acffe2ae8444914741aa58eff00aaf0f01828fff2be490c8fe5af3", "CS2": "041f6f4c331a39b7644cf3d7ef6be4ae012bc89223935a23b526d5db5da611af9a10126134ba60e1b2bf01832aa29349c11842153af643a53b6d090dea02865483", "HASH_MPIN_ID_HEX": "935f0d6bd07683250e03081005f149b7bb106a11524733234e5b6516923ce8f0", "TIME_PERMIT": "040f58e86621443f94b7770d0a0916a4a5079748988a98f84bcd253b7044120d96137e6c5b3a331b9e35dfcc6f5991f99b2e7d83f93a4dfb9c118a92a040535e8b", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20226465666137646565366465633866333161636261383839613731646136623064406365727469766f782e636f6d222c202273616c74223a20223133643563363662393531633931366531653834343434626131376336353938227d", "TOKEN": "042152f07e5fd78a1f843390d41478d2d5f0437285009408f2d63ab190434a83f403fbe78d63da99ed8fdce141ab12625fc36147b48e5a566f3f38a3b7f8b1dc88", "U": "041fb404a10229be4ee993b6d70cf4af1
f570b8ab377a07dedf08fcebd02fb44980fd3d85930d15611ba1a2c33015bfbae9ad57757169499066ffd069a1723cade", "SERVER_OUTPUT": 0, "V": "0418bea256f235243219296b7f5e2b0dde4fd54e2d82d80cd7882600756f07d1cd13e4d4b3ec3defcd9e5f45ba110215e3b705534ecbe21d334261cdde1d0a2c9d", "Y": "0a40ff78e525b2bb445a4912a13239942adb5e476f55a0cba5d88eb85b6d40b1", "X": "14fa7ea042f6e80c90c29f031b25233d6122fbf0255a4ae12cd8643c2e9ad749", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"defa7dee6dec8f31acba889a71da6b0d@certivox.com\", \"salt\": \"13d5c66b951c916e1e84444ba17c6598\"}", "test_no": 2, "UT": "041491587ea612ab06cf8380fd9f4c4865c60069ac42fdc5ffa3077570484f29ed13ff03b544fb28df4143cb89a2f1a01cf2552a621d7b35e2ad9a6a13484252bc", "MS2": "1ea4fc812244b362af1e00ad29a8a20285062ed3df75eb6934b03f733dd8637d", "MS1": "0773c896ecad1274e67f78c45506c5eea2ce4d11b79f650e779c7d5a37d656f4", "CLIENT_SECRET": "0420f67cbe2d0914ea983336afaa737d93e22825578f65d7fd7f6de1550e47eba411d3bdf73908b88a3980e00a3
7bea16836e7feb5301e02f6c748ff5dfb88a8b3"}, {"SS1": "019a441b3e885442206c4ebda5a811f9e39f7215c2c7494a9271f8174027d7d81381e2c00f01f5ec419985b29ea6313862b57b37708d40e3cce8cd15da76ebd51afd7703019ed8ce53bbadc466831bbf0934868bf0b0ef7b674daf56f8208c9f079af4e6103b4c77e49f3620e1fb0182738f1008befdf51f14f1920fa0e3a7b7", "SS2": "13979da829e50cb10d90168792f0935576bbe606c3b9f4eca4f9859087c16d701f17425a5c08ea5b720e48c43988b3b4a24c8dd88efdc833f3f407b348d0b64719c3a113a1e9a3c75fd037a2dbceb65810ab46a71ed01d102073ee23ea972d1e094cd2577001081dc3d8b33608f7232f2e890487b759fa8bacedc8ec178d78fd", "DATE": 16574, "PIN2": 9236, "PIN1": 9236, "SERVER_SECRET": "183c338d428a1b431460090908981ba162974d3366e920e106647a0518befaa1239e518bd8ac0d0dfdff38e980afbbfe4c8cca7a4df7c80e7a93206540e64d24148a8adbdb6d91a8777d243cc905741e674a216b9830d628469bb44d0a97f93801eeec00b1ac89fe1e41f8995002997c0bebba12a9c5f16f61c8b758069ca7bb", "SEC": "041aa9a4e8ed6fdad96a24cf4b1e542400a80777d2b82c37f8750cbc2be5939c3d04aff95bde7cb335cea825f3a
9fd7b17a7b46960f99d0b2f144d54f1a7a889ec", "TP2": "041d9a480dc01508acd380e76853476e409351ac3f5f53792921187703f81519d52162972a19845f4de95267bfea8aa98ed1862864ba99093188b1b58a58fe5dda", "TP1": "041d041c5d8848da82deba27ffe660b0db71aa8ff268186d0defec7cc2593103d31f5cd79818e87cd7fb76b9b888e2882bedaaf254dd2acc1e1dd4746b07039597", "CS1": "040dbb037c6ebade2e1834a15d1f900a7fa526c974b49afebfdf7b98321e6554cc0c7bcebd582600d3510e8ebd43628ae2558a12a7d1ffbbc5b36b84aaf8e9afb2", "CS2": "0405dd5653c55e6b56285b96c627b0b5d19182e306716e6713e7d74d3779f888b60aa7eea6c8c9ac1ee23206d24b63f2a736e4a0e99a05e7f1edf2e150bae894ac", "HASH_MPIN_ID_HEX": "48229e13e1c3180914eab5fb2ad71d51bd42819b105d15084a6ceb27b67b2cea", "TIME_PERMIT": "040844b552d359c4948bb6f682f899eb9be5a4b987521a39c7878d68a8fecec0351b754f5f16396a2e2ac9651054b31f843ebfc610e18ca114026126a01f167e0d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a202263366232613664323263
34333063333237393066356633303932646236666535406365727469766f782e636f6d222c202273616c74223a20223330303036663866623736306439396132633736366563343738363162663563227d", "TOKEN": "04175619ead75d0a35c8bc5b363a7b860ba885dd6792da77aad90a84e28e04d89b17acf8c008098af8fa683dbae1f5a21418aa56a6593be85bc62eb4b92778b132", "U": "0417f23a5a7f2a0d73705c1aad04a50cf5383e6bb5bc8f70e754591dfa9608dd3f103707fe6621b2d96c71b67e0f3b7a6c0d9a7e42ccedcbd14570fdb21c1a8afe", "SERVER_OUTPUT": 0, "V": "040d3c4ddd87fb3b6d0cc84806feeb04e97d5a425c0e4f9d57542fbdd93070e02321c76ada3f6f5443e744eb1d07d010a0922f0bba8b7ac38bcd0d869ee9cb08a2", "Y": "0fe1bef7f0c2f00be843cffe52489e800f76bc7f2892d283ace814e4d808d758", "X": "07d69e95baa1873f1d1abc755846a5a2ced5e3ed9a3755fdc218931dc9975258", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"c6b2a6d22c430c32790f5f3092db6fe5@certivox.com\", \"salt\": \"30006f8fb760d99a2c766ec47861bf5c\"}", "test_no": 3, "UT": "040703a76274cbdf19bdcb64e943d8c6c06769e8c15f2
75996210a9937490a3a7b2328ac7ecd61cbde145d3896fd9b943f23e46c09910900279dbde4991be081d7", "MS2": "0d1d899d6c396e9415a7ce3520b9000f8f5a5e7d47ae5c739b24b971bb8dccc9", "MS1": "0493c81df73802f88968d6c06c3834ab34cdf740c3d003178cd822e389b9b260", "CLIENT_SECRET": "0401a8a91fba681ed30da9659ac4a09b02a97a6916373a757ccf8902c031ad49c403a5ccc174dee4352ecfa7a439f630fd281c487fa840aa73b169ceb67667c125"}, {"SS1": "1ee4f64244435fac2768c632f7e6e8970e24d0fce21e5012a5bfd0f53ba14e9c0e1674e4d9119fdfa43f312c79594b6d36954628a1ffce8eca03c27d2f25322722d0366d084a8a356be01c5acbb2859efe9c617441c14cb7823fd4197b0fab2e13977f34642ab1fe1a5442edabff21625138348435040f6343c10480f96ea010", "SS2": "0bf923482e8945c8ca68716a5e744e6c8a67551cc35b16b9346f5149e32d3b9706f4a2ff66476452a4323b4d4b24758ab9bbf5f0cf9d7e9a0522d3f9ce78310600a109a9efa30d3b41ab04f86ddc561a00cc9d6a3502abac324dbab1fe42b2dd107ffe6c93c6172de1ca619c17eeeb0d26d52577c2bd4732dd14deb3f23b36e0", "DATE": 16574, "PIN2": 7948, "PIN1": 7948, "SERVER_SECRET": "0a074a16c39
8ea6b8a55c263766497977efaf5c2dfe22195338b37963dd0a1ad14470fb1f77e83979192697cc21f75552803468ecb447d705401b02aa58a948f10f734727178bce6f079d6d39dc110d87017cece3bed4b57e1284c3acb2dfcfb1e37bbecf67fda8eebe447149042091743195cd15ce2f2048ce753abc3575308", "SEC": "04188a016078f4868432475c62dd5d2328850836c9f7b6722bdd44eedd7b00b2e914b683bb574dcbcc2eb51b7c249b87c378aface89b51f21deda7f9d3f650cd17", "TP2": "041c26065697b7922ea6244242728d606db07670863cd64cabb0d7a9bd23f8232d04069e1badf46d4c3a5983ffcce8a78b57b190eb14c2a81d917b1ca6bac3a23c", "TP1": "0411c27ec8ef5e74f2ee340c5491d07ecf9513a26e92896aa1abbb8e53d1403f7b1365a2148a432fce451ab7e7b5b9c66dc2412355936e5b0144b513414602ab42", "CS1": "040362c73ee7435cf8a78f5c700daf6b9a8404f0c62e2340d4168f84b3bab3e1301c036a644eb8e626ed310a595219d96fc000a0084f85b144c0f06f713b66a58f", "CS2": "04227bf99836c8daa5c0d15169f33edbf29e16c56175b7a0cafdc003432116ef960399c375479aa8e1fedb5c4612344da2bfec4dfbe8653a7a5b806efa51cf8e36", "HASH_MPIN_ID_HEX": "eab4e9530b180aa597ec32a
125245d8fb6699da0b3fbebd501e574eb961a3f39", "TIME_PERMIT": "042337defa34c32a3881b2acf801cb935bc382a1f867bf0eec2f1a30a8317f54370582b3a7fdc57a68f6460101884f2a76d90276f19fb56cd66c2043ae4b1a09ee", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20223836666538343435643066336337333066626665613330646235343035636436406365727469766f782e636f6d222c202273616c74223a20223638363566616361386230303135373064346236376562393462646239323762227d", "TOKEN": "040ae1365789a7381ff442a19ff09a25cc3d31336da12a27f55ba80bb29401abb91607dff8fcf6be38d984c151f3d752a19e81b6e90bbf4385fe678a3e16daaf18", "U": "041108ccf4589d7766ef0ac969f8139525393745ddb18c10a42ab2a325f0287b111bda113c3a09e91d918ec5826ae9d6878697b217aab7b4df4e817f64c3784c41", "SERVER_OUTPUT": 0, "V": "04156927e530f9afc8f0232f99893d84f26d890144698718ce5ad54b717547b67f2252ea5f30b27f3e7b8613c96670f3ac36649461076c3b4bcbc40001f2341275", "Y": "183bc2bde80fba19d0f1ea345068acb2c856fd
c8f0699f5051277d7b45f438d6", "X": "0a8a35c4f3ed665bfba479a6a08a125e6a3e41561fb6b11a158ba7ee5c3fc23e", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"86fe8445d0f3c730fbfea30db5405cd6@certivox.com\", \"salt\": \"6865faca8b001570d4b67eb94bdb927b\"}", "test_no": 4, "UT": "0414498cfa890a2a68cc9aa8041184cad78c93ec04c38409200762f6513513a3462168adfd3f92da74340bce5cf4f35be2259ed7511d1cfabee1484d690f747ceb", "MS2": "2016e100f00700bc0bd6becd5597ad9247907c35ee32338775c6fdd9dcdca745", "MS1": "21c0f1ca115242eb0bb0984ffdf1e1488eba3093ec70ebdd014dde253e203a4e", "CLIENT_SECRET": "041320c0d639bdecb59089e3bb1dca7a34268741f480ab1a184d1b5719805d7cd10e8eedb02d56ba2d3503ea4f13e757f074759a9def22d948e17de3bad79f155d"}, {"SS1": "1b6f46bdee6acff8508a6abdc397dd656677e1e4f3036570a848155e32d84ee605ed99e87230e8e82c9ab3b1546c57dfee6e09f2907e0374728eb12514ac75110b2e551a4cf86dfcb85303832f67c8e518dcb64283678873a756ab53c18c58f51ca355bd2736824fa3346372cc76b48802eae6e85aea0ce052fb7049e1f
005d3", "SS2": "0587a37e99aec3d88d75395f180313f41d97afd5296f5bdfdbb31e0f4db7069005d7671c520bb1d4559e1f6ae9736227ab780bf51781b9dd07678de732214ab2139912c4f36ce0dcf76fc417e4721e3b14adf57776764b8ce54e372c9859060f1cca749a6b0411b609360a3e4652d320dd60bb0e585a3abcfcd5a46f947221f0", "DATE": 16574, "PIN2": 1463, "PIN1": 1463, "SERVER_SECRET": "0c336c8babd0b3bc6ec5c7f1cafa17fea49cb1a8076e2ac40b585008f53e8c2d07a06d67c3baf6fe2c6ee58df0124373a0c607165c74f469514b559d9b5ec16a09693fe3af5a8ab0329b49124f41b6771dc6f7194c2934e6bec42fc9db274aec187813c02e5118cec839d3f9d57e5dbcb5e70f4c113f9a366dab425e88b9251c", "SEC": "040b5f13e43d0e152c45754f8dcdd241f55549c86c46567749ded57b2ce29c39e00a01b1fd1022705d6faa2a6f1fa6cd4e9dcaf16270b7630d3a6747378c900721", "TP2": "040c6fa0a22d35dd840b2bddab6b4a15d97b038d4056d3a961c29c1e57158056381e974ea8dd04e08d418948112a60c17ce91c66488984818a14206c32b1d755a6", "TP1": "0405b721c01c1c32091a633887f276c0bd8dd94ef7282ade8031fa1e4b2749442705a656af0aa44f5a2219dfed66339868437678e0563498
01a437afcbfa7cb429", "CS1": "041c674ed4190bdddb998759f680bc170f75013901972099f93f351ab9316d718d0b856b331c4a0a003be14a7845a76598ab58e144716015842dde9b231439868c", "CS2": "040c39a9aa1327bee91f9f753db352d4ff787eedebac6fe997f08d40cbc53f1ac20811b41a1b67b5f09452723de8086b42a10dd40e6109d4e203e487cf7414088e", "HASH_MPIN_ID_HEX": "e9e2c4ca2c3b579f0ebf4a536f4d7592162446287c88d20911264966102e34f8", "TIME_PERMIT": "0401155572f8f4ad5f54c64592b5c0ff55efd9204b57bc248dbdfb1be8b845acf3089c95534a1693ff02ae81171c113bc77ab09de27083e7bc95b59b0436fd5047", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20223434623963613539396461306330376134323965306364356164363237666338406365727469766f782e636f6d222c202273616c74223a20226239636433323066623865376530646331363036363931363163303763633535227d", "TOKEN": "040ae7d1376edd21caec2488262f5a76da64794502eb6c91ec24b9a23c936d3c4c0a2dd45f31fd2d6f2b7e13f8c51c5929e7044eb10d691f2a40144dc6302b13
a7", "U": "04103e7ba05ba7f6eb06d9eaaa6d5b0939aafb6c72ce417d39572283bf42b0e8d8112c5f64c15fd008a838b40ca7812246a29e31954d08f021f60ded0e33043ca7", "SERVER_OUTPUT": 0, "V": "041c2f73a4bf39d7e3f1eafd400499127efdcefadff8734d8ee061bc2c052fe1b12258ebd8f60861937052b8a86360e5a1a0b5ec2970fbd2f424d03a6b7c5d6ee9", "Y": "100189ca8769a2e2f832dbe8488e0da582b60e71b47290302445688bf0c965e3", "X": "023e85881c4d8d4d9193f9653f1de04d8aae3fc167cc59a00addd2acc48edc22", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"44b9ca599da0c07a429e0cd5ad627fc8@certivox.com\", \"salt\": \"b9cd320fb8e7e0dc160669161c07cc55\"}", "test_no": 5, "UT": "041d0207f5a3a3f1229bad924f50e229a9acdd8432ef3236a830d813241f2664f804f4dd5983e55066504298808af93e92b8f1b08947166ade9f7e115410095a3b", "MS2": "17d927e498f0fea9c5d712c93416834a1eee4224d451d48d5b41c29fa70e01bb", "MS1": "10eeed159fc3e9d044dab63c56c49f1a99f831e67d2f6a9e15649688f8076bb3", "CLIENT_SECRET": "040ea0a2ea39d57085cfa10ba2e0562f5230c9821e1b691
bfaa87ca826a5d2618222019bab9704ef29085e70bb1b61e39b2ce2f66b5f3aadf9f22818053af7e543"}, {"SS1": "157b14bdd0d3473b25d4a5d67d17db205178add1e2a297f7aa4c9b348acdd96a04d5d5dac5f0684133948f7715c5b1ce74ee3b8c6a8e423c4e2bc370b05824f0211e5e4dfdedd92e0a74cc91e76074cc8cdcb4062a791b1e4cbc44de9b77297c06d74ba2099317a3c9acfda4fb9a60babcb641a8010c94e6ec48af7c19bf79a3", "SS2": "0a9d1ed983875415facf49a6f02dc28908c8ae96b47e31995f07211fee22b00b0f6a1017ca12a517c2a73fee8b8a28eab2fb913bdce9267c84b590e1c9a8c5be18132a5d92959868075563f2440d33a53e78e7d9183dfdad21481906c382e6d121a69e8297190256b08d9a126726703ce0431766d3667a71947505d99c39abf5", "DATE": 16574, "PIN2": 4669, "PIN1": 4669, "SERVER_SECRET": "224ac6bc9d4a546ff386a7716ac9a41c5b7e0f713a83967241d26f0f6c1129701b455ffde5e6695a8fd04d51e60488e205cb3b8f4dc356798c96636581456d4f189ef17a237e43cc303f85daf17307e5ff05720dc80958e2622786ceddbb590c23acbedc1d403693198040869d27ee21586893de4a9c912c010349cb56be4d6d", "SEC": "0410f6d7a8c4bfa1a8143e441ec1d9cc5eb843b84f9ec82
c01364ea8fcd1e2517105dfc06348559d886a92b22a4cc35df52e82b2cca4725d7215cf29846d9068c9", "TP2": "04137c6b8ff2f13dbdbd4070b3f255f30267a9397340fa1682b04dc65e468765502211e9026b11466679bc39661c8676f63dd4c53bc4624d015bceb57c5fc82858", "TP1": "041ff46177adac17df37f3ab5ab8c48c97ece2311f1a1d593a4e656f935776f9f70658779e3010e44fd8cef31af1faae079e40a51503fd42dfd46c9b280748aece", "CS1": "04066ae71ccb707233e1d4f4bc288b1ba838c9e7483a5ed0d0b3bae30c89e2527b1098823f188abff8eddbd46c17a6d074730288c2ba36ce678bcc4d1404e1ff0a", "CS2": "040d5f8f5ca6aeb16e3955f2bfd1f9a8a4b9d7028233d41666442ff4ab6de06f2609c69e0c3c741145d2802859b132aa511ad7fe3f386b74449529ec680ca8ff23", "HASH_MPIN_ID_HEX": "b684b908a36cdb11caa3f7ff3aaa3803982fb494162e3570e6a80b821e63d36d", "TIME_PERMIT": "0413e6355e2fb9f1339c20a080835eac9503881d34590c78bb0c037fbf815f17d9204e04056b68bed0ba41d4d412e2ce047134add57c2527d764ed963d9db2adad", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c
2022757365724944223a20223431613839386362363566646530303331373433393565383237363862303362406365727469766f782e636f6d222c202273616c74223a20223538373937353363623336363337663134656339393164383435626630363132227d", "TOKEN": "040fc4de63abbcb51a04bff2f296190dce7eb7c9987edee7eca5db4278518ac7c71c6192111e25af1d89763c8c6729cabf12216cd9bd8628e609c0f87f7b718ef9", "U": "040f71ce92ef2fd8e4f66db7417b6fdfceb3644a4c41f07bb490e0b3ed524244180b7c512cf9c511bc305d4c1bf6bf268727d00760d34500caec0e6b4e09922afd", "SERVER_OUTPUT": 0, "V": "0416803454320557fb14b26cc8715a4db95c3b5912776adcc6e67043d8f5ddfaa415205c9f47c8dbf23eabdfc36c1ddf8807d84bca36de5aa122eca80871411b86", "Y": "13ed4a35797b1ddbc6f0cafe2d838bf7067f2a80fabae4e2653e52bcec97d699", "X": "13cf2080bb21ee069256391d3d873bf2b763b3a6091a21d6efe8d84d819d6421", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"41a898cb65fde003174395e82768b03b@certivox.com\", \"salt\": \"5879753cb36637f14ec991d845bf0612\"}", "test_no": 6, "UT": "0
4213d409fda21346b2c9b9c9ef5b9cfb72de7f4338ceabef411e5b615a5b38d951ef4570aabb984bf0cdf5903abb45a2dc85a9213b5de5d5583659e70f241e6d9", "MS2": "10b0d5f70d6df2486d6b90652d5e07f558b2ae1069cf08775991c658365329ac", "MS1": "1920c5a556df7c1b2888a6e249a16239ad2918bc73eb1e3123bf28e78e021e23", "CLIENT_SECRET": "040525996f1a9b1b15220662eff4ce3839fec17ba56990ea961104edde7a6ea05922d06e8bb482acf017b69da967ff372075d699599ede766c79a6c2ab5b3ac12b"}, {"SS1": "23822e2afba3617824294e5045f340376d5a6def202b3a3bc34d92bc0b9895170844cdc4e56515a6d3f2cb277aeb38c0d6e1c66477c5b5655678c2f1d2c035ba037b72d8fb714fccfd69051d7f7af2d8198fa90c6d2e91b877940ef3cb05800e0d0eda45d97b19d3d1082e692cbda6089bae132250682ad448584741ced02f7f", "SS2": "100b500226c822d0b106afd6f0f00127f9669e78d84dae2f6fd4a82e543967ad0dd61190959285677647f9235a1dabeca83cb8af533a8ca3fad07ccdf1fb3ccb00084b93954be03410133a73c953fe62db6d924de5c2dde39ad7ede938bd684f097a9adecd5be3d64de34a64ff93c5c369b3e110064367cb03170533b9823daf", "DATE": 16574, "PIN2": 3269,
"PIN1": 3269, "SERVER_SECRET": "0709c6699cbfa6ea7dccac48197269e8368f4ff593501a554169500f7a5f3cae22ce9601f032529a3054eff2b7248a84bca013ef3b2ffd8955ddfbc3ff006be11e047878f4d8145781376ff63716dbdcb705c75d6a895ca867688e7e736b26850825d0363abd8ee47683d46d6f651fe3298a7f9a70c9e9324498e7e6f6055b7f", "SEC": "040a091aa68f787dba32ec3a8cd999576a21969c97de5f0e7e8272f15cfc27dd6b01c307cf78f8240b42929716020a8c121317f4d47d3157f6cc558053a716ed79", "TP2": "040c4822278f591c08053ee5a1878255a7f5fdfc1e182e1015e71f291a350d97d722e8d553b505fffec365c02e46debfdd657a36b1d482155ae5be41850518032d", "TP1": "040b4526a4e80e115eed9cf155bb6c757d5355748b8bbd78a34e0601ca22882a1d16213be346ea0ffb547bd1ec72f2cce60329aeefbf7d5aa642b6e90e40e5e57a", "CS1": "041082ad98e1cff3eade4948de1019785a992340db974e4d74592c3185feb5e47613edfbb10ed809d7e88f12f24993ad4d3241017f47f4bc6e70010a4bdb9e53e9", "CS2": "041e96c8cd671e175bdf0e44ff4dcfb962da209e005dc7415613ea7f5b2356d6110fe9e8bb577a560012a1800096c8f1c901a17fe48bc245e50840cc3db68fa83e",
"HASH_MPIN_ID_HEX": "1715b99ad82fa6355365501214e02de9095881a09ab2a08ef4fc78b7c4a2a41c", "TIME_PERMIT": "04016dba1c358482cf14604db3478ec7120eb6c15b1a04e72829a41b69d93b224b1ab19bf3b3e5fb9b699761b06b889efbf621a10976e60ede83aeb8da18f4640f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223533333066323463616563373362386661663330616232656130666462356236406365727469766f782e636f6d222c202273616c74223a20223162643761323033306363336430393432336336613434653765313634623537227d", "TOKEN": "0401ebf9931a03d4dc1d9e42724c8949ef849b40e0c71f0369848ad8003a2de7271b6fe016c4e33d9343c6ac42116a5bd3af21b3a575f69be092848dbf13648a21", "U": "041435b30d95569a926cd64e214bc071c8e1d12c73ad9d84268ab906b01d361be404db85f3cefe31ddec1200d577588b19bda4a564686ca4a9e98902f6e196a999", "SERVER_OUTPUT": 0, "V": "041e6d81e34c2435984ca334a568cc3e91828dc693e135a3dc61ea73ba0d3a4e4c1172d46db4a106b02a97dfad58cc101df6fbc20926e489d3f78fa48dd7d8f602",
"Y": "181014c18211ccb8349541f8bd16f4b6d55047d21c7fe0b9ad1a2f58f4ece9e4", "X": "0df17910f10ab6f2a0a884d8947c000da5e0624988489f6f0636aea1a3c35245", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"5330f24caec73b8faf30ab2ea0fdb5b6@certivox.com\", \"salt\": \"1bd7a2030cc3d09423c6a44e7e164b57\"}", "test_no": 7, "UT": "04014a818be8041b171d4c296e637b92f602a5b960f6e0494c358f0c0a86acd0090b0a019f6b46948bb93fed1ca575cdbc07e0550d211b653a7245661d9c01288c", "MS2": "09d177c7f6e20aa6a108d79f18ac7810bbe377b309cbc5df6fce20152d9c46a6", "MS1": "0c8bb8124da22056f6d799a606e18e585d8fcdda48379afb753eaacc64ab2825", "CLIENT_SECRET": "041303e4d26edaf9d9b0887333a48175ebd31dacbcab02c2b4f08168bd8f650e7518f8043e581a918a7736959323fd6068d8b86268b9754456192af6860d297d25"}, {"SS1": "1aaf987aea07740b62662a85705cc5622550ed764d10e1416cf4a7d29fdda35101f5bb89dd2207747b58476ee442238b489aafa36f905312821a1b288b19c0c3199ff698f0eb1a361825f24d97a37732fa8f7e26509d5ff275cebd0bb29e70790d360e19a1f91ce
66fd46507bba51548332827fdaa3f5744253c7872e9a026f7", "SS2": "215b0f8a9a0f5f2f28db76eb99dfb764f24027d8fa9cd20b905825ed78f7555303fc9f69f684bf1e51d5f445283e06f976ed12c6ffff8aae985b171f1a3634e420df3876a47f7698284a5b3100a575bacbb9338042adfea68834e50fc01629dd16e145350165ec328cec673afdec0e58644d9fc93a5d62a516b9e013c3e9fcc5", "DATE": 16574, "PIN2": 265, "PIN1": 265, "SERVER_SECRET": "1226eb63865bb16f858fab13ad1b11c671f778de40331245af7e5275f2d18aed10fa29bf5498b970649aabfde78d49dfc14d352a72e67982829d8f9d2f6ea5cf0472843706c1efd31835fc2e4a4eb7811cf3711fc8110cdabfd153e63ec248a21e4d3092ae95d649a6e0b6137d4d266591055a54798b3592010b0c7d3e3a4f39", "SEC": "0413f7bb907c6498e33ffaa70ab26691358a18d48aa96c64cfc1c4cbec10ce274408c74d716feca208036f15378b7515775e947d68bec34149cb79039db53a65f4", "TP2": "0422233779ac696c4df92ee491a1b0e234fe109059578964a63655913cd3e2cfa8123778ba2c9b177f62eb42ae17ff61e0765419f09d7202153313509e9ac3c27e", "TP1": "041d56b5f7bd95a64f82235a8c52188dc858f900ad569f715f6a383d79611d6f581e94
68863d4fef5920f813ce7be10bda4a5d113c9a1e31b38fbc6c520fd94e90", "CS1": "041c75ec5376d596b866f16a7fe9d040c67f168b8bbbc9f0dba119dab7d95d8bf603556eea8ff4a28cee6ec4670874b6182d28588c794e3196ef429e455868cec9", "CS2": "040bdc8ecc220ec3ff089d45bec84d591de8a3db61f8b6a1f90dcd8b02c75a1e440622737d9488a8ce7d701aeeb8c327e52da7190d3a6d33e85585012dbe4933ce", "HASH_MPIN_ID_HEX": "0df05a2d80d4cdf014a5a79f0025e1418375e2e4740526885fbab9d40c15a889", "TIME_PERMIT": "0422d2871b4a61eb128427d9083d00d6a2670a5ce2f85f7b38f1d88552378a937e1c13edacfd2ab8bda314cd5b7598933ad2a58d7f64fb798ca1efec99333b03a8", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226464633337646237346534313561306332393635346238356665326134393362406365727469766f782e636f6d222c202273616c74223a20223563366630343330323734326465353961636566633731633435613138613335227d", "TOKEN": "04125b145e088618d8f5f364f0a2d1ae52414a295809c4c1f77e5344bb382ee0b2120cc4cbdc1123dcd461
c819f61c341264e79635308fb7746187984c4dd51a33", "U": "04184e42422f465bb5e10d1c67854c5fc96647355552e818987df521cd2cb3267f1e7c5ca73b58c536fb92b83cd0292ce9029bc06f4b62a8b207c8c8e06377b3b1", "SERVER_OUTPUT": 0, "V": "0413f70928af39037b4c09a8d97a2c383ad470839b9f5e1a7b8048f8eab5938f0905f7b1bcfc2bd6fff967b497a603f308d458ad24441f6eb4fba19f0639fe8e66", "Y": "0b7614a046159fcaf135adb484ae51d8a5377720342e04730f57e6176f485654", "X": "0b89a7ca7826c7df7ab9008d07a3f5bdbba175a5e74c057276a589b00d9465db", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"ddc37db74e415a0c29654b85fe2a493b@certivox.com\", \"salt\": \"5c6f04302742de59acefc71c45a18a35\"}", "test_no": 8, "UT": "0400e78c0836df826db3fb68b8dd6fab999ceffe0e8a9ab57e4893947a7f7d4fcd0d902b9e9ff5f8bdac1fbc5c0c531109b9cc0f0eefb74f3c25315174d627a5a7", "MS2": "06fc7c66dc167f1348e595ad58b709fd98b730d9424b3d7a05f50582af4b3e99", "MS1": "04d6a71fb1dc80bf2f767c74b2777ca14b161733bfff16b7dcacd4265ad3beb3", "CLIENT_SECRET": "041f6
6239b8fd139b5b1e34b912b1096e19e3f2f6c579247ec7657974375713c152399702372667c57439c0a8b99fe116715a9ccd640fc164759fc6b508b38dd27"}, {"SS1": "077ec78557936875e783792c960366beed8d419fe0e52b0f62cd6ed1e602b6da22558873fedb283c39f39d2cec75e6821c36c5237e0bc904e8a80402edda08000a5d7021105b33c8c4ce430a140a7c79d51d6633701ba89dfa906bf3ca3d5f182119ef8db18f7912ad5fb19d782b8117774e3dd89d0adb0063a9fa361e3bce91", "SS2": "057c100cac49d461f129d4f3ba6262d3205aa5ae25a326ad031f0b2de32a36160d4275858c7599c52072862346e25ea211ff4aafb868b91683b3de0a3c4f878308cbe482017d1e09cda118d746328c85fb642cd095361e40223d3a0c4a9073ef0820e747fd79ce7023769d85d9a7a854b8296c2d24134d5d15d47c0cf9d0d679", "DATE": 16574, "PIN2": 1374, "PIN1": 1374, "SERVER_SECRET": "215be51b4e51d677ffed74d28b2d2cbf0b61ce7b8942eea5555c8d8104d4e7410fc11289bcb874bc6d5a4bcf043f950366fdb215ac0c4c5fe61ea14096d1fef513e4d17f30c76b698b6df8f461e8c0405f0f8c7cb26efbbcc315b51680dbd5331b4235ae2320f7b6a048fd63a7488731d68156ea17a18d5f1d140686cfc5a7ac", "SEC": "0419a
72dbe62701aeca78ef02e5a3e5f35a24cfe5c9fe689c4ff927d724717798704f2dc03e99a9d214a825750d7d5d5906eaccf0a6948b71208043679c83aafea", "TP2": "04066b94cb6df207f5c5abdd274885c8fc6541f75eb0febe7b42c97136f692164b06dadd00ddd472cb8f5e26597cd568d36ae8e428088ca0334368fbd3d605048f", "TP1": "041b9e372a0fc4feeae27f32f1bb89924a8d74eb77b8b7ab0d210c4e7cfb3e1ffa0e274cb9de3142943b326845ca204bd21032ea88a3b03472a133114c8fedc51b", "CS1": "04059f066274a3d9fcfa9ff114907907fc09c77419f4bd9152e40adfb7435b5cee1348d9ee21b57ea1e54b20f8bf4e695708b60a7474ad185de727659054d79824", "CS2": "040c19970f40576c0df8aa0cb2d6a16e84cc64453a8bd7f6934ce4c8be117f1f5313c1cc20ab2bfe007a4e78dab361b280514b6a42122d565f94af4b7cb66cb060", "HASH_MPIN_ID_HEX": "d9a1c49c654cb360019da5ced0741e1bd27d1b812239592d5192179fbc1d39be", "TIME_PERMIT": "04229e0fb5b82ed0ee0ccf75cb437be7206d5a87b6ffa83cecff58483bbc01dea21a92e5b55aee5e10272c32b95c63e5ea49b7d135ef3cbd917e9d22316c8af30a", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a202232
3031352d30352d31395431363a31373a33355a222c2022757365724944223a20223130326261653731343937623566336237343430306136343030313165313639406365727469766f782e636f6d222c202273616c74223a20223337383366633861663731636533353336386538393336653561323266343139227d", "TOKEN": "0414579f668dbe2b9c4dc17ab65a6e43187e55085afe5fe8d8a85c6714215855e51a413b2db997d82f603f36f623bc80496cfaba65e3fd89dd704c41fe758a5eed", "U": "0406bae974d9d3e3f024ed65d4ba00ad479750d042b1954246027e16cc41381be323ae9d15ecdca53e8bf6ac741f01e15d30c6a57fdec7fb1417a19034dc1e4c81", "SERVER_OUTPUT": 0, "V": "0409299c4073f6f699baee9bf7b4df5fabdaee60f6d1ee0e261387756cea9b2f8d1c1e26f2c547976f711d7f465ceb3da82482e903afa154283564155ad0345d6f", "Y": "22bc4852bb2677a8406fa1648619fbee862a07432b8cd1ba598f1b758729eccf", "X": "07caf06575482cc92fe239e9b7039ddabe3b1c8687b01c25361edd6e7924125e", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"102bae71497b5f3b74400a640011e169@certivox.com\", \"salt\": \"3783fc8af71ce35368
e8936e5a22f419\"}", "test_no": 9, "UT": "041cf5a20fe03ba8085dae2f231347163e3042a1068e3207bf16888ef89e9a4bb7051d86a93c125519252d65e665784055778e1e67d76ec268b611dd16923b9667", "MS2": "0517527b78949e130f1d4fe7c37985c2f40f872d9f6b3b148599c8ff0cb25bba", "MS1": "20be103b18a51ad41bd1669e516b5a592a2d820b39d7e57aa56fd9f320ed2c24", "CLIENT_SECRET": "0421591a8877098d2e3e8bd33db017294a55f9ad37c893557b28005b52f4c893a31d64d59fed5ba94a6bbf45b1e6110ed3764296b456609caeeebaa6270f9f99ba"}, {"SS1": "161537311d9db766b78e7ccc21133cf852451e70fcd9998c010001066de6a7d2117aa8c76241d627a874f57ffa0b0522095224f4ee75714d7bece6db92540a6416fde878e356f9268065833fc1795fb4abc607b22b159f47abbd9f31511c19cd230f561112e9a0f4be0d59a73d959e2232389b67f3aa82650afa480be7062e8c", "SS2": "22143c6f24d2deb54995cbd611aca9cfdec0408bbd1d1ee2d844f8e139232d3f18f0420701bb906fd39173bd28ae9fa922ac6cb3e284d424209d6aec445f3ee9055871d26067237fa8f344f218ce81fe016e8be2c22e0a12f3f7ad5a4aa1e3b614d6803c4c212545feb4ea0309dc7051b9db007e50c1aa75f15a7
9bec8d058eb", "DATE": 16574, "PIN2": 6101, "PIN1": 6101, "SERVER_SECRET": "0748abd3d6b22a234d7c9913030aee75b2099a16abb44a6815c5bae78a46d9bf0e6ec9893f4f81f4b68fa315243369c294f0248e15d356df46563f53c8644bdc0fe7cabd7863c521f636a9d9b97667c14403c3f4bc2e5deadf86305a2c46e2ef195b544f103ac65fc0e0a0c1ae130c8078411056feff9b5e2f5ac89cb5e920e4", "SEC": "04162412fda1ea6482acaa63bab712b448e0e829af08cdfb039e5bfc5f0bfa37fd18aefc66872348ba7d14eaaa9c25eea57fc42e1959549bb17752fc4bfa8c3faa", "TP2": "0416641270e44a6c418b4d0fa5a7c44c807b3ee7a141fcadc790b4b9c45b89541502cd6313c2de28c5906e2a158189fd4d214b028cc0bc1383393dcde5d7f59597", "TP1": "04147e3dd4693518cc13ebfecfd30ed299c32efb5cafbbcd2cb897ad438f86defa17c7b1096e2187fedf36f096870c56940fb08b7d6c22ee21d2c2726759e62f7d", "CS1": "04185e6b815a9a64c53b6453f5b242f256f793c6b50f4f43f62757c189f5de807515cf8d599f0375143644dfe53478876c41b3471e711332a5a1adc84a7ac998ce", "CS2": "041871662b68bd0bb59c015be6dc36b9a77ae40431403b8eccdeb043eb60bb2e3a04eaad67cc562b93e4b603595
a080b2e4f5c46383cb7570e3a89463018038936", "HASH_MPIN_ID_HEX": "f6db07145c7d6c468ed29ecc06ff6a4318cdfd592250b88f9be5a42dac9a9297", "TIME_PERMIT": "042271085d8cd61900e0cc0b6df47ed0afae9faacdb6be6ef30a191befbea424e818bd6a937886f66ce7193840a7719ac12e8d64aa16be7b86e5c61d95e96d0647", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223030373561353037316666373038336337363263646138343733653466336262406365727469766f782e636f6d222c202273616c74223a20223864316136653235363339393832323166303831643132656636303763323866227d", "TOKEN": "040dc0e42bb78610dc0adcc9df3557d5279aa7ebe9177800010e03e0b2c51430ba060a96e3b9e1e3bd41d24b0d415df089c7e90ef700a2f7b72dcbb7f1510e854e", "U": "0400fee4dc126592852e9d0efee084417b86cc561cfd1b78d61d285db58a4b38d112761c3f6d1980e5737c03187744bd6fe068a2a74091c261efe902c1fa139eb6", "SERVER_OUTPUT": 0, "V": "0404a745e3e88c9f8bc03aa07087210b4da7afb4381f28a005e90df32d08a621220465cff98e4c7ff87ab84fec3
860af8151e5d52c8934aeecff904acbb146aa07", "Y": "0c33fae0cb4e845da99d33e7cd33dee9a4e223d232e24f470e056170a121c12f", "X": "0ac764e9d7bc34f78253f451fe4fe8d92f0b89836c9427bc7767fc00f333d725", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"0075a5071ff7083c762cda8473e4f3bb@certivox.com\", \"salt\": \"8d1a6e2563998221f081d12ef607c28f\"}", "test_no": 10, "UT": "041b79d30c6bd9b406d0325f4ee85b7893c26b53617bc115200d0eb92f325c076505b24ae776f89ec157ae3d15d52f8815e1a1f4c10ffcc061d10297c69e358140", "MS2": "23e63a2f61167a18b0d77b409ac66a4cdacb5672735bed5936b5b634d2d8012f", "MS1": "091c462193b0f5be77115553f9c177532279cd2da2db9fe7f18e04d6d58b97a4", "CLIENT_SECRET": "04098ee839736cd37eccb44c85da595f2dcdf952eafb5ca87a97621c1cf8564b130f5569cac8ab079ded668a2b122f37eb043cecb84169a40c9813416101a4f9dd"}, {"SS1": "1adf9dde5cf9220b54468033d5e2e7d17846cf494e9a1ee82c86a49b7cd94d370ef6758c269ed835f2450817c90ac995357d6ec0213bab935a9215ca54b4426102393addb38dfd83d1191dca5623e37dce07
6305e01cab4afae54b3895bfacb61c46f87a01d86170debc0772ad6f28eacf24b29cd63483ce54a8555402465d5b", "SS2": "06cc34ceab3bb83473d3fa2d1f597e6d787a21406521a0deb35c88c566d036f220ad373fb162010f732c2a8a6e462e12e5a870656332cf617c00b72f52140af209c8e0ef4fdfb461474ec3b6f0b2d9b0fe5c16071c7c8d40df873aa32db6f9060b88d97cbcedff8edcef1b11940516fb68532ef3c14216646bd5767f4c287864", "DATE": 16574, "PIN2": 563, "PIN1": 563, "SERVER_SECRET": "2228164e16502b40d8946ed06359117e7e5f92fc49db78c61ea86fa12c7b853216e5c0c7297f312827a87a78faba52397e3befee98fcea21dfa802dea96d68bf15c5b10c7fa4faa64efcd70a76e2586dedbb55f191264fbe3a341da4e7762eef1ac0bd927451e1b501478ca789f253a7fec38de7f3ffe650d3e48be17ca59a2a", "SEC": "041a0ef266ae011934b4a1fe8d3565f1a522f0e89c5d71c6ac1754984d222e117200b5f1a96fc5bcbf321365e72292c2db69e26be210b42388cfe7164c4ba4804d", "TP2": "0423a5258117f6c67acd6eb68d39ba75315806d9d40e1043e73c212c2e26713fec2081fca5bb38ab87cbc9c189d6cbb511a9f88f8987921bbc28ce8012b9e2bbaa", "TP1": "041b67a8e8082e7b0bfffe59017
ec4a340ca96d77122149257044e3f30dce7ec3315516a4a1456b03331c8531430ab6d86e10e88b7cb06a25ef5a8915553553cfd", "CS1": "04128ad0b5cfeadabf35cf1cde31bf58d5f07ee3f1a71ca9e3e2f384687d48ec6612c7d40c63ae336654b973425b5d2717c62628f24eee2e20dee71405c47bf480", "CS2": "040725d2f3e1524d22da1c4c758e33080a8373cfccf9ae97ce658c3fbb29609c1a1dc5554ef7085147d14d8d330924551132087243f1853c215fdda31468012e5e", "HASH_MPIN_ID_HEX": "b3d6256995a73cef935da5c0a9dee1d53ddc1fe71ba0ac69722f161458c2bc4b", "TIME_PERMIT": "0408fce7597724bc3c3a7d616fff7f665236e348f720aa091be99694c7a14f4fb70917845a946572bec4ea8cc45a730c2d2490d74fafbb9e63518f1a1cd130ebf4", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226466313766333439376238353739303662653436303765626564353737393939406365727469766f782e636f6d222c202273616c74223a20226633393232303331323431663365636164343965653536386634366637343337227d", "TOKEN": "0409f3f1a85bd7ef80592bceaf9830be17cbf8cf645
775e422093037cc7708748f136787955b59ff58fd6a49172ef79bc2868f9ef6d87762477b42fc81d21aa23f", "U": "040e8fc2c98f1cc6ac3f0b5d7c9ef41e4ede06e853794f05a38862bddddffdb9410d4c000e25f6af4ce372b75f62701a84fab8771f9630af1aade4f5203c5e3233", "SERVER_OUTPUT": 0, "V": "0414952ce518f68010564597937e8e9e5b3b4fe305aab0de089ced2c36cc6d75af1e8bd3520739a033b1ff277af9a457140725d518b4e54e382b52ef1c5e3f6c31", "Y": "0ea4a9775af6ea2d790aab5455b8b3202ce482654075ed7d497ec38db0798146", "X": "0533f448575026bea78b34b5807f3c67bde9b25c67bfa17c942ab5b2e9906a6a", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"df17f3497b857906be4607ebed577999@certivox.com\", \"salt\": \"f3922031241f3ecad49ee568f46f7437\"}", "test_no": 11, "UT": "042176ff883e421eed0ec22714718e1c628bee08fe1394679e004c9e5ca51e114a2260fe786bad156adc8bb9a52d345d2a873e4c9e6a50e5c64d1b2ee1e28ab39e", "MS2": "1caf71dc735f9910424d3916b61a5e9d3a9986779162798ae9ff94489c2f1c2f", "MS1": "205403d6aa8bdb177986a541e19979fa3b6ce20e754f53
240f6006cc69eac2ec", "CLIENT_SECRET": "040ad0eb3f2d90b810180d70914324503449006861837de6d7935718ce66be462a1995759f4e2d2099912d3a82ce1f424d0ab29a8e2d0d180cf5e6c801744e0933"}, {"SS1": "1450499a3ffe2c17d751514b0d3c2247650e77511050b0b42b4c46cc629a4708162fdfdfa28a8b78d61b8251a32ab5d43e8d8c10384716cc9b95f91723d499f91e9f34ddc337013ae8b5f84fce2fcba3eea2618a87fa7bac02bfd6f48716bf341433ca62ec3c9c96063f75911925b8bb3991fe9a9870f9080146426bfc094e66", "SS2": "236bf56559c6414d767556200ce0279fe56fae8a209a89f7e9e0dbbf6d9a4b4823b981b5640d565a39d604364c6499c115b3ab5a7a9553f0fe292313be1d8cac1d8f9ddacf0c93eb0596720d9ebe6c9d5a1071d50d4c552a62f67d25629ce770114f3717c0c2195d8b58d42bf6d3a90e6d9334f378d4b42ce01a7b1b0b95f4ce", "DATE": 16574, "PIN2": 3849, "PIN1": 3849, "SERVER_SECRET": "1aa8a4f71766717cd0e935774d8c976da5e4c8decfb0542ebead0af7daeb742720304f977c524fd3d92a023055cd63b42b3dadec803a4f88adbf3b75d49733c9220be6b602c08b578892ef306ab92069cd992b0b1723abaa4bbe73ed49601fca1a5e42231c04a2b348fbe01dbb6cb2951a12
1b55f7cfe89e1f3e91d38289e5ed", "SEC": "041a8be7564cfafef91709c4b3037125dec2962b0950b7117c22eb57ab974852c20a41e65215e68df7d396f11383bdbf7200a94f52762cda0781beb2cbeb524903", "TP2": "0416084902e4081cca0565176494dc1c607ed78a45b539766960e145f4d242bc870cfb6d9a18e60762f4e669c1153811fbac9006fd34b2137c818db6f4a1975676", "TP1": "0421e92a93e49ef86375afe488434b286b8938b55eb4d22adbca52dd86b2e773c418434ce0d447853d50259bd24ab85dca46577622143dd9f6cd24f70e04a63bfb", "CS1": "041aef0941ae6b60042691e195d09f7638417f65f0e8315e3652e1f2458cfe6dec08d8e459f5e856b3a80cf2bd79f10824aa557271ef9d1293fab42ea65f806b1a", "CS2": "040ce39cd32a7d172a2d5d8bac6e5aaf254a7dc2748067679fee9e8c6ed55b071d0ec1ee184b85959cdc53b861a06819edd21b82034e6303ef005bc6fd14c9d22d", "HASH_MPIN_ID_HEX": "01078df455bcde211ff18edb028b794a847695f0c6e9ba18928021c1fd7f1dc8", "TIME_PERMIT": "0402352c9ccb311ea8e21364cab822c3a47ad87c8bbfe14da66f83cfb7b1b348e81761dc86e3a04f5cc530c97b28d0dfeedb117f6cdc1245cee240cbae79ef46a5", "MPIN_ID_HEX": "7b226d6f
62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226139653333323863353733313039363261306665313663313365376132376431406365727469766f782e636f6d222c202273616c74223a20226231323535623564323439316664376430356564313033656164386534326238227d", "TOKEN": "0412a024dcfc7a4bc42632f4072f7198a0125978687e5cdc5bf00f5c12ce124edf01e5ebd94cc2c89998d214be71c4e2ca3d69b3ef03873ef09c08873576c71387", "U": "040dda1f55b8d8a6b41761e9af47b30ea28ff8152bee5e43f491dc3bb968686eba1e5d17a3311ce70189ba16d9e863c489bb2601597f99406e2bc57b3423d650be", "SERVER_OUTPUT": 0, "V": "041a696ac17a51e017639e393d019bdd83ec25d315e3f7a5b4afdc942068e5614c1aed6f120f6cbd9f7e06de1381f79ae50ac1aabbd46e2e30836dadcd4bb49935", "Y": "15f9f00ca53f3cf8237dc5bf1e0d90df2af7ab3f462b5ee768bb0bd5510ae26d", "X": "129b7ffa76573ae7af11f1a3c743d993b60f6dba566be4ff74ae93dcffa9f15a", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"a9e3328c57310962a0fe16c13e7a27d1@ce
rtivox.com\", \"salt\": \"b1255b5d2491fd7d05ed103ead8e42b8\"}", "test_no": 12, "UT": "041f6abefc3dab041a8e606bdf40bb8cd421a40b725addde477b3b7253da6766c51e9fca2c0f82fc420b679b4f12773c0f2b634fe8146f734393be3fbe882eb7b1", "MS2": "1746f71df355a9879436109ee2f28683973ee2b515817a5d793c95308a5ff311", "MS1": "13fea6350b2560d0fb3f1c27561a5e927518e438aef4416d94df0c3802fe83d4", "CLIENT_SECRET": "041efae623eda57e30a49f9d458d450fc05293790e113aafe4f0d50ee3539b96620c61c967a957586c7a61171c7114f88ee4d34a325f7663d2bb962dfcabc2bbcd"}, {"SS1": "0ce4e56bc0a861ff450ff3dc9b0596ead87a8b573e9969db21c8ad166e07931301f0d457fadb69075deda5fe82f38ab6df960083ed03bb03afcff826109ee8621d24454223a88b05659628d646c0db240da5de7776405263bf97bfd83cc813b220463311a14364ff290e6e9c43cd378133a4835fd06169e5f8026dfc5940c25b", "SS2": "1d439b9377d8a83e9542f4aa51d8ba7e138c38f387c5c8a97784528d97ba0f760e9be3cc0dd9bde7df4080deec9c7d394aff4d23d383928f042cd4eebd4bb16404bd4483d2477c52396e23ff234df5f8c887c5eb22986381947a503117e88d8703585d19
0dfbe5bb4ab6840d87f97eb8c4e7d8dd66df6520b052337db4e5a7fd", "DATE": 16574, "PIN2": 9822, "PIN1": 9822, "SERVER_SECRET": "0bba8962716a9e27bbdaea996f2ab26aa2e010f147f8d4eeb10452de5eb7de54095c50097c9b4045f0ab6b4524bebb8edc398685ff0368082fa5e6f7117dd5940b6b4c552d42edb6f715651bd2316160fecb21de418a426e81fb1c02abb3b7790ec128fb5d9ef269ac075a19ac2ba4952e872514b7507ccb9c975a4cc7923d29", "SEC": "0412e18a31fd1485ad004e86f12add5e5ddee9c0733b7c90fdc57935586fd4e1601e0b6562e337316e72e22c0dcca9306593f3f6be2c68506ca23edc72df4c9b70", "TP2": "041e56200d430c92980e80a5c4b79ed920abb99c0ec3fa9fa90e872b4564c619f611b333d56d90a68596dcf66133d5420398911119e16961d6ca893b2bd89c3fb2", "TP1": "0403f14c8288d329f6bbdeeed503654bdcf81fbf9f642ed66351b9e673415a006115846dfb16a03d31e7486ab5ed7a6a0f36e40d2f50e65f96c42128c30cda8236", "CS1": "0420eb59ac53543e3851b8e2c8365bdd9e87625fa5db3f9b07d4142e2b05d56d5a1e8ce340273d3bcd3f20176ff509ed3a5bcd2bdda2613857b54518483ee1100b", "CS2": "040167d54054d55a50b9fde1e58af2e654a4ee48a103c2
f551cb1c2be03b76fee521ce4f0e921e4cac58965e9d7ee7fd24dcafa9107e193547a6f6521a3f90f942", "HASH_MPIN_ID_HEX": "c4e2adab8f8c58b383dcd0a37bf5f9143a65afeb96ab613f93e1d136771632d6", "TIME_PERMIT": "0419d7dcf372ee0020f3a6f97f64e850295a7aec4f8a2cf8c09220d3d663c861e51f8c53d0574078d66fd58b763ba39c9a3b51c53cec791a20be9face05696d9a4", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226131333439653038636634666139336365396130333832323462323164323132406365727469766f782e636f6d222c202273616c74223a20226336363031343832333261373362656536323038653163363038373665343933227d", "TOKEN": "040406cfd472f437f10e49c028ffa2c2f97118f6038380035bfc6afd7c7cb6d45614e8d6005766e608c1cce093ba77f7ec6e00c92363f0ea035dd1840495d8a89a", "U": "040956340ea4934c9b5b5d311fd7cd157a097725d3f34e823cbc0dad409d18847d20a18a897052965cc81170afa96e9e8795a9efd629fe3ad7e369f360b63dd309", "SERVER_OUTPUT": 0, "V": "040c62e57890f914da2f25859b679d638ac0101888ca22
a5121c93fb4bb359c0012022810b8c3ebf54eaadf42029f55da98633f0295dbff200ab1a00061c46e11b", "Y": "1a6605aa2db338732276e7ce847216b8585426267e29ed039812d819d5190368", "X": "0d46b94802dc6db73222e697aabe2eb866005773c971e7d30246e2ac80acb9bb", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"a1349e08cf4fa93ce9a038224b21d212@certivox.com\", \"salt\": \"c660148232a73bee6208e1c60876e493\"}", "test_no": 13, "UT": "041a821b8cf900570c20dd0c908923ad1576d0bca84b42999d2801482498d2febf0288714e1e1b87a08454c4450965941cdfe050043f9a580fd6fc8c9a9c291584", "MS2": "08d458809cafacf6d5d2c679b80947b59368e364df7068de9ccbbbd52e7f3656", "MS1": "2175ba7d2faad16a38750136860a63e61775663fe2ae6d7dffce5ec2298cf0e6", "CLIENT_SECRET": "040a8a4b9f26582b3a4d741bb23e3757f83532ab61edc6a738ef608d4ffe3df6c41c27033e7282f4554d178c166bbab68fae50a2c10685ee77ccb32f04b638213e"}, {"SS1": "135345a8a2b6687c7f748c4c678abc2a691fb25fc0d55aab68d83dd7f8b76dfa142137225dc96031835877b1f7d7128b1d62839c7d28f91571ec17c
300a5747821de495df2306945ea3d8462c956932305f188e691f8acf1112297891e79aa51020e3859377c64e98b16c26dc2e8b40ee405d5737a63dc92431041392698db89", "SS2": "195a9ff8c501a74ba336ebe1ac80a97d6301029ccd6fb5013e139cce77de79d20a1b5f4331f7ccaa8056472c9413412303a1fc313cc9744a600d0af1f9c7c1f606ba7d25911d9c85f2f0dc4903eaa6189fa64a6f581ae645bf03d60adb951807107fc3f7a1c7d2e192e335e59062c5abb0d95a162ee197f8d93881b4b19bc573", "DATE": 16574, "PIN2": 9000, "PIN1": 9000, "SERVER_SECRET": "08e3dba688f59a350915967c2ad24f4cc4878cc71813ca4ba71d1b4e477d394f004880362f5d076928811ff4540bc9cbe71b758dd9acef1cf6862b5a3e33e44a0f46c159adf292ad42c3744a1f65008cf88d82a64f369008b2a544de648b621e12b0909fdcbcb693123cf5d261706be8d533cd0ad969c93e18a43922561a2377", "SEC": "040305bc286058ca0d0df7296b349526b9efd24b27e5bdf80ff45ac0c4d7a481271b690017430474c912e647e2e113265fd4eb240660783d4cacb9255e93304dce", "TP2": "041d672ff8a39878102e2892d574ff62dab650bfbcb86940af9de71a49d3128c060564029ed1d5e09c4fe428f111893697a25119e51d701c13c9d064d
ed21cced0", "TP1": "04052c7e73049e4e47e23b3ac43609c51135f949a5fa4281322a213f345d15893423d801526d2ad0831e687d2425d2228b80bfbbe213b5b848a05c8d0cfb5e2e7e", "CS1": "04071f77fd9450f5e681ed6b8a00d87810ef74b9507f16a7fb6815edc5649031340828e6449f328c14214d905c5dcde8fc0c80dfd1577287a88af55bd69f8d79b1", "CS2": "04015cb93fcd709fb9dfaabf428ef2a6fea1d15cf6db568faaff5a289efab2e5661636edbf1b507010cab541e47f2c9ca6abf828dac4423ef1151a8673998225d8", "HASH_MPIN_ID_HEX": "37652556c5c865056bf1127e1aa3639761afa8c13af6b28cd8ff4e0ede47790f", "TIME_PERMIT": "0402ab624ad2a42041301aec3b792d51abeca3498fc5aa02a99b346f772af316162255593e46779f0c8e801c48e9aa8d2143da777e96e421207890d66ab1ace482", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223838336337633234366338613633663334373330663534393039376138616335406365727469766f782e636f6d222c202273616c74223a20226530373432346438366661393236313339623062623664636536373637363862227d", "TOKEN
": "0414c6fb67146fd53cf6a77e0983d4a8230faa4d048fbe97ae87643043c1ccb2ca22aa84a879dcd88a721378a5159c5bf28eae093505c573e1aa6607211e51cfd9", "U": "041ae38bde3d3d253a91c6d52d558ab0bd3af84dbec6f6b65bd3559216cb971e89114bf813bb3f6ffaed4a71e938b3a63c9e3c97a2ebebb6f7c6e8b34a4ec22334", "SERVER_OUTPUT": 0, "V": "041d5f84f0a0af6aea3bb26b13bf66aec0d2171d2f35792667310b872eca0aaea10186ba54d6371dcb1badbb11919e1a066beb22058ab14331067bf599140adafe", "Y": "08a134c82f786d23ac5c9d80b343f33c25e0a17e0825b8dab89d325bd92829ad", "X": "12dbc077b838b81831a962b3f46bec551462893aae22fecc6926fd2a2adb4719", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"883c7c246c8a63f34730f549097a8ac5@certivox.com\", \"salt\": \"e07424d86fa926139b0bb6dce676768b\"}", "test_no": 14, "UT": "041ee91dc24d68c1cd0ad350423d34521acea30330cadc8c3d65530fa7b68b0a3611bb3dd09ea9957082cee6f0a20c58d7173fdf94221221b52418c97596b84646", "MS2": "18c6156545f62c9bc58b03db316df9956cc70f6d2831247e5c6fd093277fcfd7", "MS1":
"0e7d97af9a5529c51bcadf77d14af1bdd85d6e49c2151a6765e5d9eea9f4f4ca", "CLIENT_SECRET": "04038d76a45c7bed6ed7ddcb678fb264b057be72c1d5ebc8a6622107df1e22de420874d3d5d2ce29766d38780a79d304a97a797f4f859279d32880024f0bd28c31"}, {"SS1": "23f01e2945b40b6567c2422f5bc11497ec933d665d2713f7ac616b1c7f14452414436f4fb2212033f3e28150e726bfee6797ab8cd74f384dbe248176bb6c670c0c7d9c10c2560de8565e2d74e55e48aea23c906e2d152f15746b5011ab447e591e51d573b94e29f4d36478335e9e1dfc9638c98abdcdd70d4087452b04e7e832", "SS2": "0dd0c025144b24bb439de83b23e426cda964353fa8a4574ed0888702c9ddeeb41de59eaf731cff16e47ff63a68135f9e1ed5d1b9de5ea36df2424f418eec17f32324a41e258b2359c7847d1f0c746321eb5684234da66fec823536b4ca8b15660be756a92c02227a74ea0f156fd28faa0cfaaec8c59fedd9716ecc37df46304e", "DATE": 16574, "PIN2": 382, "PIN1": 382, "SERVER_SECRET": "1331ccb92ee61b3e4832e2c836aec9e1e80ab5af2f2bddda23ec8489962f77a2090c6a9034fbb65ce63cc29387d1d1506cfdf4218d08d927bb5e53658619fe2f0355dd7fe1d6457cea2630d039bc11f7398f57ceb0ff40efec511e8
7293d2492011d4cb31765d8a9619a19453b19f066c2e76cfa62edd76b177e18b441d8e2ff", "SEC": "04053936b1edebb1aa71449644c7d323cc5afcbf43cf4ffd99a6def70ec38a58a31e4d32dc92744d1ce6ba92e191b29716fbaf4b7d2d3a9b966f5dd70cf848523e", "TP2": "0421ab9f39655ede18e8d1f927ad8380e33fe5c12e260a2bf68e6ca0c41b5646b71f7e4990730dd9f0c954ab90e149a0ddd5f64a1d0a08740241955f169839f65f", "TP1": "0407500865109d89fa9b183dadabbfe88e02d194f9f2e1e6f7edc7703d3cdb19200653206bf6c97b4e2db477a32bacf00bfe83d5e55e8e2199cb504f17180e9eb8", "CS1": "041e31e8717d512621a01d09683da11630f294eec37fdc0c0e0ebd5e706349fdb60c8045bb3302bf577ed32b827819b2e6553ba255ae8616e2dc82d518234d894c", "CS2": "040299d1c6cfc8767f9446d1f680faf0a22e858a6601d9c69b2cebe8fe5b0a27b115f024112352ced9ee488b882c5aa67b38750ef41bb5a7e2bf1d9af21349f2c8", "HASH_MPIN_ID_HEX": "425de93f690b04df0fdf8378c7f0926e592fbf2de9b31bb4834e6efcf4d42952", "TIME_PERMIT": "040c1caeff0da3f2fade230b2804b762f65d373e34360f252cd394e600d191160c0d6c50311abc6657d426abb093330e7fe0567ced0f0bd9
6be4f38707d8797d7a", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223565396362336133333165633861653463623036383330636435313133653237406365727469766f782e636f6d222c202273616c74223a20223635346565353538333831373436373230646532666132393037326462306338227d", "TOKEN": "041aa8a5c165d4e9b4c3d9adcc78aa32cf998fdc4fe6d3ff22b3fbcaee1fc393f50dd50370e4d9209661946f0c9dceaf708d945dd866bc2589d4bc3464949cdce3", "U": "04046bf3a1303dfa92308b7e3f2473f54300169284f1d084b459b197688336db080be03b998b4189fae46a3d8bf4e2b157b22b1c4e17a0ed63d99234902e330829", "SERVER_OUTPUT": 0, "V": "041ad21cfe0d019b5ed405d5eec0fb1c37a8478ad2be80bfaf75921b50481d00561441d45db1ed34a77dcff73aae16335a50351098d4ffb4f51ddde35b0531d3d9", "Y": "13350718959806fb930b367bf19863729ce5bd221882102122a009ab2e4635d5", "X": "055a3f65f94aa6fb7b2c1a9798d863b9adddde78cba36e759448402381902c4f", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"us
erID\": \"5e9cb3a331ec8ae4cb06830cd5113e27@certivox.com\", \"salt\": \"654ee558381746720de2fa29072db0c8\"}", "test_no": 15, "UT": "040a3e3d7e78b93ae79835344d149d37f46ec8c3d37a352172c04f0bf4d2092aa7046ac417d0acbe4351a3f5510cdd87a90e3424f153a9cbde404ac44e12c4a6f7", "MS2": "1a00f72e27674df8e0db9151af3cfa94a80d84fb57a9166cca002fb0ddc74ab4", "MS1": "1a06b578947fcf8ad95ccb2b8f83aeb338fba26506818315eff599ec2d110054", "CLIENT_SECRET": "04195acb8edb5f37d2c9455285fe696fb68f8c1eb84d3e4a4ae7c136637a4d3f5d221c2bc013aade76dc8fd5dc437dce2cfa45a943f6c52e3aa8e259c339fd6ec2"}, {"SS1": "0189fbf2f7a0febf76294e37d201a724082ad3deca8366967102bf6e21591b07121e3fa8d4439be82b267ff1491eea09f3839d78a072969e0f01a52ff040537f1ea24b1cc34fd3fcd852b2b23ff0068686a0169589a5dbd587d15cb71cbda7221b177da6aad8970d479815841eb6e456ab4523d6d81b59cd7257714ab66b18ea", "SS2": "03160467972fad64ab05306f1352004b3deebdaeff7c42a10d4ee0cc9d3cda64037f44da981da35b2ca3ed322d3b58857b37712768ab5d7575476be816bd55161e7c486511acc10e0dfdaf42a64
1366abaac0111a1c0b07b423fead1d1e5cfca14203f86e66634d376a61b614624759a261ea6224cec4f08c1d320e0f789ae1e", "DATE": 16574, "PIN2": 5353, "PIN1": 5353, "SERVER_SECRET": "22d93758a690dee8301dc064c20c413d7c8ff167a443adc51898942b5a2ff6dd1ef263a6b91642bbb247a96b324b296027c543a3775e55a64aa9639544fd572623caa7f5a036f6c24801808e0b9d53c1f11ef93855c280288e1535d8f5c0e27623e61e97742b0044cb08b79e380633445550ea5e92e22f5a6f059b55626c8fc6", "SEC": "041d01e37caa3f1614cd37d6d6f7878ff858ec11260494727a476c9a4993857e331ef83368c12cd259d93b20715b04997470a454a261d996f28c11a8a940fd8e52", "TP2": "0403f7956b69fef176d25d6b395cde9c4344adec97c37d083a6e5ad2976d0ccf4a1e4f7716744c82703791c2663d4f6350998d04e782bc95ffbd53cae2c315a309", "TP1": "041c00768f9d787d01e2de9986b41e5665bb1879ca4858736ee0baad2f4806a4dd1ac4505e552a56e5627c60b86ca61d931e866d435ca6642f2ce038eedfe00cf7", "CS1": "0407e389cb74ad4442e20607c7a2579fda1739fdea34fb0ef20c68dd1fe590dd571fa8fc1479b56d97b0c111b3dfa1bbdd76cf2c30935103447e150fb92e93410f", "CS2": "0
41521c4c8b389de5b4609d9c6bf6f3dce549f71ec53e67725b62a86d3873202db17d81654f02a5f780e395ce7e864a5e86a7ac67bb557dac6775ee91148c5c35e", "HASH_MPIN_ID_HEX": "a552b1f3e327bc8418d7a6590d16a566903de001a24dc0618bfdcb2cea78deb1", "TIME_PERMIT": "041d366b8604154b018b8383b6ff10e2a6d8e47a06c0b20ecc1d85fa951c6de5be088991cd1b313c7691dfb023056fbd1d10a77ed04f4c52dccb0aea78d000f702", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223735383661323865336365626436623462626662323065303965643935636234406365727469766f782e636f6d222c202273616c74223a20223763393032666536643366653639306461653935356465333438386463666534227d", "TOKEN": "0414b2bc55fc64290556f1e949bfa10ae91f835cff39e4e7cbf17874dbd0a8a4b21ca5963955feac87082d67cfdc52cb00e9c293f33570c87a17fe4a86c4ed95eb", "U": "0409e42f8ebc6d17995ab4f39685e128873a05da2232e3deb583ca1b4a79852e740dbc062a36067b354247d03d3b878dcaf73e0603571363471b93e693d5ae88fb", "SERVER_OUTPUT": 0, "V": "0
41d9640407ee762253b122cb07cb6fe13991fe5d9fda4c9d9dacea3c87963b6231e5467b50a7f94d8a7a3091964b9013e3e9c4aa6d899cea9179506c5636471de", "Y": "17531c5cd14d1116460664ccdad477b6331b567c4b81c94f90d229fb9970812f", "X": "1ad62bd1a8732c9a9a7af439e38a815f47e8eb63028373ac32880797d72b41f5", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"7586a28e3cebd6b4bbfb20e09ed95cb4@certivox.com\", \"salt\": \"7c902fe6d3fe690dae955de3488dcfe4\"}", "test_no": 16, "UT": "041794f855a1b32220c21a6301dd7c443d17bf3e04da21f6ba0b6aa1c8334f950306b540fb8905f189066b717965454f01e5e636d5e0ca24e0dc8968eb0cc6c27b", "MS2": "219bd8a4ac13dd2b6999549d765dbe1b53c33b427f27a346ebe5fbe6e482c7c9", "MS1": "173b225d0ccd1e2ce8b451325d7f2ffa815c306eb01843064e5ddf1205d89005", "CLIENT_SECRET": "040e6abc00f89aca005d36e54dd400980ef773c2d499840e3c2f8b2aa98e3b6c65025f5b81f894fa58529dda81e9acb66f702355fecddd903b01883a5942022ccb"}, {"SS1": "088ec9780f5111ccfda982d9f0f8b3fca4367df1d91effcb12fd78626934b01f05280f2232
d17feefb2799b75cfb3c4f5604b3f7e64e099e8c863792968f83b10b49353e0f974b8bc0d2268c2da29a7feca7166f2154af0d4b6b71a49c8eef9801e7c832f58468786dcbb56be45db49c9c10f832117afe3d42cc483fb5ea7449", "SS2": "1fc49061dd32e801f32e974be013ecc08263ed101024c482d861ab20146b58771c6459562c97110c1267989e434b81c869ed82355863b85d35c3fc0698e595460863215497db16aea733b49052074211ba2e65401940e02c0951d56314150b000d25a93b1fc109fd86f0ad0e714c319eee0bc08a34692b3fef9be9061beb78ba", "DATE": 16574, "PIN2": 5351, "PIN1": 5351, "SERVER_SECRET": "09cd15dd57c7035dfc920752ad4f7f368f6cc9e3df7ce571415ad7ee266d08c7123da0ac81acfe96899ee0ece9fb7f669cded96b61b6580462e4d78f38d7df8b10d33aaf5d235d5b884b95a2274dd297339947907c1eebeeb65d8828f69661c61fc808eb15c4b0d4e16a40221bbcd8cdca49fc02f5cb2fc50badf255ee7842f5", "SEC": "0410c1ed7f71a8aa06fad64774307c2f4b322d2f144e2d6bdb273ceb6e3569a02e065ceed1331aa2c30273aa3b0e85cfdf6ab450f374d2151df53c23cfcd4e3a72", "TP2": "04175b2f5cc63010431b88ada49946f2b95ca69a3032962bd2559f014737a4172a11ffa3e23f
57529b9adfac27ebd4c5333aa028e45ff96650cdb981c0c88f0928", "TP1": "0415f2dba78ae6f9a80688973b0c985c7652f0f36ec9ac6ff44b0fec01782e44d007674fe7151fe67293bf853b16c2fb48b0b67b7992f2024446bdca674bf4b699", "CS1": "0403cbdd40029445d42ac8738f9b8213fc40e377dd359dff02200d44a055c0ec4c1c3b5b5dcb077e644584594b192d0940131b314d8d49f6f41c3419cf60aad866", "CS2": "041e0b37b51cdf6b0b32eb8e5971049ff8632f2264a74ee556c59b2b839f1d637f10f5eaf5a8c6c2c869af76cfe372a5ea369ab98d61a0e7abddec554067484ce6", "HASH_MPIN_ID_HEX": "2dcae178cc526da024586a4cefcd90f7a1b81ba54534b16f6a66e009b10ba7e9", "TIME_PERMIT": "040f4c367a7e86dca24095ef7e553db7bb6b09875e2109df53d22c0d76be4bc16d01f370f4c21760f11310754008f89d0b7b3dbd8202d044123ea0af6939513385", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223762383864326336383437393737366363383564643761663139353331306236406365727469766f782e636f6d222c202273616c74223a202239353436386164643134373162653939
33353662656237643534646632326263227d", "TOKEN": "0411e21b3ad2b67a5eae0f2de6bf13756b82f42f9069112ea52d3e16d8cd13072e18e1a56567b8780f72b72c6839979a38ec74e7a2dc5030a86c34a8f23141e4df", "U": "0419a0ddf46a876f0d48d568b32c62bc2d943286c1e7d1648d1957dc4c9f765b50068129a375ff4cf83b34a1a7b6697df08631c6c800bdccb2ad2292a45f549b07", "SERVER_OUTPUT": 0, "V": "040d9ed5a12f40971d3545a589cbff5c25bc28defc5127c9538d985341c88fa2961b9ec7eb2a69bbb4d265f7aa8cdbf55ebad3e6ab5436cd0f0bd68a1f52a51d4b", "Y": "15423f0734c27df8eb7d655aedf0f79d489c1b79c4670d024969f731b9c8bff0", "X": "175821b117a4d69c9156be23ea2f2e1d51215c1dcf537f22ea770f02a4d1eccc", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"7b88d2c68479776cc85dd7af195310b6@certivox.com\", \"salt\": \"95468add1471be99356beb7d54df22bc\"}", "test_no": 17, "UT": "041c34b51a8c2d3049bd8efece36b0be88342f6fd98d802625a0f5d1c28a876fe00f0bdf14e470952b5f4af97c6761f981aeed159cebec839d7d7c7805db5c63ac", "MS2": "0e31b13e7508005c4c2eeee21cca8
4f1d0da26689f517083372699b59bae0bd5", "MS1": "1bcd1ee366c077339c170858e06ab6c13934bf3b81c46e2ba21e0fd4e4f1beea", "CLIENT_SECRET": "041f89b50afc3fbce0c99c8ef1081ce0fae6efcbf33c34fd095bc7373afac7c7581cef5cfd6b33c922493a6390fcb58cce8c5f71bd19fd501772a2f6fdf1c08b9d"}, {"SS1": "1b13d5bdd518a0e5bb38e3f5bd71a77fd6b9d40adc72915584167a669ea5411a057283debfb2c5ef071760fa04ba99f623d7b52f69fdca73cabec850040ce38f0c2a6e500acc1b1fb73d44acaf749bfd902d1a1f62c802360563232f4eb8426d0c004a6c1444dc968ddec4d8885fd6fa87bfcf8581c83057682746900f7b4de0", "SS2": "2265b195fe3ca45759ba449bcded1c7ad680ac9b2d02f7157c1f4a374203e05e06927f4216755d9529b7174638f9aee6f71c14c38e27ace0a33e8c2393d8dd2c05400bf13de8111ad2aaad087efcfc8d6442f6308c488be380435cedd6e6d9991832438b175db683c871ad613d36e8a411d9facd0213a83f1b348713ec823b22", "DATE": 16574, "PIN2": 310, "PIN1": 310, "SERVER_SECRET": "1b6309d810f8f389d2dda4924edd397097c988fa8e86507ed8e89505a5cef55e1e10b9176251562fa7af7c79d18e29ffdb99971ba455ec80182318a5a860b67622caac3a48
4c118d8fcfd4f79e904a23abd9b9c0ddd05e563f56936e5f4b38460a1dcfc24d8c4d8d085902463fbdf42ea2cb8046c0606d31a997a51199c7d8df", "SEC": "0421c6d42d2f5813d039ea120012da0a3a104749bdd1d44cd8eedaa6dc8f41f35009a63a0d00c074825ecf0c69f6eee035dfc73d1aab2a1e000d9e65c2c586fbaf", "TP2": "04038d28a64c904ee881a16218fc186914d9db5f0195bd1828e697a259932da5c70fc0f545fbfa7e5835e3a01e00ddebff42f56f009f2f6371ae4f949549fb039b", "TP1": "040b7996ce2212246368d23b94ee9c1c821b94fc90dad8a76e96de0d0500552dfb01fa0b3b2b4c0dd95bad7e2d5e42f5521bda5f68c82d82a639d26435285e5780", "CS1": "040f749c883b3934c13a5a83fc245fb06482a6e3d0fc866026d1539e5a2d3a2b901ff979b53cde52fa81f4172229c900c4cb4046ca011df29dde50e3e62314d465", "CS2": "04239128a1f91f67a750484d17e24589ecc7e7307d95443348415ca2c07f13aed007c1ddfb587e00329513bea4c780d498399633a4edcab04b497333e51065f68f", "HASH_MPIN_ID_HEX": "8126d16b9133439e351df78f39c7128ac38419154a66c19c534b20a5558208b8", "TIME_PERMIT": "0423c766d8fee75459a98e834187810c539e7d30176fdd5b3daaa886d403fff8442
20eae68f145a41ff1df998265e8d4b6c612ccbcb7c8c0932a02e3ed3687b529", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223162656538313032376663663061333333343338313761623465373531626635406365727469766f782e636f6d222c202273616c74223a20226461363464613362396635346238626235363931663361306435393834373139227d", "TOKEN": "040587a1f51a3edffda7de4e9a8809625d70eaf270a00937ec2bb9118a7cc8add919a5ea5673427fe9442bd7a770e7696ca7adc09f91a31af7c6fb4e3131b5af63", "U": "041943f21db15c14e6cca37d66b00a0f0b6d966555b385afb83610e6250bca60ad1963ea7d6109af95e48bc54cfe140885a51d6563fa1eae32376c5562d35403ad", "SERVER_OUTPUT": 0, "V": "0404283179ad16299a621260a860b0ae0b1422c7cc1e3aac1e00782b585221eae01e9b7ba57a3a2ce9ddbcd4b9b4548db9e8dc29e114ccdda55015e5977d623510", "Y": "176778c1180770a0b00f157ed313fe36bfd62fe03a4254a5c1b7ece95c7cd15b", "X": "029496aaf0a0099ccffd2d23fceee36d2eea0f1ce8df33fd9e2137016f256197", "mpin_id": "{\"mobile\":
1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"1bee81027fcf0a33343817ab4e751bf5@certivox.com\", \"salt\": \"da64da3b9f54b8bb5691f3a0d5984719\"}", "test_no": 18, "UT": "0402617c055cf2c4ee3392683ae8b22ceebaf23558eba7b51509f68d88c342d56d144a6b0601c98c80e959311b45bf95979d9ff49b2df654c07847c75afca615a1", "MS2": "23f7d88400361768fb46c1acd10725aab7fa0dfe607a7305614d81612336f2d9", "MS1": "175d39d7303e5623ff32aab5832009a5c51f3ec03a35dea1c54f6c473a0d4141", "CLIENT_SECRET": "0403651204ab64db2be813bcf7fc4f40316e09087e9f1cc362ff19a21d43534f4c14341073c908e3e6e4cea94a61881d79af4ad796e7f733689c541d2bd992127b"}, {"SS1": "0c2c4b97dc9969ad66ef20587e883c2d5f867442f9f7fa545026dbd2ce2499200fd6a7bcc34c11dc9278ea58135e368c587d3e934be6d63c356096aa750354ac1296c3c70f62fff5f23c9dbb4b633f12a1a177f2ab0af3a07be54af2a5148ea50d2b4f509483f95b02943004dd1a40501e982fb065e63fe08ad0c5fb334d56e6", "SS2": "1823eb674f874fd72c1df79c1d4e170fd13db98bca78ba16c20726d3a5563d61093efb31be920f091b78d804a7061c9f7951d4652b11dd
85f0d99d25c3d8688604c8ea2e8a513897eb2ff883a2ccd66d4d85c2c183bfb0cff4289c08fa302dc31f418337c50d09d03305ef029b70abd0059c6671e26caa3a046a1b326189c665", "DATE": 16574, "PIN2": 1292, "PIN1": 1292, "SERVER_SECRET": "18ba0b042134234a51d5b29ff8aff18a65a2e457d02f740d2004d0874624576902acc637d52681a649d59cea5aa01842e95751f253efdc07f9f262481f37ad2d0e9bbafac56e85676f8f37049747e5fe8fcdc0f5ce309dd471ab3c722e84128d179a639878f36aa5d0169f4aedcdef9008e41a78c1dfae56583b82d93bc6fb82", "SEC": "04198765f06ff5bc5420007d67867cae63ae7a53c7acaaa25ef73b40f34d5cdf820a32c2fb2e5f750b86190fd07e026055c8407b0e6e312f798586ef078815e9d1", "TP2": "040ac3c0786471caa1c483ce36f1555637ffdf0eedf0f387643cc1c4ca7fd3588c22971b28cb3580ee5217c14a12fd2e29cb36aca5058410d9ac67d279cdd530c1", "TP1": "0415e1d84d6c9f42651b4e2a1e44e1715658d21afde5612c85989303e0861360281ee5477620e9d25347033dbeb835bde130588626f19a24d31c7596bb97f7582f", "CS1": "040c90ed265992d63c62203c461f91cda133f6ac3400e834f6af1a508d6b07bf6223e072e91f866424d2896900b34bf2b
00b3c23141aac9514fb8fddaaa68aa487", "CS2": "041b63fa2e87526bdfeeeda00ec237ca79111bcf7b28a8596a3f1559de7712f0fe1928d70f21d32d8b11b605b5ee38c4583a196ee0ec508b7f61774a6379ef30f3", "HASH_MPIN_ID_HEX": "f8b557127f626afc32995963b7014077916b427886353d31fe765e3f2b6ce36d", "TIME_PERMIT": "040284b1fb492b506eeab210fee2e1662dbcd76bf32e91dcfffdd4693d89b723b21256abc867fdf0225863900295c1aaaae441df6f072810c6dc344afe875b24a6", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20226162613537373462306338333239313438303165666265333763366430363335406365727469766f782e636f6d222c202273616c74223a20226636313836663136383834323135643737303830323465393464303836303035227d", "TOKEN": "041c76b545fa858697f1bc8e1b9fd4cb70665c766014ff0d31ff1b5562ca760312225f993733b489552c148f7215d1b160c0489ad0501437c57b4ae588ca76b93c", "U": "041628e73f8c197247653a7dad626d2324af41e3b7e941dc3e9001c67bef3fa8cf0563eecb288ae3bc2a730a5f26592fd694dd9e4983b4c16e1
bb6421f94c0f3da", "SERVER_OUTPUT": 0, "V": "0405b053edff721af4378cfbb3b0bef4f1fac179f6ac29db9594fb6faa96b1fff0112f430a43a8c7bcf48fe969efe0a9ec1ffd8a3071362b11737f2710fdd00560", "Y": "18de3bfb920c9c5ea3a0481aa067df6bf4db60083949345a01a113a49a322a47", "X": "20f7f57d7f8b266fb083ef23896b2936c1864c14452bed2b0c0538df2719c272", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"aba5774b0c832914801efbe37c6d0635@certivox.com\", \"salt\": \"f6186f16884215d7708024e94d086005\"}", "test_no": 19, "UT": "04091f85c760936c842685531e87f0375dcf1541904526a8c9b369dfb66dea8cd4146471eac084c3d2e310d2df7fe0a8b7b70718d684ece3ca088351195db60089", "MS2": "0820d6f4611ea8bba62497bb11a80364c5b03a44fb07b740b405a9777598154f", "MS1": "0e50d70385fb6c0bb4467b156ba603416aef6c215b24c49467c8cd0cc04e849b", "CLIENT_SECRET": "041de41609ec71c8afe088b5702a96c788dfd92e443130c1b288aa2790488467bd0de5a306084e1b2521cb00d1ea142fbfbf84ac2ebce64cf27d48d2cd54be0718"}, {"SS1": "0dd0c970af2e77ca6e2543469f1b3
f5d07817a24dc43b3935d041d7c6f5336db160412530bacf15ea14affead9593d11f6fd3789f97f5e95ce9cd36cbcdc26751b3e0604ab0d81714e06f76cef87ec1494231fcb41ef193b5b2023cd74af39d9030d0c618817962d6a82a7fd7cf76385e4903e85c8df5ae17da05fd66ced2135", "SS2": "0c65488a3cb5e84e3d85d65e3303b99ea0dea7659ec9d679615bfe343eb207ca029b78a5fbd66cc46f1a0e7b8f17878fafd94ce7fbb7d76770b927ee083f6cb016745be36acd7844eb93729652c70e2760fa38e4f56eb148787d52525913a87407d5457ea6e7f459ecb545fbbfad566bb2087d36d9572afed5ba513929ad6b24", "DATE": 16574, "PIN2": 7885, "PIN1": 7885, "SERVER_SECRET": "0366f02cfa04a04212a4a9b7c259201b86cf9f93974f93a3d5ff3bf956c33ad71e3cb09e921c9ed104f82f14d737e8818cc6f2546bdc429816477950e965e4eb06e23cde92b42c92bbcae7d14fb4545021d9c0b70f43f9a733657aaeb61ec2ca16abf6fd0c10c4e1a9d01ec066b6bcc3f4ab3a48477fd93b1b9474eafd2a00d3", "SEC": "0402d9d649326090eedfa9685916562753dd62e071d51d72b701ceefdd5d4b9bf123ddab21f8d860addd532e3629a52b6526586181260b84522c48c508f9da16d8", "TP2": "0400040191dbb089037021337c1dd7f
ce2258dc9b5b45289cb378aca269275b7a3225b43eca6ff00c804ef04421d075e74d8d21b5e89d09c5306900593151fba8f", "TP1": "04209e1b485e3e73d3f3215cac375d13d4669497fe5bd3d6da9eed2a99b4e399b61ab0c903b2b3fdd3e2c44cba8144324ca5d224ddf147150403f5d873bfa750dd", "CS1": "0407d60c02b80685c7778b72fea5b9a149e2b51d969b6b0644c77b74291bae1d3d2134fb7d21eeafeee9c7d67ef050e40a0e418bec4df4da1a51745f345d6e1f00", "CS2": "0411fb6c798909802b581f2aa35740560c679b6e396af76172cfe6b7d07cf469300726ebe61a70f9249a3a7ecf72c6cf5ff219676b9fa90a1632902c4e0c86e79e", "HASH_MPIN_ID_HEX": "caf266b7341eec261b46d4c1bfee08062ac32bc49e4a2b94c9b7303280ded76a", "TIME_PERMIT": "040524e4b847ac3da00347a0aaaf7a7c0561bd92d5fac5ef037bad5a38f268f06421219837249a6376d49344455aeb5dec97e31b10a4cf47ede61effdc40d73176", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223062303638336230373936383964616136363062306535646236613437663136406365727469766f782e636f6d222c2022736
16c74223a20223633306433636135336462343839623535303235626162363435633166336431227d", "TOKEN": "0416a44ea26234ea91d44ae45c7a71ffd8da71d2f7e97e6a0251917cfd32aeb5c51beaa89d67b49897f46140327342ffd0878ef5b44d63d2423efb9bbd505d7df4", "U": "041cb15cccd63d87f2c2cd9cdba9e2cf2f5ffc8e853285fd636565b3955d8e63d91d2b31b5fb1f438af0ce6b517c4512905658c9859dc596ffbda5abd4b8925dcc", "SERVER_OUTPUT": 0, "V": "0405d0927d171fe9e6de34c70c8e6ef25777a6cfbbc670c49fa0c591f976f1b3eb1e4d4121d037d7c2a95753a16637fc650d966cf3b4a0a8df278729564e60b23f", "Y": "17d24953a027a9a5b6f2dcaf3308e699ea1e8c220a3e42714c8208ce6289d22f", "X": "09b77af8686c4a22fee9a8d2d43a962915addaa0a51551f4701e72ca26a4f8a2", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"0b0683b079689daa660b0e5db6a47f16@certivox.com\", \"salt\": \"630d3ca53db489b55025bab645c1f3d1\"}", "test_no": 20, "UT": "041e3f80ec282a8f8d89306ca3965b961c9b69042e9b4f6ce19a5d27e9616ecfd619bc454e13af25b16e2b234abaaa5fa76e6be2aa0f1f13924fcdaeb231f
caba3", "MS2": "112e87a931c0207981d4bbca28b7f267dff219749acf0989fc6eba551f915e95", "MS1": "193b116c85e827f1b1358f929ef572dda8e9d31f0a7e62cbf89fd85185e2645c", "CLIENT_SECRET": "040f19612ecb8d126e40d3fa0c743d17113c04d5651aa0dd40e526708c627b4ab41497a80c80af7520ae5501c67b72d88a6503c79f5d3c80e1fc02b14b97f76e7a"}, {"SS1": "014ae6a9ce2c392877dbd7d4f9b91b40520af62f45ed1e5b3639415a60804b970a28d2e483b7a8f0178045e2e93582c6413afef812c81ef96683fd54a2468f4a04f2bf13a0801952422732bd65ee86fb8b3cae8448297be2543a720d8551431a061435fb492835e93e738b8612fc5dca577c2e304aa1266f9361a160068060cf", "SS2": "1bb85e0ca1f0a13b63a3378404e3f1985bfb06bab87a1bc2fd0a1ffbf1c092130655a4b2e97223d09acabd9faf31898487ccedbb81f49bec18a16fc1273ac2a209f983324f06423383811d42e913db7eebf12a284571e7905e58cb429261e93b10ae4191b832e83ef83c696d7d702d2863d473d5b8990cc187f9a6664f1ff2b1", "DATE": 16574, "PIN2": 514, "PIN1": 514, "SERVER_SECRET": "0c2637ddf8cf939d0b60582f5fdd18e48e49eeee1a5110f2ebe3979051bbdcd506b9c35f9cdb7b88758b373051158
2c0cf80af617c600f866dfe8eaff3dd623f1923ad1879e43e7f2f8738aeff629114c888b7ba5f1657f387730e3bf67556c408dd4376cd423289ab5005118377376a7b59d2b71a2eaa8a400398db58fc8022", "SEC": "041d912fbc7c9f720d58426c6b4d05f4e853804fe665b81fcae7798b71fe14bcc4154bed5df1dd89dffc0226a2399bc29028559ec9034482ea692e4fe3db1888f8", "TP2": "04073f19566003ffb795d62877f7b9a2ac28181f0eb8149620e7bc6a65864afc2b1c13e696e53899cf6f706d5d712cab089206be8e585af095097e9ebd9af804c7", "TP1": "04053256d167e754b4d67e6dd532c65345c34876633f6d9830995f857a119b5bfa033246818fa4b103adf578fd7fbeeac447dc4f51d620e9d876007fb90dd19515", "CS1": "0405fed9dff1769b0def4b20ebb655b961c09f56706ad7735d4277294b3b938ff91726666f4797f0b08324565f3df663030a743290d052751c6d3899245dd0c69c", "CS2": "04185d1af89ed2d1527a019350e795a98d67bfb01aa5a0654cd82c7fc1d524b5da0df64e79fda148a0c0aedaffc4ace71b8ba1cce1c2630260bb393cf47bd2445a", "HASH_MPIN_ID_HEX": "0cacec648e8355ec4034564a536e8ade0ce3188c991342fab92aa2071632f0a9", "TIME_PERMIT": "0415cd48ca7dcac0dfd98d
ddf0c5ebf52c199d7a8031821fe07da7ff0a74b2f51611fe05cf7f1e86f8d8b4dc18b1407a069acf335ecbae1ee2e20cb9d1f2eab95f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223637346462653664353730326530333164313038306633653436616533373535406365727469766f782e636f6d222c202273616c74223a20226135616632353939613432393135613630363863326461383639343337363936227d", "TOKEN": "041d661b718abb7296faebf974f0f77bc4e47931476c003d0e5bbe2f7e2faa0dee06349b7b72b541030855698f0656d01260d2a8d7316cf7197986a39aa0aa7756", "U": "040e22d7265f10d0ffdd810049e99dd57a1d04ce99331b65c5e1901ddbc26f8d481ae64d1bbd56a1756261bd30096daa469b8ea63e7bf3a4f2185fd3817a138d98", "SERVER_OUTPUT": 0, "V": "041b96190d64c330b4bd04b05406a1a4a9a0e19684a679950f445b050a09addd531dcfed51d0c56cc8a6ca4e40bd729f8ac52adad3dc59182b3e32f005234fff79", "Y": "1dbeee1d8bc8b38c2ee8ac785c7306ee9928cc0a8f7e5f42b881603673ae2aa4", "X": "234eb04090e2787217bba29c5d700b089a481e7d288bdd2
ecb2a238c7bc052ad", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"674dbe6d5702e031d1080f3e46ae3755@certivox.com\", \"salt\": \"a5af2599a42915a6068c2da869437696\"}", "test_no": 21, "UT": "04004df0c878150e3dfac838251434bd860b47db0122c48b96539cb01c3f7e0ddd0d12e1b8e6f7a7fccc9f495b38699512c32cc688afb669acfacecd0dd18274e7", "MS2": "10ab1a81bd404cab14df9c47b0e4b4d7ae3873c05234f617127a7ace06676533", "MS1": "09be2d818b9c0bea45cd557072a866dad7c4602706c6dbf9bd08e0a25ecc25e7", "CLIENT_SECRET": "040de184766f4a9f38d10a28fb3db5fdc027e0b409ef56ca29f3477b5c8eb3690a17d30ba084065cd2be626b8b1ab4e9c4abb3244702f795574d51d331e6b8fe1f"}, {"SS1": "0cc291668f7952b9055779656924b7c198947c8e75bf09edd7b1beb0f2ee5e06172560301b209c69e2bc0b9eb757d6192e87683bb260ce8cd33800dbd1995c5f1762c00d0cacd6de49bdbfafeeb0d35ab8e4686f0f8ec7f26a07e5cb4cb3d0131de18aae447a09f39f5c68714be74e395d00bb40261e71f9bd00f4bc2d6b7ee5", "SS2": "00562cc9c42b112ce89dae86a595e7fc37ab3a0a0adbd573944c264b191242541
2d00f32c88c2a4f12c51bddb517f8dd6d52449f5908641cee8f7312775a633d15959fc03d5c503f3d3477822d2e7d3f297884c9f5324ca6d9c2e7732d4b6c6e21eaf402c5774a4ddb022963a8ef421136ff54c6103f2b762a328c4c97f344b5", "DATE": 16574, "PIN2": 6647, "PIN1": 6647, "SERVER_SECRET": "1de34ca400b98aca525864e01937daa168cfc59ef7fbc87283a9cb5d20ad6b840c352c9325af986521016f3df7b641f1772e5f207b6ae874023cbe9ebadc248f18852799f527a077c8ae3c61cf018637719b36afa79038de73ae79e12fa776891545c018c7c9d9bcd82db0fbf6a20ae8563ee4a67fe42fcd5136fcf8dd858920", "SEC": "0420808fff0df89f2183d1b925560657eea5e7c8cefd2f143f996bff9d45b359ab12dbfdfcabbb1d7bf2547da230148bbd793d53bb09bcf484474b0eaf2b9523b8", "TP2": "04075028b3126e036d8d1976f75ae6bb79081a7037f0cffc25d6e60a9e1a1006ca1692d7cc93a8223f10e1a69f639a031b1bf011cdb8be2904eb5ba195a01be223", "TP1": "04071d4a225c688c6e73b5d25c62d50123c009c486df505a3a24c130fd58fb0a8d15f8bc09d150d78d09814e78333b8044bd6045912ec72487e661263051b9b110", "CS1": "04198d5152ecc159e987a63e1f87ee774dcb3773756cd8ac2261
0ed7537d7f2ba013258a755c9e4f33d628a074d3d9fb7313ae5e90d87daa59487816bdb71c5bc9", "CS2": "0406721b44cd168f9fb5277c9769af188c1f1d44710522e9661b7a210ebc7c882c03c52ed27499816ab2028580e2c0185fdc77dc1025762f9decb44a68114983fb", "HASH_MPIN_ID_HEX": "c3e62a8fb543b5256b5db5b2be0ae8bac8bc94f9b6df95279628ff8ddb8a5c73", "TIME_PERMIT": "0416fbf0f43a1c9355be1fe45a19805c3391999d4454997eea1037005e67b84bfb0d5968bc019285959572f81a66e696e07c63bfbdf49c3134c961e1dbfe54a4df", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223734373362613565623538613638316539313839303263323836343362386564406365727469766f782e636f6d222c202273616c74223a20223839353265326438396337333366346166393236653163363936343036366239227d", "TOKEN": "0407750d6b5115a1c9dc66158658aaada1c5fd9868267e3e6064179203241ee30222738d54148d5853ce33aedcadd41dfecd98a908375f360203f0828c95b9a966", "U": "04022bf761b3edc54f519f2c3301ab626323103b962c6f632c2d412017691746e10e07
c12ffb85cb95340f2516d3c963d8ab515957d3dabbd23085b97a226cdc8a", "SERVER_OUTPUT": 0, "V": "04230ed63345122cb191cd4bb56716a2737407c581c49fb36b8da1810370367c2b078f755df8777e88b7166e6bf4706f497093d54602577c5eb753238a5ee7cbee", "Y": "01bc4895a4f521ec15802c1243704e1f7a3e516b9ccfe03f7570b42cf446a9ed", "X": "15abce350b88dce401b4f7b518863a0b76ea5d8c42351f78196a5f98958abe84", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"7473ba5eb58a681e918902c28643b8ed@certivox.com\", \"salt\": \"8952e2d89c733f4af926e1c6964066b9\"}", "test_no": 22, "UT": "0423518d8ee8f13486bd46c158c85a0ff1327b7abfa1dc077869860a4d245a84061337d101e79010aed7ddbc7fce12e73a47b03a99d31841819eeba0a207f6eee2", "MS2": "1812f69ae302f0e4c82141c17ccf0e9ff3e3baa6ba9ac00ef1db858a93762ec2", "MS1": "0d02777320e1a682d3a30b1ec321cce6c3d6efde89dece2667f807e13d320568", "CLIENT_SECRET": "040fd72989e82f0bfab933221639231631f7c8bb7d68e0ce845e4e887f56c68c8604b524766c9137b46cd93f8f867e55db4a00d29eb2fd616c12a16c51d8e77
2a5"}, {"SS1": "208127511894e2b93a7a19b37923409260b131b56e767358b63eb06419650e1605b69d512e469ab3e72c6266d22274b8f8763e0441ea1b2827ebf6f9cff1621219670bd7fed9c813f41c0e002887049d34afd10fc60e7f8bc2dbe426479f1a8e194c96dcac63b8905b30951d4b70d36bb105b2be634f307e68fbc820a3258127", "SS2": "04cb55f642909b8c2282e172c6be2221d8a423438573926a11687242d2d467c31375c5b53c49c359e83ecef6397c40037e18cac2076825adbb4d4afe812f16ff23b6dd56673cbc7d8cd0af17f4aa661797bf6f8771e554e1464535f0348efd6a16b955a3d96030490626bdc331c9a4c59146a6efc961b6bb8a35205210847047", "DATE": 16574, "PIN2": 7469, "PIN1": 7469, "SERVER_SECRET": "182d2edacc2f4cf6baad75936355e22af31bdfe459813ab3b9e6a90d69fa2b501fc77052784845d3fd7eae3f0f6c9b461f1b0f47cce48c6dcef19767baa6fcba16bcda624ed64ce2c43a9047d30bb25c6efd90cdab7f488c8fa5804655eba4f91c386d4d5a71912acc268adc9eaa6aa5928f3919bf78968ddc6b35569bb2c337", "SEC": "040d982f0e45adfa3321fbc05256502a1e7bde7e617c00f3478898af996aeb346a107ef57165557bdc224fd0a54bf845987e644d633eabfda8cdd0968e6b7d0
b3d", "TP2": "040351e5b2157f127e4d1e2c1e71e162adae3a4ce82f2914a2073f22c7e83577b60daa781af3f663cd37583afc93d5535ee6a43131edd1f504f3d95f5317994743", "TP1": "04029e23c070feed99f966fd5ea0c7c5ec2569856147ed95a4cbd3fb2caa89eea7083ca2c048543694572edcaaf405d0de2478b55010078ff2a7088de28513ef44", "CS1": "0404fb860a5f1c200fd2b6fd3c3f3f7e5244ef335a16184dae32ce51a2fad8aa2c20819be6eddf0629e76e31cc42c79d9ec2d380c20bdf4080fceeb0a2edda8870", "CS2": "04190ea3e1c147b9668268d8d985d2788a56f15d7be5db72d490a30e26830769951087aae74754332ae31d59436f727e981a329efc471cf217638bfed88e17c354", "HASH_MPIN_ID_HEX": "74ac22854525087cb79ce41341b006fb38df44b56cd5423b92878e73bc60b86c", "TIME_PERMIT": "04003c3ae91538d28ec3b907bd22c943210e68c024c7c596977b3ab5849b1788dc031ddad391ac09ba5e87f3f7478a6704776880d0a4213d3a3d1df76be46e582a", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a202233383261353935613563636561356531363565643761346461663333
61383137406365727469766f782e636f6d222c202273616c74223a20223035373334636535373638303764323534623264636662306537626134346439227d", "TOKEN": "040fb3ffa1cbff82b3c91afab444afeaa6efa9e0ccaaa81b90666355388b7a576c20ac54b7e4629257e10c718ff2864aa560b8b53fb1cf27b1b9913fcad150d036", "U": "0423c338f6ca440713eb3078629a3a0d39158cb2e2b9818136408a450adabb4fdf13393824951d58228aaac3ee4478cd1f3132186b7a9790d9bb8b9454586b16e3", "SERVER_OUTPUT": 0, "V": "040e8e8ef6dec47b5624b9513002c20309384196616a4ab99fb935207f63ee5d870bbbd8bf5a70482bc97e622b4b93bef1bb3c8fb334e5239f11bedbf5f189e112", "Y": "0cce89c6f8ab07bb89e41cc9760d7aeb3f22e302c8ea46defeada61e13b671f8", "X": "042996fc7381b42de783dac27438f93643adb3eb63686108c37a7c014b037249", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"382a595a5ccea5e165ed7a4daf33a817@certivox.com\", \"salt\": \"05734ce576807d254b2dcfb0e7ba44d9\"}", "test_no": 23, "UT": "040cf4ddde664d96862d209c69e3c98d27a58c32d25e02a8ae76c9fb9f781afa811d954fca806148
22e60e2eba2bd6d27cd5cdf9c2448a6a3fd614fb8690235c18", "MS2": "1a69289245a6b45359aeaf36449eb7a7dc2b453e50c678d9b52b6fb334273916", "MS1": "1b6559c93c764f34cce1fb61006b4d418928ba005d0114b9a87f4e2118e5bebd", "CLIENT_SECRET": "0402b6ff92053bf6d4c61c29fdcfee20133867c859905fc9dd98425f95e7f63b420b7f8473b661d9aeb3705f7483474e82b483b6ec6094c91d032facefd2de9cdf"}, {"SS1": "05a2b3a6502e3a59413e52b0ece27c3d308f5a3f30061f600f7c43b277b335bd0bb6a20942855b5cfbe8475b1f5457d681779ddd15c450bb02dd1c7d07c9698b0a8bdd0db6cfef47e28c1887439d395f1cfaac965273468ad33de99325735f2a03ec9d7b086642d5644e563645e30ba82eed30d7c8b673f7caa2963a70e7f07b", "SS2": "02f728de8e8c465251bff7d36baa34e27cd834f9cf051ced7208a9d2f662d930233379515dece8d8deb1ce483f9c5cc11597468a48696cc4776fa29d6bca62d416198e9cf029d806dd0b782e69302f116bf04cf5ed297d0ea0b67c463dd3e50e0c91da01d94bfdbbaeafa874f387f73dbfcd3727e7b2dba9da1a52b47da27e56", "DATE": 16574, "PIN2": 2524, "PIN1": 2524, "SERVER_SECRET": "2371db2e3582241ad7149dc0c52244c7b991137b948e0e
afb6a8ef5fedd58840106a6d420ae7d761bf1bd95568d74b5956e1268053ead19ad143a9ac48177b3414d4afc66c654e504ee441e144a58ce247e09085ad4e58f0bf927d8d5376c8aa1ba85ed1f7e94a65da9fbc64db83564f5a9a2c1b959ac54a1d2562605a6f9c99", "SEC": "040aebe499cfa5c24e1eea3c9fe00101eb7d853a60e92194882fe7f1e5ec555d291edffef264e2355c9cf589fc578fe91f7208bc04549e0794aebdc9bbe2f8a5d8", "TP2": "0418bb7a849f5dbcd404dc4a3f14269310e6f028496469bebea6a1c410de14de6b130d5ba6be03562070a8371881ac01ad073956759c5384947d8fc271587765af", "TP1": "040ff0a5c162ea4d0248682a38a0e63ec280a723fefcfb8609981d98d8aed267051119796d262b6e8d33ef45d76b233f869ff1cee68009995ce1dbc1705f144913", "CS1": "041d6fd44cf624bd2d08429c6a666ba054ae51b90b4cfadd7050418cff5da9eda90131aa33f1d042ef25059792d4b9bcde172abf992ac128c1078f5eab80f58298", "CS2": "040b4d67e12b86a9f5d02a148addf4a32d2362c28c4389b4a4e5cd9aed7a5f4e0d196b42b4a98b8a20488f08686e61b9e63b287ddc19c906c5c8b1fec2949a750f", "HASH_MPIN_ID_HEX": "0cd096d8a85c3218afeed65d667a6207b346f198141da3c0e04088ce1d
e06184", "TIME_PERMIT": "040751bf75401f8bf72712fc30beb17169c2bfce3720ecdfea834e416e3dc3e2630b18168cd4413a0031990bc0a7494b9b1f84def0ee32885817e402e9e560273e", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223031316562376530353631303837636239306164333263373765633931636262406365727469766f782e636f6d222c202273616c74223a20226463306436396437343561313830633930646165666635316634393533353262227d", "TOKEN": "041889f73f41b7b5cb114dfc33e2d3741d34ace24e0ac888f9ec08d90200c7c25503c9520cd2d7578b4695f4d11cc3b158c443e16df83a6f408f47a7bd802a1230", "U": "040c338e2270e800a65e48750f97463f28eb8e30fb33250325387a7e2c4062401710706ab4c59fea9a407f527eabb1c4c92db43ab4149f5ad6343e201c597ee24c", "SERVER_OUTPUT": 0, "V": "04155b9a44e35577ee8a746c13f8b091f1c2f0683fd3a711e074900a5b05b67d701518bbd9f60cfb21adb5dc20fd207439a825db2ffd1ee41fc2b3d8be4c6b6f24", "Y": "1dda40ba4196de9785aca8623ae51c821beebd515d24f5771b233b656df6a90c", "X": "
0a029a60905ff26d4b38859287f721b8dd91f06611859e5198f3c6c771c76baa", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"011eb7e0561087cb90ad32c77ec91cbb@certivox.com\", \"salt\": \"dc0d69d745a180c90daeff51f495352b\"}", "test_no": 24, "UT": "040c58bb659f9fc19b82df2a5a80bb3efea360219097fc43449bbfa0a81a9a933505dafc717e2e7dc57b984a9019f0dcc1799db781dede3cbe1628b3b0db77ebcb", "MS2": "01f3ccfc7a6f10beb2157a23de28cde18cf6d69afb8ab7dc83047a4ea9fc3457", "MS1": "0038a0f9dadd6658d0690c4aceaa60a696e2a125c696762d3a1c16c56294cd59", "CLIENT_SECRET": "040a301d90524959a4a4791d68e23fb2ca294dd85994a22a8cf7ce634a16d9ec4c1cadf3017bd323bf20914cbd9e3cee9a8981a4a5fdc491b33b94dea6d57877ec"}, {"SS1": "1eedbf8b632a9b9bb18843439adf10de8cdafd5b216b9cf2a0cbc81a2d9bd0f2029ed74a59b1a4deceedcb9603efc41f582c079323af4218c44f71322e9bb2d4060c13f2bc014ad201e30867ed1585b93a846d3d53cf5e7b2e24c9ca08a6a5c4223300b56529773d2a80e284df8f9b0c528a3eea40081178efea218aae0b4f91", "SS2": "1f4150147220718714
36e174cf43c0ee9de3936979ecb646f970d24a2417ddf515d0217fdc3af8dd3b57353dc29ddbc298e20d74ae0b1ab1ffc40a1303fa41be1f57aeac96174d5bfe479e9fb506df260c083e8ec2b3d120c006a13e6136921b09f8fe6aea21aadabd24e3026a5e0566f35d82520271af8a167e46159bf26c97", "DATE": 16574, "PIN2": 1974, "PIN1": 1974, "SERVER_SECRET": "0d996446b6a8a1172f5ca00af2d4365a3dfc44237b837854a3a2492b350baf2a14dc6fca4e15cd2ad213450bfff376c8779656ad782aad6592e529ccc3cdbca7074e3386f905f8f172b2e6f7a4ec365340c3d46f2c2ebe601493cd677c1998e516703755d45a041b1d6a02d8636b91b6ff63549d3031ead42ba0b2c0eb80bb6c", "SEC": "0417e0c0db3a03c05115dffad812f97912c6aba59538c92ca1c05fff18f4e7e3a703dc12719171e4fae7a14f4466e84535d49d6b8c2930881fa599d079625ea0bc", "TP2": "0409e088916e27b5ed082971e62ba469aa381034270cc56de50fd604270c33dd3618aebdc9ef5ef68fe882e0db4fe9293994aa3c9931430765de53b4e8b72b2396", "TP1": "040ddd64aa91d60f73bc7112678aa94d8266db234343b1baea89bea3f02846cda40eac9aa156d45009ce45951efa06e917ef103ab0d0e435ee90360deaa79181c6", "CS1": "04018
0e4fb5079f3325e0683621e61fd421f8a93c9009c92d5e3852571a0a88c52158189454143f8b304ee0e7b83eff75fe2eb9948802cc461de4d1f95206e4c5e", "CS2": "040c68898288b44352c34923d7ebc664fa68747c985ea50e67a0949d63f84ce85104d6b1f822e1c424712dc077d493751f17df3154983d25e4d17bbb5b149d72e0", "HASH_MPIN_ID_HEX": "8b1bd9a8c376c90af85f8b4a79fb4c893cda8814584d166ed1fe5e7d6780b853", "TIME_PERMIT": "040bd9d4a26b04d935cce222b6ac1a9a88b4b40b223ba43468b32a5dc899b4131806f25be9989f9b5ec195da7f32a708b138c4b14fdfc95648ed167926765700d1", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20226234393231666363376337636166636138376430633961376135333766313864406365727469766f782e636f6d222c202273616c74223a20226161666561613066353236393132613330316433623433336131376636343461227d", "TOKEN": "040064efa04e5706c7dc98e6238b22ce5711674dec996f521339bcc1ab8454156714a276233a17871d0f64e2b3aed011dfdabeaa577ebc300bdd064f69dd4dc39b", "U": "0417d5195d07bbe908062c7
fabd6ae470ceced46de77ca7f0528a38f36d072111e0563d9dfcf5e261d4eadf5df26e9e75a13870c450139c14d25e3e9471beb354a", "SERVER_OUTPUT": 0, "V": "041839b54091b8da7aabd7ddd8e46bafd830481f8452d4c55e3d033c7314afe1fa1a3da402b9f05bdca7dbc58fa7c0c0cdc8a1a5169025f691aa0b29ed0ca1060e", "Y": "0cd1fe95151666b7ee185fe68bcb9043bcc96e9340c64876ce5ff6385eae73f2", "X": "1771c3c82c75a448095481b869a97b8edae96649291382daef2d5f3778dcde32", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"b4921fcc7c7cafca87d0c9a7a537f18d@certivox.com\", \"salt\": \"aafeaa0f526912a301d3b433a17f644a\"}", "test_no": 25, "UT": "04043eb58b5a7338066e9b30e81b1d49d233a926027373f117abb380912c82010221a594e12f9caf08cce40fdb845fbdffc170e945793e9c2f0cb255a004401474", "MS2": "0daa0ab5dabdb79d1679a681b3efbb4061b5cc9b5fcfdf0e697612dc2e801cac", "MS1": "1b05a8654de45628cc4a4910589a258a203021c1ea67ff1e1f0bf0c201b24d7b", "CLIENT_SECRET": "0420d61e8c41b014ac3fb5a39922e2a1799ddee41ce03985c940f1e4e506ecb07817afdd244bc63d
4ea9d2032a309dff62a3e7d6440b84c249f4fa5896aeb07c21"}, {"SS1": "22bb08ee901c5a370a5b1530eae322fbbbbb526968467ff486c27afd7dc5216a23fbc077285f90f1ff13fc94834938fe2665552ff25965975ecff413fdb2367e089075e4fed42eea2a579736678cdb74b904cdec195540636e9e473fe15b8ad803a6fe497d1c0e0b9f0a6f07cf06e8b63a6534e1bf64fa7a7c16395f01b8c7b0", "SS2": "07ba76f3ed7c975f215bb513d5dc0725208367cebbdb6ed937977313c7c223e805371832fb795c3f5f53296fbb1b256d54377889d7ba3fc23a0b055a6a37088a227a951a6afeb6eda3f79a0ca1e8b7984321b192dc10981ff7d3d57aa2b3c76c0cdab0fdb7e191801287b4ca513fc8e79fc7c963a7ecf766c6be8928a084f69d", "DATE": 16574, "PIN2": 2465, "PIN1": 2465, "SERVER_SECRET": "1f4ebe644e77138ee521641b0bd32e3c102962ab6f90930d7be763476fed117109f420c389c916b21d662072f44fd3b11147ccc20db716fc878d4d6389569fcd078734865cd83f283f9b7a2903cbbf15bd108a0763a6515b25c15268b3e5aace1515fa87dd1069dd1f4484795a5be3370e1a562846516056b6bc43211497b24e", "SEC": "041fcc5fd609c1d21a2ab293c6260f8bf7edebd1015487085d213dcb73c5456dc820fd067b3693ce
09e35ea7ce6cc0f517fa4ea64891fb3e79b25b6648570b0501", "TP2": "040f47c57e6ba53014970aa9792ae6879d657ead3c4c0b02d4f809eec1950a663b03524fcff9496b6211ac327e0009e317b9b51901f65b97e630463e6aa4a5f0a3", "TP1": "041cf0279ee48cb9912b7d3c990ec6dc581346baa5deb8319db216c71b335bff7215a79042e9a122af3f358fc6081146701016c5b51e829bdcd4ce9bf36d89ec70", "CS1": "0416f33afb9669b44f3b6fb5523ea5e2b88df8217a937eafc34a15ded9ff0bb2391a4d0a42b14083bd2547b5ef6fe64a41e4de1107f0f576ad2c810992542d24a8", "CS2": "041bf56cccb84cf6addbbecd21af61120921c473e84649734abb10fbace40b0c352291bf79194d7a6cf7ee4727cb24259b4dbda7e363ad1e6d4b86d25d651791da", "HASH_MPIN_ID_HEX": "0de136cda78bdca4bae7d8ab3744a9c7def1742f65816e90e678c7ed1b2f665c", "TIME_PERMIT": "040b6c2f48771fc027dbbca50cccf523106d258a82ce3623cf5c18f3605768d3ee1c153af852fbf90c559a9733e01d56d60cd7c8425089ccd0998afd545f31afba", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a2022363361363
4656564363363653631663830623639653339643332656635616662406365727469766f782e636f6d222c202273616c74223a20226666353938653761646661343861343764343362373333393062663738386232227d", "TOKEN": "041a011b091be3152ace0578b078001f6615f2f4d3622283e25dc616e8f04ef9472391e574737f278a2608eb14db8c6cc8173dc778fc7925ffde7eec4bb129398a", "U": "041efddb6f20f95cd299962fc537d3552f65e1d28524d821c789677b9e777959c708e2cc2eda986f9d2d647e655e65e26ddcb3f8944
<TRUNCATED>
[20/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestRSA.html
----------------------------------------------------------------------
diff --git a/js/TestRSA.html b/js/TestRSA.html
deleted file mode 100644
index 6aec8dd..0000000
--- a/js/TestRSA.html
+++ /dev/null
@@ -1,78 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test RSA</title>
-</head>
-<body>
-<h1>JavaScript Test RSA Example</h1>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="HASH.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="FF.js"></script>
-<script type="text/javascript" src="RSA.js"></script>
-
-
-<script>
-/* test driver and function exerciser for RSA API Functions */
-
- var i,j=0,res;
- var result;
-
- var RFS=RSA.RFS;
-
- var message="Hello World\n";
-
- var pub=new rsa_public_key(ROM.FFLEN);
- var priv=new rsa_private_key(ROM.HFLEN);
-
- var ML=[];
- var C=[];
- var RAW=[];
-
- var rng=new RAND();
- rng.clean();
-
- for (i=0;i<100;i++) RAW[i]=i;
- rng.seed(100,RAW);
-
- var start,end,time;
- start=new Date().getTime();
- window.document.write("Generating public/private key pair (slow!) <br>");
- RSA.KEY_PAIR(rng,65537,priv,pub);
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- var M=RSA.stringtobytes(message);
- window.document.write("Encrypting test string <br>");
-
- var E=RSA.OAEP_ENCODE(M,rng,null); /* OAEP encode message m to e */
- window.document.write("Encoding= 0x" + RSA.bytestohex(E) + "<br>");
-
- start=new Date().getTime();
- RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- window.document.write("Ciphertext= 0x" + RSA.bytestohex(C) + "<br>");
-
- window.document.write("Decrypting test string <br>");
- start=new Date().getTime();
- RSA.DECRYPT(priv,C,ML);
- end=new Date().getTime();
- time=end-start;
- window.document.write("Time in ms= "+time+"<br>");
-
- var MS=RSA.OAEP_DECODE(null,ML); /* OAEP encode message m to e */
- window.document.write("Decoding= 0x" + RSA.bytestohex(MS) + "<br>");
-
- window.document.write("message= "+RSA.bytestostring(MS) + "<br>");
-
- RSA.PRIVATE_KEY_KILL(priv);
-
-</script>
-</body>
-</html>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/readme.txt
----------------------------------------------------------------------
diff --git a/js/readme.txt b/js/readme.txt
deleted file mode 100644
index 0662f5f..0000000
--- a/js/readme.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-AMCL is very simple to build for JavaScript.
-
-First - decide the modulus type and curve type you want to use. Edit ROM.js
-where indicated. You might want to use one of the curves whose details are
-already in there.
-
-Three example API files are provided, MPIN.js which
-supports our M-Pin (tm) protocol, ECDH.js which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.js
-which supports RSA encryption. The first can be tested using the
-TestMPIN.html driver programs, the second can be tested using TestECDH.html
-and TestECM.html, and the third using TestRSA.html
-
-In the ROM.js file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The program bngen.cpp generates the ROM details for a
-BN curve, and the program ecgen.cpp generates the ROM for EC curves.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-
-For quick jumpstart:-
-
-Run Chrome browser and navigate to TestMPIN.html
-
[32/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/FP12.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/FP12.go b/go/amcl-go/FP12.go
deleted file mode 100644
index 8e9cb4c..0000000
--- a/go/amcl-go/FP12.go
+++ /dev/null
@@ -1,654 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-package amcl
-
-//import "fmt"
-
-type FP12 struct {
- a *FP4
- b *FP4
- c *FP4
-}
-
-/* Constructors */
-func NewFP12fp4(d *FP4) *FP12 {
- F := new(FP12)
- F.a = NewFP4copy(d)
- F.b = NewFP4int(0)
- F.c = NewFP4int(0)
- return F
-}
-
-func NewFP12int(d int) *FP12 {
- F := new(FP12)
- F.a = NewFP4int(d)
- F.b = NewFP4int(0)
- F.c = NewFP4int(0)
- return F
-}
-
-func NewFP12fp4s(d *FP4, e *FP4, f *FP4) *FP12 {
- F := new(FP12)
- F.a = NewFP4copy(d)
- F.b = NewFP4copy(e)
- F.c = NewFP4copy(f)
- return F
-}
-
-func NewFP12copy(x *FP12) *FP12 {
- F := new(FP12)
- F.a = NewFP4copy(x.a)
- F.b = NewFP4copy(x.b)
- F.c = NewFP4copy(x.c)
- return F
-}
-
-/* reduce all components of this mod Modulus */
-func (F *FP12) reduce() {
- F.a.reduce()
- F.b.reduce()
- F.c.reduce()
-}
-
-/* normalise all components of this */
-func (F *FP12) norm() {
- F.a.norm()
- F.b.norm()
- F.c.norm()
-}
-
-/* test x==0 ? */
-func (F *FP12) iszilch() bool {
- F.reduce()
- return (F.a.iszilch() && F.b.iszilch() && F.c.iszilch())
-}
-
-/* test x==1 ? */
-func (F *FP12) isunity() bool {
- one := NewFP4int(1)
- return (F.a.equals(one) && F.b.iszilch() && F.c.iszilch())
-}
-
-/* return 1 if x==y, else 0 */
-func (F *FP12) equals(x *FP12) bool {
- return (F.a.equals(x.a) && F.b.equals(x.b) && F.c.equals(x.c))
-}
-
-/* extract a from this */
-func (F *FP12) geta() *FP4 {
- return F.a
-}
-
-/* extract b */
-func (F *FP12) getb() *FP4 {
- return F.b
-}
-
-/* extract c */
-func (F *FP12) getc() *FP4 {
- return F.c
-}
-
-/* copy this=x */
-func (F *FP12) copy(x *FP12) {
- F.a.copy(x.a)
- F.b.copy(x.b)
- F.c.copy(x.c)
-}
-
-/* set this=1 */
-func (F *FP12) one() {
- F.a.one()
- F.b.zero()
- F.c.zero()
-}
-
-/* this=conj(this) */
-func (F *FP12) conj() {
- F.a.conj()
- F.b.nconj()
- F.c.conj()
-}
-
-/* Granger-Scott Unitary Squaring */
-func (F *FP12) usqr() {
- A := NewFP4copy(F.a)
- B := NewFP4copy(F.c)
- C := NewFP4copy(F.b)
- D := NewFP4int(0)
-
- F.a.sqr()
- D.copy(F.a)
- D.add(F.a)
- F.a.add(D)
-
- // a.norm();
- A.nconj()
-
- A.add(A)
- F.a.add(A)
- B.sqr()
- B.times_i()
-
- D.copy(B)
- D.add(B)
- B.add(D)
- // B.norm();
-
- C.sqr()
- D.copy(C)
- D.add(C)
- C.add(D)
- // C.norm();
-
- F.b.conj()
- F.b.add(F.b)
- F.c.nconj()
-
- F.c.add(F.c)
- F.b.add(B)
- F.c.add(C)
- F.reduce()
-
-}
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
-func (F *FP12) sqr() {
- A := NewFP4copy(F.a)
- B := NewFP4copy(F.b)
- C := NewFP4copy(F.c)
- D := NewFP4copy(F.a)
-
- A.sqr()
- B.mul(F.c)
- B.add(B)
- C.sqr()
- D.mul(F.b)
- D.add(D)
-
- F.c.add(F.a)
- F.c.add(F.b)
- F.c.sqr()
-
- F.a.copy(A)
-
- A.add(B)
- // A.norm();
- A.add(C)
- A.add(D)
- // A.norm();
-
- A.neg()
- B.times_i()
- C.times_i()
-
- F.a.add(B)
-
- F.b.copy(C)
- F.b.add(D)
- F.c.add(A)
- F.norm()
-}
-
-/* FP12 full multiplication this=this*y */
-func (F *FP12) mul(y *FP12) {
- z0 := NewFP4copy(F.a)
- z1 := NewFP4int(0)
- z2 := NewFP4copy(F.b)
- z3 := NewFP4int(0)
- t0 := NewFP4copy(F.a)
- t1 := NewFP4copy(y.a)
-
- z0.mul(y.a)
- z2.mul(y.b)
-
- t0.add(F.b)
- t1.add(y.b)
-
- z1.copy(t0)
- z1.mul(t1)
- t0.copy(F.b)
- t0.add(F.c)
-
- t1.copy(y.b)
- t1.add(y.c)
- z3.copy(t0)
- z3.mul(t1)
-
- t0.copy(z0)
- t0.neg()
- t1.copy(z2)
- t1.neg()
-
- z1.add(t0)
- // z1.norm();
- F.b.copy(z1)
- F.b.add(t1)
-
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(F.a)
- t0.add(F.c)
- t1.copy(y.a)
- t1.add(y.c)
- t0.mul(t1)
- z2.add(t0)
-
- t0.copy(F.c)
- t0.mul(y.c)
- t1.copy(t0)
- t1.neg()
-
- // z2.norm();
- // z3.norm();
- // b.norm();
-
- F.c.copy(z2)
- F.c.add(t1)
- z3.add(t1)
- t0.times_i()
- F.b.add(t0)
-
- z3.times_i()
- F.a.copy(z0)
- F.a.add(z3)
- F.norm()
-}
-
-/* Special case of multiplication arises from special form of ATE pairing line function */
-func (F *FP12) smul(y *FP12) {
- z0 := NewFP4copy(F.a)
- z2 := NewFP4copy(F.b)
- z3 := NewFP4copy(F.b)
- t0 := NewFP4int(0)
- t1 := NewFP4copy(y.a)
-
- z0.mul(y.a)
- z2.pmul(y.b.real())
- F.b.add(F.a)
- t1.real().add(y.b.real())
-
- F.b.mul(t1)
- z3.add(F.c)
- z3.pmul(y.b.real())
-
- t0.copy(z0)
- t0.neg()
- t1.copy(z2)
- t1.neg()
-
- F.b.add(t0)
- // b.norm();
-
- F.b.add(t1)
- z3.add(t1)
- z2.add(t0)
-
- t0.copy(F.a)
- t0.add(F.c)
- t0.mul(y.a)
- F.c.copy(z2)
- F.c.add(t0)
-
- z3.times_i()
- F.a.copy(z0)
- F.a.add(z3)
-
- F.norm()
-}
-
-/* this=1/this */
-func (F *FP12) inverse() {
- f0 := NewFP4copy(F.a)
- f1 := NewFP4copy(F.b)
- f2 := NewFP4copy(F.a)
- f3 := NewFP4int(0)
-
- F.norm()
- f0.sqr()
- f1.mul(F.c)
- f1.times_i()
- f0.sub(f1)
-
- f1.copy(F.c)
- f1.sqr()
- f1.times_i()
- f2.mul(F.b)
- f1.sub(f2)
-
- f2.copy(F.b)
- f2.sqr()
- f3.copy(F.a)
- f3.mul(F.c)
- f2.sub(f3)
-
- f3.copy(F.b)
- f3.mul(f2)
- f3.times_i()
- F.a.mul(f0)
- f3.add(F.a)
- F.c.mul(f1)
- F.c.times_i()
-
- f3.add(F.c)
- f3.inverse()
- F.a.copy(f0)
- F.a.mul(f3)
- F.b.copy(f1)
- F.b.mul(f3)
- F.c.copy(f2)
- F.c.mul(f3)
-}
-
-/* this=this^p using Frobenius */
-func (F *FP12) frob(f *FP2) {
- f2 := NewFP2copy(f)
- f3 := NewFP2copy(f)
-
- f2.sqr()
- f3.mul(f2)
-
- F.a.frob(f3)
- F.b.frob(f3)
- F.c.frob(f3)
-
- F.b.pmul(f)
- F.c.pmul(f2)
-}
-
-/* trace function */
-func (F *FP12) trace() *FP4 {
- t := NewFP4int(0)
- t.copy(F.a)
- t.imul(3)
- t.reduce()
- return t
-}
-
-/* convert from byte array to FP12 */
-func FP12_fromBytes(w []byte) *FP12 {
- var t [int(MODBYTES)]byte
- MB := int(MODBYTES)
-
- for i := 0; i < MB; i++ {
- t[i] = w[i]
- }
- a := fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = w[i+MB]
- }
- b := fromBytes(t[:])
- c := NewFP2bigs(a, b)
-
- for i := 0; i < MB; i++ {
- t[i] = w[i+2*MB]
- }
- a = fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = w[i+3*MB]
- }
- b = fromBytes(t[:])
- d := NewFP2bigs(a, b)
-
- e := NewFP4fp2s(c, d)
-
- for i := 0; i < MB; i++ {
- t[i] = w[i+4*MB]
- }
- a = fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = w[i+5*MB]
- }
- b = fromBytes(t[:])
- c = NewFP2bigs(a, b)
-
- for i := 0; i < MB; i++ {
- t[i] = w[i+6*MB]
- }
- a = fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = w[i+7*MB]
- }
- b = fromBytes(t[:])
- d = NewFP2bigs(a, b)
-
- f := NewFP4fp2s(c, d)
-
- for i := 0; i < MB; i++ {
- t[i] = w[i+8*MB]
- }
- a = fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = w[i+9*MB]
- }
- b = fromBytes(t[:])
-
- c = NewFP2bigs(a, b)
-
- for i := 0; i < MB; i++ {
- t[i] = w[i+10*MB]
- }
- a = fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = w[i+11*MB]
- }
- b = fromBytes(t[:])
- d = NewFP2bigs(a, b)
-
- g := NewFP4fp2s(c, d)
-
- return NewFP12fp4s(e, f, g)
-}
-
-/* convert this to byte array */
-func (F *FP12) toBytes(w []byte) {
- var t [int(MODBYTES)]byte
- MB := int(MODBYTES)
- F.a.geta().getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i] = t[i]
- }
- F.a.geta().getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+MB] = t[i]
- }
- F.a.getb().getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+2*MB] = t[i]
- }
- F.a.getb().getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+3*MB] = t[i]
- }
-
- F.b.geta().getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+4*MB] = t[i]
- }
- F.b.geta().getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+5*MB] = t[i]
- }
- F.b.getb().getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+6*MB] = t[i]
- }
- F.b.getb().getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+7*MB] = t[i]
- }
-
- F.c.geta().getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+8*MB] = t[i]
- }
- F.c.geta().getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+9*MB] = t[i]
- }
- F.c.getb().getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+10*MB] = t[i]
- }
- F.c.getb().getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- w[i+11*MB] = t[i]
- }
-}
-
-/* convert to hex string */
-func (F *FP12) toString() string {
- return ("[" + F.a.toString() + "," + F.b.toString() + "," + F.c.toString() + "]")
-}
-
-/* this=this^e */
-func (F *FP12) pow(e *BIG) *FP12 {
- F.norm()
- e.norm()
- w := NewFP12copy(F)
- z := NewBIGcopy(e)
- r := NewFP12int(1)
-
- for true {
- bt := z.parity()
- z.fshr(1)
- if bt == 1 {
- r.mul(w)
- }
- if z.iszilch() {
- break
- }
- w.usqr()
- }
- r.reduce()
- return r
-}
-
-/* constant time powering by small integer of max length bts */
-func (F *FP12) pinpow(e int, bts int) {
- var R []*FP12
- R = append(R, NewFP12int(1))
- R = append(R, NewFP12copy(F))
-
- for i := bts - 1; i >= 0; i-- {
- b := (e >> uint(i)) & 1
- R[1-b].mul(R[b])
- R[b].usqr()
- }
- F.copy(R[0])
-}
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
-func pow4(q []*FP12, u []*BIG) *FP12 {
- var a [4]int8
- var g []*FP12
- var s []*FP12
- c := NewFP12int(1)
- p := NewFP12int(0)
- var w [NLEN*int(BASEBITS) + 1]int8
- var t []*BIG
- mt := NewBIGint(0)
-
- for i := 0; i < 4; i++ {
- t = append(t, NewBIGcopy(u[i]))
- }
-
- s = append(s, NewFP12int(0))
- s = append(s, NewFP12int(0))
-
- g = append(g, NewFP12copy(q[0]))
- s[0].copy(q[1])
- s[0].conj()
- g[0].mul(s[0])
- g = append(g, NewFP12copy(g[0]))
- g = append(g, NewFP12copy(g[0]))
- g = append(g, NewFP12copy(g[0]))
- g = append(g, NewFP12copy(q[0]))
- g[4].mul(q[1])
- g = append(g, NewFP12copy(g[4]))
- g = append(g, NewFP12copy(g[4]))
- g = append(g, NewFP12copy(g[4]))
-
- s[1].copy(q[2])
- s[0].copy(q[3])
- s[0].conj()
- s[1].mul(s[0])
- s[0].copy(s[1])
- s[0].conj()
- g[1].mul(s[0])
- g[2].mul(s[1])
- g[5].mul(s[0])
- g[6].mul(s[1])
- s[1].copy(q[2])
- s[1].mul(q[3])
- s[0].copy(s[1])
- s[0].conj()
- g[0].mul(s[0])
- g[3].mul(s[1])
- g[4].mul(s[0])
- g[7].mul(s[1])
-
- /* if power is even add 1 to power, and add q to correction */
-
- for i := 0; i < 4; i++ {
- if t[i].parity() == 0 {
- t[i].inc(1)
- t[i].norm()
- c.mul(q[i])
- }
- mt.add(t[i])
- mt.norm()
- }
- c.conj()
- nb := 1 + mt.nbits()
-
- /* convert exponent to signed 1-bit window */
- for j := 0; j < nb; j++ {
- for i := 0; i < 4; i++ {
- a[i] = int8(t[i].lastbits(2) - 2)
- t[i].dec(int(a[i]))
- t[i].norm()
- t[i].fshr(1)
- }
- w[j] = (8*a[0] + 4*a[1] + 2*a[2] + a[3])
- }
- w[nb] = int8(8*t[0].lastbits(2) + 4*t[1].lastbits(2) + 2*t[2].lastbits(2) + t[3].lastbits(2))
- p.copy(g[(w[nb]-1)/2])
-
- for i := nb - 1; i >= 0; i-- {
- m := w[i] >> 7
- j := (w[i] ^ m) - m /* j=abs(w[i]) */
- j = (j - 1) / 2
- s[0].copy(g[j])
- s[1].copy(g[j])
- s[1].conj()
- p.usqr()
- p.mul(s[m&1])
- }
- p.mul(c) /* apply correction */
- p.reduce()
- return p
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/FP2.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/FP2.go b/go/amcl-go/FP2.go
deleted file mode 100644
index 599fbcc..0000000
--- a/go/amcl-go/FP2.go
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-package amcl
-
-//import "fmt"
-
-type FP2 struct {
- a *FP
- b *FP
-}
-
-/* Constructors */
-func NewFP2int(a int) *FP2 {
- F := new(FP2)
- F.a = NewFPint(a)
- F.b = NewFPint(0)
- return F
-}
-
-func NewFP2copy(x *FP2) *FP2 {
- F := new(FP2)
- F.a = NewFPcopy(x.a)
- F.b = NewFPcopy(x.b)
- return F
-}
-
-func NewFP2fps(c *FP, d *FP) *FP2 {
- F := new(FP2)
- F.a = NewFPcopy(c)
- F.b = NewFPcopy(d)
- return F
-}
-
-func NewFP2bigs(c *BIG, d *BIG) *FP2 {
- F := new(FP2)
- F.a = NewFPbig(c)
- F.b = NewFPbig(d)
- return F
-}
-
-func NewFP2fp(c *FP) *FP2 {
- F := new(FP2)
- F.a = NewFPcopy(c)
- F.b = NewFPint(0)
- return F
-}
-
-func NewFP2big(c *BIG) *FP2 {
- F := new(FP2)
- F.a = NewFPbig(c)
- F.b = NewFPint(0)
- return F
-}
-
-/* reduce components mod Modulus */
-func (F *FP2) reduce() {
- F.a.reduce()
- F.b.reduce()
-}
-
-/* normalise components of w */
-func (F *FP2) norm() {
- F.a.norm()
- F.b.norm()
-}
-
-/* test this=0 ? */
-func (F *FP2) iszilch() bool {
- F.reduce()
- return (F.a.iszilch() && F.b.iszilch())
-}
-
-func (F *FP2) cmove(g *FP2, d int32) {
- F.a.cmove(g.a, d)
- F.b.cmove(g.b, d)
-}
-
-/* test this=1 ? */
-func (F *FP2) isunity() bool {
- one := NewFPint(1)
- return (F.a.equals(one) && F.b.iszilch())
-}
-
-/* test this=x */
-func (F *FP2) equals(x *FP2) bool {
- return (F.a.equals(x.a) && F.b.equals(x.b))
-}
-
-/* extract a */
-func (F *FP2) getA() *BIG {
- return F.a.redc()
-}
-
-/* extract b */
-func (F *FP2) getB() *BIG {
- return F.b.redc()
-}
-
-/* copy this=x */
-func (F *FP2) copy(x *FP2) {
- F.a.copy(x.a)
- F.b.copy(x.b)
-}
-
-/* set this=0 */
-func (F *FP2) zero() {
- F.a.zero()
- F.b.zero()
-}
-
-/* set this=1 */
-func (F *FP2) one() {
- F.a.one()
- F.b.zero()
-}
-
-/* negate this mod Modulus */
-func (F *FP2) neg() {
- F.norm()
- m := NewFPcopy(F.a)
- t := NewFPint(0)
-
- m.add(F.b)
- m.neg()
- m.norm()
- t.copy(m)
- t.add(F.b)
- F.b.copy(m)
- F.b.add(F.a)
- F.a.copy(t)
-}
-
-/* set to a-ib */
-func (F *FP2) conj() {
- F.b.neg()
-}
-
-/* this+=a */
-func (F *FP2) add(x *FP2) {
- F.a.add(x.a)
- F.b.add(x.b)
-}
-
-/* this-=a */
-func (F *FP2) sub(x *FP2) {
- m := NewFP2copy(x)
- m.neg()
- F.add(m)
-}
-
-/* this*=s, where s is an FP */
-func (F *FP2) pmul(s *FP) {
- F.a.mul(s)
- F.b.mul(s)
-}
-
-/* this*=i, where i is an int */
-func (F *FP2) imul(c int) {
- F.a.imul(c)
- F.b.imul(c)
-}
-
-/* this*=this */
-func (F *FP2) sqr() {
- F.norm()
- w1 := NewFPcopy(F.a)
- w3 := NewFPcopy(F.a)
- mb := NewFPcopy(F.b)
-
- w3.mul(F.b)
- w1.add(F.b)
- mb.neg()
- F.a.add(mb)
- F.a.mul(w1)
- F.b.copy(w3)
- F.b.add(w3)
-
- F.norm()
-}
-
-/* this*=y */
-func (F *FP2) mul(y *FP2) {
- F.norm() /* This is needed here as {a,b} is not normed before additions */
-
- w1 := NewFPcopy(F.a)
- w2 := NewFPcopy(F.b)
- w5 := NewFPcopy(F.a)
- mw := NewFPint(0)
-
- w1.mul(y.a) // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b) // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(F.b) // w5=a+b
- F.b.copy(y.a)
- F.b.add(y.b) // b=y.a+y.b
-
- F.b.mul(w5)
- mw.copy(w1)
- mw.add(w2)
- mw.neg()
-
- F.b.add(mw)
- mw.add(w1)
- F.a.copy(w1)
- F.a.add(mw)
-
- F.norm()
-}
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
-func (F *FP2) sqrt() bool {
- if F.iszilch() {
- return true
- }
- w1 := NewFPcopy(F.b)
- w2 := NewFPcopy(F.a)
- w1.sqr()
- w2.sqr()
- w1.add(w2)
- if w1.jacobi() != 1 {
- F.zero()
- return false
- }
- w1 = w1.sqrt()
- w2.copy(F.a)
- w2.add(w1)
- w2.div2()
- if w2.jacobi() != 1 {
- w2.copy(F.a)
- w2.sub(w1)
- w2.div2()
- if w2.jacobi() != 1 {
- F.zero()
- return false
- }
- }
- w2 = w2.sqrt()
- F.a.copy(w2)
- w2.add(w2)
- w2.inverse()
- F.b.mul(w2)
- return true
-}
-
-/* output to hex string */
-func (F *FP2) toString() string {
- return ("[" + F.a.toString() + "," + F.b.toString() + "]")
-}
-
-/* this=1/this */
-func (F *FP2) inverse() {
- F.norm()
- w1 := NewFPcopy(F.a)
- w2 := NewFPcopy(F.b)
-
- w1.sqr()
- w2.sqr()
- w1.add(w2)
- w1.inverse()
- F.a.mul(w1)
- w1.neg()
- F.b.mul(w1)
-}
-
-/* this/=2 */
-func (F *FP2) div2() {
- F.a.div2()
- F.b.div2()
-}
-
-/* this*=sqrt(-1) */
-func (F *FP2) times_i() {
- // a.norm();
- z := NewFPcopy(F.a)
- F.a.copy(F.b)
- F.a.neg()
- F.b.copy(z)
-}
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
-func (F *FP2) mul_ip() {
- F.norm()
- t := NewFP2copy(F)
- z := NewFPcopy(F.a)
- F.a.copy(F.b)
- F.a.neg()
- F.b.copy(z)
- F.add(t)
- F.norm()
-}
-
-/* w/=(1+sqrt(-1)) */
-func (F *FP2) div_ip() {
- t := NewFP2int(0)
- F.norm()
- t.a.copy(F.a)
- t.a.add(F.b)
- t.b.copy(F.b)
- t.b.sub(F.a)
- F.copy(t)
- F.div2()
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/FP4.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/FP4.go b/go/amcl-go/FP4.go
deleted file mode 100644
index 76e9d1e..0000000
--- a/go/amcl-go/FP4.go
+++ /dev/null
@@ -1,522 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-package amcl
-
-//import "fmt"
-
-type FP4 struct {
- a *FP2
- b *FP2
-}
-
-/* Constructors */
-func NewFP4int(a int) *FP4 {
- F := new(FP4)
- F.a = NewFP2int(a)
- F.b = NewFP2int(0)
- return F
-}
-
-func NewFP4copy(x *FP4) *FP4 {
- F := new(FP4)
- F.a = NewFP2copy(x.a)
- F.b = NewFP2copy(x.b)
- return F
-}
-
-func NewFP4fp2s(c *FP2, d *FP2) *FP4 {
- F := new(FP4)
- F.a = NewFP2copy(c)
- F.b = NewFP2copy(d)
- return F
-}
-
-func NewFP4fp2(c *FP2) *FP4 {
- F := new(FP4)
- F.a = NewFP2copy(c)
- F.b = NewFP2int(0)
- return F
-}
-
-/* reduce all components of this mod Modulus */
-func (F *FP4) reduce() {
- F.a.reduce()
- F.b.reduce()
-}
-
-/* normalise all components of this mod Modulus */
-func (F *FP4) norm() {
- F.a.norm()
- F.b.norm()
-}
-
-/* test this==0 ? */
-func (F *FP4) iszilch() bool {
- F.reduce()
- return F.a.iszilch() && F.b.iszilch()
-}
-
-/* test this==1 ? */
-func (F *FP4) isunity() bool {
- one := NewFP2int(1)
- return F.a.equals(one) && F.b.iszilch()
-}
-
-/* test is w real? That is in a+ib test b is zero */
-func (F *FP4) isreal() bool {
- return F.b.iszilch()
-}
-
-/* extract real part a */
-func (F *FP4) real() *FP2 {
- return F.a
-}
-
-func (F *FP4) geta() *FP2 {
- return F.a
-}
-
-/* extract imaginary part b */
-func (F *FP4) getb() *FP2 {
- return F.b
-}
-
-/* test this=x? */
-func (F *FP4) equals(x *FP4) bool {
- return (F.a.equals(x.a) && F.b.equals(x.b))
-}
-
-/* copy this=x */
-func (F *FP4) copy(x *FP4) {
- F.a.copy(x.a)
- F.b.copy(x.b)
-}
-
-/* set this=0 */
-func (F *FP4) zero() {
- F.a.zero()
- F.b.zero()
-}
-
-/* set this=1 */
-func (F *FP4) one() {
- F.a.one()
- F.b.zero()
-}
-
-/* set this=-this */
-func (F *FP4) neg() {
- m := NewFP2copy(F.a)
- t := NewFP2int(0)
- m.add(F.b)
- m.neg()
- m.norm()
- t.copy(m)
- t.add(F.b)
- F.b.copy(m)
- F.b.add(F.a)
- F.a.copy(t)
-}
-
-/* this=conjugate(this) */
-func (F *FP4) conj() {
- F.b.neg()
- F.b.norm()
-}
-
-/* this=-conjugate(this) */
-func (F *FP4) nconj() {
- F.a.neg()
- F.a.norm()
-}
-
-/* this+=x */
-func (F *FP4) add(x *FP4) {
- F.a.add(x.a)
- F.b.add(x.b)
-}
-
-/* this-=x */
-func (F *FP4) sub(x *FP4) {
- m := NewFP4copy(x)
- m.neg()
- F.add(m)
-}
-
-/* this*=s where s is FP2 */
-func (F *FP4) pmul(s *FP2) {
- F.a.mul(s)
- F.b.mul(s)
-}
-
-/* this*=c where c is int */
-func (F *FP4) imul(c int) {
- F.a.imul(c)
- F.b.imul(c)
-}
-
-/* this*=this */
-func (F *FP4) sqr() {
- F.norm()
-
- t1 := NewFP2copy(F.a)
- t2 := NewFP2copy(F.b)
- t3 := NewFP2copy(F.a)
-
- t3.mul(F.b)
- t1.add(F.b)
- t2.mul_ip()
-
- t2.add(F.a)
- F.a.copy(t1)
-
- F.a.mul(t2)
-
- t2.copy(t3)
- t2.mul_ip()
- t2.add(t3)
- t2.neg()
- F.a.add(t2)
-
- F.b.copy(t3)
- F.b.add(t3)
-
- F.norm()
-}
-
-/* this*=y */
-func (F *FP4) mul(y *FP4) {
- F.norm()
-
- t1 := NewFP2copy(F.a)
- t2 := NewFP2copy(F.b)
- t3 := NewFP2int(0)
- t4 := NewFP2copy(F.b)
-
- t1.mul(y.a)
- t2.mul(y.b)
- t3.copy(y.b)
- t3.add(y.a)
- t4.add(F.a)
-
- t4.mul(t3)
- t4.sub(t1)
- // t4.norm();
-
- F.b.copy(t4)
- F.b.sub(t2)
- t2.mul_ip()
- F.a.copy(t2)
- F.a.add(t1)
-
- F.norm()
-}
-
-/* convert this to hex string */
-func (F *FP4) toString() string {
- return ("[" + F.a.toString() + "," + F.b.toString() + "]")
-}
-
-/* this=1/this */
-func (F *FP4) inverse() {
- F.norm()
-
- t1 := NewFP2copy(F.a)
- t2 := NewFP2copy(F.b)
-
- t1.sqr()
- t2.sqr()
- t2.mul_ip()
- t1.sub(t2)
- t1.inverse()
- F.a.mul(t1)
- t1.neg()
- F.b.mul(t1)
-}
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
-func (F *FP4) times_i() {
- F.norm()
- s := NewFP2copy(F.b)
- t := NewFP2copy(F.b)
- s.times_i()
- t.add(s)
- // t.norm();
- F.b.copy(F.a)
- F.a.copy(t)
-}
-
-/* this=this^p using Frobenius */
-func (F *FP4) frob(f *FP2) {
- F.a.conj()
- F.b.conj()
- F.b.mul(f)
-}
-
-/* this=this^e */
-func (F *FP4) pow(e *BIG) *FP4 {
- F.norm()
- e.norm()
- w := NewFP4copy(F)
- z := NewBIGcopy(e)
- r := NewFP4int(1)
- for true {
- bt := z.parity()
- z.fshr(1)
- if bt == 1 {
- r.mul(w)
- }
- if z.iszilch() {
- break
- }
- w.sqr()
- }
- r.reduce()
- return r
-}
-
-/* XTR xtr_a function */
-func (F *FP4) xtr_A(w *FP4, y *FP4, z *FP4) {
- r := NewFP4copy(w)
- t := NewFP4copy(w)
- r.sub(y)
- r.pmul(F.a)
- t.add(y)
- t.pmul(F.b)
- t.times_i()
-
- F.copy(r)
- F.add(t)
- F.add(z)
-
- F.norm()
-}
-
-/* XTR xtr_d function */
-func (F *FP4) xtr_D() {
- w := NewFP4copy(F)
- F.sqr()
- w.conj()
- w.add(w)
- F.sub(w)
- F.reduce()
-}
-
-/* r=x^n using XTR method on traces of FP12s */
-func (F *FP4) xtr_pow(n *BIG) *FP4 {
- a := NewFP4int(3)
- b := NewFP4copy(F)
- c := NewFP4copy(b)
- c.xtr_D()
- t := NewFP4int(0)
- r := NewFP4int(0)
-
- n.norm()
- par := n.parity()
- v := NewBIGcopy(n)
- v.fshr(1)
- if par == 0 {
- v.dec(1)
- v.norm()
- }
-
- nb := v.nbits()
- for i := nb - 1; i >= 0; i-- {
- if v.bit(i) != 1 {
- t.copy(b)
- F.conj()
- c.conj()
- b.xtr_A(a, F, c)
- F.conj()
- c.copy(t)
- c.xtr_D()
- a.xtr_D()
- } else {
- t.copy(a)
- t.conj()
- a.copy(b)
- a.xtr_D()
- b.xtr_A(c, F, t)
- c.xtr_D()
- }
- }
- if par == 0 {
- r.copy(c)
- } else {
- r.copy(b)
- }
- r.reduce()
- return r
-}
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
-func (F *FP4) xtr_pow2(ck *FP4, ckml *FP4, ckm2l *FP4, a *BIG, b *BIG) *FP4 {
- a.norm()
- b.norm()
- e := NewBIGcopy(a)
- d := NewBIGcopy(b)
- w := NewBIGint(0)
-
- cu := NewFP4copy(ck) // can probably be passed in w/o copying
- cv := NewFP4copy(F)
- cumv := NewFP4copy(ckml)
- cum2v := NewFP4copy(ckm2l)
- r := NewFP4int(0)
- t := NewFP4int(0)
-
- f2 := 0
- for d.parity() == 0 && e.parity() == 0 {
- d.fshr(1)
- e.fshr(1)
- f2++
- }
-
- for comp(d, e) != 0 {
- if comp(d, e) > 0 {
- w.copy(e)
- w.imul(4)
- w.norm()
- if comp(d, w) <= 0 {
- w.copy(d)
- d.copy(e)
- e.rsub(w)
- e.norm()
-
- t.copy(cv)
- t.xtr_A(cu, cumv, cum2v)
- cum2v.copy(cumv)
- cum2v.conj()
- cumv.copy(cv)
- cv.copy(cu)
- cu.copy(t)
- } else {
- if d.parity() == 0 {
- d.fshr(1)
- r.copy(cum2v)
- r.conj()
- t.copy(cumv)
- t.xtr_A(cu, cv, r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- } else {
- if e.parity() == 1 {
- d.sub(e)
- d.norm()
- d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu, cumv, cum2v)
- cu.xtr_D()
- cum2v.copy(cv)
- cum2v.xtr_D()
- cum2v.conj()
- cv.copy(t)
- } else {
- w.copy(d)
- d.copy(e)
- d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v)
- cumv.conj()
- cum2v.copy(t)
- cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- }
- }
- }
- }
- if comp(d, e) < 0 {
- w.copy(d)
- w.imul(4)
- w.norm()
- if comp(e, w) <= 0 {
- e.sub(d)
- e.norm()
- t.copy(cv)
- t.xtr_A(cu, cumv, cum2v)
- cum2v.copy(cumv)
- cumv.copy(cu)
- cu.copy(t)
- } else {
- if e.parity() == 0 {
- w.copy(d)
- d.copy(e)
- d.fshr(1)
- e.copy(w)
- t.copy(cumv)
- t.xtr_D()
- cumv.copy(cum2v)
- cumv.conj()
- cum2v.copy(t)
- cum2v.conj()
- t.copy(cv)
- t.xtr_D()
- cv.copy(cu)
- cu.copy(t)
- } else {
- if d.parity() == 1 {
- w.copy(e)
- e.copy(d)
- w.sub(d)
- w.norm()
- d.copy(w)
- d.fshr(1)
- t.copy(cv)
- t.xtr_A(cu, cumv, cum2v)
- cumv.conj()
- cum2v.copy(cu)
- cum2v.xtr_D()
- cum2v.conj()
- cu.copy(cv)
- cu.xtr_D()
- cv.copy(t)
- } else {
- d.fshr(1)
- r.copy(cum2v)
- r.conj()
- t.copy(cumv)
- t.xtr_A(cu, cv, r)
- cum2v.copy(cumv)
- cum2v.xtr_D()
- cumv.copy(t)
- cu.xtr_D()
- }
- }
- }
- }
- }
- r.copy(cv)
- r.xtr_A(cu, cumv, cum2v)
- for i := 0; i < f2; i++ {
- r.xtr_D()
- }
- r = r.xtr_pow(d)
- return r
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/GCM.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/GCM.go b/go/amcl-go/GCM.go
deleted file mode 100644
index 2fc4da3..0000000
--- a/go/amcl-go/GCM.go
+++ /dev/null
@@ -1,472 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
-* Implementation of the AES-GCM Encryption/Authentication
-*
-* Some restrictions..
-* 1. Only for use with AES
-* 2. Returned tag is always 128-bits. Truncate at your own risk.
-* 3. The order of function calls must follow some rules
-*
-* Typical sequence of calls..
-* 1. call GCM_init
-* 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
-* 3. call GCM_add_header one last time with any length of header
-* 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
-* 5. call GCM_add_cipher one last time with any length of cipher/plaintext
-* 6. call GCM_finish to extract the tag.
-*
-* See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-
-package amcl
-
-/*
-import
-(
- "fmt"
- "strconv"
-)
-*/
-const gcm_NB int = 4
-const GCM_ACCEPTING_HEADER int = 0
-const GCM_ACCEPTING_CIPHER int = 1
-const GCM_NOT_ACCEPTING_MORE int = 2
-const GCM_FINISHED int = 3
-const GCM_ENCRYPTING int = 0
-const GCM_DECRYPTING int = 1
-
-type GCM struct {
- table [128][4]uint32 /* 2k bytes */
- stateX [16]byte
- Y_0 [16]byte
- counter int
- lenA [2]uint32
- lenC [2]uint32
- status int
- a *AES
-}
-
-func gcm_pack(b [4]byte) uint32 { /* pack bytes into a 32-bit Word */
- return ((uint32(b[0]) & 0xff) << 24) | ((uint32(b[1]) & 0xff) << 16) | ((uint32(b[2]) & 0xff) << 8) | (uint32(b[3]) & 0xff)
-}
-
-func gcm_unpack(a uint32) [4]byte { /* unpack bytes from a word */
- var b = [4]byte{byte((a >> 24) & 0xff), byte((a >> 16) & 0xff), byte((a >> 8) & 0xff), byte(a & 0xff)}
- return b
-}
-
-func (G *GCM) precompute(H []byte) {
- var b [4]byte
- j := 0
- for i := 0; i < gcm_NB; i++ {
- b[0] = H[j]
- b[1] = H[j+1]
- b[2] = H[j+2]
- b[3] = H[j+3]
- G.table[0][i] = gcm_pack(b)
- j += 4
- }
- for i := 1; i < 128; i++ {
- c := uint32(0)
- for j := 0; j < gcm_NB; j++ {
- G.table[i][j] = c | (G.table[i-1][j])>>1
- c = G.table[i-1][j] << 31
- }
- if c != 0 {
- G.table[i][0] ^= 0xE1000000
- } /* irreducible polynomial */
- }
-}
-
-func (G *GCM) gf2mul() { /* gf2m mul - Z=H*X mod 2^128 */
- var P [4]uint32
-
- for i := 0; i < 4; i++ {
- P[i] = 0
- }
- j := uint(8)
- m := 0
- for i := 0; i < 128; i++ {
- j--
- c := (G.stateX[m] >> j) & 1
- if c != 0 {
- for k := 0; k < gcm_NB; k++ {
- P[k] ^= G.table[i][k]
- }
- }
- if j == 0 {
- j = 8
- m++
- if m == 16 {
- break
- }
- }
- }
- j = 0
- for i := 0; i < gcm_NB; i++ {
- b := gcm_unpack(P[i])
- G.stateX[j] = b[0]
- G.stateX[j+1] = b[1]
- G.stateX[j+2] = b[2]
- G.stateX[j+3] = b[3]
- j += 4
- }
-}
-
-func (G *GCM) wrap() { /* Finish off GHASH */
- var F [4]uint32
- var L [16]byte
-
- /* convert lengths from bytes to bits */
- F[0] = (G.lenA[0] << 3) | (G.lenA[1]&0xE0000000)>>29
- F[1] = G.lenA[1] << 3
- F[2] = (G.lenC[0] << 3) | (G.lenC[1]&0xE0000000)>>29
- F[3] = G.lenC[1] << 3
- j := 0
- for i := 0; i < gcm_NB; i++ {
- b := gcm_unpack(F[i])
- L[j] = b[0]
- L[j+1] = b[1]
- L[j+2] = b[2]
- L[j+3] = b[3]
- j += 4
- }
- for i := 0; i < 16; i++ {
- G.stateX[i] ^= L[i]
- }
- G.gf2mul()
-}
-
-func (G *GCM) ghash(plain []byte, len int) bool {
- if G.status == GCM_ACCEPTING_HEADER {
- G.status = GCM_ACCEPTING_CIPHER
- }
- if G.status != GCM_ACCEPTING_CIPHER {
- return false
- }
-
- j := 0
- for j < len {
- for i := 0; i < 16 && j < len; i++ {
- G.stateX[i] ^= plain[j]
- j++
- G.lenC[1]++
- if G.lenC[1] == 0 {
- G.lenC[0]++
- }
- }
- G.gf2mul()
- }
- if len%16 != 0 {
- G.status = GCM_NOT_ACCEPTING_MORE
- }
- return true
-}
-
-/* Initialize GCM mode */
-func (G *GCM) Init(key []byte, niv int, iv []byte) { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- var H [16]byte
-
- for i := 0; i < 16; i++ {
- H[i] = 0
- G.stateX[i] = 0
- }
-
- G.a = new(AES)
-
- G.a.Init(aes_ECB, key, iv)
- G.a.ecb_encrypt(H[:]) /* E(K,0) */
- G.precompute(H[:])
-
- G.lenA[0] = 0
- G.lenC[0] = 0
- G.lenA[1] = 0
- G.lenC[1] = 0
- if niv == 12 {
- for i := 0; i < 12; i++ {
- G.a.f[i] = iv[i]
- }
- b := gcm_unpack(uint32(1))
- G.a.f[12] = b[0]
- G.a.f[13] = b[1]
- G.a.f[14] = b[2]
- G.a.f[15] = b[3] /* initialise IV */
- for i := 0; i < 16; i++ {
- G.Y_0[i] = G.a.f[i]
- }
- } else {
- G.status = GCM_ACCEPTING_CIPHER
- G.ghash(iv, niv) /* GHASH(H,0,IV) */
- G.wrap()
- for i := 0; i < 16; i++ {
- G.a.f[i] = G.stateX[i]
- G.Y_0[i] = G.a.f[i]
- G.stateX[i] = 0
- }
- G.lenA[0] = 0
- G.lenC[0] = 0
- G.lenA[1] = 0
- G.lenC[1] = 0
- }
- G.status = GCM_ACCEPTING_HEADER
-}
-
-/* Add Header data - included but not encrypted */
-func (G *GCM) Add_header(header []byte, len int) bool { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- if G.status != GCM_ACCEPTING_HEADER {
- return false
- }
-
- j := 0
- for j < len {
- for i := 0; i < 16 && j < len; i++ {
- G.stateX[i] ^= header[j]
- j++
- G.lenA[1]++
- if G.lenA[1] == 0 {
- G.lenA[0]++
- }
- }
- G.gf2mul()
- }
- if len%16 != 0 {
- G.status = GCM_ACCEPTING_CIPHER
- }
- return true
-}
-
-/* Add Plaintext - included and encrypted */
-func (G *GCM) Add_plain(plain []byte, len int) []byte {
- var B [16]byte
- var b [4]byte
-
- cipher := make([]byte, len)
- var counter uint32 = 0
- if G.status == GCM_ACCEPTING_HEADER {
- G.status = GCM_ACCEPTING_CIPHER
- }
- if G.status != GCM_ACCEPTING_CIPHER {
- return nil
- }
-
- j := 0
- for j < len {
-
- b[0] = G.a.f[12]
- b[1] = G.a.f[13]
- b[2] = G.a.f[14]
- b[3] = G.a.f[15]
- counter = gcm_pack(b)
- counter++
- b = gcm_unpack(counter)
- G.a.f[12] = b[0]
- G.a.f[13] = b[1]
- G.a.f[14] = b[2]
- G.a.f[15] = b[3] /* increment counter */
- for i := 0; i < 16; i++ {
- B[i] = G.a.f[i]
- }
- G.a.ecb_encrypt(B[:]) /* encrypt it */
-
- for i := 0; i < 16 && j < len; i++ {
- cipher[j] = (plain[j] ^ B[i])
- G.stateX[i] ^= cipher[j]
- j++
- G.lenC[1]++
- if G.lenC[1] == 0 {
- G.lenC[0]++
- }
- }
- G.gf2mul()
- }
- if len%16 != 0 {
- G.status = GCM_NOT_ACCEPTING_MORE
- }
- return cipher
-}
-
-/* Add Ciphertext - decrypts to plaintext */
-func (G *GCM) Add_cipher(cipher []byte, len int) []byte {
- var B [16]byte
- var b [4]byte
-
- plain := make([]byte, len)
- var counter uint32 = 0
-
- if G.status == GCM_ACCEPTING_HEADER {
- G.status = GCM_ACCEPTING_CIPHER
- }
- if G.status != GCM_ACCEPTING_CIPHER {
- return nil
- }
-
- j := 0
- for j < len {
- b[0] = G.a.f[12]
- b[1] = G.a.f[13]
- b[2] = G.a.f[14]
- b[3] = G.a.f[15]
- counter = gcm_pack(b)
- counter++
- b = gcm_unpack(counter)
- G.a.f[12] = b[0]
- G.a.f[13] = b[1]
- G.a.f[14] = b[2]
- G.a.f[15] = b[3] /* increment counter */
- for i := 0; i < 16; i++ {
- B[i] = G.a.f[i]
- }
- G.a.ecb_encrypt(B[:]) /* encrypt it */
- for i := 0; i < 16 && j < len; i++ {
- plain[j] = (cipher[j] ^ B[i])
- G.stateX[i] ^= cipher[j]
- j++
- G.lenC[1]++
- if G.lenC[1] == 0 {
- G.lenC[0]++
- }
- }
- G.gf2mul()
- }
- if len%16 != 0 {
- G.status = GCM_NOT_ACCEPTING_MORE
- }
- return plain
-}
-
-/* Finish and extract Tag */
-func (G *GCM) Finish(extract bool) [16]byte { /* Finish off GHASH and extract tag (MAC) */
- var tag [16]byte
-
- G.wrap()
- /* extract tag */
- if extract {
- G.a.ecb_encrypt(G.Y_0[:]) /* E(K,Y0) */
- for i := 0; i < 16; i++ {
- G.Y_0[i] ^= G.stateX[i]
- }
- for i := 0; i < 16; i++ {
- tag[i] = G.Y_0[i]
- G.Y_0[i] = 0
- G.stateX[i] = 0
- }
- }
- G.status = GCM_FINISHED
- G.a.End()
- return tag
-}
-
-/* AES-GCM Encryption:
- K is key, H is header, IV is initialization vector and P is plaintext.
- Returns cipthertext and tag (MAC) */
-func AES_GCM_ENCRYPT(K, IV, H, P []byte) ([]byte, []byte) {
- g := new(GCM)
- lenIV := len(IV)
- lenH := len(H)
- lenP := len(P)
-
- g.Init(K, lenIV, IV)
- g.Add_header(H, lenH)
- C := g.Add_plain(P, lenP)
- T := g.Finish(true)
- return C, T[:]
-}
-
-/* AES-GCM Deryption:
- K is key, H is header, IV is initialization vector and P is plaintext.
- Returns cipthertext and tag (MAC) */
-func AES_GCM_DECRYPT(K, IV, H, C []byte) ([]byte, []byte) {
- g := new(GCM)
- lenIV := len(IV)
- lenH := len(H)
- lenC := len(C)
-
- g.Init(K, lenIV, IV)
- g.Add_header(H, lenH)
- P := g.Add_cipher(C, lenC)
- T := g.Finish(true)
- return P, T[:]
-}
-
-/*
-func hex2bytes(s string) []byte {
- lgh:=len(s)
- data:=make([]byte,lgh/2)
-
- for i:=0;i<lgh;i+=2 {
- a,_ := strconv.ParseInt(s[i:i+2],16,32)
- data[i/2]=byte(a)
- }
- return data
-}
-
-func main() {
-
- KT:="feffe9928665731c6d6a8f9467308308"
- MT:="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39"
- HT:="feedfacedeadbeeffeedfacedeadbeefabaddad2"
-
- NT:="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
- g:=new(GCM)
-
- M:=hex2bytes(MT)
- H:=hex2bytes(HT)
- N:=hex2bytes(NT)
- K:=hex2bytes(KT)
-
- lenM:=len(M)
- lenH:=len(H)
- //lenK:=len(K)
- lenIV:=len(N)
-
- fmt.Printf("Plaintext=\n");
- for i:=0;i<lenM;i++ {fmt.Printf("%02x",M[i])}
- fmt.Printf("\n")
-
- g.Init(K,lenIV,N)
- g.Add_header(H,lenH)
- C:=g.Add_plain(M,lenM)
- T:=g.Finish(true)
-
- fmt.Printf("Ciphertext=\n")
- for i:=0;i<lenM;i++ {fmt.Printf("%02x",C[i])}
- fmt.Printf("\n")
-
- fmt.Printf("Tag=\n")
- for i:=0;i<16;i++ {fmt.Printf("%02x",T[i])}
- fmt.Printf("\n")
-
- g.Init(K,lenIV,N)
- g.Add_header(H,lenH)
- P:=g.Add_cipher(C,lenM)
- T=g.Finish(true)
-
- fmt.Printf("Plaintext=\n");
- for i:=0;i<lenM;i++ {fmt.Printf("%02x",P[i])}
- fmt.Printf("\n")
-
- fmt.Printf("Tag=\n");
- for i:=0;i<16;i++ {fmt.Printf("%02x",T[i])}
- fmt.Printf("\n")
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/HASH.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/HASH.go b/go/amcl-go/HASH.go
deleted file mode 100644
index c31f51a..0000000
--- a/go/amcl-go/HASH.go
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256)
- *
- * Generates a 256 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-package amcl
-
-//import "fmt"
-
-const hash_H0 uint32 = 0x6A09E667
-const hash_H1 uint32 = 0xBB67AE85
-const hash_H2 uint32 = 0x3C6EF372
-const hash_H3 uint32 = 0xA54FF53A
-const hash_H4 uint32 = 0x510E527F
-const hash_H5 uint32 = 0x9B05688C
-const hash_H6 uint32 = 0x1F83D9AB
-const hash_H7 uint32 = 0x5BE0CD19
-
-var hash_K = [...]uint32{
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}
-
-type HASH struct {
- length [2]uint32
- h [8]uint32
- w [64]uint32
-}
-
-/* functions */
-func hash_S(n uint32, x uint32) uint32 {
- return (((x) >> n) | ((x) << (32 - n)))
-}
-
-func hash_R(n uint32, x uint32) uint32 {
- return ((x) >> n)
-}
-
-func hash_Ch(x, y, z uint32) uint32 {
- return ((x & y) ^ (^(x) & z))
-}
-
-func hash_Maj(x, y, z uint32) uint32 {
- return ((x & y) ^ (x & z) ^ (y & z))
-}
-
-func hash_Sig0(x uint32) uint32 {
- return (hash_S(2, x) ^ hash_S(13, x) ^ hash_S(22, x))
-}
-
-func hash_Sig1(x uint32) uint32 {
- return (hash_S(6, x) ^ hash_S(11, x) ^ hash_S(25, x))
-}
-
-func hash_theta0(x uint32) uint32 {
- return (hash_S(7, x) ^ hash_S(18, x) ^ hash_R(3, x))
-}
-
-func hash_theta1(x uint32) uint32 {
- return (hash_S(17, x) ^ hash_S(19, x) ^ hash_R(10, x))
-}
-
-func (H *HASH) transform() { /* basic transformation step */
- for j := 16; j < 64; j++ {
- H.w[j] = hash_theta1(H.w[j-2]) + H.w[j-7] + hash_theta0(H.w[j-15]) + H.w[j-16]
- }
- a := H.h[0]
- b := H.h[1]
- c := H.h[2]
- d := H.h[3]
- e := H.h[4]
- f := H.h[5]
- g := H.h[6]
- hh := H.h[7]
- for j := 0; j < 64; j++ { /* 64 times - mush it up */
- t1 := hh + hash_Sig1(e) + hash_Ch(e, f, g) + hash_K[j] + H.w[j]
- t2 := hash_Sig0(a) + hash_Maj(a, b, c)
- hh = g
- g = f
- f = e
- e = d + t1
- d = c
- c = b
- b = a
- a = t1 + t2
- }
- H.h[0] += a
- H.h[1] += b
- H.h[2] += c
- H.h[3] += d
- H.h[4] += e
- H.h[5] += f
- H.h[6] += g
- H.h[7] += hh
-}
-
-/* Initialise Hash function */
-func (H *HASH) Init() { /* initialise */
- for i := 0; i < 64; i++ {
- H.w[i] = 0
- }
- H.length[0] = 0
- H.length[1] = 0
- H.h[0] = hash_H0
- H.h[1] = hash_H1
- H.h[2] = hash_H2
- H.h[3] = hash_H3
- H.h[4] = hash_H4
- H.h[5] = hash_H5
- H.h[6] = hash_H6
- H.h[7] = hash_H7
-}
-
-func NewHASH() *HASH {
- H := new(HASH)
- H.Init()
- return H
-}
-
-/* process a single byte */
-func (H *HASH) Process(byt byte) { /* process the next message byte */
- cnt := (H.length[0] / 32) % 16
-
- H.w[cnt] <<= 8
- H.w[cnt] |= uint32(byt & 0xFF)
- H.length[0] += 8
- if H.length[0] == 0 {
- H.length[1]++
- H.length[0] = 0
- }
- if (H.length[0] % 512) == 0 {
- H.transform()
- }
-}
-
-/* process an array of bytes */
-func (H *HASH) Process_array(b []byte) {
- for i := 0; i < len(b); i++ {
- H.Process((b[i]))
- }
-}
-
-/* process a 32-bit integer */
-func (H *HASH) Process_num(n int32) {
- H.Process(byte((n >> 24) & 0xff))
- H.Process(byte((n >> 16) & 0xff))
- H.Process(byte((n >> 8) & 0xff))
- H.Process(byte(n & 0xff))
-}
-
-/* Generate 32-byte Hash */
-func (H *HASH) Hash() [32]byte { /* pad message and finish - supply digest */
- var digest [32]byte
- len0 := H.length[0]
- len1 := H.length[1]
- H.Process(0x80)
- for (H.length[0] % 512) != 448 {
- H.Process(0)
- }
- H.w[14] = len1
- H.w[15] = len0
- H.transform()
- for i := 0; i < 32; i++ { /* convert to bytes */
- digest[i] = byte((H.h[i/4] >> uint(8*(3-i%4))) & 0xff)
- }
- H.Init()
- return digest
-}
-
-/* test program: should produce digest */
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-/*
-func main() {
-
- test := []byte("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
- sh:=NewHASH()
-
- for i:=0;i<len(test);i++ {
- sh.Process(test[i])
- }
-
- digest:=sh.Hash()
- for i:=0;i<32;i++ {fmt.Printf("%02x",digest[i])}
-
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/MPIN.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/MPIN.go b/go/amcl-go/MPIN.go
deleted file mode 100644
index 42a2443..0000000
--- a/go/amcl-go/MPIN.go
+++ /dev/null
@@ -1,807 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-package amcl
-
-import "time"
-
-import "fmt"
-
-/* Configure mode of operation */
-
-const PERMITS bool = true
-const PINERROR bool = true
-const FULL bool = true
-const SINGLE_PASS bool = false
-
-const MPIN_EFS int = int(MODBYTES)
-const MPIN_EGS int = int(MODBYTES)
-const MPIN_PAS int = 16
-const MPIN_BAD_PARAMS int = -11
-const MPIN_INVALID_POINT int = -14
-const MPIN_WRONG_ORDER int = -18
-const MPIN_BAD_PIN int = -19
-
-/* Configure your PIN here */
-
-const MPIN_MAXPIN int32 = 10000 /* PIN less than this */
-const MPIN_PBLEN int32 = 14 /* Number of bits in PIN */
-const MPIN_TS int = 10 /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
-const MPIN_TRAP int = 200 /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
-/* Hash number (optional) and string to point on curve */
-
-func Hashit(n int32, ID []byte) []byte {
- H := NewHASH()
- if n != 0 {
- H.Process_num(n)
- }
- H.Process_array(ID)
- h := H.Hash()
- return h[:]
-}
-
-func mapit(h []byte) *ECP {
- q := NewBIGints(Modulus)
- x := fromBytes(h[:])
- x.mod(q)
- var P *ECP
- for true {
- P = NewECPbigint(x, 0)
- if !P.is_infinity() {
- break
- }
- x.inc(1)
- x.norm()
- }
- return P
-}
-
-/* needed for SOK */
-func mapit2(h []byte) *ECP2 {
- q := NewBIGints(Modulus)
- x := fromBytes(h[:])
- one := NewBIGint(1)
- var X *FP2
- var Q, T, K *ECP2
- x.mod(q)
- for true {
- X = NewFP2bigs(one, x)
- Q = NewECP2fp2(X)
- if !Q.is_infinity() {
- break
- }
- x.inc(1)
- x.norm()
- }
- /* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- Fra := NewBIGints(CURVE_Fra)
- Frb := NewBIGints(CURVE_Frb)
- X = NewFP2bigs(Fra, Frb)
- x = NewBIGints(CURVE_Bnx)
-
- T = NewECP2()
- T.copy(Q)
- T.mul(x)
- T.neg()
- K = NewECP2()
- K.copy(T)
- K.dbl()
- K.add(T)
- K.affine()
-
- K.frob(X)
- Q.frob(X)
- Q.frob(X)
- Q.frob(X)
- Q.add(T)
- Q.add(K)
- T.frob(X)
- T.frob(X)
- Q.add(T)
- Q.affine()
- return Q
-}
-
-/* return time in slots since epoch */
-func MPIN_today() int {
- now := time.Now()
- return int(now.Unix()) / (60 * 1440)
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-func emap(u *BIG, cb int) *ECP {
- var P *ECP
- x := NewBIGcopy(u)
- p := NewBIGints(Modulus)
- x.mod(p)
- for true {
- P = NewECPbigint(x, cb)
- if !P.is_infinity() {
- break
- }
- x.inc(1)
- x.norm()
- }
- return P
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-func unmap(u *BIG, P *ECP) int {
- s := P.getS()
- var R *ECP
- r := 0
- x := P.getX()
- u.copy(x)
- for true {
- u.dec(1)
- u.norm()
- r++
- R = NewECPbigint(u, s)
- if !R.is_infinity() {
- break
- }
- }
- return r
-}
-
-func MPIN_HASH_ID(ID []byte) []byte {
- return Hashit(0, ID)
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-func MPIN_ENCODING(rng *RAND, E []byte) int {
- var T [MPIN_EFS]byte
-
- for i := 0; i < MPIN_EFS; i++ {
- T[i] = E[i+1]
- }
- u := fromBytes(T[:])
- for i := 0; i < MPIN_EFS; i++ {
- T[i] = E[i+MPIN_EFS+1]
- }
- v := fromBytes(T[:])
-
- P := NewECPbigs(u, v)
- if P.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- p := NewBIGints(Modulus)
- u = randomnum(p, rng)
-
- su := int(rng.GetByte())
- su %= 2
-
- W := emap(u, su)
- P.sub(W)
- sv := P.getS()
- rn := unmap(v, P)
- m := int(rng.GetByte())
- m %= rn
- v.inc(m + 1)
- E[0] = byte(su + 2*sv)
- u.toBytes(T[:])
- for i := 0; i < MPIN_EFS; i++ {
- E[i+1] = T[i]
- }
- v.toBytes(T[:])
- for i := 0; i < MPIN_EFS; i++ {
- E[i+MPIN_EFS+1] = T[i]
- }
-
- return 0
-}
-
-func MPIN_DECODING(D []byte) int {
- var T [MPIN_EFS]byte
-
- if (D[0] & 0x04) != 0 {
- return MPIN_INVALID_POINT
- }
-
- for i := 0; i < MPIN_EFS; i++ {
- T[i] = D[i+1]
- }
- u := fromBytes(T[:])
- for i := 0; i < MPIN_EFS; i++ {
- T[i] = D[i+MPIN_EFS+1]
- }
- v := fromBytes(T[:])
-
- su := int(D[0] & 1)
- sv := int((D[0] >> 1) & 1)
- W := emap(u, su)
- P := emap(v, sv)
- P.add(W)
- u = P.getX()
- v = P.getY()
- D[0] = 0x04
- u.toBytes(T[:])
- for i := 0; i < MPIN_EFS; i++ {
- D[i+1] = T[i]
- }
- v.toBytes(T[:])
- for i := 0; i < MPIN_EFS; i++ {
- D[i+MPIN_EFS+1] = T[i]
- }
-
- return 0
-}
-
-/* R=R1+R2 in group G1 */
-func MPIN_RECOMBINE_G1(R1 []byte, R2 []byte, R []byte) int {
- P := ECP_fromBytes(R1)
- Q := ECP_fromBytes(R2)
-
- if P.is_infinity() || Q.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- P.add(Q)
-
- P.toBytes(R[:])
- return 0
-}
-
-/* W=W1+W2 in group G2 */
-func MPIN_RECOMBINE_G2(W1 []byte, W2 []byte, W []byte) int {
- P := ECP2_fromBytes(W1)
- Q := ECP2_fromBytes(W2)
-
- if P.is_infinity() || Q.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- P.add(Q)
-
- P.toBytes(W)
- return 0
-}
-
-/* create random secret S */
-func MPIN_RANDOM_GENERATE(rng *RAND, S []byte) int {
- r := NewBIGints(CURVE_Order)
- s := randomnum(r, rng)
-
- s.toBytes(S)
- return 0
-}
-
-/* Extract PIN from TOKEN for identity CID */
-func MPIN_EXTRACT_PIN(CID []byte, pin int, TOKEN []byte) int {
- P := ECP_fromBytes(TOKEN)
- if P.is_infinity() {
- return MPIN_INVALID_POINT
- }
- h := Hashit(0, CID)
- R := mapit(h)
-
- R = R.pinmul(int32(pin)%MPIN_MAXPIN, MPIN_PBLEN)
- P.sub(R)
-
- P.toBytes(TOKEN)
-
- return 0
-}
-
-/* Implement step 2 on client side of MPin protocol */
-func MPIN_CLIENT_2(X []byte, Y []byte, SEC []byte) int {
- r := NewBIGints(CURVE_Order)
- P := ECP_fromBytes(SEC)
- if P.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- px := fromBytes(X)
- py := fromBytes(Y)
- px.add(py)
- px.mod(r)
- px.rsub(r)
-
- G1mul(P, px).toBytes(SEC)
- return 0
-}
-
-/* Implement step 1 on client side of MPin protocol */
-func MPIN_CLIENT_1(date int, CLIENT_ID []byte, rng *RAND, X []byte, pin int, TOKEN []byte, SEC []byte, xID []byte, xCID []byte, PERMIT []byte) int {
- r := NewBIGints(CURVE_Order)
-
- var x *BIG
- if rng != nil {
- x = randomnum(r, rng)
- x.toBytes(X)
- } else {
- x = fromBytes(X)
- }
-
- h := Hashit(0, CLIENT_ID)
- P := mapit(h)
-
- T := ECP_fromBytes(TOKEN)
- if T.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- W := P.pinmul(int32(pin)%MPIN_MAXPIN, MPIN_PBLEN)
- T.add(W)
- if date != 0 {
- W = ECP_fromBytes(PERMIT)
- if W.is_infinity() {
- return MPIN_INVALID_POINT
- }
- T.add(W)
- h = Hashit(int32(date), h)
- W = mapit(h)
- if xID != nil {
- P = G1mul(P, x)
- P.toBytes(xID)
- W = G1mul(W, x)
- P.add(W)
- } else {
- P.add(W)
- P = G1mul(P, x)
- }
- if xCID != nil {
- P.toBytes(xCID)
- }
- } else {
- if xID != nil {
- P = G1mul(P, x)
- P.toBytes(xID)
- }
- }
-
- T.toBytes(SEC)
- return 0
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-func MPIN_GET_SERVER_SECRET(S []byte, SST []byte) int {
- Q := NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa), NewBIGints(CURVE_Pxb)), NewFP2bigs(NewBIGints(CURVE_Pya), NewBIGints(CURVE_Pyb)))
-
- s := fromBytes(S)
- Q = G2mul(Q, s)
- Q.toBytes(SST)
- return 0
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-func MPIN_GET_G1_MULTIPLE(rng *RAND, typ int, X []byte, G []byte, W []byte) int {
- var x *BIG
- r := NewBIGints(CURVE_Order)
- if rng != nil {
- x = randomnum(r, rng)
- x.toBytes(X)
- } else {
- x = fromBytes(X)
- }
- var P *ECP
- if typ == 0 {
- P = ECP_fromBytes(G)
- if P.is_infinity() {
- return MPIN_INVALID_POINT
- }
- } else {
- P = mapit(G)
- }
-
- G1mul(P, x).toBytes(W)
- return 0
-}
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
-func MPIN_GET_CLIENT_SECRET(S []byte, CID []byte, CST []byte) int {
- return MPIN_GET_G1_MULTIPLE(nil, 1, S, CID, CST)
-}
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
-func MPIN_GET_CLIENT_PERMIT(date int, S []byte, CID []byte, CTT []byte) int {
- h := Hashit(int32(date), CID)
- P := mapit(h)
-
- s := fromBytes(S)
- G1mul(P, s).toBytes(CTT)
- return 0
-}
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
-func MPIN_SERVER_1(date int, CID []byte, HID []byte, HTID []byte) {
- h := Hashit(0, CID)
- P := mapit(h)
-
- if date != 0 {
- if HID != nil {
- P.toBytes(HID)
- }
- h = Hashit(int32(date), h)
- R := mapit(h)
- P.add(R)
- P.toBytes(HTID)
- } else {
- P.toBytes(HID)
- }
-}
-
-/* Implement step 2 of MPin protocol on server side */
-func MPIN_SERVER_2(date int, HID []byte, HTID []byte, Y []byte, SST []byte, xID []byte, xCID []byte, mSEC []byte, E []byte, F []byte) int {
- // q:=NewBIGints(Modulus)
- Q := NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa), NewBIGints(CURVE_Pxb)), NewFP2bigs(NewBIGints(CURVE_Pya), NewBIGints(CURVE_Pyb)))
-
- sQ := ECP2_fromBytes(SST)
- if sQ.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- var R *ECP
- if date != 0 {
- R = ECP_fromBytes(xCID)
- } else {
- if xID == nil {
- return MPIN_BAD_PARAMS
- }
- R = ECP_fromBytes(xID)
- }
- if R.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- y := fromBytes(Y)
- var P *ECP
- if date != 0 {
- P = ECP_fromBytes(HTID)
- } else {
- if HID == nil {
- return MPIN_BAD_PARAMS
- }
- P = ECP_fromBytes(HID)
- }
-
- if P.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- P = G1mul(P, y)
- P.add(R)
- R = ECP_fromBytes(mSEC)
- if R.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- var g *FP12
- // FP12 g1=new FP12(0);
-
- g = ate2(Q, R, sQ, P)
- g = fexp(g)
-
- if !g.isunity() {
- if HID != nil && xID != nil && E != nil && F != nil {
- g.toBytes(E)
- if date != 0 {
- P = ECP_fromBytes(HID)
- if P.is_infinity() {
- return MPIN_INVALID_POINT
- }
- R = ECP_fromBytes(xID)
- if R.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- P = G1mul(P, y)
- P.add(R)
- }
- g = ate(Q, P)
- g = fexp(g)
- g.toBytes(F)
- }
- return MPIN_BAD_PIN
- }
-
- return 0
-}
-
-/* Pollards kangaroos used to return PIN error */
-func MPIN_KANGAROO(E []byte, F []byte) int {
- ge := FP12_fromBytes(E)
- gf := FP12_fromBytes(F)
- var distance [MPIN_TS]int
- t := NewFP12copy(gf)
-
- var table []*FP12
- var i int
- s := 1
- for m := 0; m < MPIN_TS; m++ {
- distance[m] = s
- table = append(table, NewFP12copy(t))
- s *= 2
- t.usqr()
- }
- t.one()
- dn := 0
- for j := 0; j < MPIN_TRAP; j++ {
- i = t.geta().geta().getA().lastbits(8) % MPIN_TS
- t.mul(table[i])
- dn += distance[i]
- }
- gf.copy(t)
- gf.conj()
- steps := 0
- dm := 0
- res := 0
- for dm-dn < int(MPIN_MAXPIN) {
- steps++
- if steps > 4*MPIN_TRAP {
- break
- }
- i = ge.geta().geta().getA().lastbits(8) % MPIN_TS
- ge.mul(table[i])
- dm += distance[i]
- if ge.equals(t) {
- res = dm - dn
- break
- }
- if ge.equals(gf) {
- res = dn - dm
- break
- }
-
- }
- if steps > 4*MPIN_TRAP || dm-dn >= int(MPIN_MAXPIN) {
- res = 0
- } // Trap Failed - probable invalid token
- return int(res)
-}
-
-/* Functions to support M-Pin Full */
-
-func MPIN_PRECOMPUTE(TOKEN []byte, CID []byte, G1 []byte, G2 []byte) int {
- var P, T *ECP
- var g *FP12
-
- T = ECP_fromBytes(TOKEN)
- if T.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- P = mapit(CID)
-
- Q := NewECP2fp2s(NewFP2bigs(NewBIGints(CURVE_Pxa), NewBIGints(CURVE_Pxb)), NewFP2bigs(NewBIGints(CURVE_Pya), NewBIGints(CURVE_Pyb)))
-
- g = ate(Q, T)
- g = fexp(g)
- g.toBytes(G1)
-
- g = ate(Q, P)
- g = fexp(g)
- g.toBytes(G2)
-
- return 0
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-func MPIN_CLIENT_KEY(G1 []byte, G2 []byte, pin int, R []byte, X []byte, wCID []byte, CK []byte) int {
- H := NewHASH()
- var t [MPIN_EFS]byte
-
- g1 := FP12_fromBytes(G1)
- g2 := FP12_fromBytes(G2)
- z := fromBytes(R)
- x := fromBytes(X)
-
- W := ECP_fromBytes(wCID)
- if W.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- W = G1mul(W, x)
-
- f := NewFP2bigs(NewBIGints(CURVE_Fra), NewBIGints(CURVE_Frb))
- r := NewBIGints(CURVE_Order)
- q := NewBIGints(Modulus)
-
- m := NewBIGcopy(q)
- m.mod(r)
-
- a := NewBIGcopy(z)
- a.mod(m)
-
- b := NewBIGcopy(z)
- b.div(m)
-
- g2.pinpow(pin, int(MPIN_PBLEN))
- g1.mul(g2)
-
- c := g1.trace()
- g2.copy(g1)
- g2.frob(f)
- cp := g2.trace()
- g1.conj()
- g2.mul(g1)
- cpm1 := g2.trace()
- g2.mul(g1)
- cpm2 := g2.trace()
-
- c = c.xtr_pow2(cp, cpm1, cpm2, a, b)
-
- c.geta().getA().toBytes(t[:])
- H.Process_array(t[:])
- c.geta().getB().toBytes(t[:])
- H.Process_array(t[:])
- c.getb().getA().toBytes(t[:])
- H.Process_array(t[:])
- c.getb().getB().toBytes(t[:])
- H.Process_array(t[:])
-
- W.getX().toBytes(t[:])
- H.Process_array(t[:])
- W.getY().toBytes(t[:])
- H.Process_array(t[:])
-
- t = H.Hash()
- for i := 0; i < MPIN_PAS; i++ {
- CK[i] = t[i]
- }
-
- return 0
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
-func MPIN_SERVER_KEY(Z []byte, SST []byte, W []byte, xID []byte, xCID []byte, SK []byte) int {
- H := NewHASH()
- var t [MPIN_EFS]byte
-
- sQ := ECP2_fromBytes(SST)
- if sQ.is_infinity() {
- return MPIN_INVALID_POINT
- }
- R := ECP_fromBytes(Z)
- if R.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- var U *ECP
- if xCID != nil {
- U = ECP_fromBytes(xCID)
- } else {
- U = ECP_fromBytes(xID)
- }
- if U.is_infinity() {
- return MPIN_INVALID_POINT
- }
-
- w := fromBytes(W)
- U = G1mul(U, w)
- g := ate(sQ, R)
- g = fexp(g)
-
- c := g.trace()
- c.geta().getA().toBytes(t[:])
- H.Process_array(t[:])
- c.geta().getB().toBytes(t[:])
- H.Process_array(t[:])
- c.getb().getA().toBytes(t[:])
- H.Process_array(t[:])
- c.getb().getB().toBytes(t[:])
- H.Process_array(t[:])
-
- U.getX().toBytes(t[:])
- H.Process_array(t[:])
- U.getY().toBytes(t[:])
- H.Process_array(t[:])
-
- t = H.Hash()
- for i := 0; i < MPIN_PAS; i++ {
- SK[i] = t[i]
- }
-
- return 0
-}
-
-/* return time since epoch */
-func MPIN_GET_TIME() int {
- now := time.Now()
- return int(now.Unix())
-}
-
-/* Generate Y = H(epoch, xCID/xID) */
-func MPIN_GET_Y(TimeValue int, xCID []byte, Y []byte) {
- h := Hashit(int32(TimeValue), xCID)
- y := fromBytes(h)
- q := NewBIGints(CURVE_Order)
- y.mod(q)
- y.toBytes(Y)
-}
-
-/* One pass MPIN Client */
-func MPIN_CLIENT(date int, CLIENT_ID []byte, RNG *RAND, X []byte, pin int, TOKEN []byte, SEC []byte, xID []byte, xCID []byte, PERMIT []byte, MESSAGE []byte, TimeValue int, Y []byte) int {
- rtn := 0
-
- var M []byte
- if date == 0 {
- M = xID
- } else {
- M = xCID
- }
-
- rtn = MPIN_CLIENT_1(date, CLIENT_ID, RNG, X, pin, TOKEN, SEC, xID, xCID, PERMIT)
- if rtn != 0 {
- return rtn
- }
-
- if MESSAGE != nil {
- M = append(M, MESSAGE...)
- }
-
- MPIN_GET_Y(TimeValue, M, Y)
-
- rtn = MPIN_CLIENT_2(X, Y, SEC)
- if rtn != 0 {
- return rtn
- }
-
- return 0
-}
-
-/* One pass MPIN Server */
-func MPIN_SERVER(date int, HID []byte, HTID []byte, Y []byte, SST []byte, xID []byte, xCID []byte, SEC []byte, E []byte, F []byte, CID []byte, MESSAGE []byte, TimeValue int) int {
- rtn := 0
-
- var M []byte
- if date == 0 {
- M = xID
- } else {
- M = xCID
- }
-
- MPIN_SERVER_1(date, CID, HID, HTID)
-
- if MESSAGE != nil {
- M = append(M, MESSAGE...)
- }
-
- MPIN_GET_Y(TimeValue, M, Y)
-
- rtn = MPIN_SERVER_2(date, HID, HTID, Y, SST, xID, xCID, SEC, E, F)
- if rtn != 0 {
- return rtn
- }
-
- return 0
-}
-
-func MPIN_printBinary(array []byte) {
- for i := 0; i < len(array); i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/MPIN_test.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/MPIN_test.go b/go/amcl-go/MPIN_test.go
deleted file mode 100644
index f489bea..0000000
--- a/go/amcl-go/MPIN_test.go
+++ /dev/null
@@ -1,898 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-import (
- "crypto/rand"
- "encoding/hex"
- "fmt"
- "testing"
-)
-
-func TestGoodPIN(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- got := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- if got != want {
- t.Errorf("MPIN GOOD PIN %d != %d", want, got)
- }
-}
-
-func TestBadPIN(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1235
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- got := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- if got != want {
- t.Errorf("TestBadPIN %d != %d", want, got)
- }
-}
-
-func TestBadToken(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- // Send UT as V to model bad token
- got := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], UT[:], E[:], F[:], ID, MESSAGE, timeValue)
- if got != want {
- t.Errorf("TestBadToken %d != %d", want, got)
- }
-}
-
-func TestRandom(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seed := make([]byte, 16)
- rand.Read(seed)
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- got := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- if got != want {
- t.Errorf("TestRandom %d != %d", want, got)
- }
-}
-
-func TestGoodSignature(t *testing.T) {
- want := 0
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- got := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- if got != want {
- t.Errorf("TestGoodSignature %d != %d", want, got)
- }
-}
-
-func TestSignatureExpired(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- timeValue += 10
- got := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- if got != want {
- t.Errorf("TestSignatureExpired %d != %d", want, got)
- }
-}
-
-func TestBadSignature(t *testing.T) {
- want := -19
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- MESSAGE := []byte("test message to sign")
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- MESSAGE[0] = 00
- got := MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- if got != want {
- t.Errorf("TestBadSignature %d != %d", want, got)
- }
-}
-
-func TestMPINFull(t *testing.T) {
- want := "0afc948b03b2733a0663571f86411a07"
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16660
-
- // Epoch time in seconds
- timeValue := 1439465203
-
- // PIN variable to create token
- PIN1 := 1234
- // PIN variable to authenticate
- PIN2 := 1234
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- const EGS = MPIN_EGS
- const EFS = MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- var G1 [12 * EFS]byte
- var G2 [12 * EFS]byte
- var R [EGS]byte
- var Z [G1S]byte
- var W [EGS]byte
- var T [G1S]byte
- var AES_KEY_CLIENT [EAS]byte
- var AES_KEY_SERVER [EAS]byte
-
- // Generate Master Secret Share 1
- MPIN_RANDOM_GENERATE(rng, MS1[:])
-
- // Generate Master Secret Share 2
- MPIN_RANDOM_GENERATE(rng, MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
-
- // Generate server secret share 2
- MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
-
- // Combine server secret shares
- MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
-
- // Generate client secret share 1
- MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
-
- // Generate client secret share 2
- MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
-
- // Generate time permit share 1
- MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
-
- // Generate time permit share 2
- MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
-
- // Combine time permit shares
- MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
-
- // Create token
- MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
-
- // precomputation
- MPIN_PRECOMPUTE(TOKEN[:], HCID, G1[:], G2[:])
-
- // Authenticate
- MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
-
- // Send Z=r.ID to Server
- MPIN_GET_G1_MULTIPLE(rng, 1, R[:], HCID, Z[:])
-
- MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
-
- // send T=w.ID to client
- MPIN_GET_G1_MULTIPLE(rng, 0, W[:], HTID[:], T[:])
-
- MPIN_SERVER_KEY(Z[:], SS[:], W[:], U[:], UT[:], AES_KEY_SERVER[:])
- got := hex.EncodeToString(AES_KEY_SERVER[:])
- if got != want {
- t.Errorf("TestMPINFull %s != %s", want, got)
- }
-
- MPIN_CLIENT_KEY(G1[:], G2[:], PIN2, R[:], X[:], T[:], AES_KEY_CLIENT[:])
- got = hex.EncodeToString(AES_KEY_CLIENT[:])
- if got != want {
- t.Errorf("TestMPINFull %s != %s", want, got)
- }
-}
[27/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/MPIN.java
----------------------------------------------------------------------
diff --git a/java/MPIN.java b/java/MPIN.java
deleted file mode 100755
index 0c517f1..0000000
--- a/java/MPIN.java
+++ /dev/null
@@ -1,746 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-import java.util.Date;
-
-public class MPIN
-{
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int PAS=16;
- public static final int INVALID_POINT=-14;
- public static final int BAD_PARAMS=-11;
- public static final int WRONG_ORDER=-18;
- public static final int BAD_PIN=-19;
-
-/* Configure your PIN here */
-
- public static final int MAXPIN=10000; /* PIN less than this */
- public static final int PBLEN=14; /* Number of bits in PIN */
- public static final int TS=10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- public static final int TRAP=200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
-/* Hash number (optional) and string to point on curve */
-
- public static byte[] hashit(int n,byte[] ID)
- {
- HASH H=new HASH();
- if (n!=0) H.process_num(n);
- H.process_array(ID);
- byte[] h=H.hash();
- return h;
- }
-
- public static ECP mapit(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- x.mod(q);
- ECP P;
- while (true)
- {
- P=new ECP(x,0);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- }
-
-/* needed for SOK */
- public static ECP2 mapit2(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- BIG one=new BIG(1);
- FP2 X;
- ECP2 Q,T,K;
- x.mod(q);
- while (true)
- {
- X=new FP2(one,x);
- Q=new ECP2(X);
- if (!Q.is_infinity()) break;
- x.inc(1); x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
- X=new FP2(Fra,Frb);
- x=new BIG(ROM.CURVE_Bnx);
-
- T=new ECP2(); T.copy(Q);
- T.mul(x); T.neg();
- K=new ECP2(); K.copy(T);
- K.dbl(); K.add(T); K.affine();
-
- K.frob(X);
- Q.frob(X); Q.frob(X); Q.frob(X);
- Q.add(T); Q.add(K);
- T.frob(X); T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
- }
-
-/* return time in slots since epoch */
- public static int today() {
- Date date=new Date();
- return (int) (date.getTime()/(1000*60*1440));
- }
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- public static ECP map(BIG u,int cb)
- {
- ECP P;
- BIG x=new BIG(u);
- BIG p=new BIG(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P=new ECP(x,cb);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- }
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- public static int unmap(BIG u,ECP P)
- {
- int s=P.getS();
- ECP R;
- int r=0;
- BIG x=P.getX();
- u.copy(x);
- while (true)
- {
- u.dec(1); u.norm();
- r++;
- R=new ECP(u,s);
- if (!R.is_infinity()) break;
- }
- return r;
- }
-
- public static byte[] HASH_ID(byte[] ID)
- {
- return hashit(0,ID);
- }
-
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- public static int ENCODING(RAND rng,byte[] E)
- {
- int rn,m,su,sv;
- byte[] T=new byte[EFS];
-
- for (int i=0;i<EFS;i++) T[i]=E[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=E[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- ECP P=new ECP(u,v);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG p=new BIG(ROM.Modulus);
- u=BIG.randomnum(p,rng);
-
- su=rng.getByte(); /*if (su<0) su=-su;*/ su%=2;
-
- ECP W=map(u,su);
- P.sub(W);
- sv=P.getS();
- rn=unmap(v,P);
- m=rng.getByte(); /*if (m<0) m=-m;*/ m%=rn;
- v.inc(m+1);
- E[0]=(byte)(su+2*sv);
- u.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+EFS+1]=T[i];
-
- return 0;
- }
-
- public static int DECODING(byte[] D)
- {
- int su,sv;
- byte[] T=new byte[EFS];
-
- if ((D[0]&0x04)!=0) return INVALID_POINT;
-
- for (int i=0;i<EFS;i++) T[i]=D[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=D[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- su=D[0]&1;
- sv=(D[0]>>1)&1;
- ECP W=map(u,su);
- ECP P=map(v,sv);
- P.add(W);
- u=P.getX();
- v=P.getY();
- D[0]=0x04;
- u.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+EFS+1]=T[i];
-
- return 0;
- }
-
-/* R=R1+R2 in group G1 */
- public static int RECOMBINE_G1(byte[] R1,byte[] R2,byte[] R)
- {
- ECP P=ECP.fromBytes(R1);
- ECP Q=ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- }
-
-/* W=W1+W2 in group G2 */
- public static int RECOMBINE_G2(byte[] W1,byte[] W2,byte[] W)
- {
- ECP2 P=ECP2.fromBytes(W1);
- ECP2 Q=ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- }
-
-/* create random secret S */
- public static int RANDOM_GENERATE(RAND rng,byte[] S)
- {
- BIG s;
- BIG r=new BIG(ROM.CURVE_Order);
- s=BIG.randomnum(r,rng);
-
- s.toBytes(S);
- return 0;
- }
-
-/* Extract PIN from TOKEN for identity CID */
- public static int EXTRACT_PIN(byte[] CID,int pin,byte[] TOKEN)
- {
- ECP P=ECP.fromBytes(TOKEN);
- if (P.is_infinity()) return INVALID_POINT;
- byte[] h=hashit(0,CID);
- ECP R=mapit(h);
-
-
- pin%=MAXPIN;
-
- R=R.pinmul(pin,PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- }
-
-/* Implement step 2 on client side of MPin protocol */
- public static int CLIENT_2(byte[] X,byte[] Y,byte[] SEC)
- {
- BIG r=new BIG(ROM.CURVE_Order);
- ECP P=ECP.fromBytes(SEC);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG px=BIG.fromBytes(X);
- BIG py=BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- px.rsub(r);
-
- PAIR.G1mul(P,px).toBytes(SEC);
- return 0;
- }
-
-/* Implement step 1 on client side of MPin protocol */
- public static int CLIENT_1(int date,byte[] CLIENT_ID,RAND rng,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT)
- {
- BIG r=new BIG(ROM.CURVE_Order);
-// BIG q=new BIG(ROM.Modulus);
- BIG x;
-// BIG m=new BIG(0);
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P,T,W;
- BIG px;
-// byte[] t=new byte[EFS];
-
- byte[] h=hashit(0,CLIENT_ID);
- P=mapit(h);
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- pin%=MAXPIN;
- W=P.pinmul(pin,PBLEN);
- T.add(W);
- if (date!=0)
- {
- W=ECP.fromBytes(PERMIT);
- if (W.is_infinity()) return INVALID_POINT;
- T.add(W);
- h=hashit(date,h);
- W=mapit(h);
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- W=PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if (xCID!=null) P.toBytes(xCID);
- }
- else
- {
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
-
- T.toBytes(SEC);
- return 0;
- }
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- public static int GET_SERVER_SECRET(byte[] S,byte[] SST)
- {
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG s=BIG.fromBytes(S);
- Q=PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- }
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- public static int GET_G1_MULTIPLE(RAND rng, int type,byte[] X,byte[] G,byte[] W)
- {
- BIG x;
- BIG r=new BIG(ROM.CURVE_Order);
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P;
- if (type==0)
- {
- P=ECP.fromBytes(G);
- if (P.is_infinity()) return INVALID_POINT;
- }
- else
- P=mapit(G);
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- }
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
- public static int GET_CLIENT_SECRET(byte[] S,byte[] CID,byte[] CST)
- {
- return GET_G1_MULTIPLE(null,1,S,CID,CST);
- }
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- public static int GET_CLIENT_PERMIT(int date,byte[] S,byte[] CID,byte[] CTT)
- {
- byte[] h=hashit(date,CID);
- ECP P=mapit(h);
-
- BIG s=BIG.fromBytes(S);
- PAIR.G1mul(P,s).toBytes(CTT);
- return 0;
- }
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- public static void SERVER_1(int date,byte[] CID,byte[] HID,byte[] HTID)
- {
- byte[] h=hashit(0,CID);
- ECP R,P=mapit(h);
-
- if (date!=0)
- {
- if (HID!=null) P.toBytes(HID);
- h=hashit(date,h);
- R=mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- else P.toBytes(HID);
- }
-
-/* Implement step 2 of MPin protocol on server side */
- public static int SERVER_2(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] mSEC,byte[] E,byte[] F)
- {
- BIG q=new BIG(ROM.Modulus);
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
-
- ECP R;
- if (date!=0)
- R=ECP.fromBytes(xCID);
- else
- {
- if (xID==null) return BAD_PARAMS;
- R=ECP.fromBytes(xID);
- }
- if (R.is_infinity()) return INVALID_POINT;
-
- BIG y=BIG.fromBytes(Y);
- ECP P;
- if (date!=0) P=ECP.fromBytes(HTID);
- else
- {
- if (HID==null) return BAD_PARAMS;
- P=ECP.fromBytes(HID);
- }
-
- if (P.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- R=ECP.fromBytes(mSEC);
- if (R.is_infinity()) return INVALID_POINT;
-
- FP12 g;
-// FP12 g1=new FP12(0);
-
- g=PAIR.ate2(Q,R,sQ,P);
- g=PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID!=null && xID!=null && E!=null && F!=null)
- {
- g.toBytes(E);
- if (date!=0)
- {
- P=ECP.fromBytes(HID);
- if (P.is_infinity()) return INVALID_POINT;
- R=ECP.fromBytes(xID);
- if (R.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(F);
- }
- return BAD_PIN;
- }
-
- return 0;
- }
-
-/* Pollards kangaroos used to return PIN error */
- public static int KANGAROO(byte[] E,byte[] F)
- {
- FP12 ge=FP12.fromBytes(E);
- FP12 gf=FP12.fromBytes(F);
- int[] distance = new int[TS];
- FP12 t=new FP12(gf);
- FP12[] table=new FP12[TS];
- int i,j,m,s,dn,dm,res,steps;
-
- s=1;
- for (m=0;m<TS;m++)
- {
- distance[m]=s;
- table[m]=new FP12(t);
- s*=2;
- t.usqr();
- }
- t.one();
- dn=0;
- for (j=0;j<TRAP;j++)
- {
- i=t.geta().geta().getA().lastbits(8)%TS;
- t.mul(table[i]);
- dn+=distance[i];
- }
- gf.copy(t); gf.conj();
- steps=0; dm=0;
- res=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
- i=ge.geta().geta().getA().lastbits(8)%TS;
- ge.mul(table[i]);
- dm+=distance[i];
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm;
- break;
- }
-
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN) {res=0; } // Trap Failed - probable invalid token
- return res;
- }
-
-/* Functions to support M-Pin Full */
-
- public static int PRECOMPUTE(byte[] TOKEN,byte[] CID,byte[] G1,byte[] G2)
- {
- ECP P,T;
- FP12 g;
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- P=mapit(CID);
-
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- g=PAIR.ate(Q,T);
- g=PAIR.fexp(g);
- g.toBytes(G1);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- }
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- public static int CLIENT_KEY(byte[] G1,byte[] G2,int pin,byte[] R,byte[] X,byte[] wCID,byte[] CK)
- {
- HASH H=new HASH();
- byte[] t=new byte[EFS];
-
- FP12 g1=FP12.fromBytes(G1);
- FP12 g2=FP12.fromBytes(G2);
- BIG z=BIG.fromBytes(R);
- BIG x=BIG.fromBytes(X);
-
- ECP W=ECP.fromBytes(wCID);
- if (W.is_infinity()) return INVALID_POINT;
-
- W=PAIR.G1mul(W,x);
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG r=new BIG(ROM.CURVE_Order);
- BIG q=new BIG(ROM.Modulus);
-
- BIG m=new BIG(q);
- m.mod(r);
-
- BIG a=new BIG(z);
- a.mod(m);
-
- BIG b=new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- FP4 c=g1.trace();
- g2.copy(g1);
- g2.frob(f);
- FP4 cp=g2.trace();
- g1.conj();
- g2.mul(g1);
- FP4 cpm1=g2.trace();
- g2.mul(g1);
- FP4 cpm2=g2.trace();
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- W.getX().toBytes(t);
- H.process_array(t);
- W.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (int i=0;i<PAS;i++) CK[i]=t[i];
-
- return 0;
- }
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- public static int SERVER_KEY(byte[] Z,byte[] SST,byte[] W,byte[] xID,byte[] xCID,byte[] SK)
- {
- HASH H=new HASH();
- byte[] t=new byte[EFS];
-
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
- ECP R=ECP.fromBytes(Z);
- if (R.is_infinity()) return INVALID_POINT;
-
- ECP U;
- if (xCID!=null)
- U=ECP.fromBytes(xCID);
- else
- U=ECP.fromBytes(xID);
- if (U.is_infinity()) return INVALID_POINT;
-
- BIG w=BIG.fromBytes(W);
- U=PAIR.G1mul(U,w);
- FP12 g=PAIR.ate(sQ,R);
- g=PAIR.fexp(g);
-
- FP4 c=g.trace();
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- U.getX().toBytes(t);
- H.process_array(t);
- U.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (int i=0;i<PAS;i++) SK[i]=t[i];
-
- return 0;
- }
-
-/* return time since epoch */
- public static int GET_TIME() {
- Date date=new Date();
- return (int) (date.getTime()/1000);
- }
-
-/* Generate Y = H(epoch, xCID/xID) */
- public static void GET_Y(int TimeValue,byte[] xCID,byte[] Y)
- {
- byte[] h = hashit(TimeValue,xCID);
- BIG y = BIG.fromBytes(h);
- BIG q=new BIG(ROM.CURVE_Order);
- y.mod(q);
- y.toBytes(Y);
- }
-
-/* One pass MPIN Client */
- public static int CLIENT(int date,byte[] CLIENT_ID,RAND RNG,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT, int TimeValue, byte[] Y)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- rtn = CLIENT_1(date,CLIENT_ID,RNG,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- return rtn;
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-/* One pass MPIN Server */
- public static int SERVER(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] SEC,byte[] E,byte[] F,byte[] CID, int TimeValue)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- SERVER_1(date,CID,HID,HTID);
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/PAIR.java
----------------------------------------------------------------------
diff --git a/java/PAIR.java b/java/PAIR.java
deleted file mode 100755
index ad93b61..0000000
--- a/java/PAIR.java
+++ /dev/null
@@ -1,539 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve Pairing functions */
-
-public final class PAIR {
-
-/* Line function */
- public static FP12 line(ECP2 A,ECP2 B,FP Qx,FP Qy)
- {
- ECP2 P=new ECP2();
-
- FP4 a,b,c;
- P.copy(A);
- FP2 ZZ=new FP2(P.getz());
- ZZ.sqr();
- int D;
- if (A==B) D=A.dbl(); /* Check this return value in amcl_ec2.c */
- else D=A.add(B);
- if (D<0)
- return new FP12(1);
- FP2 Z3=new FP2(A.getz());
- c=new FP4(0);
- if (D==0)
- { /* Addition */
- FP2 X=new FP2(B.getx());
- FP2 Y=new FP2(B.gety());
- FP2 T=new FP2(P.getz());
- T.mul(Y);
- ZZ.mul(T);
-
- FP2 NY=new FP2(P.gety()); NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- else
- { /* Doubling */
- FP2 X=new FP2(P.getx());
- FP2 Y=new FP2(P.gety());
- FP2 T=new FP2(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X);
- T.neg();
- ZZ.mul(T);
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- return new FP12(a,b,c);
- }
-
-/* Optimal R-ate pairing */
- public static FP12 ate(ECP2 P,ECP Q)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
-
- ECP2 A=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
-
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
-/* R-ate fixup */
-
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
-
- return r;
- }
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- public static FP12 ate2(ECP2 P,ECP Q,ECP2 R,ECP S)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
- FP Sx=new FP(S.getx());
- FP Sy=new FP(S.gety());
-
- ECP2 A=new ECP2();
- ECP2 B=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- lv=line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
-
-/* R-ate fixup */
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
-
- return r;
- }
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- public static FP12 fexp(FP12 m)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- FP12 r=new FP12(m);
- FP12 x0,x1,x2,x3,x4,x5;
-
-/* Easy part of final exp */
- FP12 lv=new FP12(r);
- lv.inverse();
- r.conj();
-
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-/* Hard part of final exp */
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r);
- x1.conj();
- x4=r.pow(x);
-
- x3=new FP12(x4);
- x3.frob(f);
-
- x2=x4.pow(x);
-
- x5=new FP12(x2); x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- return r;
- }
-
-/* GLV method */
- public static BIG[] glv(BIG e)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=new BIG[2];
- BIG[] v=new BIG[2];
- for (i=0;i<2;i++)
- {
- t.copy(new BIG(ROM.CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]);
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.copy(new BIG(ROM.CURVE_SB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
- }
-
-/* Galbraith & Scott Method */
- public static BIG[] gs(BIG e)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=new BIG[4];
- BIG[] v=new BIG[4];
- for (i=0;i<4;i++)
- {
- t.copy(new BIG(ROM.CURVE_WB[i]));
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.copy(new BIG(ROM.CURVE_BB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
- }
-
-/* Multiply P by e in group G1 */
- public static ECP G1mul(ECP P,BIG e)
- {
- ECP R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- int i,np,nn;
- ECP Q=new ECP();
- Q.copy(P);
- BIG q=new BIG(ROM.CURVE_Order);
- FP cru=new FP(new BIG(ROM.CURVE_Cru));
- BIG t=new BIG(0);
- BIG[] u=glv(e);
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* Multiply P by e in group G2 */
- public static ECP2 G2mul(ECP2 P,BIG e)
- {
- ECP2 R;
- if (ROM.USE_GS_G2)
- {
- ECP2[] Q=new ECP2[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=gs(e);
-
-
-
- BIG t=new BIG(0);
- int i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
- public static FP12 GTpow(FP12 d,BIG e)
- {
- FP12 r;
- if (ROM.USE_GS_GT)
- {
- FP12[] g=new FP12[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG t=new BIG(0);
- int i,np,nn;
- BIG[] u=gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
- }
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
- public static boolean GTmember(FP12 m)
- {
- if (m.isunity()) return false;
- FP12 r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
-
- r.copy(m); r.frob(f); r.frob(f);
- FP12 w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- BIG x=new BIG(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
- }
-/*
- public static void main(String[] args) {
- ECP Q=new ECP(new BIG(ROM.CURVE_Gx),new BIG(ROM.CURVE_Gy));
- ECP2 P=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG r=new BIG(ROM.CURVE_Order);
- BIG xa=new BIG(ROM.CURVE_Pxa);
-
- System.out.println("P= "+P.toString());
- System.out.println("Q= "+Q.toString());
-
- BIG m=new BIG(17);
-
- FP12 e=ate(P,Q);
- System.out.println("\ne= "+e.toString());
-
- e=fexp(e);
- // e=GTpow(e,m);
-
- System.out.println("\ne= "+e.toString());
-
- BIG [] GLV=glv(r);
-
- System.out.println("GLV[0]= "+GLV[0].toString());
- System.out.println("GLV[0]= "+GLV[1].toString());
-
- ECP G=new ECP(); G.copy(Q);
- ECP2 R=new ECP2(); R.copy(P);
-
-
- e=ate(R,Q);
- e=fexp(e);
-
- e=GTpow(e,xa);
- System.out.println("\ne= "+e.toString());
-
-
- R=G2mul(R,xa);
- e=ate(R,G);
- e=fexp(e);
-
- System.out.println("\ne= "+e.toString());
-
- G=G1mul(G,xa);
- e=ate(P,G);
- e=fexp(e);
- System.out.println("\ne= "+e.toString());
- } */
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/RAND.java
----------------------------------------------------------------------
diff --git a/java/RAND.java b/java/RAND.java
deleted file mode 100755
index 1bf6be2..0000000
--- a/java/RAND.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-public class RAND {
-/* Cryptographically strong pseudo-random number generator */
-
- private static final int NK=21;
- private static final int NJ=6;
- private static final int NV=8;
- private int[] ira=new int[NK]; /* random number... */
- private int rndptr; /* ...array & pointer */
- private int borrow;
- private int pool_ptr;
- private byte[] pool=new byte[32]; /* random pool */
-
- public RAND()
- {
- clean();
- }
-
- private int sbrand()
- { /* Marsaglia & Zaman random number generator */
- int i,k;
- long pdiff,t;
-
- rndptr++;
- if (rndptr<NK) return ira[rndptr];
- rndptr=0;
- for (i=0,k=NK-NJ;i<NK;i++,k++)
- { /* calculate next NK values */
- if (k==NK) k=0;
- t=((long)ira[k])&0xffffffffL;
- pdiff=(t - (((long)ira[i])&0xffffffffL) - (long)borrow)&0xffffffffL;
- if (pdiff<t) borrow=0;
- if (pdiff>t) borrow=1;
- ira[i]=(int)(pdiff&0xffffffffL);
- }
-
- return ira[0];
- }
-
- public void sirand(int seed)
- {
- int i,in;
- int t,m=1;
- borrow=0;
- rndptr=0;
- ira[0]^=seed;
- for (i=1;i<NK;i++)
- { /* fill initialisation vector */
- in=(NV*i)%NK;
- ira[in]^=m; /* note XOR */
- t=m;
- m=seed-m;
- seed=t;
- }
- for (i=0;i<10000;i++) sbrand(); /* "warm-up" & stir the generator */
- }
-
- private void fill_pool()
- {
- HASH sh=new HASH();
- for (int i=0;i<128;i++) sh.process(sbrand());
- pool=sh.hash();
- pool_ptr=0;
- }
-
- private static int pack(byte[] b)
- { /* pack 4 bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public void seed(int rawlen,byte[] raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- int i;
- byte [] digest;
- byte [] b=new byte[4];
- HASH sh=new HASH();
- pool_ptr=0;
- for (i=0;i<NK;i++) ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
-
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- sirand(pack(b));
- }
- }
- fill_pool();
- }
-
-/* Terminate and clean up */
- public void clean()
- { /* kill internal state */
- int i;
- pool_ptr=rndptr=0;
- for (i=0;i<32;i++) pool[i]=0;
- for (i=0;i<NK;i++) ira[i]=0;
- borrow=0;
- }
-
-/* get random byte */
- public int getByte()
- {
- int r;
- r=pool[pool_ptr++];
- if (pool_ptr>=32) fill_pool();
- return (r&0xff);
- }
-
-/* test main program */
-/*
- public static void main(String[] args) {
- int i;
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- for (i=0;i<1000;i++)
- System.out.format("%03d ",rng.getByte());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/ROM.java
----------------------------------------------------------------------
diff --git a/java/ROM.java b/java/ROM.java
deleted file mode 100755
index ec833d7..0000000
--- a/java/ROM.java
+++ /dev/null
@@ -1,385 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-public class ROM
-{
-/* Don't Modify from here... */
- public static final int NOT_SPECIAL=0;
- public static final int PSEUDO_MERSENNE=1;
- public static final int MONTGOMERY_FRIENDLY=2;
- public static final int WEIERSTRASS=0;
- public static final int EDWARDS=1;
- public static final int MONTGOMERY=2;
-/* ...to here */
-
-/*** Enter Some Field details here ***/
-// BN Curve
- public static final int MODBITS=254; /* Number of bits in Modulus */
- public static final int MOD8=3; /* Modulus mod 8 */
-// Curve 25519
-// public static final int MODBITS=255;
-// public static final int MOD8=5;
-// NIST256 or Brainpool
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MF254
-// public static final int MODBITS=254;
-// public static final int MOD8=7;
-// MS255
-//public static final int MODBITS= 255;
-//public static final int MOD8= 3;
-// MF256
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MS256
-//public static final int MODBITS= 256;
-//public static final int MOD8= 3;
-// ANSSI
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-
-/* Don't Modify from here... */
- public static final int NLEN=9;
- public static final int CHUNK=32;
- public static final int DNLEN=2*NLEN;
- public static final int BASEBITS=29;
- public static final int MASK=(((int)1<<BASEBITS)-1);
- public static final int MODBYTES=32;
- public static final int NEXCESS =((int)1<<(CHUNK-BASEBITS-1));
- public static final int FEXCESS =((int)1<<(BASEBITS*NLEN-MODBITS));
- public static final int OMASK=(int)(-1)<<(MODBITS%BASEBITS);
- public static final int TBITS=MODBITS%BASEBITS; // Number of active bits in top word
- public static final int TMASK=((int)1<<TBITS)-1;
-/* ...to here */
-
-
-/* Finite field support - for RSA, DH etc. */
- public static final int FF_BITS=2048; /* Finite Field Size in bits - must be 256.2^n */
- public static final int FFLEN=(FF_BITS/256);
- public static final int HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final int[] Modulus={0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-// public static final int MConst=19;
-
-// NIST-256 Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF};
-// public static final int MConst=1;
-
-// MF254 Modulus
-// public static final int MODTYPE=MONTGOMERY_FRIENDLY;
-// public static final int[] Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-// public static final int MConst=0x3F8100;
-
-// MS255 Modulus
-//public static final int MODTYPE= 1;
-//public static final int[] Modulus= {0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-//public static final int MConst=0x2FD;
-
-// MS256 Modulus
-//public static final int MODTYPE= 1;
-//public static final int[] Modulus= {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-//public static final int MConst=0xBD;
-
-// MF256 Modulus
-//public static final int MODTYPE= 2;
-//public static final int[] Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-//public static final int MConst=0xFFA800;
-
-// Brainpool Modulus
-// public static final int MODTYPE= 0;
-// public static final int[] Modulus= {0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-// public static final int MConst=0xEFD89B9;
-
-// ANSSI Modulus
-// public static final int MODTYPE= 0;
-// public static final int[] Modulus= {0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-// public static final int MConst=0x164E1155;
-
-
-// BNCX Curve Modulus
- public static final int MODTYPE=NOT_SPECIAL;
- public static final int[] Modulus= {0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
- public static final int MConst=0x19789E85;
-
-// BN Curve Modulus
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final int[] Modulus= {0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
-//public static final int MConst=0x179435E5;
-
-// BNT Curve Modulus
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final int[] Modulus= {0xEB4A713,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-//public static final int MConst=0x1914C4E5;
-
-// BNT2 Curve Modulus
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final int[] Modulus= {0x1460A48B,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-// public static final int MConst=0x6505CDD;
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-// Original Curve25519
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =486662;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-// public static final int[] CURVE_Gx ={0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-
-// Ed25519 Curve
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A = -1;
-// public static final int[] CURVE_B = {0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C};
-// public static final int[] CURVE_Order={0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-// public static final int[] CURVE_Gx ={0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936};
-// public static final int[] CURVE_Gy={0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666};
-
-// WS25519 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B = {0x28,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Order = {0x1728ACA1,0x8E7230C,0x10E8DCDB,0x1C1FC966,0x5D5,0x0,0x0,0x0,0x800000};
-// public static final int[] CURVE_Gx={0x14D8261F,0x23A9C3B,0x1E392613,0xE9D560D,0x19BD0F9A,0x1A9EF052,0xCFB499,0x4242BE1,0x67E3F5};
-// public static final int[] CURVE_Gy={0x1DEEF38,0x1A31963F,0x4871D5,0x16572E70,0x1DEA014C,0x1AE6A722,0x165D7907,0x1903CD0B,0x36856};
-
-// NIST-256 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B={0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635};
-// public static final int[] CURVE_Order={0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF};
-// public static final int[] CURVE_Gx={0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1};
-// public static final int[] CURVE_Gy={0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342};
-//
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-//public static final int[] CURVE_Order={0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-//public static final int[] CURVE_Gx ={0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F};
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6};
-
-// MF254 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-55790;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-// public static final int[] CURVE_Gx ={0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// MS255 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-//public static final int[] CURVE_Order={0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A};
-
-// MS255 Modulus, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-//public static final int[] CURVE_Gx ={0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78};
-
-// MS255 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-240222;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-// public static final int[] CURVE_Gx ={0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// MS256, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x751A825,0x559014A,0x9971808,0x1904EBD4,0x1FFFFE43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x2B56C77,0x1FA31836,0x253B042,0x185F26EB,0xDD6BD02,0x4B66777,0x1B5FF20B,0xA783C8C,0x696F18};
-
-// MS256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-//public static final int[] CURVE_Gx ={0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x131CADBA,0x3FB7DA9,0x134C0FDC,0x14DAC704,0x46BFBE2,0x1859CFD0,0x1B6E8F4C,0x3C5424E,0x7D0AB4};
-
-// MS256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-61370;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-// public static final int[] CURVE_Gx ={0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// MF256 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final int[] CURVE_B = {0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C};
-
-// MF256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final int[] CURVE_B = {0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Order={0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-//public static final int[] CURVE_Gx ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-//public static final int[] CURVE_Gy ={0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4};
-
-// MF256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-54314;
-// public static final int[] CURVE_B = {0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-// public static final int[] CURVE_Order={0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-// public static final int[] CURVE_Gx ={0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-// public static final int[] CURVE_Gy ={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}; // not used
-
-// Brainpool
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B = {0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61};
-// public static final int[] CURVE_Order={0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-// public static final int[] CURVE_Gx ={0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB};
-// public static final int[] CURVE_Gy ={0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C};
-
-// ANSSI
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final int[] CURVE_B = {0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F};
-// public static final int[] CURVE_Order={0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-// public static final int[] CURVE_Gx ={0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4};
-// public static final int[] CURVE_Gy ={0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0};
-
-// BNCX Curve
-
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Order={0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000};
- public static final int[] CURVE_Bnx={0x3C012B1,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000,0x0,0x0};
- public static final int[] CURVE_Fra={0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908};
- public static final int[] CURVE_Frb={0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7};
- public static final int[] CURVE_Pxa={0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D};
- public static final int[] CURVE_Pxb={0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9};
- public static final int[] CURVE_Pya={0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED};
- public static final int[] CURVE_Pyb={0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C};
- public static final int[] CURVE_Gx ={0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
- public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[][] CURVE_W={{0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000}}};
- public static final int[][] CURVE_WB={{0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200,0x0,0x0,0x0,0x0},{0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000,0x0,0x0},{0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000,0x0,0x0},{0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000}},{{0x7802562,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x7802561,0x0,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0xF004AC2,0x0,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xF6AFA0A,0x108E0531,0x1
241B38F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x3C012B2,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-
-// BNT2 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_A = 0;
- public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Order={0x11AA2BF5,0x1FDB8D28,0xDCE0CF5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
- public static final int[] CURVE_Bnx={0x608205,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[] CURVE_Cru={0x866BD33,0x1A813A22,0x591C3BE,0xAB6EE60,0x1ECF2367,0x361B0BD,0x12000,0x0,0x0};
- public static final int[] CURVE_Fra={0x13AEF062,0x1593464B,0x10EF3924,0x198D3667,0x17F195BB,0xFB3FD1,0xADAF429,0x11A53D19,0x124E0B};
- public static final int[] CURVE_Frb={0xB1B429,0x10039B12,0xB465B55,0x59A91EA,0x50E7261,0xF0C5DF3,0x1FDBE90F,0x1EA2E4D1,0x11B1F8};
- public static final int[] CURVE_Pxa={0x1F40A3C8,0x166491CC,0x19845E12,0xB9B49D2,0x161706B3,0xBBD82B4,0x18C609E7,0x19F2D278,0x16FC17};
- public static final int[] CURVE_Pxb={0x18549540,0x2ABD456,0x1D944184,0x16DEF7CD,0x1A95D17D,0x42B2C83,0x16427206,0x17AB2E,0x1EB5B5};
- public static final int[] CURVE_Pya={0x14220513,0x3DF6628,0x39CDEC5,0x894F10C,0x135F1268,0x1D28DC1C,0xAAA7537,0x130EC284,0x1E8EE4};
- public static final int[] CURVE_Pyb={0x177CE78E,0x1DC9947A,0x1BE95E07,0x1D6E8DC4,0x1FB8E27,0x1B549EDE,0xF6E8A75,0x19B75C67,0x23CEF4};
- public static final int[] CURVE_Gx ={0x1460A48A,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
- public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
- public static final int[][] CURVE_W={{0x1347083,0x5BB1415,0xE678744,0xC0602,0x600,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_SB={{{0x1F5748C,0x5BB3425,0xE678764,0xC0602,0x600,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1075BB72,0x1A207913,0x1F6685B1,0x1F0FBC4C,0x1CFFFC1C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}}};
- public static final int[][] CURVE_WB={{0xA70A224,0xC9396A4,0x1A228251,0x40200,0x200,0x0,0x0,0x0,0x0},{0x1030EF19,0xAD2B967,0xD50DC87,0x72CA2EC,0x148A1B9A,0x241207E,0xC000,0x0,0x0},{0x1848B88F,0x156964B7,0x6A86E4B,0x3965176,0xA450DCD,0x120903F,0x6000,0x0,0x0},{0xB31A62D,0xC93B6B4,0x1A228271,0x40200,0x200,0x0,0x0,0x0,0x0}};
- public static final int[][][] CURVE_BB={{{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0xC1040A,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}},{{0xC1040A,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC10409,0x2010,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x608206,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x1820812,0x4020,0x40,0x0,0x0,0x0,0x0
,0x0,0x0},{0x10E927EA,0x1FDB6D18,0xDCE0CD5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x608206,0x1008,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-*/
-
-// BN Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-public static final int[] CURVE_Order={0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364};
-public static final int[] CURVE_Bnx={0x1,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
-public static final int[] CURVE_Cru={0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD,0x0,0x0};
-public static final int[] CURVE_Fra={0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776};
-public static final int[] CURVE_Frb={0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE};
-public static final int[] CURVE_Pxa={0x15FD0CB4,0x1D5963C9,0x1F315F0A,0xBC633C9,0x1763B05A,0x1B927B6F,0x1FA8CD7E,0x1A9EABD4,0x95B04};
-public static final int[] CURVE_Pxb={0x10962455,0x503E83C,0x9EA978E,0x1B0D7C7A,0x147F39D6,0x1FC4F02B,0x1ED2750A,0x14F81068,0x5D4D8};
-public static final int[] CURVE_Pya={0x1A08A46C,0xD6E7343,0x290647E,0x105661D3,0xB1F1690,0xE261BC2,0x4FE85B4,0x17E4BCA6,0xABF2A};
-public static final int[] CURVE_Pyb={0x5F306EC,0x16FC46A0,0x1744E839,0x9040ED5,0x19D6A5C0,0x138F23C0,0xAF6CE18,0x10FCCF3B,0x18769A};
-public static final int[] CURVE_Gx ={0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
-public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-public static final int[][] CURVE_W={{0x3,0x0,0x81,0x3000000,0x618,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
-public static final int[][][] CURVE_SB={{{0x4,0x8000000,0xA1,0x3000000,0x618,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364}}};
-public static final int[][] CURVE_WB={{0x0,0x4000000,0x10,0x1000000,0x208,0x0,0x0,0x0,0x0},{0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489,0x0,0x0},{0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244,0x0,0x0},{0x1,0xC000000,0x30,0x1000000,0x208,0x0,0x0,0x0,0x0}};
-public static final int[][][] CURVE_BB={{{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364}},{{0x2,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x8000000,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x10000000,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x4000000,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-*/
-
-// BNT Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-public static final int[] CURVE_Order={0xD30210D,0x13ABBBF4,0xCB2CD8E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-public static final int[] CURVE_Bnx={0x4081,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0};
-public static final int[] CURVE_Cru={0xB4FCD87,0xF5A9EAD,0xEAC47EB,0x19054BE5,0x104C9764,0x18A3B28A,0x12006,0x0,0x0};
-public static final int[] CURVE_Fra={0xDC80022,0xFAE8A75,0x1EB338D6,0x189209AD,0x13211BE6,0x4F8C850,0x10E53D94,0x12593778,0x1328A2};
-public static final int[] CURVE_Frb={0xECA6F1,0x53F5582,0x1E65F5D9,0x1C18A27B,0x1A3DEB01,0x10A2832B,0x1456AA9A,0x9136B67,0x10D87E};
-public static final int[] CURVE_Pxa={0x88E65BB,0x144C3F11,0xA98C4EF,0x18015A39,0x1548B7CC,0xA992820,0xE7AF301,0x19A09826,0x14483F};
-public static final int[] CURVE_Pxb={0x8DBE2C0,0x133C4440,0x78D214E,0xAFFC3F0,0x51B57B9,0x285318D,0xC0B68FF,0x166709D8,0x87F46};
-public static final int[] CURVE_Pya={0x20CA1D,0x101623F,0xE67CDB,0x19682CFD,0x19F72C94,0x14E372A1,0xF5D28B1,0x13820561,0x14E8C2};
-public static final int[] CURVE_Pyb={0x116628F2,0x1EC21BE3,0xF2DF71A,0x144FC2CF,0x172681D0,0xC54163A,0xF47B7B0,0x148C48A9,0x17AFE2};
-public static final int[] CURVE_Gx ={0xEB4A712,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-public static final int[] CURVE_Gy ={0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
-public static final int[][] CURVE_W={{0x1838403,0x1321803,0x106660E1,0x3024304,0x600,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}};
-public static final int[][][] CURVE_SB={{{0x1840504,0x13A1E03,0x10666101,0x3024304,0x600,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xBAC9D0A,0x1279A3F1,0x1C4C6CAD,0xEA62620,0xD5EFAE8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}}};
-public static final int[][] CURVE_WB={{0x80C080,0xB0A0301,0x10222030,0x100C101,0x200,0x0,0x0,0x0,0x0},{0x88C4A85,0x15A9C820,0x14B71B0D,0x1D5A5F46,0x158868ED,0x106D21B1,0xC004,0x0,0x0},{0x4464583,0x1AD6E590,0xA5B8D8E,0x1EAD2FA3,0x1AC43476,0x83690D8,0x6002,0x0,0x0},{0x814181,0xB120901,0x10222050,0x100C101,0x200,0x0,0x0,0x0,0x0}};
-public static final int[][][] CURVE_BB={{{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x8102,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}},{{0x8102,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0},{0x8101,0x80600,0x20,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x4082,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0},{0x10202,0x100C00,0x40,0x0,0x0,0x0,0x0,0x0,0x0},{0xD2FA00A
,0x13A3B5F4,0xCB2CD6E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x4082,0x40300,0x10,0x0,0x0,0x0,0x0,0x0,0x0}}};
-
-*/
- //public static boolean debug=false;
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/RSA.java
----------------------------------------------------------------------
diff --git a/java/RSA.java b/java/RSA.java
deleted file mode 100755
index 53549c5..0000000
--- a/java/RSA.java
+++ /dev/null
@@ -1,318 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-final class rsa_private_key
-{
- public FF p,q,dp,dq,c;
-
- public rsa_private_key(int n)
- {
- p=new FF(n);
- q=new FF(n);
- dp=new FF(n);
- dq=new FF(n);
- c=new FF(n);
- }
-}
-
-final class rsa_public_key
-{
- public int e;
- public FF n;
-
- public rsa_public_key(int m)
- {
- e=0;
- n=new FF(m);
- }
-}
-
-public final class RSA {
-
- public static final int RFS=ROM.MODBYTES*ROM.FFLEN;
-
-/* generate an RSA key pair */
-
- public static void KEY_PAIR(RAND rng,int e,rsa_private_key PRIV,rsa_public_key PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- int n=PUB.n.getlen()/2;
- FF t = new FF(n);
- FF p1=new FF(n);
- FF q1=new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng)) PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng)) PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
-
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()==0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()==0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
-
-/* Mask Generation Function */
-
- public static void MGF1(byte[] Z,int olen,byte[] K)
- {
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] B=new byte[hlen];
-
- int counter,cthreshold,k=0;
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter);
- B=H.hash();
-
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- }
-
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- /* OAEP Message Encoding for Encryption */
- public static byte[] OAEP_ENCODE(byte[] m,RAND rng,byte[] p)
- {
- int i,slen,olen=RFS-1;
- int mlen=m.length;
- int hlen,seedlen;
- byte[] f=new byte[RFS];
-
- HASH H=new HASH();
- hlen=HASH.len;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) return new byte[0];
-
- byte[] DBMASK=new byte[olen-seedlen];
-
- if (p!=null) H.process_array(p);
- byte[] h=H.hash();
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=(byte)rng.getByte();
- MGF1(SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
- MGF1(DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- int d=1;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- public static byte[] OAEP_DECODE(byte[] p,byte[] f)
- {
- int x,t;
- boolean comp;
- int i,k,olen=RFS-1;
- int hlen,seedlen;
-
- HASH H=new HASH();
- hlen=HASH.len;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
- byte[] CHASH=new byte[hlen];
-
- if (olen<seedlen+hlen+1) return new byte[0];
- byte[] DBMASK=new byte[olen-seedlen];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RFS)
- {
- int d=RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- if (p!=null) H.process_array(p);
- byte[] h=H.hash();
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- MGF1(DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- MGF1(SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return new byte[0];
- if (DBMASK[k]!=0) break;
- }
-
- t=DBMASK[k];
- if (!comp || x!=0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return new byte[0];
- }
-
- byte[] r=new byte[olen-seedlen-hlen-k-1];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- }
-
- /* destroy the Private Key structure */
- public static void PRIVATE_KEY_KILL(rsa_private_key PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
-
- /* RSA encryption with the public key */
- public static void ENCRYPT(rsa_public_key PUB,byte[] F,byte[] G)
- {
- int n=PUB.n.getlen();
- FF f=new FF(n);
-
- FF.fromBytes(f,F);
- f.power(PUB.e,PUB.n);
- f.toBytes(G);
- }
-
- /* RSA decryption with the private key */
- public static void DECRYPT(rsa_private_key PRIV,byte[] G,byte[] F)
- {
- int n=PRIV.p.getlen();
- FF g=new FF(2*n);
-
- FF.fromBytes(g,G);
- FF jp=g.dmod(PRIV.p);
- FF jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- FF t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/TestECDH.java
----------------------------------------------------------------------
diff --git a/java/TestECDH.java b/java/TestECDH.java
deleted file mode 100755
index 3027f12..0000000
--- a/java/TestECDH.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-public class TestECDH
-{
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args)
- {
- int i,j=0,res;
- int result;
- String pp=new String("M0ng00se");
-
- int EGS=ECDH.EGS;
- int EFS=ECDH.EFS;
- int EAS=AES.KS;
-
- byte[] S1=new byte[EGS];
- byte[] W0=new byte[2*EFS+1];
- byte[] W1=new byte[2*EFS+1];
- byte[] Z0=new byte[EFS];
- byte[] Z1=new byte[EFS];
- byte[] RAW=new byte[100];
- byte[] SALT=new byte[8];
- byte[] P1=new byte[3];
- byte[] P2=new byte[4];
- byte[] V=new byte[2*EFS+1];
- byte[] M=new byte[17];
- byte[] T=new byte[12];
- byte[] CS=new byte[EGS];
- byte[] DS=new byte[EGS];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt
-
- System.out.println("Alice's Passphrase= "+pp);
- byte[] PW=pp.getBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- System.out.print("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- System.out.print("Alice's public key= 0x");
- printBinary(W0);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- {
- System.out.println("ECP Public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- System.out.print("Servers private key= 0x");
- printBinary(S1);
-
- System.out.print("Servers public key= 0x");
- printBinary(W1);
-
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- {
- System.out.print("ECP Public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- boolean same=true;
- for (i=0;i<EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- {
- System.out.println("*** ECPSVDP-DH Failed");
- return;
- }
-
- byte[] KEY=ECDH.KDF1(Z0,EAS);
-
- System.out.print("Alice's DH Key= 0x"); printBinary(KEY);
- System.out.print("Servers DH Key= 0x"); printBinary(KEY);
-
- System.out.println("Testing ECIES");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=(byte)i;
-
- byte[] C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T);
-
- System.out.println("Ciphertext= ");
- System.out.print("V= 0x"); printBinary(V);
- System.out.print("C= 0x"); printBinary(C);
- System.out.print("T= 0x"); printBinary(T);
-
-
- M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1);
- if (M.length==0)
- {
- System.out.println("*** ECIES Decryption Failed\n");
- return;
- }
- else System.out.println("Decryption succeeded");
-
- System.out.print("Message is 0x"); printBinary(M);
-
- System.out.println("Testing ECDSA");
-
- if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Signature Failed");
- return;
- }
- System.out.println("Signature= ");
- System.out.print("C= 0x"); printBinary(CS);
- System.out.print("D= 0x"); printBinary(DS);
-
- if (ECDH.ECPVP_DSA(W0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Verification Failed");
- return;
- }
- else System.out.println("ECDSA Signature/Verification succeeded "+j);
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/TestECM.java
----------------------------------------------------------------------
diff --git a/java/TestECM.java b/java/TestECM.java
deleted file mode 100755
index b0a07a1..0000000
--- a/java/TestECM.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH API Function only - for use with Montgomery curves */
-
-public class TestECM
-{
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args)
- {
- int i,j=0,res;
- int result;
- String pp=new String("M0ng00se");
-
- int EGS=ECDH.EGS;
- int EFS=ECDH.EFS;
- int EAS=AES.KS;
-
- byte[] S1=new byte[EGS];
- byte[] W0=new byte[2*EFS+1];
- byte[] W1=new byte[2*EFS+1];
- byte[] Z0=new byte[EFS];
- byte[] Z1=new byte[EFS];
- byte[] RAW=new byte[100];
- byte[] SALT=new byte[8];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt
-
- System.out.println("Alice's Passphrase= "+pp);
- byte[] PW=pp.getBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- System.out.print("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- System.out.print("Alice's public key= 0x");
- printBinary(W0);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- {
- System.out.println("Alice's public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- System.out.print("Servers private key= 0x");
- printBinary(S1);
-
- System.out.print("Servers public key= 0x");
- printBinary(W1);
-
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- {
- System.out.print("Server's public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- boolean same=true;
- for (i=0;i<EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- {
- System.out.println("*** ECPSVDP-DH Failed");
- return;
- }
-
- byte[] KEY=ECDH.KDF1(Z0,EAS);
-
- System.out.print("Alice's DH Key= 0x"); printBinary(KEY);
- System.out.print("Servers DH Key= 0x"); printBinary(KEY);
-
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/TestMPIN.java
----------------------------------------------------------------------
diff --git a/java/TestMPIN.java b/java/TestMPIN.java
deleted file mode 100755
index 4d4090c..0000000
--- a/java/TestMPIN.java
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN API Functions */
-
-import java.util.Date;
-import java.util.Scanner;
-
-public class TestMPIN
-{
- static boolean PERMITS=true;
- static boolean PINERROR=true;
- static boolean FULL=false;
- static boolean SINGLE_PASS=false;
-
- static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args) {
- RAND rng=new RAND();
- byte[] raw=new byte[100];
- for (int i=0;i<100;i++) raw[i]=(byte)(i+1);
- rng.seed(100,raw);
-
- int EGS=MPIN.EGS;
- int EFS=MPIN.EFS;
- int G1S=2*EFS+1; /* Group 1 Size */
- int G2S=4*EFS; /* Group 2 Size */
- int EAS=16;
-
- byte[] S=new byte[EGS];
- byte[] SST = new byte[G2S];
- byte[] TOKEN = new byte[G1S];
- byte[] PERMIT = new byte[G1S];
- byte[] SEC = new byte[G1S];
- byte[] xID = new byte[G1S];
- byte[] xCID = new byte[G1S];
- byte[] X= new byte[EGS];
- byte[] Y= new byte[EGS];
- byte[] E=new byte[12*EFS];
- byte[] F=new byte[12*EFS];
- byte[] HID=new byte[G1S];
- byte[] HTID=new byte[G1S];
-
- byte[] G1=new byte[12*EFS];
- byte[] G2=new byte[12*EFS];
- byte[] R=new byte[EGS];
- byte[] Z=new byte[G1S];
- byte[] W=new byte[EGS];
- byte[] T=new byte[G1S];
- byte[] CK=new byte[EAS];
- byte[] SK=new byte[EAS];
-
-/* Trusted Authority set-up */
-
- MPIN.RANDOM_GENERATE(rng,S);
- System.out.print("Master Secret s: 0x"); printBinary(S);
-
- /* Create Client Identity */
- String IDstr = "testUser@miracl.com";
- byte[] CLIENT_ID = IDstr.getBytes();
-
- byte[] HCID=MPIN.HASH_ID(CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- System.out.print("Client ID= "); printBinary(CLIENT_ID);
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- System.out.print("Server Secret SS: 0x"); printBinary(SST);
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- System.out.print("Client Secret CS: 0x");
- printBinary(TOKEN);
-
-/* Client extracts PIN from secret to create Token */
- int pin=1234;
- System.out.println("Client extracts PIN= "+pin);
- int rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- System.out.println("FAILURE: EXTRACT_PIN rtn: " + rtn);
-
- System.out.print("Client Token TK: 0x");
- printBinary(TOKEN);
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
- int date;
- if (PERMITS)
- {
- date=MPIN.today();
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT);
- System.out.print("Time Permit TP: 0x"); printBinary(PERMIT);
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- System.out.print("Encoded Time Permit TP: 0x"); printBinary(PERMIT);
- MPIN.DECODING(PERMIT);
- System.out.print("Decoded Time Permit TP: 0x"); printBinary(PERMIT);
- }
- else date=0;
-
- System.out.print("\nPIN= ");
- Scanner scan=new Scanner(System.in);
- pin=scan.nextInt();
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-IMPORTANT: To save space and time..
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
-
- byte[] pxID=xID;
- byte[] pxCID=xCID;
- byte[] pHID=HID;
- byte[] pHTID=HTID;
- byte[] pE=E;
- byte[] pF=F;
- byte[] pPERMIT=PERMIT;
- byte[] prHID;
-
- if (date!=0)
- {
-
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- pHID=null;
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (SINGLE_PASS)
- {
- System.out.println("MPIN Single Pass");
- int timeValue = MPIN.GET_TIME();
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- rtn=MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- System.out.println("FAILURE: SERVER rtn: " + rtn);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- System.out.println("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_1 rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_2 rtn: " + rtn);
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- System.out.println("FAILURE: SERVER_1 rtn: " + rtn);
- }
-
- if (rtn == MPIN.BAD_PIN)
- {
- System.out.println("Server says - Bad Pin. I don't know you. Feck off.\n");
- if (PINERROR)
- {
- int err=MPIN.KANGAROO(E,F);
- if (err!=0) System.out.format("(Client PIN is out by %d)\n",err);
- }
- return;
- }
- else System.out.println("Server says - PIN is good! You really are "+IDstr);
-
-
- if (FULL)
- {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- System.out.print("Client Key = 0x"); printBinary(CK);
-
- MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK);
- System.out.print("Server Key = 0x"); printBinary(SK);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/TestRSA.java
----------------------------------------------------------------------
diff --git a/java/TestRSA.java b/java/TestRSA.java
deleted file mode 100755
index 414e596..0000000
--- a/java/TestRSA.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-public class TestRSA
-{
- public static void main(String[] args)
- {
- int i;
- int RFS=RSA.RFS;
-
- String message="Hello World\n";
-
- rsa_public_key pub=new rsa_public_key(ROM.FFLEN);
- rsa_private_key priv=new rsa_private_key(ROM.HFLEN);
-
- byte[] ML=new byte[RFS];
- byte[] C=new byte[RFS];
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (i=0;i<10;i++)
-//{
- System.out.println("Generating public/private key pair");
- RSA.KEY_PAIR(rng,65537,priv,pub);
-
- byte[] M=message.getBytes();
- System.out.print("Encrypting test string\n");
- byte[] E=RSA.OAEP_ENCODE(M,rng,null); /* OAEP encode message M to E */
-
- RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */
- System.out.print("Ciphertext= 0x"); RSA.printBinary(C);
-
- System.out.print("Decrypting test string\n");
- RSA.DECRYPT(priv,C,ML);
- byte[] MS=RSA.OAEP_DECODE(null,ML); /* OAEP decode message */
-
- message=new String(MS);
- System.out.print(message);
-//}
- RSA.PRIVATE_KEY_KILL(priv);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/readme.txt
----------------------------------------------------------------------
diff --git a/java/readme.txt b/java/readme.txt
deleted file mode 100644
index fbe1866..0000000
--- a/java/readme.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-AMCL is very simple to build for Java. This version is optimal for a 32-bit
-(or less) Virtual Machine.
-
-First - decide the modulus type and curve type you want to use. Edit ROM.java
-where indicated. You might want to use one of the curves whose details are
-already in there.
-
-Three example API files are provided, MPIN.java which
-supports our M-Pin (tm) protocol, ECDH.java which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.java
-which supports the RSA method. The first can be tested using the
-TestMPIN.java driver programs, the second can be tested using TestECDH.java
-and TestECM.java, and the third with TestRSA.java
-
-In the ROM.java file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The program bngen.cpp generates the ROM details for a
-BN curve, and the program ecgen.cpp generates the ROM for EC curves.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-Don't forget to delete all .class files before rebuilding projects.
-
-For a quick jumpstart:-
-
-del *.class
-javac TestMPIN.java
-java TestMPIN
-
[47/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/big.c
----------------------------------------------------------------------
diff --git a/c/big.c b/c/big.c
deleted file mode 100755
index b26abc2..0000000
--- a/c/big.c
+++ /dev/null
@@ -1,1210 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL basic functions for BIG type */
-/* SU=m, SU is Stack Usage */
-
-#include "amcl.h"
-
-/* Calculates x*y+c+*r */
-
-#ifdef dchunk
-
-/* Method required to calculate x*y+c+r, bottom half in r, top half returned */
-chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- dchunk prod=(dchunk)x*y+c+*r;
- *r=(chunk)prod&MASK;
- return (chunk)(prod>>BASEBITS);
-}
-
-#else
-
-/* No integer type available that can store double the wordlength */
-/* accumulate partial products */
-
-chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- chunk x0,x1,y0,y1;
- chunk bot,top,mid,carry;
- x0=x&HMASK;
- x1=(x>>HBITS);
- y0=y&HMASK;
- y1=(y>>HBITS);
- bot=x0*y0;
- top=x1*y1;
- mid=x0*y1+x1*y0;
- x0=mid&HMASK1;
- x1=(mid>>HBITS1);
- bot+=x0<<HBITS; bot+=*r; bot+=c;
-
-#if HDIFF==1
- bot+=(top&HDIFF)<<(BASEBITS-1);
- top>>=HDIFF;
-#endif
-
- top+=x1;
- carry=bot>>BASEBITS;
- bot&=MASK;
- top+=carry;
-
- *r=bot;
- return top;
-}
-
-#endif
-
-/* test a=0? */
-int BIG_iszilch(BIG a)
-{
- int i;
- for (i=0;i<NLEN;i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* test a=0? */
-int BIG_diszilch(DBIG a)
-{
- int i;
- for (i=0;i<DNLEN;i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* SU= 56 */
-/* output a */
-void BIG_output(BIG a)
-{
- BIG b;
- int i,len;
- len=BIG_nbits(a);
- if (len%4==0) len/=4;
- else {len/=4; len++;}
- if (len<MODBYTES*2) len=MODBYTES*2;
-
- for (i=len-1;i>=0;i--)
- {
- BIG_copy(b,a);
- BIG_shr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* SU= 16 */
-void BIG_rawoutput(BIG a)
-{
- int i;
- printf("(");
- for (i=0;i<NLEN-1;i++)
- printf("%llx,",(long long unsigned int) a[i]);
- printf("%llx)",(long long unsigned int) a[NLEN-1]);
-}
-
-/* Swap a and b if d=1 */
-void BIG_cswap(BIG a,BIG b,int d)
-{
- int i;
- chunk t,c=d;
- c=~(c-1);
-#ifdef DEBUG_NORM
- for (i=0;i<=NLEN;i++)
-#else
- for (i=0;i<NLEN;i++)
-#endif
- {
- t=c&(a[i]^b[i]);
- a[i]^=t;
- b[i]^=t;
- }
-}
-
-/* Move b to a if d=1 */
-void BIG_cmove(BIG f,BIG g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0;i<=NLEN;i++)
-#else
- for (i=0;i<NLEN;i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* convert BIG to/from bytes */
-/* SU= 64 */
-void BIG_toBytes(char *b,BIG a)
-{
- int i;
- BIG c;
- BIG_norm(a);
- BIG_copy(c,a);
- for (i=MODBYTES-1;i>=0;i--)
- {
- b[i]=c[0]&0xff;
- BIG_fshr(c,8);
- }
-}
-
-/* SU= 16 */
-void BIG_fromBytes(BIG a,char *b)
-{
- int i;
- BIG_zero(a);
- for (i=0;i<MODBYTES;i++)
- {
- BIG_fshl(a,8); a[0]+=(int)(unsigned char)b[i];
- //BIG_inc(a,(int)(unsigned char)b[i]); BIG_norm(a);
- }
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-/* SU= 88 */
-void BIG_doutput(DBIG a)
-{
- DBIG b;
- int i,len;
- BIG_dnorm(a);
- len=BIG_dnbits(a);
- if (len%4==0) len/=4;
- else {len/=4; len++;}
-
- for (i=len-1;i>=0;i--)
- {
- BIG_dcopy(b,a);
- BIG_dshr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* Copy b=a */
-void BIG_copy(BIG b,BIG a)
-{
- int i;
- for (i=0;i<NLEN;i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=a[NLEN];
-#endif
-}
-
-/* Copy from ROM b=a */
-void BIG_rcopy(BIG b,const BIG a)
-{
- int i;
- for (i=0;i<NLEN;i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=0;
-#endif
-}
-
-/* double length DBIG copy b=a */
-void BIG_dcopy(DBIG b,DBIG a)
-{
- int i;
- for (i=0;i<DNLEN;i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[DNLEN]=a[DNLEN];
-#endif
-}
-
-/* Copy BIG to bottom half of DBIG */
-void BIG_dscopy(DBIG b,BIG a)
-{
- int i;
- for (i=0;i<NLEN-1;i++)
- b[i]=a[i];
-
- b[NLEN-1]=a[NLEN-1]&MASK; /* top word normalized */
- b[NLEN]=a[NLEN-1]>>BASEBITS;
-
- for (i=NLEN+1;i<DNLEN;i++) b[i]=0;
-#ifdef DEBUG_NORM
- b[DNLEN]=a[NLEN];
-#endif
-}
-
-/* Copy BIG to top half of DBIG */
-void BIG_dsucopy(DBIG b,BIG a)
-{
- int i;
- for (i=0;i<NLEN;i++)
- b[i]=0;
- for (i=NLEN;i<DNLEN;i++)
- b[i]=a[i-NLEN];
-#ifdef DEBUG_NORM
- b[DNLEN]=a[NLEN];
-#endif
-}
-
-/* Copy bottom half of DBIG to BIG */
-void BIG_sdcopy(BIG b,DBIG a)
-{
- int i;
- for (i=0;i<NLEN;i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=a[DNLEN];
-#endif
-}
-
-/* Copy top half of DBIG to BIG */
-void BIG_sducopy(BIG b,DBIG a)
-{
- int i;
- for (i=0;i<NLEN;i++)
- b[i]=a[i+NLEN];
-#ifdef DEBUG_NORM
- b[NLEN]=a[DNLEN];
-#endif
-}
-
-/* Set a=0 */
-void BIG_zero(BIG a)
-{
- int i;
- for (i=0;i<NLEN;i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-void BIG_dzero(DBIG a)
-{
- int i;
- for (i=0;i<DNLEN;i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[DNLEN]=0;
-#endif
-}
-
-/* set a=1 */
-void BIG_one(BIG a)
-{
- int i;
- a[0]=1;
- for (i=1;i<NLEN;i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-
-
-/* Set c=a+b */
-/* SU= 8 */
-void BIG_add(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0;i<NLEN;i++)
- c[i]=a[i]+b[i];
-#ifdef DEBUG_NORM
- c[NLEN]=a[NLEN]+b[NLEN]+1;
- if (c[NLEN]>=NEXCESS) printf("add problem - digit overflow %d\n",c[NLEN]);
-#endif
-}
-
-/* Set c=c+d */
-void BIG_inc(BIG c,int d)
-{
- BIG_norm(c);
- c[0]+=(chunk)d;
-#ifdef DEBUG_NORM
- c[NLEN]=1;
-#endif
-}
-
-/* Set c=a-b */
-/* SU= 8 */
-void BIG_sub(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0;i<NLEN;i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[NLEN]=a[NLEN]+b[NLEN]+1;
- if (c[NLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[NLEN]);
-#endif
-}
-
-/* SU= 8 */
-
-void BIG_dsub(DBIG c,DBIG a,DBIG b)
-{
- int i;
- for (i=0;i<DNLEN;i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[DNLEN]=a[DNLEN]+b[DNLEN]+1;
- if (c[DNLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[DNLEN]);
-#endif
-}
-
-
-/* Set c=c-1 */
-void BIG_dec(BIG c,int d)
-{
- BIG_norm(c);
- c[0]-=(chunk)d;
-#ifdef DEBUG_NORM
- c[NLEN]=1;
-#endif
-}
-
-/* multiplication r=a*c by c<=NEXCESS */
-void BIG_imul(BIG r,BIG a,int c)
-{
- int i;
- for (i=0;i<NLEN;i++) r[i]=a[i]*c;
-#ifdef DEBUG_NORM
- r[NLEN]=(a[NLEN]+1)*c-1;
- if (r[NLEN]>=NEXCESS) printf("int mul problem - digit overflow %d\n",r[NLEN]);
-#endif
-}
-
-/* multiplication r=a*c by larger integer - c<=FEXCESS */
-/* SU= 24 */
-chunk BIG_pmul(BIG r,BIG a,int c)
-{
- int i;
- chunk ak,carry=0;
- BIG_norm(a);
- for (i=0;i<NLEN;i++)
- {
- ak=a[i];
- r[i]=0;
- carry=muladd(ak,(chunk)c,carry,&r[i]);
- }
-#ifdef DEBUG_NORM
- r[NLEN]=0;
-#endif
- return carry;
-}
-
-/* r/=3 */
-/* SU= 16 */
-int BIG_div3(BIG r)
-{
- int i;
- chunk ak,base,carry=0;
- BIG_norm(r);
- base=((chunk)1<<BASEBITS);
- for (i=NLEN-1;i>=0;i--)
- {
- ak=(carry*base+r[i]);
- r[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
-}
-
-/* multiplication c=a*b by even larger integer b>FEXCESS, resulting in DBIG */
-/* SU= 24 */
-void BIG_pxmul(DBIG c,BIG a,int b)
-{
- int j;
- chunk carry;
- BIG_dzero(c);
- carry=0;
- for (j=0;j<NLEN;j++)
- carry=muladd(a[j],(chunk)b,carry,&c[j]);
- c[NLEN]=carry;
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-}
-
-/* Set c=a*b */
-/* SU= 72 */
-void BIG_mul(DBIG c,BIG a,BIG b)
-{
- int i,j;
- chunk carry;
-#ifdef dchunk
- dchunk t,co;
-#endif
-
- BIG_norm(a); /* needed here to prevent overflow from addition of partial products */
- BIG_norm(b);
-
-/* Faster to Combafy it.. Let the compiler unroll the loops! */
-
-#ifdef COMBA
-
- t=(dchunk)a[0]*b[0];
- c[0]=(chunk)t&MASK; co=t>>BASEBITS;
- t=(dchunk)a[1]*b[0]+(dchunk)a[0]*b[1]+co;
- c[1]=(chunk)t&MASK; co=t>>BASEBITS;
-
- for (j=2;j<NLEN;j++)
- {
- t=co; for (i=0;i<=j;i++) t+=(dchunk)a[j-i]*b[i];
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
- }
-
- for (j=NLEN;j<DNLEN-2;j++)
- {
- t=co; for (i=j-NLEN+1;i<NLEN;i++) t+=(dchunk)a[j-i]*b[i];
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
- }
-
- t=(dchunk)a[NLEN-1]*b[NLEN-1]+co;
- c[DNLEN-2]=(chunk)t&MASK; co=t>>BASEBITS;
- c[DNLEN-1]=(chunk)co;
-#else
- BIG_dzero(c);
- for (i=0;i<NLEN;i++)
- {
- carry=0;
- for (j=0;j<NLEN;j++)
- carry=muladd(a[i],b[j],carry,&c[i+j]);
- c[NLEN+i]=carry;
- }
-#endif
-
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-}
-
-/* .. if you know the result will fit in a BIG, c must be distinct from a and b */
-/* SU= 40 */
-void BIG_smul(BIG c,BIG a,BIG b)
-{
- int i,j;
- chunk carry;
- BIG_norm(a);
- BIG_norm(b);
-
- BIG_zero(c);
- for (i=0;i<NLEN;i++)
- {
- carry=0;
- for (j=0;j<NLEN;j++)
- if (i+j<NLEN) carry=muladd(a[i],b[j],carry,&c[i+j]);
- }
-#ifdef DEBUG_NORM
- c[NLEN]=0;
-#endif
-
-}
-
-/* Set c=a*a */
-/* SU= 80 */
-void BIG_sqr(DBIG c,BIG a)
-{
- int i,j;
- chunk carry;
-#ifdef dchunk
- dchunk t,co;
-#endif
-
- BIG_norm(a);
-
-/* Note 2*a[i] in loop below and extra addition */
-
-#ifdef COMBA
-
- t=(dchunk)a[0]*a[0];
- c[0]=(chunk)t&MASK; co=t>>BASEBITS;
- t=(dchunk)a[1]*a[0]; t+=t; t+=co;
- c[1]=(chunk)t&MASK; co=t>>BASEBITS;
-
-#if NLEN%2==1
- for (j=2;j<NLEN-1;j+=2)
- {
- t=(dchunk)a[j]*a[0]; for (i=1;i<(j+1)/2;i++) t+=(dchunk)a[j-i]*a[i]; t+=t; t+=co; t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
- t=(dchunk)a[j+1]*a[0]; for (i=1;i<(j+2)/2;i++) t+=(dchunk)a[j+1-i]*a[i]; t+=t; t+=co;
- c[j+1]=(chunk)t&MASK; co=t>>BASEBITS;
- }
- j=NLEN-1;
- t=(dchunk)a[j]*a[0]; for (i=1;i<(j+1)/2;i++) t+=(dchunk)a[j-i]*a[i]; t+=t; t+=co; t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
-
-#else
- for (j=2;j<NLEN;j+=2)
- {
- t=(dchunk)a[j]*a[0]; for (i=1;i<(j+1)/2;i++) t+=(dchunk)a[j-i]*a[i]; t+=t; t+=co; t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
- t=(dchunk)a[j+1]*a[0]; for (i=1;i<(j+2)/2;i++) t+=(dchunk)a[j+1-i]*a[i]; t+=t; t+=co;
- c[j+1]=(chunk)t&MASK; co=t>>BASEBITS;
- }
-
-#endif
-
-#if NLEN%2==1
- j=NLEN;
- t=(dchunk)a[NLEN-1]*a[j-NLEN+1]; for (i=j-NLEN+2;i<(j+1)/2;i++) t+=(dchunk)a[j-i]*a[i]; t+=t; t+=co;
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
- for (j=NLEN+1;j<DNLEN-2;j+=2)
- {
- t=(dchunk)a[NLEN-1]*a[j-NLEN+1]; for (i=j-NLEN+2;i<(j+1)/2;i++) t+=(dchunk)a[j-i]*a[i]; t+=t; t+=co; t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
- t=(dchunk)a[NLEN-1]*a[j-NLEN+2]; for (i=j-NLEN+3;i<(j+2)/2;i++) t+=(dchunk)a[j+1-i]*a[i]; t+=t; t+=co;
- c[j+1]=(chunk)t&MASK; co=t>>BASEBITS;
- }
-#else
- for (j=NLEN;j<DNLEN-2;j+=2)
- {
- t=(dchunk)a[NLEN-1]*a[j-NLEN+1]; for (i=j-NLEN+2;i<(j+1)/2;i++) t+=(dchunk)a[j-i]*a[i]; t+=t; t+=co; t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&MASK; co=t>>BASEBITS;
- t=(dchunk)a[NLEN-1]*a[j-NLEN+2]; for (i=j-NLEN+3;i<(j+2)/2;i++) t+=(dchunk)a[j+1-i]*a[i]; t+=t; t+=co;
- c[j+1]=(chunk)t&MASK; co=t>>BASEBITS;
- }
-
-#endif
-
- t=(dchunk)a[NLEN-1]*a[NLEN-1]+co;
- c[DNLEN-2]=(chunk)t&MASK; co=t>>BASEBITS;
- c[DNLEN-1]=(chunk)co;
-
-#else
- BIG_dzero(c);
- for (i=0;i<NLEN;i++)
- {
- carry=0;
- for (j=i+1;j<NLEN;j++)
- carry=muladd(a[i],a[j],carry,&c[i+j]);
- c[NLEN+i]=carry;
- }
-
- for (i=0;i<DNLEN;i++) c[i]*=2;
-
- for (i=0;i<NLEN;i++)
- c[2*i+1]+=muladd(a[i],a[i],0,&c[2*i]);
-
- BIG_dnorm(c);
-#endif
-
-
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-
-}
-
-/* General shift left of a by n bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_shl(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
-
- a[NLEN-1]=((a[NLEN-1-m]<<n))|(a[NLEN-m-2]>>(BASEBITS-n));
-
- for (i=NLEN-2;i>m;i--)
- a[i]=((a[i-m]<<n)&MASK)|(a[i-m-1]>>(BASEBITS-n));
- a[m]=(a[0]<<n)&MASK;
- for (i=0;i<m;i++) a[i]=0;
-
-}
-
-/* Fast shift left of a by n bits, where n less than a word, Return excess (but store it as well) */
-/* a MUST be normalised */
-/* SU= 16 */
-chunk BIG_fshl(BIG a,int n)
-{
- int i;
-
- a[NLEN-1]=((a[NLEN-1]<<n))|(a[NLEN-2]>>(BASEBITS-n)); /* top word not masked */
- for (i=NLEN-2;i>0;i--)
- a[i]=((a[i]<<n)&MASK)|(a[i-1]>>(BASEBITS-n));
- a[0]=(a[0]<<n)&MASK;
-
- return (a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* return excess - only used in ff.c */
-}
-
-/* double length left shift of a by k bits - k can be > BASEBITS , a MUST be normalised */
-/* SU= 32 */
-void BIG_dshl(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
-
- a[DNLEN-1]=((a[DNLEN-1-m]<<n))|(a[DNLEN-m-2]>>(BASEBITS-n));
-
- for (i=DNLEN-2;i>m;i--)
- a[i]=((a[i-m]<<n)&MASK)|(a[i-m-1]>>(BASEBITS-n));
- a[m]=(a[0]<<n)&MASK;
- for (i=0;i<m;i++) a[i]=0;
-
-}
-
-/* General shift rightof a by k bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_shr(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
- for (i=0;i<NLEN-m-1;i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&MASK);
- a[NLEN-m-1]=a[NLEN-1]>>n;
- for (i=NLEN-m;i<NLEN;i++) a[i]=0;
-
-}
-
-/* Faster shift right of a by k bits. Return shifted out part */
-/* a MUST be normalised */
-/* SU= 16 */
-chunk BIG_fshr(BIG a,int k)
-{
- int i;
- chunk r=a[0]&(((chunk)1<<k)-1); /* shifted out part */
- for (i=0;i<NLEN-1;i++)
- a[i]=(a[i]>>k)|((a[i+1]<<(BASEBITS-k))&MASK);
- a[NLEN-1]=a[NLEN-1]>>k;
- return r;
-}
-
-/* double length right shift of a by k bits - can be > BASEBITS */
-/* SU= 32 */
-void BIG_dshr(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
- for (i=0;i<DNLEN-m-1;i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&MASK);
- a[DNLEN-m-1]=a[DNLEN-1]>>n;
- for (i=DNLEN-m;i<DNLEN;i++ ) a[i]=0;
-}
-
-/* Split DBIG d into two BIGs t|b. Split happens at n bits, where n falls into NLEN word */
-/* d MUST be normalised */
-/* SU= 24 */
-void BIG_split(BIG t,BIG b,DBIG d,int n)
-{
- int i;
- chunk nw,carry;
- int m=n%BASEBITS;
-// BIG_dnorm(d);
-
- for (i=0;i<NLEN-1;i++) b[i]=d[i];
-
- b[NLEN-1]=d[NLEN-1]&(((chunk)1<<m)-1);
-
- if (t!=b)
- {
- carry=(d[DNLEN-1]<<(BASEBITS-m));
- for (i=DNLEN-2;i>=NLEN-1;i--)
- {
- nw=(d[i]>>m)|carry;
- carry=(d[i]<<(BASEBITS-m))&MASK;
- t[i-NLEN+1]=nw;
- }
- }
-#ifdef DEBUG_NORM
- t[NLEN]=0;
- b[NLEN]=0;
-#endif
-
-}
-
-/* you gotta keep the sign of carry! Look - no branching! */
-/* Note that sign bit is needed to disambiguate between +ve and -ve values */
-/* normalise BIG - force all digits < 2^BASEBITS */
-chunk BIG_norm(BIG a)
-{
- int i;
- chunk d,carry=0;
- for (i=0;i<NLEN-1;i++)
- {
- d=a[i]+carry;
- a[i]=d&MASK;
- carry=d>>BASEBITS;
- }
- a[NLEN-1]=(a[NLEN-1]+carry);
-
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
- return (a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* only used in ff.c */
-}
-
-void BIG_dnorm(DBIG a)
-{
- int i;
- chunk d,carry=0;;
- for (i=0;i<DNLEN-1;i++)
- {
- d=a[i]+carry;
- a[i]=d&MASK;
- carry=d>>BASEBITS;
- }
- a[DNLEN-1]=(a[DNLEN-1]+carry);
-#ifdef DEBUG_NORM
- a[DNLEN]=0;
-#endif
-}
-
-/* Compare a and b. Return 1 for a>b, -1 for a<b, 0 for a==b */
-/* a and b MUST be normalised before call */
-int BIG_comp(BIG a,BIG b)
-{
- int i;
- for (i=NLEN-1;i>=0;i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-int BIG_dcomp(DBIG a,DBIG b)
-{
- int i;
- for (i=DNLEN-1;i>=0;i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-/* return number of bits in a */
-/* SU= 8 */
-int BIG_nbits(BIG a)
-{
- int bts,k=NLEN-1;
- chunk c;
- BIG_norm(a);
- while (k>=0 && a[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS*k;
- c=a[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
-}
-
-/* SU= 8 */
-int BIG_dnbits(BIG a)
-{
- int bts,k=DNLEN-1;
- chunk c;
- BIG_dnorm(a);
- while (a[k]==0 && k>=0) k--;
- if (k<0) return 0;
- bts=BASEBITS*k;
- c=a[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
-}
-
-
-/* Set b=b mod c */
-/* SU= 16 */
-void BIG_mod(BIG b,BIG c)
-{
- int k=0;
-
- BIG_norm(b);
- if (BIG_comp(b,c)<0)
- return;
- do
- {
- BIG_fshl(c,1);
- k++;
- } while (BIG_comp(b,c)>=0);
-
- while (k>0)
- {
- BIG_fshr(c,1);
- if (BIG_comp(b,c)>=0)
- {
- BIG_sub(b,b,c);
- BIG_norm(b);
- }
- k--;
- }
-}
-
-/* Set a=b mod c, b is destroyed. Slow but rarely used. */
-/* SU= 96 */
-void BIG_dmod(BIG a,DBIG b,BIG c)
-{
- int k=0;
- DBIG m;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- if (BIG_dcomp(b,m)<0)
- {
- BIG_sdcopy(a,b);
- return;
- }
-
- do
- {
- BIG_dshl(m,1);
- k++;
- } while (BIG_dcomp(b,m)>=0);
-
- while (k>0)
- {
- BIG_dshr(m,1);
- if (BIG_dcomp(b,m)>=0)
- {
- BIG_dsub(b,b,m);
- BIG_dnorm(b);
- }
- k--;
- }
- BIG_sdcopy(a,b);
-}
-
-/* Set a=b/c, b is destroyed. Slow but rarely used. */
-/* SU= 136 */
-void BIG_ddiv(BIG a,DBIG b,BIG c)
-{
- int k=0;
- DBIG m;
- BIG e;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- BIG_zero(a);
- BIG_zero(e); BIG_inc(e,1);
-
- while (BIG_dcomp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_dshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_dshr(m,1);
- BIG_fshr(e,1);
- if (BIG_dcomp(b,m)>=0)
- {
- BIG_add(a,a,e);
- BIG_norm(a);
- BIG_dsub(b,b,m);
- BIG_dnorm(b);
- }
- k--;
- }
-}
-
-/* SU= 136 */
-
-void BIG_sdiv(BIG a,BIG c)
-{
- int k=0;
- BIG m,e,b;
- BIG_norm(a);
- BIG_copy(b,a);
- BIG_copy(m,c);
-
- BIG_zero(a);
- BIG_zero(e); BIG_inc(e,1);
-
- while (BIG_comp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_fshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_fshr(m,1);
- BIG_fshr(e,1);
- if (BIG_comp(b,m)>=0)
- {
- BIG_add(a,a,e);
- BIG_norm(a);
- BIG_sub(b,b,m);
- BIG_norm(b);
- }
- k--;
- }
-}
-
-/* return LSB of a */
-int BIG_parity(BIG a)
-{
- return a[0]%2;
-}
-
-/* return n-th bit of a */
-/* SU= 16 */
-int BIG_bit(BIG a,int n)
-{
- if (a[n/BASEBITS]&((chunk)1<<(n%BASEBITS))) return 1;
- else return 0;
-}
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-/* SU= 32 */
-int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs)
-{
- int j,r,nb;
-
- nb=BIG_bit(x3,i)-BIG_bit(x,i);
- *nbs=1;
- *nzs=0;
- if (nb==0) return 0;
- if (i==0) return nb;
-
- if (nb>0) r=1;
- else r=(-1);
-
- for (j=i-1;j>0;j--)
- {
- (*nbs)++;
- r*=2;
- nb=BIG_bit(x3,j)-BIG_bit(x,j);
- if (nb>0) r+=1;
- if (nb<0) r-=1;
- if (abs(r)>5) break;
- }
-
- if (r%2!=0 && j!=0)
- { /* backtrack */
- if (nb>0) r=(r-1)/2;
- if (nb<0) r=(r+1)/2;
- (*nbs)--;
- }
-
- while (r%2==0)
- { /* remove trailing zeros */
- r/=2;
- (*nzs)++;
- (*nbs)--;
- }
- return r;
-}
-
-/* return last n bits of a, where n is small < BASEBITS */
-/* SU= 16 */
-int BIG_lastbits(BIG a,int n)
-{
- int msk=(1<<n)-1;
- BIG_norm(a);
- return ((int)a[0])&msk;
-}
-
-/* get 8*MODBYTES size random number */
-void BIG_random(BIG m,csprng *rng)
-{
- int i,b,j=0,r=0;
-
- BIG_zero(m);
-/* generate random BIG */
- for (i=0;i<8*MODBYTES;i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_shl(m,1); m[0]+=b;
- j++; j&=7;
- }
-
-#ifdef DEBUG_NORM
- m[NLEN]=0;
-#endif
-}
-
-/* get random BIG from rng, modulo q. Done one bit at a time, so its portable */
-
-void BIG_randomnum(BIG m,BIG q,csprng *rng)
-{
- int i,b,j=0,r=0;
- DBIG d;
- BIG_dzero(d);
-/* generate random DBIG */
- for (i=0;i<2*MODBITS;i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_dshl(d,1); d[0]+=b;
- j++; j&=7;
- }
-/* reduce modulo a BIG. Removes bias */
- BIG_dmod(m,d,q);
-#ifdef DEBUG_NORM
- m[NLEN]=0;
-#endif
-}
-
-/* Set r=a*b mod m */
-/* SU= 96 */
-void BIG_modmul(BIG r,BIG a,BIG b,BIG m)
-{
- DBIG d;
- BIG_mod(a,m);
- BIG_mod(b,m);
- BIG_mul(d,a,b);
- BIG_dmod(r,d,m);
-}
-
-/* Set a=a*a mod m */
-/* SU= 88 */
-void BIG_modsqr(BIG r,BIG a,BIG m)
-{
- DBIG d;
- BIG_mod(a,m);
- BIG_sqr(d,a);
- BIG_dmod(r,d,m);
-}
-
-/* Set r=-a mod m */
-/* SU= 16 */
-void BIG_modneg(BIG r,BIG a,BIG m)
-{
- BIG_mod(a,m);
- BIG_sub(r,m,a);
-}
-
-/* Set a=a/b mod m */
-/* SU= 136 */
-void BIG_moddiv(BIG r,BIG a,BIG b,BIG m)
-{
- DBIG d;
- BIG z;
- BIG_mod(a,m);
- BIG_invmodp(z,b,m);
- BIG_mul(d,a,z);
- BIG_dmod(r,d,m);
-}
-
-/* Get jacobi Symbol (a/p). Returns 0, 1 or -1 */
-/* SU= 216 */
-int BIG_jacobi(BIG a,BIG p)
-{
- int n8,k,m=0;
- BIG t,x,n,zilch,one;
- BIG_one(one);
- BIG_zero(zilch);
- if (BIG_parity(p)==0 || BIG_comp(a,zilch)==0 || BIG_comp(p,one)<=0) return 0;
- BIG_norm(a);
- BIG_copy(x,a);
- BIG_copy(n,p);
- BIG_mod(x,p);
-
- while (BIG_comp(n,one)>0)
- {
- if (BIG_comp(x,zilch)==0) return 0;
- n8=BIG_lastbits(n,3);
- k=0;
- while (BIG_parity(x)==0)
- {
- k++;
- BIG_shr(x,1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(BIG_lastbits(x,2)-1)/4;
- BIG_copy(t,n);
-
- BIG_mod(t,x);
- BIG_copy(n,x);
- BIG_copy(x,t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
-}
-
-/* Set r=1/a mod p. Binary method */
-/* SU= 240 */
-void BIG_invmodp(BIG r,BIG a,BIG p)
-{
- BIG u,v,x1,x2,t,one;
- BIG_mod(a,p);
- BIG_copy(u,a);
- BIG_copy(v,p);
- BIG_one(one);
- BIG_copy(x1,one);
- BIG_zero(x2);
-
- while (BIG_comp(u,one)!=0 && BIG_comp(v,one)!=0)
- {
- while (BIG_parity(u)==0)
- {
- BIG_shr(u,1);
- if (BIG_parity(x1)!=0)
- {
- BIG_add(x1,p,x1);
- BIG_norm(x1);
- }
- BIG_shr(x1,1);
- }
- while (BIG_parity(v)==0)
- {
- BIG_shr(v,1);
- if (BIG_parity(x2)!=0)
- {
- BIG_add(x2,p,x2);
- BIG_norm(x2);
- }
- BIG_shr(x2,1);
- }
- if (BIG_comp(u,v)>=0)
- {
- BIG_sub(u,u,v);
- BIG_norm(u);
- if (BIG_comp(x1,x2)>=0) BIG_sub(x1,x1,x2);
- else
- {
- BIG_sub(t,p,x2);
- BIG_add(x1,x1,t);
- }
- BIG_norm(x1);
- }
- else
- {
- BIG_sub(v,v,u);
- BIG_norm(v);
- if (BIG_comp(x2,x1)>=0) BIG_sub(x2,x2,x1);
- else
- {
- BIG_sub(t,p,x1);
- BIG_add(x2,x2,t);
- }
- BIG_norm(x2);
- }
- }
- if (BIG_comp(u,one)==0)
- BIG_copy(r,x1);
- else
- BIG_copy(r,x2);
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/build_ec
----------------------------------------------------------------------
diff --git a/c/build_ec b/c/build_ec
deleted file mode 100644
index 5b364d0..0000000
--- a/c/build_ec
+++ /dev/null
@@ -1,24 +0,0 @@
-cp amcl_.h amcl.h
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 ff.c
-
-rm amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-gcc -std=c99 -O3 testecm.c ecdh.c amcl.a -o testecm
-gcc -std=c99 -O3 testecdh.c ecdh.c amcl.a -o testecdh
-gcc -std=c99 -O3 testrsa.c rsa.c amcl.a -o testrsa
-
-rm amcl.h
-rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/build_ec.bat
----------------------------------------------------------------------
diff --git a/c/build_ec.bat b/c/build_ec.bat
deleted file mode 100644
index c302beb..0000000
--- a/c/build_ec.bat
+++ /dev/null
@@ -1,24 +0,0 @@
-copy amcl_.h amcl.h
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 ff.c
-
-del amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-gcc -std=c99 -O3 testecm.c ecdh.c amcl.a -o testecm.exe
-gcc -std=c99 -O3 testecdh.c ecdh.c amcl.a -o testecdh.exe
-gcc -std=c99 -O3 testrsa.c rsa.c amcl.a -o testrsa.exe
-
-del amcl.h
-del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/build_pair
----------------------------------------------------------------------
diff --git a/c/build_pair b/c/build_pair
deleted file mode 100644
index 7232c27..0000000
--- a/c/build_pair
+++ /dev/null
@@ -1,28 +0,0 @@
-cp amcl_.h amcl.h
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 fp2.c
-gcc -std=c99 -c -O3 ecp2.c
-gcc -std=c99 -c -O3 fp4.c
-gcc -std=c99 -c -O3 fp12.c
-gcc -std=c99 -c -O3 pair.c
-
-rm amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
-
-gcc -std=c99 -O3 testmpin.c mpin.c amcl.a -o testmpin
-
-rm amcl.h
-rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/build_pair.bat
----------------------------------------------------------------------
diff --git a/c/build_pair.bat b/c/build_pair.bat
deleted file mode 100644
index 05d1c24..0000000
--- a/c/build_pair.bat
+++ /dev/null
@@ -1,28 +0,0 @@
-copy amcl_.h amcl.h
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 fp2.c
-gcc -std=c99 -c -O3 ecp2.c
-gcc -std=c99 -c -O3 fp4.c
-gcc -std=c99 -c -O3 fp12.c
-gcc -std=c99 -c -O3 pair.c
-
-del amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
-
-gcc -std=c99 -O3 testmpin.c mpin.c amcl.a -o testmpin.exe
-
-del amcl.h
-del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/build_pair_ms.bat
----------------------------------------------------------------------
diff --git a/c/build_pair_ms.bat b/c/build_pair_ms.bat
deleted file mode 100644
index 96b6234..0000000
--- a/c/build_pair_ms.bat
+++ /dev/null
@@ -1,28 +0,0 @@
-copy amcl_.h amcl.h
-
-cl /c /O2 big.c
-cl /c /O2 fp.c
-cl /c /O2 ecp.c
-cl /c /O2 hash.c
-cl /c /O2 rand.c
-cl /c /O2 aes.c
-cl /c /O2 gcm.c
-cl /c /O2 oct.c
-cl /c /O2 rom.c
-cl /c /O2 fp.c
-cl /c /O2 fp2.c
-cl /c /O2 ecp2.c
-cl /c /O2 fp4.c
-cl /c /O2 fp12.c
-cl /c /O2 pair.c
-
-del amcl.lib
-lib /OUT:amcl.lib big.obj fp.obj ecp.obj hash.obj
-lib /OUT:amcl.lib amcl.lib rand.obj aes.obj gcm.obj oct.obj rom.obj
-
-lib /OUT:amcl.lib amcl.lib pair.obj fp2.obj ecp2.obj fp4.obj fp12.obj
-
-cl /O2 testmpin.c mpin.c amcl.lib
-
-del amcl.h
-del *.obj
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/ecdh.c
----------------------------------------------------------------------
diff --git a/c/ecdh.c b/c/ecdh.c
deleted file mode 100755
index 56152da..0000000
--- a/c/ecdh.c
+++ /dev/null
@@ -1,576 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* ECDH/ECIES/ECDSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "ecdh.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-static void hashit(octet *p,int n,octet *x,octet *y,octet *w)
-{
- int i,c[4];
- hash sha;
- char hh[32];
-
- HASH_init(&sha);
- if (p!=NULL)
- for (i=0;i<p->len;i++) HASH_process(&sha,p->val[i]);
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0;i<4;i++) HASH_process(&sha,c[i]);
- }
- if (x!=NULL)
- for (i=0;i<x->len;i++) HASH_process(&sha,x->val[i]);
- if (y!=NULL)
- for (i=0;i<y->len;i++) HASH_process(&sha,y->val[i]);
-
-
- HASH_hash(&sha,hh);
-
- OCT_empty(w);
- OCT_jbytes(w,hh,32);
- for (i=0;i<32;i++) hh[i]=0;
-}
-
-/* Hash octet p to octet w */
-void ECP_HASH(octet *p,octet *w)
-{
- hashit(p,-1,NULL,NULL,w);
-}
-
-/* Initialise a Cryptographically Strong Random Number Generator from
- an octet of raw random data */
-void ECP_CREATE_CSPRNG(csprng *RNG,octet *RAW)
-{
- RAND_seed(RNG,RAW->len,RAW->val);
-}
-
-void ECP_KILL_CSPRNG(csprng *RNG)
-{
- RAND_clean(RNG);
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
-int ECP_HMAC(octet *m,octet *k,int olen,octet *tag)
-{
-/* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int hlen,b;
- char h[32],k0[64];
- octet H={0,sizeof(h),h};
- octet K0={0,sizeof(k0),k0};
-
- hlen=32; b=64;
- if (olen<4 || olen>hlen) return 0;
-
- if (k->len > b) hashit(k,-1,NULL,NULL,&K0);
- else OCT_copy(&K0,k);
-
- OCT_jbyte(&K0,0,b-K0.len);
-
- OCT_xorbyte(&K0,0x36);
-
- hashit(&K0,-1,m,NULL,&H);
-
- OCT_xorbyte(&K0,0x6a); /* 0x6a = 0x36 ^ 0x5c */
- hashit(&K0,-1,&H,NULL,&H);
-
- OCT_empty(tag);
- OCT_jbytes(tag,H.val,olen);
-
- return 1;
-}
-
-/* Key Derivation Functions */
-/* Input octet z */
-/* Output key of length olen */
-/*
-void KDF1(octet *z,int olen,octet *key)
-{
- char h[32];
- octet H={0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=32;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=0;counter<cthreshold;counter++)
- {
- hashit(z,counter,NULL,NULL,&H);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-}
-*/
-void ECP_KDF2(octet *z,octet *p,int olen,octet *key)
-{
-/* NOTE: the parameter olen is the length of the output k in bytes */
- char h[32];
- octet H={0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=32;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=1;counter<=cthreshold;counter++)
- {
- hashit(z,counter,p,NULL,&H);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-void ECP_PBKDF2(octet *p,octet *s,int rep,int olen,octet *key)
-{
- int i,j,len,d=ROUNDUP(olen,32);
- char f[EFS],u[EFS];
- octet F={0,sizeof(f),f};
- octet U={0,sizeof(u),u};
- OCT_empty(key);
-
- for (i=1;i<=d;i++)
- {
- len=s->len;
- OCT_jint(s,i,4);
- ECP_HMAC(s,p,EFS,&F);
- s->len=len;
- OCT_copy(&U,&F);
- for (j=2;j<=rep;j++)
- {
- ECP_HMAC(&U,p,EFS,&U);
- OCT_xor(&F,&U);
- }
-
- OCT_joctet(key,&F);
- }
- OCT_chop(key,NULL,olen);
-}
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
-void ECP_AES_CBC_IV0_ENCRYPT(octet *k,octet *m,octet *c)
-{ /* AES CBC encryption, with Null IV and key k */
- /* Input is from an octet string m, output is to an octet string c */
- /* Input is padded as necessary to make up a full final block */
- aes a;
- int fin;
- int i,j,ipt,opt;
- char buff[16];
- int padlen;
-
- OCT_clear(c);
- if (m->len==0) return;
- AES_init(&a,CBC,k->val,NULL);
-
- ipt=opt=0;
- fin=0;
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- if (ipt<m->len) buff[i]=m->val[ipt++];
- else {fin=1; break;}
- }
- if (fin) break;
- AES_encrypt(&a,buff);
- for (i=0;i<16;i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- }
-
-/* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i;j<16;j++) buff[j]=padlen;
- AES_encrypt(&a,buff);
- for (i=0;i<16;i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- AES_end(&a);
- c->len=opt;
-}
-
-/* decrypts and returns TRUE if all consistent, else returns FALSE */
-int ECP_AES_CBC_IV0_DECRYPT(octet *k,octet *c,octet *m)
-{ /* padding is removed */
- aes a;
- int i,ipt,opt,ch;
- char buff[16];
- int fin,bad;
- int padlen;
- ipt=opt=0;
-
- OCT_clear(m);
- if (c->len==0) return 1;
- ch=c->val[ipt++];
-
- AES_init(&a,CBC,k->val,NULL);
- fin=0;
-
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- buff[i]=ch;
- if (ipt>=c->len) {fin=1; break;}
- else ch=c->val[ipt++];
- }
- AES_decrypt(&a,buff);
- if (fin) break;
- for (i=0;i<16;i++)
- if (opt<m->max) m->val[opt++]=buff[i];
- }
- AES_end(&a);
- bad=0;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=1;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=1;
-
- if (!bad) for (i=0;i<16-padlen;i++)
- if (opt<m->max) m->val[opt++]=buff[i];
-
- m->len=opt;
- if (bad) return 0;
- return 1;
-}
-
-/* Calculate a public/private EC GF(p) key pair. W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
-int ECP_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W)
-{
- BIG r,gx,gy,s;
- ECP G;
- int res=0;
- BIG_rcopy(gx,CURVE_Gx);
-
-#if CURVETYPE!=MONTGOMERY
- BIG_rcopy(gy,CURVE_Gy);
- ECP_set(&G,gx,gy);
-#else
- ECP_set(&G,gx);
-#endif
-
- BIG_rcopy(r,CURVE_Order);
- if (RNG!=NULL)
- BIG_randomnum(s,r,RNG);
- else
- {
- BIG_fromBytes(s,S->val);
- BIG_mod(s,r);
- }
-
- ECP_mul(&G,s);
-#if CURVETYPE!=MONTGOMERY
- ECP_get(gx,gy,&G);
-#else
- ECP_get(gx,&G);
-#endif
- if (RNG!=NULL)
- {
- S->len=EGS;
- BIG_toBytes(S->val,s);
- }
-#if CURVETYPE!=MONTGOMERY
- W->len=2*EFS+1; W->val[0]=4;
- BIG_toBytes(&(W->val[1]),gx);
- BIG_toBytes(&(W->val[EFS+1]),gy);
-#else
- W->len=EFS+1; W->val[0]=2;
- BIG_toBytes(&(W->val[1]),gx);
-#endif
-
- return res;
-}
-
-/* validate public key. Set full=true for fuller check */
-int ECP_PUBLIC_KEY_VALIDATE(int full,octet *W)
-{
- BIG q,r,wx,wy;
- ECP WP;
- int valid;
- int res=0;
-
- BIG_rcopy(q,Modulus);
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(wx,&(W->val[1]));
- if (BIG_comp(wx,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#if CURVETYPE!=MONTGOMERY
- BIG_fromBytes(wy,&(W->val[EFS+1]));
- if (BIG_comp(wy,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#endif
- if (res==0)
- {
-#if CURVETYPE!=MONTGOMERY
- valid=ECP_set(&WP,wx,wy);
-#else
- valid=ECP_set(&WP,wx);
-#endif
- if (!valid || ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
- if (res==0 && full)
- {
- ECP_mul(&WP,r);
- if (!ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
- }
- }
-
- return res;
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-int ECP_SVDP_DH(octet *S,octet *WD,octet *Z)
-{
- BIG r,s,wx,wy;
- int valid;
- ECP W;
- int res=0;
-
- BIG_fromBytes(s,S->val);
-
- BIG_fromBytes(wx,&(WD->val[1]));
-#if CURVETYPE!=MONTGOMERY
- BIG_fromBytes(wy,&(WD->val[EFS+1]));
- valid=ECP_set(&W,wx,wy);
-#else
- valid=ECP_set(&W,wx);
-#endif
- if (!valid) res=ECDH_ERROR;
- if (res==0)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_mod(s,r);
-
- ECP_mul(&W,s);
- if (ECP_isinf(&W)) res=ECDH_ERROR;
- else
- {
-#if CURVETYPE!=MONTGOMERY
- ECP_get(wx,wx,&W);
-#else
- ECP_get(wx,&W);
-#endif
- Z->len=32;
- BIG_toBytes(Z->val,wx);
- }
- }
- return res;
-}
-
-#if CURVETYPE!=MONTGOMERY
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-int ECP_SP_DSA(csprng *RNG,octet *S,octet *F,octet *C,octet *D)
-{
- char h[32];
- octet H={0,sizeof(h),h};
-
- BIG gx,gy,r,s,f,c,d,u,vx;
- ECP G,V;
-
- hashit(F,-1,NULL,NULL,&H);
-
- BIG_rcopy(gx,CURVE_Gx);
- BIG_rcopy(gy,CURVE_Gy);
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(s,S->val);
- BIG_fromBytes(f,H.val);
-
- ECP_set(&G,gx,gy);
-
- do {
- BIG_randomnum(u,r,RNG);
- ECP_copy(&V,&G);
- ECP_mul(&V,u);
-
- ECP_get(vx,vx,&V);
-
- BIG_copy(c,vx);
- BIG_mod(c,r);
- if (BIG_iszilch(c)) continue;
-
- BIG_invmodp(u,u,r);
- BIG_modmul(d,s,c,r);
-
- BIG_add(d,f,d);
-
- BIG_modmul(d,u,d,r);
-
- } while (BIG_iszilch(d));
-
- C->len=D->len=EGS;
-
- BIG_toBytes(C->val,c);
- BIG_toBytes(D->val,d);
-
- return 0;
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-int ECP_VP_DSA(octet *W,octet *F, octet *C,octet *D)
-{
- char h[32];
- octet H={0,sizeof(h),h};
-
- BIG r,gx,gy,wx,wy,f,c,d,h2;
- int res=0;
- ECP G,WP;
- int valid;
-
- hashit(F,-1,NULL,NULL,&H);
-
- BIG_rcopy(gx,CURVE_Gx);
- BIG_rcopy(gy,CURVE_Gy);
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(c,C->val);
- BIG_fromBytes(d,D->val);
- BIG_fromBytes(f,H.val);
-
- if (BIG_iszilch(c) || BIG_comp(c,r)>=0 || BIG_iszilch(d) || BIG_comp(d,r)>=0)
- res=ECDH_INVALID;
-
- if (res==0)
- {
- BIG_invmodp(d,d,r);
- BIG_modmul(f,f,d,r);
- BIG_modmul(h2,c,d,r);
-
- ECP_set(&G,gx,gy);
-
- BIG_fromBytes(wx,&(W->val[1]));
- BIG_fromBytes(wy,&(W->val[EFS+1]));
-
- valid=ECP_set(&WP,wx,wy);
-
- if (!valid) res=ECDH_ERROR;
- else
- {
- ECP_mul2(&WP,&G,h2,f);
-
- if (ECP_isinf(&WP)) res=ECDH_INVALID;
- else
- {
- ECP_get(d,d,&WP);
- BIG_mod(d,r);
- if (BIG_comp(d,c)!=0) res=ECDH_INVALID;
- }
- }
- }
-
- return res;
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-void ECP_ECIES_ENCRYPT(octet *P1,octet *P2,csprng *RNG,octet *W,octet *M,int tlen,octet *V,octet *C,octet *T)
-{
-
- int i,len;
- char z[EFS],vz[3*EFS+2],k[32],k1[16],k2[16],l2[8],u[EFS];
- octet Z={0,sizeof(z),z};
- octet VZ={0,sizeof(vz),vz};
- octet K={0,sizeof(k),k};
- octet K1={0,sizeof(k1),k1};
- octet K2={0,sizeof(k2),k2};
- octet L2={0,sizeof(l2),l2};
- octet U={0,sizeof(u),u};
-
- if (ECP_KEY_PAIR_GENERATE(RNG,&U,V)!=0) return;
- if (ECP_SVDP_DH(&U,W,&Z)!=0) return;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- ECP_KDF2(&VZ,P1,EFS,&K);
-
- K1.len=K2.len=16;
- for (i=0;i<16;i++) {K1.val[i]=K.val[i]; K2.val[i]=K.val[16+i];}
-
- ECP_AES_CBC_IV0_ENCRYPT(&K1,M,C);
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- ECP_HMAC(C,&K2,tlen,T);
- C->len=len;
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-int ECP_ECIES_DECRYPT(octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M)
-{
-
- int i,len;
- char z[EFS],vz[3*EFS+2],k[32],k1[16],k2[16],l2[8],tag[32];
- octet Z={0,sizeof(z),z};
- octet VZ={0,sizeof(vz),vz};
- octet K={0,sizeof(k),k};
- octet K1={0,sizeof(k1),k1};
- octet K2={0,sizeof(k2),k2};
- octet L2={0,sizeof(l2),l2};
- octet TAG={0,sizeof(tag),tag};
-
- if (ECP_SVDP_DH(U,V,&Z)!=0) return 0;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- ECP_KDF2(&VZ,P1,EFS,&K);
-
- K1.len=K2.len=16;
- for (i=0;i<16;i++) {K1.val[i]=K.val[i]; K2.val[i]=K.val[16+i];}
-
- if (!ECP_AES_CBC_IV0_DECRYPT(&K1,C,M)) return 0;
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- ECP_HMAC(C,&K2,T->len,&TAG);
- C->len=len;
-
- if (!OCT_comp(T,&TAG)) return 0;
-
- return 1;
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/ecdh.h
----------------------------------------------------------------------
diff --git a/c/ecdh.h b/c/ecdh.h
deleted file mode 100755
index 0dae41a..0000000
--- a/c/ecdh.h
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file ecdh.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief ECDH Header file for implementation of standard EC protocols
- *
- * declares functions
- *
- */
-
-#ifndef ECDH_H
-#define ECDH_H
-
-#include "amcl.h"
-
-#define EAS 16 /**< Symmetric Key size - 128 bits */
-#define EGS 32 /**< ECC Group Size */
-#define EFS 32 /**< ECC Field Size */
-
-#define ECDH_OK 0 /**< Function completed without error */
-/*#define ECDH_DOMAIN_ERROR -1*/
-#define ECDH_INVALID_PUBLIC_KEY -2 /**< Public Key is Invalid */
-#define ECDH_ERROR -3 /**< ECDH Internal Error */
-#define ECDH_INVALID -4 /**< ECDH Internal Error */
-/*#define ECDH_DOMAIN_NOT_FOUND -5
-#define ECDH_OUT_OF_MEMORY -6
-#define ECDH_DIV_BY_ZERO -7
-#define ECDH_BAD_ASSUMPTION -8*/
-
-/* ECDH Auxiliary Functions */
-
-/** @brief Initialise a random number generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is an input truly random seed value
- */
-extern void ECP_CREATE_CSPRNG(csprng *R,octet *S);
-/** @brief Kill a random number generator
- *
- Deletes all internal state
- @param R is a pointer to a cryptographically secure random number generator
- */
-extern void ECP_KILL_CSPRNG(csprng *R);
-/** @brief hash an octet into another octet
- *
- @param I input octet
- @param O output octet - H(I)
- */
-extern void ECP_HASH(octet *I,octet *O);
-/** @brief HMAC of message M using key K to create tag of length len in octet tag
- *
- IEEE-1363 MAC1 function. Uses SHA256 internally.
- @param M input message octet
- @param K input encryption key
- @param len is output desired length of HMAC tag
- @param tag is the output HMAC
- @return 0 for bad parameters, else 1
- */
-extern int ECP_HMAC(octet *M,octet *K,int len,octet *tag);
-
-/*extern void KDF1(octet *,int,octet *);*/
-
-/** @brief Key Derivation Function - generates key K from inputs Z and P
- *
- IEEE-1363 KDF2 Key Derivation Function. Uses SHA256 internally.
- @param Z input octet
- @param P input key derivation parameters - can be NULL
- @param len is output desired length of key
- @param K is the derived key
- */
-extern void ECP_KDF2(octet *Z,octet *P,int len,octet *K);
-/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
- *
- PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
- @param P input password
- @param S input salt
- @param rep Number of times to be iterated.
- @param len is output desired length of key
- @param K is the derived key
- */
-extern void ECP_PBKDF2(octet *P,octet *S,int rep,int len,octet *K);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_ENCRYPT function. Encrypts in CBC mode with a zero IV, padding as necessary to create a full final block.
- @param K AES key
- @param P input plaintext octet
- @param C output ciphertext octet
- */
-extern void ECP_AES_CBC_IV0_ENCRYPT(octet *K,octet *P,octet *C);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_DECRYPT function. Decrypts in CBC mode with a zero IV.
- @param K AES key
- @param C input ciphertext octet
- @param P output plaintext octet
- @return 0 if bad input, else 1
- */
-extern int ECP_AES_CBC_IV0_DECRYPT(octet *K,octet *C,octet *P);
-
-/* ECDH primitives - support functions */
-/** @brief Generate an ECC public/private key pair
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param W the output public key, which is s.G, where G is a fixed generator
- @return 0 or an error code
- */
-extern int ECP_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
-/** @brief Validate an ECC public key
- *
- @param f if = 0 just does some simple checks, else tests that W is of the correct order
- @param W the input public key to be validated
- @return 0 if public key is OK, or an error code
- */
-extern int ECP_PUBLIC_KEY_VALIDATE(int f,octet *W);
-
-/* ECDH primitives */
-
-/** @brief Generate Diffie-Hellman shared key
- *
- IEEE-1363 Diffie-Hellman shared secret calculation
- @param s is the input private key,
- @param W the input public key of the other party
- @param K the output shared key, in fact the x-coordinate of s.W
- @return 0 or an error code
- */
-extern int ECP_SVDP_DH(octet *s,octet *W,octet *K);
-/*extern int ECPSVDP_DHC(octet *,octet *,int,octet *);*/
-
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/** @brief ECIES Encryption
- *
- IEEE-1363 ECIES Encryption
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param R is a pointer to a cryptographically secure random number generator
- @param W the input public key of the recieving party
- @param M is the plaintext message to be encrypted
- @param len the length of the HMAC tag
- @param V component of the output ciphertext
- @param C the output ciphertext
- @param T the output HMAC tag, part of the ciphertext
- */
-extern void ECP_ECIES_ENCRYPT(octet *P1,octet *P2,csprng *R,octet *W,octet *M,int len,octet *V,octet *C,octet *T);
-/** @brief ECIES Decryption
- *
- IEEE-1363 ECIES Decryption
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param V component of the input ciphertext
- @param C the input ciphertext
- @param T the input HMAC tag, part of the ciphertext
- @param U the input private key for decryption
- @param M the output plaintext message
- @return 1 if successful, else 0
- */
-extern int ECP_ECIES_DECRYPT(octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M);
-
-/* ECDSA functions */
-/** @brief ECDSA Signature
- *
- IEEE-1363 ECDSA Signature
- @param R is a pointer to a cryptographically secure random number generator
- @param s the input private signing key
- @param M the input message to be signed
- @param c component of the output signature
- @param d component of the output signature
-
- */
-extern int ECP_SP_DSA(csprng *R,octet *s,octet *M,octet *c,octet *d);
-/** @brief ECDSA Signature Verification
- *
- IEEE-1363 ECDSA Signature Verification
- @param W the input public key
- @param M the input message
- @param c component of the input signature
- @param d component of the input signature
- @return 0 or an error code
- */
-extern int ECP_VP_DSA(octet *W,octet *M,octet *c,octet *d);
-/*#endif*/
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/ecp.c
----------------------------------------------------------------------
diff --git a/c/ecp.c b/c/ecp.c
deleted file mode 100755
index b7fdd10..0000000
--- a/c/ecp.c
+++ /dev/null
@@ -1,1091 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Elliptic Curve Functions */
-/* SU=m, SU is Stack Usage (Weierstrass Curves) */
-
-//#define HAS_MAIN
-
-#include "amcl.h"
-
-/* test for P=O point-at-infinity */
-int ECP_isinf(ECP *P)
-{
-#if CURVETYPE==EDWARDS
- FP_reduce(P->x);
- FP_reduce(P->y);
- FP_reduce(P->z);
- return (BIG_iszilch(P->x) && BIG_comp(P->y,P->z)==0);
-#else
- return P->inf;
-#endif
-}
-
-/* Conditional swap of P and Q dependant on d */
-static void ECP_cswap(ECP *P,ECP *Q,int d)
-{
- BIG_cswap(P->x,Q->x,d);
-#if CURVETYPE!=MONTGOMERY
- BIG_cswap(P->y,Q->y,d);
-#endif
- BIG_cswap(P->z,Q->z,d);
-#if CURVETYPE!=EDWARDS
- d=~(d-1);
- d=d&(P->inf^Q->inf);
- P->inf^=d;
- Q->inf^=d;
-#endif
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP_cmove(ECP *P,ECP *Q,int d)
-{
- BIG_cmove(P->x,Q->x,d);
-#if CURVETYPE!=MONTGOMERY
- BIG_cmove(P->y,Q->y,d);
-#endif
- BIG_cmove(P->z,Q->z,d);
-#if CURVETYPE!=EDWARDS
- d=~(d-1);
- P->inf^=(P->inf^Q->inf)&d;
-#endif
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP_select(ECP *P,ECP W[],sign32 b)
-{
- ECP MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP_cmove(P,&W[1],teq(babs,1));
- ECP_cmove(P,&W[2],teq(babs,2));
- ECP_cmove(P,&W[3],teq(babs,3));
- ECP_cmove(P,&W[4],teq(babs,4));
- ECP_cmove(P,&W[5],teq(babs,5));
- ECP_cmove(P,&W[6],teq(babs,6));
- ECP_cmove(P,&W[7],teq(babs,7));
-
- ECP_copy(&MP,P);
- ECP_neg(&MP); // minus P
- ECP_cmove(P,&MP,(int)(m&1));
-}
-
-/* Test P == Q */
-/* SU=168 */
-int ECP_equals(ECP *P,ECP *Q)
-{
-#if CURVETYPE==WEIERSTRASS
- BIG pz2,qz2,a,b;
- if (ECP_isinf(P) && ECP_isinf(Q)) return 1;
- if (ECP_isinf(P) || ECP_isinf(Q)) return 0;
-
- FP_sqr(pz2,P->z); FP_sqr(qz2,Q->z);
-
- FP_mul(a,P->x,qz2);
- FP_mul(b,Q->x,pz2);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
-
- FP_mul(a,P->y,qz2);
- FP_mul(a,a,Q->z);
- FP_mul(b,Q->y,pz2);
- FP_mul(b,b,P->z);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
- return 1;
-#else
- BIG a,b;
- if (ECP_isinf(P) && ECP_isinf(Q)) return 1;
- if (ECP_isinf(P) || ECP_isinf(Q)) return 0;
-
- FP_mul(a,P->x,Q->z);
- FP_mul(b,Q->x,P->z);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
-
-#if CURVETYPE==EDWARDS
- FP_mul(a,P->y,Q->z);
- FP_mul(b,Q->y,P->z);
- FP_reduce(a);
- FP_reduce(b);
- if (BIG_comp(a,b)!=0) return 0;
-#endif
-
- return 1;
-#endif
-}
-
-/* Set P=Q */
-/* SU=16 */
-void ECP_copy(ECP *P,ECP *Q)
-{
-#if CURVETYPE!=EDWARDS
- P->inf=Q->inf;
-#endif
- BIG_copy(P->x,Q->x);
-#if CURVETYPE!=MONTGOMERY
- BIG_copy(P->y,Q->y);
-#endif
- BIG_copy(P->z,Q->z);
-}
-
-/* Set P=-Q */
-#if CURVETYPE!=MONTGOMERY
-/* SU=8 */
-void ECP_neg(ECP *P)
-{
- if (ECP_isinf(P)) return;
-#if CURVETYPE==WEIERSTRASS
- FP_neg(P->y,P->y);
- BIG_norm(P->y);
-#else
- FP_neg(P->x,P->x);
- BIG_norm(P->x);
-#endif
-
-}
-#endif
-
-/* Set P=O */
-void ECP_inf(ECP *P)
-{
-#if CURVETYPE==EDWARDS
- BIG_zero(P->x); FP_one(P->y); FP_one(P->z);
-#else
- P->inf=1;
-#endif
-}
-
-/* Calculate right Hand Side of curve equation y^2=RHS */
-/* SU=56 */
-void ECP_rhs(BIG v,BIG x)
-{
-#if CURVETYPE==WEIERSTRASS
-/* x^3+Ax+B */
- BIG t;
- FP_sqr(t,x);
- FP_mul(t,t,x);
-
- if (CURVE_A==-3)
- {
- FP_neg(v,x);
- BIG_norm(v);
- BIG_imul(v,v,-CURVE_A);
- BIG_norm(v);
- FP_add(v,t,v);
- }
- else BIG_copy(v,t);
-
- BIG_rcopy(t,CURVE_B);
- FP_nres(t);
- FP_add(v,t,v);
- FP_reduce(v);
-#endif
-
-#if CURVETYPE==EDWARDS
-/* (Ax^2-1)/(Bx^2-1) */
- BIG t,m,one;
- BIG_rcopy(m,Modulus);
- FP_sqr(v,x);
- FP_one(one);
- BIG_rcopy(t,CURVE_B); FP_nres(t);
- FP_mul(t,v,t); FP_sub(t,t,one);
- if (CURVE_A==1) FP_sub(v,v,one);
-
- if (CURVE_A==-1)
- {
- FP_add(v,v,one);
- FP_neg(v,v);
- }
- FP_redc(v); FP_redc(t);
- BIG_moddiv(v,v,t,m);
- FP_nres(v);
-#endif
-
-#if CURVETYPE==MONTGOMERY
-/* x^3+Ax^2+x */
- BIG x2,x3;
- FP_sqr(x2,x);
- FP_mul(x3,x2,x);
- BIG_copy(v,x);
- FP_imul(x2,x2,CURVE_A);
- FP_add(v,v,x2);
- FP_add(v,v,x3);
- FP_reduce(v);
-#endif
-}
-
-/* Set P=(x,y) */
-
-#if CURVETYPE==MONTGOMERY
-
-/* Set P=(x,{y}) */
-
-int ECP_set(ECP *P,BIG x)
-{
- BIG m,rhs;
- BIG_rcopy(m,Modulus);
- BIG_copy(rhs,x);
- FP_nres(rhs);
- ECP_rhs(rhs,rhs);
- FP_redc(rhs);
-
- if (BIG_jacobi(rhs,m)!=1)
- {
- ECP_inf(P);
- return 0;
- }
- P->inf=0;
- BIG_copy(P->x,x); FP_nres(P->x);
- FP_one(P->z);
- return 1;
-}
-
-/* Extract x coordinate as BIG */
-int ECP_get(BIG x,ECP *P)
-{
- if (ECP_isinf(P)) return -1;
- ECP_affine(P);
- BIG_copy(x,P->x);
- FP_redc(x);
- return 0;
-}
-
-
-#else
-/* Extract (x,y) and return sign of y. If x and y are the same return only x */
-/* SU=16 */
-int ECP_get(BIG x,BIG y,ECP *P)
-{
- int s;
-#if CURVETYPE!=EDWARDS
- if (ECP_isinf(P)) return -1;
-#endif
- ECP_affine(P);
-
- BIG_copy(y,P->y);
- FP_redc(y);
-
- s=BIG_parity(y);
-
- BIG_copy(x,P->x);
- FP_redc(x);
-
- return s;
-}
-
-/* Set P=(x,{y}) */
-/* SU=96 */
-int ECP_set(ECP *P,BIG x,BIG y)
-{
- BIG rhs,y2;
- BIG_copy(y2,y);
-
- FP_nres(y2);
-
- FP_sqr(y2,y2);
- FP_reduce(y2);
-
- BIG_copy(rhs,x);
- FP_nres(rhs);
-
- ECP_rhs(rhs,rhs);
-
- if (BIG_comp(y2,rhs)!=0)
- {
- ECP_inf(P);
- return 0;
- }
-#if CURVETYPE==WEIERSTRASS
- P->inf=0;
-#endif
- BIG_copy(P->x,x); FP_nres(P->x);
- BIG_copy(P->y,y); FP_nres(P->y);
- FP_one(P->z);
- return 1;
-}
-
-/* Set P=(x,y), where y is calculated from x with sign s */
-/* SU=136 */
-int ECP_setx(ECP *P,BIG x,int s)
-{
- BIG t,rhs,m;
- BIG_rcopy(m,Modulus);
-
- BIG_copy(rhs,x);
- FP_nres(rhs);
- ECP_rhs(rhs,rhs);
- BIG_copy(t,rhs);
- FP_redc(t);
- if (BIG_jacobi(t,m)!=1)
- {
- ECP_inf(P);
- return 0;
- }
-#if CURVETYPE==WEIERSTRASS
- P->inf=0;
-#endif
- BIG_copy(P->x,x); FP_nres(P->x);
-
- FP_sqrt(P->y,rhs);
- BIG_copy(rhs,P->y);
- FP_redc(rhs);
- if (BIG_parity(rhs)!=s)
- FP_neg(P->y,P->y);
- FP_reduce(P->y);
- FP_one(P->z);
- return 1;
-}
-
-#endif
-
-/* Convert P to Affine, from (x,y,z) to (x,y) */
-/* SU=160 */
-void ECP_affine(ECP *P)
-{
- BIG one,iz,m;
-#if CURVETYPE==WEIERSTRASS
- BIG izn;
- if (ECP_isinf(P)) return;
- FP_one(one);
- if (BIG_comp(P->z,one)==0) return;
- BIG_rcopy(m,Modulus);
- FP_redc(P->z);
-
- BIG_invmodp(iz,P->z,m);
- FP_nres(iz);
-
- FP_sqr(izn,iz);
- FP_mul(P->x,P->x,izn);
- FP_mul(izn,izn,iz);
- FP_mul(P->y,P->y,izn);
- FP_reduce(P->y);
-
-#endif
-#if CURVETYPE==EDWARDS
- FP_one(one);
- if (BIG_comp(P->z,one)==0) return;
- BIG_rcopy(m,Modulus);
- FP_redc(P->z);
-
- BIG_invmodp(iz,P->z,m);
- FP_nres(iz);
-
- FP_mul(P->x,P->x,iz);
- FP_mul(P->y,P->y,iz);
- FP_reduce(P->y);
-
-#endif
-#if CURVETYPE==MONTGOMERY
- if (ECP_isinf(P)) return;
- FP_one(one);
- if (BIG_comp(P->z,one)==0) return;
-
- BIG_rcopy(m,Modulus);
- FP_redc(P->z);
- BIG_invmodp(iz,P->z,m);
- FP_nres(iz);
-
- FP_mul(P->x,P->x,iz);
-
-#endif
- FP_reduce(P->x);
- BIG_copy(P->z,one);
-}
-
-/* SU=120 */
-void ECP_outputxyz(ECP *P)
-{
- BIG x,y,z;
- if (ECP_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- BIG_copy(x,P->x); FP_reduce(x); FP_redc(x);
- BIG_copy(z,P->z); FP_reduce(z); FP_redc(z);
-
-#if CURVETYPE!=MONTGOMERY
- BIG_copy(y,P->y); FP_reduce(y); FP_redc(y);
- printf("(");BIG_output(x);printf(",");BIG_output(y);printf(",");BIG_output(z);printf(")\n");
-
-#else
- printf("(");BIG_output(x);printf(",");BIG_output(z);printf(")\n");
-#endif
-}
-
-/* SU=16 */
-/* Output point P */
-void ECP_output(ECP *P)
-{
- if (ECP_isinf(P))
- {
- printf("Infinity\n");
- return;
- }
- ECP_affine(P);
-#if CURVETYPE!=MONTGOMERY
- FP_redc(P->x); FP_redc(P->y);
- printf("(");BIG_output(P->x);printf(",");BIG_output(P->y);printf(")\n");
- FP_nres(P->x); FP_nres(P->y);
-#else
- FP_redc(P->x);
- printf("(");BIG_output(P->x);printf(")\n");
- FP_nres(P->x);
-#endif
-}
-
-
-/* SU=88 */
-/* Convert P to octet string */
-void ECP_toOctet(octet *W,ECP *P)
-{
-#if CURVETYPE==MONTGOMERY
- BIG x;
- ECP_get(x,P);
- W->len=MODBYTES+1; W->val[0]=6;
- BIG_toBytes(&(W->val[1]),x);
-#else
- BIG x,y;
- ECP_get(x,y,P);
- W->len=2*MODBYTES+1; W->val[0]=4;
- BIG_toBytes(&(W->val[1]),x);
- BIG_toBytes(&(W->val[MODBYTES+1]),y);
-#endif
-}
-
-/* SU=88 */
-/* Restore P from octet string */
-int ECP_fromOctet(ECP *P,octet *W)
-{
-#if CURVETYPE==MONTGOMERY
- BIG x;
- BIG_fromBytes(x,&(W->val[1]));
- if (ECP_set(P,x)) return 1;
- return 0;
-#else
- BIG x,y;
- BIG_fromBytes(x,&(W->val[1]));
- BIG_fromBytes(y,&(W->val[MODBYTES+1]));
- if (ECP_set(P,x,y)) return 1;
- return 0;
-#endif
-}
-
-
-/* Set P=2P */
-/* SU=272 */
-void ECP_dbl(ECP *P)
-{
-#if CURVETYPE==WEIERSTRASS
- int i;
- BIG one,s1,s2;
- BIG w1,w7,w8,w2,w3,w6;
- if (ECP_isinf(P)) return;
-
- if (BIG_iszilch(P->y))
- {
- P->inf=1;
- return;
- }
- FP_one(one);
- BIG_zero(w6);
-
- if (CURVE_A==-3)
- {
- if (BIG_comp(P->z,one)==0) BIG_copy(w6,one);
- else FP_sqr(w6,P->z);
- FP_neg(w1,w6);
- FP_add(w3,P->x,w1);
- FP_add(w8,P->x,w6);
- FP_mul(w3,w3,w8);
- BIG_imul(w8,w3,3);
- }
- else
- {
-/* assuming A=0 */
- FP_sqr(w1,P->x);
- BIG_imul(w8,w1,3);
- }
-
- FP_sqr(w2,P->y);
- FP_mul(w3,P->x,w2);
-
- BIG_imul(w3,w3,4);
- FP_neg(w1,w3);
-#if CHUNK<64
- BIG_norm(w1);
-#endif
- FP_sqr(P->x,w8);
- FP_add(P->x,P->x,w1);
- FP_add(P->x,P->x,w1);
-
- BIG_norm(P->x);
-
- if (BIG_comp(P->z,one)==0) BIG_copy(P->z,P->y);
- else FP_mul(P->z,P->z,P->y);
- FP_add(P->z,P->z,P->z);
-
-
- FP_add(w7,w2,w2);
- FP_sqr(w2,w7);
-
- FP_add(w2,w2,w2);
- FP_sub(w3,w3,P->x);
- FP_mul(P->y,w8,w3);
-//#if CHUNK<64
-// BIG_norm(w2);
-//#endif
- FP_sub(P->y,P->y,w2);
-
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#endif
-
-#if CURVETYPE==EDWARDS
-/* Not using square for multiplication swap, as (1) it needs more adds, and (2) it triggers more reductions */
- BIG B,C,D,E,F,H,J;
-
- FP_mul(B,P->x,P->y); FP_add(B,B,B);
- FP_sqr(C,P->x);
- FP_sqr(D,P->y);
- if (CURVE_A==1) BIG_copy(E,C);
- if (CURVE_A==-1) FP_neg(E,C);
- FP_add(F,E,D);
-#if CHUNK<64
- BIG_norm(F);
-#endif
- FP_sqr(H,P->z);
- FP_add(H,H,H); FP_sub(J,F,H);
- FP_mul(P->x,B,J);
- FP_sub(E,E,D);
- FP_mul(P->y,F,E);
- FP_mul(P->z,F,J);
-
- BIG_norm(P->x);
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#endif
-
-#if CURVETYPE==MONTGOMERY
- BIG t,A,B,AA,BB,C;
- if (ECP_isinf(P)) return;
-
- FP_add(A,P->x,P->z);
- FP_sqr(AA,A);
- FP_sub(B,P->x,P->z);
- FP_sqr(BB,B);
- FP_sub(C,AA,BB);
-//#if CHUNK<64
-// BIG_norm(C);
-//#endif
-
- FP_mul(P->x,AA,BB);
- FP_imul(A,C,(CURVE_A+2)/4);
- FP_add(BB,BB,A);
- FP_mul(P->z,BB,C);
-
- BIG_norm(P->x);
- BIG_norm(P->z);
-#endif
-}
-
-#if CURVETYPE==MONTGOMERY
-
-/* Set P+=Q. W is difference between P and Q and is affine */
-void ECP_add(ECP *P,ECP *Q,ECP *W)
-{
- BIG A,B,C,D,DA,CB;
-
- FP_add(A,P->x,P->z);
- FP_sub(B,P->x,P->z);
-
- FP_add(C,Q->x,Q->z);
- FP_sub(D,Q->x,Q->z);
-
- FP_mul(DA,D,A);
- FP_mul(CB,C,B);
-
- FP_add(A,DA,CB); FP_sqr(A,A);
- FP_sub(B,DA,CB); FP_sqr(B,B);
-
- BIG_copy(P->x,A);
- FP_mul(P->z,W->x,B);
-
- FP_reduce(P->z);
- if (BIG_iszilch(P->z)) P->inf=1;
- else P->inf=0;
-
- BIG_norm(P->x);
-}
-
-
-#else
-
-/* Set P+=Q */
-/* SU=248 */
-void ECP_add(ECP *P,ECP *Q)
-{
-#if CURVETYPE==WEIERSTRASS
- int aff;
- BIG one,B,D,E,C,A;
- if (ECP_isinf(Q)) return;
- if (ECP_isinf(P))
- {
- ECP_copy(P,Q);
- return;
- }
-
- FP_one(one);
- aff=1;
- if (BIG_comp(Q->z,one)!=0) aff=0;
-
- if (!aff)
- {
- FP_sqr(A,Q->z);
- FP_mul(C,A,Q->z);
-
- FP_sqr(B,P->z);
- FP_mul(D,B,P->z);
-
- FP_mul(A,P->x,A);
- FP_mul(C,P->y,C);
- }
- else
- {
- BIG_copy(A,P->x);
- BIG_copy(C,P->y);
-
- FP_sqr(B,P->z);
- FP_mul(D,B,P->z);
- }
-
- FP_mul(B,Q->x,B); FP_sub(B,B,A); /* B=Qx.z^2-x.Qz^2 */
- FP_mul(D,Q->y,D); FP_sub(D,D,C); /* D=Qy.z^3-y.Qz^3 */
-
- FP_reduce(B);
- if (BIG_iszilch(B))
- {
- FP_reduce(D);
- if (BIG_iszilch(D))
- {
- ECP_dbl(P);
- return;
- }
- else
- {
- ECP_inf(P);
- return;
- }
- }
- if (!aff) FP_mul(P->z,P->z,Q->z);
- FP_mul(P->z,P->z,B);
-
- FP_sqr(E,B);
- FP_mul(B,B,E);
- FP_mul(A,A,E);
-
- FP_add(E,A,A);
- FP_add(E,E,B);
-
- FP_sqr(P->x,D);
- FP_sub(P->x,P->x,E);
-
- FP_sub(A,A,P->x);
- FP_mul(P->y,A,D);
- FP_mul(C,C,B);
- FP_sub(P->y,P->y,C);
-
- BIG_norm(P->x);
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#else
- BIG b,A,B,C,D,E,F,G,H,I;
-
- BIG_rcopy(b,CURVE_B); FP_nres(b);
- FP_mul(A,P->z,Q->z);
-
- FP_sqr(B,A);
- FP_mul(C,P->x,Q->x);
- FP_mul(D,P->y,Q->y);
- FP_mul(E,C,D); FP_mul(E,E,b);
-
- FP_sub(F,B,E);
- FP_add(G,B,E);
-
- FP_add(C,C,D);
-
- if (CURVE_A==1) FP_sub(E,D,C);
-
- FP_add(B,P->x,P->y);
- FP_add(D,Q->x,Q->y);
- FP_mul(B,B,D);
- FP_sub(B,B,C);
- FP_mul(B,B,F);
- FP_mul(P->x,A,B);
-
-
- if (CURVE_A==1) FP_mul(C,E,G);
- if (CURVE_A==-1)FP_mul(C,C,G);
-
- FP_mul(P->y,A,C);
- FP_mul(P->z,F,G);
-
- BIG_norm(P->x);
- BIG_norm(P->y);
- BIG_norm(P->z);
-
-#endif
-}
-
-/* Set P-=Q */
-/* SU=16 */
-void ECP_sub(ECP *P,ECP *Q)
-{
- ECP_neg(Q);
- ECP_add(P,Q);
- ECP_neg(Q);
-}
-
-#endif
-
-
-#if CURVETYPE==WEIERSTRASS
-/* normalises array of points. Assumes P[0] is normalised already */
-
-static void ECP_multiaffine(int m,ECP P[],BIG work[])
-{
- int i;
- BIG t1,t2;
-
- FP_one(work[0]);
- BIG_copy(work[1],P[0].z);
- for (i=2;i<m;i++)
- FP_mul(work[i],work[i-1],P[i-1].z);
-
- FP_mul(t1,work[m-1],P[m-1].z);
- FP_inv(t1,t1);
-
- BIG_copy(t2,P[m-1].z);
- FP_mul(work[m-1],work[m-1],t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- FP_mul(work[0],t1,t2);
- break;
- }
- FP_mul(work[i],work[i],t2);
- FP_mul(work[i],work[i],t1);
- FP_mul(t2,P[i].z,t2);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- FP_one(P[i].z);
- FP_sqr(t1,work[i]);
- FP_mul(P[i].x,P[i].x,t1);
- FP_mul(t1,work[i],t1);
- FP_mul(P[i].y,P[i].y,t1);
- }
-}
-
-#endif
-
-#if CURVETYPE!=MONTGOMERY
-/* constant time multiply by small integer of length bts - use ladder */
-void ECP_pinmul(ECP *P,int e,int bts)
-{
- int nb,i,b;
- ECP R0,R1;
-
- ECP_affine(P);
- ECP_inf(&R0);
- ECP_copy(&R1,P);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- ECP_copy(P,&R1);
- ECP_add(P,&R0);
- ECP_cswap(&R0,&R1,b);
- ECP_copy(&R1,P);
- ECP_dbl(&R0);
- ECP_cswap(&R0,&R1,b);
- }
- ECP_copy(P,&R0);
- ECP_affine(P);
-}
-#endif
-
-/* Set P=r*P */
-/* SU=424 */
-void ECP_mul(ECP *P,BIG e)
-{
-#if CURVETYPE==MONTGOMERY
-/* Montgomery ladder */
- int nb,i,b;
- ECP R0,R1,D;
- if (ECP_isinf(P)) return;
- if (BIG_iszilch(e))
- {
- ECP_inf(P);
- return;
- }
- ECP_affine(P);
-
- ECP_copy(&R0,P);
- ECP_copy(&R1,P);
- ECP_dbl(&R1);
- ECP_copy(&D,P);
-
- nb=BIG_nbits(e);
- for (i=nb-2;i>=0;i--)
- {
- b=BIG_bit(e,i);
- ECP_copy(P,&R1);
- ECP_add(P,&R0,&D);
- ECP_cswap(&R0,&R1,b);
- ECP_copy(&R1,P);
- ECP_dbl(&R0);
- ECP_cswap(&R0,&R1,b);
- }
- ECP_copy(P,&R0);
-
-#else
-/* fixed size windows */
- int i,b,nb,m,s,ns;
- BIG mt,t;
- ECP Q,W[8],C;
- sign8 w[1+(NLEN*BASEBITS+3)/4];
-#if CURVETYPE==WEIERSTRASS
- BIG work[8];
-#endif
- if (ECP_isinf(P)) return;
- if (BIG_iszilch(e))
- {
- ECP_inf(P);
- return;
- }
-
- ECP_affine(P);
-
-/* precompute table */
-
- ECP_copy(&Q,P);
- ECP_dbl(&Q);
- ECP_copy(&W[0],P);
-
- for (i=1;i<8;i++)
- {
- ECP_copy(&W[i],&W[i-1]);
- ECP_add(&W[i],&Q);
- }
-
-/* convert the table to affine */
-#if CURVETYPE==WEIERSTRASS
- ECP_multiaffine(8,W,work);
-#endif
-
-/* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1); BIG_norm(t); ns=BIG_parity(t); BIG_copy(mt,t); BIG_inc(mt,1); BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP_cmove(&Q,P,ns);
- ECP_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
-/* convert exponent to signed 4-bit window */
- for (i=0;i<nb;i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]); BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- ECP_select(&Q,W,w[i]);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_add(P,&Q);
- }
- ECP_sub(P,&C); /* apply correction */
-#endif
- ECP_affine(P);
-}
-
-#if CURVETYPE!=MONTGOMERY
-/* Set P=eP+fQ double multiplication */
-/* constant time - as useful for GLV method in pairings */
-/* SU=456 */
-
-void ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f)
-{
- BIG te,tf,mt;
- ECP S,T,W[8],C;
- sign8 w[1+(NLEN*BASEBITS+1)/2];
- int i,a,b,s,ns,nb;
-#if CURVETYPE==WEIERSTRASS
- BIG work[8];
-#endif
-
- ECP_affine(P);
- ECP_affine(Q);
-
- BIG_copy(te,e);
- BIG_copy(tf,f);
-
-/* precompute table */
- ECP_copy(&W[1],P); ECP_sub(&W[1],Q); /* P+Q */
- ECP_copy(&W[2],P); ECP_add(&W[2],Q); /* P-Q */
- ECP_copy(&S,Q); ECP_dbl(&S); /* S=2Q */
- ECP_copy(&W[0],&W[1]); ECP_sub(&W[0],&S);
- ECP_copy(&W[3],&W[2]); ECP_add(&W[3],&S);
- ECP_copy(&T,P); ECP_dbl(&T); /* T=2P */
- ECP_copy(&W[5],&W[1]); ECP_add(&W[5],&T);
- ECP_copy(&W[6],&W[2]); ECP_add(&W[6],&T);
- ECP_copy(&W[4],&W[5]); ECP_sub(&W[4],&S);
- ECP_copy(&W[7],&W[6]); ECP_add(&W[7],&S);
-
-#if CURVETYPE==WEIERSTRASS
- ECP_multiaffine(8,W,work);
-#endif
-
-/* if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction */
-
- s=BIG_parity(te);
- BIG_inc(te,1); BIG_norm(te); ns=BIG_parity(te); BIG_copy(mt,te); BIG_inc(mt,1); BIG_norm(mt);
- BIG_cmove(te,mt,s);
- ECP_cmove(&T,P,ns);
- ECP_copy(&C,&T);
-
- s=BIG_parity(tf);
- BIG_inc(tf,1); BIG_norm(tf); ns=BIG_parity(tf); BIG_copy(mt,tf); BIG_inc(mt,1); BIG_norm(mt);
- BIG_cmove(tf,mt,s);
- ECP_cmove(&S,Q,ns);
- ECP_add(&C,&S);
-
- BIG_add(mt,te,tf); BIG_norm(mt);
- nb=1+(BIG_nbits(mt)+1)/2;
-
-/* convert exponent to signed 2-bit window */
- for (i=0;i<nb;i++)
- {
- a=BIG_lastbits(te,3)-4;
- BIG_dec(te,a); BIG_norm(te);
- BIG_fshr(te,2);
- b=BIG_lastbits(tf,3)-4;
- BIG_dec(tf,b); BIG_norm(tf);
- BIG_fshr(tf,2);
- w[i]=4*a+b;
- }
- w[nb]=(4*BIG_lastbits(te,3)+BIG_lastbits(tf,3));
-
- ECP_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- ECP_select(&T,W,w[i]);
- ECP_dbl(P);
- ECP_dbl(P);
- ECP_add(P,&T);
- }
- ECP_sub(P,&C); /* apply correction */
- ECP_affine(P);
-}
-
-#endif
-
-#ifdef HAS_MAIN
-
-int main()
-{
- int i;
- ECP G,P;
- csprng RNG;
- BIG r,s,x,y,b,m,w,q;
- BIG_rcopy(x,CURVE_Gx);
-#if CURVETYPE!=MONTGOMERY
- BIG_rcopy(y,CURVE_Gy);
-#endif
- BIG_rcopy(m,Modulus);
-
- printf("x= ");BIG_output(x); printf("\n");
-#if CURVETYPE!=MONTGOMERY
- printf("y= ");BIG_output(y); printf("\n");
-#endif
- RNG_seed(&RNG,3,"abc");
-
-#if CURVETYPE!=MONTGOMERY
- ECP_set(&G,x,y);
-#else
- ECP_set(&G,x);
-#endif
- if (ECP_isinf(&G)) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP_output(&G);
-
- BIG_rcopy(r,CURVE_Order); //BIG_dec(r,7);
- printf("r= ");BIG_output(r); printf("\n");
-
- ECP_copy(&P,&G);
-
- ECP_mul(&P,r);
-
- ECP_output(&P);
-//exit(0);
- BIG_randomnum(w,&RNG);
- BIG_mod(w,r);
-
- ECP_copy(&P,&G);
- ECP_mul(&P,w);
-
- ECP_output(&P);
-
- return 0;
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/ecp2.c
----------------------------------------------------------------------
diff --git a/c/ecp2.c b/c/ecp2.c
deleted file mode 100755
index 5ebc588..0000000
--- a/c/ecp2.c
+++ /dev/null
@@ -1,666 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-/* SU=m, m is Stack Usage */
-
-#include "amcl.h"
-
-int ECP2_isinf(ECP2 *P)
-{
- return P->inf;
-}
-
-/* Set P=Q */
-/* SU= 16 */
-void ECP2_copy(ECP2 *P,ECP2 *Q)
-{
- P->inf=Q->inf;
- FP2_copy(&(P->x),&(Q->x));
- FP2_copy(&(P->y),&(Q->y));
- FP2_copy(&(P->z),&(Q->z));
-}
-
-/* set P to Infinity */
-/* SU= 8 */
-void ECP2_inf(ECP2 *P)
-{
- P->inf=1;
- FP2_zero(&(P->x)); FP2_zero(&(P->y)); FP2_zero(&(P->z));
-}
-
-/* Conditional move Q to P dependant on d */
-static void ECP2_cmove(ECP2 *P,ECP2 *Q,int d)
-{
- FP2_cmove(&(P->x),&(Q->x),d);
- FP2_cmove(&(P->y),&(Q->y),d);
- FP2_cmove(&(P->z),&(Q->z),d);
- d=~(d-1);
- P->inf^=(P->inf^Q->inf)&d;
-}
-
-/* return 1 if b==c, no branching */
-static int teq(sign32 b,sign32 c)
-{
- sign32 x=b^c;
- x-=1; // if x=0, x now -1
- return (int)((x>>31)&1);
-}
-
-/* Constant time select from pre-computed table */
-static void ECP2_select(ECP2 *P,ECP2 W[],sign32 b)
-{
- ECP2 MP;
- sign32 m=b>>31;
- sign32 babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- ECP2_cmove(P,&W[0],teq(babs,0)); // conditional move
- ECP2_cmove(P,&W[1],teq(babs,1));
- ECP2_cmove(P,&W[2],teq(babs,2));
- ECP2_cmove(P,&W[3],teq(babs,3));
- ECP2_cmove(P,&W[4],teq(babs,4));
- ECP2_cmove(P,&W[5],teq(babs,5));
- ECP2_cmove(P,&W[6],teq(babs,6));
- ECP2_cmove(P,&W[7],teq(babs,7));
-
- ECP2_copy(&MP,P);
- ECP2_neg(&MP); // minus P
- ECP2_cmove(P,&MP,(int)(m&1));
-}
-
-/* return 1 if P==Q, else 0 */
-/* SU= 312 */
-int ECP2_equals(ECP2 *P,ECP2 *Q)
-{
- FP2 pz2,qz2,a,b;
- if (P->inf && Q->inf) return 1;
- if (P->inf || Q->inf) return 0;
-
- FP2_sqr(&pz2,&(P->z)); FP2_sqr(&qz2,&(Q->z));
-
- FP2_mul(&a,&(P->x),&qz2);
- FP2_mul(&b,&(Q->x),&pz2);
- if (!FP2_equals(&a,&b)) return 0;
-
- FP2_mul(&a,&(P->y),&qz2);
- FP2_mul(&a,&a,&(Q->z));
- FP2_mul(&b,&(Q->y),&pz2);
- FP2_mul(&b,&b,&(P->z));
- if (!FP2_equals(&a,&b)) return 0;
- return 1;
-}
-
-/* Make P affine (so z=1) */
-/* SU= 232 */
-void ECP2_affine(ECP2 *P)
-{
- FP2 one,iz,izn;
- if (P->inf) return;
-
- FP2_one(&one);
- if (FP2_isunity(&(P->z)))
- {
- FP2_reduce(&(P->x));
- FP2_reduce(&(P->y));
- return;
- }
-
- FP2_inv(&iz,&(P->z));
- FP2_sqr(&izn,&iz);
- FP2_mul(&(P->x),&(P->x),&izn);
- FP2_mul(&izn,&izn,&iz);
- FP2_mul(&(P->y),&(P->y),&izn);
-
- FP2_reduce(&(P->x));
- FP2_reduce(&(P->y));
- FP2_copy(&(P->z),&one);
-}
-
-/* extract x, y from point P */
-/* SU= 16 */
-int ECP2_get(FP2 *x,FP2 *y,ECP2 *P)
-{
- if (P->inf) return -1;
- ECP2_affine(P);
- FP2_copy(y,&(P->y));
- FP2_copy(x,&(P->x));
- return 0;
-}
-
-/* SU= 152 */
-/* Output point P */
-void ECP2_output(ECP2 *P)
-{
- FP2 x,y;
- if (P->inf)
- {
- printf("Infinity\n");
- return;
- }
- ECP2_get(&x,&y,P);
- printf("(");FP2_output(&x);printf(",");FP2_output(&y);printf(")\n");
-}
-
-/* SU= 232 */
-void ECP2_outputxyz(ECP2 *P)
-{
- FP2 x,y,z;
- ECP2 Q;
- if (P->inf)
- {
- printf("Infinity\n");
- return;
- }
- ECP2_copy(&Q,P);
- printf("(");FP2_output(&(Q.x));printf(",");FP2_output(&(Q.y));printf(",");FP2_output(&(Q.z)); printf(")\n");
-}
-
-/* SU= 168 */
-/* Convert Q to octet string */
-void ECP2_toOctet(octet *W,ECP2 *Q)
-{
- FP2 qx,qy;
- ECP2_get(&qx,&qy,Q);
- FP_redc(qx.a); FP_redc(qx.b); FP_redc(qy.a); FP_redc(qy.b);
- W->len=4*MODBYTES;
-
- BIG_toBytes(&(W->val[0]),qx.a);
- BIG_toBytes(&(W->val[MODBYTES]),qx.b);
- BIG_toBytes(&(W->val[2*MODBYTES]),qy.a);
- BIG_toBytes(&(W->val[3*MODBYTES]),qy.b);
-}
-
-/* SU= 176 */
-/* restore Q from octet string */
-int ECP2_fromOctet(ECP2 *Q,octet *W)
-{
- FP2 qx,qy;
- BIG_fromBytes(qx.a,&(W->val[0]));
- BIG_fromBytes(qx.b,&(W->val[MODBYTES]));
- BIG_fromBytes(qy.a,&(W->val[2*MODBYTES]));
- BIG_fromBytes(qy.b,&(W->val[3*MODBYTES]));
- FP_nres(qx.a); FP_nres(qx.b); FP_nres(qy.a); FP_nres(qy.b);
-
- if (ECP2_set(Q,&qx,&qy)) return 1;
- return 0;
-}
-
-/* SU= 128 */
-/* Calculate RHS of twisted curve equation x^3+B/i */
-void ECP2_rhs(FP2 *rhs,FP2 *x)
-{ /* calculate RHS of elliptic curve equation */
- FP2 t;
- BIG b;
- FP2_sqr(&t,x);
-
- FP2_mul(rhs,&t,x);
-
-/* Assuming CURVE_A=0 */
-
- BIG_rcopy(b,CURVE_B);
-
- FP2_from_BIG(&t,b);
-
- FP2_div_ip(&t); /* IMPORTANT - here we use the SEXTIC twist of the curve */
-
- FP2_add(rhs,&t,rhs);
- FP2_reduce(rhs);
-}
-
-
-/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
-/* SU= 232 */
-int ECP2_set(ECP2 *P,FP2 *x,FP2 *y)
-{
- FP2 one,rhs,y2;
- FP2_copy(&y2,y);
-
- FP2_sqr(&y2,&y2);
- ECP2_rhs(&rhs,x);
-
- if (!FP2_equals(&y2,&rhs))
- {
-
- P->inf=1;
- return 0;
- }
-
- P->inf=0;
- FP2_copy(&(P->x),x);
- FP2_copy(&(P->y),y);
-
- FP2_one(&one);
- FP2_copy(&(P->z),&one);
- return 1;
-}
-
-/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
-/* SU= 232 */
-int ECP2_setx(ECP2 *P,FP2 *x)
-{
- FP2 y;
- ECP2_rhs(&y,x);
-
- if (!FP2_sqrt(&y,&y))
- {
- P->inf=1;
- return 0;
- }
-
- P->inf=0;
- FP2_copy(&(P->x),x);
- FP2_copy(&(P->y),&y);
- FP2_one(&(P->z));
- return 1;
-}
-
-/* Set P=-P */
-/* SU= 8 */
-void ECP2_neg(ECP2 *P)
-{
- FP2_neg(&(P->y),&(P->y));
- FP2_norm(&(P->y));
-}
-
-/* R+=R */
-/* return -1 for Infinity, 0 for addition, 1 for doubling */
-/* SU= 448 */
-int ECP2_dbl(ECP2 *P)
-{
- FP2 w1,w7,w8,w2,w3;
- if (P->inf) return -1;
-
- if (FP2_iszilch(&(P->y)))
- {
- P->inf=1;
- return -1;
- }
-
-/* Assuming A=0 */
- FP2_sqr(&w1,&(P->x));
- FP2_imul(&w8,&w1,3);
-
- FP2_sqr(&w2,&(P->y));
- FP2_mul(&w3,&(P->x),&w2);
- FP2_imul(&w3,&w3,4);
-
- FP2_neg(&w1,&w3);
-#if CHUNK<64
- FP2_norm(&w1);
-#endif
- FP2_sqr(&(P->x),&w8);
- FP2_add(&(P->x),&(P->x),&w1);
- FP2_add(&(P->x),&(P->x),&w1);
-
- FP2_norm(&(P->x));
-
- if (FP2_isunity(&(P->z))) FP2_copy(&(P->z),&(P->y));
- else FP2_mul(&(P->z),&(P->z),&(P->y));
- FP2_add(&(P->z),&(P->z),&(P->z));
-
- FP2_add(&w7,&w2,&w2);
- FP2_sqr(&w2,&w7);
-
- FP2_add(&w2,&w2,&w2);
- FP2_sub(&w3,&w3,&(P->x));
-
- FP2_mul(&(P->y),&w8,&w3);
-//#if CHUNK<64
-// FP2_norm(&w2);
-//#endif
- FP2_sub(&(P->y),&(P->y),&w2);
-
-
- FP2_norm(&(P->y));
- FP2_norm(&(P->z));
-
- return 1;
-}
-
-/* Set P+=Q */
-/* SU= 400 */
-int ECP2_add(ECP2 *P,ECP2 *Q)
-{
- int aff;
- FP2 B,D,E,C,A;
- if (Q->inf) return 0;
- if (P->inf)
- {
- ECP2_copy(P,Q);
- return 0;
- }
-
- aff=1;
- if (!FP2_isunity(&(Q->z))) aff=0;
-
- if (!aff)
- {
- FP2_sqr(&A,&(Q->z));
- FP2_mul(&C,&A,&(Q->z));
-
- FP2_sqr(&B,&(P->z));
- FP2_mul(&D,&B,&(P->z));
-
- FP2_mul(&A,&(P->x),&A);
- FP2_mul(&C,&(P->y),&C);
- }
- else
- {
- FP2_copy(&A,&(P->x));
- FP2_copy(&C,&(P->y));
-
- FP2_sqr(&B,&(P->z));
- FP2_mul(&D,&B,&(P->z));
- }
-
- FP2_mul(&B,&(Q->x),&B); FP2_sub(&B,&B,&A); /* B=Qx.z^2-x.Qz^2 */
- FP2_mul(&D,&(Q->y),&D); FP2_sub(&D,&D,&C); /* D=Qy.z^3-y.Qz^3 */
-
- if (FP2_iszilch(&B))
- {
- if (FP2_iszilch(&D))
- {
- ECP2_dbl(P);
- return 1;
- }
- else
- {
- ECP2_inf(P);
- return -1;
- }
- }
- if (!aff) FP2_mul(&(P->z),&(P->z),&(Q->z));
- FP2_mul(&(P->z),&(P->z),&B);
-
- FP2_sqr(&E,&B);
- FP2_mul(&B,&B,&E);
- FP2_mul(&A,&A,&E);
-
- FP2_add(&E,&A,&A);
- FP2_add(&E,&E,&B);
-
- FP2_sqr(&(P->x),&D);
- FP2_sub(&(P->x),&(P->x),&E);
-
- FP2_sub(&A,&A,&(P->x));
- FP2_mul(&(P->y),&A,&D);
- FP2_mul(&C,&C,&B);
- FP2_sub(&(P->y),&(P->y),&C);
-
- FP2_norm(&(P->x));
- FP2_norm(&(P->y));
- FP2_norm(&(P->z));
-
- return 0;
-}
-
-/* Set P-=Q */
-/* SU= 16 */
-void ECP2_sub(ECP2 *P,ECP2 *Q)
-{
- ECP2_neg(Q);
- ECP2_add(P,Q);
- ECP2_neg(Q);
-}
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-/* SU= 200 */
-static void ECP2_multiaffine(int m,ECP2 *P,FP2 *work)
-{
- int i;
- FP2 t1,t2;
-
- FP2_one(&work[0]);
- FP2_copy(&work[1],&(P[0].z));
- for (i=2;i<m;i++)
- FP2_mul(&work[i],&work[i-1],&(P[i-1].z));
- FP2_mul(&t1,&work[m-1],&(P[m-1].z));
-
- FP2_inv(&t1,&t1);
-
- FP2_copy(&t2,&(P[m-1].z));
- FP2_mul(&work[m-1],&work[m-1],&t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- FP2_mul(&work[0],&t1,&t2);
- break;
- }
- FP2_mul(&work[i],&work[i],&t2);
- FP2_mul(&work[i],&work[i],&t1);
- FP2_mul(&t2,&(P[i].z),&t2);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- FP2_one(&(P[i].z));
- FP2_sqr(&t1,&work[i]);
- FP2_mul(&(P[i].x),&(P[i].x),&t1);
- FP2_mul(&t1,&work[i],&t1);
- FP2_mul(&(P[i].y),&(P[i].y),&t1);
- }
-}
-
-/* P*=e */
-/* SU= 280 */
-void ECP2_mul(ECP2 *P,BIG e)
-{
-/* fixed size windows */
- int i,b,nb,m,s,ns;
- BIG mt,t,r;
- ECP2 Q,W[8],C;
- sign8 w[1+(NLEN*BASEBITS+3)/4];
- FP2 work[8];
-
- if (ECP2_isinf(P)) return;
- ECP2_affine(P);
-
-
-/* precompute table */
-
- ECP2_copy(&Q,P);
- ECP2_dbl(&Q);
- ECP2_copy(&W[0],P);
-
- for (i=1;i<8;i++)
- {
- ECP2_copy(&W[i],&W[i-1]);
- ECP2_add(&W[i],&Q);
- }
-
-/* convert the table to affine */
-
- ECP2_multiaffine(8,W,work);
-
-/* make exponent odd - add 2P if even, P if odd */
- BIG_copy(t,e);
- s=BIG_parity(t);
- BIG_inc(t,1); BIG_norm(t); ns=BIG_parity(t); BIG_copy(mt,t); BIG_inc(mt,1); BIG_norm(mt);
- BIG_cmove(t,mt,s);
- ECP2_cmove(&Q,P,ns);
- ECP2_copy(&C,&Q);
-
- nb=1+(BIG_nbits(t)+3)/4;
-
-/* convert exponent to signed 4-bit window */
- for (i=0;i<nb;i++)
- {
- w[i]=BIG_lastbits(t,5)-16;
- BIG_dec(t,w[i]); BIG_norm(t);
- BIG_fshr(t,4);
- }
- w[nb]=BIG_lastbits(t,5);
-
- ECP2_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- ECP2_select(&Q,W,w[i]);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_dbl(P);
- ECP2_add(P,&Q);
- }
- ECP2_sub(P,&C); /* apply correction */
- ECP2_affine(P);
-}
-
-/* Calculates q.P using Frobenius constant X */
-/* SU= 96 */
-void ECP2_frob(ECP2 *P,FP2 *X)
-{
- FP2 X2;
- if (P->inf) return;
- FP2_sqr(&X2,X);
- FP2_conj(&(P->x),&(P->x));
- FP2_conj(&(P->y),&(P->y));
- FP2_conj(&(P->z),&(P->z));
- FP2_reduce(&(P->z));
-
- FP2_mul(&(P->x),&X2,&(P->x));
- FP2_mul(&(P->y),&X2,&(P->y));
- FP2_mul(&(P->y),X,&(P->y));
-}
-
-void ECP2_mul4(ECP2 *P,ECP2 Q[4],BIG u[4])
-{
- int i,j,a[4],nb;
- ECP2 W[8],T,C;
- BIG mt,t[4];
- FP2 work[8];
- sign8 w[NLEN*BASEBITS+1];
-
- for (i=0;i<4;i++)
- {
- BIG_copy(t[i],u[i]);
- ECP2_affine(&Q[i]);
- }
-
-/* precompute table */
-
- ECP2_copy(&W[0],&Q[0]); ECP2_sub(&W[0],&Q[1]); /* P-Q */
- ECP2_copy(&W[1],&W[0]);
- ECP2_copy(&W[2],&W[0]);
- ECP2_copy(&W[3],&W[0]);
- ECP2_copy(&W[4],&Q[0]); ECP2_add(&W[4],&Q[1]); /* P+Q */
- ECP2_copy(&W[5],&W[4]);
- ECP2_copy(&W[6],&W[4]);
- ECP2_copy(&W[7],&W[4]);
-
- ECP2_copy(&T,&Q[2]); ECP2_sub(&T,&Q[3]); /* R-S */
- ECP2_sub(&W[1],&T);
- ECP2_add(&W[2],&T);
- ECP2_sub(&W[5],&T);
- ECP2_add(&W[6],&T);
- ECP2_copy(&T,&Q[2]); ECP2_add(&T,&Q[3]); /* R+S */
- ECP2_sub(&W[0],&T);
- ECP2_add(&W[3],&T);
- ECP2_sub(&W[4],&T);
- ECP2_add(&W[7],&T);
-
- ECP2_multiaffine(8,W,work);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- ECP2_inf(&C);
-
- BIG_zero(mt);
- for (i=0;i<4;i++)
- {
- if (BIG_parity(t[i])==0)
- {
- BIG_inc(t[i],1); BIG_norm(t[i]);
- ECP2_add(&C,&Q[i]);
- }
- BIG_add(mt,mt,t[i]); BIG_norm(mt);
- }
-
- nb=1+BIG_nbits(mt);
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=BIG_lastbits(t[i],2)-2;
- BIG_dec(t[i],a[i]); BIG_norm(t[i]);
- BIG_fshr(t[i],1);
- }
- w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
- }
- w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
-
- ECP2_copy(P,&W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- ECP2_select(&T,W,w[i]);
- ECP2_dbl(P);
- ECP2_add(P,&T);
- }
- ECP2_sub(P,&C); /* apply correction */
-
- ECP2_affine(P);
-}
-
-/*
-
-int main()
-{
- int i;
- ECP2 G,P;
- ECP2 *W;
- FP2 x,y,w,z,f;
- BIG r,xa,xb,ya,yb;
-
- BIG_rcopy(xa,CURVE_Pxa);
- BIG_rcopy(xb,CURVE_Pxb);
- BIG_rcopy(ya,CURVE_Pya);
- BIG_rcopy(yb,CURVE_Pyb);
-
- FP2_from_BIGs(&x,xa,xb);
- FP2_from_BIGs(&y,ya,yb);
- ECP2_set(&G,&x,&y);
- if (G.inf) printf("Failed to set - point not on curve\n");
- else printf("set success\n");
-
- ECP2_output(&G);
-
-// BIG_copy(r,CURVE_Order);
- BIG_rcopy(r,Modulus);
-
- ECP2_copy(&P,&G);
-
- ECP2_mul(&P,r);
-
- ECP2_output(&P);
-
- FP2_gfc(&f,12);
-
- ECP2_frob(&G,&f);
-
- ECP2_output(&G);
-
- return 0;
-}
-
-*/
[08/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/amcl.h
----------------------------------------------------------------------
diff --git a/version22/c/amcl.h b/version22/c/amcl.h
new file mode 100644
index 0000000..26a74c3
--- /dev/null
+++ b/version22/c/amcl.h
@@ -0,0 +1,2935 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+
+/* AMCL header file */
+/* Designed for AES-128/192/256 security, 254-521 bit elliptic curves and BN curves for pairings */
+/* Each "limb" of a big number occupies at most (n-3) bits of an n-bit computer word. The most significant word must have at least 4 extra unused bits */
+
+/**
+ * @file amcl.h
+ * @author Mike Scott and Kealan McCusker
+ * @date 19th May 2015
+ * @brief Main Header File
+ *
+ * Allows some user configuration
+ * defines structures
+ * declares functions
+ *
+ */
+
+/* NOTE: There is only one user configurable section in this header - see below */
+
+#ifndef AMCL_H
+#define AMCL_H
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+#include "arch.h"
+
+#ifdef CMAKE
+#define AMCL_VERSION_MAJOR @AMCL_VERSION_MAJOR@ /**< Major version of the library */
+#define AMCL_VERSION_MINOR @AMCL_VERSION_MINOR@ /**< Minor version of the library */
+#define AMCL_VERSION_PATCH @AMCL_VERSION_PATCH@ /**< Patch version of the library */
+#define OS "@OS@" /**< Operative system */
+#cmakedefine USE_PATENTS /**< Use Patents */
+#cmakedefine USE_ANONYMOUS /**< Use Anonymous Configuration in MPin */
+#endif
+
+/* Curve types */
+
+#define WEIERSTRASS 0 /**< Short Weierstrass form curve */
+#define EDWARDS 1 /**< Edwards or Twisted Edwards curve */
+#define MONTGOMERY 2 /**< Montgomery form curve */
+
+/* Elliptic curves are defined over prime fields */
+/* Here are some popular EC prime fields for which we have prepared standard curves. Feel free to specify your own. */
+
+#define NIST256 0 /**< For the NIST 256-bit standard curve - WEIERSTRASS only */
+#define C25519 1 /**< Bernstein's Modulus 2^255-19 - EDWARDS or MONTGOMERY only */
+#define BRAINPOOL 2 /**< For Brainpool 256-bit curve - WEIERSTRASS only */
+#define ANSSI 3 /**< For French 256-bit standard curve - WEIERSTRASS only */
+#define MF254 4 /**< For NUMS curves from Bos et al - 254-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
+#define MS255 5 /**< For NUMS curve - 255-bit pseudo-mersenne modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
+#define MF256 6 /**< For NUMS curve - 256-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
+#define MS256 7 /**< For NUMS curve - 256-bit pseudo-merseene modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
+#define HIFIVE 8 /**< My 336-bit pseudo-mersenne modulus - EDWARDS only */
+#define GOLDILOCKS 9 /**< Goldilocks generalized-mersenne modulus - EDWARDS only */
+#define NIST384 10 /**< For the NIST 384-bit standard curve - WEIERSTRASS only */
+#define C41417 11 /**< Bernstein et al Curve41417 2^414-17 - EDWARDS only */
+#define NIST521 12 /**< For the NIST 521-bit standard curve - WEIERSTRASS only */
+
+/* BN Curves */
+#define BN_CURVES 100 /**< Barreto-Naehrig curves */
+#define BN454 100 /**< New AES-128 security BN curve - Modulus built from -0x10000010000000000000100000001 - WEIERSTRASS only */
+#define BN646 101 /**< AES-192 security BN curve - Modulus built from t=-0x10000000000000000000004000000000000001001 - WEIERSTRASS only */
+
+/* A few 254-bit alternative BN curves */
+#define BN254 102 /**< Standard Nogami BN curve - fastest. Modulus built from t=-0x4080000000000001 - WEIERSTRASS only */
+
+/* GT_STRONG curves */
+#define BN254_CX 103 /**< Our CertiVox BN curve. Modulus built from t=-0x4000000003C012B1 - WEIERSTRASS only */
+#define BN254_T 104 /**< GT_Strong BN curve. Modulus built from t=-0x4000806000004081 - WEIERSTRASS only */
+#define BN254_T2 105 /**< G2 and GT-Strong BN curve. Modulus built from t=-0x4000020100608205 - WEIERSTRASS only */
+
+/* BLS-12 Curves */
+#define BLS_CURVES 200 /**< Barreto-Lynn-Scott curves */
+#define BLS455 200 /**< New AES-128 security BLS curve - Modulus built from -0x10002000002000010007 - WEIERSTRASS only */
+#define BLS383 201 /**< New AES-128 security BLS curve - Modulus built from -0x1101000000040110 - WEIERSTRASS only */
+
+
+/*** START OF USER CONFIGURABLE SECTION - set architecture and choose modulus and curve ***/
+
+#ifdef CMAKE
+#define CHOICE @AMCL_CHOICE@ /**< Current choice of Field */
+#else
+#define CHOICE BN254_CX /**< Current choice of Field */
+#endif
+
+/* For some moduli only one parameterisation of curve may supported. For others there is a choice of WEIERSTRASS, EDWARDS or MONTGOMERY curves. See above. */
+#ifdef CMAKE
+#define CURVETYPE @AMCL_CURVETYPE@ /**< Note that not all curve types are supported - see above */
+#else
+#define CURVETYPE WEIERSTRASS /**< Note that not all curve types are supported - see above */
+#endif
+
+
+/* Actual curve parameters associated with these choices can be found in rom.c */
+
+/* These next options only apply for pairings */
+#ifdef USE_PATENTS
+#define USE_GLV /**< Note this method is patented (GLV), so maybe you want to comment this out */
+#define USE_GS_G2 /**< Well we didn't patent it :) But may be covered by GLV patent :( */
+#endif
+#define USE_GS_GT /**< Not patented, so probably safe to always use this */
+
+/* Finite field support - for RSA, DH etc. */
+#ifdef CMAKE
+#define FFLEN @AMCL_FFLEN@ /**< 2^n multiplier of BIGBITS to specify supported Finite Field size, e.g 2048=256*2^3 where BIGBITS=256 */
+#else
+#define FFLEN 8 /**< 2^n multiplier of BIGBITS to specify supported Finite Field size, e.g 2048=256*2^3 where BIGBITS=256 */
+#endif
+
+
+
+/* For debugging Only.*/
+#ifdef CMAKE
+#cmakedefine DEBUG_REDUCE /**< Print debug message for field reduction */
+#cmakedefine DEBUG_NORM /**< Detect digit overflow */
+#cmakedefine GET_STATS /**< Debug statistics - use with debugger */
+#else
+//#define DEBUG_REDUCE
+//#define DEBUG_NORM
+//#define GET_STATS
+#endif
+
+
+// #define UNWOUND
+
+/*** END OF USER CONFIGURABLE SECTION ***/
+
+
+
+
+
+
+
+
+#define NLEN (1+((MBITS-1)/BASEBITS)) /**< Number of words in BIG. */
+#define MODBYTES (1+(MBITS-1)/8) /**< Number of bytes in Modulus */
+#define BIGBITS (MODBYTES*8) /**< Number of bits representable in a BIG */
+#define FF_BITS (BIGBITS*FFLEN) /**< Finite Field Size in bits - must be BIGBITS.2^n */
+
+/* modulus types */
+
+#define NOT_SPECIAL 0 /**< Modulus of no exploitable form */
+#define PSEUDO_MERSENNE 1 /**< Pseudo-mersenne modulus of form $2^n-c$ */
+#define MONTGOMERY_FRIENDLY 3 /**< Montgomery Friendly modulus of form $2^a(2^b-c)-1$ */
+#define GENERALISED_MERSENNE 2 /**< Generalised-mersenne modulus of form $2^n-2^m-1$, GOLDILOCKS only */
+
+/* Built-in curves defined here */
+/* MIRACL check.cpp utility used to determine optimal choice for BASEBITS */
+
+/* Define AES_S if the desired AES-equivalent security is significantly less than the group order */
+
+
+#if CHOICE==NIST256
+#define MBITS 256 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==C25519
+#define MBITS 255 /**< Number of bits in Modulus */
+#define MOD8 5 /**< Modulus mod 8 */
+#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
+#if CURVETYPE==WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#if CURVETYPE==MONTGOMERY
+#error Not supported
+#else
+#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==BRAINPOOL
+#define MBITS 256 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==ANSSI
+#define MBITS 256 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+/**< NUMS curve from Bos et al. paper */
+
+#if CHOICE==MF254
+#define MBITS 254 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
+#if CHUNK==16
+#error Not Supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+
+#if CHOICE==MF256
+#define MBITS 256 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
+#if CHUNK==16
+#error Not Supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+
+#if CHOICE==MS255
+#define MBITS 255 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
+#if CHUNK==16
+#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+
+#if CHOICE==MS256
+#define MBITS 256 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
+#if CHUNK==16
+#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+
+#if CHOICE==HIFIVE
+#define MBITS 336 /**< Number of bits in Modulus */
+#define MOD8 5 /**< Modulus mod 8 */
+#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
+#define AES_S 128 /**< Desired AES equivalent strength */
+#if CURVETYPE!=EDWARDS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not Supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==GOLDILOCKS
+#define MBITS 448 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE GENERALISED_MERSENNE /**< Modulus type */
+#if CURVETYPE!=EDWARDS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not Supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==NIST384
+#define MBITS 384 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 28 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==C41417
+#define MBITS 414 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
+#if CURVETYPE!=EDWARDS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==NIST521
+#define MBITS 521 /**< Number of bits in Modulus */
+#define MOD8 7 /**< Modulus mod 8 */
+#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 28 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+/* New BN curve to be used for AES-128 security as response to new DL developments - see Kim & Barbulescu ePrint Archive: Report 2015/1027 */
+
+#if CHOICE==BN454
+#define MBITS 454 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#define AES_S 128 /**< Desired AES equivalent strength */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+/* New BLS curve to be used for AES-128 security as response to new DL developments - see Kim & Barbulescu ePrint Archive: Report 2015/1027 */
+
+#if CHOICE==BLS455
+#define MBITS 455 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#define AES_S 128 /**< Desired AES equivalent strength */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+
+#if CHOICE==BLS383
+#define MBITS 383 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 28 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE==BN646
+#define MBITS 646 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#define AES_S 192 /**< Desired AES equivalent strength */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#error Not supported
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 60 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+#if CHOICE<BLS_CURVES
+
+#if CHOICE>=BN254 /* Its a BN curve */
+#define MBITS 254 /**< Number of bits in Modulus */
+#define MOD8 3 /**< Modulus mod 8 */
+#define MODTYPE NOT_SPECIAL /**< Modulus type */
+#if CURVETYPE!=WEIERSTRASS
+#error Not supported
+#else
+#if CHUNK==16
+#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 32
+#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#if CHUNK == 64
+#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
+#endif
+#endif
+#endif
+
+
+#if CHOICE>BN254
+#define GT_STRONG /**< Using a GT-Strong 254-bit BN curve */
+#endif
+#endif
+
+
+/* Don't mess with anything below this line */
+
+#ifdef GET_STATS
+extern int tsqr,rsqr,tmul,rmul;
+extern int tadd,radd,tneg,rneg;
+extern int tdadd,rdadd,tdneg,rdneg;
+#endif
+
+#define DCHUNK 2*CHUNK /**< Number of bits in double-length type */
+#define DNLEN 2*NLEN /**< double length required for products of BIGs */
+#define HFLEN (FFLEN/2) /**< Useful for half-size RSA private key operations */
+
+#define CHUNK_BITS 8*sizeof(chunk) /**< Number of bits in a chunk */
+
+#ifdef DEBUG_NORM /* Add an extra location to track chunk extension */
+typedef chunk BIG[NLEN+1]; /**< Define type BIG as array of chunks */
+typedef chunk DBIG[DNLEN+1]; /**< Define type DBIG as array of chunks */
+#else
+typedef chunk BIG[NLEN]; /**< Define type BIG as array of chunks */
+typedef chunk DBIG[DNLEN]; /**< Define type DBIG as array of chunks */
+#endif
+
+#define HBITS (BASEBITS/2) /**< Number of bits in number base divided by 2 */
+#define HBITS1 ((BASEBITS+1)/2) /**< Number of bits in number base plus 1 divided by 2 */
+#define HDIFF (HBITS1-HBITS) /**< Will be either 0 or 1, depending if number of bits in number base is even or odd */
+
+#define BMASK (((chunk)1<<BASEBITS)-1) /**< Mask = 2^BASEBITS-1 */
+#define HMASK (((chunk)1<<HBITS)-1) /**< Mask = 2^HBITS-1 */
+#define HMASK1 (((chunk)1<<HBITS1)-1) /**< Mask = 2^HBITS1-1 */
+
+#define MODBITS MBITS /**< Number of bits in Modulus for selected curve */
+#define TBITS (MBITS%BASEBITS) /**< Number of active bits in top word */
+#define TMASK (((chunk)1<<TBITS)-1) /**< Mask for active bits in top word */
+#define NEXCESS (1<<(CHUNK-BASEBITS-1)) /**< 2^(CHUNK-BASEBITS-1) - digit cannot be multiplied by more than this before normalisation */
+#define FEXCESS ((chunk)1<<(BASEBITS*NLEN-MBITS)) /**< 2^(BASEBITS*NLEN-MODBITS) - normalised BIG can be multiplied by more than this before reduction */
+#define OMASK (-((chunk)(1)<<TBITS)) /**< for masking out overflow bits */
+
+/* catch field excesses */
+#define EXCESS(a) ((a[NLEN-1]&OMASK)>>(TBITS)) /**< Field Excess */
+
+
+#define P_MBITS (MODBYTES*8)
+#define P_TBITS (P_MBITS%BASEBITS)
+#define P_EXCESS(a) ((a[NLEN-1])>>(P_TBITS))
+#define P_FEXCESS ((chunk)1<<(BASEBITS*NLEN-P_MBITS))
+
+
+
+/* Field Params - see rom.c */
+extern const BIG Modulus; /**< Actual Modulus set in rom.c */
+extern const chunk MConst; /**< Montgomery only - 1/p mod 2^BASEBITS */
+
+/* Curve Params - see rom.c */
+extern const int CURVE_A; /**< Elliptic curve A parameter */
+extern const BIG CURVE_B; /**< Elliptic curve B parameter */
+extern const BIG CURVE_Order; /**< Elliptic curve group order */
+extern const BIG CURVE_Cof; /**< Elliptic curve cofactor */
+
+/* Generator point on G1 */
+extern const BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
+extern const BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
+
+/* For Pairings only */
+
+/* Generator point on G2 */
+extern const BIG CURVE_Pxa; /**< real part of x-coordinate of generator point in group G2 */
+extern const BIG CURVE_Pxb; /**< imaginary part of x-coordinate of generator point in group G2 */
+extern const BIG CURVE_Pya; /**< real part of y-coordinate of generator point in group G2 */
+extern const BIG CURVE_Pyb; /**< imaginary part of y-coordinate of generator point in group G2 */
+
+extern const BIG CURVE_Bnx; /**< BN curve x parameter */
+
+extern const BIG CURVE_Cru; /**< BN curve Cube Root of Unity */
+
+extern const BIG CURVE_Fra; /**< real part of BN curve Frobenius Constant */
+extern const BIG CURVE_Frb; /**< imaginary part of BN curve Frobenius Constant */
+
+
+extern const BIG CURVE_W[2]; /**< BN curve constant for GLV decomposition */
+extern const BIG CURVE_SB[2][2]; /**< BN curve constant for GLV decomposition */
+extern const BIG CURVE_WB[4]; /**< BN curve constant for GS decomposition */
+extern const BIG CURVE_BB[4][4]; /**< BN curve constant for GS decomposition */
+
+/* Structures */
+
+/**
+ @brief ECP structure - Elliptic Curve Point over base field
+*/
+
+typedef struct
+{
+#if CURVETYPE!=EDWARDS
+ int inf; /**< Infinity Flag - not needed for Edwards representation */
+#endif
+ BIG x; /**< x-coordinate of point */
+#if CURVETYPE!=MONTGOMERY
+ BIG y; /**< y-coordinate of point. Not needed for Montgomery representation */
+#endif
+ BIG z;/**< z-coordinate of point */
+} ECP;
+
+/**
+ @brief FP2 Structure - quadratic extension field
+*/
+
+typedef struct
+{
+ BIG a; /**< real part of FP2 */
+ BIG b; /**< imaginary part of FP2 */
+} FP2;
+
+/**
+ @brief FP4 Structure - towered over two FP2
+*/
+
+typedef struct
+{
+ FP2 a; /**< real part of FP4 */
+ FP2 b; /**< imaginary part of FP4 */
+} FP4;
+
+/**
+ @brief FP12 Structure - towered over three FP4
+*/
+
+typedef struct
+{
+ FP4 a; /**< first part of FP12 */
+ FP4 b; /**< second part of FP12 */
+ FP4 c; /**< third part of FP12 */
+} FP12;
+
+/**
+ @brief ECP2 Structure - Elliptic Curve Point over quadratic extension field
+*/
+
+typedef struct
+{
+ int inf; /**< Infinity Flag */
+ FP2 x; /**< x-coordinate of point */
+ FP2 y; /**< y-coordinate of point */
+ FP2 z; /**< z-coordinate of point */
+} ECP2;
+
+/**
+ * @brief SHA256 hash function instance */
+typedef struct
+{
+ unsign32 length[2]; /**< 64-bit input length */
+ unsign32 h[8]; /**< Internal state */
+ unsign32 w[80]; /**< Internal state */
+ int hlen; /**< Hash length in bytes */
+} hash256;
+
+/**
+ * @brief SHA384-512 hash function instance */
+typedef struct
+{
+ unsign64 length[2]; /**< 64-bit input length */
+ unsign64 h[8]; /**< Internal state */
+ unsign64 w[80]; /**< Internal state */
+ int hlen; /**< Hash length in bytes */
+} hash512;
+
+/**
+ * @brief SHA384 hash function instance */
+typedef hash512 hash384;
+
+#define SHA256 32 /**< SHA-256 hashing */
+#define SHA384 48 /**< SHA-384 hashing */
+#define SHA512 64 /**< SHA-512 hashing */
+
+/* Symmetric Encryption AES structure */
+
+#define ECB 0 /**< Electronic Code Book */
+#define CBC 1 /**< Cipher Block Chaining */
+#define CFB1 2 /**< Cipher Feedback - 1 byte */
+#define CFB2 3 /**< Cipher Feedback - 2 bytes */
+#define CFB4 5 /**< Cipher Feedback - 4 bytes */
+#define OFB1 14 /**< Output Feedback - 1 byte */
+#define OFB2 15 /**< Output Feedback - 2 bytes */
+#define OFB4 17 /**< Output Feedback - 4 bytes */
+#define OFB8 21 /**< Output Feedback - 8 bytes */
+#define OFB16 29 /**< Output Feedback - 16 bytes */
+#define CTR1 30 /**< Counter Mode - 1 byte */
+#define CTR2 31 /**< Counter Mode - 2 bytes */
+#define CTR4 33 /**< Counter Mode - 4 bytes */
+#define CTR8 37 /**< Counter Mode - 8 bytes */
+#define CTR16 45 /**< Counter Mode - 16 bytes */
+
+#define uchar unsigned char /**< Unsigned char */
+
+/**
+ @brief AES instance
+*/
+
+
+typedef struct
+{
+ int Nk; /**< AES Key Length */
+ int Nr; /**< AES Number of rounds */
+ int mode; /**< AES mode of operation */
+ unsign32 fkey[60]; /**< subkeys for encrypton */
+ unsign32 rkey[60]; /**< subkeys for decrypton */
+ char f[16]; /**< buffer for chaining vector */
+} amcl_aes;
+
+/* AES-GCM suppport. */
+
+#define GCM_ACCEPTING_HEADER 0 /**< GCM status */
+#define GCM_ACCEPTING_CIPHER 1 /**< GCM status */
+#define GCM_NOT_ACCEPTING_MORE 2 /**< GCM status */
+#define GCM_FINISHED 3 /**< GCM status */
+#define GCM_ENCRYPTING 0 /**< GCM mode */
+#define GCM_DECRYPTING 1 /**< GCM mode */
+
+
+/**
+ @brief GCM mode instance, using AES internally
+*/
+
+typedef struct
+{
+ unsign32 table[128][4]; /**< 2k byte table */
+ uchar stateX[16]; /**< GCM Internal State */
+ uchar Y_0[16]; /**< GCM Internal State */
+ unsign32 lenA[2]; /**< GCM 64-bit length of header */
+ unsign32 lenC[2]; /**< GCM 64-bit length of ciphertext */
+ int status; /**< GCM Status */
+ amcl_aes a; /**< Internal Instance of AMCL_AES cipher */
+} gcm;
+
+/* Marsaglia & Zaman Random number generator constants */
+
+#define NK 21 /**< PRNG constant */
+#define NJ 6 /**< PRNG constant */
+#define NV 8 /**< PRNG constant */
+
+
+/**
+ @brief Cryptographically secure pseudo-random number generator instance
+*/
+
+typedef struct
+{
+ unsign32 ira[NK]; /**< random number array */
+ int rndptr; /**< pointer into array */
+ unsign32 borrow; /**< borrow as a result of subtraction */
+ int pool_ptr; /**< pointer into random pool */
+ char pool[32]; /**< random pool */
+} csprng;
+
+
+/**
+ @brief Portable representation of a big positive number
+*/
+
+typedef struct
+{
+ int len; /**< length in bytes */
+ int max; /**< max length allowed - enforce truncation */
+ char *val; /**< byte array */
+} octet;
+
+/**
+ @brief Integer Factorisation Public Key
+*/
+
+typedef struct
+{
+ sign32 e; /**< RSA exponent (typically 65537) */
+ BIG n[FFLEN]; /**< An array of BIGs to store public key */
+} rsa_public_key;
+
+/**
+ @brief Integer Factorisation Private Key
+*/
+
+typedef struct
+{
+ BIG p[FFLEN/2]; /**< secret prime p */
+ BIG q[FFLEN/2]; /**< secret prime q */
+ BIG dp[FFLEN/2]; /**< decrypting exponent mod (p-1) */
+ BIG dq[FFLEN/2]; /**< decrypting exponent mod (q-1) */
+ BIG c[FFLEN/2]; /**< 1/p mod q */
+} rsa_private_key;
+
+/*
+
+Note that a normalised BIG consists of digits mod 2^BASEBITS
+However BIG digits may be "extended" up to 2^(WORDLENGTH-1).
+
+BIGs in extended form may need to be normalised before certain
+operations.
+
+A BIG may be "reduced" to be less that the Modulus, or it
+may be "unreduced" and allowed to grow greater than the
+Modulus.
+
+Normalisation is quite fast. Reduction involves conditional branches,
+which can be regarded as significant "speed bumps". We try to
+delay reductions as much as possible. Reductions may also involve
+side channel leakage, so delaying and batching them
+hopefully disguises internal operations.
+
+*/
+
+/* BIG number prototypes */
+
+/** @brief Calculates a*b+c+*d
+ *
+ Calculate partial product of a.b, add in carry c, and add total to d
+ @param a multiplier
+ @param b multiplicand
+ @param c carry
+ @param d pointer to accumulated bottom half of result
+ @return top half of result
+ */
+extern chunk muladd(chunk a,chunk b,chunk c,chunk *d);
+/** @brief Tests for BIG equal to zero
+ *
+ @param x a BIG number
+ @return 1 if zero, else returns 0
+ */
+extern int BIG_iszilch(BIG x);
+/** @brief Tests for DBIG equal to zero
+ *
+ @param x a DBIG number
+ @return 1 if zero, else returns 0
+ */
+extern int BIG_diszilch(DBIG x);
+/** @brief Outputs a BIG number to the console
+ *
+ @param x a BIG number
+ */
+extern void BIG_output(BIG x);
+/** @brief Outputs a BIG number to the console in raw form (for debugging)
+ *
+ @param x a BIG number
+ */
+extern void BIG_rawoutput(BIG x);
+/** @brief Conditional constant time swap of two BIG numbers
+ *
+ Conditionally swaps parameters in constant time (without branching)
+ @param x a BIG number
+ @param y another BIG number
+ @param s swap takes place if not equal to 0
+ */
+extern void BIG_cswap(BIG x,BIG y,int s);
+/** @brief Conditional copy of BIG number
+ *
+ Conditionally copies second parameter to the first (without branching)
+ @param x a BIG number
+ @param y another BIG number
+ @param s copy takes place if not equal to 0
+ */
+extern void BIG_cmove(BIG x,BIG y,int s);
+/** @brief Conditional copy of DBIG number
+ *
+ Conditionally copies second parameter to the first (without branching)
+ @param x a DBIG number
+ @param y another DBIG number
+ @param s copy takes place if not equal to 0
+ */
+extern void BIG_dcmove(BIG x,BIG y,int s);
+/** @brief Convert from BIG number to byte array
+ *
+ @param a byte array
+ @param x BIG number
+ */
+extern void BIG_toBytes(char *a,BIG x);
+/** @brief Convert to BIG number from byte array
+ *
+ @param x BIG number
+ @param a byte array
+ */
+extern void BIG_fromBytes(BIG x,char *a);
+/** @brief Convert to BIG number from byte array of given length
+ *
+ @param x BIG number
+ @param a byte array
+ @param s byte array length
+ */
+extern void BIG_fromBytesLen(BIG x,char *a,int s);
+/**@brief Convert to DBIG number from byte array of given length
+ *
+ @param x DBIG number
+ @param a byte array
+ @param s byte array length
+ */
+extern void BIG_dfromBytesLen(DBIG x,char *a,int s);
+/** @brief Outputs a DBIG number to the console
+ *
+ @param x a DBIG number
+ */
+extern void BIG_doutput(DBIG x);
+/** @brief Copy BIG from Read-Only Memory to a BIG
+ *
+ @param x BIG number
+ @param y BIG number in ROM
+ */
+extern void BIG_rcopy(BIG x,const BIG y);
+/** @brief Copy BIG to another BIG
+ *
+ @param x BIG number
+ @param y BIG number to be copied
+ */
+extern void BIG_copy(BIG x,BIG y);
+/** @brief Copy DBIG to another DBIG
+ *
+ @param x DBIG number
+ @param y DBIG number to be copied
+ */
+extern void BIG_dcopy(DBIG x,DBIG y);
+/** @brief Copy BIG to upper half of DBIG
+ *
+ @param x DBIG number
+ @param y BIG number to be copied
+ */
+extern void BIG_dsucopy(DBIG x,BIG y);
+/** @brief Copy BIG to lower half of DBIG
+ *
+ @param x DBIG number
+ @param y BIG number to be copied
+ */
+extern void BIG_dscopy(DBIG x,BIG y);
+/** @brief Copy lower half of DBIG to a BIG
+ *
+ @param x BIG number
+ @param y DBIG number to be copied
+ */
+extern void BIG_sdcopy(BIG x,DBIG y);
+/** @brief Copy upper half of DBIG to a BIG
+ *
+ @param x BIG number
+ @param y DBIG number to be copied
+ */
+extern void BIG_sducopy(BIG x,DBIG y);
+/** @brief Set BIG to zero
+ *
+ @param x BIG number to be set to zero
+ */
+extern void BIG_zero(BIG x);
+/** @brief Set DBIG to zero
+ *
+ @param x DBIG number to be set to zero
+ */
+extern void BIG_dzero(DBIG x);
+/** @brief Set BIG to one (unity)
+ *
+ @param x BIG number to be set to one.
+ */
+extern void BIG_one(BIG x);
+/** @brief Set BIG to inverse mod 2^256
+ *
+ @param x BIG number to be inverted
+ */
+extern void BIG_invmod2m(BIG x);
+/** @brief Set BIG to sum of two BIGs - output not normalised
+ *
+ @param x BIG number, sum of other two
+ @param y BIG number
+ @param z BIG number
+ */
+extern void BIG_add(BIG x,BIG y,BIG z);
+/** @brief Increment BIG by a small integer - output not normalised
+ *
+ @param x BIG number to be incremented
+ @param i integer
+ */
+extern void BIG_inc(BIG x,int i);
+/** @brief Set BIG to difference of two BIGs
+ *
+ @param x BIG number, difference of other two - output not normalised
+ @param y BIG number
+ @param z BIG number
+ */
+extern void BIG_sub(BIG x,BIG y,BIG z);
+/** @brief Decrement BIG by a small integer - output not normalised
+ *
+ @param x BIG number to be decremented
+ @param i integer
+ */
+extern void BIG_dec(BIG x,int i);
+/** @brief Set DBIG to difference of two DBIGs
+ *
+ @param x DBIG number, difference of other two - output not normalised
+ @param y DBIG number
+ @param z DBIG number
+ */
+extern void BIG_dsub(DBIG x,DBIG y,DBIG z);
+/** @brief Multiply BIG by a small integer - output not normalised
+ *
+ @param x BIG number, product of other two
+ @param y BIG number
+ @param i small integer
+ */
+extern void BIG_imul(BIG x,BIG y,int i);
+/** @brief Multiply BIG by not-so-small small integer - output normalised
+ *
+ @param x BIG number, product of other two
+ @param y BIG number
+ @param i small integer
+ @return Overflowing bits
+ */
+extern chunk BIG_pmul(BIG x,BIG y,int i);
+/** @brief Divide BIG by 3 - output normalised
+ *
+ @param x BIG number
+ @return Remainder
+ */
+extern int BIG_div3(BIG x);
+/** @brief Multiply BIG by even bigger small integer resulting in a DBIG - output normalised
+ *
+ @param x DBIG number, product of other two
+ @param y BIG number
+ @param i small integer
+ */
+extern void BIG_pxmul(DBIG x,BIG y,int i);
+/** @brief Multiply BIG by another BIG resulting in DBIG - inputs normalised and output normalised
+ *
+ @param x DBIG number, product of other two
+ @param y BIG number
+ @param z BIG number
+ */
+extern void BIG_mul(DBIG x,BIG y,BIG z);
+/** @brief Multiply BIG by another BIG resulting in another BIG - inputs normalised and output normalised
+ *
+ Note that the product must fit into a BIG, and x must be distinct from y and z
+ @param x BIG number, product of other two
+ @param y BIG number
+ @param z BIG number
+ */
+extern void BIG_smul(BIG x,BIG y,BIG z);
+/** @brief Square BIG resulting in a DBIG - input normalised and output normalised
+ *
+ @param x DBIG number, square of a BIG
+ @param y BIG number to be squared
+ */
+extern void BIG_sqr(DBIG x,BIG y);
+
+/** @brief Montgomery reduction of a DBIG to a BIG - input normalised and output normalised
+ *
+ @param a BIG number, reduction of a BIG
+ @param md BIG number, the modulus
+ @param MC the Montgomery Constant
+ @param d DBIG number to be reduced
+ */
+extern void BIG_monty(BIG a,BIG md,chunk MC,DBIG d);
+
+/** @brief Shifts a BIG left by any number of bits - input must be normalised, output normalised
+ *
+ @param x BIG number to be shifted
+ @param s Number of bits to shift
+ */
+extern void BIG_shl(BIG x,int s);
+/** @brief Fast shifts a BIG left by a small number of bits - input must be normalised, output will be normalised
+ *
+ The number of bits to be shifted must be less than BASEBITS
+ @param x BIG number to be shifted
+ @param s Number of bits to shift
+ @return Overflow bits
+ */
+extern int BIG_fshl(BIG x,int s);
+/** @brief Shifts a DBIG left by any number of bits - input must be normalised, output normalised
+ *
+ @param x DBIG number to be shifted
+ @param s Number of bits to shift
+ */
+extern void BIG_dshl(DBIG x,int s);
+/** @brief Shifts a BIG right by any number of bits - input must be normalised, output normalised
+ *
+ @param x BIG number to be shifted
+ @param s Number of bits to shift
+ */
+extern void BIG_shr(BIG x,int s);
+/** @brief Fast shifts a BIG right by a small number of bits - input must be normalised, output will be normalised
+ *
+ The number of bits to be shifted must be less than BASEBITS
+ @param x BIG number to be shifted
+ @param s Number of bits to shift
+ @return Shifted out bits
+ */
+extern int BIG_fshr(BIG x,int s);
+/** @brief Shifts a DBIG right by any number of bits - input must be normalised, output normalised
+ *
+ @param x DBIG number to be shifted
+ @param s Number of bits to shift
+ */
+extern void BIG_dshr(DBIG x,int s);
+/** @brief Splits a DBIG into two BIGs - input must be normalised, outputs normalised
+ *
+ Internal function. The value of s must be approximately in the middle of the DBIG.
+ Typically used to extract z mod 2^MODBITS and z/2^MODBITS
+ @param x BIG number, top half of z
+ @param y BIG number, bottom half of z
+ @param z DBIG number to be split in two.
+ @param s Bit position at which to split
+ @return carry-out from top half
+ */
+extern chunk BIG_split(BIG x,BIG y,DBIG z,int s);
+/** @brief Normalizes a BIG number - output normalised
+ *
+ All digits of the input BIG are reduced mod 2^BASEBITS
+ @param x BIG number to be normalised
+ */
+extern chunk BIG_norm(BIG x);
+/** @brief Normalizes a DBIG number - output normalised
+ *
+ All digits of the input DBIG are reduced mod 2^BASEBITS
+ @param x DBIG number to be normalised
+ */
+extern void BIG_dnorm(DBIG x);
+/** @brief Compares two BIG numbers. Inputs must be normalised externally
+ *
+ @param x first BIG number to be compared
+ @param y second BIG number to be compared
+ @return -1 is x<y, 0 if x=y, 1 if x>y
+ */
+extern int BIG_comp(BIG x,BIG y);
+/** @brief Compares two DBIG numbers. Inputs must be normalised externally
+ *
+ @param x first DBIG number to be compared
+ @param y second DBIG number to be compared
+ @return -1 is x<y, 0 if x=y, 1 if x>y
+ */
+extern int BIG_dcomp(DBIG x,DBIG y);
+/** @brief Calculate number of bits in a BIG - output normalised
+ *
+ @param x BIG number
+ @return Number of bits in x
+ */
+extern int BIG_nbits(BIG x);
+/** @brief Calculate number of bits in a DBIG - output normalised
+ *
+ @param x DBIG number
+ @return Number of bits in x
+ */
+extern int BIG_dnbits(DBIG x);
+/** @brief Reduce x mod n - input and output normalised
+ *
+ Slow but rarely used
+ @param x BIG number to be reduced mod n
+ @param n The modulus
+ */
+extern void BIG_mod(BIG x,BIG n);
+/** @brief Divide x by n - output normalised
+ *
+ Slow but rarely used
+ @param x BIG number to be divided by n
+ @param n The Divisor
+ */
+extern void BIG_sdiv(BIG x,BIG n);
+/** @brief x=y mod n - output normalised
+ *
+ Slow but rarely used. y is destroyed.
+ @param x BIG number, on exit = y mod n
+ @param y DBIG number
+ @param n Modulus
+ */
+extern void BIG_dmod(BIG x,DBIG y,BIG n);
+/** @brief x=y/n - output normalised
+ *
+ Slow but rarely used. y is destroyed.
+ @param x BIG number, on exit = y/n
+ @param y DBIG number
+ @param n Modulus
+ */
+extern void BIG_ddiv(BIG x,DBIG y,BIG n);
+/** @brief return parity of BIG, that is the least significant bit
+ *
+ @param x BIG number
+ @return 0 or 1
+ */
+extern int BIG_parity(BIG x);
+/** @brief return i-th of BIG
+ *
+ @param x BIG number
+ @param i the bit of x to be returned
+ @return 0 or 1
+ */
+extern int BIG_bit(BIG x,int i);
+/** @brief return least significant bits of a BIG
+ *
+ @param x BIG number
+ @param n number of bits to return. Assumed to be less than BASEBITS.
+ @return least significant n bits as an integer
+ */
+extern int BIG_lastbits(BIG x,int n);
+/** @brief Create a random BIG from a random number generator
+ *
+ Assumes that the random number generator has been suitably initialised
+ @param x BIG number, on exit a random number
+ @param r A pointer to a Cryptographically Secure Random Number Generator
+ */
+extern void BIG_random(BIG x,csprng *r);
+/** @brief Create an unbiased random BIG from a random number generator, reduced with respect to a modulus
+ *
+ Assumes that the random number generator has been suitably initialised
+ @param x BIG number, on exit a random number
+ @param n The modulus
+ @param r A pointer to a Cryptographically Secure Random Number Generator
+ */
+extern void BIG_randomnum(BIG x,BIG n,csprng *r);
+/** brief return NAF (Non-Adjacent-Form) value as +/- 1, 3 or 5, inputs must be normalised
+ *
+ Given x and 3*x extracts NAF value from given bit position, and returns number of bits processed, and number of trailing zeros detected if any
+ param x BIG number
+ param x3 BIG number, three times x
+ param i bit position
+ param nbs pointer to integer returning number of bits processed
+ param nzs pointer to integer returning number of trailing 0s
+ return + or - 1, 3 or 5
+*/
+//extern int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs);
+
+/** @brief Calculate x=y*z mod n
+ *
+ Slow method for modular multiplication
+ @param x BIG number, on exit = y*z mod n
+ @param y BIG number
+ @param z BIG number
+ @param n The BIG Modulus
+ */
+extern void BIG_modmul(BIG x,BIG y,BIG z,BIG n);
+/** @brief Calculate x=y/z mod n
+ *
+ Slow method for modular division
+ @param x BIG number, on exit = y/z mod n
+ @param y BIG number
+ @param z BIG number
+ @param n The BIG Modulus
+ */
+extern void BIG_moddiv(BIG x,BIG y,BIG z,BIG n);
+/** @brief Calculate x=y^2 mod n
+ *
+ Slow method for modular squaring
+ @param x BIG number, on exit = y^2 mod n
+ @param y BIG number
+ @param n The BIG Modulus
+ */
+extern void BIG_modsqr(BIG x,BIG y,BIG n);
+/** @brief Calculate x=-y mod n
+ *
+ Modular negation
+ @param x BIG number, on exit = -y mod n
+ @param y BIG number
+ @param n The BIG Modulus
+ */
+extern void BIG_modneg(BIG x,BIG y,BIG n);
+/** @brief Calculate jacobi Symbol (x/y)
+ *
+ @param x BIG number
+ @param y BIG number
+ @return Jacobi symbol, -1,0 or 1
+ */
+extern int BIG_jacobi(BIG x,BIG y);
+/** @brief Calculate x=1/y mod n
+ *
+ Modular Inversion - This is slow. Uses binary method.
+ @param x BIG number, on exit = 1/y mod n
+ @param y BIG number
+ @param n The BIG Modulus
+ */
+extern void BIG_invmodp(BIG x,BIG y,BIG n);
+/** @brief Calculate x=x mod 2^m
+ *
+ Truncation
+ @param x BIG number, on reduced mod 2^m
+ @param m new truncated size
+*/
+extern void BIG_mod2m(BIG x,int m);
+
+
+
+/* FP prototypes */
+
+/** @brief Tests for BIG equal to zero mod Modulus
+ *
+ @param x BIG number to be tested
+ @return 1 if zero, else returns 0
+ */
+extern int FP_iszilch(BIG x);
+/** @brief Converts from BIG integer to n-residue form mod Modulus
+ *
+ @param x BIG number to be converted
+ */
+extern void FP_nres(BIG x);
+/** @brief Converts from n-residue form back to BIG integer form
+ *
+ @param x BIG number to be converted
+ */
+extern void FP_redc(BIG x);
+/** @brief Sets BIG to representation of unity in n-residue form
+ *
+ @param x BIG number to be set equal to unity.
+ */
+extern void FP_one(BIG x);
+/** @brief Reduces DBIG to BIG exploiting special form of the modulus
+ *
+ This function comes in different flavours depending on the form of Modulus that is currently in use.
+ @param r BIG number, on exit = d mod Modulus
+ @param d DBIG number to be reduced
+ */
+extern void FP_mod(BIG r,DBIG d);
+/** @brief Fast Modular multiplication of two BIGs in n-residue form, mod Modulus
+ *
+ Uses appropriate fast modular reduction method
+ @param x BIG number, on exit the modular product = y*z mod Modulus
+ @param y BIG number, the multiplicand
+ @param z BIG number, the multiplier
+ */
+extern void FP_mul(BIG x,BIG y,BIG z);
+/** @brief Fast Modular multiplication of a BIG in n-residue form, by a small integer, mod Modulus
+ *
+ @param x BIG number, on exit the modular product = y*i mod Modulus
+ @param y BIG number, the multiplicand
+ @param i a small number, the multiplier
+ */
+extern void FP_imul(BIG x,BIG y,int i);
+/** @brief Fast Modular squaring of a BIG in n-residue form, mod Modulus
+ *
+ Uses appropriate fast modular reduction method
+ @param x BIG number, on exit the modular product = y^2 mod Modulus
+ @param y BIG number, the number to be squared
+
+ */
+extern void FP_sqr(BIG x,BIG y);
+/** @brief Modular addition of two BIGs in n-residue form, mod Modulus
+ *
+ @param x BIG number, on exit the modular sum = y+z mod Modulus
+ @param y BIG number
+ @param z BIG number
+ */
+extern void FP_add(BIG x,BIG y,BIG z);
+/** @brief Modular subtraction of two BIGs in n-residue form, mod Modulus
+ *
+ @param x BIG number, on exit the modular difference = y-z mod Modulus
+ @param y BIG number
+ @param z BIG number
+ */
+extern void FP_sub(BIG x,BIG y,BIG z);
+/** @brief Modular division by 2 of a BIG in n-residue form, mod Modulus
+ *
+ @param x BIG number, on exit =y/2 mod Modulus
+ @param y BIG number
+ */
+extern void FP_div2(BIG x,BIG y);
+/** @brief Fast Modular exponentiation of a BIG in n-residue form, to the power of a BIG, mod Modulus
+ *
+ @param x BIG number, on exit = y^z mod Modulus
+ @param y BIG number
+ @param z Big number exponent
+ */
+extern void FP_pow(BIG x,BIG y,BIG z);
+/** @brief Fast Modular square root of a BIG in n-residue form, mod Modulus
+ *
+ @param x BIG number, on exit = sqrt(y) mod Modulus
+ @param y BIG number, the number whose square root is calculated
+
+ */
+extern void FP_sqrt(BIG x,BIG y);
+/** @brief Modular negation of a BIG in n-residue form, mod Modulus
+ *
+ @param x BIG number, on exit = -y mod Modulus
+ @param y BIG number
+ */
+extern void FP_neg(BIG x,BIG y);
+/** @brief Outputs a BIG number that is in n-residue form to the console
+ *
+ Converts from n-residue form before output
+ @param x a BIG number
+ */
+extern void FP_output(BIG x);
+/** @brief Outputs a BIG number that is in n-residue form to the console, in raw form
+ *
+ Converts from n-residue form before output
+ @param x a BIG number
+ */
+extern void FP_rawoutput(BIG x);
+/** @brief Reduces possibly unreduced BIG mod Modulus
+ *
+ @param x BIG number, on exit reduced mod Modulus
+ */
+extern void FP_reduce(BIG x);
+/** @brief Tests for BIG a quadratic residue mod Modulus
+ *
+ @param x BIG number to be tested
+ @return 1 if quadratic residue, else returns 0 if quadratic non-residue
+ */
+extern int FP_qr(BIG x);
+/** @brief Modular inverse of a BIG in n-residue form, mod Modulus
+ *
+ @param x BIG number, on exit = 1/y mod Modulus
+ @param y BIG number
+ */
+extern void FP_inv(BIG x,BIG y);
+
+
+/* FP2 prototypes */
+
+/** @brief Tests for FP2 equal to zero
+ *
+ @param x FP2 number to be tested
+ @return 1 if zero, else returns 0
+ */
+extern int FP2_iszilch(FP2 *x);
+/** @brief Conditional copy of FP2 number
+ *
+ Conditionally copies second parameter to the first (without branching)
+ @param x FP2 instance, set to y if s!=0
+ @param y another FP2 instance
+ @param s copy only takes place if not equal to 0
+ */
+extern void FP2_cmove(FP2 *x,FP2 *y,int s);
+/** @brief Tests for FP2 equal to one
+ *
+ @param x FP2 instance to be tested
+ @return 1 if x=1, else returns 0
+ */
+extern int FP2_isunity(FP2 *x);
+/** @brief Tests for equality of two FP2s
+ *
+ @param x FP2 instance to be compared
+ @param y FP2 instance to be compared
+ @return 1 if x=y, else returns 0
+ */
+extern int FP2_equals(FP2 *x,FP2 *y);
+/** @brief Initialise FP2 from two BIGs in n-residue form
+ *
+ @param x FP2 instance to be initialised
+ @param a BIG to form real part of FP2
+ @param b BIG to form imaginary part of FP2
+ */
+extern void FP2_from_FPs(FP2 *x,BIG a,BIG b);
+/** @brief Initialise FP2 from two BIG integers
+ *
+ @param x FP2 instance to be initialised
+ @param a BIG to form real part of FP2
+ @param b BIG to form imaginary part of FP2
+ */
+extern void FP2_from_BIGs(FP2 *x,BIG a,BIG b);
+/** @brief Initialise FP2 from single BIG in n-residue form
+ *
+ Imaginary part is set to zero
+ @param x FP2 instance to be initialised
+ @param a BIG to form real part of FP2
+ */
+extern void FP2_from_FP(FP2 *x,BIG a);
+/** @brief Initialise FP2 from single BIG
+ *
+ Imaginary part is set to zero
+ @param x FP2 instance to be initialised
+ @param a BIG to form real part of FP2
+ */
+extern void FP2_from_BIG(FP2 *x,BIG a);
+/** @brief Copy FP2 to another FP2
+ *
+ @param x FP2 instance, on exit = y
+ @param y FP2 instance to be copied
+ */
+extern void FP2_copy(FP2 *x,FP2 *y);
+/** @brief Set FP2 to zero
+ *
+ @param x FP2 instance to be set to zero
+ */
+extern void FP2_zero(FP2 *x);
+/** @brief Set FP2 to unity
+ *
+ @param x FP2 instance to be set to one
+ */
+extern void FP2_one(FP2 *x);
+/** @brief Negation of FP2
+ *
+ @param x FP2 instance, on exit = -y
+ @param y FP2 instance
+ */
+extern void FP2_neg(FP2 *x,FP2 *y);
+/** @brief Conjugation of FP2
+ *
+ If y=(a,b) on exit x=(a,-b)
+ @param x FP2 instance, on exit = conj(y)
+ @param y FP2 instance
+ */
+extern void FP2_conj(FP2 *x,FP2 *y);
+/** @brief addition of two FP2s
+ *
+ @param x FP2 instance, on exit = y+z
+ @param y FP2 instance
+ @param z FP2 instance
+ */
+extern void FP2_add(FP2 *x,FP2 *y,FP2 *z);
+/** @brief subtraction of two FP2s
+ *
+ @param x FP2 instance, on exit = y-z
+ @param y FP2 instance
+ @param z FP2 instance
+ */
+extern void FP2_sub(FP2 *x,FP2 *y,FP2 *z);
+/** @brief Multiplication of an FP2 by an n-residue
+ *
+ @param x FP2 instance, on exit = y*b
+ @param y FP2 instance
+ @param b BIG n-residue
+ */
+extern void FP2_pmul(FP2 *x,FP2 *y,BIG b);
+/** @brief Multiplication of an FP2 by a small integer
+ *
+ @param x FP2 instance, on exit = y*i
+ @param y FP2 instance
+ @param i an integer
+ */
+extern void FP2_imul(FP2 *x,FP2 *y,int i);
+/** @brief Squaring an FP2
+ *
+ @param x FP2 instance, on exit = y^2
+ @param y FP2 instance
+ */
+extern void FP2_sqr(FP2 *x,FP2 *y);
+/** @brief Multiplication of two FP2s
+ *
+ @param x FP2 instance, on exit = y*z
+ @param y FP2 instance
+ @param z FP2 instance
+ */
+extern void FP2_mul(FP2 *x,FP2 *y,FP2 *z);
+/** @brief Formats and outputs an FP2 to the console
+ *
+ @param x FP2 instance
+ */
+extern void FP2_output(FP2 *x);
+/** @brief Formats and outputs an FP2 to the console in raw form (for debugging)
+ *
+ @param x FP2 instance
+ */
+extern void FP2_rawoutput(FP2 *x);
+/** @brief Inverting an FP2
+ *
+ @param x FP2 instance, on exit = 1/y
+ @param y FP2 instance
+ */
+extern void FP2_inv(FP2 *x,FP2 *y);
+/** @brief Divide an FP2 by 2
+ *
+ @param x FP2 instance, on exit = y/2
+ @param y FP2 instance
+ */
+extern void FP2_div2(FP2 *x,FP2 *y);
+/** @brief Multiply an FP2 by (1+sqrt(-1))
+ *
+ Note that (1+sqrt(-1)) is irreducible for FP4
+ @param x FP2 instance, on exit = x*(1+sqrt(-1))
+ */
+extern void FP2_mul_ip(FP2 *x);
+/** @brief Divide an FP2 by (1+sqrt(-1))
+ *
+ Note that (1+sqrt(-1)) is irreducible for FP4
+ @param x FP2 instance, on exit = x/(1+sqrt(-1))
+ */
+extern void FP2_div_ip(FP2 *x);
+/** @brief Normalises the components of an FP2
+ *
+ @param x FP2 instance to be normalised
+ */
+extern void FP2_norm(FP2 *x);
+/** @brief Reduces all components of possibly unreduced FP2 mod Modulus
+ *
+ @param x FP2 instance, on exit reduced mod Modulus
+ */
+extern void FP2_reduce(FP2 *x);
+/** @brief Raises an FP2 to the power of a BIG
+ *
+ @param x FP2 instance, on exit = y^b
+ @param y FP2 instance
+ @param b BIG number
+ */
+extern void FP2_pow(FP2 *x,FP2 *y,BIG b);
+/** @brief Square root of an FP2
+ *
+ @param x FP2 instance, on exit = sqrt(y)
+ @param y FP2 instance
+ */
+extern int FP2_sqrt(FP2 *x,FP2 *y);
+
+
+
+/* ECP E(Fp) prototypes */
+/** @brief Tests for ECP point equal to infinity
+ *
+ @param P ECP point to be tested
+ @return 1 if infinity, else returns 0
+ */
+extern int ECP_isinf(ECP *P);
+/** @brief Tests for equality of two ECPs
+ *
+ @param P ECP instance to be compared
+ @param Q ECP instance to be compared
+ @return 1 if P=Q, else returns 0
+ */
+extern int ECP_equals(ECP *P,ECP *Q);
+/** @brief Copy ECP point to another ECP point
+ *
+ @param P ECP instance, on exit = Q
+ @param Q ECP instance to be copied
+ */
+extern void ECP_copy(ECP *P,ECP *Q);
+/** @brief Negation of an ECP point
+ *
+ @param P ECP instance, on exit = -P
+ */
+extern void ECP_neg(ECP *P);
+/** @brief Set ECP to point-at-infinity
+ *
+ @param P ECP instance to be set to infinity
+ */
+extern void ECP_inf(ECP *P);
+/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
+ *
+ Function f(x) depends on form of elliptic curve, Weierstrass, Edwards or Montgomery.
+ Used internally.
+ @param r BIG n-residue value of f(x)
+ @param x BIG n-residue x
+ */
+extern void ECP_rhs(BIG r,BIG x);
+/** @brief Set ECP to point(x,y) given just x and sign of y
+ *
+ Point P set to infinity if no such point on the curve. If x is on the curve then y is calculated from the curve equation.
+ The correct y value (plus or minus) is selected given its sign s.
+ @param P ECP instance to be set (x,[y])
+ @param x BIG x coordinate of point
+ @param s an integer representing the "sign" of y, in fact its least significant bit.
+ */
+extern int ECP_setx(ECP *P,BIG x,int s);
+
+#if CURVETYPE==MONTGOMERY
+/** @brief Set ECP to point(x,[y]) given x
+ *
+ Point P set to infinity if no such point on the curve. Note that y coordinate is not needed.
+ @param P ECP instance to be set (x,[y])
+ @param x BIG x coordinate of point
+ @return 1 if point exists, else 0
+ */
+extern int ECP_set(ECP *P,BIG x);
+/** @brief Extract x coordinate of an ECP point P
+ *
+ @param x BIG on exit = x coordinate of point
+ @param P ECP instance (x,[y])
+ @return -1 if P is point-at-infinity, else 0
+ */
+extern int ECP_get(BIG x,ECP *P);
+/** @brief Adds ECP instance Q to ECP instance P, given difference D=P-Q
+ *
+ Differential addition of points on a Montgomery curve
+ @param P ECP instance, on exit =P+Q
+ @param Q ECP instance to be added to P
+ @param D Difference between P and Q
+ */
+extern void ECP_add(ECP *P,ECP *Q,ECP *D);
+#else
+/** @brief Set ECP to point(x,y) given x and y
+ *
+ Point P set to infinity if no such point on the curve.
+ @param P ECP instance to be set (x,y)
+ @param x BIG x coordinate of point
+ @param y BIG y coordinate of point
+ @return 1 if point exists, else 0
+ */
+extern int ECP_set(ECP *P,BIG x,BIG y);
+/** @brief Extract x and y coordinates of an ECP point P
+ *
+ If x=y, returns only x
+ @param x BIG on exit = x coordinate of point
+ @param y BIG on exit = y coordinate of point (unless x=y)
+ @param P ECP instance (x,y)
+ @return sign of y, or -1 if P is point-at-infinity
+ */
+extern int ECP_get(BIG x,BIG y,ECP *P);
+/** @brief Adds ECP instance Q to ECP instance P
+ *
+ @param P ECP instance, on exit =P+Q
+ @param Q ECP instance to be added to P
+ */
+extern void ECP_add(ECP *P,ECP *Q);
+/** @brief Subtracts ECP instance Q from ECP instance P
+ *
+ @param P ECP instance, on exit =P-Q
+ @param Q ECP instance to be subtracted from P
+ */
+extern void ECP_sub(ECP *P,ECP *Q);
+#endif
+/** @brief Converts an ECP point from Projective (x,y,z) coordinates to affine (x,y) coordinates
+ *
+ @param P ECP instance to be converted to affine form
+ */
+extern void ECP_affine(ECP *P);
+/** @brief Formats and outputs an ECP point to the console, in projective coordinates
+ *
+ @param P ECP instance to be printed
+ */
+extern void ECP_outputxyz(ECP *P);
+/** @brief Formats and outputs an ECP point to the console, converted to affine coordinates
+ *
+ @param P ECP instance to be printed
+ */
+extern void ECP_output(ECP * P);
+/** @brief Formats and outputs an ECP point to an octet string
+ *
+ The octet string is created in the standard form 04|x|y, except for Montgomery curve in which case it is 06|x
+ Here x (and y) are the x and y coordinates in big-endian base 256 form.
+ @param S output octet string
+ @param P ECP instance to be converted to an octet string
+ */
+extern void ECP_toOctet(octet *S,ECP *P);
+/** @brief Creates an ECP point from an octet string
+ *
+ The octet string is in the standard form 0x04|x|y, except for Montgomery curve in which case it is 0x06|x
+ Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
+ @param P ECP instance to be created from the octet string
+ @param S input octet string
+ return 1 if octet string corresponds to a point on the curve, else 0
+ */
+extern int ECP_fromOctet(ECP *P,octet *S);
+/** @brief Doubles an ECP instance P
+ *
+ @param P ECP instance, on exit =2*P
+ */
+extern void ECP_dbl(ECP *P);
+/** @brief Multiplies an ECP instance P by a small integer, side-channel resistant
+ *
+ @param P ECP instance, on exit =i*P
+ @param i small integer multiplier
+ @param b maximum number of bits in multiplier
+ */
+extern void ECP_pinmul(ECP *P,int i,int b);
+/** @brief Multiplies an ECP instance P by a BIG, side-channel resistant
+ *
+ Uses Montgomery ladder for Montgomery curves, otherwise fixed sized windows.
+ @param P ECP instance, on exit =b*P
+ @param b BIG number multiplier
+
+ */
+extern void ECP_mul(ECP *P,BIG b);
+/** @brief Calculates double multiplication P=e*P+f*Q, side-channel resistant
+ *
+ @param P ECP instance, on exit =e*P+f*Q
+ @param Q ECP instance
+ @param e BIG number multiplier
+ @param f BIG number multiplier
+ */
+extern void ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f);
+
+
+
+/* ECP2 E(Fp2) prototypes */
+/** @brief Tests for ECP2 point equal to infinity
+ *
+ @param P ECP2 point to be tested
+ @return 1 if infinity, else returns 0
+ */
+extern int ECP2_isinf(ECP2 *P);
+/** @brief Copy ECP2 point to another ECP2 point
+ *
+ @param P ECP2 instance, on exit = Q
+ @param Q ECP2 instance to be copied
+ */
+extern void ECP2_copy(ECP2 *P,ECP2 *Q);
+/** @brief Set ECP2 to point-at-infinity
+ *
+ @param P ECP2 instance to be set to infinity
+ */
+extern void ECP2_inf(ECP2 *P);
+/** @brief Tests for equality of two ECP2s
+ *
+ @param P ECP2 instance to be compared
+ @param Q ECP2 instance to be compared
+ @return 1 if P=Q, else returns 0
+ */
+extern int ECP2_equals(ECP2 *P,ECP2 *Q);
+/** @brief Converts an ECP2 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
+ *
+ @param P ECP2 instance to be converted to affine form
+ */
+extern void ECP2_affine(ECP2 *P);
+/** @brief Extract x and y coordinates of an ECP2 point P
+ *
+ If x=y, returns only x
+ @param x FP2 on exit = x coordinate of point
+ @param y FP2 on exit = y coordinate of point (unless x=y)
+ @param P ECP2 instance (x,y)
+ @return -1 if P is point-at-infinity, else 0
+ */
+extern int ECP2_get(FP2 *x,FP2 *y,ECP2 *P);
+/** @brief Formats and outputs an ECP2 point to the console, converted to affine coordinates
+ *
+ @param P ECP2 instance to be printed
+ */
+extern void ECP2_output(ECP2 *P);
+/** @brief Formats and outputs an ECP2 point to the console, in projective coordinates
+ *
+ @param P ECP2 instance to be printed
+ */
+extern void ECP2_outputxyz(ECP2 *P);
+/** @brief Formats and outputs an ECP2 point to an octet string
+ *
+ The octet string is created in the form x|y.
+ Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
+ @param S output octet string
+ @param P ECP2 instance to be converted to an octet string
+ */
+extern void ECP2_toOctet(octet *S,ECP2 *P);
+/** @brief Creates an ECP2 point from an octet string
+ *
+ The octet string is in the form x|y
+ The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
+ @param P ECP2 instance to be created from the octet string
+ @param S input octet string
+ return 1 if octet string corresponds to a point on the curve, else 0
+ */
+extern int ECP2_fromOctet(ECP2 *P,octet *S);
+/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
+ *
+ Function f(x)=x^3+Ax+B
+ Used internally.
+ @param r FP2 value of f(x)
+ @param x FP2 instance
+ */
+extern void ECP2_rhs(FP2 *r,FP2 *x);
+/** @brief Set ECP2 to point(x,y) given x and y
+ *
+ Point P set to infinity if no such point on the curve.
+ @param P ECP2 instance to be set (x,y)
+ @param x FP2 x coordinate of point
+ @param y FP2 y coordinate of point
+ @return 1 if point exists, else 0
+ */
+extern int ECP2_set(ECP2 *P,FP2 *x,FP2 *y);
+/** @brief Set ECP to point(x,[y]) given x
+ *
+ Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
+ @param P ECP instance to be set (x,[y])
+ @param x BIG x coordinate of point
+ @return 1 if point exists, else 0
+ */
+extern int ECP2_setx(ECP2 *P,FP2 *x);
+/** @brief Negation of an ECP2 point
+ *
+ @param P ECP2 instance, on exit = -P
+ */
+extern void ECP2_neg(ECP2 *P);
+/** @brief Doubles an ECP2 instance P
+ *
+ @param P ECP2 instance, on exit =2*P
+ */
+extern int ECP2_dbl(ECP2 *P);
+/** @brief Adds ECP2 instance Q to ECP2 instance P
+ *
+ @param P ECP2 instance, on exit =P+Q
+ @param Q ECP2 instance to be added to P
+ */
+extern int ECP2_add(ECP2 *P,ECP2 *Q);
+/** @brief Subtracts ECP instance Q from ECP2 instance P
+ *
+ @param P ECP2 instance, on exit =P-Q
+ @param Q ECP2 instance to be subtracted from P
+ */
+extern void ECP2_sub(ECP2 *P,ECP2 *Q);
+/** @brief Multiplies an ECP2 instance P by a BIG, side-channel resistant
+ *
+ Uses fixed sized windows.
+ @param P ECP2 instance, on exit =b*P
+ @param b BIG number multiplier
+
+ */
+extern void ECP2_mul(ECP2 *P,BIG b);
+/** @brief Multiplies an ECP2 instance P by the internal modulus p, using precalculated Frobenius constant f
+ *
+ Fast point multiplication using Frobenius
+ @param P ECP2 instance, on exit = p*P
+ @param f FP2 precalculated Frobenius constant
+
+ */
+extern void ECP2_frob(ECP2 *P,FP2 *f);
+/** @brief Calculates P=b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
+ *
+ @param P ECP2 instance, on exit = b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
+ @param Q ECP2 array of 4 points
+ @param b BIG array of 4 multipliers
+ */
+extern void ECP2_mul4(ECP2 *P,ECP2 *Q,BIG *b);
+
+
+
+/* FP4 prototypes */
+/** @brief Tests for FP4 equal to zero
+ *
+ @param x FP4 number to be tested
+ @return 1 if zero, else returns 0
+ */
+extern int FP4_iszilch(FP4 *x);
+/** @brief Tests for FP4 equal to unity
+ *
+ @param x FP4 number to be tested
+ @return 1 if unity, else returns 0
+ */
+extern int FP4_isunity(FP4 *x);
+/** @brief Tests for equality of two FP4s
+ *
+ @param x FP4 instance to be compared
+ @param y FP4 instance to be compared
+ @return 1 if x=y, else returns 0
+ */
+extern int FP4_equals(FP4 *x,FP4 *y);
+/** @brief Tests for FP4 having only a real part and no imaginary part
+ *
+ @param x FP4 number to be tested
+ @return 1 if real, else returns 0
+ */
+extern int FP4_isreal(FP4 *x);
+/** @brief Initialise FP4 from two FP2s
+ *
+ @param x FP4 instance to be initialised
+ @param a FP2 to form real part of FP4
+ @param b FP2 to form imaginary part of FP4
+ */
+extern void FP4_from_FP2s(FP4 *x,FP2 *a,FP2 *b);
+/** @brief Initialise FP4 from single FP2
+ *
+ Imaginary part is set to zero
+ @param x FP4 instance to be initialised
+ @param a FP2 to form real part of FP4
+ */
+extern void FP4_from_FP2(FP4 *x,FP2 *a);
+/** @brief Copy FP4 to another FP4
+ *
+ @param x FP4 instance, on exit = y
+ @param y FP4 instance to be copied
+ */
+extern void FP4_copy(FP4 *x,FP4 *y);
+/** @brief Set FP4 to zero
+ *
+ @param x FP4 instance to be set to zero
+ */
+extern void FP4_zero(FP4 *x);
+/** @brief Set FP4 to unity
+ *
+ @param x FP4 instance to be set to one
+ */
+extern void FP4_one(FP4 *x);
+/** @brief Negation of FP4
+ *
+ @param x FP4 instance, on exit = -y
+ @param y FP4 instance
+ */
+extern void FP4_neg(FP4 *x,FP4 *y);
+/** @brief Conjugation of FP4
+ *
+ If y=(a,b) on exit x=(a,-b)
+ @param x FP4 instance, on exit = conj(y)
+ @param y FP4 instance
+ */
+extern void FP4_conj(FP4 *x,FP4 *y);
+/** @brief Negative conjugation of FP4
+ *
+ If y=(a,b) on exit x=(-a,b)
+ @param x FP4 instance, on exit = -conj(y)
+ @param y FP4 instance
+ */
+extern void FP4_nconj(FP4 *x,FP4 *y);
+/** @brief addition of two FP4s
+ *
+ @param x FP4 instance, on exit = y+z
+ @param y FP4 instance
+ @param z FP4 instance
+ */
+extern void FP4_add(FP4 *x,FP4 *y,FP4 *z);
+/** @brief subtraction of two FP4s
+ *
+ @param x FP4 instance, on exit = y-z
+ @param y FP4 instance
+ @param z FP4 instance
+ */
+extern void FP4_sub(FP4 *x,FP4 *y,FP4 *z);
+/** @brief Multiplication of an FP4 by an FP2
+ *
+ @param x FP4 instance, on exit = y*a
+ @param y FP4 instance
+ @param a FP2 multiplier
+ */
+extern void FP4_pmul(FP4 *x,FP4 *y,FP2 *a);
+/** @brief Multiplication of an FP4 by a small integer
+ *
+ @param x FP4 instance, on exit = y*i
+ @param y FP4 instance
+ @param i an integer
+ */
+extern void FP4_imul(FP4 *x,FP4 *y,int i);
+/** @brief Squaring an FP4
+ *
+ @param x FP4 instance, on exit = y^2
+ @param y FP4 instance
+ */
+extern void FP4_sqr(FP4 *x,FP4 *y);
+/** @brief Multiplication of two FP4s
+ *
+ @param x FP4 instance, on exit = y*z
+ @param y FP4 instance
+ @param z FP4 instance
+ */
+extern void FP4_mul(FP4 *x,FP4 *y,FP4 *z);
+/** @brief Inverting an FP4
+ *
+ @param x FP4 instance, on exit = 1/y
+ @param y FP4 instance
+ */
+extern void FP4_inv(FP4 *x,FP4 *y);
+/** @brief Formats and outputs an FP4 to the console
+ *
+ @param x FP4 instance to be printed
+ */
+extern void FP4_output(FP4 *x);
+/** @brief Formats and outputs an FP4 to the console in raw form (for debugging)
+ *
+ @param x FP4 instance to be printed
+ */
+extern void FP4_rawoutput(FP4 *x);
+/** @brief multiplies an FP4 instance by irreducible polynomial sqrt(1+sqrt(-1))
+ *
+ @param x FP4 instance, on exit = sqrt(1+sqrt(-1)*x
+ */
+extern void FP4_times_i(FP4 *x);
+/** @brief Normalises the components of an FP4
+ *
+ @param x FP4 instance to be normalised
+ */
+extern void FP4_norm(FP4 *x);
+/** @brief Reduces all components of possibly unreduced FP4 mod Modulus
+ *
+ @param x FP4 instance, on exit reduced mod Modulus
+ */
+extern void FP4_reduce(FP4 *x);
+/** @brief Raises an FP4 to the power of a BIG
+ *
+ @param x FP4 instance, on exit = y^b
+ @param y FP4 instance
+ @param b BIG number
+ */
+extern void FP4_pow(FP4 *x,FP4 *y,BIG b);
+/** @brief Raises an FP4 to the power of the internal modulus p, using the Frobenius
+ *
+ @param x FP4 instance, on exit = x^p
+ @param f FP2 precalculated Frobenius constant
+ */
+extern void FP4_frob(FP4 *x,FP2 *f);
+/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
+ *
+ @param r FP4 instance, on exit = w*x-conj(x)*y+z
+ @param w FP4 instance
+ @param x FP4 instance
+ @param y FP4 instance
+ @param z FP4 instance
+ */
+extern void FP4_xtr_A(FP4 *r,FP4 *w,FP4 *x,FP4 *y,FP4 *z);
+/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
+ *
+ @param r FP4 instance, on exit = x^2-2*conj(x)
+ @param x FP4 instance
+ */
+extern void FP4_xtr_D(FP4 *r,FP4 *x);
+/** @brief Calculates FP4 trace of an FP12 raised to the power of a BIG number
+ *
+ XTR single exponentiation
+ @param r FP4 instance, on exit = trace(w^b)
+ @param x FP4 instance, trace of an FP12 w
+ @param b BIG number
+ */
+extern void FP4_xtr_pow(FP4 *r,FP4 *x,BIG b);
+/** @brief Calculates FP4 trace of c^a.d^b, where c and d are derived from FP4 traces of FP12s
+ *
+ XTR double exponentiation
+ Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
+ @param r FP4 instance, on exit = trace(c^a.d^b)
+ @param c FP4 instance, trace of an FP12
+ @param d FP4 instance, trace of an FP12
+ @param e FP4 instance, trace of an FP12
+ @param f FP4 instance, trace of an FP12
+ @param a BIG number
+ @param b BIG number
+ */
+extern void FP4_xtr_pow2(FP4 *r,FP4 *c,FP4 *d,FP4 *e,FP4 *f,BIG a,BIG b);
+
+
+
+/* FP12 prototypes */
+/** @brief Tests for FP12 equal to zero
+ *
+ @param x FP12 number to be tested
+ @return 1 if zero, else returns 0
+ */
+extern int FP12_iszilch(FP12 *x);
+/** @brief Tests for FP12 equal to unity
+ *
+ @param x FP12 number to be tested
+ @return 1 if unity, else returns 0
+ */
+extern int FP12_isunity(FP12 *x);
+/** @brief Copy FP12 to another FP12
+ *
+ @param x FP12 instance, on exit = y
+ @param y FP12 instance to be copied
+ */
+extern void FP12_copy(FP12 *x,FP12 *y);
+/** @brief Set FP12 to unity
+ *
+ @param x FP12 instance to be set to one
+ */
+extern void FP12_one(FP12 *x);
+/** @brief Tests for equality of two FP12s
+ *
+ @param x FP12 instance to be compared
+ @param y FP12 instance to be compared
+ @return 1 if x=y, else returns 0
+ */
+extern int FP12_equals(FP12 *x,FP12 *y);
+/** @brief Conjugation of FP12
+ *
+ If y=(a,b,c) (where a,b,c are its three FP4 components) on exit x=(conj(a),-conj(b),conj(c))
+ @param x FP12 instance, on exit = conj(y)
+ @param y FP12 instance
+ */
+extern void FP12_conj(FP12 *x,FP12 *y);
+/** @brief Initialise FP12 from single FP4
+ *
+ Sets first FP4 component of an FP12, other components set to zero
+ @param x FP12 instance to be initialised
+ @param a FP4 to form first part of FP4
+ */
+extern void FP12_from_FP4(FP12 *x,FP4 *a);
+/** @brief Initialise FP12 from three FP4s
+ *
+ @param x FP12 instance to be initialised
+ @param a FP4 to form first part of FP12
+ @param b FP4 to form second part of FP12
+ @param c FP4 to form third part of FP12
+ */
+extern void FP12_from_FP4s(FP12 *x,FP4 *a,FP4* b,FP4 *c);
+/** @brief Fast Squaring of an FP12 in "unitary" form
+ *
+ @param x FP12 instance, on exit = y^2
+ @param y FP4 instance, must be unitary
+ */
+extern void FP12_usqr(FP12 *x,FP12 *y);
+/** @brief Squaring an FP12
+ *
+ @param x FP12 instance, on exit = y^2
+ @param y FP12 instance
+ */
+extern void FP12_sqr(FP12 *x,FP12 *y);
+/** @brief Fast multiplication of an FP12 by an FP12 that arises from an ATE pairing line function
+ *
+ Here the multiplier has a special form that can be exploited
+ @param x FP12 instance, on exit = x*y
+ @param y FP12 instance, of special form
+ */
+extern void FP12_smul(FP12 *x,FP12 *y);
+/** @brief Multiplication of two FP12s
+ *
+ @param x FP12 instance, on exit = x*y
+ @param y FP12 instance, the multiplier
+ */
+extern void FP12_mul(FP12 *x,FP12 *y);
+/** @brief Inverting an FP12
+ *
+ @param x FP12 instance, on exit = 1/y
+ @param y FP12 instance
+ */
+extern void FP12_inv(FP12 *x,FP12 *y);
+/** @brief Raises an FP12 to the power of a BIG
+ *
+ @param r FP12 instance, on exit = y^b
+ @param x FP12 instance
+ @param b BIG number
+ */
+extern void FP12_pow(FP12 *r,FP12 *x,BIG b);
+/** @brief Raises an FP12 instance x to a small integer power, side-channel resistant
+ *
+ @param x ECP instance, on exit = x^i
+ @param i small integer exponent
+ @param b maximum number of bits in exponent
+ */
+extern void FP12_pinpow(FP12 *x,int i,int b);
+/** @brief Calculate x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3], side-channel resistant
+ *
+ @param r ECP instance, on exit = x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3]
+ @param x FP12 array with 4 FP12s
+ @param b BIG array of 4 exponents
+ */
+extern void FP12_pow4(FP12 *r,FP12 *x,BIG *b);
+/** @brief Raises an FP12 to the power of the internal modulus p, using the Frobenius
+ *
+ @param x FP12 instance, on exit = x^p
+ @param f FP2 precalculated Frobenius constant
+ */
+extern void FP12_frob(FP12 *x,FP2 *f);
+/** @brief Reduces all components of possibly unreduced FP12 mod Modulus
+ *
+ @param x FP12 instance, on exit reduced mod Modulus
+ */
+extern void FP12_reduce(FP12 *x);
+/** @brief Normalises the components of an FP12
+ *
+ @param x FP12 instance to be normalised
+ */
+extern void FP12_norm(FP12 *x);
+/** @brief Formats and outputs an FP12 to the console
+ *
+ @param x FP12 instance to be printed
+ */
+extern void FP12_output(FP12 *x);
+/** @brief Formats and outputs an FP12 instance to an octet string
+ *
+ Serializes the components of an FP12 to big-endian base 256 form.
+ @param S output octet string
+ @param x FP12 instance to be converted to an octet string
+ */
+extern void FP12_toOctet(octet *S,FP12 *x);
+/** @brief Creates an FP12 instance from an octet string
+ *
+ De-serializes the components of an FP12 to create an FP12 from big-endian base 256 components.
+ @param x FP12 instance to be created from an octet string
+ @param S input octet string
+
+ */
+extern void FP12_fromOctet(FP12 *x,octet *S);
+/** @brief Calculate the trace of an FP12
+ *
+ @param t FP4 trace of x, on exit = tr(x)
+ @param x FP12 instance
+
+ */
+extern void FP12_trace(FP4 *t,FP12 *x);
+
+
+
+/* Pairing function prototypes */
+/** @brief Calculate Miller loop for Optimal ATE pairing e(P,Q)
+ *
+ @param r FP12 result of the pairing calculation e(P,Q)
+ @param P ECP2 instance, an element of G2
+ @param Q ECP instance, an element of G1
+
+ */
+extern void PAIR_ate(FP12 *r,ECP2 *P,ECP *Q);
+/** @brief Calculate Miller loop for Optimal ATE double-pairing e(P,Q).e(R,S)
+ *
+ Faster than calculating two separate pairings
+ @param r FP12 result of the pairing calculation e(P,Q).e(R,S), an element of GT
+ @param P ECP2 instance, an element of G2
+ @param Q ECP instance, an element of G1
+ @param R ECP2 instance, an element of G2
+ @param S ECP instance, an element of G1
+ */
+extern void PAIR_double_ate(FP12 *r,ECP2 *P,ECP *Q,ECP2 *R,ECP *S);
+/** @brief Final exponentiation of pairing, converts output of Miller loop to element in GT
+ *
+ Here p is the internal modulus, and r is the group order
+ @param x FP12, on exit = x^((p^12-1)/r)
+ */
+extern void PAIR_fexp(FP12 *x);
+/** @brief Fast point multiplication of a member of the group G1 by a BIG number
+ *
+ May exploit endomorphism for speed.
+ @param Q ECP member of G1.
+ @param b BIG multiplier
+
+ */
+extern void PAIR_G1mul(ECP *Q,BIG b);
+/** @brief Fast point multiplication of a member of the group G2 by a BIG number
+ *
+ May exploit endomorphism for speed.
+ @param P ECP2 member of G1.
+ @param b BIG multiplier
+
+ */
+extern void PAIR_G2mul(ECP2 *P,BIG b);
+/** @brief Fast raising of a member of GT to a BIG power
+ *
+ May exploit endomorphism for speed.
+ @param x FP12 member of GT.
+ @param b BIG exponent
+
+ */
+extern void PAIR_GTpow(FP12 *x,BIG b);
+/** @brief Tests FP12 for membership of GT
+ *
+ @param x FP12 instance
+ @return 1 if x is in GT, else return 0
+
+ */
+extern int PAIR_GTmember(FP12 *x);
+
+
+
+/* Finite Field Prototypes */
+/** @brief Copy one FF element of given length to another
+ *
+ @param x FF instance to be copied to, on exit = y
+ @param y FF instance to be copied from
+ @param n size of FF in BIGs
+
+ */
+extern void FF_copy(BIG *x,BIG *y,int n);
+/** @brief Initialize an FF element of given length from a 32-bit integer m
+ *
+ @param x FF instance to be copied to, on exit = m
+ @param m integer
+ @param n size of FF in BIGs
+ */
+extern void FF_init(BIG *x,sign32 m,int n);
+/** @brief Set FF element of given size to zero
+ *
+ @param x FF instance to be set to zero
+ @param n size of FF in BIGs
+ */
+extern void FF_zero(BIG *x,int n);
+/** @brief Tests for FF element equal to zero
+ *
+ @param x FF number to be tested
+ @param n size of FF in BIGs
+ @return 1 if zero, else returns 0
+ */
+extern int FF_iszilch(BIG *x,int n);
+/** @brief return parity of an FF, that is the least significant bit
+ *
+ @param x FF number
+ @return 0 or 1
+ */
+extern int FF_parity(BIG *x);
+/** @brief return least significant m bits of an FF
+ *
+ @param x FF number
+ @param m number of bits to return. Assumed to be less than BASEBITS.
+ @return least significant n bits as an integer
+ */
+extern int FF_lastbits(BIG *x,int m);
+/** @brief Set FF element of given size to unity
+ *
+ @param x FF instance to be set to unity
+ @param n size of FF in BIGs
+ */
+extern void FF_one(BIG *x,int n);
+/** @brief Compares two FF numbers. Inputs must be normalised externally
+ *
+ @param x first FF number to be compared
+ @param y second FF number to be compared
+ @param n size of FF in BIGs
+ @return -1 is x<y, 0 if x=y, 1 if x>y
+ */
+extern int FF_comp(BIG *x,BIG *y,int n);
+/** @brief addition of two FFs
+ *
+ @param x FF instance, on exit = y+z
+ @param y FF instance
+ @param z FF instance
+ @param n size of FF in BIGs
+ */
+extern void FF_add(BIG *x,BIG *y,BIG *z,int n);
+/** @brief subtraction of two FFs
+ *
+ @param x FF instance, on exit = y-z
+ @param y FF instance
+ @param z FF instance
+ @param n size of FF in BIGs
+ */
+extern void FF_sub(BIG *x,BIG *y,BIG *z,int n);
+/** @brief increment an FF by an integer,and normalise
+ *
+ @param x FF instance, on exit = x+m
+ @param m an integer to be added to x
+ @param n size of FF in BIGs
+ */
+extern void FF_inc(BIG *x,int m,int n);
+/** @brief Decrement an FF by an integer,and normalise
+ *
+ @param x FF instance, on exit = x-m
+ @param m an integer to be subtracted from x
+ @param n size of FF in BIGs
+ */
+extern void FF_dec(BIG *x,int m,int n);
+/** @brief Normalises the components of an FF
+ *
+ @param x FF instance to be normalised
+ @param n size of FF in BIGs
+ */
+extern void FF_norm(BIG *x,int n);
+/** @brief Shift left an FF by 1 bit
+ *
+ @param x FF instance to be shifted left
+ @param n size of FF in BIGs
+ */
+extern void FF_shl(BIG *x,int n);
+/** @brief Shift right an FF by 1 bit
+ *
+ @param x FF instance to be shifted right
+ @param n size of FF in BIGs
+ */
+extern void FF_shr(BIG *x,int n);
+/** @brief Formats and outputs an FF to the console
+ *
+ @param x FF instance to be printed
+ @param n size of FF in BIGs
+ */
+extern void FF_output(BIG *x,int n);
+/** @brief Formats and outputs an FF to the console, in raw form
+ *
+ @param x FF instance to be printed
+ @param n size of FF in BIGs
+ */
+extern void FF_rawoutput(BIG *x,int n);
+/** @brief Formats and outputs an FF instance to an octet string
+ *
+ Converts an FF to big-endian base 256 form.
+ @param S output octet string
+ @param x FF instance to be converted to an octet string
+ @param n size of FF in BIGs
+ */
+extern void FF_toOctet(octet *S,BIG *x,int n);
+/** @brief Populates an FF instance from an octet string
+ *
+ Creates FF from big-endian base 256 form.
+ @param x FF instance to be created from an octet string
+ @param S input octet string
+ @param n size of FF in BIGs
+ */
+extern void FF_fromOctet(BIG *x,octet *S,int n);
+/** @brief Multiplication of two FFs
+ *
+ Uses Karatsuba method internally
+ @param x FF instance, on exit = y*z
+ @param y FF instance
+ @param z FF instance
+ @param n size of FF in BIGs
+ */
+extern void FF_mul(BIG *x,BIG *y,BIG *z,int n);
+/** @brief Reduce FF mod a modulus
+ *
+ This is slow
+ @param x FF instance to be reduced mod m - on exit = x mod m
+ @param m FF modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_mod(BIG *x,BIG *m,int n);
+/** @brief Square an FF
+ *
+ Uses Karatsuba method internally
+ @param x FF instance, on exit = y^2
+ @param y FF instance to be squared
+ @param n size of FF in BIGs
+ */
+extern void FF_sqr(BIG *x,BIG *y,int n);
+/** @brief Reduces a double-length FF with respect to a given modulus
+ *
+ This is slow
+ @param x FF instance, on exit = y mod z
+ @param y FF instance, of double length 2*n
+ @param z FF modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_dmod(BIG *x,BIG *y,BIG *z,int n);
+/** @brief Invert an FF mod a prime modulus
+ *
+ @param x FF instance, on exit = 1/y mod z
+ @param y FF instance
+ @param z FF prime modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_invmodp(BIG *x,BIG *y,BIG *z,int n);
+/** @brief Create an FF from a random number generator
+ *
+ @param x FF instance, on exit x is a random number of length n BIGs with most significant bit a 1
+ @param R an instance of a Cryptographically Secure Random Number Generator
+ @param n size of FF in BIGs
+ */
+extern void FF_random(BIG *x,csprng *R,int n);
+/** @brief Create a random FF less than a given modulus from a random number generator
+ *
+ @param x FF instance, on exit x is a random number < y
+ @param y FF instance, the modulus
+ @param R an instance of a Cryptographically Secure Random Number Generator
+ @param n size of FF in BIGs
+ */
+extern void FF_randomnum(BIG *x,BIG *y,csprng *R,int n);
+/** @brief Calculate r=x^e mod m, side channel resistant
+ *
+ @param r FF instance, on exit = x^e mod p
+ @param x FF instance
+ @param e FF exponent
+ @param m FF modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_skpow(BIG *r,BIG *x,BIG * e,BIG *m,int n);
+/** @brief Calculate r=x^e mod m, side channel resistant
+ *
+ For short BIG exponent
+ @param r FF instance, on exit = x^e mod p
+ @param x FF instance
+ @param e BIG exponent
+ @param m FF modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_skspow(BIG *r,BIG *x,BIG e,BIG *m,int n);
+/** @brief Calculate r=x^e mod m
+ *
+ For very short integer exponent
+ @param r FF instance, on exit = x^e mod p
+ @param x FF instance
+ @param e integer exponent
+ @param m FF modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_power(BIG *r,BIG *x,int e,BIG *m,int n);
+/** @brief Calculate r=x^e mod m
+ *
+ @param r FF instance, on exit = x^e mod p
+ @param x FF instance
+ @param e FF exponent
+ @param m FF modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_pow(BIG *r,BIG *x,BIG *e,BIG *m,int n);
+/** @brief Test if an FF has factor in common with integer s
+ *
+ @param x FF instance to be tested
+ @param s the supplied integer
+ @param n size of FF in BIGs
+ @return 1 if gcd(x,s)!=1, else return 0
+ */
+extern int FF_cfactor(BIG *x,sign32 s,int n);
+/** @brief Test if an FF is prime
+ *
+ Uses Miller-Rabin Method
+ @param x FF instance to be tested
+ @param R an instance of a Cryptographically Secure Random Number Generator
+ @param n size of FF in BIGs
+ @return 1 if x is (almost certainly) prime, else return 0
+ */
+extern int FF_prime(BIG *x,csprng *R,int n);
+/** @brief Calculate r=x^e.y^f mod m
+ *
+ @param r FF instance, on exit = x^e.y^f mod p
+ @param x FF instance
+ @param e BIG exponent
+ @param y FF instance
+ @param f BIG exponent
+ @param m FF modulus
+ @param n size of FF in BIGs
+ */
+extern void FF_pow2(BIG *r,BIG *x,BIG e,BIG *y,BIG f,BIG *m,int n);
+
+
+/* Octet string handlers */
+/** @brief Formats and outputs an octet to the console in hex
+ *
+ @param O Octet to be output
+ */
+extern void OCT_output(octet *O);
+/** @brief Formats and outputs an octet to the console as a character string
+ *
+ @param O Octet to be output
+ */
+extern void OCT_output_string(octet *O);
+/** @brief Wipe clean an octet
+ *
+ @param O Octet to be cleaned
+ */
+extern void OCT_clear(octet *O);
+/** @brief Compare two octets
+ *
+ @param O first Octet to be compared
+ @param P second Octet to be compared
+ @return 1 if equal, else 0
+ */
+extern int OCT_comp(octet *O,octet *P);
+/** @brief Compare first n bytes of two octets
+ *
+ @param O first Octet to be compared
+ @param P second Octet to be compared
+ @param n number of bytes to compare
+ @return 1 if equal, else 0
+ */
+extern int OCT_ncomp(octet *O,octet *P,int n);
+/** @brief Join from a C string to end of an octet
+ *
+ Truncates if there is no room
+ @param O Octet to be written to
+ @param s zero terminated string to be joined to octet
+ */
+extern void OCT_jstring(octet *O,char *s);
+/** @brief Join bytes to end of an octet
+ *
+ Truncates if there is no room
+ @param O Octet to be written to
+ @param s bytes to be joined to end of octet
+ @param n number of bytes to join
+ */
+extern void OCT_jbytes(octet *O,char *s,int n);
+/** @brief Join single byte to end of an octet, repeated n times
+ *
+ Truncates if there is no room
+ @param O Octet to be written to
+ @param b byte to be joined to end of octet
+ @param n number of times b is to be joined
+ */
+extern void OCT_jbyte(octet *O,int b,int n);
+/** @brief Join one octet to the end of another
+ *
+ Truncates if there is no room
+ @param O Octet to be written to
+ @param P Octet to be joined to the end of O
+ */
+extern void OCT_joctet(octet *O,octet *P);
+/** @brief XOR common bytes of a pair of Octets
+ *
+ @param O Octet - on exit = O xor P
+ @param P Octet to be xored into O
+ */
+extern void OCT_xor(octet *O,octet *P);
+/** @brief reset Octet to zero length
+ *
+ @param O Octet to be emptied
+ */
+extern void OCT_empty(octet *O);
+/** @brief Pad out an Octet to the given length
+ *
+ Padding is done by inserting leading zeros, so abcd becomes 00abcd
+ @param O Octet to be padded
+ @param n new length of Octet
+ */
+extern int OCT_pad(octet *O,int n);
+/** @brief Convert an Octet to printable base64 number
+ *
+ @param b zero terminated byte array to take base64 conversion
+ @param O Octet to be converted
+ */
+extern void OCT_tobase64(char *b,octet *O);
+/** @brief Populate an Octet from base64 number
+ *
+ @param O Octet to be populated
+ @param b zero terminated base64 string
+
+ */
+extern void OCT_frombase64(octet *O,char *b);
+/** @brief Copy one Octet into another
+ *
+ @param O Octet to be copied to
+ @param P Octet to be copied from
+
+ */
+extern void OCT_copy(octet *O,octet *P);
+/** @brief XOR every byte of an octet with input m
+ *
+ @param O Octet
+ @param m byte to be XORed with every byte of O
+
+ */
+extern void OCT_xorbyte(octet *O,int m);
+/** @brief Chops Octet into two, leaving first n bytes in O, moving the rest to P
+ *
+ @param O Octet to be chopped
+ @param P new Octet to be created
+ @param n number of bytes to chop off O
+
+ */
+extern void OCT_chop(octet *O,octet *P,int n);
+/** @brief Join n bytes of integer m to end of Octet O (big endian)
+ *
+ Typically n is 4 for a 32-bit integer
+ @param O Octet to be appended to
+ @param m integer to be appended to O
+ @param n number of bytes in m
+
+ */
+extern void OCT_jint(octet *O,int m,int n);
+/** @brief Create an Octet from bytes taken from a random number generator
+ *
+ Truncates if there is no room
+ @param O Octet to be populated
+ @param R an instance of a Cryptographically Secure Random Number Generator
+ @param n number of bytes to extracted from R
+
+ */
+extern void OCT_rand(octet *O,csprng *R,int n);
+/** @brief Shifts Octet left by n bytes
+ *
+ Leftmost bytes disappear
+ @param O Octet to be shifted
+ @param n number of bytes to shift
+
+ */
+extern void OCT_shl(octet *O,int n);
+/** @brief Convert a hex number to an Octet
+ *
+ @param dst Octet
+ @param src Hex string to be converted
+ */
+extern void OCT_fromHex(octet *dst,char *src);
+/** @brief Convert an Octet to printable hex number
+ *
+ @param dst hex value
+ @param src Octet to be converted
+ */
+extern void OCT_toHex(octet *src,char *dst);
+/** @brief Convert an Octet to string
+ *
+ @param dst string value
+ @param src Octet to be converted
+ */
+extern void OCT_toStr(octet *src,char *dst);
+
+
+
+/* Hash function */
+/** @brief Initialise an instance of SHA256
+ *
+ @param H an instance SHA256
+ */
+extern void HASH256_init(hash256 *H);
+/** @brief Add a byte to the hash
+ *
+ @param H an instance SHA256
+ @param b byte to be included in hash
+ */
+extern void HASH256_process(hash256 *H,int b);
+/** @brief Generate 32-byte hash
+ *
+ @param H an instance SHA256
+ @param h is the output 32-byte hash
+ */
+extern void HASH256_hash(hash256 *H,char *h);
+
+
+/** @brief Initialise an instance of SHA384
+ *
+ @param H an instance SHA384
+ */
+extern void HASH384_init(hash384 *H);
+/** @brief Add a byte to the hash
+ *
+ @param H an instance SHA384
+ @param b byte to be included in hash
+ */
+extern void HASH384_process(hash384 *H,int b);
+/** @brief Generate 48-byte hash
+ *
+ @param H an instance SHA384
+ @param h is the output 48-byte hash
+ */
+extern void HASH384_hash(hash384 *H,char *h);
+
+
+/** @brief Initialise an instance of SHA512
+ *
+ @param H an instance SHA512
+ */
+extern void HASH512_init(hash512 *H);
+/** @brief Add a byte to the hash
+ *
+ @param H an instance SHA512
+ @param b byte to be included in hash
+ */
+extern void HASH512_process(hash512 *H,int b);
+/** @brief Generate 64-byte hash
+ *
+ @param H an instance SHA512
+ @param h is the output 64-byte hash
+ */
+extern void HASH512_hash(hash512 *H,char *h);
+
+
+/* AES functions */
+/** @brief Reset AES mode or IV
+ *
+ @param A an instance of the AMCL_AES
+ @param m is the new active mode of operation (ECB, CBC, OFB, CFB etc)
+ @param iv the new Initialisation Vector
+ */
+extern void AES_reset(amcl_aes *A,int m,char *iv);
+/** @brief Extract chaining vector from AMCL_AES instance
+ *
+ @param A an instance of the AMCL_AES
+ @param f the extracted chaining vector
+ */
+extern void AES_getreg(amcl_aes *A,char * f);
+/** @brief Initialise an instance of AMCL_AES and its mode of operation
+ *
+ @param A an instance AMCL_AES
+ @param m is the active mode of operation (ECB, CBC, OFB, CFB etc)
+ @param n is the key length in bytes, 16, 24 or 32
+ @param k the AES key as an array of 16 bytes
+ @param iv the Initialisation Vector
+ @return 0 for invalid n
+ */
+extern int AES_init(amcl_aes *A,int m,int n,char *k,char *iv);
+/** @brief Encrypt a single 16 byte block in ECB mode
+ *
+ @param A an instance of the AMCL_AES
+ @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
+ */
+extern void AES_ecb_encrypt(amcl_aes *A,uchar * b);
+/** @brief Decrypt a single 16 byte block in ECB mode
+ *
+ @param A an instance of the AMCL_AES
+ @param b is an array of 16 cipherext bytes, on exit becomes plaintext
+ */
+extern void AES_ecb_decrypt(amcl_aes *A,uchar * b);
+/** @brief Encrypt a single 16 byte block in active mode
+ *
+ @param A an instance of the AMCL_AES
+ @param b is an array of 16
<TRUNCATED>
[11/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/testVectors/mpin/BNCX.json
----------------------------------------------------------------------
diff --git a/testVectors/mpin/BNCX.json b/testVectors/mpin/BNCX.json
deleted file mode 100644
index 7cf034b..0000000
--- a/testVectors/mpin/BNCX.json
+++ /dev/null
@@ -1 +0,0 @@
-[{"SS1": "1520a952de349f533b6aafdf89373840c6cedb5d80c10cbb77fd2977d1260f261bc1aab33387ea29d5a229d03b86b755a1cd958b5465b765789d45d69394254309dbeca19eb8d87e2b68b3b3313d518da6af44cbf7dc99db73345236e0f69ffb049ae528f8ea5f1f431e5292b50206951e0869e471140dbd044533d74c8f35bc", "SS2": "0b5dc395464513d1b8456fb4b1e131855a171693043115db8b9213fc5cb6ab060706ddf77a2d716129f095627102642c916f0528abc8c613dc4e3efc3685407206502735e18685ca4870db8dfaa6bcf65c0ca58426841ce84686b495a2a07f61167068abb790a36d2bd624a6ab2a7de51845d2b5adc990c1a5a339081607d01c", "DATE": 16574, "PIN2": 888, "PIN1": 888, "SERVER_SECRET": "1c73290d1a444dbf7d64d5ef22b152165f84b6bb1bbfb5b961de08294d7194fc0bb8652116b2e5a237706de08731a6b3089cad532a8fb1faa06a1deb36b037e00bcfcdcf98cd043a26cc6ee4b551c6307c57eb56ee5c005fd92d08598db9c47d0926edcb97b370b4542d5bb2ce4fd600b4657ec6abb3503e4172af59cc94d4a0", "SEC": "0402ecbb873cfd1a27d39d28a3e8cf25b9e11b8825aaea42874440e21505a0f5291745d9a15fc477f2228374bdf6a67633a3eb428f6622376ec4ec9522b8a75ee7", "T
P2": "04185f9348a8dc152fe4c5c9a3eafa39b8d49302b7c380b26eb50d7a855aef1c340e08b35442a02d2eaade3b1cc4a502b3cfa1532eecb7ea9f2664bd4b86123187", "TP1": "041a5cca30f0a4ce9ebf97052fed980adcba9d486dbe688b4793779f46e0269e8e01239cad9ab5205cfa2b679b9f63c8def786939ffa97e2a8f9d16ddb4f23a731", "CS1": "0401435d98ba070157b3f808c8f07a8ed7719f2717ec65baf631cd8d068a7a43930e9e700a8335caa36bc28c5c673e9fd132eb9b40c90cb66675b049860b07858e", "CS2": "0414130490c24aa99fbc55f242d11ffc5ffdf5c9c3f2430e24a23f068cb10fb6c405ded7a269a807ae2771a8c5984ec3d370a7cc565541b31dd44cd2cd3156b56d", "HASH_MPIN_ID_HEX": "d12467cfb19e88fa1af70615874ad467163a79b3bd666fdaf9ff3a4e76871967", "TIME_PERMIT": "04227accf008a0c0c10a27eb4ae833ef056613b3964c2d4f3b9f7a2dd84ec6a7c819eaa5b37faf57016f5806ac236549c39098bfd6ce50e0a2d1e8f7ea64ab838e", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20223635303366623332333137346332343639353133636337393930346263623435
406365727469766f782e636f6d222c202273616c74223a20226166666366356237333965666238386165616337656464396335663961643631227d", "TOKEN": "041739675948c978b2b4ac4b380d93783a4c7482f812b645b26f51dd407bf9c5121bb2cebb06e9b3c5f96b5d6619b52194d8b02e7df5de527497bc42bbf6aefbfc", "U": "040c11c1d9d9202c861ab7920823cb0c83af6bd679fc52ec9604099fbb2db78a8908b7c4d769e9d90f7d9b655526663a9e7bf82ddebb3626c6be0b20464dc2dc34", "SERVER_OUTPUT": 0, "V": "040b8ad73e1199b1e3a0d767accaf340fa1014dde6c5a188523f74c8f4d1318c15028387e61f456f5cede275edb1e04a81bf9214779a5dfb6731f60b21ff46f12c", "Y": "235e6cd2bac4f802c13c6513bce1c11cad6e51f45b2516cc8eb7edc256e5a203", "X": "064bcba79105dac17aab45a810cdc802fcec526fcd4b878f18407a0017481413", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"6503fb323174c2469513cc79904bcb45@certivox.com\", \"salt\": \"affcf5b739efb88aeac7edd9c5f9ad61\"}", "test_no": 0, "UT": "04155e8411542f9a2d7818c43e539d994f99dd9b8158bb2373704834f2a27fb59f116341daa21cedddb3d4393
bfaedc2cfdf2c0983d280e87a9b0e01043bab9557", "MS2": "2243a7cc0e5f776b5ca1426d481a1ce565fded749f242b46f0a14b09c7de37c0", "MS1": "0bc2261afc713cd48b8047112ade92077067c31c6e0a6d732c7d77ebdd0d5956", "CLIENT_SECRET": "0411e119359451da0b6c6f17eceb64a20598c33b213dea3b6891eadd131200c49712a352a5f8ddb3260667758b78ac7f2ed8da5b80926e0abfbaf89a8caed920b3"}, {"SS1": "0f468b9986919bdd7c2d5b1805b0281264fd9e33db0b658b065966733b78d36f1eb4f5981b41b7da15f1386ef10dab2cde16832131374f9fe8b707176c8f5c981c3b3c79218ab6f66746644ae7c321bd466248562832091eeaab9f781bb17378227ce7c682a39864645840036e21437c7132434bae53b3dc9e72bb0c2d2189c2", "SS2": "2171885f0771519da9f347fc923f947c6833a9d5d084005b906856262dd94d7b1ed457dad2ffa72cbc478b4031e7e2567c0ddca977bde0b494dec929f02e517b09aba69dc3f41588db9accfe370501879568b25c91a9f4152ee3d416dadacf481e4ac7c1cf2934e08cb8331a5782ca1cdaf3a83981614acf9b6c6780e7ff0f77", "DATE": 16574, "PIN2": 5299, "PIN1": 5299, "SERVER_SECRET": "03e47ee3315b9cbb277468ed5c488f2b0b3a262b15e628e0d5f4f12
9e64a1fad0cc84af7acedd5225e7d40df5155db23f4bfa290adff6ca31c4884488c2d55a10be2b0f01e7de752201c4090a3115322e0a76d29c5fcacbd4d049b50f0089bbd1235b5935d93d9c50b521b2ea8af29ac5f52e40125076e97d1395d1fa22b21f2", "SEC": "041abd94a1806a932a0281f8b71d97273dfa73a3b73e41725973e4269944a48457037943bf74f29f9652316a0802ffe914bf6dd721f356caef4fb93cf2a68795e0", "TP2": "04076852c9d627e10361db7a5d1338308c5d92312ddaa4996d4e3767b7bcc6eaa621c9a69d1264329cdf17007dffea8b8053a4dda479dafc775ef059f85add5230", "TP1": "0405c9437dbd17780b5fff9c12230b048a14c14d5f4d51e415c67d51e995f73a5b1a50c5259b6fdf92b704aca052670dd142e48992891b052d6e59ecc142be6a37", "CS1": "0412d3a065010d42084337a9d2e869cc44d7ce84b51c08a1f78cf7522c487f377b1810af8fb5c69ef5585c39eedd462fdf21681c970017aea3539eb1fc46136805", "CS2": "0420a2d7bb34dd1076fbe3ec090b0d33dba435ed26a4ca385e0a443ee4db9f13ed065e9d908a5e174a97335cba95866b5448ce53fae031d22e2102ad45b1d7df1b", "HASH_MPIN_ID_HEX": "55a884c2cf6ea921cf3238a9d489b22c68e096d96a021ceff6f8c220798229f4",
"TIME_PERMIT": "040340b91db12b2d3b403227d35043dbccdaab6ebb62955983bd06e5db8822b0261678235685c4cbb5a4169a6390481470fb788dc91a69056a4862ee3697094cad", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20226330323037316639626664303631353932393935363761383633383363343433406365727469766f782e636f6d222c202273616c74223a20226263633732346535636561373564343065316136633334633933633164333239227d", "TOKEN": "041d50f62c5bf35aad38b7cbd91a919919ff6abb5f7e6dee83450adc9b4900235320c1f4eb7bce4d14143d36c7b362aeed90afb48e84d83bee1c4cc133abf68adf", "U": "041a21408eeb64776ebcce3f814485476f55882cbd797fa6dfbeb6ce5c506081b209308b70ba69efd2594bbb88c2e09bdef9b9b3e49437f2f5f296dc6853661954", "SERVER_OUTPUT": 0, "V": "0405ddbf8a26e7958269f103e8ab5ef45c20cb845cade3041fc98075dd9b50e3d821a67a905a19b694404331986d1ea1e8543b18748efccceb25048584b4b20116", "Y": "1f62d44eb0a0add266210aa2209d3184abc9a9a53d14b6e877291df1d6ff41d7", "X": "104788b50
1987fbb438213927dc93a4493693d981f350924678f55787c2ffb76", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"c02071f9bfd06159299567a86383c443@certivox.com\", \"salt\": \"bcc724e5cea75d40e1a6c34c93c1d329\"}", "test_no": 1, "UT": "04047ac3439fe68dc9bab6d4a5511e7770ca1e4dd2a617eb3be500c3c95d669934028e2c0937d7542fd70ea7c623c3181aa832fe3c7160e458f6341c224c5c604d", "MS2": "0d4827f28c094a2c6a29e88c2fa6e36a9aac8e21c9196fb952b26435ac4fe448", "MS1": "1ad3a17e1667901e1e865164eb25480d3dde6d8b350af7ce701f4730f0d26b9a", "CLIENT_SECRET": "040b36db188c8dcd415a9a26e90f9bb043cf7ac0527ca43a5c71bfd95ae9c17c420afa015d0fe3ea8c4da06e9ff70fc444b0ee9f9a1f227baf2687da9e64c2a7a7"}, {"SS1": "21b27fe347dfa66bfb098f848f4a2b474ef9e23d6dce3d6927c8559a0ce901ff20896dbc80ec32c19f6c9d3eb248c397a50cf39bc875c256398ec3d75ec61e520b3bafe5970d46c2671a20ada5a9879f5661bd9f63f5d8fbc0cc56bcd39b9b7a23de3f98dca07e67c7668014e5367a979206b5c98611cfd597319154681daf43", "SS2": "08198a7a3d2820b8987842d2743d
bff22daf00078ebd5eaa3983d696f8a3eae91cb1314e7dddf0a47aa4b3570b80368b6573b5062767aaef9a5b9117484d7e5c0ca2f89d23469c747c4ed6cb30dad0000d85926ae5aa6de012ec4d56f35c5cd5231225762c78d43eb15b4d58615191d8302df6f25920ef7da9733bcaf5549f08", "DATE": 16574, "PIN2": 8009, "PIN1": 8009, "SERVER_SECRET": "022802cf792087f376c4b6aa8a980cd569e5f2a3f505b9e0455d3b67c5692d3711301dd42e732d6af6cdd7ba069f51342240b7d6478423ce063c8af04de0ebb70183bead7230e056c34ec775a4fe699bba00772ce5895db260a0a1106cff4b39094e1ecbe035af718f4f00d265bc18eb9cdbc65890ea94f9c95a5e1c8edfe15e", "SEC": "04057389030a78b7b6ea26f59248c37fea17b0e522e3699848ad5301cf1ede99291784540e7418afb2ea6d792fabe2a9b1b04b5871d0a3bc81f4b15d8043d9e283", "TP2": "041de5b1b6e33b2c07743e53b0fc02eb8cf0a480761864dad14966eedf9348dcb21c75bd9a3f56299e814e60ee9e1274eebc18f433cd107de65f5dfe3a67109718", "TP1": "041038ced7b5d89739230f0374851c0319b218c833f55cd09bc253be1077bcd12d11d5edded2d5d4aceb1a13263bda49ee8292f3ecbe07f9e40206da53a4923aaa", "CS1": "04239dd5403d85c
3b72638d4a4adcc7bf2046c80b9ac2ad56183025a7caebf18f8101ed98295acffe2ae8444914741aa58eff00aaf0f01828fff2be490c8fe5af3", "CS2": "041f6f4c331a39b7644cf3d7ef6be4ae012bc89223935a23b526d5db5da611af9a10126134ba60e1b2bf01832aa29349c11842153af643a53b6d090dea02865483", "HASH_MPIN_ID_HEX": "935f0d6bd07683250e03081005f149b7bb106a11524733234e5b6516923ce8f0", "TIME_PERMIT": "040f58e86621443f94b7770d0a0916a4a5079748988a98f84bcd253b7044120d96137e6c5b3a331b9e35dfcc6f5991f99b2e7d83f93a4dfb9c118a92a040535e8b", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20226465666137646565366465633866333161636261383839613731646136623064406365727469766f782e636f6d222c202273616c74223a20223133643563363662393531633931366531653834343434626131376336353938227d", "TOKEN": "042152f07e5fd78a1f843390d41478d2d5f0437285009408f2d63ab190434a83f403fbe78d63da99ed8fdce141ab12625fc36147b48e5a566f3f38a3b7f8b1dc88", "U": "041fb404a10229be4ee993b6d70cf4af1
f570b8ab377a07dedf08fcebd02fb44980fd3d85930d15611ba1a2c33015bfbae9ad57757169499066ffd069a1723cade", "SERVER_OUTPUT": 0, "V": "0418bea256f235243219296b7f5e2b0dde4fd54e2d82d80cd7882600756f07d1cd13e4d4b3ec3defcd9e5f45ba110215e3b705534ecbe21d334261cdde1d0a2c9d", "Y": "0a40ff78e525b2bb445a4912a13239942adb5e476f55a0cba5d88eb85b6d40b1", "X": "14fa7ea042f6e80c90c29f031b25233d6122fbf0255a4ae12cd8643c2e9ad749", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"defa7dee6dec8f31acba889a71da6b0d@certivox.com\", \"salt\": \"13d5c66b951c916e1e84444ba17c6598\"}", "test_no": 2, "UT": "041491587ea612ab06cf8380fd9f4c4865c60069ac42fdc5ffa3077570484f29ed13ff03b544fb28df4143cb89a2f1a01cf2552a621d7b35e2ad9a6a13484252bc", "MS2": "1ea4fc812244b362af1e00ad29a8a20285062ed3df75eb6934b03f733dd8637d", "MS1": "0773c896ecad1274e67f78c45506c5eea2ce4d11b79f650e779c7d5a37d656f4", "CLIENT_SECRET": "0420f67cbe2d0914ea983336afaa737d93e22825578f65d7fd7f6de1550e47eba411d3bdf73908b88a3980e00a3
7bea16836e7feb5301e02f6c748ff5dfb88a8b3"}, {"SS1": "019a441b3e885442206c4ebda5a811f9e39f7215c2c7494a9271f8174027d7d81381e2c00f01f5ec419985b29ea6313862b57b37708d40e3cce8cd15da76ebd51afd7703019ed8ce53bbadc466831bbf0934868bf0b0ef7b674daf56f8208c9f079af4e6103b4c77e49f3620e1fb0182738f1008befdf51f14f1920fa0e3a7b7", "SS2": "13979da829e50cb10d90168792f0935576bbe606c3b9f4eca4f9859087c16d701f17425a5c08ea5b720e48c43988b3b4a24c8dd88efdc833f3f407b348d0b64719c3a113a1e9a3c75fd037a2dbceb65810ab46a71ed01d102073ee23ea972d1e094cd2577001081dc3d8b33608f7232f2e890487b759fa8bacedc8ec178d78fd", "DATE": 16574, "PIN2": 9236, "PIN1": 9236, "SERVER_SECRET": "183c338d428a1b431460090908981ba162974d3366e920e106647a0518befaa1239e518bd8ac0d0dfdff38e980afbbfe4c8cca7a4df7c80e7a93206540e64d24148a8adbdb6d91a8777d243cc905741e674a216b9830d628469bb44d0a97f93801eeec00b1ac89fe1e41f8995002997c0bebba12a9c5f16f61c8b758069ca7bb", "SEC": "041aa9a4e8ed6fdad96a24cf4b1e542400a80777d2b82c37f8750cbc2be5939c3d04aff95bde7cb335cea825f3a
9fd7b17a7b46960f99d0b2f144d54f1a7a889ec", "TP2": "041d9a480dc01508acd380e76853476e409351ac3f5f53792921187703f81519d52162972a19845f4de95267bfea8aa98ed1862864ba99093188b1b58a58fe5dda", "TP1": "041d041c5d8848da82deba27ffe660b0db71aa8ff268186d0defec7cc2593103d31f5cd79818e87cd7fb76b9b888e2882bedaaf254dd2acc1e1dd4746b07039597", "CS1": "040dbb037c6ebade2e1834a15d1f900a7fa526c974b49afebfdf7b98321e6554cc0c7bcebd582600d3510e8ebd43628ae2558a12a7d1ffbbc5b36b84aaf8e9afb2", "CS2": "0405dd5653c55e6b56285b96c627b0b5d19182e306716e6713e7d74d3779f888b60aa7eea6c8c9ac1ee23206d24b63f2a736e4a0e99a05e7f1edf2e150bae894ac", "HASH_MPIN_ID_HEX": "48229e13e1c3180914eab5fb2ad71d51bd42819b105d15084a6ceb27b67b2cea", "TIME_PERMIT": "040844b552d359c4948bb6f682f899eb9be5a4b987521a39c7878d68a8fecec0351b754f5f16396a2e2ac9651054b31f843ebfc610e18ca114026126a01f167e0d", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a202263366232613664323263
34333063333237393066356633303932646236666535406365727469766f782e636f6d222c202273616c74223a20223330303036663866623736306439396132633736366563343738363162663563227d", "TOKEN": "04175619ead75d0a35c8bc5b363a7b860ba885dd6792da77aad90a84e28e04d89b17acf8c008098af8fa683dbae1f5a21418aa56a6593be85bc62eb4b92778b132", "U": "0417f23a5a7f2a0d73705c1aad04a50cf5383e6bb5bc8f70e754591dfa9608dd3f103707fe6621b2d96c71b67e0f3b7a6c0d9a7e42ccedcbd14570fdb21c1a8afe", "SERVER_OUTPUT": 0, "V": "040d3c4ddd87fb3b6d0cc84806feeb04e97d5a425c0e4f9d57542fbdd93070e02321c76ada3f6f5443e744eb1d07d010a0922f0bba8b7ac38bcd0d869ee9cb08a2", "Y": "0fe1bef7f0c2f00be843cffe52489e800f76bc7f2892d283ace814e4d808d758", "X": "07d69e95baa1873f1d1abc755846a5a2ced5e3ed9a3755fdc218931dc9975258", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"c6b2a6d22c430c32790f5f3092db6fe5@certivox.com\", \"salt\": \"30006f8fb760d99a2c766ec47861bf5c\"}", "test_no": 3, "UT": "040703a76274cbdf19bdcb64e943d8c6c06769e8c15f2
75996210a9937490a3a7b2328ac7ecd61cbde145d3896fd9b943f23e46c09910900279dbde4991be081d7", "MS2": "0d1d899d6c396e9415a7ce3520b9000f8f5a5e7d47ae5c739b24b971bb8dccc9", "MS1": "0493c81df73802f88968d6c06c3834ab34cdf740c3d003178cd822e389b9b260", "CLIENT_SECRET": "0401a8a91fba681ed30da9659ac4a09b02a97a6916373a757ccf8902c031ad49c403a5ccc174dee4352ecfa7a439f630fd281c487fa840aa73b169ceb67667c125"}, {"SS1": "1ee4f64244435fac2768c632f7e6e8970e24d0fce21e5012a5bfd0f53ba14e9c0e1674e4d9119fdfa43f312c79594b6d36954628a1ffce8eca03c27d2f25322722d0366d084a8a356be01c5acbb2859efe9c617441c14cb7823fd4197b0fab2e13977f34642ab1fe1a5442edabff21625138348435040f6343c10480f96ea010", "SS2": "0bf923482e8945c8ca68716a5e744e6c8a67551cc35b16b9346f5149e32d3b9706f4a2ff66476452a4323b4d4b24758ab9bbf5f0cf9d7e9a0522d3f9ce78310600a109a9efa30d3b41ab04f86ddc561a00cc9d6a3502abac324dbab1fe42b2dd107ffe6c93c6172de1ca619c17eeeb0d26d52577c2bd4732dd14deb3f23b36e0", "DATE": 16574, "PIN2": 7948, "PIN1": 7948, "SERVER_SECRET": "0a074a16c39
8ea6b8a55c263766497977efaf5c2dfe22195338b37963dd0a1ad14470fb1f77e83979192697cc21f75552803468ecb447d705401b02aa58a948f10f734727178bce6f079d6d39dc110d87017cece3bed4b57e1284c3acb2dfcfb1e37bbecf67fda8eebe447149042091743195cd15ce2f2048ce753abc3575308", "SEC": "04188a016078f4868432475c62dd5d2328850836c9f7b6722bdd44eedd7b00b2e914b683bb574dcbcc2eb51b7c249b87c378aface89b51f21deda7f9d3f650cd17", "TP2": "041c26065697b7922ea6244242728d606db07670863cd64cabb0d7a9bd23f8232d04069e1badf46d4c3a5983ffcce8a78b57b190eb14c2a81d917b1ca6bac3a23c", "TP1": "0411c27ec8ef5e74f2ee340c5491d07ecf9513a26e92896aa1abbb8e53d1403f7b1365a2148a432fce451ab7e7b5b9c66dc2412355936e5b0144b513414602ab42", "CS1": "040362c73ee7435cf8a78f5c700daf6b9a8404f0c62e2340d4168f84b3bab3e1301c036a644eb8e626ed310a595219d96fc000a0084f85b144c0f06f713b66a58f", "CS2": "04227bf99836c8daa5c0d15169f33edbf29e16c56175b7a0cafdc003432116ef960399c375479aa8e1fedb5c4612344da2bfec4dfbe8653a7a5b806efa51cf8e36", "HASH_MPIN_ID_HEX": "eab4e9530b180aa597ec32a
125245d8fb6699da0b3fbebd501e574eb961a3f39", "TIME_PERMIT": "042337defa34c32a3881b2acf801cb935bc382a1f867bf0eec2f1a30a8317f54370582b3a7fdc57a68f6460101884f2a76d90276f19fb56cd66c2043ae4b1a09ee", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20223836666538343435643066336337333066626665613330646235343035636436406365727469766f782e636f6d222c202273616c74223a20223638363566616361386230303135373064346236376562393462646239323762227d", "TOKEN": "040ae1365789a7381ff442a19ff09a25cc3d31336da12a27f55ba80bb29401abb91607dff8fcf6be38d984c151f3d752a19e81b6e90bbf4385fe678a3e16daaf18", "U": "041108ccf4589d7766ef0ac969f8139525393745ddb18c10a42ab2a325f0287b111bda113c3a09e91d918ec5826ae9d6878697b217aab7b4df4e817f64c3784c41", "SERVER_OUTPUT": 0, "V": "04156927e530f9afc8f0232f99893d84f26d890144698718ce5ad54b717547b67f2252ea5f30b27f3e7b8613c96670f3ac36649461076c3b4bcbc40001f2341275", "Y": "183bc2bde80fba19d0f1ea345068acb2c856fd
c8f0699f5051277d7b45f438d6", "X": "0a8a35c4f3ed665bfba479a6a08a125e6a3e41561fb6b11a158ba7ee5c3fc23e", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"86fe8445d0f3c730fbfea30db5405cd6@certivox.com\", \"salt\": \"6865faca8b001570d4b67eb94bdb927b\"}", "test_no": 4, "UT": "0414498cfa890a2a68cc9aa8041184cad78c93ec04c38409200762f6513513a3462168adfd3f92da74340bce5cf4f35be2259ed7511d1cfabee1484d690f747ceb", "MS2": "2016e100f00700bc0bd6becd5597ad9247907c35ee32338775c6fdd9dcdca745", "MS1": "21c0f1ca115242eb0bb0984ffdf1e1488eba3093ec70ebdd014dde253e203a4e", "CLIENT_SECRET": "041320c0d639bdecb59089e3bb1dca7a34268741f480ab1a184d1b5719805d7cd10e8eedb02d56ba2d3503ea4f13e757f074759a9def22d948e17de3bad79f155d"}, {"SS1": "1b6f46bdee6acff8508a6abdc397dd656677e1e4f3036570a848155e32d84ee605ed99e87230e8e82c9ab3b1546c57dfee6e09f2907e0374728eb12514ac75110b2e551a4cf86dfcb85303832f67c8e518dcb64283678873a756ab53c18c58f51ca355bd2736824fa3346372cc76b48802eae6e85aea0ce052fb7049e1f
005d3", "SS2": "0587a37e99aec3d88d75395f180313f41d97afd5296f5bdfdbb31e0f4db7069005d7671c520bb1d4559e1f6ae9736227ab780bf51781b9dd07678de732214ab2139912c4f36ce0dcf76fc417e4721e3b14adf57776764b8ce54e372c9859060f1cca749a6b0411b609360a3e4652d320dd60bb0e585a3abcfcd5a46f947221f0", "DATE": 16574, "PIN2": 1463, "PIN1": 1463, "SERVER_SECRET": "0c336c8babd0b3bc6ec5c7f1cafa17fea49cb1a8076e2ac40b585008f53e8c2d07a06d67c3baf6fe2c6ee58df0124373a0c607165c74f469514b559d9b5ec16a09693fe3af5a8ab0329b49124f41b6771dc6f7194c2934e6bec42fc9db274aec187813c02e5118cec839d3f9d57e5dbcb5e70f4c113f9a366dab425e88b9251c", "SEC": "040b5f13e43d0e152c45754f8dcdd241f55549c86c46567749ded57b2ce29c39e00a01b1fd1022705d6faa2a6f1fa6cd4e9dcaf16270b7630d3a6747378c900721", "TP2": "040c6fa0a22d35dd840b2bddab6b4a15d97b038d4056d3a961c29c1e57158056381e974ea8dd04e08d418948112a60c17ce91c66488984818a14206c32b1d755a6", "TP1": "0405b721c01c1c32091a633887f276c0bd8dd94ef7282ade8031fa1e4b2749442705a656af0aa44f5a2219dfed66339868437678e0563498
01a437afcbfa7cb429", "CS1": "041c674ed4190bdddb998759f680bc170f75013901972099f93f351ab9316d718d0b856b331c4a0a003be14a7845a76598ab58e144716015842dde9b231439868c", "CS2": "040c39a9aa1327bee91f9f753db352d4ff787eedebac6fe997f08d40cbc53f1ac20811b41a1b67b5f09452723de8086b42a10dd40e6109d4e203e487cf7414088e", "HASH_MPIN_ID_HEX": "e9e2c4ca2c3b579f0ebf4a536f4d7592162446287c88d20911264966102e34f8", "TIME_PERMIT": "0401155572f8f4ad5f54c64592b5c0ff55efd9204b57bc248dbdfb1be8b845acf3089c95534a1693ff02ae81171c113bc77ab09de27083e7bc95b59b0436fd5047", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c2022757365724944223a20223434623963613539396461306330376134323965306364356164363237666338406365727469766f782e636f6d222c202273616c74223a20226239636433323066623865376530646331363036363931363163303763633535227d", "TOKEN": "040ae7d1376edd21caec2488262f5a76da64794502eb6c91ec24b9a23c936d3c4c0a2dd45f31fd2d6f2b7e13f8c51c5929e7044eb10d691f2a40144dc6302b13
a7", "U": "04103e7ba05ba7f6eb06d9eaaa6d5b0939aafb6c72ce417d39572283bf42b0e8d8112c5f64c15fd008a838b40ca7812246a29e31954d08f021f60ded0e33043ca7", "SERVER_OUTPUT": 0, "V": "041c2f73a4bf39d7e3f1eafd400499127efdcefadff8734d8ee061bc2c052fe1b12258ebd8f60861937052b8a86360e5a1a0b5ec2970fbd2f424d03a6b7c5d6ee9", "Y": "100189ca8769a2e2f832dbe8488e0da582b60e71b47290302445688bf0c965e3", "X": "023e85881c4d8d4d9193f9653f1de04d8aae3fc167cc59a00addd2acc48edc22", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"44b9ca599da0c07a429e0cd5ad627fc8@certivox.com\", \"salt\": \"b9cd320fb8e7e0dc160669161c07cc55\"}", "test_no": 5, "UT": "041d0207f5a3a3f1229bad924f50e229a9acdd8432ef3236a830d813241f2664f804f4dd5983e55066504298808af93e92b8f1b08947166ade9f7e115410095a3b", "MS2": "17d927e498f0fea9c5d712c93416834a1eee4224d451d48d5b41c29fa70e01bb", "MS1": "10eeed159fc3e9d044dab63c56c49f1a99f831e67d2f6a9e15649688f8076bb3", "CLIENT_SECRET": "040ea0a2ea39d57085cfa10ba2e0562f5230c9821e1b691
bfaa87ca826a5d2618222019bab9704ef29085e70bb1b61e39b2ce2f66b5f3aadf9f22818053af7e543"}, {"SS1": "157b14bdd0d3473b25d4a5d67d17db205178add1e2a297f7aa4c9b348acdd96a04d5d5dac5f0684133948f7715c5b1ce74ee3b8c6a8e423c4e2bc370b05824f0211e5e4dfdedd92e0a74cc91e76074cc8cdcb4062a791b1e4cbc44de9b77297c06d74ba2099317a3c9acfda4fb9a60babcb641a8010c94e6ec48af7c19bf79a3", "SS2": "0a9d1ed983875415facf49a6f02dc28908c8ae96b47e31995f07211fee22b00b0f6a1017ca12a517c2a73fee8b8a28eab2fb913bdce9267c84b590e1c9a8c5be18132a5d92959868075563f2440d33a53e78e7d9183dfdad21481906c382e6d121a69e8297190256b08d9a126726703ce0431766d3667a71947505d99c39abf5", "DATE": 16574, "PIN2": 4669, "PIN1": 4669, "SERVER_SECRET": "224ac6bc9d4a546ff386a7716ac9a41c5b7e0f713a83967241d26f0f6c1129701b455ffde5e6695a8fd04d51e60488e205cb3b8f4dc356798c96636581456d4f189ef17a237e43cc303f85daf17307e5ff05720dc80958e2622786ceddbb590c23acbedc1d403693198040869d27ee21586893de4a9c912c010349cb56be4d6d", "SEC": "0410f6d7a8c4bfa1a8143e441ec1d9cc5eb843b84f9ec82
c01364ea8fcd1e2517105dfc06348559d886a92b22a4cc35df52e82b2cca4725d7215cf29846d9068c9", "TP2": "04137c6b8ff2f13dbdbd4070b3f255f30267a9397340fa1682b04dc65e468765502211e9026b11466679bc39661c8676f63dd4c53bc4624d015bceb57c5fc82858", "TP1": "041ff46177adac17df37f3ab5ab8c48c97ece2311f1a1d593a4e656f935776f9f70658779e3010e44fd8cef31af1faae079e40a51503fd42dfd46c9b280748aece", "CS1": "04066ae71ccb707233e1d4f4bc288b1ba838c9e7483a5ed0d0b3bae30c89e2527b1098823f188abff8eddbd46c17a6d074730288c2ba36ce678bcc4d1404e1ff0a", "CS2": "040d5f8f5ca6aeb16e3955f2bfd1f9a8a4b9d7028233d41666442ff4ab6de06f2609c69e0c3c741145d2802859b132aa511ad7fe3f386b74449529ec680ca8ff23", "HASH_MPIN_ID_HEX": "b684b908a36cdb11caa3f7ff3aaa3803982fb494162e3570e6a80b821e63d36d", "TIME_PERMIT": "0413e6355e2fb9f1339c20a080835eac9503881d34590c78bb0c037fbf815f17d9204e04056b68bed0ba41d4d412e2ce047134add57c2527d764ed963d9db2adad", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33345a222c
2022757365724944223a20223431613839386362363566646530303331373433393565383237363862303362406365727469766f782e636f6d222c202273616c74223a20223538373937353363623336363337663134656339393164383435626630363132227d", "TOKEN": "040fc4de63abbcb51a04bff2f296190dce7eb7c9987edee7eca5db4278518ac7c71c6192111e25af1d89763c8c6729cabf12216cd9bd8628e609c0f87f7b718ef9", "U": "040f71ce92ef2fd8e4f66db7417b6fdfceb3644a4c41f07bb490e0b3ed524244180b7c512cf9c511bc305d4c1bf6bf268727d00760d34500caec0e6b4e09922afd", "SERVER_OUTPUT": 0, "V": "0416803454320557fb14b26cc8715a4db95c3b5912776adcc6e67043d8f5ddfaa415205c9f47c8dbf23eabdfc36c1ddf8807d84bca36de5aa122eca80871411b86", "Y": "13ed4a35797b1ddbc6f0cafe2d838bf7067f2a80fabae4e2653e52bcec97d699", "X": "13cf2080bb21ee069256391d3d873bf2b763b3a6091a21d6efe8d84d819d6421", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:34Z\", \"userID\": \"41a898cb65fde003174395e82768b03b@certivox.com\", \"salt\": \"5879753cb36637f14ec991d845bf0612\"}", "test_no": 6, "UT": "0
4213d409fda21346b2c9b9c9ef5b9cfb72de7f4338ceabef411e5b615a5b38d951ef4570aabb984bf0cdf5903abb45a2dc85a9213b5de5d5583659e70f241e6d9", "MS2": "10b0d5f70d6df2486d6b90652d5e07f558b2ae1069cf08775991c658365329ac", "MS1": "1920c5a556df7c1b2888a6e249a16239ad2918bc73eb1e3123bf28e78e021e23", "CLIENT_SECRET": "040525996f1a9b1b15220662eff4ce3839fec17ba56990ea961104edde7a6ea05922d06e8bb482acf017b69da967ff372075d699599ede766c79a6c2ab5b3ac12b"}, {"SS1": "23822e2afba3617824294e5045f340376d5a6def202b3a3bc34d92bc0b9895170844cdc4e56515a6d3f2cb277aeb38c0d6e1c66477c5b5655678c2f1d2c035ba037b72d8fb714fccfd69051d7f7af2d8198fa90c6d2e91b877940ef3cb05800e0d0eda45d97b19d3d1082e692cbda6089bae132250682ad448584741ced02f7f", "SS2": "100b500226c822d0b106afd6f0f00127f9669e78d84dae2f6fd4a82e543967ad0dd61190959285677647f9235a1dabeca83cb8af533a8ca3fad07ccdf1fb3ccb00084b93954be03410133a73c953fe62db6d924de5c2dde39ad7ede938bd684f097a9adecd5be3d64de34a64ff93c5c369b3e110064367cb03170533b9823daf", "DATE": 16574, "PIN2": 3269,
"PIN1": 3269, "SERVER_SECRET": "0709c6699cbfa6ea7dccac48197269e8368f4ff593501a554169500f7a5f3cae22ce9601f032529a3054eff2b7248a84bca013ef3b2ffd8955ddfbc3ff006be11e047878f4d8145781376ff63716dbdcb705c75d6a895ca867688e7e736b26850825d0363abd8ee47683d46d6f651fe3298a7f9a70c9e9324498e7e6f6055b7f", "SEC": "040a091aa68f787dba32ec3a8cd999576a21969c97de5f0e7e8272f15cfc27dd6b01c307cf78f8240b42929716020a8c121317f4d47d3157f6cc558053a716ed79", "TP2": "040c4822278f591c08053ee5a1878255a7f5fdfc1e182e1015e71f291a350d97d722e8d553b505fffec365c02e46debfdd657a36b1d482155ae5be41850518032d", "TP1": "040b4526a4e80e115eed9cf155bb6c757d5355748b8bbd78a34e0601ca22882a1d16213be346ea0ffb547bd1ec72f2cce60329aeefbf7d5aa642b6e90e40e5e57a", "CS1": "041082ad98e1cff3eade4948de1019785a992340db974e4d74592c3185feb5e47613edfbb10ed809d7e88f12f24993ad4d3241017f47f4bc6e70010a4bdb9e53e9", "CS2": "041e96c8cd671e175bdf0e44ff4dcfb962da209e005dc7415613ea7f5b2356d6110fe9e8bb577a560012a1800096c8f1c901a17fe48bc245e50840cc3db68fa83e",
"HASH_MPIN_ID_HEX": "1715b99ad82fa6355365501214e02de9095881a09ab2a08ef4fc78b7c4a2a41c", "TIME_PERMIT": "04016dba1c358482cf14604db3478ec7120eb6c15b1a04e72829a41b69d93b224b1ab19bf3b3e5fb9b699761b06b889efbf621a10976e60ede83aeb8da18f4640f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223533333066323463616563373362386661663330616232656130666462356236406365727469766f782e636f6d222c202273616c74223a20223162643761323033306363336430393432336336613434653765313634623537227d", "TOKEN": "0401ebf9931a03d4dc1d9e42724c8949ef849b40e0c71f0369848ad8003a2de7271b6fe016c4e33d9343c6ac42116a5bd3af21b3a575f69be092848dbf13648a21", "U": "041435b30d95569a926cd64e214bc071c8e1d12c73ad9d84268ab906b01d361be404db85f3cefe31ddec1200d577588b19bda4a564686ca4a9e98902f6e196a999", "SERVER_OUTPUT": 0, "V": "041e6d81e34c2435984ca334a568cc3e91828dc693e135a3dc61ea73ba0d3a4e4c1172d46db4a106b02a97dfad58cc101df6fbc20926e489d3f78fa48dd7d8f602",
"Y": "181014c18211ccb8349541f8bd16f4b6d55047d21c7fe0b9ad1a2f58f4ece9e4", "X": "0df17910f10ab6f2a0a884d8947c000da5e0624988489f6f0636aea1a3c35245", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"5330f24caec73b8faf30ab2ea0fdb5b6@certivox.com\", \"salt\": \"1bd7a2030cc3d09423c6a44e7e164b57\"}", "test_no": 7, "UT": "04014a818be8041b171d4c296e637b92f602a5b960f6e0494c358f0c0a86acd0090b0a019f6b46948bb93fed1ca575cdbc07e0550d211b653a7245661d9c01288c", "MS2": "09d177c7f6e20aa6a108d79f18ac7810bbe377b309cbc5df6fce20152d9c46a6", "MS1": "0c8bb8124da22056f6d799a606e18e585d8fcdda48379afb753eaacc64ab2825", "CLIENT_SECRET": "041303e4d26edaf9d9b0887333a48175ebd31dacbcab02c2b4f08168bd8f650e7518f8043e581a918a7736959323fd6068d8b86268b9754456192af6860d297d25"}, {"SS1": "1aaf987aea07740b62662a85705cc5622550ed764d10e1416cf4a7d29fdda35101f5bb89dd2207747b58476ee442238b489aafa36f905312821a1b288b19c0c3199ff698f0eb1a361825f24d97a37732fa8f7e26509d5ff275cebd0bb29e70790d360e19a1f91ce
66fd46507bba51548332827fdaa3f5744253c7872e9a026f7", "SS2": "215b0f8a9a0f5f2f28db76eb99dfb764f24027d8fa9cd20b905825ed78f7555303fc9f69f684bf1e51d5f445283e06f976ed12c6ffff8aae985b171f1a3634e420df3876a47f7698284a5b3100a575bacbb9338042adfea68834e50fc01629dd16e145350165ec328cec673afdec0e58644d9fc93a5d62a516b9e013c3e9fcc5", "DATE": 16574, "PIN2": 265, "PIN1": 265, "SERVER_SECRET": "1226eb63865bb16f858fab13ad1b11c671f778de40331245af7e5275f2d18aed10fa29bf5498b970649aabfde78d49dfc14d352a72e67982829d8f9d2f6ea5cf0472843706c1efd31835fc2e4a4eb7811cf3711fc8110cdabfd153e63ec248a21e4d3092ae95d649a6e0b6137d4d266591055a54798b3592010b0c7d3e3a4f39", "SEC": "0413f7bb907c6498e33ffaa70ab26691358a18d48aa96c64cfc1c4cbec10ce274408c74d716feca208036f15378b7515775e947d68bec34149cb79039db53a65f4", "TP2": "0422233779ac696c4df92ee491a1b0e234fe109059578964a63655913cd3e2cfa8123778ba2c9b177f62eb42ae17ff61e0765419f09d7202153313509e9ac3c27e", "TP1": "041d56b5f7bd95a64f82235a8c52188dc858f900ad569f715f6a383d79611d6f581e94
68863d4fef5920f813ce7be10bda4a5d113c9a1e31b38fbc6c520fd94e90", "CS1": "041c75ec5376d596b866f16a7fe9d040c67f168b8bbbc9f0dba119dab7d95d8bf603556eea8ff4a28cee6ec4670874b6182d28588c794e3196ef429e455868cec9", "CS2": "040bdc8ecc220ec3ff089d45bec84d591de8a3db61f8b6a1f90dcd8b02c75a1e440622737d9488a8ce7d701aeeb8c327e52da7190d3a6d33e85585012dbe4933ce", "HASH_MPIN_ID_HEX": "0df05a2d80d4cdf014a5a79f0025e1418375e2e4740526885fbab9d40c15a889", "TIME_PERMIT": "0422d2871b4a61eb128427d9083d00d6a2670a5ce2f85f7b38f1d88552378a937e1c13edacfd2ab8bda314cd5b7598933ad2a58d7f64fb798ca1efec99333b03a8", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226464633337646237346534313561306332393635346238356665326134393362406365727469766f782e636f6d222c202273616c74223a20223563366630343330323734326465353961636566633731633435613138613335227d", "TOKEN": "04125b145e088618d8f5f364f0a2d1ae52414a295809c4c1f77e5344bb382ee0b2120cc4cbdc1123dcd461
c819f61c341264e79635308fb7746187984c4dd51a33", "U": "04184e42422f465bb5e10d1c67854c5fc96647355552e818987df521cd2cb3267f1e7c5ca73b58c536fb92b83cd0292ce9029bc06f4b62a8b207c8c8e06377b3b1", "SERVER_OUTPUT": 0, "V": "0413f70928af39037b4c09a8d97a2c383ad470839b9f5e1a7b8048f8eab5938f0905f7b1bcfc2bd6fff967b497a603f308d458ad24441f6eb4fba19f0639fe8e66", "Y": "0b7614a046159fcaf135adb484ae51d8a5377720342e04730f57e6176f485654", "X": "0b89a7ca7826c7df7ab9008d07a3f5bdbba175a5e74c057276a589b00d9465db", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"ddc37db74e415a0c29654b85fe2a493b@certivox.com\", \"salt\": \"5c6f04302742de59acefc71c45a18a35\"}", "test_no": 8, "UT": "0400e78c0836df826db3fb68b8dd6fab999ceffe0e8a9ab57e4893947a7f7d4fcd0d902b9e9ff5f8bdac1fbc5c0c531109b9cc0f0eefb74f3c25315174d627a5a7", "MS2": "06fc7c66dc167f1348e595ad58b709fd98b730d9424b3d7a05f50582af4b3e99", "MS1": "04d6a71fb1dc80bf2f767c74b2777ca14b161733bfff16b7dcacd4265ad3beb3", "CLIENT_SECRET": "041f6
6239b8fd139b5b1e34b912b1096e19e3f2f6c579247ec7657974375713c152399702372667c57439c0a8b99fe116715a9ccd640fc164759fc6b508b38dd27"}, {"SS1": "077ec78557936875e783792c960366beed8d419fe0e52b0f62cd6ed1e602b6da22558873fedb283c39f39d2cec75e6821c36c5237e0bc904e8a80402edda08000a5d7021105b33c8c4ce430a140a7c79d51d6633701ba89dfa906bf3ca3d5f182119ef8db18f7912ad5fb19d782b8117774e3dd89d0adb0063a9fa361e3bce91", "SS2": "057c100cac49d461f129d4f3ba6262d3205aa5ae25a326ad031f0b2de32a36160d4275858c7599c52072862346e25ea211ff4aafb868b91683b3de0a3c4f878308cbe482017d1e09cda118d746328c85fb642cd095361e40223d3a0c4a9073ef0820e747fd79ce7023769d85d9a7a854b8296c2d24134d5d15d47c0cf9d0d679", "DATE": 16574, "PIN2": 1374, "PIN1": 1374, "SERVER_SECRET": "215be51b4e51d677ffed74d28b2d2cbf0b61ce7b8942eea5555c8d8104d4e7410fc11289bcb874bc6d5a4bcf043f950366fdb215ac0c4c5fe61ea14096d1fef513e4d17f30c76b698b6df8f461e8c0405f0f8c7cb26efbbcc315b51680dbd5331b4235ae2320f7b6a048fd63a7488731d68156ea17a18d5f1d140686cfc5a7ac", "SEC": "0419a
72dbe62701aeca78ef02e5a3e5f35a24cfe5c9fe689c4ff927d724717798704f2dc03e99a9d214a825750d7d5d5906eaccf0a6948b71208043679c83aafea", "TP2": "04066b94cb6df207f5c5abdd274885c8fc6541f75eb0febe7b42c97136f692164b06dadd00ddd472cb8f5e26597cd568d36ae8e428088ca0334368fbd3d605048f", "TP1": "041b9e372a0fc4feeae27f32f1bb89924a8d74eb77b8b7ab0d210c4e7cfb3e1ffa0e274cb9de3142943b326845ca204bd21032ea88a3b03472a133114c8fedc51b", "CS1": "04059f066274a3d9fcfa9ff114907907fc09c77419f4bd9152e40adfb7435b5cee1348d9ee21b57ea1e54b20f8bf4e695708b60a7474ad185de727659054d79824", "CS2": "040c19970f40576c0df8aa0cb2d6a16e84cc64453a8bd7f6934ce4c8be117f1f5313c1cc20ab2bfe007a4e78dab361b280514b6a42122d565f94af4b7cb66cb060", "HASH_MPIN_ID_HEX": "d9a1c49c654cb360019da5ced0741e1bd27d1b812239592d5192179fbc1d39be", "TIME_PERMIT": "04229e0fb5b82ed0ee0ccf75cb437be7206d5a87b6ffa83cecff58483bbc01dea21a92e5b55aee5e10272c32b95c63e5ea49b7d135ef3cbd917e9d22316c8af30a", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a202232
3031352d30352d31395431363a31373a33355a222c2022757365724944223a20223130326261653731343937623566336237343430306136343030313165313639406365727469766f782e636f6d222c202273616c74223a20223337383366633861663731636533353336386538393336653561323266343139227d", "TOKEN": "0414579f668dbe2b9c4dc17ab65a6e43187e55085afe5fe8d8a85c6714215855e51a413b2db997d82f603f36f623bc80496cfaba65e3fd89dd704c41fe758a5eed", "U": "0406bae974d9d3e3f024ed65d4ba00ad479750d042b1954246027e16cc41381be323ae9d15ecdca53e8bf6ac741f01e15d30c6a57fdec7fb1417a19034dc1e4c81", "SERVER_OUTPUT": 0, "V": "0409299c4073f6f699baee9bf7b4df5fabdaee60f6d1ee0e261387756cea9b2f8d1c1e26f2c547976f711d7f465ceb3da82482e903afa154283564155ad0345d6f", "Y": "22bc4852bb2677a8406fa1648619fbee862a07432b8cd1ba598f1b758729eccf", "X": "07caf06575482cc92fe239e9b7039ddabe3b1c8687b01c25361edd6e7924125e", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"102bae71497b5f3b74400a640011e169@certivox.com\", \"salt\": \"3783fc8af71ce35368
e8936e5a22f419\"}", "test_no": 9, "UT": "041cf5a20fe03ba8085dae2f231347163e3042a1068e3207bf16888ef89e9a4bb7051d86a93c125519252d65e665784055778e1e67d76ec268b611dd16923b9667", "MS2": "0517527b78949e130f1d4fe7c37985c2f40f872d9f6b3b148599c8ff0cb25bba", "MS1": "20be103b18a51ad41bd1669e516b5a592a2d820b39d7e57aa56fd9f320ed2c24", "CLIENT_SECRET": "0421591a8877098d2e3e8bd33db017294a55f9ad37c893557b28005b52f4c893a31d64d59fed5ba94a6bbf45b1e6110ed3764296b456609caeeebaa6270f9f99ba"}, {"SS1": "161537311d9db766b78e7ccc21133cf852451e70fcd9998c010001066de6a7d2117aa8c76241d627a874f57ffa0b0522095224f4ee75714d7bece6db92540a6416fde878e356f9268065833fc1795fb4abc607b22b159f47abbd9f31511c19cd230f561112e9a0f4be0d59a73d959e2232389b67f3aa82650afa480be7062e8c", "SS2": "22143c6f24d2deb54995cbd611aca9cfdec0408bbd1d1ee2d844f8e139232d3f18f0420701bb906fd39173bd28ae9fa922ac6cb3e284d424209d6aec445f3ee9055871d26067237fa8f344f218ce81fe016e8be2c22e0a12f3f7ad5a4aa1e3b614d6803c4c212545feb4ea0309dc7051b9db007e50c1aa75f15a7
9bec8d058eb", "DATE": 16574, "PIN2": 6101, "PIN1": 6101, "SERVER_SECRET": "0748abd3d6b22a234d7c9913030aee75b2099a16abb44a6815c5bae78a46d9bf0e6ec9893f4f81f4b68fa315243369c294f0248e15d356df46563f53c8644bdc0fe7cabd7863c521f636a9d9b97667c14403c3f4bc2e5deadf86305a2c46e2ef195b544f103ac65fc0e0a0c1ae130c8078411056feff9b5e2f5ac89cb5e920e4", "SEC": "04162412fda1ea6482acaa63bab712b448e0e829af08cdfb039e5bfc5f0bfa37fd18aefc66872348ba7d14eaaa9c25eea57fc42e1959549bb17752fc4bfa8c3faa", "TP2": "0416641270e44a6c418b4d0fa5a7c44c807b3ee7a141fcadc790b4b9c45b89541502cd6313c2de28c5906e2a158189fd4d214b028cc0bc1383393dcde5d7f59597", "TP1": "04147e3dd4693518cc13ebfecfd30ed299c32efb5cafbbcd2cb897ad438f86defa17c7b1096e2187fedf36f096870c56940fb08b7d6c22ee21d2c2726759e62f7d", "CS1": "04185e6b815a9a64c53b6453f5b242f256f793c6b50f4f43f62757c189f5de807515cf8d599f0375143644dfe53478876c41b3471e711332a5a1adc84a7ac998ce", "CS2": "041871662b68bd0bb59c015be6dc36b9a77ae40431403b8eccdeb043eb60bb2e3a04eaad67cc562b93e4b603595
a080b2e4f5c46383cb7570e3a89463018038936", "HASH_MPIN_ID_HEX": "f6db07145c7d6c468ed29ecc06ff6a4318cdfd592250b88f9be5a42dac9a9297", "TIME_PERMIT": "042271085d8cd61900e0cc0b6df47ed0afae9faacdb6be6ef30a191befbea424e818bd6a937886f66ce7193840a7719ac12e8d64aa16be7b86e5c61d95e96d0647", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223030373561353037316666373038336337363263646138343733653466336262406365727469766f782e636f6d222c202273616c74223a20223864316136653235363339393832323166303831643132656636303763323866227d", "TOKEN": "040dc0e42bb78610dc0adcc9df3557d5279aa7ebe9177800010e03e0b2c51430ba060a96e3b9e1e3bd41d24b0d415df089c7e90ef700a2f7b72dcbb7f1510e854e", "U": "0400fee4dc126592852e9d0efee084417b86cc561cfd1b78d61d285db58a4b38d112761c3f6d1980e5737c03187744bd6fe068a2a74091c261efe902c1fa139eb6", "SERVER_OUTPUT": 0, "V": "0404a745e3e88c9f8bc03aa07087210b4da7afb4381f28a005e90df32d08a621220465cff98e4c7ff87ab84fec3
860af8151e5d52c8934aeecff904acbb146aa07", "Y": "0c33fae0cb4e845da99d33e7cd33dee9a4e223d232e24f470e056170a121c12f", "X": "0ac764e9d7bc34f78253f451fe4fe8d92f0b89836c9427bc7767fc00f333d725", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"0075a5071ff7083c762cda8473e4f3bb@certivox.com\", \"salt\": \"8d1a6e2563998221f081d12ef607c28f\"}", "test_no": 10, "UT": "041b79d30c6bd9b406d0325f4ee85b7893c26b53617bc115200d0eb92f325c076505b24ae776f89ec157ae3d15d52f8815e1a1f4c10ffcc061d10297c69e358140", "MS2": "23e63a2f61167a18b0d77b409ac66a4cdacb5672735bed5936b5b634d2d8012f", "MS1": "091c462193b0f5be77115553f9c177532279cd2da2db9fe7f18e04d6d58b97a4", "CLIENT_SECRET": "04098ee839736cd37eccb44c85da595f2dcdf952eafb5ca87a97621c1cf8564b130f5569cac8ab079ded668a2b122f37eb043cecb84169a40c9813416101a4f9dd"}, {"SS1": "1adf9dde5cf9220b54468033d5e2e7d17846cf494e9a1ee82c86a49b7cd94d370ef6758c269ed835f2450817c90ac995357d6ec0213bab935a9215ca54b4426102393addb38dfd83d1191dca5623e37dce07
6305e01cab4afae54b3895bfacb61c46f87a01d86170debc0772ad6f28eacf24b29cd63483ce54a8555402465d5b", "SS2": "06cc34ceab3bb83473d3fa2d1f597e6d787a21406521a0deb35c88c566d036f220ad373fb162010f732c2a8a6e462e12e5a870656332cf617c00b72f52140af209c8e0ef4fdfb461474ec3b6f0b2d9b0fe5c16071c7c8d40df873aa32db6f9060b88d97cbcedff8edcef1b11940516fb68532ef3c14216646bd5767f4c287864", "DATE": 16574, "PIN2": 563, "PIN1": 563, "SERVER_SECRET": "2228164e16502b40d8946ed06359117e7e5f92fc49db78c61ea86fa12c7b853216e5c0c7297f312827a87a78faba52397e3befee98fcea21dfa802dea96d68bf15c5b10c7fa4faa64efcd70a76e2586dedbb55f191264fbe3a341da4e7762eef1ac0bd927451e1b501478ca789f253a7fec38de7f3ffe650d3e48be17ca59a2a", "SEC": "041a0ef266ae011934b4a1fe8d3565f1a522f0e89c5d71c6ac1754984d222e117200b5f1a96fc5bcbf321365e72292c2db69e26be210b42388cfe7164c4ba4804d", "TP2": "0423a5258117f6c67acd6eb68d39ba75315806d9d40e1043e73c212c2e26713fec2081fca5bb38ab87cbc9c189d6cbb511a9f88f8987921bbc28ce8012b9e2bbaa", "TP1": "041b67a8e8082e7b0bfffe59017
ec4a340ca96d77122149257044e3f30dce7ec3315516a4a1456b03331c8531430ab6d86e10e88b7cb06a25ef5a8915553553cfd", "CS1": "04128ad0b5cfeadabf35cf1cde31bf58d5f07ee3f1a71ca9e3e2f384687d48ec6612c7d40c63ae336654b973425b5d2717c62628f24eee2e20dee71405c47bf480", "CS2": "040725d2f3e1524d22da1c4c758e33080a8373cfccf9ae97ce658c3fbb29609c1a1dc5554ef7085147d14d8d330924551132087243f1853c215fdda31468012e5e", "HASH_MPIN_ID_HEX": "b3d6256995a73cef935da5c0a9dee1d53ddc1fe71ba0ac69722f161458c2bc4b", "TIME_PERMIT": "0408fce7597724bc3c3a7d616fff7f665236e348f720aa091be99694c7a14f4fb70917845a946572bec4ea8cc45a730c2d2490d74fafbb9e63518f1a1cd130ebf4", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226466313766333439376238353739303662653436303765626564353737393939406365727469766f782e636f6d222c202273616c74223a20226633393232303331323431663365636164343965653536386634366637343337227d", "TOKEN": "0409f3f1a85bd7ef80592bceaf9830be17cbf8cf645
775e422093037cc7708748f136787955b59ff58fd6a49172ef79bc2868f9ef6d87762477b42fc81d21aa23f", "U": "040e8fc2c98f1cc6ac3f0b5d7c9ef41e4ede06e853794f05a38862bddddffdb9410d4c000e25f6af4ce372b75f62701a84fab8771f9630af1aade4f5203c5e3233", "SERVER_OUTPUT": 0, "V": "0414952ce518f68010564597937e8e9e5b3b4fe305aab0de089ced2c36cc6d75af1e8bd3520739a033b1ff277af9a457140725d518b4e54e382b52ef1c5e3f6c31", "Y": "0ea4a9775af6ea2d790aab5455b8b3202ce482654075ed7d497ec38db0798146", "X": "0533f448575026bea78b34b5807f3c67bde9b25c67bfa17c942ab5b2e9906a6a", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"df17f3497b857906be4607ebed577999@certivox.com\", \"salt\": \"f3922031241f3ecad49ee568f46f7437\"}", "test_no": 11, "UT": "042176ff883e421eed0ec22714718e1c628bee08fe1394679e004c9e5ca51e114a2260fe786bad156adc8bb9a52d345d2a873e4c9e6a50e5c64d1b2ee1e28ab39e", "MS2": "1caf71dc735f9910424d3916b61a5e9d3a9986779162798ae9ff94489c2f1c2f", "MS1": "205403d6aa8bdb177986a541e19979fa3b6ce20e754f53
240f6006cc69eac2ec", "CLIENT_SECRET": "040ad0eb3f2d90b810180d70914324503449006861837de6d7935718ce66be462a1995759f4e2d2099912d3a82ce1f424d0ab29a8e2d0d180cf5e6c801744e0933"}, {"SS1": "1450499a3ffe2c17d751514b0d3c2247650e77511050b0b42b4c46cc629a4708162fdfdfa28a8b78d61b8251a32ab5d43e8d8c10384716cc9b95f91723d499f91e9f34ddc337013ae8b5f84fce2fcba3eea2618a87fa7bac02bfd6f48716bf341433ca62ec3c9c96063f75911925b8bb3991fe9a9870f9080146426bfc094e66", "SS2": "236bf56559c6414d767556200ce0279fe56fae8a209a89f7e9e0dbbf6d9a4b4823b981b5640d565a39d604364c6499c115b3ab5a7a9553f0fe292313be1d8cac1d8f9ddacf0c93eb0596720d9ebe6c9d5a1071d50d4c552a62f67d25629ce770114f3717c0c2195d8b58d42bf6d3a90e6d9334f378d4b42ce01a7b1b0b95f4ce", "DATE": 16574, "PIN2": 3849, "PIN1": 3849, "SERVER_SECRET": "1aa8a4f71766717cd0e935774d8c976da5e4c8decfb0542ebead0af7daeb742720304f977c524fd3d92a023055cd63b42b3dadec803a4f88adbf3b75d49733c9220be6b602c08b578892ef306ab92069cd992b0b1723abaa4bbe73ed49601fca1a5e42231c04a2b348fbe01dbb6cb2951a12
1b55f7cfe89e1f3e91d38289e5ed", "SEC": "041a8be7564cfafef91709c4b3037125dec2962b0950b7117c22eb57ab974852c20a41e65215e68df7d396f11383bdbf7200a94f52762cda0781beb2cbeb524903", "TP2": "0416084902e4081cca0565176494dc1c607ed78a45b539766960e145f4d242bc870cfb6d9a18e60762f4e669c1153811fbac9006fd34b2137c818db6f4a1975676", "TP1": "0421e92a93e49ef86375afe488434b286b8938b55eb4d22adbca52dd86b2e773c418434ce0d447853d50259bd24ab85dca46577622143dd9f6cd24f70e04a63bfb", "CS1": "041aef0941ae6b60042691e195d09f7638417f65f0e8315e3652e1f2458cfe6dec08d8e459f5e856b3a80cf2bd79f10824aa557271ef9d1293fab42ea65f806b1a", "CS2": "040ce39cd32a7d172a2d5d8bac6e5aaf254a7dc2748067679fee9e8c6ed55b071d0ec1ee184b85959cdc53b861a06819edd21b82034e6303ef005bc6fd14c9d22d", "HASH_MPIN_ID_HEX": "01078df455bcde211ff18edb028b794a847695f0c6e9ba18928021c1fd7f1dc8", "TIME_PERMIT": "0402352c9ccb311ea8e21364cab822c3a47ad87c8bbfe14da66f83cfb7b1b348e81761dc86e3a04f5cc530c97b28d0dfeedb117f6cdc1245cee240cbae79ef46a5", "MPIN_ID_HEX": "7b226d6f
62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226139653333323863353733313039363261306665313663313365376132376431406365727469766f782e636f6d222c202273616c74223a20226231323535623564323439316664376430356564313033656164386534326238227d", "TOKEN": "0412a024dcfc7a4bc42632f4072f7198a0125978687e5cdc5bf00f5c12ce124edf01e5ebd94cc2c89998d214be71c4e2ca3d69b3ef03873ef09c08873576c71387", "U": "040dda1f55b8d8a6b41761e9af47b30ea28ff8152bee5e43f491dc3bb968686eba1e5d17a3311ce70189ba16d9e863c489bb2601597f99406e2bc57b3423d650be", "SERVER_OUTPUT": 0, "V": "041a696ac17a51e017639e393d019bdd83ec25d315e3f7a5b4afdc942068e5614c1aed6f120f6cbd9f7e06de1381f79ae50ac1aabbd46e2e30836dadcd4bb49935", "Y": "15f9f00ca53f3cf8237dc5bf1e0d90df2af7ab3f462b5ee768bb0bd5510ae26d", "X": "129b7ffa76573ae7af11f1a3c743d993b60f6dba566be4ff74ae93dcffa9f15a", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"a9e3328c57310962a0fe16c13e7a27d1@ce
rtivox.com\", \"salt\": \"b1255b5d2491fd7d05ed103ead8e42b8\"}", "test_no": 12, "UT": "041f6abefc3dab041a8e606bdf40bb8cd421a40b725addde477b3b7253da6766c51e9fca2c0f82fc420b679b4f12773c0f2b634fe8146f734393be3fbe882eb7b1", "MS2": "1746f71df355a9879436109ee2f28683973ee2b515817a5d793c95308a5ff311", "MS1": "13fea6350b2560d0fb3f1c27561a5e927518e438aef4416d94df0c3802fe83d4", "CLIENT_SECRET": "041efae623eda57e30a49f9d458d450fc05293790e113aafe4f0d50ee3539b96620c61c967a957586c7a61171c7114f88ee4d34a325f7663d2bb962dfcabc2bbcd"}, {"SS1": "0ce4e56bc0a861ff450ff3dc9b0596ead87a8b573e9969db21c8ad166e07931301f0d457fadb69075deda5fe82f38ab6df960083ed03bb03afcff826109ee8621d24454223a88b05659628d646c0db240da5de7776405263bf97bfd83cc813b220463311a14364ff290e6e9c43cd378133a4835fd06169e5f8026dfc5940c25b", "SS2": "1d439b9377d8a83e9542f4aa51d8ba7e138c38f387c5c8a97784528d97ba0f760e9be3cc0dd9bde7df4080deec9c7d394aff4d23d383928f042cd4eebd4bb16404bd4483d2477c52396e23ff234df5f8c887c5eb22986381947a503117e88d8703585d19
0dfbe5bb4ab6840d87f97eb8c4e7d8dd66df6520b052337db4e5a7fd", "DATE": 16574, "PIN2": 9822, "PIN1": 9822, "SERVER_SECRET": "0bba8962716a9e27bbdaea996f2ab26aa2e010f147f8d4eeb10452de5eb7de54095c50097c9b4045f0ab6b4524bebb8edc398685ff0368082fa5e6f7117dd5940b6b4c552d42edb6f715651bd2316160fecb21de418a426e81fb1c02abb3b7790ec128fb5d9ef269ac075a19ac2ba4952e872514b7507ccb9c975a4cc7923d29", "SEC": "0412e18a31fd1485ad004e86f12add5e5ddee9c0733b7c90fdc57935586fd4e1601e0b6562e337316e72e22c0dcca9306593f3f6be2c68506ca23edc72df4c9b70", "TP2": "041e56200d430c92980e80a5c4b79ed920abb99c0ec3fa9fa90e872b4564c619f611b333d56d90a68596dcf66133d5420398911119e16961d6ca893b2bd89c3fb2", "TP1": "0403f14c8288d329f6bbdeeed503654bdcf81fbf9f642ed66351b9e673415a006115846dfb16a03d31e7486ab5ed7a6a0f36e40d2f50e65f96c42128c30cda8236", "CS1": "0420eb59ac53543e3851b8e2c8365bdd9e87625fa5db3f9b07d4142e2b05d56d5a1e8ce340273d3bcd3f20176ff509ed3a5bcd2bdda2613857b54518483ee1100b", "CS2": "040167d54054d55a50b9fde1e58af2e654a4ee48a103c2
f551cb1c2be03b76fee521ce4f0e921e4cac58965e9d7ee7fd24dcafa9107e193547a6f6521a3f90f942", "HASH_MPIN_ID_HEX": "c4e2adab8f8c58b383dcd0a37bf5f9143a65afeb96ab613f93e1d136771632d6", "TIME_PERMIT": "0419d7dcf372ee0020f3a6f97f64e850295a7aec4f8a2cf8c09220d3d663c861e51f8c53d0574078d66fd58b763ba39c9a3b51c53cec791a20be9face05696d9a4", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20226131333439653038636634666139336365396130333832323462323164323132406365727469766f782e636f6d222c202273616c74223a20226336363031343832333261373362656536323038653163363038373665343933227d", "TOKEN": "040406cfd472f437f10e49c028ffa2c2f97118f6038380035bfc6afd7c7cb6d45614e8d6005766e608c1cce093ba77f7ec6e00c92363f0ea035dd1840495d8a89a", "U": "040956340ea4934c9b5b5d311fd7cd157a097725d3f34e823cbc0dad409d18847d20a18a897052965cc81170afa96e9e8795a9efd629fe3ad7e369f360b63dd309", "SERVER_OUTPUT": 0, "V": "040c62e57890f914da2f25859b679d638ac0101888ca22
a5121c93fb4bb359c0012022810b8c3ebf54eaadf42029f55da98633f0295dbff200ab1a00061c46e11b", "Y": "1a6605aa2db338732276e7ce847216b8585426267e29ed039812d819d5190368", "X": "0d46b94802dc6db73222e697aabe2eb866005773c971e7d30246e2ac80acb9bb", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"a1349e08cf4fa93ce9a038224b21d212@certivox.com\", \"salt\": \"c660148232a73bee6208e1c60876e493\"}", "test_no": 13, "UT": "041a821b8cf900570c20dd0c908923ad1576d0bca84b42999d2801482498d2febf0288714e1e1b87a08454c4450965941cdfe050043f9a580fd6fc8c9a9c291584", "MS2": "08d458809cafacf6d5d2c679b80947b59368e364df7068de9ccbbbd52e7f3656", "MS1": "2175ba7d2faad16a38750136860a63e61775663fe2ae6d7dffce5ec2298cf0e6", "CLIENT_SECRET": "040a8a4b9f26582b3a4d741bb23e3757f83532ab61edc6a738ef608d4ffe3df6c41c27033e7282f4554d178c166bbab68fae50a2c10685ee77ccb32f04b638213e"}, {"SS1": "135345a8a2b6687c7f748c4c678abc2a691fb25fc0d55aab68d83dd7f8b76dfa142137225dc96031835877b1f7d7128b1d62839c7d28f91571ec17c
300a5747821de495df2306945ea3d8462c956932305f188e691f8acf1112297891e79aa51020e3859377c64e98b16c26dc2e8b40ee405d5737a63dc92431041392698db89", "SS2": "195a9ff8c501a74ba336ebe1ac80a97d6301029ccd6fb5013e139cce77de79d20a1b5f4331f7ccaa8056472c9413412303a1fc313cc9744a600d0af1f9c7c1f606ba7d25911d9c85f2f0dc4903eaa6189fa64a6f581ae645bf03d60adb951807107fc3f7a1c7d2e192e335e59062c5abb0d95a162ee197f8d93881b4b19bc573", "DATE": 16574, "PIN2": 9000, "PIN1": 9000, "SERVER_SECRET": "08e3dba688f59a350915967c2ad24f4cc4878cc71813ca4ba71d1b4e477d394f004880362f5d076928811ff4540bc9cbe71b758dd9acef1cf6862b5a3e33e44a0f46c159adf292ad42c3744a1f65008cf88d82a64f369008b2a544de648b621e12b0909fdcbcb693123cf5d261706be8d533cd0ad969c93e18a43922561a2377", "SEC": "040305bc286058ca0d0df7296b349526b9efd24b27e5bdf80ff45ac0c4d7a481271b690017430474c912e647e2e113265fd4eb240660783d4cacb9255e93304dce", "TP2": "041d672ff8a39878102e2892d574ff62dab650bfbcb86940af9de71a49d3128c060564029ed1d5e09c4fe428f111893697a25119e51d701c13c9d064d
ed21cced0", "TP1": "04052c7e73049e4e47e23b3ac43609c51135f949a5fa4281322a213f345d15893423d801526d2ad0831e687d2425d2228b80bfbbe213b5b848a05c8d0cfb5e2e7e", "CS1": "04071f77fd9450f5e681ed6b8a00d87810ef74b9507f16a7fb6815edc5649031340828e6449f328c14214d905c5dcde8fc0c80dfd1577287a88af55bd69f8d79b1", "CS2": "04015cb93fcd709fb9dfaabf428ef2a6fea1d15cf6db568faaff5a289efab2e5661636edbf1b507010cab541e47f2c9ca6abf828dac4423ef1151a8673998225d8", "HASH_MPIN_ID_HEX": "37652556c5c865056bf1127e1aa3639761afa8c13af6b28cd8ff4e0ede47790f", "TIME_PERMIT": "0402ab624ad2a42041301aec3b792d51abeca3498fc5aa02a99b346f772af316162255593e46779f0c8e801c48e9aa8d2143da777e96e421207890d66ab1ace482", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223838336337633234366338613633663334373330663534393039376138616335406365727469766f782e636f6d222c202273616c74223a20226530373432346438366661393236313339623062623664636536373637363862227d", "TOKEN
": "0414c6fb67146fd53cf6a77e0983d4a8230faa4d048fbe97ae87643043c1ccb2ca22aa84a879dcd88a721378a5159c5bf28eae093505c573e1aa6607211e51cfd9", "U": "041ae38bde3d3d253a91c6d52d558ab0bd3af84dbec6f6b65bd3559216cb971e89114bf813bb3f6ffaed4a71e938b3a63c9e3c97a2ebebb6f7c6e8b34a4ec22334", "SERVER_OUTPUT": 0, "V": "041d5f84f0a0af6aea3bb26b13bf66aec0d2171d2f35792667310b872eca0aaea10186ba54d6371dcb1badbb11919e1a066beb22058ab14331067bf599140adafe", "Y": "08a134c82f786d23ac5c9d80b343f33c25e0a17e0825b8dab89d325bd92829ad", "X": "12dbc077b838b81831a962b3f46bec551462893aae22fecc6926fd2a2adb4719", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"883c7c246c8a63f34730f549097a8ac5@certivox.com\", \"salt\": \"e07424d86fa926139b0bb6dce676768b\"}", "test_no": 14, "UT": "041ee91dc24d68c1cd0ad350423d34521acea30330cadc8c3d65530fa7b68b0a3611bb3dd09ea9957082cee6f0a20c58d7173fdf94221221b52418c97596b84646", "MS2": "18c6156545f62c9bc58b03db316df9956cc70f6d2831247e5c6fd093277fcfd7", "MS1":
"0e7d97af9a5529c51bcadf77d14af1bdd85d6e49c2151a6765e5d9eea9f4f4ca", "CLIENT_SECRET": "04038d76a45c7bed6ed7ddcb678fb264b057be72c1d5ebc8a6622107df1e22de420874d3d5d2ce29766d38780a79d304a97a797f4f859279d32880024f0bd28c31"}, {"SS1": "23f01e2945b40b6567c2422f5bc11497ec933d665d2713f7ac616b1c7f14452414436f4fb2212033f3e28150e726bfee6797ab8cd74f384dbe248176bb6c670c0c7d9c10c2560de8565e2d74e55e48aea23c906e2d152f15746b5011ab447e591e51d573b94e29f4d36478335e9e1dfc9638c98abdcdd70d4087452b04e7e832", "SS2": "0dd0c025144b24bb439de83b23e426cda964353fa8a4574ed0888702c9ddeeb41de59eaf731cff16e47ff63a68135f9e1ed5d1b9de5ea36df2424f418eec17f32324a41e258b2359c7847d1f0c746321eb5684234da66fec823536b4ca8b15660be756a92c02227a74ea0f156fd28faa0cfaaec8c59fedd9716ecc37df46304e", "DATE": 16574, "PIN2": 382, "PIN1": 382, "SERVER_SECRET": "1331ccb92ee61b3e4832e2c836aec9e1e80ab5af2f2bddda23ec8489962f77a2090c6a9034fbb65ce63cc29387d1d1506cfdf4218d08d927bb5e53658619fe2f0355dd7fe1d6457cea2630d039bc11f7398f57ceb0ff40efec511e8
7293d2492011d4cb31765d8a9619a19453b19f066c2e76cfa62edd76b177e18b441d8e2ff", "SEC": "04053936b1edebb1aa71449644c7d323cc5afcbf43cf4ffd99a6def70ec38a58a31e4d32dc92744d1ce6ba92e191b29716fbaf4b7d2d3a9b966f5dd70cf848523e", "TP2": "0421ab9f39655ede18e8d1f927ad8380e33fe5c12e260a2bf68e6ca0c41b5646b71f7e4990730dd9f0c954ab90e149a0ddd5f64a1d0a08740241955f169839f65f", "TP1": "0407500865109d89fa9b183dadabbfe88e02d194f9f2e1e6f7edc7703d3cdb19200653206bf6c97b4e2db477a32bacf00bfe83d5e55e8e2199cb504f17180e9eb8", "CS1": "041e31e8717d512621a01d09683da11630f294eec37fdc0c0e0ebd5e706349fdb60c8045bb3302bf577ed32b827819b2e6553ba255ae8616e2dc82d518234d894c", "CS2": "040299d1c6cfc8767f9446d1f680faf0a22e858a6601d9c69b2cebe8fe5b0a27b115f024112352ced9ee488b882c5aa67b38750ef41bb5a7e2bf1d9af21349f2c8", "HASH_MPIN_ID_HEX": "425de93f690b04df0fdf8378c7f0926e592fbf2de9b31bb4834e6efcf4d42952", "TIME_PERMIT": "040c1caeff0da3f2fade230b2804b762f65d373e34360f252cd394e600d191160c0d6c50311abc6657d426abb093330e7fe0567ced0f0bd9
6be4f38707d8797d7a", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223565396362336133333165633861653463623036383330636435313133653237406365727469766f782e636f6d222c202273616c74223a20223635346565353538333831373436373230646532666132393037326462306338227d", "TOKEN": "041aa8a5c165d4e9b4c3d9adcc78aa32cf998fdc4fe6d3ff22b3fbcaee1fc393f50dd50370e4d9209661946f0c9dceaf708d945dd866bc2589d4bc3464949cdce3", "U": "04046bf3a1303dfa92308b7e3f2473f54300169284f1d084b459b197688336db080be03b998b4189fae46a3d8bf4e2b157b22b1c4e17a0ed63d99234902e330829", "SERVER_OUTPUT": 0, "V": "041ad21cfe0d019b5ed405d5eec0fb1c37a8478ad2be80bfaf75921b50481d00561441d45db1ed34a77dcff73aae16335a50351098d4ffb4f51ddde35b0531d3d9", "Y": "13350718959806fb930b367bf19863729ce5bd221882102122a009ab2e4635d5", "X": "055a3f65f94aa6fb7b2c1a9798d863b9adddde78cba36e759448402381902c4f", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"us
erID\": \"5e9cb3a331ec8ae4cb06830cd5113e27@certivox.com\", \"salt\": \"654ee558381746720de2fa29072db0c8\"}", "test_no": 15, "UT": "040a3e3d7e78b93ae79835344d149d37f46ec8c3d37a352172c04f0bf4d2092aa7046ac417d0acbe4351a3f5510cdd87a90e3424f153a9cbde404ac44e12c4a6f7", "MS2": "1a00f72e27674df8e0db9151af3cfa94a80d84fb57a9166cca002fb0ddc74ab4", "MS1": "1a06b578947fcf8ad95ccb2b8f83aeb338fba26506818315eff599ec2d110054", "CLIENT_SECRET": "04195acb8edb5f37d2c9455285fe696fb68f8c1eb84d3e4a4ae7c136637a4d3f5d221c2bc013aade76dc8fd5dc437dce2cfa45a943f6c52e3aa8e259c339fd6ec2"}, {"SS1": "0189fbf2f7a0febf76294e37d201a724082ad3deca8366967102bf6e21591b07121e3fa8d4439be82b267ff1491eea09f3839d78a072969e0f01a52ff040537f1ea24b1cc34fd3fcd852b2b23ff0068686a0169589a5dbd587d15cb71cbda7221b177da6aad8970d479815841eb6e456ab4523d6d81b59cd7257714ab66b18ea", "SS2": "03160467972fad64ab05306f1352004b3deebdaeff7c42a10d4ee0cc9d3cda64037f44da981da35b2ca3ed322d3b58857b37712768ab5d7575476be816bd55161e7c486511acc10e0dfdaf42a64
1366abaac0111a1c0b07b423fead1d1e5cfca14203f86e66634d376a61b614624759a261ea6224cec4f08c1d320e0f789ae1e", "DATE": 16574, "PIN2": 5353, "PIN1": 5353, "SERVER_SECRET": "22d93758a690dee8301dc064c20c413d7c8ff167a443adc51898942b5a2ff6dd1ef263a6b91642bbb247a96b324b296027c543a3775e55a64aa9639544fd572623caa7f5a036f6c24801808e0b9d53c1f11ef93855c280288e1535d8f5c0e27623e61e97742b0044cb08b79e380633445550ea5e92e22f5a6f059b55626c8fc6", "SEC": "041d01e37caa3f1614cd37d6d6f7878ff858ec11260494727a476c9a4993857e331ef83368c12cd259d93b20715b04997470a454a261d996f28c11a8a940fd8e52", "TP2": "0403f7956b69fef176d25d6b395cde9c4344adec97c37d083a6e5ad2976d0ccf4a1e4f7716744c82703791c2663d4f6350998d04e782bc95ffbd53cae2c315a309", "TP1": "041c00768f9d787d01e2de9986b41e5665bb1879ca4858736ee0baad2f4806a4dd1ac4505e552a56e5627c60b86ca61d931e866d435ca6642f2ce038eedfe00cf7", "CS1": "0407e389cb74ad4442e20607c7a2579fda1739fdea34fb0ef20c68dd1fe590dd571fa8fc1479b56d97b0c111b3dfa1bbdd76cf2c30935103447e150fb92e93410f", "CS2": "0
41521c4c8b389de5b4609d9c6bf6f3dce549f71ec53e67725b62a86d3873202db17d81654f02a5f780e395ce7e864a5e86a7ac67bb557dac6775ee91148c5c35e", "HASH_MPIN_ID_HEX": "a552b1f3e327bc8418d7a6590d16a566903de001a24dc0618bfdcb2cea78deb1", "TIME_PERMIT": "041d366b8604154b018b8383b6ff10e2a6d8e47a06c0b20ecc1d85fa951c6de5be088991cd1b313c7691dfb023056fbd1d10a77ed04f4c52dccb0aea78d000f702", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223735383661323865336365626436623462626662323065303965643935636234406365727469766f782e636f6d222c202273616c74223a20223763393032666536643366653639306461653935356465333438386463666534227d", "TOKEN": "0414b2bc55fc64290556f1e949bfa10ae91f835cff39e4e7cbf17874dbd0a8a4b21ca5963955feac87082d67cfdc52cb00e9c293f33570c87a17fe4a86c4ed95eb", "U": "0409e42f8ebc6d17995ab4f39685e128873a05da2232e3deb583ca1b4a79852e740dbc062a36067b354247d03d3b878dcaf73e0603571363471b93e693d5ae88fb", "SERVER_OUTPUT": 0, "V": "0
41d9640407ee762253b122cb07cb6fe13991fe5d9fda4c9d9dacea3c87963b6231e5467b50a7f94d8a7a3091964b9013e3e9c4aa6d899cea9179506c5636471de", "Y": "17531c5cd14d1116460664ccdad477b6331b567c4b81c94f90d229fb9970812f", "X": "1ad62bd1a8732c9a9a7af439e38a815f47e8eb63028373ac32880797d72b41f5", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"7586a28e3cebd6b4bbfb20e09ed95cb4@certivox.com\", \"salt\": \"7c902fe6d3fe690dae955de3488dcfe4\"}", "test_no": 16, "UT": "041794f855a1b32220c21a6301dd7c443d17bf3e04da21f6ba0b6aa1c8334f950306b540fb8905f189066b717965454f01e5e636d5e0ca24e0dc8968eb0cc6c27b", "MS2": "219bd8a4ac13dd2b6999549d765dbe1b53c33b427f27a346ebe5fbe6e482c7c9", "MS1": "173b225d0ccd1e2ce8b451325d7f2ffa815c306eb01843064e5ddf1205d89005", "CLIENT_SECRET": "040e6abc00f89aca005d36e54dd400980ef773c2d499840e3c2f8b2aa98e3b6c65025f5b81f894fa58529dda81e9acb66f702355fecddd903b01883a5942022ccb"}, {"SS1": "088ec9780f5111ccfda982d9f0f8b3fca4367df1d91effcb12fd78626934b01f05280f2232
d17feefb2799b75cfb3c4f5604b3f7e64e099e8c863792968f83b10b49353e0f974b8bc0d2268c2da29a7feca7166f2154af0d4b6b71a49c8eef9801e7c832f58468786dcbb56be45db49c9c10f832117afe3d42cc483fb5ea7449", "SS2": "1fc49061dd32e801f32e974be013ecc08263ed101024c482d861ab20146b58771c6459562c97110c1267989e434b81c869ed82355863b85d35c3fc0698e595460863215497db16aea733b49052074211ba2e65401940e02c0951d56314150b000d25a93b1fc109fd86f0ad0e714c319eee0bc08a34692b3fef9be9061beb78ba", "DATE": 16574, "PIN2": 5351, "PIN1": 5351, "SERVER_SECRET": "09cd15dd57c7035dfc920752ad4f7f368f6cc9e3df7ce571415ad7ee266d08c7123da0ac81acfe96899ee0ece9fb7f669cded96b61b6580462e4d78f38d7df8b10d33aaf5d235d5b884b95a2274dd297339947907c1eebeeb65d8828f69661c61fc808eb15c4b0d4e16a40221bbcd8cdca49fc02f5cb2fc50badf255ee7842f5", "SEC": "0410c1ed7f71a8aa06fad64774307c2f4b322d2f144e2d6bdb273ceb6e3569a02e065ceed1331aa2c30273aa3b0e85cfdf6ab450f374d2151df53c23cfcd4e3a72", "TP2": "04175b2f5cc63010431b88ada49946f2b95ca69a3032962bd2559f014737a4172a11ffa3e23f
57529b9adfac27ebd4c5333aa028e45ff96650cdb981c0c88f0928", "TP1": "0415f2dba78ae6f9a80688973b0c985c7652f0f36ec9ac6ff44b0fec01782e44d007674fe7151fe67293bf853b16c2fb48b0b67b7992f2024446bdca674bf4b699", "CS1": "0403cbdd40029445d42ac8738f9b8213fc40e377dd359dff02200d44a055c0ec4c1c3b5b5dcb077e644584594b192d0940131b314d8d49f6f41c3419cf60aad866", "CS2": "041e0b37b51cdf6b0b32eb8e5971049ff8632f2264a74ee556c59b2b839f1d637f10f5eaf5a8c6c2c869af76cfe372a5ea369ab98d61a0e7abddec554067484ce6", "HASH_MPIN_ID_HEX": "2dcae178cc526da024586a4cefcd90f7a1b81ba54534b16f6a66e009b10ba7e9", "TIME_PERMIT": "040f4c367a7e86dca24095ef7e553db7bb6b09875e2109df53d22c0d76be4bc16d01f370f4c21760f11310754008f89d0b7b3dbd8202d044123ea0af6939513385", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223762383864326336383437393737366363383564643761663139353331306236406365727469766f782e636f6d222c202273616c74223a202239353436386164643134373162653939
33353662656237643534646632326263227d", "TOKEN": "0411e21b3ad2b67a5eae0f2de6bf13756b82f42f9069112ea52d3e16d8cd13072e18e1a56567b8780f72b72c6839979a38ec74e7a2dc5030a86c34a8f23141e4df", "U": "0419a0ddf46a876f0d48d568b32c62bc2d943286c1e7d1648d1957dc4c9f765b50068129a375ff4cf83b34a1a7b6697df08631c6c800bdccb2ad2292a45f549b07", "SERVER_OUTPUT": 0, "V": "040d9ed5a12f40971d3545a589cbff5c25bc28defc5127c9538d985341c88fa2961b9ec7eb2a69bbb4d265f7aa8cdbf55ebad3e6ab5436cd0f0bd68a1f52a51d4b", "Y": "15423f0734c27df8eb7d655aedf0f79d489c1b79c4670d024969f731b9c8bff0", "X": "175821b117a4d69c9156be23ea2f2e1d51215c1dcf537f22ea770f02a4d1eccc", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"7b88d2c68479776cc85dd7af195310b6@certivox.com\", \"salt\": \"95468add1471be99356beb7d54df22bc\"}", "test_no": 17, "UT": "041c34b51a8c2d3049bd8efece36b0be88342f6fd98d802625a0f5d1c28a876fe00f0bdf14e470952b5f4af97c6761f981aeed159cebec839d7d7c7805db5c63ac", "MS2": "0e31b13e7508005c4c2eeee21cca8
4f1d0da26689f517083372699b59bae0bd5", "MS1": "1bcd1ee366c077339c170858e06ab6c13934bf3b81c46e2ba21e0fd4e4f1beea", "CLIENT_SECRET": "041f89b50afc3fbce0c99c8ef1081ce0fae6efcbf33c34fd095bc7373afac7c7581cef5cfd6b33c922493a6390fcb58cce8c5f71bd19fd501772a2f6fdf1c08b9d"}, {"SS1": "1b13d5bdd518a0e5bb38e3f5bd71a77fd6b9d40adc72915584167a669ea5411a057283debfb2c5ef071760fa04ba99f623d7b52f69fdca73cabec850040ce38f0c2a6e500acc1b1fb73d44acaf749bfd902d1a1f62c802360563232f4eb8426d0c004a6c1444dc968ddec4d8885fd6fa87bfcf8581c83057682746900f7b4de0", "SS2": "2265b195fe3ca45759ba449bcded1c7ad680ac9b2d02f7157c1f4a374203e05e06927f4216755d9529b7174638f9aee6f71c14c38e27ace0a33e8c2393d8dd2c05400bf13de8111ad2aaad087efcfc8d6442f6308c488be380435cedd6e6d9991832438b175db683c871ad613d36e8a411d9facd0213a83f1b348713ec823b22", "DATE": 16574, "PIN2": 310, "PIN1": 310, "SERVER_SECRET": "1b6309d810f8f389d2dda4924edd397097c988fa8e86507ed8e89505a5cef55e1e10b9176251562fa7af7c79d18e29ffdb99971ba455ec80182318a5a860b67622caac3a48
4c118d8fcfd4f79e904a23abd9b9c0ddd05e563f56936e5f4b38460a1dcfc24d8c4d8d085902463fbdf42ea2cb8046c0606d31a997a51199c7d8df", "SEC": "0421c6d42d2f5813d039ea120012da0a3a104749bdd1d44cd8eedaa6dc8f41f35009a63a0d00c074825ecf0c69f6eee035dfc73d1aab2a1e000d9e65c2c586fbaf", "TP2": "04038d28a64c904ee881a16218fc186914d9db5f0195bd1828e697a259932da5c70fc0f545fbfa7e5835e3a01e00ddebff42f56f009f2f6371ae4f949549fb039b", "TP1": "040b7996ce2212246368d23b94ee9c1c821b94fc90dad8a76e96de0d0500552dfb01fa0b3b2b4c0dd95bad7e2d5e42f5521bda5f68c82d82a639d26435285e5780", "CS1": "040f749c883b3934c13a5a83fc245fb06482a6e3d0fc866026d1539e5a2d3a2b901ff979b53cde52fa81f4172229c900c4cb4046ca011df29dde50e3e62314d465", "CS2": "04239128a1f91f67a750484d17e24589ecc7e7307d95443348415ca2c07f13aed007c1ddfb587e00329513bea4c780d498399633a4edcab04b497333e51065f68f", "HASH_MPIN_ID_HEX": "8126d16b9133439e351df78f39c7128ac38419154a66c19c534b20a5558208b8", "TIME_PERMIT": "0423c766d8fee75459a98e834187810c539e7d30176fdd5b3daaa886d403fff8442
20eae68f145a41ff1df998265e8d4b6c612ccbcb7c8c0932a02e3ed3687b529", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33355a222c2022757365724944223a20223162656538313032376663663061333333343338313761623465373531626635406365727469766f782e636f6d222c202273616c74223a20226461363464613362396635346238626235363931663361306435393834373139227d", "TOKEN": "040587a1f51a3edffda7de4e9a8809625d70eaf270a00937ec2bb9118a7cc8add919a5ea5673427fe9442bd7a770e7696ca7adc09f91a31af7c6fb4e3131b5af63", "U": "041943f21db15c14e6cca37d66b00a0f0b6d966555b385afb83610e6250bca60ad1963ea7d6109af95e48bc54cfe140885a51d6563fa1eae32376c5562d35403ad", "SERVER_OUTPUT": 0, "V": "0404283179ad16299a621260a860b0ae0b1422c7cc1e3aac1e00782b585221eae01e9b7ba57a3a2ce9ddbcd4b9b4548db9e8dc29e114ccdda55015e5977d623510", "Y": "176778c1180770a0b00f157ed313fe36bfd62fe03a4254a5c1b7ece95c7cd15b", "X": "029496aaf0a0099ccffd2d23fceee36d2eea0f1ce8df33fd9e2137016f256197", "mpin_id": "{\"mobile\":
1, \"issued\": \"2015-05-19T16:17:35Z\", \"userID\": \"1bee81027fcf0a33343817ab4e751bf5@certivox.com\", \"salt\": \"da64da3b9f54b8bb5691f3a0d5984719\"}", "test_no": 18, "UT": "0402617c055cf2c4ee3392683ae8b22ceebaf23558eba7b51509f68d88c342d56d144a6b0601c98c80e959311b45bf95979d9ff49b2df654c07847c75afca615a1", "MS2": "23f7d88400361768fb46c1acd10725aab7fa0dfe607a7305614d81612336f2d9", "MS1": "175d39d7303e5623ff32aab5832009a5c51f3ec03a35dea1c54f6c473a0d4141", "CLIENT_SECRET": "0403651204ab64db2be813bcf7fc4f40316e09087e9f1cc362ff19a21d43534f4c14341073c908e3e6e4cea94a61881d79af4ad796e7f733689c541d2bd992127b"}, {"SS1": "0c2c4b97dc9969ad66ef20587e883c2d5f867442f9f7fa545026dbd2ce2499200fd6a7bcc34c11dc9278ea58135e368c587d3e934be6d63c356096aa750354ac1296c3c70f62fff5f23c9dbb4b633f12a1a177f2ab0af3a07be54af2a5148ea50d2b4f509483f95b02943004dd1a40501e982fb065e63fe08ad0c5fb334d56e6", "SS2": "1823eb674f874fd72c1df79c1d4e170fd13db98bca78ba16c20726d3a5563d61093efb31be920f091b78d804a7061c9f7951d4652b11dd
85f0d99d25c3d8688604c8ea2e8a513897eb2ff883a2ccd66d4d85c2c183bfb0cff4289c08fa302dc31f418337c50d09d03305ef029b70abd0059c6671e26caa3a046a1b326189c665", "DATE": 16574, "PIN2": 1292, "PIN1": 1292, "SERVER_SECRET": "18ba0b042134234a51d5b29ff8aff18a65a2e457d02f740d2004d0874624576902acc637d52681a649d59cea5aa01842e95751f253efdc07f9f262481f37ad2d0e9bbafac56e85676f8f37049747e5fe8fcdc0f5ce309dd471ab3c722e84128d179a639878f36aa5d0169f4aedcdef9008e41a78c1dfae56583b82d93bc6fb82", "SEC": "04198765f06ff5bc5420007d67867cae63ae7a53c7acaaa25ef73b40f34d5cdf820a32c2fb2e5f750b86190fd07e026055c8407b0e6e312f798586ef078815e9d1", "TP2": "040ac3c0786471caa1c483ce36f1555637ffdf0eedf0f387643cc1c4ca7fd3588c22971b28cb3580ee5217c14a12fd2e29cb36aca5058410d9ac67d279cdd530c1", "TP1": "0415e1d84d6c9f42651b4e2a1e44e1715658d21afde5612c85989303e0861360281ee5477620e9d25347033dbeb835bde130588626f19a24d31c7596bb97f7582f", "CS1": "040c90ed265992d63c62203c461f91cda133f6ac3400e834f6af1a508d6b07bf6223e072e91f866424d2896900b34bf2b
00b3c23141aac9514fb8fddaaa68aa487", "CS2": "041b63fa2e87526bdfeeeda00ec237ca79111bcf7b28a8596a3f1559de7712f0fe1928d70f21d32d8b11b605b5ee38c4583a196ee0ec508b7f61774a6379ef30f3", "HASH_MPIN_ID_HEX": "f8b557127f626afc32995963b7014077916b427886353d31fe765e3f2b6ce36d", "TIME_PERMIT": "040284b1fb492b506eeab210fee2e1662dbcd76bf32e91dcfffdd4693d89b723b21256abc867fdf0225863900295c1aaaae441df6f072810c6dc344afe875b24a6", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20226162613537373462306338333239313438303165666265333763366430363335406365727469766f782e636f6d222c202273616c74223a20226636313836663136383834323135643737303830323465393464303836303035227d", "TOKEN": "041c76b545fa858697f1bc8e1b9fd4cb70665c766014ff0d31ff1b5562ca760312225f993733b489552c148f7215d1b160c0489ad0501437c57b4ae588ca76b93c", "U": "041628e73f8c197247653a7dad626d2324af41e3b7e941dc3e9001c67bef3fa8cf0563eecb288ae3bc2a730a5f26592fd694dd9e4983b4c16e1
bb6421f94c0f3da", "SERVER_OUTPUT": 0, "V": "0405b053edff721af4378cfbb3b0bef4f1fac179f6ac29db9594fb6faa96b1fff0112f430a43a8c7bcf48fe969efe0a9ec1ffd8a3071362b11737f2710fdd00560", "Y": "18de3bfb920c9c5ea3a0481aa067df6bf4db60083949345a01a113a49a322a47", "X": "20f7f57d7f8b266fb083ef23896b2936c1864c14452bed2b0c0538df2719c272", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"aba5774b0c832914801efbe37c6d0635@certivox.com\", \"salt\": \"f6186f16884215d7708024e94d086005\"}", "test_no": 19, "UT": "04091f85c760936c842685531e87f0375dcf1541904526a8c9b369dfb66dea8cd4146471eac084c3d2e310d2df7fe0a8b7b70718d684ece3ca088351195db60089", "MS2": "0820d6f4611ea8bba62497bb11a80364c5b03a44fb07b740b405a9777598154f", "MS1": "0e50d70385fb6c0bb4467b156ba603416aef6c215b24c49467c8cd0cc04e849b", "CLIENT_SECRET": "041de41609ec71c8afe088b5702a96c788dfd92e443130c1b288aa2790488467bd0de5a306084e1b2521cb00d1ea142fbfbf84ac2ebce64cf27d48d2cd54be0718"}, {"SS1": "0dd0c970af2e77ca6e2543469f1b3
f5d07817a24dc43b3935d041d7c6f5336db160412530bacf15ea14affead9593d11f6fd3789f97f5e95ce9cd36cbcdc26751b3e0604ab0d81714e06f76cef87ec1494231fcb41ef193b5b2023cd74af39d9030d0c618817962d6a82a7fd7cf76385e4903e85c8df5ae17da05fd66ced2135", "SS2": "0c65488a3cb5e84e3d85d65e3303b99ea0dea7659ec9d679615bfe343eb207ca029b78a5fbd66cc46f1a0e7b8f17878fafd94ce7fbb7d76770b927ee083f6cb016745be36acd7844eb93729652c70e2760fa38e4f56eb148787d52525913a87407d5457ea6e7f459ecb545fbbfad566bb2087d36d9572afed5ba513929ad6b24", "DATE": 16574, "PIN2": 7885, "PIN1": 7885, "SERVER_SECRET": "0366f02cfa04a04212a4a9b7c259201b86cf9f93974f93a3d5ff3bf956c33ad71e3cb09e921c9ed104f82f14d737e8818cc6f2546bdc429816477950e965e4eb06e23cde92b42c92bbcae7d14fb4545021d9c0b70f43f9a733657aaeb61ec2ca16abf6fd0c10c4e1a9d01ec066b6bcc3f4ab3a48477fd93b1b9474eafd2a00d3", "SEC": "0402d9d649326090eedfa9685916562753dd62e071d51d72b701ceefdd5d4b9bf123ddab21f8d860addd532e3629a52b6526586181260b84522c48c508f9da16d8", "TP2": "0400040191dbb089037021337c1dd7f
ce2258dc9b5b45289cb378aca269275b7a3225b43eca6ff00c804ef04421d075e74d8d21b5e89d09c5306900593151fba8f", "TP1": "04209e1b485e3e73d3f3215cac375d13d4669497fe5bd3d6da9eed2a99b4e399b61ab0c903b2b3fdd3e2c44cba8144324ca5d224ddf147150403f5d873bfa750dd", "CS1": "0407d60c02b80685c7778b72fea5b9a149e2b51d969b6b0644c77b74291bae1d3d2134fb7d21eeafeee9c7d67ef050e40a0e418bec4df4da1a51745f345d6e1f00", "CS2": "0411fb6c798909802b581f2aa35740560c679b6e396af76172cfe6b7d07cf469300726ebe61a70f9249a3a7ecf72c6cf5ff219676b9fa90a1632902c4e0c86e79e", "HASH_MPIN_ID_HEX": "caf266b7341eec261b46d4c1bfee08062ac32bc49e4a2b94c9b7303280ded76a", "TIME_PERMIT": "040524e4b847ac3da00347a0aaaf7a7c0561bd92d5fac5ef037bad5a38f268f06421219837249a6376d49344455aeb5dec97e31b10a4cf47ede61effdc40d73176", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223062303638336230373936383964616136363062306535646236613437663136406365727469766f782e636f6d222c2022736
16c74223a20223633306433636135336462343839623535303235626162363435633166336431227d", "TOKEN": "0416a44ea26234ea91d44ae45c7a71ffd8da71d2f7e97e6a0251917cfd32aeb5c51beaa89d67b49897f46140327342ffd0878ef5b44d63d2423efb9bbd505d7df4", "U": "041cb15cccd63d87f2c2cd9cdba9e2cf2f5ffc8e853285fd636565b3955d8e63d91d2b31b5fb1f438af0ce6b517c4512905658c9859dc596ffbda5abd4b8925dcc", "SERVER_OUTPUT": 0, "V": "0405d0927d171fe9e6de34c70c8e6ef25777a6cfbbc670c49fa0c591f976f1b3eb1e4d4121d037d7c2a95753a16637fc650d966cf3b4a0a8df278729564e60b23f", "Y": "17d24953a027a9a5b6f2dcaf3308e699ea1e8c220a3e42714c8208ce6289d22f", "X": "09b77af8686c4a22fee9a8d2d43a962915addaa0a51551f4701e72ca26a4f8a2", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"0b0683b079689daa660b0e5db6a47f16@certivox.com\", \"salt\": \"630d3ca53db489b55025bab645c1f3d1\"}", "test_no": 20, "UT": "041e3f80ec282a8f8d89306ca3965b961c9b69042e9b4f6ce19a5d27e9616ecfd619bc454e13af25b16e2b234abaaa5fa76e6be2aa0f1f13924fcdaeb231f
caba3", "MS2": "112e87a931c0207981d4bbca28b7f267dff219749acf0989fc6eba551f915e95", "MS1": "193b116c85e827f1b1358f929ef572dda8e9d31f0a7e62cbf89fd85185e2645c", "CLIENT_SECRET": "040f19612ecb8d126e40d3fa0c743d17113c04d5651aa0dd40e526708c627b4ab41497a80c80af7520ae5501c67b72d88a6503c79f5d3c80e1fc02b14b97f76e7a"}, {"SS1": "014ae6a9ce2c392877dbd7d4f9b91b40520af62f45ed1e5b3639415a60804b970a28d2e483b7a8f0178045e2e93582c6413afef812c81ef96683fd54a2468f4a04f2bf13a0801952422732bd65ee86fb8b3cae8448297be2543a720d8551431a061435fb492835e93e738b8612fc5dca577c2e304aa1266f9361a160068060cf", "SS2": "1bb85e0ca1f0a13b63a3378404e3f1985bfb06bab87a1bc2fd0a1ffbf1c092130655a4b2e97223d09acabd9faf31898487ccedbb81f49bec18a16fc1273ac2a209f983324f06423383811d42e913db7eebf12a284571e7905e58cb429261e93b10ae4191b832e83ef83c696d7d702d2863d473d5b8990cc187f9a6664f1ff2b1", "DATE": 16574, "PIN2": 514, "PIN1": 514, "SERVER_SECRET": "0c2637ddf8cf939d0b60582f5fdd18e48e49eeee1a5110f2ebe3979051bbdcd506b9c35f9cdb7b88758b373051158
2c0cf80af617c600f866dfe8eaff3dd623f1923ad1879e43e7f2f8738aeff629114c888b7ba5f1657f387730e3bf67556c408dd4376cd423289ab5005118377376a7b59d2b71a2eaa8a400398db58fc8022", "SEC": "041d912fbc7c9f720d58426c6b4d05f4e853804fe665b81fcae7798b71fe14bcc4154bed5df1dd89dffc0226a2399bc29028559ec9034482ea692e4fe3db1888f8", "TP2": "04073f19566003ffb795d62877f7b9a2ac28181f0eb8149620e7bc6a65864afc2b1c13e696e53899cf6f706d5d712cab089206be8e585af095097e9ebd9af804c7", "TP1": "04053256d167e754b4d67e6dd532c65345c34876633f6d9830995f857a119b5bfa033246818fa4b103adf578fd7fbeeac447dc4f51d620e9d876007fb90dd19515", "CS1": "0405fed9dff1769b0def4b20ebb655b961c09f56706ad7735d4277294b3b938ff91726666f4797f0b08324565f3df663030a743290d052751c6d3899245dd0c69c", "CS2": "04185d1af89ed2d1527a019350e795a98d67bfb01aa5a0654cd82c7fc1d524b5da0df64e79fda148a0c0aedaffc4ace71b8ba1cce1c2630260bb393cf47bd2445a", "HASH_MPIN_ID_HEX": "0cacec648e8355ec4034564a536e8ade0ce3188c991342fab92aa2071632f0a9", "TIME_PERMIT": "0415cd48ca7dcac0dfd98d
ddf0c5ebf52c199d7a8031821fe07da7ff0a74b2f51611fe05cf7f1e86f8d8b4dc18b1407a069acf335ecbae1ee2e20cb9d1f2eab95f", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223637346462653664353730326530333164313038306633653436616533373535406365727469766f782e636f6d222c202273616c74223a20226135616632353939613432393135613630363863326461383639343337363936227d", "TOKEN": "041d661b718abb7296faebf974f0f77bc4e47931476c003d0e5bbe2f7e2faa0dee06349b7b72b541030855698f0656d01260d2a8d7316cf7197986a39aa0aa7756", "U": "040e22d7265f10d0ffdd810049e99dd57a1d04ce99331b65c5e1901ddbc26f8d481ae64d1bbd56a1756261bd30096daa469b8ea63e7bf3a4f2185fd3817a138d98", "SERVER_OUTPUT": 0, "V": "041b96190d64c330b4bd04b05406a1a4a9a0e19684a679950f445b050a09addd531dcfed51d0c56cc8a6ca4e40bd729f8ac52adad3dc59182b3e32f005234fff79", "Y": "1dbeee1d8bc8b38c2ee8ac785c7306ee9928cc0a8f7e5f42b881603673ae2aa4", "X": "234eb04090e2787217bba29c5d700b089a481e7d288bdd2
ecb2a238c7bc052ad", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"674dbe6d5702e031d1080f3e46ae3755@certivox.com\", \"salt\": \"a5af2599a42915a6068c2da869437696\"}", "test_no": 21, "UT": "04004df0c878150e3dfac838251434bd860b47db0122c48b96539cb01c3f7e0ddd0d12e1b8e6f7a7fccc9f495b38699512c32cc688afb669acfacecd0dd18274e7", "MS2": "10ab1a81bd404cab14df9c47b0e4b4d7ae3873c05234f617127a7ace06676533", "MS1": "09be2d818b9c0bea45cd557072a866dad7c4602706c6dbf9bd08e0a25ecc25e7", "CLIENT_SECRET": "040de184766f4a9f38d10a28fb3db5fdc027e0b409ef56ca29f3477b5c8eb3690a17d30ba084065cd2be626b8b1ab4e9c4abb3244702f795574d51d331e6b8fe1f"}, {"SS1": "0cc291668f7952b9055779656924b7c198947c8e75bf09edd7b1beb0f2ee5e06172560301b209c69e2bc0b9eb757d6192e87683bb260ce8cd33800dbd1995c5f1762c00d0cacd6de49bdbfafeeb0d35ab8e4686f0f8ec7f26a07e5cb4cb3d0131de18aae447a09f39f5c68714be74e395d00bb40261e71f9bd00f4bc2d6b7ee5", "SS2": "00562cc9c42b112ce89dae86a595e7fc37ab3a0a0adbd573944c264b191242541
2d00f32c88c2a4f12c51bddb517f8dd6d52449f5908641cee8f7312775a633d15959fc03d5c503f3d3477822d2e7d3f297884c9f5324ca6d9c2e7732d4b6c6e21eaf402c5774a4ddb022963a8ef421136ff54c6103f2b762a328c4c97f344b5", "DATE": 16574, "PIN2": 6647, "PIN1": 6647, "SERVER_SECRET": "1de34ca400b98aca525864e01937daa168cfc59ef7fbc87283a9cb5d20ad6b840c352c9325af986521016f3df7b641f1772e5f207b6ae874023cbe9ebadc248f18852799f527a077c8ae3c61cf018637719b36afa79038de73ae79e12fa776891545c018c7c9d9bcd82db0fbf6a20ae8563ee4a67fe42fcd5136fcf8dd858920", "SEC": "0420808fff0df89f2183d1b925560657eea5e7c8cefd2f143f996bff9d45b359ab12dbfdfcabbb1d7bf2547da230148bbd793d53bb09bcf484474b0eaf2b9523b8", "TP2": "04075028b3126e036d8d1976f75ae6bb79081a7037f0cffc25d6e60a9e1a1006ca1692d7cc93a8223f10e1a69f639a031b1bf011cdb8be2904eb5ba195a01be223", "TP1": "04071d4a225c688c6e73b5d25c62d50123c009c486df505a3a24c130fd58fb0a8d15f8bc09d150d78d09814e78333b8044bd6045912ec72487e661263051b9b110", "CS1": "04198d5152ecc159e987a63e1f87ee774dcb3773756cd8ac2261
0ed7537d7f2ba013258a755c9e4f33d628a074d3d9fb7313ae5e90d87daa59487816bdb71c5bc9", "CS2": "0406721b44cd168f9fb5277c9769af188c1f1d44710522e9661b7a210ebc7c882c03c52ed27499816ab2028580e2c0185fdc77dc1025762f9decb44a68114983fb", "HASH_MPIN_ID_HEX": "c3e62a8fb543b5256b5db5b2be0ae8bac8bc94f9b6df95279628ff8ddb8a5c73", "TIME_PERMIT": "0416fbf0f43a1c9355be1fe45a19805c3391999d4454997eea1037005e67b84bfb0d5968bc019285959572f81a66e696e07c63bfbdf49c3134c961e1dbfe54a4df", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223734373362613565623538613638316539313839303263323836343362386564406365727469766f782e636f6d222c202273616c74223a20223839353265326438396337333366346166393236653163363936343036366239227d", "TOKEN": "0407750d6b5115a1c9dc66158658aaada1c5fd9868267e3e6064179203241ee30222738d54148d5853ce33aedcadd41dfecd98a908375f360203f0828c95b9a966", "U": "04022bf761b3edc54f519f2c3301ab626323103b962c6f632c2d412017691746e10e07
c12ffb85cb95340f2516d3c963d8ab515957d3dabbd23085b97a226cdc8a", "SERVER_OUTPUT": 0, "V": "04230ed63345122cb191cd4bb56716a2737407c581c49fb36b8da1810370367c2b078f755df8777e88b7166e6bf4706f497093d54602577c5eb753238a5ee7cbee", "Y": "01bc4895a4f521ec15802c1243704e1f7a3e516b9ccfe03f7570b42cf446a9ed", "X": "15abce350b88dce401b4f7b518863a0b76ea5d8c42351f78196a5f98958abe84", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"7473ba5eb58a681e918902c28643b8ed@certivox.com\", \"salt\": \"8952e2d89c733f4af926e1c6964066b9\"}", "test_no": 22, "UT": "0423518d8ee8f13486bd46c158c85a0ff1327b7abfa1dc077869860a4d245a84061337d101e79010aed7ddbc7fce12e73a47b03a99d31841819eeba0a207f6eee2", "MS2": "1812f69ae302f0e4c82141c17ccf0e9ff3e3baa6ba9ac00ef1db858a93762ec2", "MS1": "0d02777320e1a682d3a30b1ec321cce6c3d6efde89dece2667f807e13d320568", "CLIENT_SECRET": "040fd72989e82f0bfab933221639231631f7c8bb7d68e0ce845e4e887f56c68c8604b524766c9137b46cd93f8f867e55db4a00d29eb2fd616c12a16c51d8e77
2a5"}, {"SS1": "208127511894e2b93a7a19b37923409260b131b56e767358b63eb06419650e1605b69d512e469ab3e72c6266d22274b8f8763e0441ea1b2827ebf6f9cff1621219670bd7fed9c813f41c0e002887049d34afd10fc60e7f8bc2dbe426479f1a8e194c96dcac63b8905b30951d4b70d36bb105b2be634f307e68fbc820a3258127", "SS2": "04cb55f642909b8c2282e172c6be2221d8a423438573926a11687242d2d467c31375c5b53c49c359e83ecef6397c40037e18cac2076825adbb4d4afe812f16ff23b6dd56673cbc7d8cd0af17f4aa661797bf6f8771e554e1464535f0348efd6a16b955a3d96030490626bdc331c9a4c59146a6efc961b6bb8a35205210847047", "DATE": 16574, "PIN2": 7469, "PIN1": 7469, "SERVER_SECRET": "182d2edacc2f4cf6baad75936355e22af31bdfe459813ab3b9e6a90d69fa2b501fc77052784845d3fd7eae3f0f6c9b461f1b0f47cce48c6dcef19767baa6fcba16bcda624ed64ce2c43a9047d30bb25c6efd90cdab7f488c8fa5804655eba4f91c386d4d5a71912acc268adc9eaa6aa5928f3919bf78968ddc6b35569bb2c337", "SEC": "040d982f0e45adfa3321fbc05256502a1e7bde7e617c00f3478898af996aeb346a107ef57165557bdc224fd0a54bf845987e644d633eabfda8cdd0968e6b7d0
b3d", "TP2": "040351e5b2157f127e4d1e2c1e71e162adae3a4ce82f2914a2073f22c7e83577b60daa781af3f663cd37583afc93d5535ee6a43131edd1f504f3d95f5317994743", "TP1": "04029e23c070feed99f966fd5ea0c7c5ec2569856147ed95a4cbd3fb2caa89eea7083ca2c048543694572edcaaf405d0de2478b55010078ff2a7088de28513ef44", "CS1": "0404fb860a5f1c200fd2b6fd3c3f3f7e5244ef335a16184dae32ce51a2fad8aa2c20819be6eddf0629e76e31cc42c79d9ec2d380c20bdf4080fceeb0a2edda8870", "CS2": "04190ea3e1c147b9668268d8d985d2788a56f15d7be5db72d490a30e26830769951087aae74754332ae31d59436f727e981a329efc471cf217638bfed88e17c354", "HASH_MPIN_ID_HEX": "74ac22854525087cb79ce41341b006fb38df44b56cd5423b92878e73bc60b86c", "TIME_PERMIT": "04003c3ae91538d28ec3b907bd22c943210e68c024c7c596977b3ab5849b1788dc031ddad391ac09ba5e87f3f7478a6704776880d0a4213d3a3d1df76be46e582a", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a202233383261353935613563636561356531363565643761346461663333
61383137406365727469766f782e636f6d222c202273616c74223a20223035373334636535373638303764323534623264636662306537626134346439227d", "TOKEN": "040fb3ffa1cbff82b3c91afab444afeaa6efa9e0ccaaa81b90666355388b7a576c20ac54b7e4629257e10c718ff2864aa560b8b53fb1cf27b1b9913fcad150d036", "U": "0423c338f6ca440713eb3078629a3a0d39158cb2e2b9818136408a450adabb4fdf13393824951d58228aaac3ee4478cd1f3132186b7a9790d9bb8b9454586b16e3", "SERVER_OUTPUT": 0, "V": "040e8e8ef6dec47b5624b9513002c20309384196616a4ab99fb935207f63ee5d870bbbd8bf5a70482bc97e622b4b93bef1bb3c8fb334e5239f11bedbf5f189e112", "Y": "0cce89c6f8ab07bb89e41cc9760d7aeb3f22e302c8ea46defeada61e13b671f8", "X": "042996fc7381b42de783dac27438f93643adb3eb63686108c37a7c014b037249", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"382a595a5ccea5e165ed7a4daf33a817@certivox.com\", \"salt\": \"05734ce576807d254b2dcfb0e7ba44d9\"}", "test_no": 23, "UT": "040cf4ddde664d96862d209c69e3c98d27a58c32d25e02a8ae76c9fb9f781afa811d954fca806148
22e60e2eba2bd6d27cd5cdf9c2448a6a3fd614fb8690235c18", "MS2": "1a69289245a6b45359aeaf36449eb7a7dc2b453e50c678d9b52b6fb334273916", "MS1": "1b6559c93c764f34cce1fb61006b4d418928ba005d0114b9a87f4e2118e5bebd", "CLIENT_SECRET": "0402b6ff92053bf6d4c61c29fdcfee20133867c859905fc9dd98425f95e7f63b420b7f8473b661d9aeb3705f7483474e82b483b6ec6094c91d032facefd2de9cdf"}, {"SS1": "05a2b3a6502e3a59413e52b0ece27c3d308f5a3f30061f600f7c43b277b335bd0bb6a20942855b5cfbe8475b1f5457d681779ddd15c450bb02dd1c7d07c9698b0a8bdd0db6cfef47e28c1887439d395f1cfaac965273468ad33de99325735f2a03ec9d7b086642d5644e563645e30ba82eed30d7c8b673f7caa2963a70e7f07b", "SS2": "02f728de8e8c465251bff7d36baa34e27cd834f9cf051ced7208a9d2f662d930233379515dece8d8deb1ce483f9c5cc11597468a48696cc4776fa29d6bca62d416198e9cf029d806dd0b782e69302f116bf04cf5ed297d0ea0b67c463dd3e50e0c91da01d94bfdbbaeafa874f387f73dbfcd3727e7b2dba9da1a52b47da27e56", "DATE": 16574, "PIN2": 2524, "PIN1": 2524, "SERVER_SECRET": "2371db2e3582241ad7149dc0c52244c7b991137b948e0e
afb6a8ef5fedd58840106a6d420ae7d761bf1bd95568d74b5956e1268053ead19ad143a9ac48177b3414d4afc66c654e504ee441e144a58ce247e09085ad4e58f0bf927d8d5376c8aa1ba85ed1f7e94a65da9fbc64db83564f5a9a2c1b959ac54a1d2562605a6f9c99", "SEC": "040aebe499cfa5c24e1eea3c9fe00101eb7d853a60e92194882fe7f1e5ec555d291edffef264e2355c9cf589fc578fe91f7208bc04549e0794aebdc9bbe2f8a5d8", "TP2": "0418bb7a849f5dbcd404dc4a3f14269310e6f028496469bebea6a1c410de14de6b130d5ba6be03562070a8371881ac01ad073956759c5384947d8fc271587765af", "TP1": "040ff0a5c162ea4d0248682a38a0e63ec280a723fefcfb8609981d98d8aed267051119796d262b6e8d33ef45d76b233f869ff1cee68009995ce1dbc1705f144913", "CS1": "041d6fd44cf624bd2d08429c6a666ba054ae51b90b4cfadd7050418cff5da9eda90131aa33f1d042ef25059792d4b9bcde172abf992ac128c1078f5eab80f58298", "CS2": "040b4d67e12b86a9f5d02a148addf4a32d2362c28c4389b4a4e5cd9aed7a5f4e0d196b42b4a98b8a20488f08686e61b9e63b287ddc19c906c5c8b1fec2949a750f", "HASH_MPIN_ID_HEX": "0cd096d8a85c3218afeed65d667a6207b346f198141da3c0e04088ce1d
e06184", "TIME_PERMIT": "040751bf75401f8bf72712fc30beb17169c2bfce3720ecdfea834e416e3dc3e2630b18168cd4413a0031990bc0a7494b9b1f84def0ee32885817e402e9e560273e", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20223031316562376530353631303837636239306164333263373765633931636262406365727469766f782e636f6d222c202273616c74223a20226463306436396437343561313830633930646165666635316634393533353262227d", "TOKEN": "041889f73f41b7b5cb114dfc33e2d3741d34ace24e0ac888f9ec08d90200c7c25503c9520cd2d7578b4695f4d11cc3b158c443e16df83a6f408f47a7bd802a1230", "U": "040c338e2270e800a65e48750f97463f28eb8e30fb33250325387a7e2c4062401710706ab4c59fea9a407f527eabb1c4c92db43ab4149f5ad6343e201c597ee24c", "SERVER_OUTPUT": 0, "V": "04155b9a44e35577ee8a746c13f8b091f1c2f0683fd3a711e074900a5b05b67d701518bbd9f60cfb21adb5dc20fd207439a825db2ffd1ee41fc2b3d8be4c6b6f24", "Y": "1dda40ba4196de9785aca8623ae51c821beebd515d24f5771b233b656df6a90c", "X": "
0a029a60905ff26d4b38859287f721b8dd91f06611859e5198f3c6c771c76baa", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"011eb7e0561087cb90ad32c77ec91cbb@certivox.com\", \"salt\": \"dc0d69d745a180c90daeff51f495352b\"}", "test_no": 24, "UT": "040c58bb659f9fc19b82df2a5a80bb3efea360219097fc43449bbfa0a81a9a933505dafc717e2e7dc57b984a9019f0dcc1799db781dede3cbe1628b3b0db77ebcb", "MS2": "01f3ccfc7a6f10beb2157a23de28cde18cf6d69afb8ab7dc83047a4ea9fc3457", "MS1": "0038a0f9dadd6658d0690c4aceaa60a696e2a125c696762d3a1c16c56294cd59", "CLIENT_SECRET": "040a301d90524959a4a4791d68e23fb2ca294dd85994a22a8cf7ce634a16d9ec4c1cadf3017bd323bf20914cbd9e3cee9a8981a4a5fdc491b33b94dea6d57877ec"}, {"SS1": "1eedbf8b632a9b9bb18843439adf10de8cdafd5b216b9cf2a0cbc81a2d9bd0f2029ed74a59b1a4deceedcb9603efc41f582c079323af4218c44f71322e9bb2d4060c13f2bc014ad201e30867ed1585b93a846d3d53cf5e7b2e24c9ca08a6a5c4223300b56529773d2a80e284df8f9b0c528a3eea40081178efea218aae0b4f91", "SS2": "1f4150147220718714
36e174cf43c0ee9de3936979ecb646f970d24a2417ddf515d0217fdc3af8dd3b57353dc29ddbc298e20d74ae0b1ab1ffc40a1303fa41be1f57aeac96174d5bfe479e9fb506df260c083e8ec2b3d120c006a13e6136921b09f8fe6aea21aadabd24e3026a5e0566f35d82520271af8a167e46159bf26c97", "DATE": 16574, "PIN2": 1974, "PIN1": 1974, "SERVER_SECRET": "0d996446b6a8a1172f5ca00af2d4365a3dfc44237b837854a3a2492b350baf2a14dc6fca4e15cd2ad213450bfff376c8779656ad782aad6592e529ccc3cdbca7074e3386f905f8f172b2e6f7a4ec365340c3d46f2c2ebe601493cd677c1998e516703755d45a041b1d6a02d8636b91b6ff63549d3031ead42ba0b2c0eb80bb6c", "SEC": "0417e0c0db3a03c05115dffad812f97912c6aba59538c92ca1c05fff18f4e7e3a703dc12719171e4fae7a14f4466e84535d49d6b8c2930881fa599d079625ea0bc", "TP2": "0409e088916e27b5ed082971e62ba469aa381034270cc56de50fd604270c33dd3618aebdc9ef5ef68fe882e0db4fe9293994aa3c9931430765de53b4e8b72b2396", "TP1": "040ddd64aa91d60f73bc7112678aa94d8266db234343b1baea89bea3f02846cda40eac9aa156d45009ce45951efa06e917ef103ab0d0e435ee90360deaa79181c6", "CS1": "04018
0e4fb5079f3325e0683621e61fd421f8a93c9009c92d5e3852571a0a88c52158189454143f8b304ee0e7b83eff75fe2eb9948802cc461de4d1f95206e4c5e", "CS2": "040c68898288b44352c34923d7ebc664fa68747c985ea50e67a0949d63f84ce85104d6b1f822e1c424712dc077d493751f17df3154983d25e4d17bbb5b149d72e0", "HASH_MPIN_ID_HEX": "8b1bd9a8c376c90af85f8b4a79fb4c893cda8814584d166ed1fe5e7d6780b853", "TIME_PERMIT": "040bd9d4a26b04d935cce222b6ac1a9a88b4b40b223ba43468b32a5dc899b4131806f25be9989f9b5ec195da7f32a708b138c4b14fdfc95648ed167926765700d1", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a20226234393231666363376337636166636138376430633961376135333766313864406365727469766f782e636f6d222c202273616c74223a20226161666561613066353236393132613330316433623433336131376636343461227d", "TOKEN": "040064efa04e5706c7dc98e6238b22ce5711674dec996f521339bcc1ab8454156714a276233a17871d0f64e2b3aed011dfdabeaa577ebc300bdd064f69dd4dc39b", "U": "0417d5195d07bbe908062c7
fabd6ae470ceced46de77ca7f0528a38f36d072111e0563d9dfcf5e261d4eadf5df26e9e75a13870c450139c14d25e3e9471beb354a", "SERVER_OUTPUT": 0, "V": "041839b54091b8da7aabd7ddd8e46bafd830481f8452d4c55e3d033c7314afe1fa1a3da402b9f05bdca7dbc58fa7c0c0cdc8a1a5169025f691aa0b29ed0ca1060e", "Y": "0cd1fe95151666b7ee185fe68bcb9043bcc96e9340c64876ce5ff6385eae73f2", "X": "1771c3c82c75a448095481b869a97b8edae96649291382daef2d5f3778dcde32", "mpin_id": "{\"mobile\": 1, \"issued\": \"2015-05-19T16:17:36Z\", \"userID\": \"b4921fcc7c7cafca87d0c9a7a537f18d@certivox.com\", \"salt\": \"aafeaa0f526912a301d3b433a17f644a\"}", "test_no": 25, "UT": "04043eb58b5a7338066e9b30e81b1d49d233a926027373f117abb380912c82010221a594e12f9caf08cce40fdb845fbdffc170e945793e9c2f0cb255a004401474", "MS2": "0daa0ab5dabdb79d1679a681b3efbb4061b5cc9b5fcfdf0e697612dc2e801cac", "MS1": "1b05a8654de45628cc4a4910589a258a203021c1ea67ff1e1f0bf0c201b24d7b", "CLIENT_SECRET": "0420d61e8c41b014ac3fb5a39922e2a1799ddee41ce03985c940f1e4e506ecb07817afdd244bc63d
4ea9d2032a309dff62a3e7d6440b84c249f4fa5896aeb07c21"}, {"SS1": "22bb08ee901c5a370a5b1530eae322fbbbbb526968467ff486c27afd7dc5216a23fbc077285f90f1ff13fc94834938fe2665552ff25965975ecff413fdb2367e089075e4fed42eea2a579736678cdb74b904cdec195540636e9e473fe15b8ad803a6fe497d1c0e0b9f0a6f07cf06e8b63a6534e1bf64fa7a7c16395f01b8c7b0", "SS2": "07ba76f3ed7c975f215bb513d5dc0725208367cebbdb6ed937977313c7c223e805371832fb795c3f5f53296fbb1b256d54377889d7ba3fc23a0b055a6a37088a227a951a6afeb6eda3f79a0ca1e8b7984321b192dc10981ff7d3d57aa2b3c76c0cdab0fdb7e191801287b4ca513fc8e79fc7c963a7ecf766c6be8928a084f69d", "DATE": 16574, "PIN2": 2465, "PIN1": 2465, "SERVER_SECRET": "1f4ebe644e77138ee521641b0bd32e3c102962ab6f90930d7be763476fed117109f420c389c916b21d662072f44fd3b11147ccc20db716fc878d4d6389569fcd078734865cd83f283f9b7a2903cbbf15bd108a0763a6515b25c15268b3e5aace1515fa87dd1069dd1f4484795a5be3370e1a562846516056b6bc43211497b24e", "SEC": "041fcc5fd609c1d21a2ab293c6260f8bf7edebd1015487085d213dcb73c5456dc820fd067b3693ce
09e35ea7ce6cc0f517fa4ea64891fb3e79b25b6648570b0501", "TP2": "040f47c57e6ba53014970aa9792ae6879d657ead3c4c0b02d4f809eec1950a663b03524fcff9496b6211ac327e0009e317b9b51901f65b97e630463e6aa4a5f0a3", "TP1": "041cf0279ee48cb9912b7d3c990ec6dc581346baa5deb8319db216c71b335bff7215a79042e9a122af3f358fc6081146701016c5b51e829bdcd4ce9bf36d89ec70", "CS1": "0416f33afb9669b44f3b6fb5523ea5e2b88df8217a937eafc34a15ded9ff0bb2391a4d0a42b14083bd2547b5ef6fe64a41e4de1107f0f576ad2c810992542d24a8", "CS2": "041bf56cccb84cf6addbbecd21af61120921c473e84649734abb10fbace40b0c352291bf79194d7a6cf7ee4727cb24259b4dbda7e363ad1e6d4b86d25d651791da", "HASH_MPIN_ID_HEX": "0de136cda78bdca4bae7d8ab3744a9c7def1742f65816e90e678c7ed1b2f665c", "TIME_PERMIT": "040b6c2f48771fc027dbbca50cccf523106d258a82ce3623cf5c18f3605768d3ee1c153af852fbf90c559a9733e01d56d60cd7c8425089ccd0998afd545f31afba", "MPIN_ID_HEX": "7b226d6f62696c65223a20312c2022697373756564223a2022323031352d30352d31395431363a31373a33365a222c2022757365724944223a2022363361363
4656564363363653631663830623639653339643332656635616662406365727469766f782e636f6d222c202273616c74223a20226666353938653761646661343861343764343362373333393062663738386232227d", "TOKEN": "041a011b091be3152ace0578b078001f6615f2f4d3622283e25dc616e8f04ef9472391e574737f278a2608eb14db8c6cc8173dc778fc7925ffde7eec4bb129398a", "U": "041efddb6f20f95cd299962fc537d3552f65e1d28524d821c789677b9e777959c708e2cc2ed
<TRUNCATED>
[35/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/latex/llncs.cls
----------------------------------------------------------------------
diff --git a/docs/latex/llncs.cls b/docs/latex/llncs.cls
deleted file mode 100644
index 23fd1c6..0000000
--- a/docs/latex/llncs.cls
+++ /dev/null
@@ -1,1190 +0,0 @@
-% LLNCS DOCUMENT CLASS -- version 2.14 (17-Aug-2004)
-% Springer Verlag LaTeX2e support for Lecture Notes in Computer Science
-%
-%%
-%% \CharacterTable
-%% {Upper-case \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z
-%% Lower-case \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z
-%% Digits \0\1\2\3\4\5\6\7\8\9
-%% Exclamation \! Double quote \" Hash (number) \#
-%% Dollar \$ Percent \% Ampersand \&
-%% Acute accent \' Left paren \( Right paren \)
-%% Asterisk \* Plus \+ Comma \,
-%% Minus \- Point \. Solidus \/
-%% Colon \: Semicolon \; Less than \<
-%% Equals \= Greater than \> Question mark \?
-%% Commercial at \@ Left bracket \[ Backslash \\
-%% Right bracket \] Circumflex \^ Underscore \_
-%% Grave accent \` Left brace \{ Vertical bar \|
-%% Right brace \} Tilde \~}
-%%
-\NeedsTeXFormat{LaTeX2e}[1995/12/01]
-\ProvidesClass{llncs}[2004/08/17 v2.14
-^^J LaTeX document class for Lecture Notes in Computer Science]
-% Options
-\let\if@envcntreset\iffalse
-\DeclareOption{envcountreset}{\let\if@envcntreset\iftrue}
-\DeclareOption{citeauthoryear}{\let\citeauthoryear=Y}
-\DeclareOption{oribibl}{\let\oribibl=Y}
-\let\if@custvec\iftrue
-\DeclareOption{orivec}{\let\if@custvec\iffalse}
-\let\if@envcntsame\iffalse
-\DeclareOption{envcountsame}{\let\if@envcntsame\iftrue}
-\let\if@envcntsect\iffalse
-\DeclareOption{envcountsect}{\let\if@envcntsect\iftrue}
-\let\if@runhead\iffalse
-\DeclareOption{runningheads}{\let\if@runhead\iftrue}
-
-\let\if@openbib\iffalse
-\DeclareOption{openbib}{\let\if@openbib\iftrue}
-
-% languages
-\let\switcht@@therlang\relax
-\def\ds@deutsch{\def\switcht@@therlang{\switcht@deutsch}}
-\def\ds@francais{\def\switcht@@therlang{\switcht@francais}}
-
-\DeclareOption*{\PassOptionsToClass{\CurrentOption}{article}}
-
-\ProcessOptions
-
-\LoadClass[twoside]{article}
-\RequirePackage{multicol} % needed for the list of participants, index
-
-\setlength{\textwidth}{12.2cm}
-\setlength{\textheight}{19.3cm}
-\renewcommand\@pnumwidth{2em}
-\renewcommand\@tocrmarg{3.5em}
-%
-\def\@dottedtocline#1#2#3#4#5{%
- \ifnum #1>\c@tocdepth \else
- \vskip \z@ \@plus.2\p@
- {\leftskip #2\relax \rightskip \@tocrmarg \advance\rightskip by 0pt plus 2cm
- \parfillskip -\rightskip \pretolerance=10000
- \parindent #2\relax\@afterindenttrue
- \interlinepenalty\@M
- \leavevmode
- \@tempdima #3\relax
- \advance\leftskip \@tempdima \null\nobreak\hskip -\leftskip
- {#4}\nobreak
- \leaders\hbox{$\m@th
- \mkern \@dotsep mu\hbox{.}\mkern \@dotsep
- mu$}\hfill
- \nobreak
- \hb@xt@\@pnumwidth{\hfil\normalfont \normalcolor #5}%
- \par}%
- \fi}
-%
-\def\switcht@albion{%
-\def\abstractname{Abstract.}
-\def\ackname{Acknowledgement.}
-\def\andname{and}
-\def\lastandname{\unskip, and}
-\def\appendixname{Appendix}
-\def\chaptername{Chapter}
-\def\claimname{Claim}
-\def\conjecturename{Conjecture}
-\def\contentsname{Table of Contents}
-\def\corollaryname{Corollary}
-\def\definitionname{Definition}
-\def\examplename{Example}
-\def\exercisename{Exercise}
-\def\figurename{Fig.}
-\def\keywordname{{\bf Key words:}}
-\def\indexname{Index}
-\def\lemmaname{Lemma}
-\def\contriblistname{List of Contributors}
-\def\listfigurename{List of Figures}
-\def\listtablename{List of Tables}
-\def\mailname{{\it Correspondence to\/}:}
-\def\noteaddname{Note added in proof}
-\def\notename{Note}
-\def\partname{Part}
-\def\problemname{Problem}
-\def\proofname{Proof}
-\def\propertyname{Property}
-\def\propositionname{Proposition}
-\def\questionname{Question}
-\def\remarkname{Remark}
-\def\seename{see}
-\def\solutionname{Solution}
-\def\subclassname{{\it Subject Classifications\/}:}
-\def\tablename{Table}
-\def\theoremname{Theorem}}
-\switcht@albion
-% Names of theorem like environments are already defined
-% but must be translated if another language is chosen
-%
-% French section
-\def\switcht@francais{%\typeout{On parle francais.}%
- \def\abstractname{R\'esum\'e.}%
- \def\ackname{Remerciements.}%
- \def\andname{et}%
- \def\lastandname{ et}%
- \def\appendixname{Appendice}
- \def\chaptername{Chapitre}%
- \def\claimname{Pr\'etention}%
- \def\conjecturename{Hypoth\`ese}%
- \def\contentsname{Table des mati\`eres}%
- \def\corollaryname{Corollaire}%
- \def\definitionname{D\'efinition}%
- \def\examplename{Exemple}%
- \def\exercisename{Exercice}%
- \def\figurename{Fig.}%
- \def\keywordname{{\bf Mots-cl\'e:}}
- \def\indexname{Index}
- \def\lemmaname{Lemme}%
- \def\contriblistname{Liste des contributeurs}
- \def\listfigurename{Liste des figures}%
- \def\listtablename{Liste des tables}%
- \def\mailname{{\it Correspondence to\/}:}
- \def\noteaddname{Note ajout\'ee \`a l'\'epreuve}%
- \def\notename{Remarque}%
- \def\partname{Partie}%
- \def\problemname{Probl\`eme}%
- \def\proofname{Preuve}%
- \def\propertyname{Caract\'eristique}%
-%\def\propositionname{Proposition}%
- \def\questionname{Question}%
- \def\remarkname{Remarque}%
- \def\seename{voir}
- \def\solutionname{Solution}%
- \def\subclassname{{\it Subject Classifications\/}:}
- \def\tablename{Tableau}%
- \def\theoremname{Th\'eor\`eme}%
-}
-%
-% German section
-\def\switcht@deutsch{%\typeout{Man spricht deutsch.}%
- \def\abstractname{Zusammenfassung.}%
- \def\ackname{Danksagung.}%
- \def\andname{und}%
- \def\lastandname{ und}%
- \def\appendixname{Anhang}%
- \def\chaptername{Kapitel}%
- \def\claimname{Behauptung}%
- \def\conjecturename{Hypothese}%
- \def\contentsname{Inhaltsverzeichnis}%
- \def\corollaryname{Korollar}%
-%\def\definitionname{Definition}%
- \def\examplename{Beispiel}%
- \def\exercisename{\"Ubung}%
- \def\figurename{Abb.}%
- \def\keywordname{{\bf Schl\"usselw\"orter:}}
- \def\indexname{Index}
-%\def\lemmaname{Lemma}%
- \def\contriblistname{Mitarbeiter}
- \def\listfigurename{Abbildungsverzeichnis}%
- \def\listtablename{Tabellenverzeichnis}%
- \def\mailname{{\it Correspondence to\/}:}
- \def\noteaddname{Nachtrag}%
- \def\notename{Anmerkung}%
- \def\partname{Teil}%
-%\def\problemname{Problem}%
- \def\proofname{Beweis}%
- \def\propertyname{Eigenschaft}%
-%\def\propositionname{Proposition}%
- \def\questionname{Frage}%
- \def\remarkname{Anmerkung}%
- \def\seename{siehe}
- \def\solutionname{L\"osung}%
- \def\subclassname{{\it Subject Classifications\/}:}
- \def\tablename{Tabelle}%
-%\def\theoremname{Theorem}%
-}
-
-% Ragged bottom for the actual page
-\def\thisbottomragged{\def\@textbottom{\vskip\z@ plus.0001fil
-\global\let\@textbottom\relax}}
-
-\renewcommand\small{%
- \@setfontsize\small\@ixpt{11}%
- \abovedisplayskip 8.5\p@ \@plus3\p@ \@minus4\p@
- \abovedisplayshortskip \z@ \@plus2\p@
- \belowdisplayshortskip 4\p@ \@plus2\p@ \@minus2\p@
- \def\@listi{\leftmargin\leftmargini
- \parsep 0\p@ \@plus1\p@ \@minus\p@
- \topsep 8\p@ \@plus2\p@ \@minus4\p@
- \itemsep0\p@}%
- \belowdisplayskip \abovedisplayskip
-}
-
-\frenchspacing
-\widowpenalty=10000
-\clubpenalty=10000
-
-\setlength\oddsidemargin {63\p@}
-\setlength\evensidemargin {63\p@}
-\setlength\marginparwidth {90\p@}
-
-\setlength\headsep {16\p@}
-
-\setlength\footnotesep{7.7\p@}
-\setlength\textfloatsep{8mm\@plus 2\p@ \@minus 4\p@}
-\setlength\intextsep {8mm\@plus 2\p@ \@minus 2\p@}
-
-\setcounter{secnumdepth}{2}
-
-\newcounter {chapter}
-\renewcommand\thechapter {\@arabic\c@chapter}
-
-\newif\if@mainmatter \@mainmattertrue
-\newcommand\frontmatter{\cleardoublepage
- \@mainmatterfalse\pagenumbering{Roman}}
-\newcommand\mainmatter{\cleardoublepage
- \@mainmattertrue\pagenumbering{arabic}}
-\newcommand\backmatter{\if@openright\cleardoublepage\else\clearpage\fi
- \@mainmatterfalse}
-
-\renewcommand\part{\cleardoublepage
- \thispagestyle{empty}%
- \if@twocolumn
- \onecolumn
- \@tempswatrue
- \else
- \@tempswafalse
- \fi
- \null\vfil
- \secdef\@part\@spart}
-
-\def\@part[#1]#2{%
- \ifnum \c@secnumdepth >-2\relax
- \refstepcounter{part}%
- \addcontentsline{toc}{part}{\thepart\hspace{1em}#1}%
- \else
- \addcontentsline{toc}{part}{#1}%
- \fi
- \markboth{}{}%
- {\centering
- \interlinepenalty \@M
- \normalfont
- \ifnum \c@secnumdepth >-2\relax
- \huge\bfseries \partname~\thepart
- \par
- \vskip 20\p@
- \fi
- \Huge \bfseries #2\par}%
- \@endpart}
-\def\@spart#1{%
- {\centering
- \interlinepenalty \@M
- \normalfont
- \Huge \bfseries #1\par}%
- \@endpart}
-\def\@endpart{\vfil\newpage
- \if@twoside
- \null
- \thispagestyle{empty}%
- \newpage
- \fi
- \if@tempswa
- \twocolumn
- \fi}
-
-\newcommand\chapter{\clearpage
- \thispagestyle{empty}%
- \global\@topnum\z@
- \@afterindentfalse
- \secdef\@chapter\@schapter}
-\def\@chapter[#1]#2{\ifnum \c@secnumdepth >\m@ne
- \if@mainmatter
- \refstepcounter{chapter}%
- \typeout{\@chapapp\space\thechapter.}%
- \addcontentsline{toc}{chapter}%
- {\protect\numberline{\thechapter}#1}%
- \else
- \addcontentsline{toc}{chapter}{#1}%
- \fi
- \else
- \addcontentsline{toc}{chapter}{#1}%
- \fi
- \chaptermark{#1}%
- \addtocontents{lof}{\protect\addvspace{10\p@}}%
- \addtocontents{lot}{\protect\addvspace{10\p@}}%
- \if@twocolumn
- \@topnewpage[\@makechapterhead{#2}]%
- \else
- \@makechapterhead{#2}%
- \@afterheading
- \fi}
-\def\@makechapterhead#1{%
-% \vspace*{50\p@}%
- {\centering
- \ifnum \c@secnumdepth >\m@ne
- \if@mainmatter
- \large\bfseries \@chapapp{} \thechapter
- \par\nobreak
- \vskip 20\p@
- \fi
- \fi
- \interlinepenalty\@M
- \Large \bfseries #1\par\nobreak
- \vskip 40\p@
- }}
-\def\@schapter#1{\if@twocolumn
- \@topnewpage[\@makeschapterhead{#1}]%
- \else
- \@makeschapterhead{#1}%
- \@afterheading
- \fi}
-\def\@makeschapterhead#1{%
-% \vspace*{50\p@}%
- {\centering
- \normalfont
- \interlinepenalty\@M
- \Large \bfseries #1\par\nobreak
- \vskip 40\p@
- }}
-
-\renewcommand\section{\@startsection{section}{1}{\z@}%
- {-18\p@ \@plus -4\p@ \@minus -4\p@}%
- {12\p@ \@plus 4\p@ \@minus 4\p@}%
- {\normalfont\large\bfseries\boldmath
- \rightskip=\z@ \@plus 8em\pretolerance=10000 }}
-\renewcommand\subsection{\@startsection{subsection}{2}{\z@}%
- {-18\p@ \@plus -4\p@ \@minus -4\p@}%
- {8\p@ \@plus 4\p@ \@minus 4\p@}%
- {\normalfont\normalsize\bfseries\boldmath
- \rightskip=\z@ \@plus 8em\pretolerance=10000 }}
-\renewcommand\subsubsection{\@startsection{subsubsection}{3}{\z@}%
- {-18\p@ \@plus -4\p@ \@minus -4\p@}%
- {-0.5em \@plus -0.22em \@minus -0.1em}%
- {\normalfont\normalsize\bfseries\boldmath}}
-\renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}%
- {-12\p@ \@plus -4\p@ \@minus -4\p@}%
- {-0.5em \@plus -0.22em \@minus -0.1em}%
- {\normalfont\normalsize\itshape}}
-\renewcommand\subparagraph[1]{\typeout{LLNCS warning: You should not use
- \string\subparagraph\space with this class}\vskip0.5cm
-You should not use \verb|\subparagraph| with this class.\vskip0.5cm}
-
-\DeclareMathSymbol{\Gamma}{\mathalpha}{letters}{"00}
-\DeclareMathSymbol{\Delta}{\mathalpha}{letters}{"01}
-\DeclareMathSymbol{\Theta}{\mathalpha}{letters}{"02}
-\DeclareMathSymbol{\Lambda}{\mathalpha}{letters}{"03}
-\DeclareMathSymbol{\Xi}{\mathalpha}{letters}{"04}
-\DeclareMathSymbol{\Pi}{\mathalpha}{letters}{"05}
-\DeclareMathSymbol{\Sigma}{\mathalpha}{letters}{"06}
-\DeclareMathSymbol{\Upsilon}{\mathalpha}{letters}{"07}
-\DeclareMathSymbol{\Phi}{\mathalpha}{letters}{"08}
-\DeclareMathSymbol{\Psi}{\mathalpha}{letters}{"09}
-\DeclareMathSymbol{\Omega}{\mathalpha}{letters}{"0A}
-
-\let\footnotesize\small
-
-\if@custvec
-\def\vec#1{\mathchoice{\mbox{\boldmath$\displaystyle#1$}}
-{\mbox{\boldmath$\textstyle#1$}}
-{\mbox{\boldmath$\scriptstyle#1$}}
-{\mbox{\boldmath$\scriptscriptstyle#1$}}}
-\fi
-
-\def\squareforqed{\hbox{\rlap{$\sqcap$}$\sqcup$}}
-\def\qed{\ifmmode\squareforqed\else{\unskip\nobreak\hfil
-\penalty50\hskip1em\null\nobreak\hfil\squareforqed
-\parfillskip=0pt\finalhyphendemerits=0\endgraf}\fi}
-
-\def\getsto{\mathrel{\mathchoice {\vcenter{\offinterlineskip
-\halign{\hfil
-$\displaystyle##$\hfil\cr\gets\cr\to\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr\gets
-\cr\to\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr\gets
-\cr\to\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr
-\gets\cr\to\cr}}}}}
-\def\lid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil
-$\displaystyle##$\hfil\cr<\cr\noalign{\vskip1.2pt}=\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr<\cr
-\noalign{\vskip1.2pt}=\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr<\cr
-\noalign{\vskip1pt}=\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr
-<\cr
-\noalign{\vskip0.9pt}=\cr}}}}}
-\def\gid{\mathrel{\mathchoice {\vcenter{\offinterlineskip\halign{\hfil
-$\displaystyle##$\hfil\cr>\cr\noalign{\vskip1.2pt}=\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr>\cr
-\noalign{\vskip1.2pt}=\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr>\cr
-\noalign{\vskip1pt}=\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr
->\cr
-\noalign{\vskip0.9pt}=\cr}}}}}
-\def\grole{\mathrel{\mathchoice {\vcenter{\offinterlineskip
-\halign{\hfil
-$\displaystyle##$\hfil\cr>\cr\noalign{\vskip-1pt}<\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\textstyle##$\hfil\cr
->\cr\noalign{\vskip-1pt}<\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptstyle##$\hfil\cr
->\cr\noalign{\vskip-0.8pt}<\cr}}}
-{\vcenter{\offinterlineskip\halign{\hfil$\scriptscriptstyle##$\hfil\cr
->\cr\noalign{\vskip-0.3pt}<\cr}}}}}
-\def\bbbr{{\rm I\!R}} %reelle Zahlen
-\def\bbbm{{\rm I\!M}}
-\def\bbbn{{\rm I\!N}} %natuerliche Zahlen
-\def\bbbf{{\rm I\!F}}
-\def\bbbh{{\rm I\!H}}
-\def\bbbk{{\rm I\!K}}
-\def\bbbp{{\rm I\!P}}
-\def\bbbone{{\mathchoice {\rm 1\mskip-4mu l} {\rm 1\mskip-4mu l}
-{\rm 1\mskip-4.5mu l} {\rm 1\mskip-5mu l}}}
-\def\bbbc{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm C$}\hbox{\hbox
-to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}
-{\setbox0=\hbox{$\textstyle\rm C$}\hbox{\hbox
-to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptstyle\rm C$}\hbox{\hbox
-to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptscriptstyle\rm C$}\hbox{\hbox
-to0pt{\kern0.4\wd0\vrule height0.9\ht0\hss}\box0}}}}
-\def\bbbq{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm
-Q$}\hbox{\raise
-0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}}
-{\setbox0=\hbox{$\textstyle\rm Q$}\hbox{\raise
-0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.8\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptstyle\rm Q$}\hbox{\raise
-0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptscriptstyle\rm Q$}\hbox{\raise
-0.15\ht0\hbox to0pt{\kern0.4\wd0\vrule height0.7\ht0\hss}\box0}}}}
-\def\bbbt{{\mathchoice {\setbox0=\hbox{$\displaystyle\rm
-T$}\hbox{\hbox to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}
-{\setbox0=\hbox{$\textstyle\rm T$}\hbox{\hbox
-to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptstyle\rm T$}\hbox{\hbox
-to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptscriptstyle\rm T$}\hbox{\hbox
-to0pt{\kern0.3\wd0\vrule height0.9\ht0\hss}\box0}}}}
-\def\bbbs{{\mathchoice
-{\setbox0=\hbox{$\displaystyle \rm S$}\hbox{\raise0.5\ht0\hbox
-to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox
-to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}}
-{\setbox0=\hbox{$\textstyle \rm S$}\hbox{\raise0.5\ht0\hbox
-to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\hbox
-to0pt{\kern0.55\wd0\vrule height0.5\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptstyle \rm S$}\hbox{\raise0.5\ht0\hbox
-to0pt{\kern0.35\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox
-to0pt{\kern0.5\wd0\vrule height0.45\ht0\hss}\box0}}
-{\setbox0=\hbox{$\scriptscriptstyle\rm S$}\hbox{\raise0.5\ht0\hbox
-to0pt{\kern0.4\wd0\vrule height0.45\ht0\hss}\raise0.05\ht0\hbox
-to0pt{\kern0.55\wd0\vrule height0.45\ht0\hss}\box0}}}}
-\def\bbbz{{\mathchoice {\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}}
-{\hbox{$\mathsf\textstyle Z\kern-0.4em Z$}}
-{\hbox{$\mathsf\scriptstyle Z\kern-0.3em Z$}}
-{\hbox{$\mathsf\scriptscriptstyle Z\kern-0.2em Z$}}}}
-
-\let\ts\,
-
-\setlength\leftmargini {17\p@}
-\setlength\leftmargin {\leftmargini}
-\setlength\leftmarginii {\leftmargini}
-\setlength\leftmarginiii {\leftmargini}
-\setlength\leftmarginiv {\leftmargini}
-\setlength \labelsep {.5em}
-\setlength \labelwidth{\leftmargini}
-\addtolength\labelwidth{-\labelsep}
-
-\def\@listI{\leftmargin\leftmargini
- \parsep 0\p@ \@plus1\p@ \@minus\p@
- \topsep 8\p@ \@plus2\p@ \@minus4\p@
- \itemsep0\p@}
-\let\@listi\@listI
-\@listi
-\def\@listii {\leftmargin\leftmarginii
- \labelwidth\leftmarginii
- \advance\labelwidth-\labelsep
- \topsep 0\p@ \@plus2\p@ \@minus\p@}
-\def\@listiii{\leftmargin\leftmarginiii
- \labelwidth\leftmarginiii
- \advance\labelwidth-\labelsep
- \topsep 0\p@ \@plus\p@\@minus\p@
- \parsep \z@
- \partopsep \p@ \@plus\z@ \@minus\p@}
-
-\renewcommand\labelitemi{\normalfont\bfseries --}
-\renewcommand\labelitemii{$\m@th\bullet$}
-
-\setlength\arraycolsep{1.4\p@}
-\setlength\tabcolsep{1.4\p@}
-
-\def\tableofcontents{\chapter*{\contentsname\@mkboth{{\contentsname}}%
- {{\contentsname}}}
- \def\authcount##1{\setcounter{auco}{##1}\setcounter{@auth}{1}}
- \def\lastand{\ifnum\value{auco}=2\relax
- \unskip{} \andname\
- \else
- \unskip \lastandname\
- \fi}%
- \def\and{\stepcounter{@auth}\relax
- \ifnum\value{@auth}=\value{auco}%
- \lastand
- \else
- \unskip,
- \fi}%
- \@starttoc{toc}\if@restonecol\twocolumn\fi}
-
-\def\l@part#1#2{\addpenalty{\@secpenalty}%
- \addvspace{2em plus\p@}% % space above part line
- \begingroup
- \parindent \z@
- \rightskip \z@ plus 5em
- \hrule\vskip5pt
- \large % same size as for a contribution heading
- \bfseries\boldmath % set line in boldface
- \leavevmode % TeX command to enter horizontal mode.
- #1\par
- \vskip5pt
- \hrule
- \vskip1pt
- \nobreak % Never break after part entry
- \endgroup}
-
-\def\@dotsep{2}
-
-\def\hyperhrefextend{\ifx\hyper@anchor\@undefined\else
-{chapter.\thechapter}\fi}
-
-\def\addnumcontentsmark#1#2#3{%
-\addtocontents{#1}{\protect\contentsline{#2}{\protect\numberline
- {\thechapter}#3}{\thepage}\hyperhrefextend}}
-\def\addcontentsmark#1#2#3{%
-\addtocontents{#1}{\protect\contentsline{#2}{#3}{\thepage}\hyperhrefextend}}
-\def\addcontentsmarkwop#1#2#3{%
-\addtocontents{#1}{\protect\contentsline{#2}{#3}{0}\hyperhrefextend}}
-
-\def\@adcmk[#1]{\ifcase #1 \or
-\def\@gtempa{\addnumcontentsmark}%
- \or \def\@gtempa{\addcontentsmark}%
- \or \def\@gtempa{\addcontentsmarkwop}%
- \fi\@gtempa{toc}{chapter}}
-\def\addtocmark{\@ifnextchar[{\@adcmk}{\@adcmk[3]}}
-
-\def\l@chapter#1#2{\addpenalty{-\@highpenalty}
- \vskip 1.0em plus 1pt \@tempdima 1.5em \begingroup
- \parindent \z@ \rightskip \@tocrmarg
- \advance\rightskip by 0pt plus 2cm
- \parfillskip -\rightskip \pretolerance=10000
- \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip
- {\large\bfseries\boldmath#1}\ifx0#2\hfil\null
- \else
- \nobreak
- \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern
- \@dotsep mu$}\hfill
- \nobreak\hbox to\@pnumwidth{\hss #2}%
- \fi\par
- \penalty\@highpenalty \endgroup}
-
-\def\l@title#1#2{\addpenalty{-\@highpenalty}
- \addvspace{8pt plus 1pt}
- \@tempdima \z@
- \begingroup
- \parindent \z@ \rightskip \@tocrmarg
- \advance\rightskip by 0pt plus 2cm
- \parfillskip -\rightskip \pretolerance=10000
- \leavevmode \advance\leftskip\@tempdima \hskip -\leftskip
- #1\nobreak
- \leaders\hbox{$\m@th \mkern \@dotsep mu.\mkern
- \@dotsep mu$}\hfill
- \nobreak\hbox to\@pnumwidth{\hss #2}\par
- \penalty\@highpenalty \endgroup}
-
-\def\l@author#1#2{\addpenalty{\@highpenalty}
- \@tempdima=15\p@ %\z@
- \begingroup
- \parindent \z@ \rightskip \@tocrmarg
- \advance\rightskip by 0pt plus 2cm
- \pretolerance=10000
- \leavevmode \advance\leftskip\@tempdima %\hskip -\leftskip
- \textit{#1}\par
- \penalty\@highpenalty \endgroup}
-
-\setcounter{tocdepth}{0}
-\newdimen\tocchpnum
-\newdimen\tocsecnum
-\newdimen\tocsectotal
-\newdimen\tocsubsecnum
-\newdimen\tocsubsectotal
-\newdimen\tocsubsubsecnum
-\newdimen\tocsubsubsectotal
-\newdimen\tocparanum
-\newdimen\tocparatotal
-\newdimen\tocsubparanum
-\tocchpnum=\z@ % no chapter numbers
-\tocsecnum=15\p@ % section 88. plus 2.222pt
-\tocsubsecnum=23\p@ % subsection 88.8 plus 2.222pt
-\tocsubsubsecnum=27\p@ % subsubsection 88.8.8 plus 1.444pt
-\tocparanum=35\p@ % paragraph 88.8.8.8 plus 1.666pt
-\tocsubparanum=43\p@ % subparagraph 88.8.8.8.8 plus 1.888pt
-\def\calctocindent{%
-\tocsectotal=\tocchpnum
-\advance\tocsectotal by\tocsecnum
-\tocsubsectotal=\tocsectotal
-\advance\tocsubsectotal by\tocsubsecnum
-\tocsubsubsectotal=\tocsubsectotal
-\advance\tocsubsubsectotal by\tocsubsubsecnum
-\tocparatotal=\tocsubsubsectotal
-\advance\tocparatotal by\tocparanum}
-\calctocindent
-
-\def\l@section{\@dottedtocline{1}{\tocchpnum}{\tocsecnum}}
-\def\l@subsection{\@dottedtocline{2}{\tocsectotal}{\tocsubsecnum}}
-\def\l@subsubsection{\@dottedtocline{3}{\tocsubsectotal}{\tocsubsubsecnum}}
-\def\l@paragraph{\@dottedtocline{4}{\tocsubsubsectotal}{\tocparanum}}
-\def\l@subparagraph{\@dottedtocline{5}{\tocparatotal}{\tocsubparanum}}
-
-\def\listoffigures{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn
- \fi\section*{\listfigurename\@mkboth{{\listfigurename}}{{\listfigurename}}}
- \@starttoc{lof}\if@restonecol\twocolumn\fi}
-\def\l@figure{\@dottedtocline{1}{0em}{1.5em}}
-
-\def\listoftables{\@restonecolfalse\if@twocolumn\@restonecoltrue\onecolumn
- \fi\section*{\listtablename\@mkboth{{\listtablename}}{{\listtablename}}}
- \@starttoc{lot}\if@restonecol\twocolumn\fi}
-\let\l@table\l@figure
-
-\renewcommand\listoffigures{%
- \section*{\listfigurename
- \@mkboth{\listfigurename}{\listfigurename}}%
- \@starttoc{lof}%
- }
-
-\renewcommand\listoftables{%
- \section*{\listtablename
- \@mkboth{\listtablename}{\listtablename}}%
- \@starttoc{lot}%
- }
-
-\ifx\oribibl\undefined
-\ifx\citeauthoryear\undefined
-\renewenvironment{thebibliography}[1]
- {\section*{\refname}
- \def\@biblabel##1{##1.}
- \small
- \list{\@biblabel{\@arabic\c@enumiv}}%
- {\settowidth\labelwidth{\@biblabel{#1}}%
- \leftmargin\labelwidth
- \advance\leftmargin\labelsep
- \if@openbib
- \advance\leftmargin\bibindent
- \itemindent -\bibindent
- \listparindent \itemindent
- \parsep \z@
- \fi
- \usecounter{enumiv}%
- \let\p@enumiv\@empty
- \renewcommand\theenumiv{\@arabic\c@enumiv}}%
- \if@openbib
- \renewcommand\newblock{\par}%
- \else
- \renewcommand\newblock{\hskip .11em \@plus.33em \@minus.07em}%
- \fi
- \sloppy\clubpenalty4000\widowpenalty4000%
- \sfcode`\.=\@m}
- {\def\@noitemerr
- {\@latex@warning{Empty `thebibliography' environment}}%
- \endlist}
-\def\@lbibitem[#1]#2{\item[{[#1]}\hfill]\if@filesw
- {\let\protect\noexpand\immediate
- \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces}
-\newcount\@tempcntc
-\def\@citex[#1]#2{\if@filesw\immediate\write\@auxout{\string\citation{#2}}\fi
- \@tempcnta\z@\@tempcntb\m@ne\def\@citea{}\@cite{\@for\@citeb:=#2\do
- {\@ifundefined
- {b@\@citeb}{\@citeo\@tempcntb\m@ne\@citea\def\@citea{,}{\bfseries
- ?}\@warning
- {Citation `\@citeb' on page \thepage \space undefined}}%
- {\setbox\z@\hbox{\global\@tempcntc0\csname b@\@citeb\endcsname\relax}%
- \ifnum\@tempcntc=\z@ \@citeo\@tempcntb\m@ne
- \@citea\def\@citea{,}\hbox{\csname b@\@citeb\endcsname}%
- \else
- \advance\@tempcntb\@ne
- \ifnum\@tempcntb=\@tempcntc
- \else\advance\@tempcntb\m@ne\@citeo
- \@tempcnta\@tempcntc\@tempcntb\@tempcntc\fi\fi}}\@citeo}{#1}}
-\def\@citeo{\ifnum\@tempcnta>\@tempcntb\else
- \@citea\def\@citea{,\,\hskip\z@skip}%
- \ifnum\@tempcnta=\@tempcntb\the\@tempcnta\else
- {\advance\@tempcnta\@ne\ifnum\@tempcnta=\@tempcntb \else
- \def\@citea{--}\fi
- \advance\@tempcnta\m@ne\the\@tempcnta\@citea\the\@tempcntb}\fi\fi}
-\else
-\renewenvironment{thebibliography}[1]
- {\section*{\refname}
- \small
- \list{}%
- {\settowidth\labelwidth{}%
- \leftmargin\parindent
- \itemindent=-\parindent
- \labelsep=\z@
- \if@openbib
- \advance\leftmargin\bibindent
- \itemindent -\bibindent
- \listparindent \itemindent
- \parsep \z@
- \fi
- \usecounter{enumiv}%
- \let\p@enumiv\@empty
- \renewcommand\theenumiv{}}%
- \if@openbib
- \renewcommand\newblock{\par}%
- \else
- \renewcommand\newblock{\hskip .11em \@plus.33em \@minus.07em}%
- \fi
- \sloppy\clubpenalty4000\widowpenalty4000%
- \sfcode`\.=\@m}
- {\def\@noitemerr
- {\@latex@warning{Empty `thebibliography' environment}}%
- \endlist}
- \def\@cite#1{#1}%
- \def\@lbibitem[#1]#2{\item[]\if@filesw
- {\def\protect##1{\string ##1\space}\immediate
- \write\@auxout{\string\bibcite{#2}{#1}}}\fi\ignorespaces}
- \fi
-\else
-\@cons\@openbib@code{\noexpand\small}
-\fi
-
-\def\idxquad{\hskip 10\p@}% space that divides entry from number
-
-\def\@idxitem{\par\hangindent 10\p@}
-
-\def\subitem{\par\setbox0=\hbox{--\enspace}% second order
- \noindent\hangindent\wd0\box0}% index entry
-
-\def\subsubitem{\par\setbox0=\hbox{--\,--\enspace}% third
- \noindent\hangindent\wd0\box0}% order index entry
-
-\def\indexspace{\par \vskip 10\p@ plus5\p@ minus3\p@\relax}
-
-\renewenvironment{theindex}
- {\@mkboth{\indexname}{\indexname}%
- \thispagestyle{empty}\parindent\z@
- \parskip\z@ \@plus .3\p@\relax
- \let\item\par
- \def\,{\relax\ifmmode\mskip\thinmuskip
- \else\hskip0.2em\ignorespaces\fi}%
- \normalfont\small
- \begin{multicols}{2}[\@makeschapterhead{\indexname}]%
- }
- {\end{multicols}}
-
-\renewcommand\footnoterule{%
- \kern-3\p@
- \hrule\@width 2truecm
- \kern2.6\p@}
- \newdimen\fnindent
- \fnindent1em
-\long\def\@makefntext#1{%
- \parindent \fnindent%
- \leftskip \fnindent%
- \noindent
- \llap{\hb@xt@1em{\hss\@makefnmark\ }}\ignorespaces#1}
-
-\long\def\@makecaption#1#2{%
- \vskip\abovecaptionskip
- \sbox\@tempboxa{{\bfseries #1.} #2}%
- \ifdim \wd\@tempboxa >\hsize
- {\bfseries #1.} #2\par
- \else
- \global \@minipagefalse
- \hb@xt@\hsize{\hfil\box\@tempboxa\hfil}%
- \fi
- \vskip\belowcaptionskip}
-
-\def\fps@figure{htbp}
-\def\fnum@figure{\figurename\thinspace\thefigure}
-\def \@floatboxreset {%
- \reset@font
- \small
- \@setnobreak
- \@setminipage
-}
-\def\fps@table{htbp}
-\def\fnum@table{\tablename~\thetable}
-\renewenvironment{table}
- {\setlength\abovecaptionskip{0\p@}%
- \setlength\belowcaptionskip{10\p@}%
- \@float{table}}
- {\end@float}
-\renewenvironment{table*}
- {\setlength\abovecaptionskip{0\p@}%
- \setlength\belowcaptionskip{10\p@}%
- \@dblfloat{table}}
- {\end@dblfloat}
-
-\long\def\@caption#1[#2]#3{\par\addcontentsline{\csname
- ext@#1\endcsname}{#1}{\protect\numberline{\csname
- the#1\endcsname}{\ignorespaces #2}}\begingroup
- \@parboxrestore
- \@makecaption{\csname fnum@#1\endcsname}{\ignorespaces #3}\par
- \endgroup}
-
-% LaTeX does not provide a command to enter the authors institute
-% addresses. The \institute command is defined here.
-
-\newcounter{@inst}
-\newcounter{@auth}
-\newcounter{auco}
-\newdimen\instindent
-\newbox\authrun
-\newtoks\authorrunning
-\newtoks\tocauthor
-\newbox\titrun
-\newtoks\titlerunning
-\newtoks\toctitle
-
-\def\clearheadinfo{\gdef\@author{No Author Given}%
- \gdef\@title{No Title Given}%
- \gdef\@subtitle{}%
- \gdef\@institute{No Institute Given}%
- \gdef\@thanks{}%
- \global\titlerunning={}\global\authorrunning={}%
- \global\toctitle={}\global\tocauthor={}}
-
-\def\institute#1{\gdef\@institute{#1}}
-
-\def\institutename{\par
- \begingroup
- \parskip=\z@
- \parindent=\z@
- \setcounter{@inst}{1}%
- \def\and{\par\stepcounter{@inst}%
- \noindent$^{\the@inst}$\enspace\ignorespaces}%
- \setbox0=\vbox{\def\thanks##1{}\@institute}%
- \ifnum\c@@inst=1\relax
- \gdef\fnnstart{0}%
- \else
- \xdef\fnnstart{\c@@inst}%
- \setcounter{@inst}{1}%
- \noindent$^{\the@inst}$\enspace
- \fi
- \ignorespaces
- \@institute\par
- \endgroup}
-
-\def\@fnsymbol#1{\ensuremath{\ifcase#1\or\star\or{\star\star}\or
- {\star\star\star}\or \dagger\or \ddagger\or
- \mathchar "278\or \mathchar "27B\or \|\or **\or \dagger\dagger
- \or \ddagger\ddagger \else\@ctrerr\fi}}
-
-\def\inst#1{\unskip$^{#1}$}
-\def\fnmsep{\unskip$^,$}
-\def\email#1{{\tt#1}}
-\AtBeginDocument{\@ifundefined{url}{\def\url#1{#1}}{}%
-\@ifpackageloaded{babel}{%
-\@ifundefined{extrasenglish}{}{\addto\extrasenglish{\switcht@albion}}%
-\@ifundefined{extrasfrenchb}{}{\addto\extrasfrenchb{\switcht@francais}}%
-\@ifundefined{extrasgerman}{}{\addto\extrasgerman{\switcht@deutsch}}%
-}{\switcht@@therlang}%
-}
-\def\homedir{\~{ }}
-
-\def\subtitle#1{\gdef\@subtitle{#1}}
-\clearheadinfo
-%
-\renewcommand\maketitle{\newpage
- \refstepcounter{chapter}%
- \stepcounter{section}%
- \setcounter{section}{0}%
- \setcounter{subsection}{0}%
- \setcounter{figure}{0}
- \setcounter{table}{0}
- \setcounter{equation}{0}
- \setcounter{footnote}{0}%
- \begingroup
- \parindent=\z@
- \renewcommand\thefootnote{\@fnsymbol\c@footnote}%
- \if@twocolumn
- \ifnum \col@number=\@ne
- \@maketitle
- \else
- \twocolumn[\@maketitle]%
- \fi
- \else
- \newpage
- \global\@topnum\z@ % Prevents figures from going at top of page.
- \@maketitle
- \fi
- \thispagestyle{empty}\@thanks
-%
- \def\\{\unskip\ \ignorespaces}\def\inst##1{\unskip{}}%
- \def\thanks##1{\unskip{}}\def\fnmsep{\unskip}%
- \instindent=\hsize
- \advance\instindent by-\headlineindent
- \if!\the\toctitle!\addcontentsline{toc}{title}{\@title}\else
- \addcontentsline{toc}{title}{\the\toctitle}\fi
- \if@runhead
- \if!\the\titlerunning!\else
- \edef\@title{\the\titlerunning}%
- \fi
- \global\setbox\titrun=\hbox{\small\rm\unboldmath\ignorespaces\@title}%
- \ifdim\wd\titrun>\instindent
- \typeout{Title too long for running head. Please supply}%
- \typeout{a shorter form with \string\titlerunning\space prior to
- \string\maketitle}%
- \global\setbox\titrun=\hbox{\small\rm
- Title Suppressed Due to Excessive Length}%
- \fi
- \xdef\@title{\copy\titrun}%
- \fi
-%
- \if!\the\tocauthor!\relax
- {\def\and{\noexpand\protect\noexpand\and}%
- \protected@xdef\toc@uthor{\@author}}%
- \else
- \def\\{\noexpand\protect\noexpand\newline}%
- \protected@xdef\scratch{\the\tocauthor}%
- \protected@xdef\toc@uthor{\scratch}%
- \fi
- \addtocontents{toc}{\noexpand\protect\noexpand\authcount{\the\c@auco}}%
- \addcontentsline{toc}{author}{\toc@uthor}%
- \if@runhead
- \if!\the\authorrunning!
- \value{@inst}=\value{@auth}%
- \setcounter{@auth}{1}%
- \else
- \edef\@author{\the\authorrunning}%
- \fi
- \global\setbox\authrun=\hbox{\small\unboldmath\@author\unskip}%
- \ifdim\wd\authrun>\instindent
- \typeout{Names of authors too long for running head. Please supply}%
- \typeout{a shorter form with \string\authorrunning\space prior to
- \string\maketitle}%
- \global\setbox\authrun=\hbox{\small\rm
- Authors Suppressed Due to Excessive Length}%
- \fi
- \xdef\@author{\copy\authrun}%
- \markboth{\@author}{\@title}%
- \fi
- \endgroup
- \setcounter{footnote}{\fnnstart}%
- \clearheadinfo}
-%
-\def\@maketitle{\newpage
- \markboth{}{}%
- \def\lastand{\ifnum\value{@inst}=2\relax
- \unskip{} \andname\
- \else
- \unskip \lastandname\
- \fi}%
- \def\and{\stepcounter{@auth}\relax
- \ifnum\value{@auth}=\value{@inst}%
- \lastand
- \else
- \unskip,
- \fi}%
- \begin{center}%
- \let\newline\\
- {\Large \bfseries\boldmath
- \pretolerance=10000
- \@title \par}\vskip .8cm
-\if!\@subtitle!\else {\large \bfseries\boldmath
- \vskip -.65cm
- \pretolerance=10000
- \@subtitle \par}\vskip .8cm\fi
- \setbox0=\vbox{\setcounter{@auth}{1}\def\and{\stepcounter{@auth}}%
- \def\thanks##1{}\@author}%
- \global\value{@inst}=\value{@auth}%
- \global\value{auco}=\value{@auth}%
- \setcounter{@auth}{1}%
-{\lineskip .5em
-\noindent\ignorespaces
-\@author\vskip.35cm}
- {\small\institutename}
- \end{center}%
- }
-
-% definition of the "\spnewtheorem" command.
-%
-% Usage:
-%
-% \spnewtheorem{env_nam}{caption}[within]{cap_font}{body_font}
-% or \spnewtheorem{env_nam}[numbered_like]{caption}{cap_font}{body_font}
-% or \spnewtheorem*{env_nam}{caption}{cap_font}{body_font}
-%
-% New is "cap_font" and "body_font". It stands for
-% fontdefinition of the caption and the text itself.
-%
-% "\spnewtheorem*" gives a theorem without number.
-%
-% A defined spnewthoerem environment is used as described
-% by Lamport.
-%
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-\def\@thmcountersep{}
-\def\@thmcounterend{.}
-
-\def\spnewtheorem{\@ifstar{\@sthm}{\@Sthm}}
-
-% definition of \spnewtheorem with number
-
-\def\@spnthm#1#2{%
- \@ifnextchar[{\@spxnthm{#1}{#2}}{\@spynthm{#1}{#2}}}
-\def\@Sthm#1{\@ifnextchar[{\@spothm{#1}}{\@spnthm{#1}}}
-
-\def\@spxnthm#1#2[#3]#4#5{\expandafter\@ifdefinable\csname #1\endcsname
- {\@definecounter{#1}\@addtoreset{#1}{#3}%
- \expandafter\xdef\csname the#1\endcsname{\expandafter\noexpand
- \csname the#3\endcsname \noexpand\@thmcountersep \@thmcounter{#1}}%
- \expandafter\xdef\csname #1name\endcsname{#2}%
- \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#4}{#5}}%
- \global\@namedef{end#1}{\@endtheorem}}}
-
-\def\@spynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname
- {\@definecounter{#1}%
- \expandafter\xdef\csname the#1\endcsname{\@thmcounter{#1}}%
- \expandafter\xdef\csname #1name\endcsname{#2}%
- \global\@namedef{#1}{\@spthm{#1}{\csname #1name\endcsname}{#3}{#4}}%
- \global\@namedef{end#1}{\@endtheorem}}}
-
-\def\@spothm#1[#2]#3#4#5{%
- \@ifundefined{c@#2}{\@latexerr{No theorem environment `#2' defined}\@eha}%
- {\expandafter\@ifdefinable\csname #1\endcsname
- {\global\@namedef{the#1}{\@nameuse{the#2}}%
- \expandafter\xdef\csname #1name\endcsname{#3}%
- \global\@namedef{#1}{\@spthm{#2}{\csname #1name\endcsname}{#4}{#5}}%
- \global\@namedef{end#1}{\@endtheorem}}}}
-
-\def\@spthm#1#2#3#4{\topsep 7\p@ \@plus2\p@ \@minus4\p@
-\refstepcounter{#1}%
-\@ifnextchar[{\@spythm{#1}{#2}{#3}{#4}}{\@spxthm{#1}{#2}{#3}{#4}}}
-
-\def\@spxthm#1#2#3#4{\@spbegintheorem{#2}{\csname the#1\endcsname}{#3}{#4}%
- \ignorespaces}
-
-\def\@spythm#1#2#3#4[#5]{\@spopargbegintheorem{#2}{\csname
- the#1\endcsname}{#5}{#3}{#4}\ignorespaces}
-
-\def\@spbegintheorem#1#2#3#4{\trivlist
- \item[\hskip\labelsep{#3#1\ #2\@thmcounterend}]#4}
-
-\def\@spopargbegintheorem#1#2#3#4#5{\trivlist
- \item[\hskip\labelsep{#4#1\ #2}]{#4(#3)\@thmcounterend\ }#5}
-
-% definition of \spnewtheorem* without number
-
-\def\@sthm#1#2{\@Ynthm{#1}{#2}}
-
-\def\@Ynthm#1#2#3#4{\expandafter\@ifdefinable\csname #1\endcsname
- {\global\@namedef{#1}{\@Thm{\csname #1name\endcsname}{#3}{#4}}%
- \expandafter\xdef\csname #1name\endcsname{#2}%
- \global\@namedef{end#1}{\@endtheorem}}}
-
-\def\@Thm#1#2#3{\topsep 7\p@ \@plus2\p@ \@minus4\p@
-\@ifnextchar[{\@Ythm{#1}{#2}{#3}}{\@Xthm{#1}{#2}{#3}}}
-
-\def\@Xthm#1#2#3{\@Begintheorem{#1}{#2}{#3}\ignorespaces}
-
-\def\@Ythm#1#2#3[#4]{\@Opargbegintheorem{#1}
- {#4}{#2}{#3}\ignorespaces}
-
-\def\@Begintheorem#1#2#3{#3\trivlist
- \item[\hskip\labelsep{#2#1\@thmcounterend}]}
-
-\def\@Opargbegintheorem#1#2#3#4{#4\trivlist
- \item[\hskip\labelsep{#3#1}]{#3(#2)\@thmcounterend\ }}
-
-\if@envcntsect
- \def\@thmcountersep{.}
- \spnewtheorem{theorem}{Theorem}[section]{\bfseries}{\itshape}
-\else
- \spnewtheorem{theorem}{Theorem}{\bfseries}{\itshape}
- \if@envcntreset
- \@addtoreset{theorem}{section}
- \else
- \@addtoreset{theorem}{chapter}
- \fi
-\fi
-
-%definition of divers theorem environments
-\spnewtheorem*{claim}{Claim}{\itshape}{\rmfamily}
-\spnewtheorem*{proof}{Proof}{\itshape}{\rmfamily}
-\if@envcntsame % alle Umgebungen wie Theorem.
- \def\spn@wtheorem#1#2#3#4{\@spothm{#1}[theorem]{#2}{#3}{#4}}
-\else % alle Umgebungen mit eigenem Zaehler
- \if@envcntsect % mit section numeriert
- \def\spn@wtheorem#1#2#3#4{\@spxnthm{#1}{#2}[section]{#3}{#4}}
- \else % nicht mit section numeriert
- \if@envcntreset
- \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4}
- \@addtoreset{#1}{section}}
- \else
- \def\spn@wtheorem#1#2#3#4{\@spynthm{#1}{#2}{#3}{#4}
- \@addtoreset{#1}{chapter}}%
- \fi
- \fi
-\fi
-\spn@wtheorem{case}{Case}{\itshape}{\rmfamily}
-\spn@wtheorem{conjecture}{Conjecture}{\itshape}{\rmfamily}
-\spn@wtheorem{corollary}{Corollary}{\bfseries}{\itshape}
-\spn@wtheorem{definition}{Definition}{\bfseries}{\itshape}
-\spn@wtheorem{example}{Example}{\itshape}{\rmfamily}
-\spn@wtheorem{exercise}{Exercise}{\itshape}{\rmfamily}
-\spn@wtheorem{lemma}{Lemma}{\bfseries}{\itshape}
-\spn@wtheorem{note}{Note}{\itshape}{\rmfamily}
-\spn@wtheorem{problem}{Problem}{\itshape}{\rmfamily}
-\spn@wtheorem{property}{Property}{\itshape}{\rmfamily}
-\spn@wtheorem{proposition}{Proposition}{\bfseries}{\itshape}
-\spn@wtheorem{question}{Question}{\itshape}{\rmfamily}
-\spn@wtheorem{solution}{Solution}{\itshape}{\rmfamily}
-\spn@wtheorem{remark}{Remark}{\itshape}{\rmfamily}
-
-\def\@takefromreset#1#2{%
- \def\@tempa{#1}%
- \let\@tempd\@elt
- \def\@elt##1{%
- \def\@tempb{##1}%
- \ifx\@tempa\@tempb\else
- \@addtoreset{##1}{#2}%
- \fi}%
- \expandafter\expandafter\let\expandafter\@tempc\csname cl@#2\endcsname
- \expandafter\def\csname cl@#2\endcsname{}%
- \@tempc
- \let\@elt\@tempd}
-
-\def\theopargself{\def\@spopargbegintheorem##1##2##3##4##5{\trivlist
- \item[\hskip\labelsep{##4##1\ ##2}]{##4##3\@thmcounterend\ }##5}
- \def\@Opargbegintheorem##1##2##3##4{##4\trivlist
- \item[\hskip\labelsep{##3##1}]{##3##2\@thmcounterend\ }}
- }
-
-\renewenvironment{abstract}{%
- \list{}{\advance\topsep by0.35cm\relax\small
- \leftmargin=1cm
- \labelwidth=\z@
- \listparindent=\z@
- \itemindent\listparindent
- \rightmargin\leftmargin}\item[\hskip\labelsep
- \bfseries\abstractname]}
- {\endlist}
-
-\newdimen\headlineindent % dimension for space between
-\headlineindent=1.166cm % number and text of headings.
-
-\def\ps@headings{\let\@mkboth\@gobbletwo
- \let\@oddfoot\@empty\let\@evenfoot\@empty
- \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}%
- \leftmark\hfil}
- \def\@oddhead{\normalfont\small\hfil\rightmark\hspace{\headlineindent}%
- \llap{\thepage}}
- \def\chaptermark##1{}%
- \def\sectionmark##1{}%
- \def\subsectionmark##1{}}
-
-\def\ps@titlepage{\let\@mkboth\@gobbletwo
- \let\@oddfoot\@empty\let\@evenfoot\@empty
- \def\@evenhead{\normalfont\small\rlap{\thepage}\hspace{\headlineindent}%
- \hfil}
- \def\@oddhead{\normalfont\small\hfil\hspace{\headlineindent}%
- \llap{\thepage}}
- \def\chaptermark##1{}%
- \def\sectionmark##1{}%
- \def\subsectionmark##1{}}
-
-\if@runhead\ps@headings\else
-\ps@empty\fi
-
-\setlength\arraycolsep{1.4\p@}
-\setlength\tabcolsep{1.4\p@}
-
-\endinput
-%end of file llncs.cls
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/latex/words.eps
----------------------------------------------------------------------
diff --git a/docs/latex/words.eps b/docs/latex/words.eps
deleted file mode 100644
index 6651c4b..0000000
--- a/docs/latex/words.eps
+++ /dev/null
@@ -1,469 +0,0 @@
-%!PS-Adobe-2.0 EPSF-2.0
-%%Title: C:\Users\Shamus\Pictures\words.dia
-%%Creator: Dia v0.97.2
-%%CreationDate: Tue Jul 29 11:17:31 2014
-%%For: Shamus
-%%Orientation: Portrait
-%%Magnification: 1.0000
-%%BoundingBox: 0 0 966 249
-%%BeginSetup
-%%EndSetup
-%%EndComments
-%%BeginProlog
-[ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright
-/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one
-/two /three /four /five /six /seven /eight /nine /colon /semicolon
-/less /equal /greater /question /at /A /B /C /D /E
-/F /G /H /I /J /K /L /M /N /O
-/P /Q /R /S /T /U /V /W /X /Y
-/Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c
-/d /e /f /g /h /i /j /k /l /m
-/n /o /p /q /r /s /t /u /v /w
-/x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
-/space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright
-/ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior
-/acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf
-/threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla
-/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde
-/Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex
-/Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring
-/ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis
-/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave
-/uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def
-/cp {closepath} bind def
-/c {curveto} bind def
-/f {fill} bind def
-/a {arc} bind def
-/ef {eofill} bind def
-/ex {exch} bind def
-/gr {grestore} bind def
-/gs {gsave} bind def
-/sa {save} bind def
-/rs {restore} bind def
-/l {lineto} bind def
-/m {moveto} bind def
-/rm {rmoveto} bind def
-/n {newpath} bind def
-/s {stroke} bind def
-/sh {show} bind def
-/slc {setlinecap} bind def
-/slj {setlinejoin} bind def
-/slw {setlinewidth} bind def
-/srgb {setrgbcolor} bind def
-/rot {rotate} bind def
-/sc {scale} bind def
-/sd {setdash} bind def
-/ff {findfont} bind def
-/sf {setfont} bind def
-/scf {scalefont} bind def
-/sw {stringwidth pop} bind def
-/tr {translate} bind def
-
-/ellipsedict 8 dict def
-ellipsedict /mtrx matrix put
-/ellipse
-{ ellipsedict begin
- /endangle exch def
- /startangle exch def
- /yrad exch def
- /xrad exch def
- /y exch def
- /x exch def /savematrix mtrx currentmatrix def
- x y tr xrad yrad sc
- 0 0 1 startangle endangle arc
- savematrix setmatrix
- end
-} def
-
-/mergeprocs {
-dup length
-3 -1 roll
-dup
-length
-dup
-5 1 roll
-3 -1 roll
-add
-array cvx
-dup
-3 -1 roll
-0 exch
-putinterval
-dup
-4 2 roll
-putinterval
-} bind def
-/Times-Roman-latin1
- /Times-Roman findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Times-Italic-latin1
- /Times-Italic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Times-Bold-latin1
- /Times-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Times-BoldItalic-latin1
- /Times-BoldItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-Gothic-latin1
- /AvantGarde-Gothic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-BookOblique-latin1
- /AvantGarde-BookOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-Demi-latin1
- /AvantGarde-Demi findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/AvantGarde-DemiOblique-latin1
- /AvantGarde-DemiOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-Light-latin1
- /Bookman-Light findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-LightItalic-latin1
- /Bookman-LightItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-Demi-latin1
- /Bookman-Demi findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Bookman-DemiItalic-latin1
- /Bookman-DemiItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-latin1
- /Courier findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-Oblique-latin1
- /Courier-Oblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-Bold-latin1
- /Courier-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Courier-BoldOblique-latin1
- /Courier-BoldOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-latin1
- /Helvetica findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Oblique-latin1
- /Helvetica-Oblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Bold-latin1
- /Helvetica-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-BoldOblique-latin1
- /Helvetica-BoldOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-latin1
- /Helvetica-Narrow findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-Oblique-latin1
- /Helvetica-Narrow-Oblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-Bold-latin1
- /Helvetica-Narrow-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Helvetica-Narrow-BoldOblique-latin1
- /Helvetica-Narrow-BoldOblique findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-Roman-latin1
- /NewCenturySchlbk-Roman findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-Italic-latin1
- /NewCenturySchlbk-Italic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-Bold-latin1
- /NewCenturySchlbk-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/NewCenturySchlbk-BoldItalic-latin1
- /NewCenturySchlbk-BoldItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-Roman-latin1
- /Palatino-Roman findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-Italic-latin1
- /Palatino-Italic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-Bold-latin1
- /Palatino-Bold findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Palatino-BoldItalic-latin1
- /Palatino-BoldItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/Symbol-latin1
- /Symbol findfont
-definefont pop
-/ZapfChancery-MediumItalic-latin1
- /ZapfChancery-MediumItalic findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-/ZapfDingbats-latin1
- /ZapfDingbats findfont
- dup length dict begin
- {1 index /FID ne {def} {pop pop} ifelse} forall
- /Encoding isolatin1encoding def
- currentdict end
-definefont pop
-28.346000 -28.346000 scale
--4.000000 2.867500 translate
-%%EndProlog
-
-
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-0.000000 0.000000 0.000000 srgb
-n 5.000000 -10.000000 m 5.000000 -7.000000 l 14.000000 -7.000000 l 14.000000 -10.000000 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 8.000000 -10.000000 m 8.000000 -7.000000 l s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-n 15.000000 -10.000000 m 15.000000 -7.000000 l 24.000000 -7.000000 l 24.000000 -10.000000 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 16.000000 -10.000000 m 16.000000 -7.000000 l s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slj
-n 29.000000 -10.000000 m 29.000000 -7.000000 l 38.000000 -7.000000 l 38.000000 -10.000000 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 30.000000 -10.000000 m 30.000000 -7.000000 l s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 11.000000 -10.000000 m 11.000000 -7.000000 l s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 6.000000 -10.000000 m 6.000000 -7.000000 l s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 18.000000 -10.000000 m 18.000000 -7.000000 l s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 32.000000 -10.000000 m 32.000000 -7.000000 l s
-/Helvetica-latin1 ff 0.560000 scf sf
-(Sign bit) 4.000000 -3.120000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 5.000000 -4.000000 m 5.000000 -5.513197 l s
-[] 0 sd
-0 slj
-0 slc
-n 5.000000 -5.888197 m 5.250000 -5.388197 l 5.000000 -5.513197 l 4.750000 -5.388197 l ef
-n 5.000000 -5.888197 m 5.250000 -5.388197 l 5.000000 -5.513197 l 4.750000 -5.388197 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(Field Excess) 8.000000 -3.120000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 9.000000 -4.000000 m 9.000000 -5.513197 l s
-[] 0 sd
-0 slj
-0 slc
-n 9.000000 -5.888197 m 9.250000 -5.388197 l 9.000000 -5.513197 l 8.750000 -5.388197 l ef
-n 9.000000 -5.888197 m 9.250000 -5.388197 l 9.000000 -5.513197 l 8.750000 -5.388197 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(Word Excess) 15.000000 -3.120000 m
- gs 1 -1 sc sh gr
-/Helvetica-latin1 ff 0.560000 scf sf
-(Word Excess) 29.000000 -3.120000 m
- gs 1 -1 sc sh gr
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 17.000000 -4.000000 m 17.000000 -5.513197 l s
-[] 0 sd
-0 slj
-0 slc
-n 17.000000 -5.888197 m 17.250000 -5.388197 l 17.000000 -5.513197 l 16.750000 -5.388197 l ef
-n 17.000000 -5.888197 m 17.250000 -5.388197 l 17.000000 -5.513197 l 16.750000 -5.388197 l cp s
-0.100000 slw
-[] 0 sd
-[] 0 sd
-0 slc
-n 31.000000 -4.000000 m 31.000000 -5.513197 l s
-[] 0 sd
-0 slj
-0 slc
-n 31.000000 -5.888197 m 31.250000 -5.388197 l 31.000000 -5.513197 l 30.750000 -5.388197 l ef
-n 31.000000 -5.888197 m 31.250000 -5.388197 l 31.000000 -5.513197 l 30.750000 -5.388197 l cp s
-/Helvetica-latin1 ff 0.560000 scf sf
-(Base Bits) 20.000000 -8.120000 m
- gs 1 -1 sc sh gr
-/Helvetica-latin1 ff 0.560000 scf sf
-(Base Bits) 34.000000 -8.120000 m
- gs 1 -1 sc sh gr
-/Helvetica-latin1 ff 0.560000 scf sf
-(Top Bits) 11.000000 -8.120000 m
- gs 1 -1 sc sh gr
-/Helvetica-latin1 ff 0.560000 scf sf
-(..........) 26.000000 -7.120000 m
- gs 1 -1 sc sh gr
-/Helvetica-latin1 ff 0.560000 scf sf
-(Most Significant Word) 7.000000 -11.120000 m
- gs 1 -1 sc sh gr
-/Helvetica-latin1 ff 0.560000 scf sf
-(Least Significant Word) 30.000000 -11.120000 m
- gs 1 -1 sc sh gr
-showpage
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/ecgen.cpp
----------------------------------------------------------------------
diff --git a/ecgen.cpp b/ecgen.cpp
deleted file mode 100755
index 7a41452..0000000
--- a/ecgen.cpp
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* BNGEN - Helper MIRACL program to generate constants for EC curves
-
-(MINGW build)
-
-g++ -O3 ecgen.cpp big.cpp miracl.a -o ecgen.exe
-
-
-*/
-
-#include <iostream>
-#include "big.h"
-#include "zzn2.h"
-#include "ecn2.h"
-
-using namespace std;
-
-Miracl precision(20,0);
-
-Big output(int d,int w,Big t,Big m)
-{
- Big last,y=t;
-
- if (d!=2) cout << "{";
- else cout << "[";
- for (int i=0;i<w;i++)
- {
- last=y%m;
- cout << "0x" << last;
- y/=m;
- if ((y==0 && d==0) || i==w-1) break;
- if (d==3) cout << "L,";
- else cout << ",";
- }
- if (d!=2)
- {
- if (d==3) cout << "L}";
- else cout << "}";
- }
- else cout << "]";
- return last;
-}
-
-#define NOT_SPECIAL 0
-#define PSEUDO_MERSENNE 1
-#define MONTGOMERY_FRIENDLY 3
-
-#define WEIERSTRASS 0
-#define EDWARDS 1
-#define MONTGOMERY 2
-
-/*** Set Modulus and Curve Type Here ***/
-
-#define MODTYPE PSEUDO_MERSENNE
-#define CURVETYPE EDWARDS
-
-int main()
-{
- miracl *mip=&precision;
- Big p,q,R,B;
- Big m,x,y,w,t,c,n,r,a,b,gx,gy,D,C,MC;
- int i,A;
- int CHUNK[4]={16,32,64,32};
- int WORDS[4]={20,9,5,11};//{20,9,5};
- int BITS[4]={13,29,56,24};//{13,29,56};
-
-// *** Set prime Modulus, curve order, B parameter of curve and generator point
-/*
-// This is for ED25519
- p=pow((Big)2,255)-19; // or whatever
- r=pow((Big)2,252)+"27742317777372353535851937790883648493"; // or whatever
- B=p-moddiv((Big)121665,(Big)121666,p); // or whatever
- gy=moddiv((Big)4,(Big)5,p); // Set generator point (x,y)
- gx=moddiv((gy*gy-1)%p,(B*gy*gy+1)%p,p);
- gx=p-sqrt(gx,p);
- mip->IOBASE=16;
-*/
-
-// This is for NIST256 curve
-// mip->IOBASE=10;
-// p="115792089210356248762697446949407573530086143415290314195533631308867097853951";
-// r="115792089210356248762697446949407573529996955224135760342422259061068512044369";
-// mip->IOBASE=16;
-// B="5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b";
-// gx="6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296";
-// gy="4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5";
-/*
-
-// This is for w-254-mont Curve
-
- p=pow((Big)2,240)*(pow((Big)2,14)-127)-1;
- mip->IOBASE=16;
- r=p+1-"147E7415F25C8A3F905BE63B507207C1";
- B=p-12146;
- gx="2";
- gy="140E3FD33B2E56014AE15A75BD778AEBDFB738E3F8511931AD65DF37F90D4EBC";
-
-// ed-254-mont Curve
- p=pow((Big)2,240)*(pow((Big)2,14)-127)-1;
- mip->IOBASE=16;
- r=(p+1-"51AB3E4DD0A7413C5430B004EE459CE4")/4;
- B=13947;
- gx="1";
- gy="19F0E690D6A4C335951D00D502363F4E36329A840E3212187C52D0FDAF2701E5";
-
-// w-255-mers Curve
- p=pow((Big)2,255)-765;
- mip->IOBASE=16;
- r=p+1-"79B5C7D7C52D4C2054705367C3A6B219";
- B=p-20925;
- gx="1";
- gy="6F7A6AC0EDBA7833921EBFF9B2FF7D177DB6C78CDDFDA60D1733FF6769CB44BA";
-
-// ed-255-mers Curve
- p=pow((Big)2,255)-765;
- mip->IOBASE=16;
- r=(p+1-"8C3961E84965F3454ED8B84BEF244F30")/4;
- B=60055;
- gx="4";
- gy="26CB78534A7BB545EC254CDD8E0C47E552914B8AED445A45BA2A255BD08736A0";
-
-// Brainpool 256-bit curve
- mip->IOBASE=16;
- p="A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377";
- r="A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7";
- B="662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04";
- gx="A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4";
- gy="2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE";
-
-// ANSSI (French) curve
- mip->IOBASE=16;
- p="f1fd178c0b3ad58f10126de8ce42435b3961adbcabc8ca6de8fcf353d86e9c03";
- r="F1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1";
- B="EE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F";
- gx="B6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF";
- gy="6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB";
-*/
- p=pow((Big)2,255)-765;
- mip->IOBASE=16;
- r=(p+1-"8C3961E84965F3454ED8B84BEF244F30")/4;
- B=60055;
- gx="4";
- gy="26CB78534A7BB545EC254CDD8E0C47E552914B8AED445A45BA2A255BD08736A0";
-
-
-#if MODTYPE==PSEUDO_MERSENNE
- C=765; // p=2^n - C, where C is very small
-#endif
-#if CURVETYPE==WEIERSTRASS
- A=-3; // or 0
-#endif
-#if CURVETYPE==EDWARDS
- A=-1; // or +1
-#endif
-#if CURVETYPE==MONTGOMERY
- A=-55790;
-#endif
-
- cout << "/* AMCL - ROM C file for EC curves */" << endl << endl;
-
- cout << "#define MBITS " << bits(p) << endl;
- cout << "#define MOD8 " << p%8 << endl;
- cout << endl;
- cout << "const int CURVE_A=" << A << ";" << endl;
- for (i=0;i<3;i++)
- {
- cout << "#if CHUNK==" << CHUNK[i] << endl << endl;
- m=pow((Big)2,BITS[i]);
-
- cout << "const BIG Modulus="; MC=output(0,WORDS[i],p,m); cout << ";" << endl;
-
-#if MODTYPE==NOT_SPECIAL
- cout << "const chunk MConst=0x" << inverse(m-p%m,m) << ";" << endl;
-#endif
-#if MODTYPE==MONTGOMERY_FRIENDLY
- cout << "const chunk MConst=0x" << MC+1 << ";" << endl;
-#endif
-#if MODTYPE==PSEUDO_MERSENNE
- cout << "const chunk MConst=0x" << C << ";" << endl;
-#endif
-
-#if MODTYPE!=PSEUDO_MERSENNE
- R=pow((Big)2,WORDS[i]*BITS[i]);
-// cout << "const BIG Monty=";output(0,WORDS[i],inverse(R,p),m); cout << ";" << endl;
-#endif
-
- cout << "const BIG CURVE_Order="; output(0,WORDS[i],r,m); cout << ";" << endl;
- cout << "const BIG CURVE_B="; output(0,WORDS[i],B,m); cout << ";" << endl;
-
- cout << "const BIG CURVE_Gx="; output(0,WORDS[i],gx,m); cout << ";" << endl;
- cout << "const BIG CURVE_Gy="; output(0,WORDS[i],gy,m); cout << ";" << endl;
-
- cout << "#endif" << endl << endl;
-
- }
-
- cout << endl;
- cout << "Cut here -----------------------------------------------------------" << endl;
- cout << "/* AMCL - ROM Java file for 32-bit VM for EC curve */" << endl << endl;
-
- cout << "public static final int MODBITS= " << bits(p) << ";" << endl;
- cout << "public static final int MOD8= " << p%8 << ";" << endl;
- cout << endl;
- cout << "public static final int MODTYPE= " << MODTYPE << ";" << endl;
- m=pow((Big)2,BITS[1]);
-
-
- cout << "public static final int[] Modulus= "; MC=output(1,WORDS[1],p,m); cout << ";" << endl;
- R=pow((Big)2,WORDS[1]*BITS[1]);
-
-
-#if MODTYPE==NOT_SPECIAL
- cout << "public static final int MConst=0x" << inverse(m-p%m,m) << ";" << endl;
-#endif
-#if MODTYPE==MONTGOMERY_FRIENDLY
- cout << "public static final int MConst=0x" << MC+1 << ";" << endl;
-#endif
-#if MODTYPE==PSEUDO_MERSENNE
- cout << "public static final int MConst=0x" << C << ";" << endl;
-#endif
-
-#if MODTYPE!=PSEUDO_MERSENNE
-// cout << "public static final int[] Monty=";output(1,WORDS[1],inverse(R,p),m); cout << ";" << endl;
-#endif
-
- cout << endl;
- cout << "public static final int CURVETYPE= " << CURVETYPE << ";" << endl;
-
-
- cout << "public static final int CURVE_A = " << A << ";" << endl;
- cout << "public static final int[] CURVE_B = "; output(1,WORDS[1],B,m); cout << ";" << endl;
-
- cout << "public static final int[] CURVE_Order="; output(1,WORDS[1],r,m); cout << ";" << endl;
-
- cout << "public static final int[] CURVE_Gx ="; output(1,WORDS[1],gx,m); cout << ";" << endl;
- cout << "public static final int[] CURVE_Gy ="; output(1,WORDS[1],gy,m); cout << ";" << endl;
-
-
-
- cout << endl;
- cout << "Cut here -----------------------------------------------------------" << endl;
- cout << "/* AMCL - ROM Java file for 64-bit VM for EC curve */" << endl << endl;
-
- cout << "public static final int MODBITS= " << bits(p) << ";" << endl;
- cout << "public static final int MOD8= " << p%8 << ";" << endl;
- cout << endl;
- cout << "public static final int MODTYPE= " << MODTYPE << ";" << endl;
- m=pow((Big)2,BITS[2]);
-
-
- cout << "public static final long[] Modulus= "; MC=output(3,WORDS[2],p,m); cout << ";" << endl;
- R=pow((Big)2,WORDS[2]*BITS[2]);
-
-
-#if MODTYPE==NOT_SPECIAL
- cout << "public static final long MConst=0x" << inverse(m-p%m,m) << "L;" << endl;
-#endif
-#if MODTYPE==MONTGOMERY_FRIENDLY
- cout << "public static final long MConst=0x" << MC+1 << "L;" << endl;
-#endif
-#if MODTYPE==PSEUDO_MERSENNE
- cout << "public static final long MConst=0x" << C << "L;" << endl;
-#endif
-
-#if MODTYPE!=PSEUDO_MERSENNE
-// cout << "public static final long[] Monty=";output(3,WORDS[2],inverse(R,p),m); cout << ";" << endl;
-#endif
-
- cout << endl;
- cout << "public static final int CURVETYPE= " << CURVETYPE << ";" << endl;
-
-
- cout << "public static final int CURVE_A = " << A << ";" << endl;
- cout << "public static final long[] CURVE_B = "; output(3,WORDS[2],B,m); cout << ";" << endl;
-
- cout << "public static final long[] CURVE_Order="; output(3,WORDS[2],r,m); cout << ";" << endl;
-
- cout << "public static final long[] CURVE_Gx ="; output(3,WORDS[2],gx,m); cout << ";" << endl;
- cout << "public static final long[] CURVE_Gy ="; output(3,WORDS[2],gy,m); cout << ";" << endl;
-
-
-
-
- cout << endl;
- cout << "Cut here -----------------------------------------------------------" << endl;
- cout << "/* AMCL - ROM Javascript file for EC curve - Weierstrass Only */" << endl << endl;
-
- cout << "MODBITS: " << bits(p) << "," << endl;
- cout << "MOD8: " << p%8 << "," << endl;
- cout << endl;
- cout << "MODTYPE:" << MODTYPE << "," << endl;
- m=pow((Big)2,BITS[3]);
-
- cout << "Modulus: "; MC=output(2,WORDS[3],p,m); cout << "," << endl;
-
-#if MODTYPE==NOT_SPECIAL
- cout << "MConst:0x" << inverse(m-p%m,m) << "," << endl;
-#endif
-#if MODTYPE==MONTGOMERY_FRIENDLY
- cout << "MConst:0x" << MC+1 << "," << endl;
-#endif
-#if MODTYPE==PSEUDO_MERSENNE
- cout << "MConst:0x" << C << "," << endl;
-#endif
-
- R=pow((Big)2,WORDS[3]*BITS[3]);
-#if MODTYPE!=PSEUDO_MERSENNE
-// cout << "Monty:";output(2,WORDS[3],inverse(R,p),m); cout << "," << endl;
-#endif
-
- cout << endl;
- cout << "CURVETYPE:" << CURVETYPE << "," << endl;
-
- cout << "CURVE_A : " << A << "," << endl;
- cout << "CURVE_B : "; output(2,WORDS[3],B,m); cout << "," << endl;
-
- cout << "CURVE_Order:"; output(2,WORDS[3],r,m); cout << "," << endl;
-
- cout << "CURVE_Gx :"; output(2,WORDS[3],gx,m); cout << "," << endl;
- cout << "CURVE_Gy :"; output(2,WORDS[3],gy,m); cout << "," << endl;
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-cgo/README.txt
----------------------------------------------------------------------
diff --git a/go/amcl-cgo/README.txt b/go/amcl-cgo/README.txt
deleted file mode 100644
index 79b1cee..0000000
--- a/go/amcl-cgo/README.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-When the library is built with;
-
--D USE_ANONYMOUS=on
-
-then set
-
-const USE_ANONYMOUS = true
-
-in crypto_test.go
[23/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/AES.js
----------------------------------------------------------------------
diff --git a/js/AES.js b/js/AES.js
deleted file mode 100755
index 39f8aa6..0000000
--- a/js/AES.js
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-var AES = function() {
- this.mode=0;
- this.fkey=[];
- this.rkey=[];
- this.f=[];
-};
-
-AES.prototype={
-/* reset cipher */
- reset:function(m,iv)
- { /* reset mode, or reset iv */
- var i;
- this.mode=m;
- for (i=0;i<16;i++)
- this.f[i]=0;
- if (this.mode!=this.ECB && iv!==null)
- for (i=0;i<16;i++)
- this.f[i]=iv[i];
- },
-
- getreg:function()
- {
- var ir=[];
- for (var i=0;i<16;i++) ir[i]=this.f[i];
- return ir;
- },
-
-/* Initialise cipher */
- init: function(m,key,iv)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- var i,j,k,N,nk;
- var CipherKey= [];
- var b=[];
- nk=4;
- this.reset(m,iv);
- N=44;
-
- for (i=j=0;i<nk;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=key[j+k];
- CipherKey[i]=AES.pack(b);
- }
- for (i=0;i<nk;i++) this.fkey[i]=CipherKey[i];
- for (j=nk,k=0;j<N;j+=nk,k++)
- {
- this.fkey[j]=this.fkey[j-nk]^AES.SubByte(AES.ROTL24(this.fkey[j-1]))^(ROM.rco[k])&0xff;
- for (i=1;i<nk && (i+j)<N;i++)
- this.fkey[i+j]=this.fkey[i+j-nk]^this.fkey[i+j-1];
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0;j<4;j++) this.rkey[j+N-4]=this.fkey[j];
- for (i=4;i<N-4;i+=4)
- {
- k=N-4-i;
- for (j=0;j<4;j++) this.rkey[k+j]=AES.InvMixCol(this.fkey[i+j]);
- }
- for (j=N-4;j<N;j++) this.rkey[j-N+4]=this.fkey[j];
- },
-
-/* Encrypt a single block */
- ecb_encrypt: function(buff)
- {
- var i,j,k;
- var t;
- var b=[];
- var p=[];
- var q=[];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=AES.pack(b);
- p[i]^=this.fkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=this.fkey[k]^ROM.ftable[p[0]&0xff]^
- AES.ROTL8(ROM.ftable[(p[1]>>>8)&0xff])^
- AES.ROTL16(ROM.ftable[(p[2]>>>16)&0xff])^
- AES.ROTL24(ROM.ftable[(p[3]>>>24)&0xff]);
- q[1]=this.fkey[k+1]^ROM.ftable[p[1]&0xff]^
- AES.ROTL8(ROM.ftable[(p[2]>>>8)&0xff])^
- AES.ROTL16(ROM.ftable[(p[3]>>>16)&0xff])^
- AES.ROTL24(ROM.ftable[(p[0]>>>24)&0xff]);
- q[2]=this.fkey[k+2]^ROM.ftable[p[2]&0xff]^
- AES.ROTL8(ROM.ftable[(p[3]>>>8)&0xff])^
- AES.ROTL16(ROM.ftable[(p[0]>>>16)&0xff])^
- AES.ROTL24(ROM.ftable[(p[1]>>>24)&0xff]);
- q[3]=this.fkey[k+3]^ROM.ftable[p[3]&0xff]^
- AES.ROTL8(ROM.ftable[(p[0]>>>8)&0xff])^
- AES.ROTL16(ROM.ftable[(p[1]>>>16)&0xff])^
- AES.ROTL24(ROM.ftable[(p[2]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=this.fkey[k]^(ROM.fbsub[p[0]&0xff]&0xff)^
- AES.ROTL8(ROM.fbsub[(p[1]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.fbsub[(p[2]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.fbsub[(p[3]>>>24)&0xff]&0xff);
-
- q[1]=this.fkey[k+1]^(ROM.fbsub[p[1]&0xff]&0xff)^
- AES.ROTL8(ROM.fbsub[(p[2]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.fbsub[(p[3]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.fbsub[(p[0]>>>24)&0xff]&0xff);
-
- q[2]=this.fkey[k+2]^(ROM.fbsub[p[2]&0xff]&0xff)^
- AES.ROTL8(ROM.fbsub[(p[3]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.fbsub[(p[0]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.fbsub[(p[1]>>>24)&0xff]&0xff);
-
- q[3]=this.fkey[k+3]^(ROM.fbsub[(p[3])&0xff]&0xff)^
- AES.ROTL8(ROM.fbsub[(p[0]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.fbsub[(p[1]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.fbsub[(p[2]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=AES.unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
- },
-
-/* Decrypt a single block */
- ecb_decrypt: function(buff)
- {
- var i,j,k;
- var t;
- var b=[];
- var p=[];
- var q=[];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=AES.pack(b);
- p[i]^=this.rkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=this.rkey[k]^ROM.rtable[p[0]&0xff]^
- AES.ROTL8(ROM.rtable[(p[3]>>>8)&0xff])^
- AES.ROTL16(ROM.rtable[(p[2]>>>16)&0xff])^
- AES.ROTL24(ROM.rtable[(p[1]>>>24)&0xff]);
- q[1]=this.rkey[k+1]^ROM.rtable[p[1]&0xff]^
- AES.ROTL8(ROM.rtable[(p[0]>>>8)&0xff])^
- AES.ROTL16(ROM.rtable[(p[3]>>>16)&0xff])^
- AES.ROTL24(ROM.rtable[(p[2]>>>24)&0xff]);
- q[2]=this.rkey[k+2]^ROM.rtable[p[2]&0xff]^
- AES.ROTL8(ROM.rtable[(p[1]>>>8)&0xff])^
- AES.ROTL16(ROM.rtable[(p[0]>>>16)&0xff])^
- AES.ROTL24(ROM.rtable[(p[3]>>>24)&0xff]);
- q[3]=this.rkey[k+3]^ROM.rtable[p[3]&0xff]^
- AES.ROTL8(ROM.rtable[(p[2]>>>8)&0xff])^
- AES.ROTL16(ROM.rtable[(p[1]>>>16)&0xff])^
- AES.ROTL24(ROM.rtable[(p[0]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=this.rkey[k]^(ROM.rbsub[p[0]&0xff]&0xff)^
- AES.ROTL8(ROM.rbsub[(p[3]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.rbsub[(p[2]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.rbsub[(p[1]>>>24)&0xff]&0xff);
- q[1]=this.rkey[k+1]^(ROM.rbsub[p[1]&0xff]&0xff)^
- AES.ROTL8(ROM.rbsub[(p[0]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.rbsub[(p[3]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.rbsub[(p[2]>>>24)&0xff]&0xff);
- q[2]=this.rkey[k+2]^(ROM.rbsub[p[2]&0xff]&0xff)^
- AES.ROTL8(ROM.rbsub[(p[1]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.rbsub[(p[0]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.rbsub[(p[3]>>>24)&0xff]&0xff);
- q[3]=this.rkey[k+3]^(ROM.rbsub[p[3]&0xff]&0xff)^
- AES.ROTL8(ROM.rbsub[(p[2]>>>8)&0xff]&0xff)^
- AES.ROTL16(ROM.rbsub[(p[1]>>>16)&0xff]&0xff)^
- AES.ROTL24(ROM.rbsub[(p[0]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=AES.unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
-
- },
-
-/* Encrypt using selected mode of operation */
- encrypt: function(buff)
- {
- var j,bytes;
- var st=[];
- var fell_off;
-
-// Supported Modes of Operation
-
- fell_off=0;
-
- switch (this.mode)
- {
- case ROM.ECB:
- this.ecb_encrypt(buff);
- return 0;
- case ROM.CBC:
- for (j=0;j<16;j++) buff[j]^=this.f[j];
- this.ecb_encrypt(buff);
- for (j=0;j<16;j++) this.f[j]=buff[j];
- return 0;
-
- case ROM.CFB1:
- case ROM.CFB2:
- case ROM.CFB4:
- bytes=this.mode-ROM.CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|this.f[j];
- for (j=0;j<16;j++) st[j]=this.f[j];
- for (j=bytes;j<16;j++) this.f[j-bytes]=this.f[j];
- this.ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- buff[j]^=st[j];
- this.f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case ROM.OFB1:
- case ROM.OFB2:
- case ROM.OFB4:
- case ROM.OFB8:
- case ROM.OFB16:
-
- bytes=this.mode-ROM.OFB1+1;
- this.ecb_encrypt(this.f);
- for (j=0;j<bytes;j++) buff[j]^=this.f[j];
- return 0;
-
- default:
- return 0;
- }
- },
-
-/* Decrypt using selected mode of operation */
- decrypt: function(buff)
- {
- var j,bytes;
- var st=[];
- var fell_off;
-
- // Supported modes of operation
- fell_off=0;
- switch (this.mode)
- {
- case ROM.ECB:
- this.ecb_decrypt(buff);
- return 0;
- case ROM.CBC:
- for (j=0;j<16;j++)
- {
- st[j]=this.f[j];
- this.f[j]=buff[j];
- }
- this.ecb_decrypt(buff);
- for (j=0;j<16;j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case ROM.CFB1:
- case ROM.CFB2:
- case ROM.CFB4:
- bytes=this.mode-ROM.CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|this.f[j];
- for (j=0;j<16;j++) st[j]=this.f[j];
- for (j=bytes;j<16;j++) this.f[j-bytes]=this.f[j];
- this.ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- this.f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case ROM.OFB1:
- case ROM.OFB2:
- case ROM.OFB4:
- case ROM.OFB8:
- case ROM.OFB16:
- bytes=this.mode-ROM.OFB1+1;
- this.ecb_encrypt(this.f);
- for (j=0;j<bytes;j++) buff[j]^=this.f[j];
- return 0;
-
-
- default:
- return 0;
- }
- },
-
-/* Clean up and delete left-overs */
- end: function()
- { // clean up
- var i;
- for (i=0;i<44;i++)
- this.fkey[i]=this.rkey[i]=0;
- for (i=0;i<16;i++)
- this.f[i]=0;
- }
-
-};
-
-AES.ROTL8=function(x)
-{
- return (((x)<<8)|((x)>>>24));
-};
-
-AES.ROTL16=function(x)
-{
- return (((x)<<16)|((x)>>>16));
-};
-
-AES.ROTL24=function(x)
-{
- return (((x)<<24)|((x)>>>8));
-};
-
-AES.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff);
-};
-
-AES.unpack=function(a)
-{ /* unpack bytes from a word */
- var b=[];
- b[0]=(a&0xff);
- b[1]=((a>>>8)&0xff);
- b[2]=((a>>>16)&0xff);
- b[3]=((a>>>24)&0xff);
- return b;
-};
-
-AES.bmul=function(x,y)
-{ /* x.y= AntiLog(Log(x) + Log(y)) */
-
- var ix=(x&0xff);
- var iy=(y&0xff);
- var lx=(ROM.ltab[ix])&0xff;
- var ly=(ROM.ltab[iy])&0xff;
- if (x!==0 && y!==0) return ROM.ptab[(lx+ly)%255];
- else return 0;
-};
-
-// if (x && y)
-
-AES.SubByte=function(a)
-{
- var b=AES.unpack(a);
- b[0]=ROM.fbsub[b[0]&0xff];
- b[1]=ROM.fbsub[b[1]&0xff];
- b[2]=ROM.fbsub[b[2]&0xff];
- b[3]=ROM.fbsub[b[3]&0xff];
- return AES.pack(b);
-};
-
-AES.product=function(x,y)
-{ /* dot product of two 4-byte arrays */
- var xb=AES.unpack(x);
- var yb=AES.unpack(y);
- return (AES.bmul(xb[0],yb[0])^AES.bmul(xb[1],yb[1])^AES.bmul(xb[2],yb[2])^AES.bmul(xb[3],yb[3]))&0xff;
-};
-
-AES.InvMixCol=function(x)
-{ /* matrix Multiplication */
- var y,m;
- var b=[];
- m=AES.pack(ROM.InCo);
- b[3]=AES.product(m,x);
- m=AES.ROTL24(m);
- b[2]=AES.product(m,x);
- m=AES.ROTL24(m);
- b[1]=AES.product(m,x);
- m=AES.ROTL24(m);
- b[0]=AES.product(m,x);
- y=AES.pack(b);
- return y;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/BIG.js
----------------------------------------------------------------------
diff --git a/js/BIG.js b/js/BIG.js
deleted file mode 100755
index 4b34100..0000000
--- a/js/BIG.js
+++ /dev/null
@@ -1,953 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-/* General purpose Constructor */
-var BIG = function(x) {
- this.w=new Array(ROM.NLEN);
- switch (typeof(x))
- {
- case "object":
- this.copy(x);
- break;
- case "number":
- this.zero();
- this.w[0]=x;
- break;
- default:
- this.zero();
- }
-};
-
-BIG.prototype={
-/* set to zero */
- zero: function()
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]=0;
- return this;
- },
-/* set to one */
- one: function()
- {
- this.w[0]=1;
- for (var i=1;i<ROM.NLEN;i++) this.w[i]=0;
- return this;
- },
-
- get: function(i)
- {
- return this.w[i];
- },
-
- set: function(i,x)
- {
- this.w[i]=x;
- },
-/* test for zero */
- iszilch: function()
- {
- for (var i=0;i<ROM.NLEN;i++)
- if (this.w[i]!==0) return false;
- return true;
- },
-/* test for unity */
- isunity: function()
- {
- for (var i=1;i<ROM.NLEN;i++)
- if (this.w[i]!==0) return false;
- if (this.w[0]!=1) return false;
- return true;
- },
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- cswap: function(b,d)
- {
- var i;
- var t,c=d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- t=c&(this.w[i]^b.w[i]);
- this.w[i]^=t;
- b.w[i]^=t;
- }
- },
-
-/* Conditional move of big depending on d using XOR - no branches */
- cmove: function(b,d)
- {
- var i;
- var t,c=d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- this.w[i]^=(this.w[i]^b.w[i])&c;
- }
- },
-
-/* copy from another BIG */
- copy: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=y.w[i];
- return this;
- },
-/* copy from bottom half of DBIG */
- hcopy: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=y.w[i];
- return this;
- },
-/* copy from ROM */
- rcopy: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=y[i];
- return this;
- },
-
- xortop: function(x)
- {
- this.w[ROM.NLEN-1]^=x;
- },
-
- ortop: function(x)
- {
- this.w[ROM.NLEN-1]|=x;
- },
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- norm: function()
- {
- var d,carry=0;
- for (var i=0;i<ROM.NLEN-1;i++)
- {
- d=this.w[i]+carry;
- this.w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- this.w[ROM.NLEN-1]=(this.w[ROM.NLEN-1]+carry);
-
- return (this.w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS));
-
- },
-/* quick shift right by less than a word */
- fshr: function(k)
- {
- var r=this.w[0]&((1<<k)-1); /* shifted out part */
- for (var i=0;i<ROM.NLEN-1;i++)
- this.w[i]=(this.w[i]>>k)|((this.w[i+1]<<(ROM.BASEBITS-k))&ROM.MASK);
- this.w[ROM.NLEN-1]=this.w[ROM.NLEN-1]>>k;
- return r;
- },
-/* General shift right by k bits */
- shr: function(k)
- {
- var n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
- for (var i=0;i<ROM.NLEN-m-1;i++)
- this.w[i]=(this.w[m+i]>>n)|((this.w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- this.w[ROM.NLEN-m-1]=this.w[ROM.NLEN-1]>>n;
- for (i=ROM.NLEN-m;i<ROM.NLEN;i++) this.w[i]=0;
- return this;
- },
-/* quick shift left by less than a word */
- fshl: function(k)
- {
- this.w[ROM.NLEN-1]=((this.w[ROM.NLEN-1]<<k))|(this.w[ROM.NLEN-2]>>(ROM.BASEBITS-k));
- for (var i=ROM.NLEN-2;i>0;i--)
- this.w[i]=((this.w[i]<<k)&ROM.MASK)|(this.w[i-1]>>(ROM.BASEBITS-k));
- this.w[0]=(this.w[0]<<k)&ROM.MASK;
-
- return (this.w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in FF.java */
- },
-/* General shift left by k bits */
- shl: function(k)
- {
- var i,n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
-
- this.w[ROM.NLEN-1]=((this.w[ROM.NLEN-1-m]<<n))|(this.w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n));
- for (i=ROM.NLEN-2;i>m;i--)
- this.w[i]=((this.w[i-m]<<n)&ROM.MASK)|(this.w[i-m-1]>>(ROM.BASEBITS-n));
- this.w[m]=(this.w[0]<<n)&ROM.MASK;
- for (i=0;i<m;i++) this.w[i]=0;
- return this;
- },
-/* return length in bits */
- nbits: function()
- {
- var bts,k=ROM.NLEN-1;
- var c;
- this.norm();
- while (k>=0 && this.w[k]===0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=this.w[k];
- while (c!==0) {c=Math.floor(c/2); bts++;}
- return bts;
- },
-/* convert this to string */
- toString: function()
- {
- var b;
- var s="";
- var len=this.nbits();
- if (len%4===0) len=Math.floor(len/4);
- else {len=Math.floor(len/4); len++;}
- if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2;
- for (var i=len-1;i>=0;i--)
- {
- b=new BIG(0);
- b.copy(this);
- b.shr(i*4);
- s+=(b.w[0]&15).toString(16);
- }
- return s;
- },
-/* this+=y */
- add: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]+=y.w[i];
- return this;
- },
-/* return this+x */
- plus: function(x)
- {
- var s=new BIG(0);
- for (var i=0;i<ROM.NLEN;i++)
- s.w[i]=this.w[i]+x.w[i];
- return s;
- },
-/* this+=i, where i is int */
- inc: function(i)
- {
- this.norm();
- this.w[0]+=i;
- return this;
- },
-/* this-=y */
- sub: function(y)
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]-=y.w[i];
- return this;
- },
-
-/* reverse subtract this=x-this */
- rsub: function(x)
- {
- for (var i=0;i<ROM.NLEN;i++)
- this.w[i]=x.w[i]-this.w[i];
- return this;
- },
-/* this-=i, where i is int */
- dec: function(i)
- {
- this.norm();
- this.w[0]-=i;
- return this;
- },
-/* return this-x */
- minus: function(x) {
- var d=new BIG(0);
- for (var i=0;i<ROM.NLEN;i++)
- d.w[i]=this.w[i]-x.w[i];
- return d;
- },
-/* multiply by small integer */
- imul: function(c)
- {
- for (var i=0;i<ROM.NLEN;i++) this.w[i]*=c;
- return this;
- },
-/* convert this BIG to byte array */
- tobytearray: function(b,n)
- {
- this.norm();
- var c=new BIG(0);
- c.copy(this);
-
- for (var i=ROM.MODBYTES-1;i>=0;i--)
- {
- b[i+n]=c.w[0]&0xff;
- c.fshr(8);
- }
- return this;
- },
-/* convert this to byte array */
- toBytes: function(b)
- {
- this.tobytearray(b,0);
- },
-
-/* set this[i]+=x*y+c, and return high part */
- muladd: function(x,y,c,i)
- {
- var prod=x*y+c+this.w[i];
- this.w[i]=prod&ROM.MASK;
- return ((prod-this.w[i])*ROM.MODINV);
- },
-/* multiply by larger int */
- pmul: function(c)
- {
- var ak,carry=0;
- this.norm();
- for (var i=0;i<ROM.NLEN;i++)
- {
- ak=this.w[i];
- this.w[i]=0;
- carry=this.muladd(ak,c,carry,i);
- }
- return carry;
- },
-/* multiply by still larger int - results requires a DBIG */
- pxmul: function(c)
- {
- var m=new DBIG(0);
- var carry=0;
- for (var j=0;j<ROM.NLEN;j++)
- carry=m.muladd(this.w[j],c,carry,j);
- m.w[ROM.NLEN]=carry;
- return m;
- },
-/* divide by 4 */
- div3: function()
- {
- var ak,base,carry=0;
- this.norm();
- base=(1<<ROM.BASEBITS);
- for (var i=ROM.NLEN-1;i>=0;i--)
- {
- ak=(carry*base+this.w[i]);
- this.w[i]=Math.floor(ak/3);
- carry=ak%3;
- }
- return carry;
- },
-
-/* set x = x mod 2^m */
- mod2m: function(m)
- {
- var i,wd,bt;
- var msk;
- wd=Math.floor(m/ROM.BASEBITS);
- bt=m%ROM.BASEBITS;
- msk=(1<<bt)-1;
- this.w[wd]&=msk;
- for (i=wd+1;i<ROM.NLEN;i++) this.w[i]=0;
- },
-
-/* a=1/a mod 2^256. This is very fast! */
- invmod2m: function()
- {
- var U=new BIG(0);
- var b=new BIG(0);
- var c=new BIG(0);
-
- U.inc(BIG.invmod256(this.lastbits(8)));
-
- for (var i=8;i<256;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- var t1=BIG.smul(U,b); t1.shr(i);
- c.copy(this); c.shr(i); c.mod2m(i);
-
- var t2=BIG.smul(U,c); t2.mod2m(i);
- t1.add(t2);
- b=BIG.smul(t1,U); t1.copy(b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm();
- t1.shl(i);
- U.add(t1);
- }
- this.copy(U);
- },
-
-/* reduce this mod m */
- mod: function(m)
- {
- var k=0;
-
- this.norm();
- if (BIG.comp(this,m)<0) return;
- do
- {
- m.fshl(1);
- k++;
- } while (BIG.comp(this,m)>=0);
-
- while (k>0)
- {
- m.fshr(1);
- if (BIG.comp(this,m)>=0)
- {
- this.sub(m);
- this.norm();
- }
- k--;
- }
- },
-/* this/=m */
- div: function(m)
- {
- var k=0;
- this.norm();
- var e=new BIG(1);
- var b=new BIG(0);
- b.copy(this);
- this.zero();
-
- while (BIG.comp(b,m)>=0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k>0)
- {
- m.fshr(1);
- e.fshr(1);
- if (BIG.comp(b,m)>=0)
- {
- this.add(e);
- this.norm();
- b.sub(m);
- b.norm();
- }
- k--;
- }
- },
-/* return parity of this */
- parity: function()
- {
- return this.w[0]%2;
- },
-/* return n-th bit of this */
- bit: function(n)
- {
- if ((this.w[Math.floor(n/ROM.BASEBITS)]&(1<<(n%ROM.BASEBITS)))>0) return 1;
- else return 0;
- },
-/* return last n bits of this */
- lastbits: function(n)
- {
- var msk=(1<<n)-1;
- this.norm();
- return (this.w[0])&msk;
- },
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- jacobi: function(p)
- {
- var n8,k,m=0;
- var t=new BIG(0);
- var x=new BIG(0);
- var n=new BIG(0);
- var zilch=new BIG(0);
- var one=new BIG(1);
- if (p.parity()===0 || BIG.comp(this,zilch)===0 || BIG.comp(p,one)<=0) return 0;
- this.norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (BIG.comp(n,one)>0)
- {
- if (BIG.comp(x,zilch)===0) return 0;
- n8=n.lastbits(3);
- k=0;
- while (x.parity()===0)
- {
- k++;
- x.shr(1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(x.lastbits(2)-1)/4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m%=2;
-
- }
- if (m===0) return 1;
- else return -1;
- },
-/* this=1/this mod p. Binary method */
- invmodp: function(p)
- {
- this.mod(p);
- var u=new BIG(0);
- u.copy(this);
- var v=new BIG(0);
- v.copy(p);
- var x1=new BIG(1);
- var x2=new BIG(0);
- var t=new BIG(0);
- var one=new BIG(1);
-
- while (BIG.comp(u,one)!==0 && BIG.comp(v,one)!==0)
- {
- while (u.parity()===0)
- {
- u.shr(1);
- if (x1.parity()!==0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()===0)
- {
- v.shr(1);
- if (x2.parity()!==0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (BIG.comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (BIG.comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (BIG.comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (BIG.comp(u,one)===0) this.copy(x1);
- else this.copy(x2);
- },
-/* return this^e mod m */
- powmod:function(e,m)
- {
- var bt;
- this.norm();
- e.norm();
- var a=new BIG(1);
- var z=new BIG(0);
- z.copy(e);
- var s=new BIG(0);
- s.copy(this);
- var i=0;
- while (true)
- {
- i++;
- bt=z.parity();
- z.fshr(1);
- if (bt==1) a=BIG.modmul(a,s,m);
-//ROM.debug=false;
- if (z.iszilch()) break;
- s=BIG.modsqr(s,m);
- }
- return a;
- }
-
-};
-/* convert from byte array to BIG */
-BIG.frombytearray=function(b,n)
-{
- var m=new BIG(0);
-
- for (var i=0;i<ROM.MODBYTES;i++)
- {
- m.fshl(8); m.w[0]+=b[i+n]&0xff;
- //m.inc(b[i]&0xff);
- }
- return m;
-};
-
-BIG.fromBytes=function(b)
-{
- return BIG.frombytearray(b,0);
-};
-
-/* return a*b where product fits a BIG */
-BIG.smul=function(a,b)
-{
- var carry;
- var c=new BIG(0);
- for (var i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (var j=0;j<ROM.NLEN;j++)
- if (i+j<ROM.NLEN) carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- }
- return c;
-};
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-BIG.comp=function(a,b)
-{
- for (var i=ROM.NLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
-};
-
-/* get 8*MODBYTES size random number */
-BIG.random=function(rng)
-{
- var m=new BIG(0);
- var i,b,j=0,r=0;
-
-/* generate random BIG */
- for (i=0;i<8*ROM.MODBYTES;i++)
- {
- if (j===0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
-};
-
-/* Create random BIG in portable way, one bit at a time */
-BIG.randomnum=function(q,rng)
-{
- var d=new DBIG(0);
- var i,b,j=0,r=0;
- for (i=0;i<2*ROM.MODBITS;i++)
- {
- if (j===0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- d.shl(1); d.w[0]+=b;
- j++; j&=7;
- }
-
- var m=d.mod(q);
-
- return m;
-};
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-BIG.nafbits=function(x,x3,i)
-{
- var n=[];
- var nb=x3.bit(i)-x.bit(i);
- var j;
- n[1]=1;
- n[0]=0;
- if (nb===0) {n[0]=0; return n;}
- if (i===0) {n[0]=nb; return n;}
- if (nb>0) n[0]=1;
- else n[0]=(-1);
-
- for (j=i-1;j>0;j--)
- {
- n[1]++;
- n[0]*=2;
- nb=x3.bit(j)-x.bit(j);
- if (nb>0) n[0]+=1;
- if (nb<0) n[0]-=1;
- if (n[0]>5 || n[0]<-5) break;
- }
-
- if (n[0]%2!==0 && j!==0)
- { /* backtrack */
- if (nb>0) n[0]=(n[0]-1)/2;
- if (nb<0) n[0]=(n[0]+1)/2;
- n[1]--;
- }
- while (n[0]%2===0)
- { /* remove trailing zeros */
- n[0]/=2;
- n[2]++;
- n[1]--;
- }
- return n;
-};
-
-/* return a*b as DBIG */
-BIG.mul=function(a,b)
-{
- var n,c=new DBIG(0);
- a.norm();
- b.norm();
-
- c.w[0]=a.w[0]*b.w[0];
- c.w[1]=a.w[1]*b.w[0]+a.w[0]*b.w[1];
- c.w[2]=a.w[2]*b.w[0]+a.w[1]*b.w[1]+a.w[0]*b.w[2];
- c.w[3]=a.w[3]*b.w[0]+a.w[2]*b.w[1]+a.w[1]*b.w[2]+a.w[0]*b.w[3];
- c.w[4]=a.w[4]*b.w[0]+a.w[3]*b.w[1]+a.w[2]*b.w[2]+a.w[1]*b.w[3]+a.w[0]*b.w[4];
- c.w[5]=a.w[5]*b.w[0]+a.w[4]*b.w[1]+a.w[3]*b.w[2]+a.w[2]*b.w[3]+a.w[1]*b.w[4]+a.w[0]*b.w[5];
- c.w[6]=a.w[6]*b.w[0]+a.w[5]*b.w[1]+a.w[4]*b.w[2]+a.w[3]*b.w[3]+a.w[2]*b.w[4]+a.w[1]*b.w[5]+a.w[0]*b.w[6];
- c.w[7]=a.w[7]*b.w[0]+a.w[6]*b.w[1]+a.w[5]*b.w[2]+a.w[4]*b.w[3]+a.w[3]*b.w[4]+a.w[2]*b.w[5]+a.w[1]*b.w[6]+a.w[0]*b.w[7];
- c.w[8]=a.w[8]*b.w[0]+a.w[7]*b.w[1]+a.w[6]*b.w[2]+a.w[5]*b.w[3]+a.w[4]*b.w[4]+a.w[3]*b.w[5]+a.w[2]*b.w[6]+a.w[1]*b.w[7]+a.w[0]*b.w[8];
- c.w[9]=a.w[9]*b.w[0]+a.w[8]*b.w[1]+a.w[7]*b.w[2]+a.w[6]*b.w[3]+a.w[5]*b.w[4]+a.w[4]*b.w[5]+a.w[3]*b.w[6]+a.w[2]*b.w[7]+a.w[1]*b.w[8]+a.w[0]*b.w[9];
- c.w[10]=a.w[10]*b.w[0]+a.w[9]*b.w[1]+a.w[8]*b.w[2]+a.w[7]*b.w[3]+a.w[6]*b.w[4]+a.w[5]*b.w[5]+a.w[4]*b.w[6]+a.w[3]*b.w[7]+a.w[2]*b.w[8]+a.w[1]*b.w[9]+a.w[0]*b.w[10];
-
- c.w[11]=a.w[10]*b.w[1]+a.w[9]*b.w[2]+a.w[8]*b.w[3]+a.w[7]*b.w[4]+a.w[6]*b.w[5]+a.w[5]*b.w[6]+a.w[4]*b.w[7]+a.w[3]*b.w[8]+a.w[2]*b.w[9]+a.w[1]*b.w[10];
- c.w[12]= a.w[10]*b.w[2]+a.w[9]*b.w[3]+a.w[8]*b.w[4]+a.w[7]*b.w[5]+a.w[6]*b.w[6]+a.w[5]*b.w[7]+a.w[4]*b.w[8]+a.w[3]*b.w[9]+a.w[2]*b.w[10];
- c.w[13]= a.w[10]*b.w[3]+a.w[9]*b.w[4]+a.w[8]*b.w[5]+a.w[7]*b.w[6]+a.w[6]*b.w[7]+a.w[5]*b.w[8]+a.w[4]*b.w[9]+a.w[3]*b.w[10];
- c.w[14]= a.w[10]*b.w[4]+a.w[9]*b.w[5]+a.w[8]*b.w[6]+a.w[7]*b.w[7]+a.w[6]*b.w[8]+a.w[5]*b.w[9]+a.w[4]*b.w[10];
- c.w[15]= a.w[10]*b.w[5]+a.w[9]*b.w[6]+a.w[8]*b.w[7]+a.w[7]*b.w[8]+a.w[6]*b.w[9]+a.w[5]*b.w[10];
- c.w[16]= a.w[10]*b.w[6]+a.w[9]*b.w[7]+a.w[8]*b.w[8]+a.w[7]*b.w[9]+a.w[6]*b.w[10];
- c.w[17]= a.w[10]*b.w[7]+a.w[9]*b.w[8]+a.w[8]*b.w[9]+a.w[7]*b.w[10];
- c.w[18]= a.w[10]*b.w[8]+a.w[9]*b.w[9]+a.w[8]*b.w[10];
- c.w[19]= a.w[10]*b.w[9]+a.w[9]*b.w[10];
- c.w[20]= a.w[10]*b.w[10];
-// for (var j=9;j<ROM.NLEN;j++)
-// {
-// t=0; for (var i=0;i<=j;i++) t+=a.w[j-i]*b.w[i];
-// c.w[j]=t;
-// }
-// for (var j=ROM.NLEN;j<ROM.DNLEN-2;j++)
-// {
-// t=0; for (var i=j-ROM.NLEN+1;i<ROM.NLEN;i++) t+=a.w[j-i]*b.w[i];
-// c.w[j]=t;
-// }
-// t=a.w[ROM.NLEN-1]*b.w[ROM.NLEN-1];
-// c.w[ROM.DNLEN-2]=t;
- var co=0;
- for (var i=0;i<ROM.DNLEN-1;i++)
- {
- n=c.w[i]+co;
- c.w[i]=n&ROM.MASK;
- co=(n-c.w[i])*ROM.MODINV;
- }
- c.w[ROM.DNLEN-1]=co;
-
- return c;
-};
-
-/* return a^2 as DBIG */
-BIG.sqr=function(a)
-{
- var n,c=new DBIG(0);
- a.norm();
-
- c.w[0]=a.w[0]*a.w[0];
- c.w[1]=2*(a.w[1]*a.w[0]);
- c.w[2]=2*(a.w[2]*a.w[0])+a.w[1]*a.w[1];
- c.w[3]=2*(a.w[3]*a.w[0]+a.w[2]*a.w[1]);
- c.w[4]=2*(a.w[4]*a.w[0]+a.w[3]*a.w[1])+a.w[2]*a.w[2];
- c.w[5]=2*(a.w[5]*a.w[0]+a.w[4]*a.w[1]+a.w[3]*a.w[2]);
- c.w[6]=2*(a.w[6]*a.w[0]+a.w[5]*a.w[1]+a.w[4]*a.w[2])+a.w[3]*a.w[3];
- c.w[7]=2*(a.w[7]*a.w[0]+a.w[6]*a.w[1]+a.w[5]*a.w[2]+a.w[4]*a.w[3]);
- c.w[8]=2*(a.w[8]*a.w[0]+a.w[7]*a.w[1]+a.w[6]*a.w[2]+a.w[5]*a.w[3])+a.w[4]*a.w[4];
- c.w[9]=2*(a.w[9]*a.w[0]+a.w[8]*a.w[1]+a.w[7]*a.w[2]+a.w[6]*a.w[3]+a.w[5]*a.w[4]);
- c.w[10]=2*(a.w[10]*a.w[0]+a.w[9]*a.w[1]+a.w[8]*a.w[2]+a.w[7]*a.w[3]+a.w[6]*a.w[4])+a.w[5]*a.w[5];
-
- c.w[11]=2*(a.w[10]*a.w[1]+a.w[9]*a.w[2]+a.w[8]*a.w[3]+a.w[7]*a.w[4]+a.w[6]*a.w[5]);
- c.w[12]=2*(a.w[10]*a.w[2]+a.w[9]*a.w[3]+a.w[8]*a.w[4]+a.w[7]*a.w[5])+a.w[6]*a.w[6];
- c.w[13]=2*(a.w[10]*a.w[3]+a.w[9]*a.w[4]+a.w[8]*a.w[5]+a.w[7]*a.w[6]);
- c.w[14]=2*(a.w[10]*a.w[4]+a.w[9]*a.w[5]+a.w[8]*a.w[6])+a.w[7]*a.w[7];
- c.w[15]=2*(a.w[10]*a.w[5]+a.w[9]*a.w[6]+a.w[8]*a.w[7]);
- c.w[16]=2*(a.w[10]*a.w[6]+a.w[9]*a.w[7])+a.w[8]*a.w[8];
- c.w[17]=2*(a.w[10]*a.w[7]+a.w[9]*a.w[8]);
- c.w[18]=2*(a.w[10]*a.w[8])+a.w[9]*a.w[9];
- c.w[19]=2*(a.w[10]*a.w[9]);
- c.w[20]= a.w[10]*a.w[10];
-/*
- c.w[0]=a.w[0]*a.w[0];
- t=a.w[1]*a.w[0]; t+=t; c.w[1]=t;
- for (j=2;j<ROM.NLEN-1;j+=2)
- {
- t=a.w[j]*a.w[0]; for (var i=1;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t; t+=a.w[j>>1]*a.w[j>>1];
- c.w[j]=t;
- t=a.w[j+1]*a.w[0]; for (var i=1;i<(j+2)>>1;i++) t+=a.w[j+1-i]*a.w[i]; t+=t;
- c.w[j+1]=t;
- }
- j=ROM.NLEN-1;
- t=a.w[j]*a.w[0]; for (var i=1;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t; t+=a.w[j>>1]*a.w[j>>1];
- c.w[j]=t;
-
- j=ROM.NLEN;
- t=a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+1]; for (var i=j-ROM.NLEN+2;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t;
- c.w[j]=t;
- for (j=ROM.NLEN+1;j<ROM.DNLEN-2;j+=2)
- {
- t=a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+1]; for (var i=j-ROM.NLEN+2;i<(j+1)>>1;i++) t+=a.w[j-i]*a.w[i]; t+=t; t+=a.w[j>>1]*a.w[j>>1];
- c.w[j]=t;
- t=a.w[ROM.NLEN-1]*a.w[j-ROM.NLEN+2]; for (var i=j-ROM.NLEN+3;i<(j+2)>>1;i++) t+=a.w[j+1-i]*a.w[i]; t+=t;
- c.w[j+1]=t;
- }
-
- t=a.w[ROM.NLEN-1]*a.w[ROM.NLEN-1];
- c.w[ROM.DNLEN-2]=t;
-*/
- var co=0;
- for (var i=0;i<ROM.DNLEN-1;i++)
- {
- n=c.w[i]+co;
- c.w[i]=n&ROM.MASK;
- co=(n-c.w[i])*ROM.MODINV;
- }
- c.w[ROM.DNLEN-1]=co;
-
- return c;
-};
-
-/* reduce a DBIG to a BIG using a "special" modulus */
-BIG.mod=function(d)
-{
- var i,j,b=new BIG(0);
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- var v,tw;
- var t=d.split(ROM.MODBITS);
- b.hcopy(d);
-
- v=t.pmul(ROM.MConst);
- tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1]&=ROM.TMASK;
- t.inc(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
- b.add(t);
- }
-
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- for (i=0;i<ROM.NLEN;i++)
- d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1);
- for (i=0;i<ROM.NLEN;i++)
- b.w[i]=d.w[ROM.NLEN+i];
- }
-
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- var md=new BIG(0);
- md.rcopy(ROM.Modulus);
- var sum;
-
- sum=d.w[0];
- for (j=0;j<ROM.NLEN;j++)
- {
- for (i=0;i<j;i++) sum+=d.w[i]*md.w[j-i];
- d.w[j]=((sum&ROM.MASK)*ROM.MConst)&ROM.MASK; sum+=d.w[j]*md.w[0];
- sum=d.w[j+1]+(sum*ROM.MODINV);
- }
- for (j=ROM.NLEN;j<ROM.DNLEN-2;j++)
- {
- for (i=j-ROM.NLEN+1;i<ROM.NLEN;i++) sum+=d.w[i]*md.w[j-i];
- d.w[j]=sum&ROM.MASK;
- sum=d.w[j+1]+((sum-d.w[j])*ROM.MODINV);
- }
-
- sum+=d.w[ROM.NLEN-1]*md.w[ROM.NLEN-1];
- d.w[ROM.DNLEN-2]=sum&ROM.MASK;
- sum=d.w[ROM.DNLEN-1]+((sum-d.w[ROM.DNLEN-2])*ROM.MODINV);
- d.w[ROM.DNLEN-1]=sum&ROM.MASK;
-
- for (i=0;i<ROM.NLEN;i++)
- b.w[i]=d.w[ROM.NLEN+i];
- }
- b.norm();
- return b;
-};
-
-/* return a*b mod m */
-BIG.modmul=function(a,b,m)
-{
- a.mod(m);
- b.mod(m);
- var d=BIG.mul(a,b);
- return d.mod(m);
-};
-
-/* return a^2 mod m */
-BIG.modsqr=function(a,m)
-{
- a.mod(m);
- var d=BIG.sqr(a);
- return d.mod(m);
-};
-
-/* return -a mod m */
-BIG.modneg=function(a,m)
-{
- a.mod(m);
- return m.minus(a);
-};
-
-/* calculate Field Excess */
-BIG.EXCESS=function(a)
-{
- return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS));
-};
-
-/* Arazi and Qi inversion mod 256 */
-BIG.invmod256=function(a)
-{
- var U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/DBIG.js
----------------------------------------------------------------------
diff --git a/js/DBIG.js b/js/DBIG.js
deleted file mode 100755
index 7523743..0000000
--- a/js/DBIG.js
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-/* constructor */
-var DBIG = function(x) {
- this.w=[];
- this.zero();
- this.w[0]=x;
-};
-
-DBIG.prototype={
-
-/* set this=0 */
- zero: function()
- {
- for (var i=0;i<ROM.DNLEN;i++) this.w[i]=0;
- return this;
- },
-
-/* set this=b */
- copy: function(b)
- {
- for (var i=0;i<ROM.DNLEN;i++) this.w[i]=b.w[i];
- return this;
- },
-
-
-/* copy from BIG */
- hcopy: function(b)
- {
- var i;
- for (i=0;i<ROM.NLEN;i++) this.w[i]=b.w[i];
- for (i=ROM.NLEN;i<ROM.DNLEN;i++) this.w[i]=0;
- return this;
- },
-
-/* normalise this */
- norm: function()
- {
- var d,carry=0;
- for (var i=0;i<ROM.DNLEN-1;i++)
- {
- d=this.w[i]+carry;
- this.w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- this.w[ROM.DNLEN-1]=(this.w[ROM.DNLEN-1]+carry);
- return this;
- },
-
-/* set this[i]+=x*y+c, and return high part */
- muladd: function(x,y,c,i)
- {
- var prod=x*y+c+this.w[i];
- this.w[i]=prod&ROM.MASK;
- return ((prod-this.w[i])*ROM.MODINV);
- },
-
-/* shift this right by k bits */
- shr: function(k)
- {
- var i,n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
- for (i=0;i<ROM.DNLEN-m-1;i++)
- this.w[i]=(this.w[m+i]>>n)|((this.w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- this.w[ROM.DNLEN-m-1]=this.w[ROM.DNLEN-1]>>n;
- for (i=ROM.DNLEN-m;i<ROM.DNLEN;i++) this.w[i]=0;
- return this;
- },
-
-/* shift this left by k bits */
- shl: function(k)
- {
- var i,n=k%ROM.BASEBITS;
- var m=Math.floor(k/ROM.BASEBITS);
-
- this.w[ROM.DNLEN-1]=((this.w[ROM.DNLEN-1-m]<<n))|(this.w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n));
- for (i=ROM.DNLEN-2;i>m;i--)
- this.w[i]=((this.w[i-m]<<n)&ROM.MASK)|(this.w[i-m-1]>>(ROM.BASEBITS-n));
- this.w[m]=(this.w[0]<<n)&ROM.MASK;
- for (i=0;i<m;i++) this.w[i]=0;
- return this;
- },
-
-/* this+=x */
- add: function(x)
- {
- for (var i=0;i<ROM.DNLEN;i++)
- this.w[i]+=x.w[i];
- },
-
-/* this-=x */
- sub: function(x)
- {
- for (var i=0;i<ROM.DNLEN;i++)
- this.w[i]-=x.w[i];
- },
-
-/* return number of bits in this */
- nbits: function()
- {
- var bts,k=ROM.DNLEN-1;
- var c;
- this.norm();
- while (k>=0 && this.w[k]===0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=this.w[k];
- while (c!==0) {c=Math.floor(c/2); bts++;}
- return bts;
- },
-
-/* convert this to string */
- toString: function()
- {
-
- var b;
- var s="";
- var len=this.nbits();
- if (len%4===0) len=Math.floor(len/4);
- else {len=Math.floor(len/4); len++;}
-
- for (var i=len-1;i>=0;i--)
- {
- b=new DBIG(0);
- b.copy(this);
- b.shr(i*4);
- s+=(b.w[0]&15).toString(16);
- }
- return s;
- },
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- mod: function(c)
- {
- var k=0;
- this.norm();
- var m=new DBIG(0);
- m.hcopy(c);
- var r=new BIG(0);
- r.hcopy(this);
-
- if (DBIG.comp(this,m)<0) return r;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (DBIG.comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (DBIG.comp(this,m)>=0)
- {
- this.sub(m);
- this.norm();
- }
- k--;
- }
-
- r.hcopy(this);
- return r;
- },
-
-/* this/=c */
- div: function(c)
- {
- var k=0;
- var m=new DBIG(0); m.hcopy(c);
- var a=new BIG(0);
- var e=new BIG(1);
- this.norm();
-
- while (DBIG.comp(this,m)>=0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k>0)
- {
- m.shr(1);
- e.shr(1);
- if (DBIG.comp(this,m)>0)
- {
- a.add(e);
- a.norm();
- this.sub(m);
- this.norm();
- }
- k--;
- }
- return a;
- },
-
-/* split this DBIG at position n, return higher half, keep lower half */
- split: function(n)
- {
- var t=new BIG(0);
- var nw,m=n%ROM.BASEBITS;
- var carry=this.w[ROM.DNLEN-1]<<(ROM.BASEBITS-m);
-
-
- for (var i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--)
- {
- nw=(this.w[i]>>m)|carry;
- carry=(this.w[i]<<(ROM.BASEBITS-m))&ROM.MASK;
- t.w[i-ROM.NLEN+1]=nw;
- }
- this.w[ROM.NLEN-1]&=((1<<m)-1);
-
- return t;
- }
-
-};
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-DBIG.comp=function(a,b)
-{
- for (var i=ROM.DNLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/ECDH.js
----------------------------------------------------------------------
diff --git a/js/ECDH.js b/js/ECDH.js
deleted file mode 100755
index 35b1479..0000000
--- a/js/ECDH.js
+++ /dev/null
@@ -1,537 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-var ECDH = {
-
- INVALID_PUBLIC_KEY:-2,
- ERROR:-3,
- INVALID:-4,
- EFS:ROM.MODBYTES,
- EGS:ROM.MODBYTES,
- EAS:16,
- EBS:16,
-
- /* Convert Integer to n-byte array */
- inttobytes: function(n,len)
- {
- var i;
- var b=[];
-
- for (i=0;i<len;i++) b[i]=0;
- i=len;
- while (n>0 && i>0)
- {
- i--;
- b[i]=(n&0xff);
- n=Math.floor(n/256);
- }
- return b;
- },
-
- bytestostring: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
-
- KDF1: function(Z,olen)
- {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- var H=new HASH();
- var i,hlen=32;
- var K=[];
-
- var B=[];
- var counter,cthreshold,k=0;
-
- for (i=0;i<K.length;i++) K[i]=0; // redundant?
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
-
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); if (counter>0) H.process_num(counter);
- B=H.hash();
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- },
-
- KDF2: function(Z,P,olen)
- {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- var H=new HASH();
- var i,hlen=32;
- var K=[];
-
- var B=[];
- var counter,cthreshold,k=0;
-
- for (i=0;i<K.length;i++) K[i]=0; // redundant?
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
-
- for (counter=1;counter<=cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter); H.process_array(P);
- B=H.hash();
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- },
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-
- PBKDF2: function(Pass,Salt,rep,olen)
- {
- var i,j,k,d,opt;
- d=Math.floor(olen/32); if (olen%32!==0) d++;
- var F=new Array(this.EFS);
- var U=[];
- var S=[];
-
- var K=[];
- opt=0;
-
- for (i=1;i<=d;i++)
- {
- for (j=0;j<Salt.length;j++) S[j]=Salt[j];
- var N=this.inttobytes(i,4);
- for (j=0;j<4;j++) S[Salt.length+j]=N[j];
- this.HMAC(S,Pass,F);
- for (j=0;j<this.EFS;j++) U[j]=F[j];
- for (j=2;j<=rep;j++)
- {
- this.HMAC(U,Pass,U);
- for (k=0;k<this.EFS;k++) F[k]^=U[k];
- }
- for (j=0;j<this.EFS;j++) K[opt++]=F[j];
- }
- var key=[];
- for (i=0;i<olen;i++) key[i]=K[i];
- return key;
- },
-
- HMAC: function(M,K,tag)
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- var i,b;
- var B=[];
- var K0=new Array(64);
- var olen=tag.length;
-
- b=K0.length;
- if (olen<4 || olen>32) return 0;
-
- for (i=0;i<b;i++) K0[i]=0;
-
- var H=new HASH();
-
- if (K.length > b)
- {
- H.process_array(K); B=H.hash();
- for (i=0;i<32;i++) K0[i]=B[i];
- }
- else
- for (i=0;i<K.length;i++) K0[i]=K[i];
-
- for (i=0;i<b;i++) K0[i]^=0x36;
- H.process_array(K0); H.process_array(M); B=H.hash();
-
- for (i=0;i<b;i++) K0[i]^=0x6a;
- H.process_array(K0); H.process_array(B); B=H.hash();
-
- for (i=0;i<olen;i++) tag[i]=B[i];
-
- return 1;
- },
-
-/* AES encryption/decryption */
-
- AES_CBC_IV0_ENCRYPT: function(K,M)
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- var a=new AES();
- var fin;
- var i,j,ipt,opt;
- var buff=[];
- /*var clen=16+(Math.floor(M.length/16))*16;*/
-
- var C=[];
- var padlen;
-
- a.init(ROM.CBC,K,null);
-
- ipt=opt=0;
- fin=false;
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- if (ipt<M.length) buff[i]=M[ipt++];
- else {fin=true; break;}
- }
- if (fin) break;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- }
-
-/* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i;j<16;j++) buff[j]=padlen;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- a.end();
- return C;
- },
-
- AES_CBC_IV0_DECRYPT: function(K,C)
- { /* padding is removed */
- var a=new AES();
- var i,ipt,opt,ch;
- var buff=[];
- var MM=[];
- var fin,bad;
- var padlen;
- ipt=opt=0;
-
- a.init(ROM.CBC,K,null);
-
- if (C.length===0) return [];
- ch=C[ipt++];
-
- fin=false;
-
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- buff[i]=ch;
- if (ipt>=C.length) {fin=true; break;}
- else ch=C[ipt++];
- }
- a.decrypt(buff);
- if (fin) break;
- for (i=0;i<16;i++)
- MM[opt++]=buff[i];
- }
-
- a.end();
- bad=false;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=true;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=true;
-
- if (!bad) for (i=0;i<16-padlen;i++)
- MM[opt++]=buff[i];
-
- var M=[];
- if (bad) return M;
-
- for (i=0;i<opt;i++) M[i]=MM[i];
- return M;
- },
-
- KEY_PAIR_GENERATE: function(RNG,S,W)
- {
- var r,gx,gy,s;
- var G,WP;
- var res=0;
- var T=[];
- G=new ECP(0);
-
- gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
-
- if (ROM.CURVETYPE!=ROM.MOMTGOMERY)
- {
- gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
- G.setxy(gx,gy);
- }
- else G.setx(gx);
-
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- if (RNG===null)
- {
- s=BIG.fromBytes(S);
- }
- else
- {
- s=BIG.randomnum(r,RNG);
-
- s.toBytes(T);
- for (var i=0;i<this.EGS;i++) S[i]=T[i];
- }
-
- WP=G.mul(s);
- WP.toBytes(W);
-
- return res;
- },
-
- PUBLIC_KEY_VALIDATE: function(full,W)
- {
- var r;
- var WP=ECP.fromBytes(W);
- var res=0;
-
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- if (WP.is_infinity()) res=this.INVALID_PUBLIC_KEY;
-
- if (res===0 && full)
- {
- WP=WP.mul(r);
- if (!WP.is_infinity()) res=this.INVALID_PUBLIC_KEY;
- }
- return res;
- },
-
- ECPSVDP_DH: function(S,WD,Z)
- {
- var r,s;
- var W;
- var res=0;
- var T=[];
-
- s=BIG.fromBytes(S);
-
- W=ECP.fromBytes(WD);
- if (W.is_infinity()) res=this.ERROR;
-
- if (res===0)
- {
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- s.mod(r);
- W=W.mul(s);
- if (W.is_infinity()) res=this.ERROR;
- else
- {
- W.getX().toBytes(T);
- for (var i=0;i<this.EFS;i++) Z[i]=T[i];
- }
- }
- return res;
- },
-
- ECPSP_DSA: function(RNG,S,F,C,D)
- {
- var T=[];
- var i,gx,gy,r,s,f,c,d,u,vx;
- var G,V;
-
- var H=new HASH();
- H.process_array(F);
- var B=H.hash();
-
- gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
- gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
-
- G=new ECP(0);
- G.setxy(gx,gy);
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- s=BIG.fromBytes(S);
- f=BIG.fromBytes(B);
-
- c=new BIG(0);
- d=new BIG(0);
- V=new ECP();
-
- do {
- u=BIG.randomnum(r,RNG);
-
- V.copy(G);
- V=V.mul(u);
- vx=V.getX();
- c.copy(vx);
- c.mod(r);
- if (c.iszilch()) continue;
- u.invmodp(r);
- d=BIG.modmul(s,c,r);
- d.add(f);
- d=BIG.modmul(u,d,r);
- } while (d.iszilch());
-
- c.toBytes(T);
- for (i=0;i<this.EFS;i++) C[i]=T[i];
- d.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i]=T[i];
- return 0;
- },
-
- ECPVP_DSA: function(W,F,C,D)
- {
- var B=[];
- var r,gx,gy,f,c,d,h2;
- var res=0;
- var G,WP,P;
-
- var H=new HASH();
- H.process_array(F);
- B=H.hash();
-
- gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
- gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
-
- G=new ECP(0);
- G.setxy(gx,gy);
- r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- c=BIG.fromBytes(C);
- d=BIG.fromBytes(D);
- f=BIG.fromBytes(B);
-
- if (c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0)
- res=this.INVALID;
-
- if (res===0)
- {
- d.invmodp(r);
- f=BIG.modmul(f,d,r);
- h2=BIG.modmul(c,d,r);
-
- WP=ECP.fromBytes(W);
- if (WP.is_infinity()) res=this.ERROR;
- else
- {
- P=new ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if (P.is_infinity()) res=this.INVALID;
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c)!==0) res=this.INVALID;
- }
- }
- }
-
- return res;
- },
-
- ECIES_ENCRYPT: function(P1,P2,RNG,W,M,V,T)
- {
- var i;
-
- var Z=[];
- var VZ=[];
- var K1=[];
- var K2=[];
- var U=[];
- var C=[];
-
- if (this.KEY_PAIR_GENERATE(RNG,U,V)!==0) return C;
- if (this.ECPSVDP_DH(U,W,Z)!==0) return C;
-
- for (i=0;i<2*this.EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<this.EFS;i++) VZ[2*this.EFS+1+i]=Z[i];
-
-
- var K=this.KDF2(VZ,P1,EFS);
-
- for (i=0;i<this.EAS;i++) {K1[i]=K[i]; K2[i]=K[this.EAS+i];}
-
- C=this.AES_CBC_IV0_ENCRYPT(K1,M);
-
- var L2=this.inttobytes(P2.length,8);
-
- var AC=[];
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- this.HMAC(AC,K2,T);
-
- return C;
- },
-
- ECIES_DECRYPT: function(P1,P2,V,C,T,U)
- {
-
- var i;
-
- var Z=[];
- var VZ=[];
- var K1=[];
- var K2=[];
- var TAG=new Array(T.length);
- var M=[];
-
- if (this.ECPSVDP_DH(U,V,Z)!==0) return M;
-
- for (i=0;i<2*this.EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<this.EFS;i++) VZ[2*this.EFS+1+i]=Z[i];
-
- var K=this.KDF2(VZ,P1,this.EFS);
-
- for (i=0;i<this.EAS;i++) {K1[i]=K[i]; K2[i]=K[this.EAS+i];}
-
- M=this.AES_CBC_IV0_DECRYPT(K1,C);
-
- if (M.length===0) return M;
-
- var L2=this.inttobytes(P2.length,8);
-
- var AC=[];
-
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- this.HMAC(AC,K2,TAG);
-
- var same=true;
- for (i=0;i<T.length;i++) if (T[i]!=TAG[i]) same=false;
- if (!same) return [];
-
- return M;
- }
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/ECP.js
----------------------------------------------------------------------
diff --git a/js/ECP.js b/js/ECP.js
deleted file mode 100755
index e9625a5..0000000
--- a/js/ECP.js
+++ /dev/null
@@ -1,898 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve Point class */
-
-/* Constructor */
-var ECP = function()
-{
- this.x=new FP(0);
- this.y=new FP(1);
- this.z=new FP(1);
- this.INF=true;
-};
-
-ECP.prototype={
-/* test this=O point-at-infinity */
- is_infinity: function()
- {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- this.x.reduce(); this.y.reduce(); this.z.reduce();
- return (this.x.iszilch() && this.y.equals(this.z));
- }
- else return this.INF;
- },
-
-
-/* conditional swap of this and Q dependant on d */
- cswap: function(Q,d)
- {
- this.x.cswap(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y.cswap(Q.y,d);
- this.z.cswap(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- var bd=(d!==0)?true:false;
- bd=bd&(this.INF^Q.INF);
- this.INF^=bd;
- Q.INF^=bd;
- }
- },
-
-/* conditional move of Q to P dependant on d */
- cmove: function(Q,d)
- {
- this.x.cmove(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y.cmove(Q.y,d);
- this.z.cmove(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- var bd=(d!==0)?true:false;
- this.INF^=(this.INF^Q.INF)&bd;
- }
- },
-
-/* Constant time select from pre-computed table */
- select: function(W,b)
- {
- var MP=new ECP();
- var m=b>>31;
- var babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- this.cmove(W[0],ECP.teq(babs,0)); // conditional move
- this.cmove(W[1],ECP.teq(babs,1));
- this.cmove(W[2],ECP.teq(babs,2));
- this.cmove(W[3],ECP.teq(babs,3));
- this.cmove(W[4],ECP.teq(babs,4));
- this.cmove(W[5],ECP.teq(babs,5));
- this.cmove(W[6],ECP.teq(babs,6));
- this.cmove(W[7],ECP.teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- this.cmove(MP,(m&1));
- },
-
-/* Test P == Q */
-
- equals: function(Q)
- {
- if (this.is_infinity() && Q.is_infinity()) return true;
- if (this.is_infinity() || Q.is_infinity()) return false;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- var zs2=new FP(0); zs2.copy(this.z); zs2.sqr();
- var zo2=new FP(0); zo2.copy(Q.z); zo2.sqr();
- var zs3=new FP(0); zs3.copy(zs2); zs3.mul(this.z);
- var zo3=new FP(0); zo3.copy(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(this.x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(this.y);
- if (!zs3.equals(zo3)) return false;
- }
- else
- {
- var a=new FP(0);
- var b=new FP(0);
- a.copy(this.x); a.mul(Q.z); a.reduce();
- b.copy(Q.x); b.mul(this.z); b.reduce();
- if (!a.equals(b)) return false;
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- a.copy(this.y); a.mul(Q.z); a.reduce();
- b.copy(Q.y); b.mul(this.z); b.reduce();
- if (!a.equals(b)) return false;
- }
- }
- return true;
- },
-/* copy this=P */
- copy: function(P)
- {
- this.x.copy(P.x);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y.copy(P.y);
- this.z.copy(P.z);
- this.INF=P.INF;
- },
-/* this=-this */
- neg: function()
- {
- if (this.is_infinity()) return;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- this.y.neg(); this.y.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- this.x.neg(); this.x.norm();
- }
- return;
- },
-/* set this=O */
- inf: function()
- {
- this.INF=true;
- this.x.zero();
- this.y=new FP(1);
- this.z=new FP(1);
- },
-/* set this=(x,y) where x and y are BIGs */
- setxy: function(ix,iy)
- {
- this.x=new FP(0); this.x.bcopy(ix);
- this.y=new FP(0); this.y.bcopy(iy);
- this.z=new FP(1);
- var rhs=ECP.RHS(this.x);
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- if (rhs.jacobi()==1) this.INF=false;
- else this.inf();
- }
- else
- {
- var y2=new FP(0); y2.copy(this.y);
- y2.sqr();
- if (y2.equals(rhs)) this.INF=false;
- else this.inf();
- }
- },
-/* set this=x, where x is BIG, y is derived from sign s */
- setxi: function(ix,s)
- {
- this.x=new FP(0); this.x.bcopy(ix);
- var rhs=ECP.RHS(this.x);
- this.z=new FP(1);
- if (rhs.jacobi()==1)
- {
- var ny=rhs.sqrt();
- if (ny.redc().parity()!=s) ny.neg();
- this.y=ny;
- this.INF=false;
- }
- else this.inf();
- },
-/* set this=x, y calcuated from curve equation */
- setx: function(ix)
- {
- this.x=new FP(0); this.x.bcopy(ix);
- var rhs=ECP.RHS(this.x);
- this.z=new FP(1);
- if (rhs.jacobi()==1)
- {
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) this.y=rhs.sqrt();
- this.INF=false;
- }
- else this.INF=true;
- },
-/* set this to affine - from (x,y,z) to (x,y) */
- affine: function()
- {
- if (this.is_infinity()) return;
- var one=new FP(1);
- if (this.z.equals(one)) return;
- this.z.inverse();
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- var z2=new FP(0); z2.copy(this.z);
- z2.sqr();
- this.x.mul(z2); this.x.reduce();
- this.y.mul(z2);
- this.y.mul(this.z); this.y.reduce();
- this.z=one;
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- this.x.mul(this.z); this.x.reduce();
- this.y.mul(this.z); this.y.reduce();
- this.z=one;
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- this.x.mul(this.z); this.x.reduce();
- this.z=one;
- }
- },
-/* extract x as BIG */
- getX: function()
- {
- this.affine();
- return this.x.redc();
- },
-/* extract y as BIG */
- getY: function()
- {
- this.affine();
- return this.y.redc();
- },
-
-/* get sign of Y */
- getS: function()
- {
- this.affine();
- var y=this.getY();
- return y.parity();
- },
-/* extract x as FP */
- getx: function()
- {
- return this.x;
- },
-/* extract y as FP */
- gety: function()
- {
- return this.y;
- },
-/* extract z as FP */
- getz: function()
- {
- return this.z;
- },
-/* convert to byte array */
- toBytes: function(b)
- {
- var i,t=[];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) b[0]=0x04;
- else b[0]=0x02;
-
- this.affine();
- this.x.redc().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) b[i+1]=t[i];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- this.y.redc().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) b[i+ROM.MODBYTES+1]=t[i];
- }
- },
-/* convert to hex string */
- toString: function()
- {
- if (this.is_infinity()) return "infinity";
- this.affine();
- if (ROM.CURVETYPE==ROM.MONTGOMERY) return "("+this.x.redc().toString()+")";
- else return "("+this.x.redc().toString()+","+this.y.redc().toString()+")";
- },
-
-/* this+=this */
- dbl: function()
- {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (this.INF) return;
- if (this.y.iszilch())
- {
- this.inf();
- return;
- }
-
- var w1=new FP(0); w1.copy(this.x);
- var w6=new FP(0); w6.copy(this.z);
- var w2=new FP(0);
- var w3=new FP(0); w3.copy(this.x);
- var w8=new FP(0); w8.copy(this.x);
-
- if (ROM.CURVE_A==-3)
- {
- w6.sqr();
- w1.copy(w6);
- w1.neg();
- w3.add(w1);
- w8.add(w6);
- w3.mul(w8);
- w8.copy(w3);
- w8.imul(3);
- }
- else
- {
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
- }
-
- w2.copy(this.y); w2.sqr();
- w3.copy(this.x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
-
- this.x.copy(w8); this.x.sqr();
- this.x.add(w1);
- this.x.add(w1);
- this.x.norm();
-
- this.z.mul(this.y);
- this.z.add(this.z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(this.x);
- this.y.copy(w8); this.y.mul(w3);
- this.y.sub(w2);
- this.y.norm();
- this.z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- var C=new FP(0); C.copy(this.x);
- var D=new FP(0); D.copy(this.y);
- var H=new FP(0); H.copy(this.z);
- var J=new FP(0);
-
- this.x.mul(this.y); this.x.add(this.x);
- C.sqr();
- D.sqr();
- if (ROM.CURVE_A==-1) C.neg();
- this.y.copy(C); this.y.add(D);
- H.sqr(); H.add(H);
- this.z.copy(this.y);
- J.copy(this.y); J.sub(H);
- this.x.mul(J);
- C.sub(D);
- this.y.mul(C);
- this.z.mul(J);
-
- this.x.norm();
- this.y.norm();
- this.z.norm();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- var A=new FP(0); A.copy(this.x);
- var B=new FP(0); B.copy(this.x);
- var AA=new FP(0);
- var BB=new FP(0);
- var C=new FP(0);
-
- if (this.INF) return;
-
- A.add(this.z);
- AA.copy(A); AA.sqr();
- B.sub(this.z);
- BB.copy(B); BB.sqr();
- C.copy(AA); C.sub(BB);
-
- this.x.copy(AA); this.x.mul(BB);
-
- A.copy(C); A.imul((ROM.CURVE_A+2)>>2);
-
- BB.add(A);
- this.z.copy(BB); this.z.mul(C);
- this.x.norm();
- this.z.norm();
- }
- return;
- },
-
-/* this+=Q */
- add: function(Q)
- {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (this.INF)
- {
- this.copy(Q);
- return;
- }
- if (Q.INF) return;
-
- var aff=false;
- var one=new FP(1);
- if (Q.z.equals(one)) aff=true;
-
- var A,C;
- var B=new FP(this.z);
- var D=new FP(this.z);
- if (!aff)
- {
- A=new FP(Q.z);
- C=new FP(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(this.x);
- C.mul(this.y);
- }
- else
- {
- A=new FP(this.x);
- C=new FP(this.y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- this.dbl();
- return;
- }
- else
- {
- this.INF=true;
- return;
- }
- }
-
- if (!aff) this.z.mul(Q.z);
- this.z.mul(B);
-
- var e=new FP(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- this.x.copy(D); this.x.sqr(); this.x.sub(e);
-
- A.sub(this.x);
- this.y.copy(A); this.y.mul(D);
- C.mul(B); this.y.sub(C);
-
- this.x.norm();
- this.y.norm();
- this.z.norm();
-
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- var b=new FP(0); b.rcopy(ROM.CURVE_B);
- var A=new FP(0); A.copy(this.z);
- var B=new FP(0);
- var C=new FP(0); C.copy(this.x);
- var D=new FP(0); D.copy(this.y);
- var E=new FP(0);
- var F=new FP(0);
- var G=new FP(0);
-
- A.mul(Q.z);
- B.copy(A); B.sqr();
- C.mul(Q.x);
- D.mul(Q.y);
-
- E.copy(C); E.mul(D); E.mul(b);
- F.copy(B); F.sub(E);
- G.copy(B); G.add(E);
- C.add(D);
-
- if (ROM.CURVE_A==1)
- {
- E.copy(D); D.sub(C);
- }
-
- B.copy(this.x); B.add(this.y);
- D.copy(Q.x); D.add(Q.y);
- B.mul(D);
- B.sub(C);
- B.mul(F);
- this.x.copy(A); this.x.mul(B);
-
- if (ROM.CURVE_A==1)
- {
- C.copy(E); C.mul(G);
- }
- if (ROM.CURVE_A==-1)
- {
- C.mul(G);
- }
- this.y.copy(A); this.y.mul(C);
- this.z.copy(F); this.z.mul(G);
- this.x.norm(); this.y.norm(); this.z.norm();
- }
- return;
- },
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- dadd: function(Q,W)
- {
- var A=new FP(0); A.copy(this.x);
- var B=new FP(0); B.copy(this.x);
- var C=new FP(0); C.copy(Q.x);
- var D=new FP(0); D.copy(Q.x);
- var DA=new FP(0);
- var CB=new FP(0);
-
- A.add(this.z);
- B.sub(this.z);
-
- C.add(Q.z);
- D.sub(Q.z);
-
- DA.copy(D); DA.mul(A);
- CB.copy(C); CB.mul(B);
-
- A.copy(DA); A.add(CB); A.sqr();
- B.copy(DA); B.sub(CB); B.sqr();
-
- this.x.copy(A);
- this.z.copy(W.x); this.z.mul(B);
-
- if (this.z.iszilch()) this.inf();
- else this.INF=false;
-
- this.x.norm();
- },
-
-/* this-=Q */
- sub: function(Q) {
- Q.neg();
- this.add(Q);
- Q.neg();
- },
-
-/* constant time multiply by small integer of length bts - use ladder */
- pinmul: function(e,bts) {
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- return this.mul(new BIG(e));
- else
- {
- var nb,i,b;
- var P=new ECP();
- var R0=new ECP();
- var R1=new ECP(); R1.copy(this);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- },
-
-/* return e.this - SPA immune, using Ladder */
-
- mul: function(e)
- {
- if (e.iszilch() || this.is_infinity()) return new ECP();
- var P=new ECP();
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { /* use ladder */
- var nb,i,b;
- var D=new ECP();
- var R0=new ECP(); R0.copy(this);
- var R1=new ECP(); R1.copy(this);
- R1.dbl();
- D.copy(this); D.affine();
- nb=e.nbits();
- for (i=nb-2;i>=0;i--)
- {
- b=e.bit(i);
- P.copy(R1);
- P.dadd(R0,D);
-
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- }
- else
- {
-// fixed size windows
- var i,b,nb,m,s,ns;
- var mt=new BIG();
- var t=new BIG();
- var Q=new ECP();
- var C=new ECP();
- var W=[];
- var w=[];
-
- this.affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- ECP.multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+Math.floor((t.nbits()+3)/4);
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=t.lastbits(5);
-
- P.copy(W[Math.floor((w[nb]-1)/2)]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- }
- P.affine();
- return P;
- },
-
-/* Return e.this+f.Q */
-
- mul2: function(e,Q,f) {
- var te=new BIG();
- var tf=new BIG();
- var mt=new BIG();
- var S=new ECP();
- var T=new ECP();
- var C=new ECP();
- var W=[];
- var w=[];
- var i,s,ns,nb;
- var a,b;
-
- this.affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
- W[1]=new ECP(); W[1].copy(this); W[1].sub(Q);
- W[2]=new ECP(); W[2].copy(this); W[2].add(Q);
- S.copy(Q); S.dbl();
- W[0]=new ECP(); W[0].copy(W[1]); W[0].sub(S);
- W[3]=new ECP(); W[3].copy(W[2]); W[3].add(S);
- T.copy(this); T.dbl();
- W[5]=new ECP(); W[5].copy(W[1]); W[5].add(T);
- W[6]=new ECP(); W[6].copy(W[2]); W[6].add(T);
- W[4]=new ECP(); W[4].copy(W[5]); W[4].sub(S);
- W[7]=new ECP(); W[7].copy(W[6]); W[7].add(S);
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- ECP.multiaffine(8,W);
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s=te.parity();
- te.inc(1); te.norm(); ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm();
- te.cmove(mt,s);
- T.cmove(this,ns);
- C.copy(T);
-
- s=tf.parity();
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm();
- tf.cmove(mt,s);
- S.cmove(Q,ns);
- C.add(S);
-
- mt.copy(te); mt.add(tf); mt.norm();
- nb=1+Math.floor((mt.nbits()+1)/2);
-
-// convert exponent to signed 2-bit window
- for (i=0;i<nb;i++)
- {
- a=(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- b=(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=(4*a+b);
- }
- w[nb]=(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[Math.floor((w[nb]-1)/2)]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-};
-
-ECP.multiaffine=function(m,P)
-{
- var i;
- var t1=new FP(0);
- var t2=new FP(0);
- var work=[];
-
- for (i=0;i<m;i++)
- work[i]=new FP(0);
-
- work[0].one();
- work[1].copy(P[0].z);
-
- for (i=2;i<m;i++)
- {
- work[i].copy(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
-};
-
-/* return 1 if b==c, no branching */
-ECP.teq=function(b,c)
-{
- var x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
-};
-
-/* convert from byte array to ECP */
-ECP.fromBytes= function(b)
-{
- var i,t=[];
- var P=new ECP();
- var p=new BIG(0); p.rcopy(ROM.Modulus);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+1];
- var px=BIG.fromBytes(t);
- if (BIG.comp(px,p)>=0) return P;
-
- if (b[0]==0x04)
- {
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES+1];
- var py=BIG.fromBytes(t);
- if (BIG.comp(py,p)>=0) return P;
- P.setxy(px,py);
- return P;
- }
- else
- {
- P.setx(px);
- return P;
- }
-};
-
-/* Calculate RHS of curve equation */
-ECP.RHS= function(x)
-{
- x.norm();
- var r=new FP(0); r.copy(x);
- r.sqr();
-
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- { // x^3+Ax+B
- var b=new FP(0); b.rcopy(ROM.CURVE_B);
- r.mul(x);
- if (ROM.CURVE_A==-3)
- {
- var cx=new FP(0); cx.copy(x);
- cx.imul(3);
- cx.neg(); cx.norm();
- r.add(cx);
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- var b=new FP(0); b.rcopy(ROM.CURVE_B);
-
- var one=new FP(1);
- b.mul(r);
- b.sub(one);
- if (ROM.CURVE_A==-1) r.neg();
- r.sub(one);
-
- b.inverse();
-
- r.mul(b);
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { // x^3+Ax^2+x
- var x3=new FP(0);
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/ECP2.js
----------------------------------------------------------------------
diff --git a/js/ECP2.js b/js/ECP2.js
deleted file mode 100755
index 4c310ab..0000000
--- a/js/ECP2.js
+++ /dev/null
@@ -1,604 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-/* Constructor, set this=O */
-var ECP2=function()
-{
- this.x=new FP2(0);
- this.y=new FP2(1);
- this.z=new FP2(1);
- this.INF=true;
-};
-
-ECP2.prototype={
-/* Test this=O? */
- is_infinity: function()
- {
- return this.INF;
- },
-/* copy this=P */
- copy: function(P)
- {
- this.x.copy(P.x);
- this.y.copy(P.y);
- this.z.copy(P.z);
- this.INF=P.INF;
- },
-/* set this=O */
- inf: function()
- {
- this.INF=true;
- this.x.zero();
- this.y.zero();
- this.z.zero();
- },
-
-/* conditional move of Q to P dependant on d */
- cmove: function(Q,d)
- {
- this.x.cmove(Q.x,d);
- this.y.cmove(Q.y,d);
- this.z.cmove(Q.z,d);
-
- var bd=(d!==0)?true:false;
- this.INF^=(this.INF^Q.INF)&bd;
- },
-
-/* Constant time select from pre-computed table */
- select: function(W,b)
- {
- var MP=new ECP2();
- var m=b>>31;
- var babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- this.cmove(W[0],ECP2.teq(babs,0)); // conditional move
- this.cmove(W[1],ECP2.teq(babs,1));
- this.cmove(W[2],ECP2.teq(babs,2));
- this.cmove(W[3],ECP2.teq(babs,3));
- this.cmove(W[4],ECP2.teq(babs,4));
- this.cmove(W[5],ECP2.teq(babs,5));
- this.cmove(W[6],ECP2.teq(babs,6));
- this.cmove(W[7],ECP2.teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- this.cmove(MP,(m&1));
- },
-
-/* Test P == Q */
-
- equals: function(Q) {
- if (this.is_infinity() && Q.is_infinity()) return true;
- if (this.is_infinity() || Q.is_infinity()) return false;
-
- var zs2=new FP2(this.z); /*zs2.copy(this.z);*/ zs2.sqr();
- var zo2=new FP2(Q.z); /*zo2.copy(Q.z);*/ zo2.sqr();
- var zs3=new FP2(zs2); /*zs3.copy(zs2);*/ zs3.mul(this.z);
- var zo3=new FP2(zo2); /*zo3.copy(zo2);*/ zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(this.x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(this.y);
- if (!zs3.equals(zo3)) return false;
-
- return true;
- },
-/* set this=-this */
- neg: function()
- {
- if (this.is_infinity()) return;
- this.y.neg(); this.y.norm();
- return;
- },
-/* convert this to affine, from (x,y,z) to (x,y) */
- affine: function()
- {
- if (this.is_infinity()) return;
- var one=new FP2(1);
- if (this.z.equals(one)) return;
- this.z.inverse();
-
- var z2=new FP2(this.z); //z2.copy(this.z);
- z2.sqr();
- this.x.mul(z2); this.x.reduce();
- this.y.mul(z2);
- this.y.mul(this.z); this.y.reduce();
- this.z=one;
- },
-/* extract affine x as FP2 */
- getX: function()
- {
- this.affine();
- return this.x;
- },
-/* extract affine y as FP2 */
- getY: function()
- {
- this.affine();
- return this.y;
- },
-/* extract projective x */
- getx: function()
- {
- return this.x;
- },
-/* extract projective y */
- gety: function()
- {
- return this.y;
- },
-/* extract projective z */
- getz: function()
- {
- return this.z;
- },
-/* convert this to byte array */
- toBytes: function(b)
- {
- var i,t=[];
- this.affine();
- this.x.getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i]=t[i];
- this.x.getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i+ROM.MODBYTES]=t[i];
-
- this.y.getA().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i+2*ROM.MODBYTES]=t[i];
- this.y.getB().toBytes(t);
- for (i=0;i<ROM.MODBYTES;i++)
- b[i+3*ROM.MODBYTES]=t[i];
- },
-/* convert this to hex string */
- toString: function()
- {
- if (this.is_infinity()) return "infinity";
- this.affine();
- return "("+this.x.toString()+","+this.y.toString()+")";
- },
-/* set this=(x,y) */
- setxy: function(ix,iy)
- {
- this.x.copy(ix);
- this.y.copy(iy);
- this.z.one();
-
- var rhs=ECP2.RHS(this.x);
-
- var y2=new FP2(this.y); //y2.copy(this.y);
- y2.sqr();
- if (y2.equals(rhs)) this.INF=false;
- else this.inf();
- },
-
-/* set this=(x,.) */
- setx: function(ix)
- {
- this.x.copy(ix);
- this.z.one();
-
- var rhs=ECP2.RHS(this.x);
-
- if (rhs.sqrt())
- {
- this.y.copy(rhs);
- this.INF=false;
- }
- else this.inf();
- },
-
-/* set this*=q, where q is Modulus, using Frobenius */
- frob: function(X)
- {
- if (this.INF) return;
- var X2=new FP2(X); //X2.copy(X);
- X2.sqr();
- this.x.conj();
- this.y.conj();
- this.z.conj();
- this.z.reduce();
- this.x.mul(X2);
- this.y.mul(X2);
- this.y.mul(X);
- },
-/* this+=this */
- dbl: function()
- {
- if (this.INF) return -1;
- if (this.y.iszilch())
- {
- this.inf();
- return -1;
- }
-
- var w1=new FP2(this.x); //w1.copy(this.x);
- var w2=new FP2(0);
- var w3=new FP2(this.x); //w3.copy(this.x);
- var w8=new FP2(this.x); //w8.copy(this.x);
-
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
-
- w2.copy(this.y); w2.sqr();
- w3.copy(this.x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
-
-
- this.x.copy(w8); this.x.sqr();
- this.x.add(w1);
- this.x.add(w1);
- this.x.norm();
-
- this.z.mul(this.y);
- this.z.add(this.z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(this.x);
- this.y.copy(w8); this.y.mul(w3);
- this.y.sub(w2);
- this.y.norm();
- this.z.norm();
-
- return 1;
- },
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
-/* this+=Q */
- add: function(Q)
- {
- if (this.INF)
- {
- this.copy(Q);
- return -1;
- }
- if (Q.INF) return -1;
-
- var aff=false;
-
- if (Q.z.isunity()) aff=true;
-
- var A,C;
- var B=new FP2(this.z);
- var D=new FP2(this.z);
- if (!aff)
- {
- A=new FP2(Q.z);
- C=new FP2(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(this.x);
- C.mul(this.y);
- }
- else
- {
- A=new FP2(this.x);
- C=new FP2(this.y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- this.dbl();
- return 1;
- }
- else
- {
- this.INF=true;
- return -1;
- }
- }
-
- if (!aff) this.z.mul(Q.z);
- this.z.mul(B);
-
- var e=new FP2(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- this.x.copy(D); this.x.sqr(); this.x.sub(e);
-
- A.sub(this.x);
- this.y.copy(A); this.y.mul(D);
- C.mul(B); this.y.sub(C);
-
- this.x.norm();
- this.y.norm();
- this.z.norm();
- return 0;
- },
-/* this-=Q */
- sub: function(Q)
- {
- Q.neg();
- var D=this.add(Q);
- Q.neg();
- return D;
- },
-
-/* P*=e */
- mul: function(e)
- {
-/* fixed size windows */
- var i,b,nb,m,s,ns;
- var mt=new BIG();
- var t=new BIG();
- var C=new ECP2();
- var P=new ECP2();
- var Q=new ECP2();
- var W=[];
- var w=[];
-
- if (this.is_infinity()) return new ECP2();
-
- this.affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP2();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP2();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
-
- ECP2.multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+Math.floor((t.nbits()+3)/4);
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=t.lastbits(5);
-
- P.copy(W[Math.floor((w[nb]-1)/2)]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- P.affine();
- return P;
- }
-};
-
-/* convert from byte array to point */
-ECP2.fromBytes=function(b)
-{
- var i,t=[];
- var ra,rb;
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i];
- ra=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES];
- rb=BIG.fromBytes(t);
-
- var rx=new FP2(ra,rb); //rx.bset(ra,rb);
-
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+2*ROM.MODBYTES];
- ra=BIG.fromBytes(t);
- for (i=0;i<ROM.MODBYTES;i++) t[i]=b[i+3*ROM.MODBYTES];
- rb=BIG.fromBytes(t);
-
- var ry=new FP2(ra,rb); //ry.bset(ra,rb);
-
- var P=new ECP2();
- P.setxy(rx,ry);
- return P;
-};
-
-/* Calculate RHS of curve equation x^3+B */
-ECP2.RHS=function(x)
-{
- x.norm();
- var r=new FP2(x); //r.copy(x);
- r.sqr();
-
- var c=new BIG(0); c.rcopy(ROM.CURVE_B);
- var b=new FP2(c); //b.bseta(c);
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
-};
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
-ECP2.multiaffine=function(m,P)
-{
- var i;
- var t1=new FP2(0);
- var t2=new FP2(0);
- var work=[];
-
- work[0]=new FP2(1);
- work[1]=new FP2(P[0].z);
- for (i=2;i<m;i++)
- {
- work[i]=new FP2(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z);
-
- t1.inverse();
-
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]); t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
-};
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
-ECP2.mul4=function(Q,u)
-{
- var i,j,nb;
- var a=[];
- var T=new ECP2();
- var C=new ECP2();
- var P=new ECP2();
- var W=[];
- var mt=new BIG();
- var t=[];
- var w=[];
-
- for (i=0;i<4;i++)
- {
- t[i]=new BIG(u[i]);
- Q[i].affine();
- }
-
-/* precompute table */
-
- W[0]=new ECP2(); W[0].copy(Q[0]); W[0].sub(Q[1]);
- W[1]=new ECP2(); W[1].copy(W[0]);
- W[2]=new ECP2(); W[2].copy(W[0]);
- W[3]=new ECP2(); W[3].copy(W[0]);
- W[4]=new ECP2(); W[4].copy(Q[0]); W[4].add(Q[1]);
- W[5]=new ECP2(); W[5].copy(W[4]);
- W[6]=new ECP2(); W[6].copy(W[4]);
- W[7]=new ECP2(); W[7].copy(W[4]);
- T.copy(Q[2]); T.sub(Q[3]);
- W[1].sub(T);
- W[2].add(T);
- W[5].sub(T);
- W[6].add(T);
- T.copy(Q[2]); T.add(Q[3]);
- W[0].sub(T);
- W[3].add(T);
- W[4].sub(T);
- W[7].add(T);
-
- ECP2.multiaffine(8,W);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf();
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- C.add(Q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
-
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
-
- P.copy(W[Math.floor((w[nb]-1)/2)]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- P.dbl();
- P.add(T);
- }
- P.sub(C); /* apply correction */
-
- P.affine();
- return P;
-};
-
-/* return 1 if b==c, no branching */
-ECP2.teq=function(b,c)
-{
- var x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
-};
-
[14/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/ecdh.swift
----------------------------------------------------------------------
diff --git a/swift/ecdh.swift b/swift/ecdh.swift
deleted file mode 100644
index 9f74372..0000000
--- a/swift/ecdh.swift
+++ /dev/null
@@ -1,531 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// ecdh.swift
-//
-//
-// Created by Michael Scott on 30/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-/* Elliptic Curve API high-level functions */
-
-final public class ECDH
-{
- static let INVALID_PUBLIC_KEY:Int = -2
- static let ERROR:Int = -3
- static let INVALID:Int = -4
- static public let EFS=Int(ROM.MODBYTES);
- static public let EGS=Int(ROM.MODBYTES);
- static public let EAS=AES.KS;
- static public let EBS=AES.BS;
-
- /* Convert Integer to n-byte array */
- private static func inttoBytes(n: Int,_ len:Int) -> [UInt8]
- {
- var b=[UInt8](count:len,repeatedValue:0)
- var nn=n
-
- var i=len;
- while (nn>0 && i>0)
- {
- i--;
- b[i]=UInt8(nn&0xff);
- nn /= 256;
- }
- return b;
- }
-
- /* Key Derivation Functions */
- /* Input octet Z */
- /* Output key of length olen */
- static public func KDF1(Z: [UInt8],_ olen:Int) -> [UInt8]
- {
- /* NOTE: the parameter olen is the length of the output K in bytes */
- let H=HASH()
- let hlen=HASH.len
- var K=[UInt8](count:olen,repeatedValue:0)
- var B=[UInt8](count:hlen,repeatedValue:0)
-
- var k=0;
-
- var cthreshold=olen/hlen; if (olen%hlen) != 0 {cthreshold++}
-
- for var counter=0;counter<cthreshold;counter++
- {
- H.process_array(Z); if counter>0 {H.process_num(Int32(counter))}
- B=H.hash();
- if k+hlen>olen {for var i=0;i<olen%hlen;i++ {K[k++]=B[i]}}
- else {for var i=0;i<hlen;i++ {K[k++]=B[i]}}
- }
- return K;
- }
-
- static public func KDF2(Z:[UInt8],_ P:[UInt8],_ olen:Int) -> [UInt8]
- {
- /* NOTE: the parameter olen is the length of the output k in bytes */
- let H=HASH();
- let hlen=HASH.len;
- var K=[UInt8](count:olen,repeatedValue:0)
- var B=[UInt8](count:hlen,repeatedValue:0)
-
- var k=0;
-
- var cthreshold=olen/hlen; if (olen%hlen) != 0 {cthreshold++}
-
- for var counter=1;counter<=cthreshold;counter++
- {
- H.process_array(Z); H.process_num(Int32(counter)); H.process_array(P)
- B=H.hash();
- if k+hlen>olen {for var i=0;i<olen%hlen;i++ {K[k++]=B[i]}}
- else {for var i=0;i<hlen;i++ {K[k++]=B[i]}}
- }
- return K;
- }
-
- /* Password based Key Derivation Function */
- /* Input password p, salt s, and repeat count */
- /* Output key of length olen */
- static public func PBKDF2(Pass:[UInt8],_ Salt:[UInt8],_ rep:Int,_ olen:Int) -> [UInt8]
- {
- var d=olen/32;
- if (olen%32) != 0 {d++}
- var F=[UInt8](count:ECDH.EFS,repeatedValue:0)
- var U=[UInt8](count:ECDH.EFS,repeatedValue:0)
- var S=[UInt8](count:Salt.count+4,repeatedValue:0)
-
- var K=[UInt8](count:d*ECDH.EFS,repeatedValue:0)
-
- var opt=0;
-
- for var i=1;i<=d;i++
- {
- for var j=0;j<Salt.count;j++ {S[j]=Salt[j]}
- var N=ECDH.inttoBytes(i,4);
- for var j=0;j<4;j++ {S[Salt.count+j]=N[j]}
-
- ECDH.HMAC(S,Pass,&F);
-
- for var j=0;j<EFS;j++ {U[j]=F[j]}
- for var j=2;j<=rep;j++
- {
- ECDH.HMAC(U,Pass,&U);
- for var k=0;k<ECDH.EFS;k++ {F[k]^=U[k]}
- }
- for var j=0;j<EFS;j++ {K[opt++]=F[j]}
- }
- var key=[UInt8](count:olen,repeatedValue:0)
- for var i=0;i<olen;i++ {key[i]=K[i]}
- return key;
- }
-
- /* Calculate HMAC of m using key k. HMAC is tag of length olen */
- static public func HMAC(M:[UInt8],_ K:[UInt8],inout _ tag:[UInt8]) -> Int
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- var K0=[UInt8](count:64,repeatedValue:0)
- let olen=tag.count;
-
- let b=K0.count;
- if olen<4 || olen>HASH.len {return 0}
-
- let H=HASH();
-
- if (K.count > b)
- {
- H.process_array(K); var B=H.hash();
- for var i=0;i<32;i++ {K0[i]=B[i]}
- }
- else
- {
- for var i=0;i<K.count;i++ {K0[i]=K[i]}
- }
- for var i=0;i<b;i++ {K0[i]^=0x36}
- H.process_array(K0); H.process_array(M); var B=H.hash();
-
- for var i=0;i<b;i++ {K0[i]^=0x6a}
- H.process_array(K0); H.process_array(B); B=H.hash();
-
- for var i=0;i<olen;i++ {tag[i]=B[i]}
-
- return 1;
- }
- /* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
- static public func AES_CBC_IV0_ENCRYPT(K:[UInt8],_ M:[UInt8]) -> [UInt8]
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- let a=AES();
- var buff=[UInt8](count:16,repeatedValue:0)
- let clen=16+(M.count/16)*16;
-
- var C=[UInt8](count:clen,repeatedValue:0)
-
- a.init_it(AES.CBC,K,nil)
-
- var ipt=0; var opt=0;
- var fin=false;
- var i:Int=0
- while true
- {
- for i=0;i<16;i++
- {
- if (ipt<M.count) {buff[i]=M[ipt++]}
- else {fin=true; break;}
- }
- if fin {break}
- a.encrypt(&buff);
- for var i=0;i<16;i++
- {C[opt++]=buff[i]}
- }
-
- /* last block, filled up to i-th index */
-
- let padlen=16-i;
- for var j=i;j<16;j++ {buff[j]=UInt8(padlen&0xff)}
-
- a.encrypt(&buff);
-
- for var i=0;i<16;i++
- {C[opt++]=buff[i]}
- a.end();
- return C;
- }
-
- /* returns plaintext if all consistent, else returns null string */
- static public func AES_CBC_IV0_DECRYPT(K:[UInt8],_ C:[UInt8]) -> [UInt8]
- { /* padding is removed */
- let a=AES();
-
- var buff=[UInt8](count:16,repeatedValue:0)
- var MM=[UInt8](count:C.count,repeatedValue:0)
-
- var ipt=0; var opt=0;
-
- a.init_it(AES.CBC,K,nil);
-
- if C.count==0 {return [UInt8]()}
- var ch=C[ipt++];
-
- var fin=false;
- var i:Int=0
- while true
- {
- for i=0;i<16;i++
- {
- buff[i]=ch;
- if ipt>=C.count {fin=true; break;}
- else {ch=C[ipt++]}
- }
- a.decrypt(&buff);
- if fin {break}
- for var i=0;i<16;i++
- {MM[opt++]=buff[i]}
- }
-
- a.end();
- var bad=false;
- let padlen:Int=Int(buff[15]);
- if i != 15 || padlen<1 || padlen>16 {bad=true}
- if padlen>=2 && padlen<=16
- {
- for var i=16-padlen;i<16;i++ {if buff[i] != buff[15] {bad=true}}
- }
- if !bad
- {
- for var i=0;i<16-padlen;i++
- {MM[opt++]=buff[i]}
- }
-
- if bad {return [UInt8]()}
-
- var M=[UInt8](count:opt,repeatedValue:0)
- for var i=0;i<opt;i++ {M[i]=MM[i]}
-
- return M;
- }
-
- /* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
- static public func KEY_PAIR_GENERATE(RNG:RAND?,inout _ S:[UInt8],inout _ W:[UInt8]) -> Int
- {
- let res=0;
- var T=[UInt8](count:ECDH.EFS,repeatedValue:0)
- let gx=BIG(ROM.CURVE_Gx);
- var s:BIG
- var G:ECP
- if ROM.CURVETYPE != ROM.MONTGOMERY
- {
- let gy=BIG(ROM.CURVE_Gy)
- G=ECP(gx,gy)
- }
- else
- {G=ECP(gx)}
-
- let r=BIG(ROM.CURVE_Order);
-
- if (RNG==nil)
- {
- s=BIG.fromBytes(S);
- }
- else
- {
- s=BIG.randomnum(r,RNG!)
-
- s.toBytes(&T)
- for var i=0;i<EGS;i++ {S[i]=T[i]}
- }
-
- let WP=G.mul(s)
- WP.toBytes(&W)
-
- return res;
- }
-
- /* validate public key. Set full=true for fuller check */
- static public func PUBLIC_KEY_VALIDATE(full:Bool,_ W:[UInt8]) -> Int
- {
- var WP=ECP.fromBytes(W);
- var res=0;
-
- let r=BIG(ROM.CURVE_Order)
-
- if WP.is_infinity() {res=INVALID_PUBLIC_KEY}
-
- if res==0 && full
- {
- WP=WP.mul(r)
- if !WP.is_infinity() {res=INVALID_PUBLIC_KEY}
- }
- return res;
- }
- /* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
- static public func ECPSVDP_DH(S:[UInt8],_ WD:[UInt8],inout _ Z:[UInt8]) -> Int
- {
- var res=0
- var T=[UInt8](count:ECDH.EFS,repeatedValue:0)
-
- let s=BIG.fromBytes(S)
-
- var W=ECP.fromBytes(WD)
- if W.is_infinity() {res=ECDH.ERROR}
-
- if (res==0)
- {
- let r=BIG(ROM.CURVE_Order)
- s.mod(r)
-
- W=W.mul(s);
- if W.is_infinity() {res=ERROR}
- else
- {
- W.getX().toBytes(&T);
- for var i=0;i<ECDH.EFS;i++ {Z[i]=T[i]}
- }
- }
- return res;
- }
- /* IEEE ECDSA Signature, C and D are signature on F using private key S */
- static public func ECPSP_DSA(RNG:RAND,_ S:[UInt8],_ F:[UInt8],inout _ C:[UInt8],inout _ D:[UInt8]) -> Int
- {
- var T=[UInt8](count:ECDH.EFS,repeatedValue:0)
- let H=HASH()
- H.process_array(F)
- let B=H.hash()
-
- let gx=BIG(ROM.CURVE_Gx)
- let gy=BIG(ROM.CURVE_Gy)
-
- let G=ECP(gx,gy)
- let r=BIG(ROM.CURVE_Order)
-
- let s=BIG.fromBytes(S)
- let f=BIG.fromBytes(B)
-
- let c=BIG(0)
- let d=BIG(0)
- var V=ECP()
-
- repeat {
- let u=BIG.randomnum(r,RNG);
-
- V.copy(G)
- V=V.mul(u)
- let vx=V.getX()
- c.copy(vx)
- c.mod(r)
- if c.iszilch() {continue}
- u.invmodp(r)
- d.copy(BIG.modmul(s,c,r))
- d.add(f)
- d.copy(BIG.modmul(u,d,r))
- } while d.iszilch()
-
- c.toBytes(&T)
- for var i=0;i<ECDH.EFS;i++ {C[i]=T[i]}
- d.toBytes(&T)
- for var i=0;i<ECDH.EFS;i++ {D[i]=T[i]}
- return 0;
- }
-
- /* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
- static public func ECPVP_DSA(W:[UInt8],_ F:[UInt8],_ C:[UInt8],_ D:[UInt8]) -> Int
- {
- var res=0
-
- let H=HASH()
- H.process_array(F)
- let B=H.hash()
-
- let gx=BIG(ROM.CURVE_Gx)
- let gy=BIG(ROM.CURVE_Gy)
-
- let G=ECP(gx,gy)
- let r=BIG(ROM.CURVE_Order)
-
- let c=BIG.fromBytes(C)
- var d=BIG.fromBytes(D)
- let f=BIG.fromBytes(B)
-
- if c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0
- {res=ECDH.INVALID}
-
- if res==0
- {
- d.invmodp(r);
- f.copy(BIG.modmul(f,d,r))
- let h2=BIG.modmul(c,d,r)
-
- let WP=ECP.fromBytes(W)
- if WP.is_infinity() {res=ECDH.ERROR}
- else
- {
- var P=ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if P.is_infinity() {res=INVALID}
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c) != 0) {res=ECDH.INVALID}
- }
- }
- }
-
- return res;
- }
-
- /* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
- static public func ECIES_ENCRYPT(P1:[UInt8],_ P2:[UInt8],_ RNG:RAND,_ W:[UInt8],_ M:[UInt8],inout _ V:[UInt8],inout _ T:[UInt8]) -> [UInt8]
- {
- var Z=[UInt8](count:ECDH.EFS,repeatedValue:0)
- var VZ=[UInt8](count:3*ECDH.EFS+1,repeatedValue:0)
- var K1=[UInt8](count:ECDH.EAS,repeatedValue:0)
- var K2=[UInt8](count:ECDH.EAS,repeatedValue:0)
- var U=[UInt8](count:ECDH.EGS,repeatedValue:0)
-
- if ECDH.KEY_PAIR_GENERATE(RNG,&U,&V) != 0 {return [UInt8]()}
- if ECDH.ECPSVDP_DH(U,W,&Z) != 0 {return [UInt8]()}
-
- for var i=0;i<2*ECDH.EFS+1;i++ {VZ[i]=V[i]}
- for var i=0;i<ECDH.EFS;i++ {VZ[2*ECDH.EFS+1+i]=Z[i]}
-
-
- var K=KDF2(VZ,P1,ECDH.EFS)
-
- for var i=0;i<ECDH.EAS;i++ {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- var C=AES_CBC_IV0_ENCRYPT(K1,M)
-
- var L2=inttoBytes(P2.count,8)
-
- var AC=[UInt8](count:C.count+P2.count+8,repeatedValue:0)
-
- for var i=0;i<C.count;i++ {AC[i]=C[i]}
- for var i=0;i<P2.count;i++ {AC[C.count+i]=P2[i]}
- for var i=0;i<8;i++ {AC[C.count+P2.count+i]=L2[i]}
-
- ECDH.HMAC(AC,K2,&T)
-
- return C
- }
-
- /* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
- static public func ECIES_DECRYPT(P1:[UInt8],_ P2:[UInt8],_ V:[UInt8],_ C:[UInt8],_ T:[UInt8],_ U:[UInt8]) -> [UInt8]
- {
- var Z=[UInt8](count:ECDH.EFS,repeatedValue:0)
- var VZ=[UInt8](count:3*ECDH.EFS+1,repeatedValue:0)
- var K1=[UInt8](count:ECDH.EAS,repeatedValue:0)
- var K2=[UInt8](count:ECDH.EAS,repeatedValue:0)
-
- var TAG=[UInt8](count:T.count,repeatedValue:0)
-
- if ECPSVDP_DH(U,V,&Z) != 0 {return [UInt8]()}
-
- for var i=0;i<2*ECDH.EFS+1;i++ {VZ[i]=V[i]}
- for var i=0;i<ECDH.EFS;i++ {VZ[2*EFS+1+i]=Z[i]}
-
- var K=KDF2(VZ,P1,ECDH.EFS)
-
- for var i=0;i<ECDH.EAS;i++ {K1[i]=K[i]; K2[i]=K[ECDH.EAS+i]}
-
- let M=ECDH.AES_CBC_IV0_DECRYPT(K1,C)
-
- if M.count==0 {return M}
-
- var L2=inttoBytes(P2.count,8)
-
- var AC=[UInt8](count:C.count+P2.count+8,repeatedValue:0)
-
- for var i=0;i<C.count;i++ {AC[i]=C[i]}
- for var i=0;i<P2.count;i++ {AC[C.count+i]=P2[i]}
- for var i=0;i<8;i++ {AC[C.count+P2.count+i]=L2[i]}
-
- ECDH.HMAC(AC,K2,&TAG)
-
- var same=true
- for var i=0;i<T.count;i++
- {
- if T[i] != TAG[i] {same=false}
- }
- if !same {return [UInt8]()}
-
- return M;
-
- }
-
- static public func printBinary(array: [UInt8])
- {
- for var i=0;i<array.count;i++
- {
- let h=String(array[i],radix:16);
- print("\(h)", terminator: "")
- }
- print("");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/ecp.swift
----------------------------------------------------------------------
diff --git a/swift/ecp.swift b/swift/ecp.swift
deleted file mode 100644
index f7d84f5..0000000
--- a/swift/ecp.swift
+++ /dev/null
@@ -1,923 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// ecp.swift
-//
-//
-// Created by Michael Scott on 30/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-final class ECP {
- private var x:FP
- private var y:FP
- private var z:FP
- private var INF:Bool
-
- /* Constructor - set to O */
- init()
- {
- x=FP(0)
- y=FP(0)
- z=FP(1)
- INF=true
- }
-
- /* test for O point-at-infinity */
- func is_infinity() -> Bool
- {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.reduce(); y.reduce(); z.reduce()
- return x.iszilch() && y.equals(z)
- }
- else {return INF}
- }
-
- /* Conditional swap of P and Q dependant on d */
- private func cswap(Q: ECP,_ d:Int32)
- {
- x.cswap(Q.x,d);
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.cswap(Q.y,d)}
- z.cswap(Q.z,d);
- if (ROM.CURVETYPE != ROM.EDWARDS)
- {
- var bd:Bool
- if d==0 {bd=false}
- else {bd=true}
- bd=bd && (INF != Q.INF)
- INF = (INF != bd)
- Q.INF = (Q.INF != bd)
- }
- }
-
- /* Conditional move of Q to P dependant on d */
- private func cmove(Q: ECP,_ d:Int32)
- {
- x.cmove(Q.x,d);
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.cmove(Q.y,d)}
- z.cmove(Q.z,d);
- if (ROM.CURVETYPE != ROM.EDWARDS)
- {
- var bd:Bool
- if d==0 {bd=false}
- else {bd=true}
- INF != (INF != Q.INF) && bd;
- }
- }
-
- /* return 1 if b==c, no branching */
- private static func teq(b: Int32,_ c:Int32) -> Int32
- {
- var x=b^c
- x-=1 // if x=0, x now -1
- return ((x>>31)&1)
- }
-
- /* self=P */
- func copy(P: ECP)
- {
- x.copy(P.x)
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.copy(P.y)}
- z.copy(P.z)
- INF=P.INF
- }
- /* self=-self */
- func neg() {
- if is_infinity() {return}
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- y.neg(); y.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.neg(); x.norm();
- }
- return;
- }
-
- /* Constant time select from pre-computed table */
- private func select(W:[ECP],_ b:Int32)
- {
- let MP=ECP()
- let m=b>>31
- var babs=(b^m)-m
-
- babs=(babs-1)/2
-
- cmove(W[0],ECP.teq(babs,0)); // conditional move
- cmove(W[1],ECP.teq(babs,1))
- cmove(W[2],ECP.teq(babs,2))
- cmove(W[3],ECP.teq(babs,3))
- cmove(W[4],ECP.teq(babs,4))
- cmove(W[5],ECP.teq(babs,5))
- cmove(W[6],ECP.teq(babs,6))
- cmove(W[7],ECP.teq(babs,7))
-
- MP.copy(self)
- MP.neg()
- cmove(MP,(m&1))
- }
-
- /* Test P == Q */
- func equals(Q: ECP) -> Bool
- {
- if (is_infinity() && Q.is_infinity()) {return true}
- if (is_infinity() || Q.is_infinity()) {return false}
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- let zs2=FP(z); zs2.sqr()
- let zo2=FP(Q.z); zo2.sqr()
- let zs3=FP(zs2); zs3.mul(z)
- let zo3=FP(zo2); zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(x)
- if !zs2.equals(zo2) {return false}
- zs3.mul(Q.y)
- zo3.mul(y)
- if !zs3.equals(zo3) {return false}
- }
- else
- {
- let a=FP(0)
- let b=FP(0)
- a.copy(x); a.mul(Q.z); a.reduce()
- b.copy(Q.x); b.mul(z); b.reduce()
- if !a.equals(b) {return false}
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- a.copy(y); a.mul(Q.z); a.reduce()
- b.copy(Q.y); b.mul(z); b.reduce()
- if !a.equals(b) {return false}
- }
- }
- return true
- }
-
-/* set self=O */
- func inf()
- {
- INF=true;
- x.zero()
- y.one()
- z.one()
- }
-
- /* Calculate RHS of curve equation */
- static func RHS(x: FP) -> FP
- {
- x.norm();
- let r=FP(x);
- r.sqr();
-
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- { // x^3+Ax+B
- let b=FP(BIG(ROM.CURVE_B))
- r.mul(x)
- if (ROM.CURVE_A == -3)
- {
- let cx=FP(x)
- cx.imul(3)
- cx.neg(); cx.norm()
- r.add(cx)
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- let b=FP(BIG(ROM.CURVE_B))
-
- let one=FP(1);
- b.mul(r);
- b.sub(one);
- if ROM.CURVE_A == -1 {r.neg()}
- r.sub(one)
- b.inverse()
- r.mul(b);
- }
- if ROM.CURVETYPE==ROM.MONTGOMERY
- { // x^3+Ax^2+x
- let x3=FP(0)
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
- }
-
- /* set (x,y) from two BIGs */
- init(_ ix: BIG,_ iy: BIG)
- {
- x=FP(ix)
- y=FP(iy)
- z=FP(1)
- INF=true
- let rhs=ECP.RHS(x);
-
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- if rhs.jacobi()==1 {INF=false}
- else {inf()}
- }
- else
- {
- let y2=FP(y)
- y2.sqr()
- if y2.equals(rhs) {INF=false}
- else {inf()}
- }
- }
-
- /* set (x,y) from BIG and a bit */
- init(_ ix: BIG,_ s:Int32)
- {
- x=FP(ix)
- let rhs=ECP.RHS(x)
- y=FP(0)
- z=FP(1)
- INF=true
- if rhs.jacobi()==1
- {
- let ny=rhs.sqrt()
- if (ny.redc().parity() != s) {ny.neg()}
- y.copy(ny)
- INF=false;
- }
- else {inf()}
- }
-
- /* set from x - calculate y from curve equation */
- init(_ ix:BIG)
- {
- x=FP(ix)
- let rhs=ECP.RHS(x)
- y=FP(0)
- z=FP(1)
- if rhs.jacobi()==1
- {
- if ROM.CURVETYPE != ROM.MONTGOMERY {y.copy(rhs.sqrt())}
- INF=false;
- }
- else {INF=true}
- }
-
- /* set to affine - from (x,y,z) to (x,y) */
- func affine()
- {
- if is_infinity() {return}
- let one=FP(1)
- if (z.equals(one)) {return}
- z.inverse()
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {
- let z2=FP(z)
- z2.sqr()
- x.mul(z2); x.reduce()
- y.mul(z2)
- y.mul(z); y.reduce()
- }
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- x.mul(z); x.reduce()
- y.mul(z); y.reduce()
- }
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- x.mul(z); x.reduce()
-
- }
- z.copy(one)
- }
- /* extract x as a BIG */
- func getX() -> BIG
- {
- affine()
- return x.redc()
- }
- /* extract y as a BIG */
- func getY() -> BIG
- {
- affine();
- return y.redc();
- }
-
- /* get sign of Y */
- func getS() -> Int32
- {
- affine()
- let y=getY()
- return y.parity()
- }
- /* extract x as an FP */
- func getx() -> FP
- {
- return x;
- }
- /* extract y as an FP */
- func gety() -> FP
- {
- return y;
- }
- /* extract z as an FP */
- func getz() -> FP
- {
- return z;
- }
- /* convert to byte array */
- func toBytes(inout b:[UInt8])
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
- if ROM.CURVETYPE != ROM.MONTGOMERY {b[0]=0x04}
- else {b[0]=0x02}
-
- affine()
- x.redc().toBytes(&t)
- for var i=0;i<RM;i++ {b[i+1]=t[i]}
- if ROM.CURVETYPE != ROM.MONTGOMERY
- {
- y.redc().toBytes(&t);
- for var i=0;i<RM;i++ {b[i+RM+1]=t[i]}
- }
- }
- /* convert from byte array to point */
- static func fromBytes(b: [UInt8]) -> ECP
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
- let p=BIG(ROM.Modulus);
-
- for var i=0;i<RM;i++ {t[i]=b[i+1]}
- let px=BIG.fromBytes(t)
- if BIG.comp(px,p)>=0 {return ECP()}
-
- if (b[0]==0x04)
- {
- for var i=0;i<RM;i++ {t[i]=b[i+RM+1]}
- let py=BIG.fromBytes(t)
- if BIG.comp(py,p)>=0 {return ECP()}
- return ECP(px,py)
- }
- else {return ECP(px)}
- }
- /* convert to hex string */
- func toString() -> String
- {
- if is_infinity() {return "infinity"}
- affine();
- if ROM.CURVETYPE==ROM.MONTGOMERY {return "("+x.redc().toString()+")"}
- else {return "("+x.redc().toString()+","+y.redc().toString()+")"}
- }
-
- /* self*=2 */
- func dbl()
- {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if INF {return}
- if y.iszilch()
- {
- inf()
- return
- }
-
- let w1=FP(x)
- let w6=FP(z)
- let w2=FP(0)
- let w3=FP(x)
- let w8=FP(x)
-
- if (ROM.CURVE_A == -3)
- {
- w6.sqr()
- w1.copy(w6)
- w1.neg()
- w3.add(w1)
- w8.add(w6)
- w3.mul(w8)
- w8.copy(w3)
- w8.imul(3)
- }
- else
- {
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
- }
-
- w2.copy(y); w2.sqr()
- w3.copy(x); w3.mul(w2)
- w3.imul(4)
- w1.copy(w3); w1.neg()
- w1.norm()
-
- x.copy(w8); x.sqr()
- x.add(w1)
- x.add(w1)
- x.norm()
-
- z.mul(y)
- z.add(z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(x)
- y.copy(w8); y.mul(w3)
- //w2.norm();
- y.sub(w2)
- y.norm()
- z.norm()
- }
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- let C=FP(x)
- let D=FP(y)
- let H=FP(z)
- let J=FP(0)
-
- x.mul(y); x.add(x)
- C.sqr()
- D.sqr()
- if ROM.CURVE_A == -1 {C.neg()}
- y.copy(C); y.add(D)
- y.norm()
- H.sqr(); H.add(H)
- z.copy(y)
- J.copy(y); J.sub(H)
- x.mul(J)
- C.sub(D)
- y.mul(C)
- z.mul(J)
-
- x.norm();
- y.norm();
- z.norm();
- }
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- let A=FP(x)
- let B=FP(x);
- let AA=FP(0);
- let BB=FP(0);
- let C=FP(0);
-
- if INF {return}
-
- A.add(z)
- AA.copy(A); AA.sqr()
- B.sub(z)
- BB.copy(B); BB.sqr()
- C.copy(AA); C.sub(BB)
- //C.norm();
-
- x.copy(AA); x.mul(BB)
-
- A.copy(C); A.imul((ROM.CURVE_A+2)/4)
-
- BB.add(A)
- z.copy(BB); z.mul(C)
- x.norm()
- z.norm()
- }
- return
- }
-
- /* self+=Q */
- func add(Q:ECP)
- {
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {
- if (INF)
- {
- copy(Q)
- return
- }
- if Q.INF {return}
-
- var aff=false;
-
- let one=FP(1);
- if Q.z.equals(one) {aff=true}
-
- var A:FP
- var C:FP
- let B=FP(z)
- let D=FP(z)
- if (!aff)
- {
- A=FP(Q.z)
- C=FP(Q.z)
-
- A.sqr(); B.sqr()
- C.mul(A); D.mul(B)
-
- A.mul(x)
- C.mul(y)
- }
- else
- {
- A=FP(x)
- C=FP(y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x); B.sub(A)
- D.mul(Q.y); D.sub(C)
-
- if B.iszilch()
- {
- if (D.iszilch())
- {
- dbl()
- return
- }
- else
- {
- INF=true
- return
- }
- }
-
- if !aff {z.mul(Q.z)}
- z.mul(B);
-
- let e=FP(B); e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A); e.add(B)
- x.copy(D); x.sqr(); x.sub(e)
-
- A.sub(x)
- y.copy(A); y.mul(D)
- C.mul(B); y.sub(C)
-
- x.norm()
- y.norm()
- z.norm()
- }
- if ROM.CURVETYPE==ROM.EDWARDS
- {
- let b=FP(BIG(ROM.CURVE_B))
- let A=FP(z)
- let B=FP(0)
- let C=FP(x)
- let D=FP(y)
- let E=FP(0)
- let F=FP(0)
- let G=FP(0)
-
- A.mul(Q.z)
- B.copy(A); B.sqr()
- C.mul(Q.x)
- D.mul(Q.y)
-
- E.copy(C); E.mul(D); E.mul(b)
- F.copy(B); F.sub(E)
- G.copy(B); G.add(E)
- C.add(D)
-
- if ROM.CURVE_A==1
- {
- E.copy(D); D.sub(C)
- }
-
- B.copy(x); B.add(y)
- D.copy(Q.x); D.add(Q.y)
- B.mul(D)
- B.sub(C)
- B.mul(F)
- x.copy(A); x.mul(B)
-
- if ROM.CURVE_A==1
- {
- C.copy(E); C.mul(G)
- }
- if ROM.CURVE_A == -1
- {
- C.mul(G)
- }
- y.copy(A); y.mul(C)
- z.copy(F); z.mul(G)
- x.norm(); y.norm(); z.norm()
- }
- return;
- }
-
- /* Differential Add for Montgomery curves. self+=Q where W is self-Q and is affine. */
- func dadd(Q:ECP,_ W:ECP)
- {
- let A=FP(x)
- let B=FP(x)
- let C=FP(Q.x)
- let D=FP(Q.x)
- let DA=FP(0)
- let CB=FP(0)
-
- A.add(z)
- B.sub(z)
-
- C.add(Q.z)
- D.sub(Q.z)
-
- DA.copy(D); DA.mul(A)
- CB.copy(C); CB.mul(B)
-
- A.copy(DA); A.add(CB); A.sqr()
- B.copy(DA); B.sub(CB); B.sqr()
-
- x.copy(A)
- z.copy(W.x); z.mul(B)
-
- if z.iszilch() {inf()}
- else {INF=false}
-
- x.norm()
- }
- /* this-=Q */
- func sub(Q:ECP)
- {
- Q.neg()
- add(Q)
- Q.neg()
- }
- static func multiaffine(m: Int,_ P:[ECP])
- {
- let t1=FP(0)
- let t2=FP(0)
-
- var work=[FP]()
-
- for var i=0;i<m;i++
- {work.append(FP(0))}
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for var i=2;i<m;i++
- {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for var i=m-2;;i--
- {
- if i==0
- {
- work[0].copy(t1)
- work[0].mul(t2)
- break
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for var i=0;i<m;i++
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
- /* constant time multiply by small integer of length bts - use ladder */
- func pinmul(e:Int32,_ bts:Int32) -> ECP
- {
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {return self.mul(BIG(e))}
- else
- {
- let P=ECP()
- let R0=ECP()
- let R1=ECP(); R1.copy(self)
-
- for var i=bts-1;i>=0;i--
- {
- let b=(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- }
-
- /* return e.self */
-
- func mul(e:BIG) -> ECP
- {
- if (e.iszilch() || is_infinity()) {return ECP()}
-
- let P=ECP()
- if ROM.CURVETYPE==ROM.MONTGOMERY
- {
- /* use Ladder */
- let D=ECP()
- let R0=ECP(); R0.copy(self)
- let R1=ECP(); R1.copy(self)
- R1.dbl();
- D.copy(self); D.affine();
- let nb=e.nbits();
-
- for var i=nb-2;i>=0;i--
- {
- let b=e.bit(i)
- //print("\(b)")
- P.copy(R1)
- P.dadd(R0,D)
- R0.cswap(R1,b)
- R1.copy(P)
- R0.dbl()
- R0.cswap(R1,b)
- }
- P.copy(R0)
- }
- else
- {
- // fixed size windows
- let mt=BIG()
- let t=BIG()
- let Q=ECP()
- let C=ECP()
- var W=[ECP]()
- let n=1+(ROM.NLEN*Int(ROM.BASEBITS)+3)/4
- var w=[Int8](count:n,repeatedValue:0)
-
- affine();
-
- // precompute table
- Q.copy(self)
- Q.dbl()
- W.append(ECP())
-
- W[0].copy(self)
-
- for var i=1;i<8;i++
- {
- W.append(ECP())
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
- // convert the table to affine
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {ECP.multiaffine(8,W)}
-
- // make exponent odd - add 2P if even, P if odd
- t.copy(e);
- let s=t.parity();
- t.inc(1); t.norm(); let ns=t.parity();
- mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(self,ns);
- C.copy(Q);
-
- let nb=1+(t.nbits()+3)/4;
-
- // convert exponent to signed 4-bit window
- for var i=0;i<nb;i++
- {
- w[i]=Int8(t.lastbits(5)-16);
- t.dec(Int32(w[i])); t.norm();
- t.fshr(4);
- }
- w[nb]=Int8(t.lastbits(5))
-
- P.copy(W[Int((w[nb])-1)/2]);
- for var i=nb-1;i>=0;i--
- {
- Q.select(W,Int32(w[i]));
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C); /* apply correction */
- }
- P.affine();
- return P;
- }
-
- /* Return e.this+f.Q */
-
- func mul2(e:BIG,_ Q:ECP,_ f:BIG) -> ECP
- {
- let te=BIG()
- let tf=BIG()
- let mt=BIG()
- let S=ECP()
- let T=ECP()
- let C=ECP()
- var W=[ECP]()
- let n=1+(ROM.NLEN*Int(ROM.BASEBITS)+1)/2
- var w=[Int8](count:n,repeatedValue:0);
-
- affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
- // precompute table
- for var i=0;i<8;i++ {W.append(ECP())}
- W[1].copy(self); W[1].sub(Q)
- W[2].copy(self); W[2].add(Q)
- S.copy(Q); S.dbl();
- W[0].copy(W[1]); W[0].sub(S)
- W[3].copy(W[2]); W[3].add(S)
- T.copy(self); T.dbl()
- W[5].copy(W[1]); W[5].add(T)
- W[6].copy(W[2]); W[6].add(T)
- W[4].copy(W[5]); W[4].sub(S)
- W[7].copy(W[6]); W[7].add(S)
-
- // convert the table to affine
- if ROM.CURVETYPE==ROM.WEIERSTRASS
- {ECP.multiaffine(8,W)}
-
- // if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- var s=te.parity()
- te.inc(1); te.norm(); var ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm()
- te.cmove(mt,s)
- T.cmove(self,ns)
- C.copy(T)
-
- s=tf.parity()
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm()
- tf.cmove(mt,s)
- S.cmove(Q,ns)
- C.add(S)
-
- mt.copy(te); mt.add(tf); mt.norm()
- let nb=1+(mt.nbits()+1)/2
-
- // convert exponent to signed 2-bit window
- for var i=0;i<nb;i++
- {
- let a=(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- let b=(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=Int8(4*a+b);
- }
- w[nb]=Int8(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[(w[nb]-1)/2]);
-
- for var i=nb-1;i>=0;i--
- {
- T.select(W,Int32(w[i]));
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/ecp2.swift
----------------------------------------------------------------------
diff --git a/swift/ecp2.swift b/swift/ecp2.swift
deleted file mode 100644
index 058ff5f..0000000
--- a/swift/ecp2.swift
+++ /dev/null
@@ -1,614 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// ecp2.swift
-//
-//
-// Created by Michael Scott on 07/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* CLINT Weierstrass elliptic curve functions over FP2 */
-
-final class ECP2 {
- private var x:FP2
- private var y:FP2
- private var z:FP2
- private var INF:Bool
-
- /* Constructor - set self=O */
- init()
- {
- INF=true
- x=FP2(0)
- y=FP2(1)
- z=FP2(1)
- }
- /* Test self=O? */
- func is_infinity() -> Bool
- {
- return INF
- }
- /* copy self=P */
- func copy(P:ECP2)
- {
- x.copy(P.x)
- y.copy(P.y)
- z.copy(P.z)
- INF=P.INF
- }
- /* set self=O */
- func inf() {
- INF=true
- x.zero()
- y.zero()
- z.zero()
- }
- /* Conditional move of Q to P dependant on d */
- func cmove(Q:ECP2,_ d:Int32)
- {
- x.cmove(Q.x,d);
- y.cmove(Q.y,d);
- z.cmove(Q.z,d);
-
- var bd:Bool
- if d==0 {bd=false}
- else {bd=true}
- INF = (INF != ((INF != Q.INF) && bd))
- }
-
- /* return 1 if b==c, no branching */
- private static func teq(b:Int32,_ c:Int32) -> Int32
- {
- var x=b^c
- x-=1 // if x=0, x now -1
- return ((x>>31)&1)
- }
- /* Constant time select from pre-computed table */
- func select(W:[ECP2],_ b:Int32)
- {
- let MP=ECP2()
- let m=b>>31
- var babs=(b^m)-m
-
- babs=(babs-1)/2
-
- cmove(W[0],ECP2.teq(babs,0)) // conditional move
- cmove(W[1],ECP2.teq(babs,1))
- cmove(W[2],ECP2.teq(babs,2))
- cmove(W[3],ECP2.teq(babs,3))
- cmove(W[4],ECP2.teq(babs,4))
- cmove(W[5],ECP2.teq(babs,5))
- cmove(W[6],ECP2.teq(babs,6))
- cmove(W[7],ECP2.teq(babs,7))
-
- MP.copy(self)
- MP.neg()
- cmove(MP,(m&1))
- }
-
- /* Test if P == Q */
- func equals(Q:ECP2) -> Bool
- {
- if is_infinity() && Q.is_infinity() {return true}
- if is_infinity() || Q.is_infinity() {return false}
-
- let zs2=FP2(z); zs2.sqr()
- let zo2=FP2(Q.z); zo2.sqr()
- let zs3=FP2(zs2); zs3.mul(z)
- let zo3=FP2(zo2); zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(x)
- if !zs2.equals(zo2) {return false}
- zs3.mul(Q.y)
- zo3.mul(y)
- if !zs3.equals(zo3) {return false}
-
- return true;
- }
- /* set self=-self */
- func neg()
- {
- if is_infinity() {return}
- y.neg(); y.norm()
- return
- }
- /* set to Affine - (x,y,z) to (x,y) */
- func affine() {
- if is_infinity() {return}
- let one=FP2(1)
- if z.equals(one) {return}
- z.inverse()
-
- let z2=FP2(z)
- z2.sqr()
- x.mul(z2); x.reduce()
- y.mul(z2)
- y.mul(z); y.reduce()
- z.copy(one)
- }
- /* extract affine x as FP2 */
- func getX() -> FP2
- {
- affine()
- return x
- }
- /* extract affine y as FP2 */
- func getY() -> FP2
- {
- affine()
- return y
- }
- /* extract projective x */
- func getx() -> FP2
- {
- return x
- }
- /* extract projective y */
- func gety() -> FP2
- {
- return y
- }
- /* extract projective z */
- func getz() -> FP2
- {
- return z
- }
- /* convert to byte array */
- func toBytes(inout b:[UInt8])
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
-
- affine();
- x.getA().toBytes(&t)
- for var i=0;i<RM;i++
- {b[i]=t[i]}
- x.getB().toBytes(&t);
- for var i=0;i<RM;i++
- {b[i+RM]=t[i]}
-
- y.getA().toBytes(&t);
- for var i=0;i<RM;i++
- {b[i+2*RM]=t[i]}
- y.getB().toBytes(&t);
- for var i=0;i<RM;i++
- {b[i+3*RM]=t[i]}
- }
- /* convert from byte array to point */
- static func fromBytes(b:[UInt8]) -> ECP2
- {
- let RM=Int(ROM.MODBYTES)
- var t=[UInt8](count:RM,repeatedValue:0)
-
-
- for var i=0;i<RM;i++ {t[i]=b[i]}
- var ra=BIG.fromBytes(t);
- for var i=0;i<RM;i++ {t[i]=b[i+RM]}
- var rb=BIG.fromBytes(t);
- let rx=FP2(ra,rb)
-
- for var i=0;i<RM;i++ {t[i]=b[i+2*RM]}
- ra=BIG.fromBytes(t)
- for var i=0;i<RM;i++ {t[i]=b[i+3*RM]}
- rb=BIG.fromBytes(t)
- let ry=FP2(ra,rb)
-
- return ECP2(rx,ry)
- }
-/* convert self to hex string */
- func toString() -> String
- {
- if is_infinity() {return "infinity"}
- affine()
- return "("+x.toString()+","+y.toString()+")"
- }
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
- static func RHS(x:FP2) -> FP2
- {
- x.norm()
- let r=FP2(x)
- r.sqr()
- let b=FP2(BIG(ROM.CURVE_B))
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
- }
-/* construct self from (x,y) - but set to O if not on curve */
- init(_ ix:FP2,_ iy:FP2)
- {
- x=FP2(ix)
- y=FP2(iy)
- z=FP2(1)
- let rhs=ECP2.RHS(x)
- let y2=FP2(y)
- y2.sqr()
- if y2.equals(rhs) {INF=false}
- else {x.zero(); INF=true}
- }
- /* construct this from x - but set to O if not on curve */
- init(_ ix:FP2)
- {
- x=FP2(ix)
- y=FP2(1)
- z=FP2(1)
- let rhs=ECP2.RHS(x)
- if rhs.sqrt()
- {
- y.copy(rhs);
- INF=false;
- }
- else {x.zero(); INF=true;}
- }
-
- /* this+=this */
- func dbl() -> Int
- {
- if (INF) {return -1}
- if y.iszilch()
- {
- inf();
- return -1;
- }
-
- let w1=FP2(x)
- let w2=FP2(0)
- let w3=FP2(x)
- let w8=FP2(x)
-
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
-
- w2.copy(y); w2.sqr()
- w3.copy(x); w3.mul(w2)
- w3.imul(4)
- w1.copy(w3); w1.neg()
- w1.norm()
-
- x.copy(w8); x.sqr()
- x.add(w1)
- x.add(w1)
- x.norm()
-
- z.mul(y)
- z.add(z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(x)
- y.copy(w8); y.mul(w3)
- w2.norm()
- y.sub(w2)
- y.norm()
- z.norm()
-
- return 1
- }
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
- func add(Q:ECP2) -> Int
- {
- if INF
- {
- copy(Q)
- return -1
- }
- if Q.INF {return -1}
-
- var aff=false
-
- if Q.z.isunity() {aff=true}
-
- var A:FP2
- var C:FP2
- let B=FP2(z)
- let D=FP2(z)
- if (!aff)
- {
- A=FP2(Q.z)
- C=FP2(Q.z)
-
- A.sqr(); B.sqr()
- C.mul(A); D.mul(B)
-
- A.mul(x)
- C.mul(y)
- }
- else
- {
- A=FP2(x)
- C=FP2(y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x); B.sub(A)
- D.mul(Q.y); D.sub(C)
-
- if B.iszilch()
- {
- if D.iszilch()
- {
- dbl()
- return 1
- }
- else
- {
- INF=true
- return -1
- }
- }
-
- if !aff {z.mul(Q.z)}
- z.mul(B)
-
- let e=FP2(B); e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A); e.add(B)
- x.copy(D); x.sqr(); x.sub(e)
-
- A.sub(x)
- y.copy(A); y.mul(D)
- C.mul(B); y.sub(C)
-
- x.norm()
- y.norm()
- z.norm()
-
- return 0
- }
-
- /* set self-=Q */
- func sub(Q:ECP2) -> Int
- {
- Q.neg()
- let D=add(Q)
- Q.neg()
- return D
- }
-/* set self*=q, where q is Modulus, using Frobenius */
- func frob(X:FP2)
- {
- if INF {return}
- let X2=FP2(X)
- X2.sqr()
- x.conj()
- y.conj()
- z.conj()
- z.reduce()
- x.mul(X2)
- y.mul(X2)
- y.mul(X)
- }
- /* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
- private static func multiaffine(m:Int,_ P:[ECP2])
- {
- let t1=FP2(0)
- let t2=FP2(0)
-
- var work=[FP2]()
- for var i=0;i<m;i++
- {work.append(FP2(0))}
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for var i=2;i<m;i++
- {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z)
-
- t1.inverse()
-
- t2.copy(P[m-1].z)
- work[m-1].mul(t1)
-
- for var i=m-2;;i--
- {
- if (i==0)
- {
- work[0].copy(t1)
- work[0].mul(t2)
- break;
- }
- work[i].mul(t2)
- work[i].mul(t1)
- t2.mul(P[i].z)
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for var i=0;i<m;i++
- {
- P[i].z.one()
- t1.copy(work[i]); t1.sqr()
- P[i].x.mul(t1)
- t1.mul(work[i])
- P[i].y.mul(t1)
- }
- }
-
- /* P*=e */
- func mul(e:BIG) -> ECP2
- {
- /* fixed size windows */
- let mt=BIG()
- let t=BIG()
- let P=ECP2()
- let Q=ECP2()
- let C=ECP2()
-
- var W=[ECP2]();
- for var i=0;i<8;i++ {W.append(ECP2())}
-
- var w=[Int8](count:1+(ROM.NLEN*Int(ROM.BASEBITS)+3)/4,repeatedValue:0)
-
- if is_infinity() {return ECP2()}
-
- affine()
-
- /* precompute table */
- Q.copy(self)
- Q.dbl()
- W[0].copy(self)
-
- for var i=1;i<8;i++
- {
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
- /* convert the table to affine */
-
- ECP2.multiaffine(8,W);
-
- /* make exponent odd - add 2P if even, P if odd */
- t.copy(e)
- let s=t.parity()
- t.inc(1); t.norm(); let ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm()
- t.cmove(mt,s)
- Q.cmove(self,ns)
- C.copy(Q)
-
- let nb=1+(t.nbits()+3)/4
- /* convert exponent to signed 4-bit window */
- for var i=0;i<nb;i++
- {
- w[i]=Int8(t.lastbits(5)-16)
- t.dec(Int32(w[i])); t.norm()
- t.fshr(4)
- }
- w[nb]=Int8(t.lastbits(5))
-
- P.copy(W[(w[nb]-1)/2])
- for var i=nb-1;i>=0;i--
- {
- Q.select(W,Int32(w[i]))
- P.dbl()
- P.dbl()
- P.dbl()
- P.dbl()
- P.add(Q)
- }
- P.sub(C);
- P.affine()
- return P;
- }
-
- /* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
- static func mul4(Q:[ECP2],_ u:[BIG]) -> ECP2
- {
- var a=[Int32](count:4,repeatedValue:0)
- let T=ECP2()
- let C=ECP2()
- let P=ECP2()
-
- var W=[ECP2]();
- for var i=0;i<8;i++ {W.append(ECP2())}
-
- let mt=BIG()
- var t=[BIG]()
-
- var w=[Int8](count:ROM.NLEN*Int(ROM.BASEBITS)+1,repeatedValue:0)
-
- for var i=0;i<4;i++
- {
- t.append(BIG(u[i]))
- Q[i].affine()
- }
-
- /* precompute table */
-
- W[0].copy(Q[0]); W[0].sub(Q[1])
- W[1].copy(W[0])
- W[2].copy(W[0])
- W[3].copy(W[0])
- W[4].copy(Q[0]); W[4].add(Q[1])
- W[5].copy(W[4])
- W[6].copy(W[4])
- W[7].copy(W[4])
- T.copy(Q[2]); T.sub(Q[3])
- W[1].sub(T)
- W[2].add(T)
- W[5].sub(T)
- W[6].add(T)
- T.copy(Q[2]); T.add(Q[3])
- W[0].sub(T)
- W[3].add(T)
- W[4].sub(T)
- W[7].add(T)
-
- ECP2.multiaffine(8,W);
-
- /* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf()
- for var i=0;i<4;i++
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm()
- C.add(Q[i])
- }
- mt.add(t[i]); mt.norm()
- }
-
- let nb=1+mt.nbits();
-
- /* convert exponent to signed 1-bit window */
- for var j=0;j<nb;j++
- {
- for var i=0;i<4;i++
- {
- a[i]=(t[i].lastbits(2)-2)
- t[i].dec(a[i]); t[i].norm()
- t[i].fshr(1)
- }
- w[j]=Int8(8*a[0]+4*a[1]+2*a[2]+a[3])
- }
- w[nb]=Int8(8*t[0].lastbits(2)+4*t[1].lastbits(2))
- w[nb]+=Int8(2*t[2].lastbits(2)+t[3].lastbits(2))
-
- P.copy(W[(w[nb]-1)/2])
- for var i=nb-1;i>=0;i--
- {
- T.select(W,Int32(w[i]))
- P.dbl()
- P.add(T)
- }
- P.sub(C) /* apply correction */
-
- P.affine()
- return P
- }
-
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/ff.swift
----------------------------------------------------------------------
diff --git a/swift/ff.swift b/swift/ff.swift
deleted file mode 100644
index 0491a77..0000000
--- a/swift/ff.swift
+++ /dev/null
@@ -1,918 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// ff.swift
-//
-//
-// Created by Michael Scott on 24/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-/* Large Finite Field arithmetic */
-/* CLINT mod p functions */
-
-final class FF {
- var v = [BIG]()
- var length:Int=1
-
- private static let P_MBITS:Int32=ROM.MODBYTES*8
- private static let P_MB=(P_MBITS%ROM.BASEBITS)
- private static let P_OMASK=(Int32(-1)<<(P_MBITS%ROM.BASEBITS))
- private static let P_FEXCESS=(Int32(1)<<(ROM.BASEBITS*Int32(ROM.NLEN)-P_MBITS))
- private static let P_TBITS=(P_MBITS%ROM.BASEBITS)
-
- func P_EXCESS() -> Int32
- {
- return ((v[length-1].w[ROM.NLEN-1]&FF.P_OMASK)>>FF.P_MB)
- }
- /* Constructors */
- init(_ n: Int)
- {
- for var i=0;i<n;i++
- {
- v.append(BIG(0));
- }
- length=n;
- }
-
- init(_ x: [[Int32]],n: Int)
- {
- for var i=0;i<n;i++
- {
- v.append(BIG(x[i]))
- }
- length=n;
- }
-
- func getlen() -> Int
- {
- return length;
- }
-
- /* set to zero */
- func zero()
- {
- for var i=0;i<length;i++
- {
- v[i].zero();
- }
- }
-
- /* set to integer */
- func set(m: Int32)
- {
- zero();
- v[0].set(0,(m&ROM.MASK));
- v[0].set(1,(m>>ROM.BASEBITS));
- }
-
- /* copy from FF b */
- func copy(b: FF)
- {
- for var i=0;i<length;i++
- {
- v[i].copy(b.v[i]);
- }
- }
-
- /* x=y<<n */
- func dsucopy(b: FF)
- {
- for var i=0;i<b.length;i++
- {
- v[b.length+i].copy(b.v[i]);
- v[i].zero();
- }
- }
- /* x=y */
- func dscopy(b: FF)
- {
- for var i=0;i<b.length;i++
- {
- v[i].copy(b.v[i]);
- v[b.length+i].zero();
- }
- }
- /* x=y>>n */
- func sducopy(b: FF)
- {
- for var i=0;i<length;i++
- {
- v[i].copy(b.v[length+i]);
- }
- }
- func one()
- {
- v[0].one();
- for var i=1;i<length;i++
- {
- v[i].zero();
- }
- }
- /* test equals 0 */
- func iszilch() -> Bool
- {
- for var i=0;i<length;i++
- {
- if (!v[i].iszilch()) {return false}
- }
- return true;
- }
- /* shift right by 256-bit words */
- func shrw(n: Int)
- {
- for var i=0;i<n;i++
- {
- v[i].copy(v[i+n]);
- v[i+n].zero();
- }
- }
-
- /* shift left by 256-bit words */
- func shlw(n: Int)
- {
- for var i=0;i<n;i++
- {
- v[n+i].copy(v[i]);
- v[i].zero();
- }
- }
-
- /* extract last bit */
- func parity() -> Int32
- {
- return v[0].parity()
- }
-
- func lastbits(m: Int) ->Int32
- {
- return v[0].lastbits(m);
- }
-
- /* compare x and y - must be normalised, and of same length */
- static func comp(a: FF,_ b:FF) -> Int
- {
- for var i=a.length-1;i>=0;i--
- {
- let j=BIG.comp(a.v[i],b.v[i])
- if j != 0 {return j}
- }
- return 0;
- }
- /* recursive add */
- func radd(vp: Int,_ x:FF,_ xp:Int,_ y:FF,_ yp:Int,_ n: Int)
- {
- for var i=0;i<n;i++
- {
- v[vp+i].copy(x.v[xp+i])
- v[vp+i].add(y.v[yp+i])
- }
- }
- /* recursive inc */
- func rinc(vp: Int,_ y: FF,_ yp: Int,_ n:Int)
- {
- for var i=0;i<n;i++
- {
- v[vp+i].add(y.v[yp+i])
- }
- }
- /* recursive add */
- func rsub(vp: Int,_ x:FF,_ xp:Int,_ y:FF,_ yp:Int,_ n: Int)
- {
- for var i=0;i<n;i++
- {
- v[vp+i].copy(x.v[xp+i])
- v[vp+i].sub(y.v[yp+i])
- }
- }
- /* recursive inc */
- func rdec(vp: Int,_ y: FF,_ yp: Int,_ n:Int)
- {
- for var i=0;i<n;i++
- {
- v[vp+i].sub(y.v[yp+i])
- }
- }
- /* simple add */
- func add(b: FF)
- {
- for var i=0;i<length;i++
- {v[i].add(b.v[i])}
- }
-
- /* simple sub */
- func sub(b: FF)
- {
- for var i=0;i<length;i++
- {v[i].sub(b.v[i])}
- }
- /* reverse sub */
- func revsub(b: FF)
- {
- for var i=0;i<length;i++
- {v[i].rsub(b.v[i])}
- }
- /* normalise - but hold any overflow in top part unless n<0 */
- private func rnorm(vp: Int,_ n: Int)
- {
- var trunc=false;
- var nn=n
-
- if (nn<0)
- { /* -v n signals to do truncation */
- nn = -nn
- trunc=true;
- }
- for var i=0;i<nn-1;i++
- {
- let carry=v[vp+i].norm();
- v[vp+i].xortop(carry<<FF.P_TBITS)
- v[vp+i+1].inc(carry)
- }
- let carry=v[vp+nn-1].norm();
- if (trunc)
- {v[vp+nn-1].xortop(carry<<FF.P_TBITS)}
- }
-
- func norm()
- {
- rnorm(0,length)
- }
-
- /* increment/decrement by a small integer */
- func inc(m: Int32)
- {
- v[0].inc(m);
- norm();
- }
-
- func dec(m: Int32)
- {
- v[0].dec(m);
- norm();
- }
-
- /* shift left by one bit */
- func shl()
- {
- var delay_carry:Int32=0;
- for var i=0;i<length-1;i++
- {
- let carry=v[i].fshl(1)
- v[i].inc(delay_carry);
- v[i].xortop(carry<<FF.P_TBITS);
- delay_carry=carry;
- }
- v[length-1].fshl(1)
- v[length-1].inc(delay_carry)
- }
-
- /* shift right by one bit */
- func shr()
- {
- for var i=length-1;i>0;i--
- {
- let carry=v[i].fshr(1);
- v[i-1].ortop(carry<<FF.P_TBITS);
- }
- v[0].fshr(1);
- }
-
- /* Convert to Hex String */
- func toString() -> String
- {
- norm();
- var s="";
- for var i=length-1;i>=0;i--
- {
- s+=v[i].toString();
- }
- return s;
- }
-
- /* Convert FFs to/from byte arrays */
- func toBytes(inout b: [UInt8])
- {
- for var i=0;i<length;i++
- {
- v[i].tobytearray(&b,(length-i-1)*Int(ROM.MODBYTES))
- }
- }
- static func fromBytes(x: FF,_ b:[UInt8])
- {
- for var i=0;i<x.length;i++
- {
- x.v[i]=BIG.frombytearray(b,(x.length-i-1)*Int(ROM.MODBYTES))
- }
- }
-
- /* in-place swapping using xor - side channel resistant - lengths must be the same */
- private static func cswap(a: FF,_ b:FF,_ d:Int32)
- {
- for var i=0;i<a.length;i++
- {
- a.v[i].cswap(b.v[i],d)
- }
- }
- /* z=x*y, t is workspace */
- private func karmul(vp: Int,_ x: FF,_ xp: Int,_ y:FF,_ yp: Int,_ t:FF,_ tp:Int,_ n:Int)
- {
- if (n==1)
- {
- let d=BIG.mul(x.v[xp],y.v[yp])
- v[vp+1]=d.split(8*ROM.MODBYTES)
- v[vp].copy(d)
- return
- }
- let nd2=n/2
- radd(vp,x,xp,x,xp+nd2,nd2)
- rnorm(vp,nd2)
- radd(vp+nd2,y,yp,y,yp+nd2,nd2)
- rnorm(vp+nd2,nd2)
-
- t.karmul(tp,self,vp,self,vp+nd2,t,tp+n,nd2)
- karmul(vp,x,xp,y,yp,t,tp+n,nd2)
- karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2)
- t.rdec(tp,self,vp,n)
- t.rdec(tp,self,vp+n,n)
- rinc(vp+nd2,t,tp,n)
- rnorm(vp,2*n)
- }
-
- private func karsqr(vp: Int,_ x: FF,_ xp:Int,_ t:FF,_ tp:Int,_ n:Int)
- {
- if (n==1)
- {
- let d=BIG.sqr(x.v[xp])
- v[vp+1].copy(d.split(8*ROM.MODBYTES))
- v[vp].copy(d);
- return;
- }
-
- let nd2=n/2
- karsqr(vp,x,xp,t,tp+n,nd2)
- karsqr(vp+n,x,xp+nd2,t,tp+n,nd2)
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2)
- rinc(vp+nd2,t,tp,n)
- rinc(vp+nd2,t,tp,n)
- rnorm(vp+nd2,n)
- }
- private func karmul_lower(vp:Int,_ x:FF,_ xp:Int,_ y:FF,_ yp:Int,_ t:FF,_ tp:Int,_ n: Int)
- { /* Calculates Least Significant bottom half of x*y */
- if (n==1)
- { /* only calculate bottom half of product */
- v[vp].copy(BIG.smul(x.v[xp],y.v[yp]))
- return
- }
- let nd2=n/2
-
- karmul(vp,x,xp,y,yp,t,tp+n,nd2)
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- rnorm(vp+nd2,-nd2); /* truncate it */
- }
-
- private func karmul_upper(x: FF,_ y:FF,_ t:FF,_ n:Int)
- { /* Calculates Most Significant upper half of x*y, given lower part */
- let nd2=n/2;
- radd(n,x,0,x,nd2,nd2);
- radd(n+nd2,y,0,y,nd2,nd2);
-
- t.karmul(0,self,n+nd2,self,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,self,n,n); /* t=t-a1b1 */
- rinc(nd2,self,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- rnorm(0,-n); /* a0b0 now in z - truncate it */
- t.rdec(0,self,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- rinc(nd2,t,0,n);
-
- rnorm(nd2,n);
- }
- /* z=x*y. Assumes x and y are of same length. */
- static func mul(x: FF,_ y:FF) -> FF
- {
- let n=x.length
- let z=FF(2*n)
- let t=FF(2*n)
- z.karmul(0,x,0,y,0,t,0,n)
- return z
- }
-
- /* z=x^2 */
- static func sqr(x: FF) -> FF
- {
- let n=x.length
- let z=FF(2*n)
- let t=FF(2*n)
- z.karsqr(0,x,0,t,0,n)
- return z
- }
- /* return low part of product self*y */
- func lmul(y: FF)
- {
- let n=length;
- let t=FF(2*n);
- let x=FF(n); x.copy(self);
- karmul_lower(0,x,0,y,0,t,0,n);
- }
-
- /* Set b=b mod c */
- func mod(c: FF)
- {
- var k=0
-
- norm()
- if (FF.comp(self,c)<0)
- {return}
- repeat
- {
- c.shl()
- k++
- } while (FF.comp(self,c)>=0)
-
- while (k>0)
- {
- c.shr();
- if (FF.comp(self,c)>=0)
- {
- sub(c)
- norm()
- }
- k--
- }
- }
-
- /* return This mod modulus, N is modulus, ND is Montgomery Constant */
- func reduce(N: FF,_ ND:FF) -> FF
- { /* fast karatsuba Montgomery reduction */
- let n=N.length
- let t=FF(2*n)
- let r=FF(n)
- let m=FF(n)
-
- r.sducopy(self)
- m.karmul_lower(0,self,0,ND,0,t,0,n)
- karmul_upper(N,m,t,n)
- m.sducopy(self)
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
- }
- /* Set r=this mod b */
- /* this is of length - 2*n */
- /* r,b is of length - n */
- func dmod(b: FF) -> FF
- {
- let n=b.length
- let m=FF(2*n)
- let x=FF(2*n)
- let r=FF(n)
-
- x.copy(self)
- x.norm()
- m.dsucopy(b)
- var k=256*n
-
- while (k>0)
- {
- m.shr()
-
- if (FF.comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
- k--;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- }
- /* Set return=1/this mod p. Binary method - a<p on entry */
-
- func invmodp(p: FF)
- {
- let n=p.length;
-
- let u=FF(n)
- let v=FF(n)
- let x1=FF(n)
- let x2=FF(n)
- let t=FF(n)
- let one=FF(n)
-
- one.one()
- u.copy(self)
- v.copy(p)
- x1.copy(one)
- x2.zero()
-
- // reduce n in here as well!
- while (FF.comp(u,one) != 0 && FF.comp(v,one) != 0)
- {
- while (u.parity()==0)
- {
- u.shr()
- if (x1.parity() != 0)
- {
- x1.add(p)
- x1.norm()
- }
- x1.shr()
- }
- while (v.parity()==0)
- {
- v.shr()
- if (x2.parity() != 0)
- {
- x2.add(p)
- x2.norm()
- }
- x2.shr();
- }
- if (FF.comp(u,v)>=0)
- {
- u.sub(v)
- u.norm()
- if (FF.comp(x1,x2)>=0) {x1.sub(x2)}
- else
- {
- t.copy(p)
- t.sub(x2)
- x1.add(t)
- }
- x1.norm()
- }
- else
- {
- v.sub(u)
- v.norm()
- if (FF.comp(x2,x1)>=0) {x2.sub(x1)}
- else
- {
- t.copy(p)
- t.sub(x1)
- x2.add(t)
- }
- x2.norm()
- }
- }
- if FF.comp(u,one)==0
- {copy(x1)}
- else
- {copy(x2)}
- }
-
- /* nresidue mod m */
- func nres(m: FF)
- {
- let n=m.length
- let d=FF(2*n)
- d.dsucopy(self)
- copy(d.dmod(m))
- }
-
- func redc(m: FF,_ ND:FF)
- {
- let n=m.length
- let d=FF(2*n)
- mod(m)
- d.dscopy(self)
- copy(d.reduce(m,ND))
- mod(m)
- }
- private func mod2m(m: Int)
- {
- for var i=m;i<length;i++
- {v[i].zero()}
- }
- /* U=1/a mod 2^m - Arazi & Qi */
- private func invmod2m() -> FF
- {
- let n=length;
-
- let b=FF(n);
- let c=FF(n);
- let U=FF(n);
-
- U.zero();
- U.v[0].copy(v[0]);
- U.v[0].invmod2m();
-
- for var i=1;i<n;i<<=1
- {
- b.copy(self); b.mod2m(i);
- let t=FF.mul(U,b); t.shrw(i); b.copy(t);
- c.copy(self); c.shrw(i); c.mod2m(i);
- c.lmul(U); c.mod2m(i);
-
- b.add(c); b.norm();
- b.lmul(U); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(c); b.norm();
- b.shlw(i);
- U.add(b);
- }
- U.norm();
- return U;
- }
-
- func random(rng: RAND)
- {
- let n=length;
- for var i=0;i<n;i++
- {
- v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (v[n-1].nbits()<Int(ROM.MODBYTES)*8) {v[n-1].copy(BIG.random(rng))}
- }
- /* generate random x */
- func randomnum(p: FF,_ rng: RAND)
- {
- let n=length;
- let d=FF(2*n);
-
- for var i=0;i<2*n;i++
- {
- d.v[i].copy(BIG.random(rng));
- }
- copy(d.dmod(p));
- }
- /* this*=y mod p */
- func modmul(y: FF,_ p:FF,_ nd: FF)
- {
- let ex=P_EXCESS();
- let ey=y.P_EXCESS();
- if ((ex+1)*(ey+1)+1>=FF.P_FEXCESS) {mod(p)}
- let d=FF.mul(self,y);
- copy(d.reduce(p,nd));
- }
-
- /* this*=y mod p */
- func modsqr(p: FF,_ nd:FF)
- {
- let ex=P_EXCESS();
- if ((ex+1)*(ex+1)+1>=FF.P_FEXCESS) {mod(p)}
- let d=FF.sqr(self);
- copy(d.reduce(p,nd));
- }
-
- /* self=self^e mod p using side-channel resistant Montgomery Ladder, for large e */
- func skpow(e: FF,_ p:FF)
- {
- let n=p.length
- let R0=FF(n)
- let R1=FF(n)
- let ND=p.invmod2m()
-
- mod(p)
- R0.one()
- R1.copy(self)
- R0.nres(p)
- R1.nres(p)
-
- for var i=8*Int(ROM.MODBYTES)*n-1;i>=0;i--
- {
- let b=Int32(e.v[i/256].bit(i%256))
- copy(R0)
- modmul(R1,p,ND)
-
- FF.cswap(R0,R1,b)
- R0.modsqr(p,ND)
-
- R1.copy(self)
- FF.cswap(R0,R1,b)
-
- }
-
- copy(R0)
- redc(p,ND)
- }
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- func skpow(e: BIG,_ p:FF)
- {
- let n=p.length
- let R0=FF(n)
- let R1=FF(n)
- let ND=p.invmod2m()
-
- mod(p)
- R0.one()
- R1.copy(self)
- R0.nres(p)
- R1.nres(p)
-
- for var i=8*Int(ROM.MODBYTES)-1;i>=0;i--
- {
- let b=Int32(e.bit(i))
- copy(R0)
- modmul(R1,p,ND)
-
- FF.cswap(R0,R1,b)
- R0.modsqr(p,ND)
-
- R1.copy(self)
- FF.cswap(R0,R1,b)
- }
- copy(R0)
- redc(p,ND)
- }
-
- /* raise to an integer power - right-to-left method */
- func power(e:Int32,_ p:FF)
- {
- let n=p.length
- var f=true
- let w=FF(n)
- let ND=p.invmod2m()
- var ee=e;
-
- w.copy(self)
- w.nres(p)
-
- if (ee==2)
- {
- copy(w)
- modsqr(p,ND)
- }
- else
- {
- while true
- {
- if (ee%2==1)
- {
- if (f) {copy(w)}
- else {modmul(w,p,ND)}
- f=false;
- }
- ee>>=1;
- if (ee==0) {break}
- w.modsqr(p,ND)
- }
- }
- redc(p,ND)
- }
-
- /* this=this^e mod p, faster but not side channel resistant */
- func pow(e: FF,_ p:FF)
- {
- let n=p.length
- let w=FF(n)
- let ND=p.invmod2m()
-
- w.copy(self);
- one();
- nres(p);
- w.nres(p);
- for var i=8*Int(ROM.MODBYTES)*n-1;i>=0;i--
- {
- modsqr(p,ND)
- let b=e.v[i/256].bit(i%256)
- if (b==1) {modmul(w,p,ND)}
- }
- redc(p,ND);
- }
- /* double exponentiation r=x^e.y^f mod p */
- func pow2(e: BIG,_ y:FF,_ f:BIG,_ p:FF)
- {
- let n=p.length
- let xn=FF(n)
- let yn=FF(n)
- let xy=FF(n)
- let ND=p.invmod2m()
-
- xn.copy(self)
- yn.copy(y)
- xn.nres(p)
- yn.nres(p)
- xy.copy(xn); xy.modmul(yn,p,ND)
- one()
- nres(p)
-
- for var i=8*Int(ROM.MODBYTES)-1;i>=0;i--
- {
- let eb=e.bit(i)
- let fb=f.bit(i)
- modsqr(p,ND)
- if (eb==1)
- {
- if (fb==1) {modmul(xy,p,ND)}
- else {modmul(xn,p,ND)}
- }
- else
- {
- if (fb==1) {modmul(yn,p,ND)}
- }
- }
- redc(p,ND)
- }
- static func igcd(x:Int32,_ y:Int32) -> Int32
- { /* integer GCD, returns GCD of x and y */
- var xx=x;
- var yy=y;
- if (yy==0) {return xx}
- while true
- {
- let r=xx%yy; if r==0 {break}
- xx=yy; yy=r;
- }
- return yy;
- }
-
- /* quick and dirty check for common factor with n */
- func cfactor(s: Int32) -> Bool
- {
- let n=length;
- let x=FF(n);
- let y=FF(n);
- y.set(s);
-
- x.copy(self);
- x.norm();
-
- repeat
- {
- x.sub(y);
- x.norm();
- while ( (!x.iszilch()) && x.parity()==0) {x.shr()}
- } while (FF.comp(x,y)>0);
- let g=x.v[0].get(0);
- let r=FF.igcd(s,g);
-
- if (r>1) {return true}
- return false;
- }
-
- /* Miller-Rabin test for primality. Slow. */
- static func prime(p: FF,_ rng:RAND) -> Bool
- {
- var s=0
- let n=p.length
- var loop:Bool
-
- let d=FF(n)
- let x=FF(n)
- let unity=FF(n)
- let nm1=FF(n)
-
- let sf:Int32=4849845; /* 3*5*.. *19 */
- p.norm();
- if (p.cfactor(sf)) {return false}
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity()==0)
- {
- d.shr();
- s++;
- }
-
- if (s==0) {return false}
- for var i=0;i<10;i++
- {
- x.randomnum(p,rng)
- x.pow(d,p)
- if (FF.comp(x,unity)==0 || FF.comp(x,nm1)==0) {continue}
- loop=false
- for var j=1;j<s;j++
- {
- x.power(2,p);
- if (FF.comp(x,unity)==0) {return false}
- if (FF.comp(x,nm1)==0) {loop=true; break;}
- }
- if (loop) {continue}
- return false;
- }
- return true;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/fp.swift
----------------------------------------------------------------------
diff --git a/swift/fp.swift b/swift/fp.swift
deleted file mode 100644
index 0bd0f46..0000000
--- a/swift/fp.swift
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// fp.swift
-//
-//
-// Created by Michael Scott on 20/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-// Small Finite Field arithmetic
-// CLINT mod p functions
-//
-
-final class FP {
- var x:BIG
- static let p=BIG(ROM.Modulus)
-/* convert to Montgomery n-residue form */
- func nres()
- {
- if ROM.MODTYPE != ROM.PSEUDO_MERSENNE
- {
- let d=DBIG(x)
- d.shl(ROM.NLEN*Int(ROM.BASEBITS))
- x.copy(d.mod(FP.p))
- }
- }
-/* convert back to regular form */
- func redc() -> BIG
- {
- if ROM.MODTYPE != ROM.PSEUDO_MERSENNE
- {
- let d=DBIG(x)
- return BIG.mod(d)
- }
- else
- {
- let r=BIG(x)
- return r;
- }
- }
-
- init()
- {
- x=BIG(0)
- }
- init(_ a: Int32)
- {
- x=BIG(a)
- nres()
- }
- init(_ a: BIG)
- {
- x=BIG(a)
- nres()
- }
- init(_ a: FP)
- {
- x=BIG(a.x)
- }
- /* convert to string */
- func toString() -> String
- {
- let s=redc().toString();
- return s;
- }
-
- func toRawString() -> String
- {
- let s=x.toRawString();
- return s;
- }
-/* reduce this mod Modulus */
- func reduce()
- {
- x.mod(FP.p)
- }
-
-/* test this=0? */
- func iszilch() -> Bool
- {
- reduce();
- return x.iszilch()
- }
-
-/* copy from FP b */
- func copy(b: FP)
- {
- x.copy(b.x);
- }
-
-/* set this=0 */
- func zero()
- {
- x.zero();
- }
-
-/* set this=1 */
- func one()
- {
- x.one(); nres()
- }
-
-/* normalise this */
- func norm()
- {
- x.norm();
- }
-/* swap FPs depending on d */
- func cswap(b: FP,_ d: Int32)
- {
- x.cswap(b.x,d)
- }
-
-/* copy FPs depending on d */
- func cmove(b: FP,_ d:Int32)
- {
- x.cmove(b.x,d);
- }
-/* this*=b mod Modulus */
- func mul(b: FP)
- {
- let ea=BIG.EXCESS(x)
- let eb=BIG.EXCESS(b.x)
-
- if (ea+1)*(eb+1)+1>=ROM.FEXCESS {reduce()}
-
- let d=BIG.mul(x,b.x)
- x.copy(BIG.mod(d))
- }
-/* this = -this mod Modulus */
- func neg()
- {
- let m=BIG(FP.p);
-
- norm();
-
- var ov=BIG.EXCESS(x);
- var sb=1; while(ov != 0) {sb++;ov>>=1}
-
- m.fshl(sb)
- x.rsub(m)
-
- if BIG.EXCESS(x)>=ROM.FEXCESS {reduce()}
- }
- /* this*=c mod Modulus, where c is a small int */
- func imul(c: Int32)
- {
- var cc=c
- norm();
- var s=false
- if (cc<0)
- {
- cc = -cc
- s=true
- }
- let afx=(BIG.EXCESS(x)+1)*(cc+1)+1;
- if cc<ROM.NEXCESS && afx<ROM.FEXCESS
- {
- x.imul(cc);
- }
- else
- {
- if afx<ROM.FEXCESS {x.pmul(cc)}
- else
- {
- let d=x.pxmul(cc);
- x.copy(d.mod(FP.p));
- }
- }
- if s {neg()}
- norm();
- }
-
-/* this*=this mod Modulus */
- func sqr()
- {
- let ea=BIG.EXCESS(x);
- if (ea+1)*(ea+1)+1>=ROM.FEXCESS {reduce()}
-
- let d=BIG.sqr(x);
- x.copy(BIG.mod(d));
- }
-
-/* this+=b */
- func add(b: FP)
- {
- x.add(b.x);
- if BIG.EXCESS(x)+2>=ROM.FEXCESS {reduce()}
- }
-/* this-=b */
- func sub(b: FP)
- {
- let n=FP(b)
- n.neg()
- self.add(n)
- }
-/* this/=2 mod Modulus */
- func div2()
- {
- x.norm()
- if (x.parity()==0)
- {x.fshr(1)}
- else
- {
- x.add(FP.p)
- x.norm()
- x.fshr(1)
- }
- }
-/* this=1/this mod Modulus */
- func inverse()
- {
- let r=redc()
- r.invmodp(FP.p)
- x.copy(r)
- nres()
- }
-
-/* return TRUE if this==a */
- func equals(a: FP) -> Bool
- {
- a.reduce()
- reduce()
- if (BIG.comp(a.x,x)==0) {return true}
- return false;
- }
-/* return this^e mod Modulus */
- func pow(e: BIG) -> FP
- {
- let r=FP(1)
- e.norm()
- x.norm()
- let m=FP(self)
- while (true)
- {
- let bt=e.parity()
- e.fshr(1)
- if bt==1 {r.mul(m)}
- if e.iszilch() {break}
- m.sqr();
- }
- r.x.mod(FP.p);
- return r;
- }
-/* return sqrt(this) mod Modulus */
- func sqrt() -> FP
- {
- reduce();
- let b=BIG(FP.p)
- if (ROM.MOD8==5)
- {
- b.dec(5); b.norm(); b.shr(3)
- let i=FP(self); i.x.shl(1)
- let v=i.pow(b)
- i.mul(v); i.mul(v)
- i.x.dec(1)
- let r=FP(self)
- r.mul(v); r.mul(i)
- r.reduce()
- return r
- }
- else
- {
- b.inc(1); b.norm(); b.shr(2)
- return pow(b)
- }
- }
-/* return jacobi symbol (this/Modulus) */
- func jacobi() -> Int
- {
- let w=redc()
- return w.jacobi(FP.p)
- }
-
-}
[45/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/mpin.c
----------------------------------------------------------------------
diff --git a/c/mpin.c b/c/mpin.c
deleted file mode 100755
index b494833..0000000
--- a/c/mpin.c
+++ /dev/null
@@ -1,1153 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN Functions */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hashing functions */
-static void start_hash(hash *sha)
-{
- HASH_init(sha);
-}
-
-static void add_to_hash(hash *sha,octet *x)
-{
- int i;
- for (i=0;i<x->len;i++) {/*printf("%d,",(unsigned char)x->val[i]);*/ HASH_process(sha,x->val[i]); }
-}
-
-static void finish_hash(hash *sha,octet *w)
-{
- int i;
- char hh[32];
- HASH_hash(sha,hh);
-
- OCT_empty(w);
- OCT_jbytes(w,hh,32);
- for (i=0;i<32;i++) hh[i]=0;
-}
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
-static void map(ECP *P,BIG u,int cb)
-{
- BIG x,q;
-
- BIG_rcopy(q,Modulus);
- BIG_copy(x,u);
- BIG_mod(x,q);
-
- while (!ECP_setx(P,x,cb))
- BIG_inc(x,1);
-}
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
-static int unmap(BIG u,int *cb,ECP *P)
-{
- int s,r=0;
- BIG x;
-
- s=ECP_get(x,x,P);
- BIG_copy(u,x);
- do
- {
- BIG_dec(u,1);
- r++;
- }
- while (!ECP_setx(P,u,s));
- ECP_setx(P,x,s);
-
- *cb=s;
-
- return r;
-}
-
-/* map octet string to point on curve */
-static void mapit(octet *h,ECP *P)
-{
- BIG q,px;
- BIG_fromBytes(px,h->val);
- BIG_rcopy(q,Modulus);
- BIG_mod(px,q);
-
- while (!ECP_setx(P,px,0))
- BIG_inc(px,1);
-}
-
-/* needed for SOK */
-static void mapit2(octet *h,ECP2 *Q)
-{
- BIG q,one,Fx,Fy,x,hv;
- FP2 X;
- ECP2 T,K;
- BIG_fromBytes(hv,h->val);
- BIG_rcopy(q,Modulus);
- BIG_one(one);
- BIG_mod(hv,q);
-
- for (;;)
- {
- FP2_from_BIGs(&X,one,hv);
- if (ECP2_setx(Q,&X)) break;
- BIG_inc(hv,1);
- }
-
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG_rcopy(Fx,CURVE_Fra);
- BIG_rcopy(Fy,CURVE_Frb);
- FP2_from_BIGs(&X,Fx,Fy);
- BIG_rcopy(x,CURVE_Bnx);
-
- ECP2_copy(&T,Q);
- ECP2_mul(&T,x);
- ECP2_neg(&T); /* our x is negative */
- ECP2_copy(&K,&T);
- ECP2_dbl(&K);
- ECP2_add(&K,&T);
- ECP2_affine(&K);
-
- ECP2_frob(&K,&X);
- ECP2_frob(Q,&X); ECP2_frob(Q,&X); ECP2_frob(Q,&X);
- ECP2_add(Q,&T);
- ECP2_add(Q,&K);
- ECP2_frob(&T,&X); ECP2_frob(&T,&X);
- ECP2_add(Q,&T);
- ECP2_affine(Q);
-}
-
-/* Hash number (optional) and octet to octet */
-static void hashit(int n,octet *x,octet *h)
-{
- int i,c[4];
- hash sha;
- char hh[HASH_BYTES];
- BIG px;
-
- HASH_init(&sha);
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0;i<4;i++) HASH_process(&sha,c[i]);
- }
- for (i=0;i<x->len;i++) HASH_process(&sha,x->val[i]);
- HASH_hash(&sha,hh);
- OCT_empty(h);
- OCT_jbytes(h,hh,HASH_BYTES);
- for (i=0;i<32;i++) hh[i]=0;
-}
-
-unsign32 MPIN_today(void)
-{ /* return time in slots since epoch */
- unsign32 ti=(unsign32)time(NULL);
- return (long)(ti/(60*TIME_SLOT_MINUTES));
-}
-
-/* Initialise a Cryptographically Strong Random Number Generator from
- an octet of raw random data */
-
-void MPIN_CREATE_CSPRNG(csprng *RNG,octet *RAW)
-{
- RAND_seed(RNG,RAW->len,RAW->val);
-}
-
-void MPIN_KILL_CSPRNG(csprng *RNG)
-{
- RAND_clean(RNG);
-}
-
-void MPIN_HASH_ID(octet *ID,octet *HID)
-{
- hashit(0,ID,HID);
-}
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
-int MPIN_ENCODING(csprng *RNG,octet *E)
-{
- int rn,m,su,sv,res=0;
-
- BIG q,u,v;
- ECP P,W;
-
- if (!ECP_fromOctet(&P,E)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- BIG_rcopy(q,Modulus);
-
- BIG_randomnum(u,q,RNG);
-
- su=RAND_byte(RNG); if (su<0) su=-su; su%=2;
- map(&W,u,su);
- ECP_sub(&P,&W);
-
- rn=unmap(v,&sv,&P);
- m=RAND_byte(RNG); if (m<0) m=-m; m%=rn;
- BIG_inc(v,m+1);
- E->val[0]=su+2*sv;
- BIG_toBytes(&(E->val[1]),u);
- BIG_toBytes(&(E->val[PFS+1]),v);
- }
-
- return res;
-}
-
-int MPIN_DECODING(octet *D)
-{
- int su,sv;
- BIG u,v;
- ECP P,W;
- int res=0;
-
- if ((D->val[0]&0x04)!=0) res=MPIN_INVALID_POINT;
- if (res==0)
- {
-
- BIG_fromBytes(u,&(D->val[1]));
- BIG_fromBytes(v,&(D->val[PFS+1]));
-
- su=D->val[0]&1;
- sv=(D->val[0]>>1)&1;
-
- map(&W,u,su);
- map(&P,v,sv);
-
- ECP_add(&P,&W);
- ECP_toOctet(D,&P);
- }
- return res;
-}
-
-/* R=R1+R2 in group G1 */
-int MPIN_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
-{
- ECP P,T;
- int res=0;
- if (res==0)
- {
- if (!ECP_fromOctet(&P,R1)) res=MPIN_INVALID_POINT;
- if (!ECP_fromOctet(&T,R2)) res=MPIN_INVALID_POINT;
- }
- if (res==0)
- {
- ECP_add(&P,&T);
- ECP_toOctet(R,&P);
- }
- return res;
-}
-
-/* W=W1+W2 in group G2 */
-int MPIN_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
-{
- ECP2 Q,T;
- int res=0;
- if (!ECP2_fromOctet(&Q,W1)) res=MPIN_INVALID_POINT;
- if (!ECP2_fromOctet(&T,W2)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- ECP2_add(&Q,&T);
- ECP2_toOctet(W,&Q);
- }
- return res;
-}
-
-/* create random secret S */
-int MPIN_RANDOM_GENERATE(csprng *RNG,octet* S)
-{
- BIG r,s;
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- BIG_toBytes(S->val,s);
- S->len=32;
- return 0;
-}
-
-/* Extract PIN from TOKEN for identity CID */
-int MPIN_EXTRACT_PIN(octet *CID,int pin,octet *TOKEN)
-{
- ECP P,R;
- int plen,res=0;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- if (!ECP_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- hashit(-1,CID,&H);
- mapit(&H,&R);
-
- pin%=MAXPIN;
-
- ECP_pinmul(&R,pin,PBLEN);
- ECP_sub(&P,&R);
-
- ECP_toOctet(TOKEN,&P);
- }
- return res;
-}
-
-/* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */
-int MPIN_CLIENT_2(octet *X,octet *Y,octet *SEC)
-{
- BIG px,py,r;
- ECP P;
- int res=0;
- BIG_rcopy(r,CURVE_Order);
- if (!ECP_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT;
- if (res==0)
- {
- BIG_fromBytes(px,X->val);
- BIG_fromBytes(py,Y->val);
- BIG_add(px,px,py);
- BIG_mod(px,r);
- BIG_sub(px,r,px);
- PAIR_G1mul(&P,px);
- ECP_toOctet(SEC,&P);
- }
- return res;
-}
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
-
-int MPIN_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
-{
- ECP P;
- BIG r,x;
- int res=0;
- if (RNG!=NULL)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(x,r,RNG);
- X->len=32;
- BIG_toBytes(X->val,x);
- }
- else
- BIG_fromBytes(x,X->val);
-
- if (type==0)
- {
- if (!ECP_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
- }
- else mapit(G,&P);
-
- if (res==0)
- {
- PAIR_G1mul(&P,x);
- ECP_toOctet(W,&P);
- }
- return res;
-}
-
-
-/* Client secret CST=s*H(CID) where CID is client ID and s is master secret */
-/* CID is hashed externally */
-int MPIN_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST)
-{
- return MPIN_GET_G1_MULTIPLE(NULL,1,S,CID,CST);
-}
-
-/* Implement step 1 on client side of MPin protocol */
-int MPIN_CLIENT_1(int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT)
-{
- BIG r,x;
- ECP P,T,W;
- int plen,res=0;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- BIG_rcopy(r,CURVE_Order);
- if (RNG!=NULL)
- {
- BIG_randomnum(x,r,RNG);
- X->len=32;
- BIG_toBytes(X->val,x);
- }
- else
- BIG_fromBytes(x,X->val);
-
- hashit(-1,CLIENT_ID,&H);
- mapit(&H,&P);
-
- if (!ECP_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- pin%=MAXPIN;
-
- ECP_copy(&W,&P); // W=H(ID)
- ECP_pinmul(&W,pin,PBLEN); // W=alpha.H(ID)
- ECP_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID)
-
- if (date)
- {
- if (!ECP_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT;
- ECP_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID)
- hashit(date,&H,&H);
- mapit(&H,&W);
- if (xID!=NULL)
- {
- PAIR_G1mul(&P,x); // P=x.H(ID)
- ECP_toOctet(xID,&P); // xID
- PAIR_G1mul(&W,x); // W=x.H(T|ID)
- ECP_add(&P,&W);
- }
- else
- {
- ECP_add(&P,&W);
- PAIR_G1mul(&P,x);
- }
- if (xCID!=NULL) ECP_toOctet(xCID,&P); // U
- }
- else
- {
- if (xID!=NULL)
- {
- PAIR_G1mul(&P,x); // P=x.H(ID)
- ECP_toOctet(xID,&P); // xID
- }
- }
- }
-
- if (res==0)
- ECP_toOctet(SEC,&T); // V
-
- return res;
-}
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
-int MPIN_GET_SERVER_SECRET(octet *S,octet *SST)
-{
- BIG r,s;
- FP2 qx,qy;
- ECP2 Q;
- int res=0;
-
- BIG_rcopy(r,CURVE_Order);
- BIG_rcopy(qx.a,CURVE_Pxa); FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb); FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya); FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb); FP_nres(qy.b);
- ECP2_set(&Q,&qx,&qy);
-
- if (res==0)
- {
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&Q,s);
- ECP2_toOctet(SST,&Q);
- }
-
- return res;
-}
-
-
-/* Time Permit CTT=s*H(date|H(CID)) where s is master secret */
-int MPIN_GET_CLIENT_PERMIT(int date,octet *S,octet *CID,octet *CTT)
-{
- BIG s;
- ECP P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- hashit(date,CID,&H);
-
- mapit(&H,&P);
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(CTT,&P);
- return 0;
-}
-
-// if date=0 only use HID, set HCID=NULL
-// if date and !PE, use set HID=NULL and use HCID only
-// if date and PE, use HID and HCID
-
-/* Outputs H(CID) and H(CID)+H(T|H(CID)) for time permits. If no time permits set HTID=NULL */
-void MPIN_SERVER_1(int date,octet *CID,octet *HID,octet *HTID)
-{
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
- ECP P,R;
-
-#ifdef USE_ANONYMOUS
- mapit(CID,&P);
-#else
- hashit(-1,CID,&H);
- mapit(&H,&P);
-#endif
-
- if (date) {
- if (HID!=NULL) {
- ECP_toOctet(HID,&P);
- }
-#ifdef USE_ANONYMOUS
- hashit(date,CID,&H);
-#else
- hashit(date,&H,&H);
-#endif
- mapit(&H,&R);
- ECP_add(&P,&R);
- ECP_toOctet(HTID,&P);
- } else {
- ECP_toOctet(HID,&P);
- }
-
-}
-
-/* Implement M-Pin on server side */
-int MPIN_SERVER_2(int date,octet *HID,octet *HTID,octet *Y,octet *SST,octet *xID,octet *xCID,octet *mSEC,octet *E,octet *F)
-{
- BIG a,px,py,y;
- FP2 qx,qy;
- FP12 g;
- ECP2 Q,sQ;
- ECP P,R;
- int res=0;
-
- BIG_rcopy(qx.a,CURVE_Pxa); FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb); FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya); FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb); FP_nres(qy.b);
-
- if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- if (!ECP2_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- }
-
- if (res==0)
- {
- if (date)
- {
- BIG_fromBytes(px,&(xCID->val[1]));
- BIG_fromBytes(py,&(xCID->val[PFS+1]));
- }
- else
- {
- BIG_fromBytes(px,&(xID->val[1]));
- BIG_fromBytes(py,&(xID->val[PFS+1]));
- }
- if (!ECP_set(&R,px,py)) res=MPIN_INVALID_POINT; // x(A+AT)
- }
- if (res==0)
- {
- BIG_fromBytes(y,Y->val);
- if (date)
- {
- if (!ECP_fromOctet(&P,HTID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- }
- }
- if (res==0)
- {
- PAIR_G1mul(&P,y); // y(A+AT)
- ECP_add(&P,&R); // x(A+AT)+y(A+T)
- if (!ECP_fromOctet(&R,mSEC)) res=MPIN_INVALID_POINT; // V
- }
- if (res==0)
- {
- PAIR_double_ate(&g,&Q,&R,&sQ,&P);
- PAIR_fexp(&g);
-
- if (!FP12_isunity(&g))
- {
- if (HID!=NULL && xID!=NULL && E!=NULL && F !=NULL)
- { /* xID is set to NULL if there is no way to calculate PIN error */
- FP12_toOctet(E,&g);
-
-/* Note error is in the PIN, not in the time permit! Hence the need to exclude Time Permit from this check */
-
- if (date)
- {
- if (!ECP_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
- if (!ECP_fromOctet(&R,xID)) res=MPIN_INVALID_POINT; // U
-
- if (res==0)
- {
- PAIR_G1mul(&P,y); // yA
- ECP_add(&P,&R); // yA+xA
- }
- }
- if (res==0)
- {
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
- FP12_toOctet(F,&g);
- }
- }
- res=MPIN_BAD_PIN;
- }
- }
-
- return res;
-}
-
-#if MAXPIN==10000
-#define MR_TS 10 /* 2^10/10 approx = sqrt(MAXPIN) */
-#define TRAP 200 /* 2*sqrt(MAXPIN) */
-#endif
-
-#if MAXPIN==1000000
-#define MR_TS 14
-#define TRAP 2000
-#endif
-
-/* Pollards kangaroos used to return PIN error */
-int MPIN_KANGAROO(octet *E,octet *F)
-{
- int i,j,m,s,dn,dm,steps;
- int distance[MR_TS];
- FP12 ge,gf,t,table[MR_TS];
- int res=0;
-
- FP12_fromOctet(&ge,E);
- FP12_fromOctet(&gf,F);
-
- FP12_copy(&t,&gf);
-
- for (s=1,m=0;m<MR_TS;m++)
- {
- distance[m]=s;
- FP12_copy(&table[m],&t);
- s*=2;
- FP12_usqr(&t,&t);
- FP12_reduce(&t);
- }
-
- FP12_one(&t);
-
- for (dn=0,j=0;j<TRAP;j++)
- {
- i=t.a.a.a[0]%MR_TS;
- FP12_mul(&t,&table[i]);
- FP12_reduce(&t);
- dn+=distance[i];
- }
-
- FP12_conj(&gf,&t);
- steps=0; dm=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
- i=ge.a.a.a[0]%MR_TS;
- FP12_mul(&ge,&table[i]);
- FP12_reduce(&ge);
- dm+=distance[i];
- if (FP12_equals(&ge,&t))
- {
- res=dm-dn;
- break;
- }
- if (FP12_equals(&ge,&gf))
- {
- res=dn-dm;
- break;
- }
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN) {res=0; } /* Trap Failed - probable invalid token */
-
- return res;
-}
-
-/* Functions to support M-Pin Full */
-
-int MPIN_PRECOMPUTE(octet *TOKEN,octet *CID,octet *G1,octet *G2)
-{
- ECP P,T;
- ECP2 Q;
- FP2 qx,qy;
- FP12 g;
- int res=0;
-
- if (!ECP_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- mapit(CID,&P);
-
- BIG_rcopy(qx.a,CURVE_Pxa); FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb); FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya); FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb); FP_nres(qy.b);
-
- if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
- }
- if (res==0)
- {
- PAIR_ate(&g,&Q,&T);
- PAIR_fexp(&g);
- FP12_toOctet(G1,&g);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
- FP12_toOctet(G2,&g);
- }
- return res;
-}
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
-int MPIN_CLIENT_KEY(octet *G1,octet *G2,int pin,octet *R,octet *X,octet *H,octet *wCID,octet *CK)
-{
- FP12 g1,g2;
- FP4 c,cp,cpm1,cpm2;
- FP2 f;
- ECP W;
- int res=0;
- BIG r,z,x,q,m,a,b,h;
- hash sha;
- char ht[HASH_BYTES];
- octet HT={0,sizeof(ht),ht};
-
- FP12_fromOctet(&g1,G1);
- FP12_fromOctet(&g2,G2);
- BIG_fromBytes(z,R->val);
- BIG_fromBytes(x,X->val);
- BIG_fromBytes(h,H->val);
-
- if (!ECP_fromOctet(&W,wCID)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_add(z,z,h); // new
- BIG_mod(z,r);
-
- PAIR_G1mul(&W,x);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- BIG_rcopy(q,Modulus);
- BIG_copy(m,q);
- BIG_mod(m,r);
-
- BIG_copy(a,z);
- BIG_mod(a,m);
-
- BIG_copy(b,z);
- BIG_sdiv(b,m);
-
- FP12_pinpow(&g2,pin,PBLEN);
- FP12_mul(&g1,&g2);
-
- FP12_trace(&c,&g1);
-
- FP12_copy(&g2,&g1);
- FP12_frob(&g2,&f);
- FP12_trace(&cp,&g2);
-
- FP12_conj(&g1,&g1);
- FP12_mul(&g2,&g1);
- FP12_trace(&cpm1,&g2);
- FP12_mul(&g2,&g1);
- FP12_trace(&cpm2,&g2);
-
- FP4_xtr_pow2(&c,&cp,&c,&cpm1,&cpm2,a,b);
-
- HT.len=PFS;
- start_hash(&sha);
- BIG_copy(m,c.a.a); FP_redc(m); BIG_toBytes(&(HT.val[0]),m);
- add_to_hash(&sha,&HT);
- BIG_copy(m,c.a.b); FP_redc(m); BIG_toBytes(&(HT.val[0]),m);
- add_to_hash(&sha,&HT);
- BIG_copy(m,c.b.a); FP_redc(m); BIG_toBytes(&(HT.val[0]),m);
- add_to_hash(&sha,&HT);
- BIG_copy(m,c.b.b); FP_redc(m); BIG_toBytes(&(HT.val[0]),m);
- add_to_hash(&sha,&HT);
-
- ECP_get(a,b,&W);
-
- BIG_toBytes(&(HT.val[0]),a);
- add_to_hash(&sha,&HT);
- BIG_toBytes(&(HT.val[0]),b);
- add_to_hash(&sha,&HT);
-
- finish_hash(&sha,&HT);
- OCT_empty(CK);
- OCT_jbytes(CK,HT.val,PAS);
- }
- return res;
-}
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
-int MPIN_SERVER_KEY(octet *Z,octet *SST,octet *W,octet *H,octet *HID,octet *xID,octet *xCID,octet *SK)
-{
- int res=0;
- FP12 g;
- FP4 c;
- FP2 qx,qy;
- ECP R,U,A;
- ECP2 sQ;
- BIG w,x,y,h;
- hash sha;
- char ht[HASH_BYTES];
- octet HT={0,sizeof(ht),ht};
-
- if (!ECP2_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
- if (!ECP_fromOctet(&R,Z)) res=MPIN_INVALID_POINT;
-
-
- if (!ECP_fromOctet(&A,HID)) res=MPIN_INVALID_POINT;
-
- // new
- if (xCID!=NULL)
- {
- if (!ECP_fromOctet(&U,xCID)) res=MPIN_INVALID_POINT;
- }
- else
- {
- if (!ECP_fromOctet(&U,xID)) res=MPIN_INVALID_POINT;
- }
- BIG_fromBytes(w,W->val);
- BIG_fromBytes(h,H->val);
-
- if (res==0)
- {
- PAIR_G1mul(&A,h);
- ECP_add(&R,&A); // new
-
- PAIR_ate(&g,&sQ,&R);
- PAIR_fexp(&g);
- PAIR_G1mul(&U,w);
- FP12_trace(&c,&g);
- HT.len=PFS;
- start_hash(&sha);
- BIG_copy(w,c.a.a); FP_redc(w); BIG_toBytes(&(HT.val[0]),w);
- add_to_hash(&sha,&HT);
- BIG_copy(w,c.a.b); FP_redc(w); BIG_toBytes(&(HT.val[0]),w);
- add_to_hash(&sha,&HT);
- BIG_copy(w,c.b.a); FP_redc(w); BIG_toBytes(&(HT.val[0]),w);
- add_to_hash(&sha,&HT);
- BIG_copy(w,c.b.b); FP_redc(w); BIG_toBytes(&(HT.val[0]),w);
- add_to_hash(&sha,&HT);
-
- ECP_get(x,y,&U);
- BIG_toBytes(&(HT.val[0]),x);
- add_to_hash(&sha,&HT);
- BIG_toBytes(&(HT.val[0]),y);
- add_to_hash(&sha,&HT);
-
- finish_hash(&sha,&HT);
- OCT_empty(SK);
- OCT_jbytes(SK,HT.val,PAS);
- }
- return res;
-}
-
-unsign32 MPIN_GET_TIME(void)
-{
- return (unsign32)time(NULL);
-}
-
-/* Generate Y = H(epoch, xCID/xID) */
-void MPIN_GET_Y(int TimeValue,octet *xCID,octet *Y)
-{
- BIG q,y;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- hashit(TimeValue,xCID,&H);
- BIG_fromBytes(y,H.val);
- BIG_rcopy(q,CURVE_Order);
- BIG_mod(y,q);
- BIG_toBytes(Y->val,y);
- Y->len=PGS;
-}
-
-/* One pass MPIN Client */
-int MPIN_CLIENT(int date,octet *ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *V,octet *U,octet *UT,octet *TP,octet *MESSAGE,int TimeValue,octet *Y)
-{
- int rtn=0;
- char m[256];
- octet M={0,sizeof(m),m};
-
- octet *pID;
- if (date == 0)
- pID = U;
- else
- pID = UT;
-
- rtn = MPIN_CLIENT_1(date,ID,RNG,X,pin,TOKEN,V,U,UT,TP);
- if (rtn != 0)
- return rtn;
-
- OCT_joctet(&M,pID);
- if (MESSAGE!=NULL) {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_GET_Y(TimeValue,&M,Y);
-
- rtn = MPIN_CLIENT_2(X,Y,V);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-/* One pass MPIN Server */
-int MPIN_SERVER(int date,octet *HID,octet *HTID,octet *Y,octet *SST,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE,int TimeValue)
-{
- int rtn=0;
- char m[256];
- octet M={0,sizeof(m),m};
-
- octet *pID;
- if (date == 0)
- pID = U;
- else
- pID = UT;
-
- MPIN_SERVER_1(date,ID,HID,HTID);
-
- OCT_joctet(&M,pID);
- if (MESSAGE!=NULL) {
- OCT_joctet(&M,MESSAGE);
- }
-
- MPIN_GET_Y(TimeValue,&M,Y);
-
- rtn = MPIN_SERVER_2(date,HID,HTID,Y,SST,U,UT,V,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
-}
-
-/* AES-GCM Encryption of octets, K is key, H is header,
- P is plaintext, C is ciphertext, T is authentication tag */
-void MPIN_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T)
-{
- gcm g;
- GCM_init(&g,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_plain(&g,C->val,P->val,P->len);
- C->len=P->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/* AES-GCM Decryption of octets, K is key, H is header,
- P is plaintext, C is ciphertext, T is authentication tag */
-void MPIN_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T)
-{
- gcm g;
- GCM_init(&g,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_cipher(&g,P->val,C->val,C->len);
- P->len=C->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/* general purpose hash function w=hash(p|n|x|y) */
-static void hashitGen(octet *p,int n,octet *x,octet *y,octet *w)
-{
- int i,c[4];
- hash sha;
- char hh[32];
-
- HASH_init(&sha);
- if (p!=NULL)
- for (i=0;i<p->len;i++) HASH_process(&sha,p->val[i]);
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0;i<4;i++) HASH_process(&sha,c[i]);
- }
- if (x!=NULL)
- for (i=0;i<x->len;i++) HASH_process(&sha,x->val[i]);
- if (y!=NULL)
- for (i=0;i<y->len;i++) HASH_process(&sha,y->val[i]);
-
-
- HASH_hash(&sha,hh);
-
- OCT_empty(w);
- OCT_jbytes(w,hh,32);
- for (i=0;i<32;i++) hh[i]=0;
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
-int MPIN_HMAC(octet *m,octet *k,int olen,octet *tag)
-{
-/* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int hlen,b;
- char h[32],k0[64];
- octet H={0,sizeof(h),h};
- octet K0={0,sizeof(k0),k0};
-
- hlen=32; b=64;
- if (olen<4 || olen>hlen) return 0;
-
- if (k->len > b) hashitGen(k,-1,NULL,NULL,&K0);
- else OCT_copy(&K0,k);
-
- OCT_jbyte(&K0,0,b-K0.len);
-
- OCT_xorbyte(&K0,0x36);
-
- hashitGen(&K0,-1,m,NULL,&H);
-
- OCT_xorbyte(&K0,0x6a); /* 0x6a = 0x36 ^ 0x5c */
- hashitGen(&K0,-1,&H,NULL,&H);
-
- OCT_empty(tag);
- OCT_jbytes(tag,H.val,olen);
-
- return 1;
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-void MPIN_PBKDF2(octet *p,octet *s,int rep,int olen,octet *key)
-{
- int i,j,len,d=ROUNDUP(olen,32);
- char f[PFS],u[PFS];
- octet F={0,sizeof(f),f};
- octet U={0,sizeof(u),u};
- OCT_empty(key);
-
- for (i=1;i<=d;i++)
- {
- len=s->len;
- OCT_jint(s,i,4);
- MPIN_HMAC(s,p,PFS,&F);
- s->len=len;
- OCT_copy(&U,&F);
- for (j=2;j<=rep;j++)
- {
- MPIN_HMAC(&U,p,PFS,&U);
- OCT_xor(&F,&U);
- }
-
- OCT_joctet(key,&F);
- }
- OCT_chop(key,NULL,olen);
-}
-
-/* Hash the M-Pin transcript - new */
-void MPIN_HASH_ALL(octet *HID,octet *xID,octet *xCID,octet *SEC,octet *Y,octet *R,octet *W,octet *H)
-{
- char t[10*PFS+4];
- octet T={0,sizeof(t),t};
-
- OCT_joctet(&T,HID);
- if (xCID!=NULL) OCT_joctet(&T,xCID);
- else OCT_joctet(&T,xID);
- OCT_joctet(&T,SEC);
- OCT_joctet(&T,Y);
- OCT_joctet(&T,R);
- OCT_joctet(&T,W);
-
- hashit(0,&T,H);
-}
-
-/*
-int MPIN_TEST_PAIRING(octet *CID,octet *R)
-{
- BIG b,px;
- FP2 qx,qy;
- FP12 g;
- ECP2 Q;
- ECP P;
- int res=0;
-
- hashit(-1,CID,&P);
- BIG_rcopy(qx.a,CURVE_Pxa); FP_nres(qx.a);
- BIG_rcopy(qx.b,CURVE_Pxb); FP_nres(qx.b);
- BIG_rcopy(qy.a,CURVE_Pya); FP_nres(qy.a);
- BIG_rcopy(qy.b,CURVE_Pyb); FP_nres(qy.b);
-
- if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
-
- if (res==0)
- {
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
- FP12_trace(&(g.a),&g);
-
- BIG_copy(b,g.a.a.a); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
- BIG_copy(b,g.a.a.b); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
- BIG_copy(b,g.a.b.a); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
- BIG_copy(b,g.a.b.b); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
-
- }
-
- return res;
-}
-*/
-
-/*
-int main()
-{
- ECP2 X;
- FP2 x,y,rhs;
- BIG r;
- char hcid[HASH_BYTES],client_id[100];
- octet HCID={0,sizeof(hcid),hcid};
- octet CLIENT_ID={0,sizeof(client_id),client_id};
-
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- MPIN_HASH_ID(&CLIENT_ID,&HCID);
-
- printf("Client ID= "); OCT_output_string(&CLIENT_ID); printf("\n");
-
- mapit2(&HCID,&X);
-
- ECP2_output(&X);
-
- BIG_rcopy(r,CURVE_Order);
-
- ECP2_mul(&X,r);
-
- ECP2_output(&X);
-
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/mpin.h
----------------------------------------------------------------------
diff --git a/c/mpin.h b/c/mpin.h
deleted file mode 100755
index dd49d75..0000000
--- a/c/mpin.h
+++ /dev/null
@@ -1,379 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file mpin.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief M-Pin Header file
- *
- * Allows some user configuration
- * defines structures
- * declares functions
- *
- */
-
-#ifndef MPIN_H
-#define MPIN_H
-
-#include "amcl.h"
-
-/* Field size is assumed to be greater than or equal to group size */
-
-#define PGS 32 /**< MPIN Group Size */
-#define PFS 32 /**< MPIN Field Size */
-#define PAS 16 /**< MPIN Symmetric Key Size */
-
-#define MPIN_OK 0 /**< Function completed without error */
-/*#define MPIN_DOMAIN_ERROR -11
-#define MPIN_INVALID_PUBLIC_KEY -12
-#define MPIN_ERROR -13*/
-#define MPIN_INVALID_POINT -14 /**< Point is NOT on the curve */
-/*#define MPIN_DOMAIN_NOT_FOUND -15
-#define MPIN_OUT_OF_MEMORY -16
-#define MPIN_DIV_BY_ZERO -17
-#define MPIN_WRONG_ORDER -18*/
-#define MPIN_BAD_PIN -19 /**< Bad PIN number entered */
-
-
-/* Configure your PIN here */
-
-#define MAXPIN 10000 /**< max PIN */
-#define PBLEN 14 /**< max length of PIN in bits */
-
-#define TIME_SLOT_MINUTES 1440 /**< Time Slot = 1 day */
-#define HASH_BYTES 32 /**< Number of bytes output by Hash function */
-
-/* MPIN support functions */
-
-/* MPIN primitives */
-
-/** @brief Hash an M-Pin Identity to an octet string
- *
- @param ID an octet containing the identity
- @param HID an octet containing the hashed identity
- */
-DLL_EXPORT void MPIN_HASH_ID(octet *ID,octet *HID);
-/** @brief Get epoch time as unsigned integer
- *
- @return current epoch time in seconds
- */
-DLL_EXPORT unsign32 MPIN_GET_TIME(void);
-/** @brief Generate Y=H(t,O), where t is epoch time, O is an octet, and H(.) is a hash function
- *
- @param t is epoch time in seconds
- @param O is an input octet
- @param Y is the output octet
- */
-DLL_EXPORT void MPIN_GET_Y(int t,octet *O,octet *Y);
-/** @brief Extract a PIN number from a client secret
- *
- @param ID is the input client identity
- @param pin is an input PIN number
- @param CS is the client secret from which the PIN is to be extracted
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_EXTRACT_PIN(octet *ID,int pin,octet *CS);
-/** @brief Perform client side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param V is output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_CLIENT(int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *V,octet *U,octet *UT,octet *TP, octet* MESSAGE, int t, octet *y);
-/** @brief Perform first pass of the client side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input client identity
- @param R is a pointer to a cryptographically secure random number generator
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param pin is the input PIN number
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param S is output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit
- @param U is output = x.H(ID)
- @param UT is output = x.(H(ID)+H(d|H(ID)))
- @param TP is the input time permit
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_CLIENT_1(int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *S,octet *U,octet *UT,octet *TP);
-/** @brief Generate a random group element
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is the output random octet
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_RANDOM_GENERATE(csprng *R,octet *S);
-/** @brief Perform second pass of the client side of the 3-pass version of the M-Pin protocol
- *
- @param x an input, a locally generated random number
- @param y an input random challenge from the server
- @param V on output = -(x+y).V
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_CLIENT_2(octet *x,octet *y,octet *V);
-/** @brief Perform server side of the one-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not generated and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @param y is output H(t|U) or H(t|UT) if Time Permits enabled
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param ID is the input claimed client identity
- @param MESSAGE is the message to be signed
- @param t is input epoch time in seconds - a timestamp
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_SERVER(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE, int t);
-/** @brief Perform first pass of the server side of the 3-pass version of the M-Pin protocol
- *
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param ID is the input claimed client identity
- @param HID is output H(ID), a hash of the client ID
- @param HTID is output H(ID)+H(d|H(ID))
- @return 0 or an error code
- */
-DLL_EXPORT void MPIN_SERVER_1(int d,octet *ID,octet *HID,octet *HTID);
-/** @brief Perform third pass on the server side of the 3-pass version of the M-Pin protocol
- *
- If Time Permits are disabled, set d = 0, and UT and HTID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
- If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
- @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
- @param HID is input H(ID), a hash of the client ID
- @param HTID is input H(ID)+H(d|H(ID))
- @param y is the input server's randomly generated challenge
- @param SS is the input server secret
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param V is an input from the client
- @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_SERVER_2(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F);
-/** @brief Add two members from the group G1
- *
- @param Q1 an input member of G1
- @param Q2 an input member of G1
- @param Q an output member of G1 = Q1+Q2
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_RECOMBINE_G1(octet *Q1,octet *Q2,octet *Q);
-/** @brief Add two members from the group G2
- *
- @param P1 an input member of G2
- @param P2 an input member of G2
- @param P an output member of G2 = P1+P2
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_RECOMBINE_G2(octet *P1,octet *P2,octet *P);
-/** @brief Use Kangaroos to find PIN error
- *
- @param E a member of the group GT
- @param F a member of the group GT = E^e
- @return 0 if Kangaroos failed, or the PIN error e
- */
-DLL_EXPORT int MPIN_KANGAROO(octet *E,octet *F);
-/** @brief Encoding of a Time Permit to make it indistinguishable from a random string
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param TP is the input time permit, obfuscated on output
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_ENCODING(csprng *R,octet *TP);
-/** @brief Encoding of an obfuscated Time Permit
- *
- @param TP is the input obfuscated time permit, restored on output
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_DECODING(octet *TP);
-/** @brief Supply today's date as days from the epoch
- *
- @return today's date, as number of days elapsed since the epoch
- */
-DLL_EXPORT unsign32 MPIN_today(void);
-/** @brief Initialise a random number generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is an input truly random seed value
- */
-DLL_EXPORT void MPIN_CREATE_CSPRNG(csprng *R,octet *S);
-/** @brief Kill a random number generator
- *
- Deletes all internal state
- @param R is a pointer to a cryptographically secure random number generator
- */
-DLL_EXPORT void MPIN_KILL_CSPRNG(csprng *R);
-/** @brief Find a random multiple of a point in G1
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param type determines type of action to be taken
- @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param G if type=0 a point in G1, else an octet to be mapped to G1
- @param W the output =x.G or x.M(G), where M(.) is a mapping
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_GET_G1_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
-/** @brief Create a client secret in G1 from a master secret and the client ID
- *
- @param S is an input master secret
- @param ID is the input client identity
- @param CS is the full client secret = s.H(ID)
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_GET_CLIENT_SECRET(octet *S,octet *ID,octet *CS);
-/** @brief Create a Time Permit in G1 from a master secret and the client ID
- *
- @param d is input date, in days since the epoch.
- @param S is an input master secret
- @param ID is the input client identity
- @param TP is a Time Permit for the given date = s.H(d|H(ID))
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_GET_CLIENT_PERMIT(int d,octet *S,octet *ID,octet *TP);
-/** @brief Create a server secret in G2 from a master secret
- *
- @param S is an input master secret
- @param SS is the server secret = s.Q where Q is a fixed generator of G2
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_GET_SERVER_SECRET(octet *S,octet *SS);
-/* DLL_EXPORT int MPIN_TEST_PAIRING(octet *,octet *); */
-
-/* For M-Pin Full */
-/** @brief Precompute values for use by the client side of M-Pin Full
- *
- @param T is the input M-Pin token (the client secret with PIN portion removed)
- @param ID is the input client identity
- @param g1 precomputed output
- @param g2 precomputed output
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_PRECOMPUTE(octet *T,octet *ID,octet *g1,octet *g2);
-/** @brief Calculate Key on Server side for M-Pin Full
- *
- Uses UT internally for the key calculation, unless not available in which case U is used
- @param Z is the input Client-side Diffie-Hellman component
- @param SS is the input server secret
- @param w is an input random number generated by the server
- @param p is an input, hash of the protocol transcript
- @param I is the hashed input client ID = H(ID)
- @param U is input from the client = x.H(ID)
- @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_SERVER_KEY(octet *Z,octet *SS,octet *w,octet *p,octet *I,octet *U,octet *UT,octet *K);
-/** @brief Calculate Key on Client side for M-Pin Full
- *
- @param g1 precomputed input
- @param g2 precomputed input
- @param pin is the input PIN number
- @param r is an input, a locally generated random number
- @param x is an input, a locally generated random number
- @param p is an input, hash of the protocol transcript
- @param T is the input Server-side Diffie-Hellman component
- @param K is the output calculated shared key
- @return 0 or an error code
- */
-DLL_EXPORT int MPIN_CLIENT_KEY(octet *g1,octet *g2,int pin,octet *r,octet *x,octet *p,octet *T,octet *K);
-
-/** @brief AES-GCM Encryption
- *
- @param K AES key
- @param IV Initialization vector
- @param H Header
- @param P Plaintext
- @param C Ciphertext
- @param T Checksum
- */
-DLL_EXPORT void MPIN_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
-
-/** @brief AES-GCM Decryption
- *
- @param K AES key
- @param IV Initialization vector
- @param H Header
- @param P Plaintext
- @param C Ciphertext
- @param T Checksum
- */
-DLL_EXPORT void MPIN_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
-
-/** @brief HMAC of message M using key K to create tag of length len in octet tag
- *
- IEEE-1363 MAC1 function. Uses SHA256 internally.
- @param M input message octet
- @param K input encryption key
- @param len is output desired length of HMAC tag
- @param tag is the output HMAC
- @return 0 for bad parameters, else 1
- */
-DLL_EXPORT int MPIN_HMAC(octet *M,octet *K,int len,octet *tag);
-
-/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
- *
- PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
- @param P input password
- @param S input salt
- @param rep Number of times to be iterated.
- @param len is output desired length of key
- @param K is the derived key
- */
-DLL_EXPORT void MPIN_PBKDF2(octet *P,octet *S,int rep,int len,octet *K);
-
-/** @brief Hash the session transcript
- @param I is the hashed input client ID = H(ID)
- @param U is the client output = x.H(ID)
- @param CU is the client output = x.(H(ID)+H(T|H(ID)))
- @param Y is the server challenge
- @param V is the client part response
- @param R is the client part response
- @param W is the server part response
- @param H the output is the hash of all of the above that apply
-*/
-DLL_EXPORT void MPIN_HASH_ALL(octet *I,octet *U,octet *CU,octet *V,octet *Y,octet *R,octet *W,octet *H);
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/oct.c
----------------------------------------------------------------------
diff --git a/c/oct.c b/c/oct.c
deleted file mode 100755
index 52455ae..0000000
--- a/c/oct.c
+++ /dev/null
@@ -1,388 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/*** Basic Octet string maintainance routines ***/
-/* SU=m, m is Stack Usage */
-
-#include <string.h>
-#include "amcl.h"
-
-/* Output an octet string (Debug Only) */
-
-/* SU= 16 */
-/* output octet */
-void OCT_output(octet *w)
-{
- int i;
- unsigned char ch;
- for (i=0;i<w->len;i++)
- {
- ch=w->val[i];
- printf("%02x",ch);
- }
- printf("\n");
-}
-
-/* SU= 16 */
-void OCT_output_string(octet *w)
-{
- int i;
- unsigned char ch;
- for (i=0;i<w->len;i++)
- {
- ch=w->val[i];
- printf("%c",ch);
- }
- /* printf("\n"); */
-}
-
-/* Convert C string to octet format - truncates if no room */
-void OCT_jstring(octet *y,char *s)
-{
- int i,j;
- i=y->len;
- j=0;
- while (s[j]!=0 && i<y->max)
- {
- y->val[i]=s[j];
- y->len++;
- i++; j++;
- }
-}
-
-/* compare 2 octet strings.
- * If x==y return TRUE, else return FALSE */
-/* SU= 8 */
-int OCT_comp(octet *x,octet *y)
-{
- int i;
- if (x->len>y->len) return 0;
- if (x->len<y->len) return 0;
- for (i=0;i<x->len;i++)
- {
- if (x->val[i]!=y->val[i]) return 0;
- }
- return 1;
-}
-
-/* check are first n bytes the same */
-
-int OCT_ncomp(octet *x,octet *y,int n)
-{
- int i;
- if (n>y->len || n>x->len) return 0;
- for (i=0;i<n;i++)
- {
- if (x->val[i]!=y->val[i]) return 0;
- }
- return 1;
-}
-
-/* Shift octet to the left by n bytes. Leftmost bytes disappear */
-void OCT_shl(octet *x,int n)
-{
- int i;
- if (n>=x->len)
- {
- x->len=0;
- return;
- }
- x->len-=n;
- for (i=0;i<x->len;i++)
- x->val[i]=x->val[i+n];
-}
-
-/* Append binary string to octet - truncates if no room */
-/* SU= 12 */
-void OCT_jbytes(octet *y,char *b,int len)
-{
- int i,j;
- i=y->len;
- for (j=0;j<len && i<y->max;j++)
- {
- y->val[i]=b[j];
- y->len++;
- i++;
- }
-}
-
-/* Concatenates two octet strings */
-/* SU= 8 */
-void OCT_joctet(octet *y,octet *x)
-{ /* y=y || x */
- int i,j;
- if (x==NULL) return;
-
- for (i=0;i<x->len;i++)
- {
- j=y->len+i;
- if (j>=y->max)
- {
- y->len=y->max;
- return;
- }
- y->val[j]=x->val[i];
- }
- y->len+=x->len;
-}
-
-/* Append byte to octet rep times */
-/* SU= 8 */
-void OCT_jbyte(octet *y,int ch,int rep)
-{
- int i,j;
- i=y->len;
- for (j=0;j<rep && i<y->max;j++)
- {
- y->val[i]=ch;
- y->len++;
- i++;
- }
-}
-
-/* XOR common bytes of x with y */
-/* SU= 8 */
-void OCT_xor(octet *y,octet *x)
-{ /* xor first x->len bytes of y */
-
- int i;
- for (i=0;i<x->len && i<y->len;i++)
- {
- y->val[i]^=x->val[i];
- }
-}
-
-/* clear an octet */
-void OCT_empty(octet *w)
-{
- w->len=0;
-}
-
-/* Kill an octet string - Zeroise it for security */
-void OCT_clear(octet *w)
-{
- int i;
- for (i=0;i<w->max;i++) w->val[i]=0;
- w->len=0;
-}
-
-/* appends int x of length len bytes to OCTET string */
-/* SU= 8 */
-void OCT_jint(octet *y,int x,int len)
-{
- int i,n;
- n=y->len+len;
- if (n>y->max || len<=0) return;
- for (i=y->len;i<n;i++) y->val[i]=0;
- y->len=n;
-
- i=y->len;
- while (x>0 && i>0)
- {
- i--;
- y->val[i]=x%256;
- x/=256;
- }
-}
-
-/* Pad an octet to a given length */
-/* SU= 8 */
-int OCT_pad(octet *w,int n)
-{
- int i,d;
- if (w->len>n || n>w->max) return 0;
- if (n==w->len) return 1;
- d=n-w->len;
- for (i=n-1;i>=d;i--)
- w->val[i]=w->val[i-d];
- for (i=d-1;i>=0;i--)
- w->val[i]=0;
- w->len=n;
- return 1;
-}
-
-
-/* Convert an octet string to base64 string */
-/* SU= 56 */
-void OCT_tobase64(char *b,octet *w)
-{
- int i,j,k,rem,last;
- int c,ch[4];
- unsigned char ptr[3];
- rem=w->len%3; j=k=0; last=4;
- while (j<w->len)
- {
- for (i=0;i<3;i++)
- {
- if (j<w->len) ptr[i]=w->val[j++];
- else {ptr[i]=0; last--;}
- }
- ch[0]=(ptr[0]>>2)&0x3f;
- ch[1]=((ptr[0]<<4)|(ptr[1]>>4))&0x3f;
- ch[2]=((ptr[1]<<2)|(ptr[2]>>6))&0x3f;
- ch[3]=ptr[2]&0x3f;
- for (i=0;i<last;i++)
- {
- c=ch[i];
- if (c<26) c+=65;
- if (c>=26 && c<52) c+=71;
- if (c>=52 && c<62) c-=4;
- if (c==62) c='+';
- if (c==63) c='/';
- b[k++]=c;
- }
- }
- if (rem>0) for (i=rem;i<3;i++) b[k++]='=';
- b[k]='\0'; /* dangerous! */
-}
-
-/* SU= 56 */
-void OCT_frombase64(octet *w,char *b)
-{
- int i,j,k,pads,len=(int)strlen(b);
- int c,ch[4],ptr[3];
- int lead=1;
- j=k=0;
- while (j<len && k<w->max)
- {
- pads=0;
- for (i=0;i<4;i++)
- {
- c=80+b[j++];
- if (c<=112) continue; /* ignore white space */
- if (c>144 && c<171) c-=145;
- if (c>176 && c<203) c-=151;
- if (c>127 && c<138) c-=76;
- if (c==123) c=62;
- if (c==127) c=63;
- if (c==141) {pads++; continue;} /* ignore pads '=' */
- ch[i]=c;
- }
- ptr[0]=(ch[0]<<2)|(ch[1]>>4);
- ptr[1]=(ch[1]<<4)|(ch[2]>>2);
- ptr[2]=(ch[2]<<6)|ch[3];
- for (i=0;i<3-pads && k<w->max;i++)
- { /* don't put in leading zeros */
- /* if (lead && ptr[i]==0) continue; */
- w->val[k++]=ptr[i];
- lead=0;
- }
-
- }
- w->len=k;
-}
-
-/* copy an octet string - truncates if no room */
-/* SU= 16 */
-void OCT_copy(octet *y,octet *x)
-{
- int i;
- OCT_clear(y);
- y->len=x->len;
- if (y->len>y->max) y->len=y->max;
-
- for (i=0;i<y->len;i++)
- y->val[i]=x->val[i];
-}
-
-/* XOR m with all of x */
-void OCT_xorbyte(octet *x,int m)
-{
- int i;
- for (i=0;i<x->len;i++) x->val[i]^=m;
-}
-
-/* truncates x to n bytes and places the rest in y (if y is not NULL) */
-/* SU= 8 */
-void OCT_chop(octet *x,octet *y,int n)
-{
- int i;
- if (n>=x->len)
- {
- if (y!=NULL) y->len=0;
- return;
- }
- if (y!=NULL) y->len=x->len-n;
- x->len=n;
-
- if (y!=NULL)
- {
- for (i=0;i<y->len && i<y->max;i++) y->val[i]=x->val[i+n];
- }
-}
-
-/* set x to len random bytes */
-void OCT_rand(octet *x,csprng *RNG,int len)
-{
- int i;
- if (len>x->max) len=x->max;
- x->len=len;
-
- for (i=0;i<len;i++) x->val[i]=RAND_byte(RNG);
-}
-
-/* Convert an octet to a hex string */
-void OCT_toHex(octet *src,char *dst)
-{
- int i;
- unsigned char ch;
- for (i=0;i<src->len;i++)
- {
- ch=src->val[i];
- sprintf(&dst[i*2],"%02x", ch);
- }
-}
-
-/* Convert an octet to a string */
-void OCT_toStr(octet *src,char *dst)
-{
- int i;
- unsigned char ch;
- for (i=0;i<src->len;i++)
- {
- ch=src->val[i];
- sprintf(&dst[i],"%c", ch);
- }
-}
-
-/* Test program
-#include <stdio.h>
-#include "amcl.h"
-
-char test[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-
-int main()
-{
- char gm[100],gn[100],t[100];
- octet m={0,sizeof(gm),gm};
- octet n={0,sizeof(gn),gn};
-
- OCT_jbytes(&m,test,strlen(test));
- OCT_output(&m);
-
- OCT_tobase64(t,&m);
- printf(t); printf("\n");
-
- OCT_frombase64(&n,t);
- OCT_output(&n);
-
- return 0;
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/pair.c
----------------------------------------------------------------------
diff --git a/c/pair.c b/c/pair.c
deleted file mode 100755
index c5bbc6f..0000000
--- a/c/pair.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve pairing functions */
-
-//#define HAS_MAIN
-
-#include "amcl.h"
-
-/* Line function */
-static void PAIR_line(FP12 *v,ECP2 *A,ECP2 *B,BIG Qx,BIG Qy)
-{
- ECP2 P;
- FP2 Z3,X,Y,ZZ,T,NY;
- FP4 a,b,c;
- int D;
- ECP2_copy(&P,A);
- if (A==B)
- D=ECP2_dbl(A); // check these return numbers...
- else
- D=ECP2_add(A,B);
- if (D<0)
- { /* Infinity */
- FP12_one(v);
- return;
- }
-
- FP2_copy(&Z3,&(A->z));
- FP4_zero(&c);
- FP2_sqr(&ZZ,&(P.z)); /* ZZ=Z^2 */
- if (D==0)
- { /* addition */
- ECP2_get(&X,&Y,B);
- FP2_mul(&T,&(P.z),&Y); /* T=Z*Y2 */
-
- FP2_mul(&ZZ,&ZZ,&T);
-
- FP2_neg(&NY,&(P.y));
- FP2_add(&ZZ,&ZZ,&NY); /* ZZ=Z^3*Y2-Y (slope numerator) */
- FP2_pmul(&Z3,&Z3,Qy); /* Z3*Qy */
- FP2_mul(&T,&T,&(P.x));
- FP2_mul(&X,&X,&NY);
- FP2_add(&T,&T,&X); /* Z*Y2*X-X2*Y */
- FP4_from_FP2s(&a,&Z3,&T); /* a=[Z3*Qy,Z*Y2*X-X2*Y] */
- FP2_neg(&ZZ,&ZZ);
- FP2_pmul(&ZZ,&ZZ,Qx);
- FP4_from_FP2(&b,&ZZ); /* b=-slope*Qx */
- }
- else
- { /* doubling */
- FP2_sqr(&T,&(P.x));
- FP2_imul(&T,&T,3); /* T=3X^2 (slope numerator) */
- FP2_sqr(&Y,&(P.y));
-
- FP2_add(&Y,&Y,&Y); /* Y=2Y^2 */
- FP2_mul(&Z3,&Z3,&ZZ); /* Z3=Z3*ZZ */
- FP2_pmul(&Z3,&Z3,Qy); /* Z3=Z3*ZZ*Qy */
-
- FP2_mul(&X,&(P.x),&T);
- FP2_sub(&X,&X,&Y); /* X=X*slope-2Y^2 */
- FP4_from_FP2s(&a,&Z3,&X); /* a=[Z3*ZZ*Qy , X*slope-2Y^2] */
- FP2_neg(&T,&T);
- FP2_mul(&ZZ,&ZZ,&T);
- FP2_pmul(&ZZ,&ZZ,Qx);
- FP4_from_FP2(&b,&ZZ); /* b=-slope*ZZ*Qx */
- }
-
- FP12_from_FP4s(v,&a,&b,&c);
-}
-
-/* Optimal R-ate pairing r=e(P,Q) */
-void PAIR_ate(FP12 *r,ECP2 *P,ECP *Q)
-{
- FP2 X;
- BIG x,n,Qx,Qy;
- int i,nb;
- ECP2 A,KA;
- FP12 lv;
-
- BIG_rcopy(Qx,CURVE_Fra);
- BIG_rcopy(Qy,CURVE_Frb);
- FP2_from_BIGs(&X,Qx,Qy);
-
- BIG_rcopy(x,CURVE_Bnx);
- BIG_pmul(n,x,6);
-
- BIG_dec(n,2);
- BIG_norm(n);
-
- ECP2_affine(P);
- ECP_affine(Q);
-
- BIG_copy(Qx,Q->x);
- BIG_copy(Qy,Q->y);
-
- ECP2_copy(&A,P);
- FP12_one(r);
- nb=BIG_nbits(n);
-
-/* Main Miller Loop */
- for (i=nb-2;i>=1;i--)
- {
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
- if (BIG_bit(n,i))
- {
-
- PAIR_line(&lv,&A,P,Qx,Qy);
- FP12_smul(r,&lv);
- }
- FP12_sqr(r,r);
- }
-
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
-
-/* R-ate fixup */
-
- ECP2_copy(&KA,P);
- ECP2_frob(&KA,&X);
-
- ECP2_neg(&A);
- FP12_conj(r,r);
-
- PAIR_line(&lv,&A,&KA,Qx,Qy);
- FP12_smul(r,&lv);
- ECP2_frob(&KA,&X);
- ECP2_neg(&KA);
- PAIR_line(&lv,&A,&KA,Qx,Qy);
- FP12_smul(r,&lv);
-
-}
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
-void PAIR_double_ate(FP12 *r,ECP2 *P,ECP *Q,ECP2 *R,ECP *S)
-{
- FP2 X;
- BIG x,n,Qx,Qy,Sx,Sy;
- int i,nb;
- ECP2 A,B,K;
- FP12 lv;
-
- BIG_rcopy(Qx,CURVE_Fra);
- BIG_rcopy(Qy,CURVE_Frb);
- FP2_from_BIGs(&X,Qx,Qy);
-
- BIG_rcopy(x,CURVE_Bnx);
-
- BIG_pmul(n,x,6);
- BIG_dec(n,2);
- BIG_norm(n);
-
- ECP2_affine(P);
- ECP_affine(Q);
-
- ECP2_affine(R);
- ECP_affine(S);
-
- BIG_copy(Qx,Q->x);
- BIG_copy(Qy,Q->y);
-
- BIG_copy(Sx,S->x);
- BIG_copy(Sy,S->y);
-
- ECP2_copy(&A,P);
- ECP2_copy(&B,R);
- FP12_one(r);
- nb=BIG_nbits(n);
-
-/* Main Miller Loop */
- for (i=nb-2;i>=1;i--)
- {
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
- PAIR_line(&lv,&B,&B,Sx,Sy);
- FP12_smul(r,&lv);
-
- if (BIG_bit(n,i))
- {
- PAIR_line(&lv,&A,P,Qx,Qy);
- FP12_smul(r,&lv);
-
- PAIR_line(&lv,&B,R,Sx,Sy);
- FP12_smul(r,&lv);
- }
- FP12_sqr(r,r);
- }
-
- PAIR_line(&lv,&A,&A,Qx,Qy);
- FP12_smul(r,&lv);
-
- PAIR_line(&lv,&B,&B,Sx,Sy);
- FP12_smul(r,&lv);
-
-/* R-ate fixup */
-
- FP12_conj(r,r);
-
- ECP2_copy(&K,P);
- ECP2_frob(&K,&X);
- ECP2_neg(&A);
- PAIR_line(&lv,&A,&K,Qx,Qy);
- FP12_smul(r,&lv);
- ECP2_frob(&K,&X);
- ECP2_neg(&K);
- PAIR_line(&lv,&A,&K,Qx,Qy);
- FP12_smul(r,&lv);
-
- ECP2_copy(&K,R);
- ECP2_frob(&K,&X);
- ECP2_neg(&B);
- PAIR_line(&lv,&B,&K,Sx,Sy);
- FP12_smul(r,&lv);
- ECP2_frob(&K,&X);
- ECP2_neg(&K);
- PAIR_line(&lv,&B,&K,Sx,Sy);
- FP12_smul(r,&lv);
-}
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
-void PAIR_fexp(FP12 *r)
-{
- FP2 X;
- BIG x,a,b;
- FP12 t0,y0,y1,y2,y3;
-
- BIG_rcopy(x,CURVE_Bnx);
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&X,a,b);
-
-/* Easy part of final exp */
-
- FP12_inv(&t0,r);
- FP12_conj(r,r);
-
- FP12_mul(r,&t0);
- FP12_copy(&t0,r);
-
- FP12_frob(r,&X);
- FP12_frob(r,&X);
- FP12_mul(r,&t0);
-
-/* Hard part of final exp - see Duquesne & Ghamman eprint 2015/192.pdf */
-
- FP12_pow(&t0,r,x); // t0=f^-u
- FP12_usqr(&y3,&t0); // y3=t0^2
- FP12_copy(&y0,&t0); FP12_mul(&y0,&y3); // y0=t0*y3
- FP12_copy(&y2,&y3); FP12_frob(&y2,&X); // y2=y3^p
- FP12_mul(&y2,&y3); //y2=y2*y3
- FP12_usqr(&y2,&y2); //y2=y2^2
- FP12_mul(&y2,&y3); // y2=y2*y3
-
- FP12_pow(&t0,&y0,x); //t0=y0^-u
- FP12_conj(&y0,r); //y0=~r
- FP12_copy(&y1,&t0); FP12_frob(&y1,&X); FP12_frob(&y1,&X); //y1=t0^p^2
- FP12_mul(&y1,&y0); // y1=y0*y1
- FP12_conj(&t0,&t0); // t0=~t0
- FP12_copy(&y3,&t0); FP12_frob(&y3,&X); //y3=t0^p
- FP12_mul(&y3,&t0); // y3=t0*y3
- FP12_usqr(&t0,&t0); // t0=t0^2
- FP12_mul(&y1,&t0); // y1=t0*y1
-
- FP12_pow(&t0,&y3,x); // t0=y3^-u
- FP12_usqr(&t0,&t0); //t0=t0^2
- FP12_conj(&t0,&t0); //t0=~t0
- FP12_mul(&y3,&t0); // y3=t0*y3
-
- FP12_frob(r,&X); FP12_copy(&y0,r);
- FP12_frob(r,&X); FP12_mul(&y0,r);
- FP12_frob(r,&X); FP12_mul(&y0,r);
-
- FP12_usqr(r,&y3); //r=y3^2
- FP12_mul(r,&y2); //r=y2*r
- FP12_copy(&y3,r); FP12_mul(&y3,&y0); // y3=r*y0
- FP12_mul(r,&y1); // r=r*y1
- FP12_usqr(r,r); // r=r^2
- FP12_mul(r,&y3); // r=r*y3
- FP12_reduce(r);
-
-
-/* our way */
-/*
-// FP12 lv,x0,x1,x2,x3,x4,x5;
-
- FP12_copy(&lv,r);
- FP12_frob(&lv,&X);
- FP12_copy(&x0,&lv);
- FP12_frob(&x0,&X);
- FP12_mul(&lv,r);
- FP12_mul(&x0,&lv);
- FP12_frob(&x0,&X);
-
- FP12_conj(&x1,r);
- FP12_pow(&x4,r,x);
- FP12_copy(&x3,&x4);
- FP12_frob(&x3,&X);
-
- FP12_pow(&x2,&x4,x);
- FP12_conj(&x5,&x2);
- FP12_pow(&lv,&x2,x);
- FP12_frob(&x2,&X);
- FP12_conj(r,&x2);
-
- FP12_mul(&x4,r);
- FP12_frob(&x2,&X);
-
- FP12_copy(r,&lv);
- FP12_frob(r,&X);
- FP12_mul(&lv,r);
-
- FP12_usqr(&lv,&lv);
- FP12_mul(&lv,&x4);
- FP12_mul(&lv,&x5);
- FP12_copy(r,&x3);
- FP12_mul(r,&x5);
- FP12_mul(r,&lv);
- FP12_mul(&lv,&x2);
- FP12_usqr(r,r);
- FP12_mul(r,&lv);
- FP12_usqr(r,r);
- FP12_copy(&lv,r);
- FP12_mul(&lv,&x1);
- FP12_mul(r,&x0);
- FP12_usqr(&lv,&lv);
- FP12_mul(r,&lv);
- FP12_reduce(r); */
-}
-
-/* GLV method */
-static void glv(BIG u[2],BIG e)
-{
- int i,j;
- BIG v[2],t,q;
- DBIG d;
- BIG_rcopy(q,CURVE_Order);
- for (i=0;i<2;i++)
- {
- BIG_rcopy(t,CURVE_W[i]);
- BIG_mul(d,t,e);
- BIG_ddiv(v[i],d,q);
- BIG_zero(u[i]);
- }
- BIG_copy(u[0],e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- BIG_rcopy(t,CURVE_SB[j][i]);
- BIG_modmul(t,v[j],t,q);
- BIG_add(u[i],u[i],q);
- BIG_sub(u[i],u[i],t);
- BIG_mod(u[i],q);
- }
- return;
-}
-
-/* Galbraith & Scott Method */
-static void gs(BIG u[4],BIG e)
-{
- int i,j;
- BIG v[4],t,q;
- DBIG d;
- BIG_rcopy(q,CURVE_Order);
- for (i=0;i<4;i++)
- {
- BIG_rcopy(t,CURVE_WB[i]);
- BIG_mul(d,t,e);
- BIG_ddiv(v[i],d,q);
- BIG_zero(u[i]);
- }
-
- BIG_copy(u[0],e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- BIG_rcopy(t,CURVE_BB[j][i]);
- BIG_modmul(t,v[j],t,q);
- BIG_add(u[i],u[i],q);
- BIG_sub(u[i],u[i],t);
- BIG_mod(u[i],q);
- }
- return;
-}
-
-/* Multiply P by e in group G1 */
-void PAIR_G1mul(ECP *P,BIG e)
-{
-#ifdef USE_GLV /* Note this method is patented */
- int i,np,nn;
- ECP Q;
- BIG cru,t,q;
- BIG u[2];
-
- BIG_rcopy(q,CURVE_Order);
- glv(u,e);
-
- ECP_affine(P);
- ECP_copy(&Q,P);
- BIG_rcopy(cru,CURVE_Cru);
- FP_nres(cru);
- FP_mul(Q.x,Q.x,cru);
-
-/* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
-
- np=BIG_nbits(u[0]);
- BIG_modneg(t,u[0],q);
- nn=BIG_nbits(t);
- if (nn<np)
- {
- BIG_copy(u[0],t);
- ECP_neg(P);
- }
-
- np=BIG_nbits(u[1]);
- BIG_modneg(t,u[1],q);
- nn=BIG_nbits(t);
- if (nn<np)
- {
- BIG_copy(u[1],t);
- ECP_neg(&Q);
- }
-
-
- ECP_mul2(P,&Q,u[0],u[1]);
-
-#else
- ECP_mul(P,e);
-#endif
-}
-
-/* Multiply P by e in group G2 */
-void PAIR_G2mul(ECP2 *P,BIG e)
-{
-#ifdef USE_GS_G2 /* Well I didn't patent it :) */
- int i,np,nn;
- ECP2 Q[4];
- FP2 X;
- BIG x,y;
- BIG u[4];
-
- BIG_rcopy(x,CURVE_Fra);
- BIG_rcopy(y,CURVE_Frb);
- FP2_from_BIGs(&X,x,y);
-
- BIG_rcopy(y,CURVE_Order);
- gs(u,e);
-
-
- ECP2_affine(P);
-
- ECP2_copy(&Q[0],P);
- for (i=1;i<4;i++)
- {
- ECP2_copy(&Q[i],&Q[i-1]);
- ECP2_frob(&Q[i],&X);
- }
-
- for (i=0;i<4;i++)
- {
- np=BIG_nbits(u[i]);
- BIG_modneg(x,u[i],y);
- nn=BIG_nbits(x);
- if (nn<np)
- {
- BIG_copy(u[i],x);
- ECP2_neg(&Q[i]);
- }
- }
-
- ECP2_mul4(P,Q,u);
-
-#else
- ECP2_mul(P,e);
-#endif
-}
-
-/* f=f^e */
-void PAIR_GTpow(FP12 *f,BIG e)
-{
-#ifdef USE_GS_GT /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see amcl_fp4.c */
- int i,np,nn;
- FP12 g[4];
- FP2 X;
- BIG t,q,x,y;
- BIG u[4];
-
- BIG_rcopy(x,CURVE_Fra);
- BIG_rcopy(y,CURVE_Frb);
- FP2_from_BIGs(&X,x,y);
-
- BIG_rcopy(q,CURVE_Order);
- gs(u,e);
-
- FP12_copy(&g[0],f);
- for (i=1;i<4;i++)
- {
- FP12_copy(&g[i],&g[i-1]);
- FP12_frob(&g[i],&X);
- }
-
- for (i=0;i<4;i++)
- {
- np=BIG_nbits(u[i]);
- BIG_modneg(t,u[i],q);
- nn=BIG_nbits(t);
- if (nn<np)
- {
- BIG_copy(u[i],t);
- FP12_conj(&g[i],&g[i]);
- }
- }
- FP12_pow4(f,g,u);
-
-#else
- FP12_pow(f,f,e);
-#endif
-}
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-int PAIR_GTmember(FP12 *m)
-{
- BIG a,b;
- FP2 X;
- FP12 r,w;
- if (FP12_isunity(m)) return 0;
- FP12_conj(&r,m);
- FP12_mul(&r,m);
- if (!FP12_isunity(&r)) return 0;
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&X,a,b);
-
-
- FP12_copy(&r,m); FP12_frob(&r,&X); FP12_frob(&r,&X);
- FP12_copy(&w,&r); FP12_frob(&w,&X); FP12_frob(&w,&X);
- FP12_mul(&w,m);
-
-
-#ifndef GT_STRONG
- if (!FP12_equals(&w,&r)) return 0;
-
- BIG_rcopy(a,CURVE_Bnx);
-
- FP12_copy(&r,m); FP12_pow(&w,&r,a); FP12_pow(&w,&w,a);
- FP12_sqr(&r,&w); FP12_mul(&r,&w); FP12_sqr(&r,&r);
-
- FP12_copy(&w,m); FP12_frob(&w,&X);
- #endif
-
- return FP12_equals(&w,&r);
-}
-
-#ifdef HAS_MAIN
-
-#if CHOICE==BNT
-
-const BIG TEST_Gx={0x18AFF11A,0xF2EF406,0xAF68220,0x171F2E27,0x6BA0959,0x124C50E0,0x450BE27,0x7003EA8,0x8A914};
-const BIG TEST_Gy={0x6E010F4,0xA71D07E,0x7ECADA8,0x8260E8E,0x1F79C328,0x17A09412,0xBFAE690,0x1C57CBD1,0x17DF54};
-
-const BIG TEST_Pxa={0x1047D566,0xD83CD71,0x10322E9D,0x991FA93,0xA282C48,0x18AEBEC8,0xCB05850,0x13B4F669,0x21794A};
-const BIG TEST_Pxb={0x1E305936,0x16885BF1,0x327060,0xE26F794,0x1547D870,0x1963E5B2,0x1BEBB96C,0x988A33C,0x1A9B47};
-const BIG TEST_Pya={0x20FF876,0x4427E67,0x18732211,0xE88E45E,0x174D1A7E,0x17D877ED,0x343AB37,0x97EB453,0xB00D5};
-const BIG TEST_Pyb={0x1D746B7B,0x732F4C2,0x122A49B0,0x16267985,0x235DF56,0x10B1E4D,0x14D8F210,0x17A05C3E,0x5ECF8};
-
-#endif
-
-#if CHOICE==BNT2
-
-const BIG TEST_Gx={0x15488765,0x46790D7,0xD9900A,0x1DFB43F,0x9F2D307,0xC4724E8,0x5678E51,0x15C3E3A7,0x1BEC8E};
-const BIG TEST_Gy={0x3D3273C,0x1AFA5FF,0x1880A139,0xACD34DF,0x17493067,0x10FA4103,0x1D4C9766,0x1A73F3DB,0x2D148};
-
-const BIG TEST_Pxa={0xF8DC275,0xAC27FA,0x11815151,0x152691C8,0x5CDEBF1,0x7D5A965,0x1BF70CE3,0x679A1C8,0xD62CF};
-const BIG TEST_Pxb={0x1D17D7A8,0x6B28DF4,0x174A0389,0xFE67E5F,0x1FA97A3C,0x7F5F473,0xFFB5146,0x4BC19A5,0x227010};
-const BIG TEST_Pya={0x16CC1F90,0x5284627,0x171B91AB,0x11F843B9,0x1D468755,0x67E279C,0x19FE0EF8,0x1A0CAA6B,0x1CC6CB};
-const BIG TEST_Pyb={0x1FF0CF2A,0xBC83255,0x6DD6EE8,0xB8B752F,0x13E484EC,0x1809BE81,0x1A648AA1,0x8CEF3F3,0x86EE};
-
-
-#endif
-
-int main()
-{
- int i;
- char byt[32];
- csprng rng;
- BIG xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r;
- ECP2 P,G;
- ECP Q,R;
- FP12 g,gp;
- FP4 t,c,cp,cpm1,cpm2;
- FP2 x,y,X;
-
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&X,a,b);
-
- BIG_rcopy(xa,TEST_Gx);
- BIG_rcopy(ya,TEST_Gy);
-
- ECP_set(&Q,xa,ya);
- if (Q.inf) printf("Failed to set - point not on curve\n");
- else printf("G1 set success\n");
-
- printf("Q= "); ECP_output(&Q); printf("\n");
-
-// BIG_rcopy(r,CURVE_Order); BIG_dec(r,7); BIG_norm(r);
- BIG_rcopy(xa,TEST_Pxa);
- BIG_rcopy(xb,TEST_Pxb);
- BIG_rcopy(ya,TEST_Pya);
- BIG_rcopy(yb,TEST_Pyb);
-
- FP2_from_BIGs(&x,xa,xb);
- FP2_from_BIGs(&y,ya,yb);
-
- ECP2_set(&P,&x,&y);
- if (P.inf) printf("Failed to set - point not on curve\n");
- else printf("G2 set success\n");
-
- printf("P= "); ECP2_output(&P); printf("\n");
-
-//for (i=0;i<1000;i++ )
-//{
-
- PAIR_ate(&g,&P,&Q);
- PAIR_fexp(&g);
-
-// PAIR_GTpow(&g,xa);
-
-//}
- printf("g3= ");FP12_output(&g); printf("\n");
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/rand.c
----------------------------------------------------------------------
diff --git a/c/rand.c b/c/rand.c
deleted file mode 100755
index 4075de1..0000000
--- a/c/rand.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-/* SU=m, m is Stack Usage */
-
-#include "amcl.h"
-
-/* SU= 20 */
-static unsign32 sbrand(csprng *rng)
-{ /* Marsaglia & Zaman random number generator */
- int i,k;
- unsign32 pdiff,t;
- rng->rndptr++;
- if (rng->rndptr<NK) return rng->ira[rng->rndptr];
- rng->rndptr=0;
- for (i=0,k=NK-NJ;i<NK;i++,k++)
- { /* calculate next NK values */
- if (k==NK) k=0;
- t=rng->ira[k];
- pdiff=t - rng->ira[i] - rng->borrow;
-
- if (pdiff<t) rng->borrow=0;
- if (pdiff>t) rng->borrow=1;
- rng->ira[i]=pdiff;
- }
- return rng->ira[0];
-}
-
-/* SU= 20 */
-static void sirand(csprng* rng,unsign32 seed)
-{ /* initialise random number system */
- /* modified so that a subsequent call "stirs" in another seed value */
- /* in this way as many seed bits as desired may be used */
- int i,in;
- unsign32 t,m=1;
- rng->borrow=0L;
- rng->rndptr=0;
- rng->ira[0]^=seed;
- for (i=1;i<NK;i++)
- { /* fill initialisation vector */
- in=(NV*i)%NK;
- rng->ira[in]^=m; /* note XOR */
- t=m;
- m=seed-m;
- seed=t;
- }
- for (i=0;i<10000;i++) sbrand(rng ); /* "warm-up" & stir the generator */
-}
-
-/* SU= 312 */
-static void fill_pool(csprng *rng)
-{ /* hash down output of RNG to re-fill the pool */
- int i;
- hash sh;
- HASH_init(&sh);
- for (i=0;i<128;i++) HASH_process(&sh,sbrand(rng));
- HASH_hash(&sh,rng->pool);
- rng->pool_ptr=0;
-}
-
-static unsign32 pack(const uchar *b)
-{ /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-/* SU= 360 */
-/* Initialize RNG with some real entropy from some external source */
-void RAND_seed(csprng *rng,int rawlen,char *raw)
-{ /* initialise from at least 128 byte string of raw *
- * random (keyboard?) input, and 32-bit time-of-day */
- int i;
- char digest[32];
- uchar b[4];
- hash sh;
- rng->pool_ptr=0;
- for (i=0;i<NK;i++) rng->ira[i]=0;
- if (rawlen>0)
- {
- HASH_init(&sh);
- for (i=0;i<rawlen;i++)
- HASH_process(&sh,raw[i]);
- HASH_hash(&sh,digest);
-
-/* initialise PRNG from distilled randomness */
-
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- // printf("%08x\n",pack(b));
- sirand(rng,pack(b));
- }
- }
- fill_pool(rng);
-}
-
-/* Terminate and clean up */
-void RAND_clean(csprng *rng)
-{ /* kill internal state */
- int i;
- rng->pool_ptr=rng->rndptr=0;
- for (i=0;i<32;i++) rng->pool[i]=0;
- for (i=0;i<NK;i++) rng->ira[i]=0;
- rng->borrow=0;
-}
-
-/* get random byte */
-/* SU= 8 */
-int RAND_byte(csprng *rng)
-{
- int r;
- r=rng->pool[rng->pool_ptr++];
- if (rng->pool_ptr>=32) fill_pool(rng);
- return (r&0xff);
-}
-
-/* test main program */
-/*
-#include <stdio.h>
-#include <string.h>
-
-void main()
-{
- int i;
- char raw[256];
- csprng rng;
-
- RAND_clean(&rng);
-
-
- for (i=0;i<256;i++) raw[i]=(char)i;
- RAND_seed(&rng,256,raw);
-
- for (i=0;i<1000;i++)
- printf("%02x ",(unsigned char)RAND_byte(&rng));
-}
-
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/readme.txt
----------------------------------------------------------------------
diff --git a/c/readme.txt b/c/readme.txt
deleted file mode 100644
index 5c19b62..0000000
--- a/c/readme.txt
+++ /dev/null
@@ -1,62 +0,0 @@
-AMCL is very simple to build.
-
-The examples here are for GCC under Linux and Windows (using MINGW).
-
-First - decide what you want to do. Edit amcl_.h - note there is only
-one area where USER CONFIGURABLE input is requested.
-
-Here set the wordlength of your computer, and choose your curve.
-
-Once this is done, build the library, and compile and link your program
-with an API file and the ROM file rom.c that contains curve constants.
-
-Three example API files are provided, mpin.c which supports our M-Pin
-(tm) protocol, ecdh.c which supports standard elliptic
-curve key exchange, digital signature and public key crypto, and rsa.c
-which supports the RSA method. The first
-can be tested using the testmpin.c driver programs, the second can
-be tested using testecm/testecdh.c, and the third can be tested using
-testrsa.c
-
-In the ROM file you must provide the curve constants. Several examples
-are provided there, and if you are willing to use one of these, simply
-select your curve of CHOICE in amcl_.h
-
-Example (1), in amcl_.h choose
-
-#define CHOICE BN
-
-Under windows run the batch file build_pair.bat to build the amcl.a library
-and the testmpin.exe applications.
-
-For linux execute "bash build_pair"
-
-Example (2), in amcl_.h choose
-
-#define CHOICE C25519
-
-to select the Edwards curve ed25519.
-
-Under Windows run the batch file build_ec.bat to build the amcl.a library and
-the testecdh.exe application.
-
-For Linux execute "bash build_ec"
-
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The program bngen.cpp generates a ROM file for a
-BN curve, and the program ecgen.cpp generates the ROM for EC curves.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-
-For quick jumpstart:-
-
-(Linux)
-bash build_pair
-./testmpin
-
-(Windows + MingW)
-build_pair
-testmpin
[30/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-cgo/README.txt
----------------------------------------------------------------------
diff --git a/go/examples-cgo/README.txt b/go/examples-cgo/README.txt
deleted file mode 100644
index cc05766..0000000
--- a/go/examples-cgo/README.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-When the library is built with;
-
--D USE_ANONYMOUS=on
-
-then the only example that works is mpinfullAnon.go
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-cgo/mpin.go
----------------------------------------------------------------------
diff --git a/go/examples-cgo/mpin.go b/go/examples-cgo/mpin.go
deleted file mode 100644
index 35b1d03..0000000
--- a/go/examples-cgo/mpin.go
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo"
- amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amclcgo.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amclcgo.MPIN_today()
-
- // Epoch time in seconds
- timeValue := amclcgo.MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- // Generate Master Secret Share 1
- rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS1: 0x")
- amclcgo.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS2: 0x")
- amclcgo.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amclcgo.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS1: 0x")
- amclcgo.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS2: 0x")
- amclcgo.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amclcgo.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS1: 0x")
- amclcgo.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS2: 0x")
- amclcgo.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares
- CS := make([]byte, amclcgo.G1S)
- rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amclcgo.MPIN_printBinary(CS[:])
-
- // Generate time permit share 1
- rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP1: 0x")
- amclcgo.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP2: 0x")
- amclcgo.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amclcgo.MPIN_printBinary(TOKEN[:])
-
- ////// Client //////
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- // Send U, UT, V, timeValue and Message to server
- var X [amclcgo.EGS]byte
- fmt.Printf("X: 0x")
- amclcgo.MPIN_printBinary(X[:])
- rtn, XOut, Y1, SEC, U, UT := amclcgo.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Y1: 0x")
- amclcgo.MPIN_printBinary(Y1[:])
- fmt.Printf("XOut: 0x")
- amclcgo.MPIN_printBinary(XOut[:])
-
- ////// Server //////
- rtn, HID, HTID, Y2, E, F := amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn)
- }
- fmt.Printf("Y2: 0x")
- amclcgo.MPIN_printBinary(Y2[:])
- fmt.Printf("HID: 0x")
- amclcgo.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amclcgo.MPIN_printBinary(HTID[:])
-
- if rtn != 0 {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- err := amclcgo.MPIN_KANGAROO(E[:], F[:])
- if err != 0 {
- fmt.Printf("PIN Error %d\n", err)
- }
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-cgo/mpinTwoPass.go
----------------------------------------------------------------------
diff --git a/go/examples-cgo/mpinTwoPass.go b/go/examples-cgo/mpinTwoPass.go
deleted file mode 100644
index 9e4cc62..0000000
--- a/go/examples-cgo/mpinTwoPass.go
+++ /dev/null
@@ -1,227 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo"
- amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amclcgo.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amclcgo.MPIN_today()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate Master Secret Share 1
- rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS1: 0x")
- amclcgo.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS2: 0x")
- amclcgo.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amclcgo.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS1: 0x")
- amclcgo.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS2: 0x")
- amclcgo.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amclcgo.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS1: 0x")
- amclcgo.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS2: 0x")
- amclcgo.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares
- CS := make([]byte, amclcgo.G1S)
- rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amclcgo.MPIN_printBinary(CS[:])
-
- // Generate time permit share 1
- rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP1: 0x")
- amclcgo.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP2: 0x")
- amclcgo.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amclcgo.MPIN_printBinary(TOKEN[:])
-
- ////// Client //////
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- ////// Client Pass 1 //////
- // Send U and UT to server
- var X [amclcgo.EGS]byte
- fmt.Printf("X: 0x")
- amclcgo.MPIN_printBinary(X[:])
- rtn, XOut, SEC, U, UT := amclcgo.MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
- fmt.Printf("XOut: 0x")
- amclcgo.MPIN_printBinary(XOut[:])
-
- ////// Server Pass 1 //////
- /* Calculate H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- HID, HTID := amclcgo.MPIN_SERVER_1_WRAP(date, ID)
-
- /* Send Y to Client */
- rtn, Y := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("Y: 0x")
- amclcgo.MPIN_printBinary(Y[:])
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn, V := amclcgo.MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn)
- }
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
- rtn, _, _ = amclcgo.MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: MPIN_SERVER_2 rtn: %d\n", rtn)
- }
- fmt.Printf("HID: 0x")
- amclcgo.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amclcgo.MPIN_printBinary(HTID[:])
-
- if rtn != 0 {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-cgo/mpinfull.go
----------------------------------------------------------------------
diff --git a/go/examples-cgo/mpinfull.go b/go/examples-cgo/mpinfull.go
deleted file mode 100644
index 5a6a649..0000000
--- a/go/examples-cgo/mpinfull.go
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo"
- amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amclcgo.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amclcgo.MPIN_today()
-
- // Epoch time in seconds
- timeValue := amclcgo.MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- // Generate Master Secret Share 1
- rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS1: 0x")
- amclcgo.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS2: 0x")
- amclcgo.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amclcgo.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS1: 0x")
- amclcgo.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS2: 0x")
- amclcgo.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amclcgo.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS1: 0x")
- amclcgo.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS2: 0x")
- amclcgo.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares
- CS := make([]byte, amclcgo.G1S)
- rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amclcgo.MPIN_printBinary(CS[:])
-
- // Generate time permit share 1
- rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP1: 0x")
- amclcgo.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP2: 0x")
- amclcgo.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amclcgo.MPIN_printBinary(TOKEN[:])
-
- ////// Client //////
-
- // Precomputation
- rtn, G1, G2 := amclcgo.MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_PRECOMPUTE(TOKEN[:], HCID) Error:", rtn)
- return
- }
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- // Send U, UT, V, timeValue and Message to server
- var X [amclcgo.EGS]byte
- fmt.Printf("X: 0x")
- amclcgo.MPIN_printBinary(X[:])
- rtn, XOut, Y1, V, U, UT := amclcgo.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Y1: 0x")
- amclcgo.MPIN_printBinary(Y1[:])
- fmt.Printf("XOut: 0x")
- amclcgo.MPIN_printBinary(XOut[:])
-
- // Send Z=r.ID to Server
- var R [amclcgo.EGS]byte
- fmt.Printf("R: 0x")
- amclcgo.MPIN_printBinary(R[:])
- rtn, ROut, Z := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:])
- fmt.Printf("ROut: 0x")
- amclcgo.MPIN_printBinary(ROut[:])
-
- ////// Server //////
- rtn, HID, HTID, Y2, E, F := amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], ID[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn)
- }
- fmt.Printf("Y2: 0x")
- amclcgo.MPIN_printBinary(Y2[:])
- fmt.Printf("HID: 0x")
- amclcgo.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amclcgo.MPIN_printBinary(HTID[:])
-
- if rtn != 0 {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- err := amclcgo.MPIN_KANGAROO(E[:], F[:])
- if err != 0 {
- fmt.Printf("PIN Error %d\n", err)
- }
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-
- // send T=w.ID to client
- var W [amclcgo.EGS]byte
- fmt.Printf("W: 0x")
- amclcgo.MPIN_printBinary(W[:])
- rtn, WOut, T := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:])
- fmt.Printf("WOut: 0x")
- amclcgo.MPIN_printBinary(WOut[:])
- fmt.Printf("T: 0x")
- amclcgo.MPIN_printBinary(T[:])
-
- // Hash all values
- HM := amclcgo.MPIN_HASH_ALL_WRAP(ID[:],U[:],UT[:],Y2[:],V[:],Z[:],T[:])
-
- rtn, AES_KEY_SERVER := amclcgo.MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], HM[:],HID[:],U[:], UT[:])
- fmt.Printf("Server Key = 0x")
- amclcgo.MPIN_printBinary(AES_KEY_SERVER[:])
-
- rtn, AES_KEY_CLIENT := amclcgo.MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], HM[:],T[:])
- fmt.Printf("Client Key = 0x")
- amclcgo.MPIN_printBinary(AES_KEY_CLIENT[:])
-
- ////// Server //////
-
- // Initialization vector
- IV := amclgo.GENERATE_RANDOM(rng, 12)
- fmt.Printf("IV: 0x")
- amclcgo.MPIN_printBinary(IV[:])
-
- // header
- HEADER := amclgo.GENERATE_RANDOM(rng, 16)
- fmt.Printf("HEADER: 0x")
- amclcgo.MPIN_printBinary(HEADER[:])
-
- // Input plaintext
- plaintextStr := "A test message"
- PLAINTEXT1 := []byte(plaintextStr)
- fmt.Printf("String to encrypt: %s \n", plaintextStr)
- fmt.Printf("PLAINTEXT1: 0x")
- amclcgo.MPIN_printBinary(PLAINTEXT1[:])
-
- // AES-GCM Encryption
- CIPHERTEXT, TAG1 := amclcgo.MPIN_AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:])
- fmt.Printf("CIPHERTEXT: 0x")
- amclcgo.MPIN_printBinary(CIPHERTEXT[:])
- fmt.Printf("TAG1: 0x")
- amclcgo.MPIN_printBinary(TAG1[:])
-
- // Send IV, HEADER, CIPHERTEXT and TAG1 to client
-
- // AES-GCM Decryption
- PLAINTEXT2, TAG2 := amclcgo.MPIN_AES_GCM_DECRYPT(AES_KEY_CLIENT[:], IV[:], HEADER[:], CIPHERTEXT[:])
- fmt.Printf("PLAINTEXT2: 0x")
- amclcgo.MPIN_printBinary(PLAINTEXT2[:])
- fmt.Printf("TAG2: 0x")
- amclcgo.MPIN_printBinary(TAG2[:])
- fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2))
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-cgo/mpinfullAnon.go
----------------------------------------------------------------------
diff --git a/go/examples-cgo/mpinfullAnon.go b/go/examples-cgo/mpinfullAnon.go
deleted file mode 100644
index 57472cb..0000000
--- a/go/examples-cgo/mpinfullAnon.go
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-// Use MPIN with only hashed IDs to the server
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo"
- amclgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amclcgo.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amclcgo.MPIN_today()
-
- // Epoch time in seconds
- timeValue := amclcgo.MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amclgo.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- // Generate Master Secret Share 1
- rtn, MS1 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS1: 0x")
- amclcgo.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- rtn, MS2 := amclcgo.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS2: 0x")
- amclcgo.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amclcgo.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- rtn, SS1 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS1: 0x")
- amclcgo.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- rtn, SS2 := amclcgo.MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS2: 0x")
- amclcgo.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn, SS := amclcgo.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amclcgo.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- rtn, CS1 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS1: 0x")
- amclcgo.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- rtn, CS2 := amclcgo.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS2: 0x")
- amclcgo.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares
- CS := make([]byte, amclcgo.G1S)
- rtn, CS = amclcgo.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amclcgo.MPIN_printBinary(CS[:])
-
- // Generate time permit share 1
- rtn, TP1 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP1: 0x")
- amclcgo.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- rtn, TP2 := amclcgo.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP2: 0x")
- amclcgo.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn, TP := amclcgo.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- rtn, TOKEN := amclcgo.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amclcgo.MPIN_printBinary(TOKEN[:])
-
- ////// Client //////
-
- // Precomputation
- rtn, G1, G2 := amclcgo.MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_PRECOMPUTE(TOKEN[:], HCID) Error:", rtn)
- return
- }
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- // Send U, UT, V, timeValue and Message to server
- var X [amclcgo.EGS]byte
- fmt.Printf("X: 0x")
- amclcgo.MPIN_printBinary(X[:])
- rtn, XOut, Y1, V, U, UT := amclcgo.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Y1: 0x")
- amclcgo.MPIN_printBinary(Y1[:])
- fmt.Printf("XOut: 0x")
- amclcgo.MPIN_printBinary(XOut[:])
-
- // Send Z=r.ID to Server
- var R [amclcgo.EGS]byte
- fmt.Printf("R: 0x")
- amclcgo.MPIN_printBinary(R[:])
- rtn, ROut, Z := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:])
- fmt.Printf("ROut: 0x")
- amclcgo.MPIN_printBinary(ROut[:])
-
- ////// Server //////
- rtn, HID, HTID, Y2, E, F := amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], V[:], HCID[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn)
- }
- fmt.Printf("Y2: 0x")
- amclcgo.MPIN_printBinary(Y2[:])
- fmt.Printf("HID: 0x")
- amclcgo.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amclcgo.MPIN_printBinary(HTID[:])
-
- if rtn != 0 {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- err := amclcgo.MPIN_KANGAROO(E[:], F[:])
- if err != 0 {
- fmt.Printf("PIN Error %d\n", err)
- }
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-
- // send T=w.ID to client
- var W [amclcgo.EGS]byte
- fmt.Printf("W: 0x")
- amclcgo.MPIN_printBinary(W[:])
- rtn, WOut, T := amclcgo.MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:])
- fmt.Printf("WOut: 0x")
- amclcgo.MPIN_printBinary(WOut[:])
- fmt.Printf("T: 0x")
- amclcgo.MPIN_printBinary(T[:])
-
- // Hash all values
- HM := amclcgo.MPIN_HASH_ALL_WRAP(HCID[:], U[:], UT[:], Y2[:], V[:], Z[:], T[:])
-
- rtn, AES_KEY_SERVER := amclcgo.MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], HM[:], HID[:], U[:], UT[:])
- fmt.Printf("Server Key = 0x")
- amclcgo.MPIN_printBinary(AES_KEY_SERVER[:])
-
- rtn, AES_KEY_CLIENT := amclcgo.MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], HM[:], T[:])
- fmt.Printf("Client Key = 0x")
- amclcgo.MPIN_printBinary(AES_KEY_CLIENT[:])
-
- ////// Server //////
-
- // Initialization vector
- IV := amclgo.GENERATE_RANDOM(rng, 12)
- fmt.Printf("IV: 0x")
- amclcgo.MPIN_printBinary(IV[:])
-
- // header
- HEADER := amclgo.GENERATE_RANDOM(rng, 16)
- fmt.Printf("HEADER: 0x")
- amclcgo.MPIN_printBinary(HEADER[:])
-
- // Input plaintext
- plaintextStr := "A test message"
- PLAINTEXT1 := []byte(plaintextStr)
- fmt.Printf("String to encrypt: %s \n", plaintextStr)
- fmt.Printf("PLAINTEXT1: 0x")
- amclcgo.MPIN_printBinary(PLAINTEXT1[:])
-
- // AES-GCM Encryption
- CIPHERTEXT, TAG1 := amclcgo.MPIN_AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:])
- fmt.Printf("CIPHERTEXT: 0x")
- amclcgo.MPIN_printBinary(CIPHERTEXT[:])
- fmt.Printf("TAG1: 0x")
- amclcgo.MPIN_printBinary(TAG1[:])
-
- // Send IV, HEADER, CIPHERTEXT and TAG1 to client
-
- // AES-GCM Decryption
- PLAINTEXT2, TAG2 := amclcgo.MPIN_AES_GCM_DECRYPT(AES_KEY_CLIENT[:], IV[:], HEADER[:], CIPHERTEXT[:])
- fmt.Printf("PLAINTEXT2: 0x")
- amclcgo.MPIN_printBinary(PLAINTEXT2[:])
- fmt.Printf("TAG2: 0x")
- amclcgo.MPIN_printBinary(TAG2[:])
- fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2))
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-cgo/timempin.go
----------------------------------------------------------------------
diff --git a/go/examples-cgo/timempin.go b/go/examples-cgo/timempin.go
deleted file mode 100644
index d055bce..0000000
--- a/go/examples-cgo/timempin.go
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "flag"
- "log"
- "os"
- "runtime/pprof"
- "time"
-
- amclcgo "git.apache.org/incubator-milagro-crypto.git/go/amcl-cgo"
-)
-
-// Number of iterations to time functions
-const nIter int = 1000
-
-var cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file")
-
-func main() {
- flag.Parse()
- if *cpuprofile != "" {
- f, err := os.Create(*cpuprofile)
- if err != nil {
- log.Fatal(err)
- }
- pprof.StartCPUProfile(f)
- defer pprof.StopCPUProfile()
- }
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16673
-
- // Epoch time in seconds
- timeValue := 1440594584
-
- SSHex := "07f8181687f42ce22ea0dee4ba9df3f2cea67ad2d79e59adc953142556d510831bbd59e9477ac479019887020579aed16af43dc7089ae8c14262e64b5d09740109917efd0618c557fbf7efaa68fb64e8d46b3766bb184dea9bef9638f23bbbeb03aedbc6e4eb9fbd658719aab26b849638690521723c0efb9c8622df2a8efa3c"
- SS, _ := hex.DecodeString(SSHex)
- UHex := "0403e76a28df08ea591912e0ff84ebf419e21aadf8ec5aed4b0f3cd0fc1cdea14a06f05a3be4f9f2d16530c6b4934da2e3439ea287796faac079d396f8cdb9f565"
- U, _ := hex.DecodeString(UHex)
- UTHex := "041012e53c991edc9514889de50fb7d893c406dc9bf4c89d46fec9ba408cc5f596226402e7c468c823a28b9003a3944c4600a1b797f10cf01060d3729729212932"
- UT, _ := hex.DecodeString(UTHex)
- SECHex := "04051b0d3e9dfdb2a378f0ac7056fb264a900d0867e39c334950527d8c460d76132346bf8ed8a419e2eab4ad52a8b7a51d8c09cbcfa4e80bc0487965ece72ab0ce"
- SEC, _ := hex.DecodeString(SECHex)
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- t0 := time.Now()
- var rtn int
- for i := 0; i < nIter; i++ {
- rtn, _, _, _, _, _ = amclcgo.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:])
- }
- t1 := time.Now()
- log.Printf("Number Iterations: %d Time: %v\n", nIter, t1.Sub(t0))
-
- if rtn != 0 {
- log.Printf("Authentication failed Error Code %d\n", rtn)
- return
- } else {
- log.Printf("Authenticated ID: %s \n", IDstr)
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/ecdh.go
----------------------------------------------------------------------
diff --git a/go/examples-go/ecdh.go b/go/examples-go/ecdh.go
deleted file mode 100644
index 190ea14..0000000
--- a/go/examples-go/ecdh.go
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
-
- // j:=0
- pp := "M0ng00se"
- res := 0
-
- var S1 [amcl.ECDH_EGS]byte
- var W0 [2*amcl.ECDH_EFS + 1]byte
- var W1 [2*amcl.ECDH_EFS + 1]byte
- var Z0 [amcl.ECDH_EFS]byte
- var Z1 [amcl.ECDH_EFS]byte
- var RAW [100]byte
- var SALT [8]byte
- var P1 [3]byte
- var P2 [4]byte
- var V [2*amcl.ECDH_EFS + 1]byte
- var M [17]byte
- var T [12]byte
- var CS [amcl.ECDH_EGS]byte
- var DS [amcl.ECDH_EGS]byte
-
- rng := amcl.NewRAND()
-
- rng.Clean()
- for i := 0; i < 100; i++ {
- RAW[i] = byte(i)
- }
-
- rng.Seed(100, RAW[:])
-
- //for j:=0;j<100;j++ {
-
- for i := 0; i < 8; i++ {
- SALT[i] = byte(i + 1)
- } // set Salt
-
- fmt.Printf("Alice's Passphrase= " + pp)
- fmt.Printf("\n")
- PW := []byte(pp)
-
- /* private key S0 of size EGS bytes derived from Password and Salt */
-
- S0 := amcl.PBKDF2(PW, SALT[:], 1000, amcl.ECDH_EGS)
-
- fmt.Printf("Alice's private key= 0x")
- amcl.ECDH_printBinary(S0)
-
- /* Generate Key pair S/W */
- amcl.ECDH_KEY_PAIR_GENERATE(nil, S0, W0[:])
-
- fmt.Printf("Alice's public key= 0x")
- amcl.ECDH_printBinary(W0[:])
-
- res = amcl.ECDH_PUBLIC_KEY_VALIDATE(true, W0[:])
- if res != 0 {
- fmt.Printf("ECP Public Key is invalid!\n")
- return
- }
-
- /* Random private key for other party */
- amcl.ECDH_KEY_PAIR_GENERATE(rng, S1[:], W1[:])
-
- fmt.Printf("Servers private key= 0x")
- amcl.ECDH_printBinary(S1[:])
-
- fmt.Printf("Servers public key= 0x")
- amcl.ECDH_printBinary(W1[:])
-
- res = amcl.ECDH_PUBLIC_KEY_VALIDATE(true, W1[:])
- if res != 0 {
- fmt.Printf("ECP Public Key is invalid!\n")
- return
- }
- /* Calculate common key using DH - IEEE 1363 method */
-
- amcl.ECPSVDP_DH(S0, W1[:], Z0[:])
- amcl.ECPSVDP_DH(S1[:], W0[:], Z1[:])
-
- same := true
- for i := 0; i < amcl.ECDH_EFS; i++ {
- if Z0[i] != Z1[i] {
- same = false
- }
- }
-
- if !same {
- fmt.Printf("*** ECPSVDP-DH Failed\n")
- return
- }
-
- KEY := amcl.KDF1(Z0[:], amcl.ECDH_EAS)
-
- fmt.Printf("Alice's DH Key= 0x")
- amcl.ECDH_printBinary(KEY)
- fmt.Printf("Servers DH Key= 0x")
- amcl.ECDH_printBinary(KEY)
-
- if amcl.CURVETYPE != amcl.MONTGOMERY {
- fmt.Printf("Testing ECIES\n")
-
- P1[0] = 0x0
- P1[1] = 0x1
- P1[2] = 0x2
- P2[0] = 0x0
- P2[1] = 0x1
- P2[2] = 0x2
- P2[3] = 0x3
-
- for i := 0; i <= 16; i++ {
- M[i] = byte(i)
- }
-
- C := amcl.ECIES_ENCRYPT(P1[:], P2[:], rng, W1[:], M[:], V[:], T[:])
-
- fmt.Printf("Ciphertext= \n")
- fmt.Printf("V= 0x")
- amcl.ECDH_printBinary(V[:])
- fmt.Printf("C= 0x")
- amcl.ECDH_printBinary(C)
- fmt.Printf("T= 0x")
- amcl.ECDH_printBinary(T[:])
-
- RM := amcl.ECIES_DECRYPT(P1[:], P2[:], V[:], C, T[:], S1[:])
- if RM == nil {
- fmt.Printf("*** ECIES Decryption Failed\n")
- return
- } else {
- fmt.Printf("Decryption succeeded\n")
- }
-
- fmt.Printf("Message is 0x")
- amcl.ECDH_printBinary(RM)
-
- fmt.Printf("Testing ECDSA\n")
-
- if amcl.ECPSP_DSA(rng, S0, M[:], CS[:], DS[:]) != 0 {
- fmt.Printf("***ECDSA Signature Failed\n")
- return
- }
- fmt.Printf("Signature= \n")
- fmt.Printf("C= 0x")
- amcl.ECDH_printBinary(CS[:])
- fmt.Printf("D= 0x")
- amcl.ECDH_printBinary(DS[:])
-
- if amcl.ECPVP_DSA(W0[:], M[:], CS[:], DS[:]) != 0 {
- fmt.Printf("***ECDSA Verification Failed\n")
- return
- } else {
- fmt.Printf("ECDSA Signature/Verification succeeded \n")
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/generateRandom.go
----------------------------------------------------------------------
diff --git a/go/examples-go/generateRandom.go b/go/examples-go/generateRandom.go
deleted file mode 100644
index 83faf1b..0000000
--- a/go/examples-go/generateRandom.go
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Password Based Key Derivation Function Example */
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amcl.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate random byte values
- for i := 0; i < 10; i++ {
- val := amcl.GENERATE_RANDOM(rng, 12)
- fmt.Printf("Random byte array %s\n", hex.EncodeToString(val))
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/mpin.go
----------------------------------------------------------------------
diff --git a/go/examples-go/mpin.go b/go/examples-go/mpin.go
deleted file mode 100644
index 4ee3ae7..0000000
--- a/go/examples-go/mpin.go
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-/* Configure mode of operation */
-
-const PERMITS bool = true
-const PINERROR bool = true
-const FULL bool = true
-const SINGLE_PASS bool = true
-
-func main() {
- rng := amcl.NewRAND()
- var raw [100]byte
- for i := 0; i < 100; i++ {
- raw[i] = byte(i + 1)
- }
- rng.Seed(100, raw[:])
-
- const EGS = amcl.MPIN_EGS
- const EFS = amcl.MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS int = 16
-
- var S [EGS]byte
- var SST [G2S]byte
- var TOKEN [G1S]byte
- var PERMIT [G1S]byte
- var SEC [G1S]byte
- var xID [G1S]byte
- var xCID [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- var G1 [12 * EFS]byte
- var G2 [12 * EFS]byte
- var R [EGS]byte
- var Z [G1S]byte
- var W [EGS]byte
- var T [G1S]byte
- var CK [EAS]byte
- var SK [EAS]byte
- var MESSAGE [256]byte
-
- /* Trusted Authority set-up */
-
- amcl.MPIN_RANDOM_GENERATE(rng, S[:])
- fmt.Printf("Master Secret s: 0x")
- amcl.MPIN_printBinary(S[:])
-
- /* Create Client Identity */
- IDstr := "testUser@miracl.com"
- CLIENT_ID := []byte(IDstr)
-
- HCID := amcl.MPIN_HASH_ID(CLIENT_ID) /* Either Client or TA calculates Hash(ID) - you decide! */
-
- fmt.Printf("Client ID= ")
- amcl.MPIN_printBinary(CLIENT_ID)
- fmt.Printf("\n")
-
- /* Client and Server are issued secrets by DTA */
- amcl.MPIN_GET_SERVER_SECRET(S[:], SST[:])
- fmt.Printf("Server Secret SS: 0x")
- amcl.MPIN_printBinary(SST[:])
-
- amcl.MPIN_GET_CLIENT_SECRET(S[:], HCID, TOKEN[:])
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(TOKEN[:])
-
- /* Client extracts PIN from secret to create Token */
- pin := 1234
- fmt.Printf("Client extracts PIN= %d", pin)
- fmt.Printf("\n")
- rtn := amcl.MPIN_EXTRACT_PIN(CLIENT_ID, pin, TOKEN[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d", rtn)
- fmt.Printf("\n")
- }
-
- fmt.Printf("Client Token TK: 0x")
- amcl.MPIN_printBinary(TOKEN[:])
-
- if FULL {
- amcl.MPIN_PRECOMPUTE(TOKEN[:], HCID, G1[:], G2[:])
- }
-
- date := 0
- if PERMITS {
- date = amcl.MPIN_today()
- /* Client gets "Time Token" permit from DTA */
- amcl.MPIN_GET_CLIENT_PERMIT(date, S[:], HCID, PERMIT[:])
- fmt.Printf("Time Permit TP: 0x")
- amcl.MPIN_printBinary(PERMIT[:])
-
- /* This encoding makes Time permit look random - Elligator squared */
- amcl.MPIN_ENCODING(rng, PERMIT[:])
- fmt.Printf("Encoded Time Permit TP: 0x")
- amcl.MPIN_printBinary(PERMIT[:])
- amcl.MPIN_DECODING(PERMIT[:])
- fmt.Printf("Decoded Time Permit TP: 0x")
- amcl.MPIN_printBinary(PERMIT[:])
- }
-
- pin = -1
- for pin < 0 {
- fmt.Printf("\nPIN= ")
- fmt.Scanf("%d", &pin)
- }
-
- pxID := xID[:]
- pxCID := xCID[:]
- pHID := HID[:]
- pHTID := HTID[:]
- pE := E[:]
- pF := F[:]
- pPERMIT := PERMIT[:]
- var prHID []byte
-
- if date != 0 {
- prHID = pHTID
- if !PINERROR {
- pxID = nil
- pHID = nil
- }
- } else {
- prHID = pHID
- pPERMIT = nil
- pxCID = nil
- pHTID = nil
- }
- if !PINERROR {
- pE = nil
- pF = nil
- }
-
- if SINGLE_PASS {
- fmt.Printf("MPIN Single Pass\n")
- timeValue := amcl.MPIN_GET_TIME()
- rtn = amcl.MPIN_CLIENT(date, CLIENT_ID, rng, X[:], pin, TOKEN[:], SEC[:], pxID, pxCID, pPERMIT, MESSAGE[:], timeValue, Y[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- }
-
- if FULL {
- HCID = amcl.MPIN_HASH_ID(CLIENT_ID)
- amcl.MPIN_GET_G1_MULTIPLE(rng, 1, R[:], HCID, Z[:]) /* Also Send Z=r.ID to Server, remember random r */
- }
-
- rtn = amcl.MPIN_SERVER(date, pHID, pHTID, Y[:], SST[:], pxID, pxCID, SEC[:], pE, pF, CLIENT_ID, MESSAGE[:], timeValue)
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn)
- }
-
- if FULL {
- amcl.MPIN_GET_G1_MULTIPLE(rng, 0, W[:], prHID, T[:]) /* Also send T=w.ID to client, remember random w */
- }
- } else {
- fmt.Printf("MPIN Multi Pass\n")
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn = amcl.MPIN_CLIENT_1(date, CLIENT_ID, rng, X[:], pin, TOKEN[:], SEC[:], pxID, pxCID, pPERMIT)
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT_1 rtn: %d\n", rtn)
- }
-
- if FULL {
- HCID = amcl.MPIN_HASH_ID(CLIENT_ID)
- amcl.MPIN_GET_G1_MULTIPLE(rng, 1, R[:], HCID, Z[:]) /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- amcl.MPIN_SERVER_1(date, CLIENT_ID, pHID, pHTID)
-
- /* Server generates Random number Y and sends it to Client */
- amcl.MPIN_RANDOM_GENERATE(rng, Y[:])
-
- if FULL {
- amcl.MPIN_GET_G1_MULTIPLE(rng, 0, W[:], prHID, T[:]) /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn = amcl.MPIN_CLIENT_2(X[:], Y[:], SEC[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn)
- }
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn = amcl.MPIN_SERVER_2(date, pHID, pHTID, Y[:], SST[:], pxID, pxCID, SEC[:], pE, pF)
- }
-
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER_1 rtn: %d\n", rtn)
- }
-
- if rtn == amcl.MPIN_BAD_PIN {
- fmt.Printf("Server says - Bad Pin. I don't know you. Feck off.\n")
- if PINERROR {
- err := amcl.MPIN_KANGAROO(E[:], F[:])
- if err != 0 {
- fmt.Printf("(Client PIN is out by %d)\n", err)
- }
- }
- return
- } else {
- fmt.Printf("Server says - PIN is good! You really are " + IDstr)
- fmt.Printf("\n")
- }
-
- if FULL {
- amcl.MPIN_CLIENT_KEY(G1[:], G2[:], pin, R[:], X[:], T[:], CK[:])
- fmt.Printf("Client Key = 0x")
- amcl.MPIN_printBinary(CK[:])
-
- amcl.MPIN_SERVER_KEY(Z[:], SST[:], W[:], pxID, pxCID, SK[:])
- fmt.Printf("Server Key = 0x")
- amcl.MPIN_printBinary(SK[:])
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/mpinTwoPass.go
----------------------------------------------------------------------
diff --git a/go/examples-go/mpinTwoPass.go b/go/examples-go/mpinTwoPass.go
deleted file mode 100644
index b745f10..0000000
--- a/go/examples-go/mpinTwoPass.go
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amcl.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amcl.MPIN_today()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amcl.NewRAND()
- rng.Seed(len(seed), seed)
-
- const EGS = amcl.MPIN_EGS
- const EFS = amcl.MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = amcl.MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- // Generate Master Secret Share 1
- amcl.MPIN_RANDOM_GENERATE(rng, MS1[:])
- fmt.Printf("MS1: 0x")
- amcl.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- amcl.MPIN_RANDOM_GENERATE(rng, MS2[:])
- fmt.Printf("MS2: 0x")
- amcl.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amcl.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- amcl.MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
- fmt.Printf("SS1: 0x")
- amcl.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- amcl.MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
- fmt.Printf("SS2: 0x")
- amcl.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn := amcl.MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2, SS) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amcl.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- amcl.MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- amcl.MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- rtn = amcl.MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(CS1, CS2, TOKEN) Error:", rtn)
- return
- }
-
- // Generate time permit share 1
- amcl.MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
- fmt.Printf("TP1: 0x")
- amcl.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- amcl.MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
- fmt.Printf("TP2: 0x")
- amcl.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn = amcl.MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2, TP) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- rtn = amcl.MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amcl.MPIN_printBinary(TOKEN[:])
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- /* Clients first pass. Calculate U and UT */
- rtn = amcl.MPIN_CLIENT_1(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
-
- /* Server first pass. Calculate H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- amcl.MPIN_SERVER_1(date, ID, HID[:], HTID[:])
-
- /* Server generates Random number Y and sends it to Client */
- amcl.MPIN_RANDOM_GENERATE(rng, Y[:])
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn = amcl.MPIN_CLIENT_2(X[:], Y[:], SEC[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn)
- }
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
- rtn = amcl.MPIN_SERVER_2(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: MPIN_SERVER_2 rtn: %d\n", rtn)
- }
- fmt.Printf("HID: 0x")
- amcl.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amcl.MPIN_printBinary(HTID[:])
-
- if rtn == amcl.MPIN_BAD_PIN {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- err := amcl.MPIN_KANGAROO(E[:], F[:])
- if err != 0 {
- fmt.Printf("PIN Error %d\n", err)
- }
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/mpinTwoPassWrap.go
----------------------------------------------------------------------
diff --git a/go/examples-go/mpinTwoPassWrap.go b/go/examples-go/mpinTwoPassWrap.go
deleted file mode 100644
index f3174d1..0000000
--- a/go/examples-go/mpinTwoPassWrap.go
+++ /dev/null
@@ -1,228 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amcl.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amcl.MPIN_today()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amcl.NewRAND()
- rng.Seed(len(seed), seed)
-
- const EGS = amcl.MPIN_EGS
- const EFS = amcl.MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = amcl.MPIN_PAS
-
- var X [EGS]byte
-
- // Generate Master Secret Share 1
- rtn, MS1 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS1: 0x")
- amcl.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- rtn, MS2 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS2: 0x")
- amcl.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amcl.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- rtn, SS1 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS1: 0x")
- amcl.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- rtn, SS2 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS2: 0x")
- amcl.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn, SS := amcl.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amcl.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- rtn, CS1 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- rtn, CS2 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares
- rtn, CS := amcl.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS[:])
-
- // Generate time permit share 1
- rtn, TP1 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP1: 0x")
- amcl.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- rtn, TP2 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP2: 0x")
- amcl.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn, TP := amcl.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- rtn, TOKEN := amcl.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amcl.MPIN_printBinary(TOKEN[:])
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- /* Clients first pass. Calculate U and UT */
- fmt.Printf("X: 0x")
- amcl.MPIN_printBinary(X[:])
- rtn, Xout, SEC, U, UT := amcl.MPIN_CLIENT_1_WRAP(date, ID, rng, X[:], PIN2, TOKEN[:], TP[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Xout: 0x")
- amcl.MPIN_printBinary(Xout[:])
-
- /* Server first pass. Calculate H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- HID, HTID := amcl.MPIN_SERVER_1_WRAP(date, ID)
-
- /* Server generates Random number Y and sends it to Client */
- rtn, Y := amcl.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("Y: 0x")
- amcl.MPIN_printBinary(Y[:])
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn, V := amcl.MPIN_CLIENT_2_WRAP(X[:], Y[:], SEC[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT_2 rtn: %d\n", rtn)
- }
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
- rtn, _, _ = amcl.MPIN_SERVER_2_WRAP(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], V[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: MPIN_SERVER_2 rtn: %d\n", rtn)
- }
- fmt.Printf("HID: 0x")
- amcl.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amcl.MPIN_printBinary(HTID[:])
-
- if rtn == amcl.MPIN_BAD_PIN {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/mpinfull.go
----------------------------------------------------------------------
diff --git a/go/examples-go/mpinfull.go b/go/examples-go/mpinfull.go
deleted file mode 100644
index 53135c4..0000000
--- a/go/examples-go/mpinfull.go
+++ /dev/null
@@ -1,269 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amcl.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amcl.MPIN_today()
-
- // Epoch time in seconds
- timeValue := amcl.MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amcl.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- const EGS = amcl.MPIN_EGS
- const EFS = amcl.MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
- const EAS = amcl.MPIN_PAS
-
- var MS1 [EGS]byte
- var SS1 [G2S]byte
- var CS1 [G1S]byte
- var TP1 [G1S]byte
- var MS2 [EGS]byte
- var SS2 [G2S]byte
- var CS2 [G1S]byte
- var TP2 [G1S]byte
- var SS [G2S]byte
- var TP [G1S]byte
- var TOKEN [G1S]byte
- var SEC [G1S]byte
- var U [G1S]byte
- var UT [G1S]byte
- var X [EGS]byte
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- var G1 [12 * EFS]byte
- var G2 [12 * EFS]byte
- var R [EGS]byte
- var Z [G1S]byte
- var W [EGS]byte
- var T [G1S]byte
- var AES_KEY_CLIENT [EAS]byte
- var AES_KEY_SERVER [EAS]byte
-
- // Generate Master Secret Share 1
- amcl.MPIN_RANDOM_GENERATE(rng, MS1[:])
- fmt.Printf("MS1: 0x")
- amcl.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- amcl.MPIN_RANDOM_GENERATE(rng, MS2[:])
- fmt.Printf("MS2: 0x")
- amcl.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amcl.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- amcl.MPIN_GET_SERVER_SECRET(MS1[:], SS1[:])
- fmt.Printf("SS1: 0x")
- amcl.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- amcl.MPIN_GET_SERVER_SECRET(MS2[:], SS2[:])
- fmt.Printf("SS2: 0x")
- amcl.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn := amcl.MPIN_RECOMBINE_G2(SS1[:], SS2[:], SS[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2, SS) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amcl.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- amcl.MPIN_GET_CLIENT_SECRET(MS1[:], HCID, CS1[:])
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- amcl.MPIN_GET_CLIENT_SECRET(MS2[:], HCID, CS2[:])
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares : TOKEN is the full client secret
- rtn = amcl.MPIN_RECOMBINE_G1(CS1[:], CS2[:], TOKEN[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(CS1, CS2, TOKEN) Error:", rtn)
- return
- }
-
- // Generate time permit share 1
- amcl.MPIN_GET_CLIENT_PERMIT(date, MS1[:], HCID, TP1[:])
- fmt.Printf("TP1: 0x")
- amcl.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- amcl.MPIN_GET_CLIENT_PERMIT(date, MS2[:], HCID, TP2[:])
- fmt.Printf("TP2: 0x")
- amcl.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn = amcl.MPIN_RECOMBINE_G1(TP1[:], TP2[:], TP[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2, TP) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- rtn = amcl.MPIN_EXTRACT_PIN(ID, PIN1, TOKEN[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amcl.MPIN_printBinary(TOKEN[:])
-
- ////// Client //////
-
- // precomputation
- amcl.MPIN_PRECOMPUTE(TOKEN[:], HCID, G1[:], G2[:])
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- // Send U, UT, V, timeValue and Message to server
- rtn = amcl.MPIN_CLIENT(date, ID, rng, X[:], PIN2, TOKEN[:], SEC[:], U[:], UT[:], TP[:], MESSAGE, timeValue, Y[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
-
- // Send Z=r.ID to Server
- amcl.MPIN_GET_G1_MULTIPLE(rng, 1, R[:], HCID, Z[:])
-
- ////// Server //////
- rtn = amcl.MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn)
- }
- fmt.Printf("HID: 0x")
- amcl.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amcl.MPIN_printBinary(HTID[:])
-
- if rtn == amcl.MPIN_BAD_PIN {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- err := amcl.MPIN_KANGAROO(E[:], F[:])
- if err != 0 {
- fmt.Printf("PIN Error %d\n", err)
- }
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-
- // send T=w.ID to client
- amcl.MPIN_GET_G1_MULTIPLE(rng, 0, W[:], HTID[:], T[:])
- fmt.Printf("W: 0x")
- amcl.MPIN_printBinary(W[:])
- fmt.Printf("T: 0x")
- amcl.MPIN_printBinary(T[:])
-
- amcl.MPIN_SERVER_KEY(Z[:], SS[:], W[:], U[:], UT[:], AES_KEY_SERVER[:])
- fmt.Printf("Server Key = 0x")
- amcl.MPIN_printBinary(AES_KEY_SERVER[:])
-
- amcl.MPIN_CLIENT_KEY(G1[:], G2[:], PIN2, R[:], X[:], T[:], AES_KEY_CLIENT[:])
- fmt.Printf("Client Key = 0x")
- amcl.MPIN_printBinary(AES_KEY_CLIENT[:])
-
- ////// Server //////
-
- // Initialization vector
- IV := amcl.GENERATE_RANDOM(rng, 12)
- fmt.Printf("IV: 0x")
- amcl.MPIN_printBinary(IV[:])
-
- // header
- HEADER := amcl.GENERATE_RANDOM(rng, 16)
- fmt.Printf("HEADER: 0x")
- amcl.MPIN_printBinary(HEADER[:])
-
- // Input plaintext
- plaintextStr := "A test message"
- PLAINTEXT1 := []byte(plaintextStr)
- fmt.Printf("String to encrypt: %s \n", plaintextStr)
- fmt.Printf("PLAINTEXT1: 0x")
- amcl.MPIN_printBinary(PLAINTEXT1[:])
-
- // AES-GCM Encryption
- CIPHERTEXT, TAG1 := amcl.AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:])
- fmt.Printf("CIPHERTEXT: 0x")
- amcl.MPIN_printBinary(CIPHERTEXT[:])
- fmt.Printf("TAG1: 0x")
- amcl.MPIN_printBinary(TAG1[:])
-
- // Send IV, HEADER, CIPHERTEXT and TAG1 to client
-
- // AES-GCM Decryption
- PLAINTEXT2, TAG1 := amcl.AES_GCM_DECRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], CIPHERTEXT[:])
- fmt.Printf("PLAINTEXT2: 0x")
- amcl.MPIN_printBinary(PLAINTEXT2[:])
- fmt.Printf("TAG1: 0x")
- amcl.MPIN_printBinary(TAG1[:])
- fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2))
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/mpinfullWrap.go
----------------------------------------------------------------------
diff --git a/go/examples-go/mpinfullWrap.go b/go/examples-go/mpinfullWrap.go
deleted file mode 100644
index 12a7240..0000000
--- a/go/examples-go/mpinfullWrap.go
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
- fmt.Printf("ID: ")
- amcl.MPIN_printBinary(ID)
- fmt.Printf("\n")
-
- // Epoch time in days
- date := amcl.MPIN_today()
-
- // Epoch time in seconds
- timeValue := amcl.MPIN_GET_TIME()
-
- // PIN variable to create token
- PIN1 := -1
- // PIN variable to authenticate
- PIN2 := -1
-
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amcl.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Message to sign
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- // Generate Master Secret Share 1
- rtn, MS1 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS1: 0x")
- amcl.MPIN_printBinary(MS1[:])
-
- // Generate Master Secret Share 2
- rtn, MS2 := amcl.MPIN_RANDOM_GENERATE_WRAP(rng)
- if rtn != 0 {
- fmt.Println("MPIN_RANDOM_GENERATE Error:", rtn)
- return
- }
- fmt.Printf("MS2: 0x")
- amcl.MPIN_printBinary(MS2[:])
-
- // Either Client or TA calculates Hash(ID)
- HCID := amcl.MPIN_HASH_ID(ID)
-
- // Generate server secret share 1
- rtn, SS1 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS1[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS1: 0x")
- amcl.MPIN_printBinary(SS1[:])
-
- // Generate server secret share 2
- rtn, SS2 := amcl.MPIN_GET_SERVER_SECRET_WRAP(MS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_GET_SERVER_SECRET Error:", rtn)
- return
- }
- fmt.Printf("SS2: 0x")
- amcl.MPIN_printBinary(SS2[:])
-
- // Combine server secret shares
- rtn, SS := amcl.MPIN_RECOMBINE_G2_WRAP(SS1[:], SS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G2(SS1, SS2) Error:", rtn)
- return
- }
- fmt.Printf("SS: 0x")
- amcl.MPIN_printBinary(SS[:])
-
- // Generate client secret share 1
- rtn, CS1 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS1: 0x")
- amcl.MPIN_printBinary(CS1[:])
-
- // Generate client secret share 2
- rtn, CS2 := amcl.MPIN_GET_CLIENT_SECRET_WRAP(MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_SECRET Error:", rtn)
- return
- }
- fmt.Printf("Client Secret Share CS2: 0x")
- amcl.MPIN_printBinary(CS2[:])
-
- // Combine client secret shares
- CS := make([]byte, amcl.G1S)
- rtn, CS = amcl.MPIN_RECOMBINE_G1_WRAP(CS1[:], CS2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1 Error:", rtn)
- return
- }
- fmt.Printf("Client Secret CS: 0x")
- amcl.MPIN_printBinary(CS[:])
-
- // Generate time permit share 1
- rtn, TP1 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS1[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP1: 0x")
- amcl.MPIN_printBinary(TP1[:])
-
- // Generate time permit share 2
- rtn, TP2 := amcl.MPIN_GET_CLIENT_PERMIT_WRAP(date, MS2[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_GET_CLIENT_PERMIT Error:", rtn)
- return
- }
- fmt.Printf("TP2: 0x")
- amcl.MPIN_printBinary(TP2[:])
-
- // Combine time permit shares
- rtn, TP := amcl.MPIN_RECOMBINE_G1_WRAP(TP1[:], TP2[:])
- if rtn != 0 {
- fmt.Println("MPIN_RECOMBINE_G1(TP1, TP2) Error:", rtn)
- return
- }
-
- // Client extracts PIN1 from secret to create Token
- for PIN1 < 0 {
- fmt.Printf("Please enter PIN to create token: ")
- fmt.Scan(&PIN1)
- }
-
- fmt.Printf("ID: 0x")
- amcl.MPIN_printBinary(ID[:])
- fmt.Printf("CS: 0x")
- amcl.MPIN_printBinary(CS[:])
- rtn, TOKEN := amcl.MPIN_EXTRACT_PIN_WRAP(ID[:], PIN1, CS[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: EXTRACT_PIN rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Client Token TK: 0x")
- amcl.MPIN_printBinary(TOKEN[:])
-
- ////// Client //////
-
- // Precomputation
- rtn, G1, G2 := amcl.MPIN_PRECOMPUTE_WRAP(TOKEN[:], HCID)
- if rtn != 0 {
- fmt.Println("MPIN_PRECOMPUTE(TOKEN[:], HCID) Error:", rtn)
- return
- }
-
- for PIN2 < 0 {
- fmt.Printf("Please enter PIN to authenticate: ")
- fmt.Scan(&PIN2)
- }
-
- // Send U, UT, V, timeValue and Message to server
- var X [amcl.EGS]byte
- fmt.Printf("X: 0x")
- amcl.MPIN_printBinary(X[:])
- rtn, XOut, Y1, SEC, U, UT := amcl.MPIN_CLIENT_WRAP(date, timeValue, PIN2, rng, ID[:], X[:], TOKEN[:], TP[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: CLIENT rtn: %d\n", rtn)
- return
- }
- fmt.Printf("Y1: 0x")
- amcl.MPIN_printBinary(Y1[:])
- fmt.Printf("XOut: 0x")
- amcl.MPIN_printBinary(XOut[:])
-
- // Send Z=r.ID to Server
- var R [amcl.EGS]byte
- fmt.Printf("R: 0x")
- amcl.MPIN_printBinary(R[:])
- rtn, ROut, Z := amcl.MPIN_GET_G1_MULTIPLE_WRAP(rng, 1, R[:], HCID[:])
- fmt.Printf("ROut: 0x")
- amcl.MPIN_printBinary(ROut[:])
-
- ////// Server //////
- rtn, HID, HTID, Y2, E, F := amcl.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:])
- if rtn != 0 {
- fmt.Printf("FAILURE: SERVER rtn: %d\n", rtn)
- }
- fmt.Printf("Y2: 0x")
- amcl.MPIN_printBinary(Y2[:])
- fmt.Printf("HID: 0x")
- amcl.MPIN_printBinary(HID[:])
- fmt.Printf("HTID: 0x")
- amcl.MPIN_printBinary(HTID[:])
-
- if rtn != 0 {
- fmt.Printf("Authentication failed Error Code %d\n", rtn)
- err := amcl.MPIN_KANGAROO(E[:], F[:])
- if err != 0 {
- fmt.Printf("PIN Error %d\n", err)
- }
- return
- } else {
- fmt.Printf("Authenticated ID: %s \n", IDstr)
- }
-
- // send T=w.ID to client
- var W [amcl.EGS]byte
- fmt.Printf("W: 0x")
- amcl.MPIN_printBinary(W[:])
- rtn, WOut, T := amcl.MPIN_GET_G1_MULTIPLE_WRAP(rng, 0, W[:], HTID[:])
- fmt.Printf("WOut: 0x")
- amcl.MPIN_printBinary(WOut[:])
- fmt.Printf("T: 0x")
- amcl.MPIN_printBinary(T[:])
-
- rtn, AES_KEY_SERVER := amcl.MPIN_SERVER_KEY_WRAP(Z[:], SS[:], WOut[:], U[:], UT[:])
- fmt.Printf("Server Key = 0x")
- amcl.MPIN_printBinary(AES_KEY_SERVER[:])
-
- rtn, AES_KEY_CLIENT := amcl.MPIN_CLIENT_KEY_WRAP(PIN2, G1[:], G2[:], ROut[:], XOut[:], T[:])
- fmt.Printf("Client Key = 0x")
- amcl.MPIN_printBinary(AES_KEY_CLIENT[:])
-
- ////// Server //////
-
- // Initialization vector
- IV := amcl.GENERATE_RANDOM(rng, 12)
- fmt.Printf("IV: 0x")
- amcl.MPIN_printBinary(IV[:])
-
- // header
- HEADER := amcl.GENERATE_RANDOM(rng, 16)
- fmt.Printf("HEADER: 0x")
- amcl.MPIN_printBinary(HEADER[:])
-
- // Input plaintext
- plaintextStr := "A test message"
- PLAINTEXT1 := []byte(plaintextStr)
- fmt.Printf("String to encrypt: %s \n", plaintextStr)
- fmt.Printf("PLAINTEXT1: 0x")
- amcl.MPIN_printBinary(PLAINTEXT1[:])
-
- // AES-GCM Encryption
- CIPHERTEXT, TAG1 := amcl.AES_GCM_ENCRYPT(AES_KEY_SERVER[:], IV[:], HEADER[:], PLAINTEXT1[:])
- fmt.Printf("CIPHERTEXT: 0x")
- amcl.MPIN_printBinary(CIPHERTEXT[:])
- fmt.Printf("TAG1: 0x")
- amcl.MPIN_printBinary(TAG1[:])
-
- // Send IV, HEADER, CIPHERTEXT and TAG1 to client
-
- // AES-GCM Decryption
- PLAINTEXT2, TAG2 := amcl.AES_GCM_DECRYPT(AES_KEY_CLIENT[:], IV[:], HEADER[:], CIPHERTEXT[:])
- fmt.Printf("PLAINTEXT2: 0x")
- amcl.MPIN_printBinary(PLAINTEXT2[:])
- fmt.Printf("TAG2: 0x")
- amcl.MPIN_printBinary(TAG2[:])
- fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2))
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/otp.go
----------------------------------------------------------------------
diff --git a/go/examples-go/otp.go b/go/examples-go/otp.go
deleted file mode 100644
index dbeef16..0000000
--- a/go/examples-go/otp.go
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Password Based Key Derivation Function Example */
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amcl.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Generate the one time passwords
- for i := 0; i < 10; i++ {
- otp := amcl.GENERATE_OTP(rng)
- fmt.Printf("One Time Passord %d\n", otp)
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/pbkdf2.go
----------------------------------------------------------------------
diff --git a/go/examples-go/pbkdf2.go b/go/examples-go/pbkdf2.go
deleted file mode 100644
index dbd209c..0000000
--- a/go/examples-go/pbkdf2.go
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
- // Seed value for Random Number Generator (RNG)
- seedHex := "9e8b4178790cd57a5761c4a6f164ba72"
- seed, err := hex.DecodeString(seedHex)
- if err != nil {
- fmt.Println("Error decoding seed value")
- return
- }
- rng := amcl.NewRAND()
- rng.Seed(len(seed), seed)
-
- // Password / Pass-phrase
- passwordStr := "#!qwerty"
- password := []byte(passwordStr)
- fmt.Printf("password: %s \n", password)
- fmt.Printf("PASSWORD: 0x")
- amcl.MPIN_printBinary(password[:])
-
- // Salt
- salt := amcl.GENERATE_RANDOM(rng, 16)
- fmt.Printf("salt: 0x")
- amcl.MPIN_printBinary(salt[:])
-
- // Number of repetitions
- rep := 1000
-
- KEY := amcl.PBKDF2(password[:], salt[:], rep, amcl.MPIN_PAS)
-
- // Initialization vector
- IV := amcl.GENERATE_RANDOM(rng, 12)
- fmt.Printf("IV: 0x")
- amcl.MPIN_printBinary(IV[:])
-
- // header
- HEADER := amcl.GENERATE_RANDOM(rng, 16)
- fmt.Printf("HEADER: 0x")
- amcl.MPIN_printBinary(HEADER[:])
-
- // Input plaintext
- plaintextStr := "A test message"
- PLAINTEXT1 := []byte(plaintextStr)
- fmt.Printf("String to encrypt: %s \n", plaintextStr)
- fmt.Printf("PLAINTEXT1: 0x")
- amcl.MPIN_printBinary(PLAINTEXT1[:])
-
- // AES-GCM Encryption
- CIPHERTEXT, TAG1 := amcl.AES_GCM_ENCRYPT(KEY[:], IV[:], HEADER[:], PLAINTEXT1[:])
- fmt.Printf("CIPHERTEXT: 0x")
- amcl.MPIN_printBinary(CIPHERTEXT[:])
- fmt.Printf("TAG1: 0x")
- amcl.MPIN_printBinary(TAG1[:])
-
- // AES-GCM Decryption
- PLAINTEXT2, TAG1 := amcl.AES_GCM_DECRYPT(KEY[:], IV[:], HEADER[:], CIPHERTEXT[:])
- fmt.Printf("PLAINTEXT2: 0x")
- amcl.MPIN_printBinary(PLAINTEXT2[:])
- fmt.Printf("TAG1: 0x")
- amcl.MPIN_printBinary(TAG1[:])
- fmt.Printf("Decrypted string: %s \n", string(PLAINTEXT2))
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/rsa.go
----------------------------------------------------------------------
diff --git a/go/examples-go/rsa.go b/go/examples-go/rsa.go
deleted file mode 100644
index 201beeb..0000000
--- a/go/examples-go/rsa.go
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-package main
-
-import (
- "fmt"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-func main() {
-
- message := "Hello World\n"
-
- pub := amcl.New_rsa_public_key(amcl.FFLEN)
- priv := amcl.New_rsa_private_key(amcl.HFLEN)
-
- var ML [amcl.RSA_RFS]byte
- var C [amcl.RSA_RFS]byte
- var RAW [100]byte
-
- rng := amcl.NewRAND()
-
- rng.Clean()
- for i := 0; i < 100; i++ {
- RAW[i] = byte(i)
- }
-
- rng.Seed(100, RAW[:])
- //for (i=0;i<10;i++)
- //{
- fmt.Printf("Generating public/private key pair\n")
- amcl.RSA_KEY_PAIR(rng, 65537, priv, pub)
-
- M := []byte(message)
-
- fmt.Printf("Encrypting test string\n")
- E := amcl.RSA_OAEP_ENCODE(M, rng, nil) /* OAEP encode message M to E */
-
- amcl.RSA_ENCRYPT(pub, E, C[:]) /* encrypt encoded message */
- fmt.Printf("Ciphertext= 0x")
- amcl.RSA_printBinary(C[:])
-
- fmt.Printf("Decrypting test string\n")
- amcl.RSA_DECRYPT(priv, C[:], ML[:])
- MS := amcl.RSA_OAEP_DECODE(nil, ML[:]) /* OAEP decode message */
-
- message = string(MS)
- fmt.Printf(message)
- //}
- amcl.RSA_PRIVATE_KEY_KILL(priv)
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/timempin.go
----------------------------------------------------------------------
diff --git a/go/examples-go/timempin.go b/go/examples-go/timempin.go
deleted file mode 100644
index 9906b69..0000000
--- a/go/examples-go/timempin.go
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "flag"
- "log"
- "os"
- "runtime/pprof"
- "time"
-
- amcl "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-// Number of iterations to time functions
-const nIter int = 10
-
-var cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file")
-
-func main() {
- flag.Parse()
- if *cpuprofile != "" {
- f, err := os.Create(*cpuprofile)
- if err != nil {
- log.Fatal(err)
- }
- pprof.StartCPUProfile(f)
- defer pprof.StopCPUProfile()
- }
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16673
-
- // Epoch time in seconds
- timeValue := 1440594584
-
- SSHex := "07f8181687f42ce22ea0dee4ba9df3f2cea67ad2d79e59adc953142556d510831bbd59e9477ac479019887020579aed16af43dc7089ae8c14262e64b5d09740109917efd0618c557fbf7efaa68fb64e8d46b3766bb184dea9bef9638f23bbbeb03aedbc6e4eb9fbd658719aab26b849638690521723c0efb9c8622df2a8efa3c"
- SS, _ := hex.DecodeString(SSHex)
- UHex := "0403e76a28df08ea591912e0ff84ebf419e21aadf8ec5aed4b0f3cd0fc1cdea14a06f05a3be4f9f2d16530c6b4934da2e3439ea287796faac079d396f8cdb9f565"
- U, _ := hex.DecodeString(UHex)
- UTHex := "041012e53c991edc9514889de50fb7d893c406dc9bf4c89d46fec9ba408cc5f596226402e7c468c823a28b9003a3944c4600a1b797f10cf01060d3729729212932"
- UT, _ := hex.DecodeString(UTHex)
- SECHex := "04051b0d3e9dfdb2a378f0ac7056fb264a900d0867e39c334950527d8c460d76132346bf8ed8a419e2eab4ad52a8b7a51d8c09cbcfa4e80bc0487965ece72ab0ce"
- SEC, _ := hex.DecodeString(SECHex)
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- const EGS = amcl.MPIN_EGS
- const EFS = amcl.MPIN_EFS
- const G1S = 2*EFS + 1 /* Group 1 Size */
- const G2S = 4 * EFS /* Group 2 Size */
-
- var Y [EGS]byte
- var E [12 * EFS]byte
- var F [12 * EFS]byte
- var HID [G1S]byte
- var HTID [G1S]byte
-
- ////// Server //////
- t0 := time.Now()
- rtn := 0
- for i := 0; i < nIter; i++ {
- rtn = amcl.MPIN_SERVER(date, HID[:], HTID[:], Y[:], SS[:], U[:], UT[:], SEC[:], E[:], F[:], ID, MESSAGE, timeValue)
- }
- t1 := time.Now()
- log.Printf("Number Iterations: %d Time: %v\n", nIter, t1.Sub(t0))
-
- if rtn == amcl.MPIN_BAD_PIN {
- log.Printf("Authentication failed Error Code %d\n", rtn)
- return
- } else {
- log.Printf("Authenticated ID: %s \n", IDstr)
- }
-}
[15/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/TestECM.swift
----------------------------------------------------------------------
diff --git a/swift/TestECM.swift b/swift/TestECM.swift
deleted file mode 100644
index 36101b5..0000000
--- a/swift/TestECM.swift
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// TestECM.swift
-//
-//
-// Created by Michael Scott on 03/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-func TestECM()
-{
- let pp=String("M0ng00se");
-
- let EGS=ECDH.EGS
- let EFS=ECDH.EFS
- let EAS=AES.KS
-
- var S1=[UInt8](count:EGS,repeatedValue:0)
- var W0=[UInt8](count:2*EFS+1,repeatedValue:0)
- var W1=[UInt8](count:2*EFS+1,repeatedValue:0)
- var Z0=[UInt8](count:EFS,repeatedValue:0)
- var Z1=[UInt8](count:EFS,repeatedValue:0)
- var RAW=[UInt8](count:100,repeatedValue:0)
- var SALT=[UInt8](count:8,repeatedValue:0)
-
- let rng=RAND()
-
- rng.clean();
- for var i=0;i<100;i++ {RAW[i]=UInt8(i&0xff)}
-
- rng.seed(100,RAW)
-
-
- for var i=0;i<8;i++ {SALT[i]=UInt8(i+1)} // set Salt
-
- print("Alice's Passphrase= "+pp)
- let PW=[UInt8](pp.utf8)
-
- /* private key S0 of size EGS bytes derived from Password and Salt */
-
- var S0=ECDH.PBKDF2(PW,SALT,1000,EGS)
- print("Alice's private key= 0x",terminator: ""); ECDH.printBinary(S0)
-
- /* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(nil,&S0,&W0);
-
- print("Alice's public key= 0x",terminator: ""); ECDH.printBinary(W0)
-
- var res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
-
- if res != 0
- {
- print("ECP Public Key is invalid!");
- return;
- }
-
- /* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,&S1,&W1)
-
- print("Servers private key= 0x",terminator: ""); ECDH.printBinary(S1)
-
- print("Servers public key= 0x",terminator: ""); ECDH.printBinary(W1);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1)
- if res != 0
- {
- print("ECP Public Key is invalid!")
- return
- }
-
- /* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,&Z0)
- ECDH.ECPSVDP_DH(S1,W0,&Z1)
-
- var same=true
- for var i=0;i<EFS;i++
- {
- if Z0[i] != Z1[i] {same=false}
- }
-
- if (!same)
- {
- print("*** ECPSVDP-DH Failed")
- return
- }
-
- let KEY=ECDH.KDF1(Z0,EAS)
-
- print("Alice's DH Key= 0x",terminator: ""); ECDH.printBinary(KEY)
- print("Servers DH Key= 0x",terminator: ""); ECDH.printBinary(KEY)
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/TestMPIN.swift
----------------------------------------------------------------------
diff --git a/swift/TestMPIN.swift b/swift/TestMPIN.swift
deleted file mode 100644
index 8827eb0..0000000
--- a/swift/TestMPIN.swift
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// TestMPIN.swift
-//
-//
-// Created by Michael Scott on 08/07/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-import clint // comment out for Xcode
-
-public func TestMPIN()
-{
- let PERMITS=true
- let PINERROR=true
- let FULL=true
- let SINGLE_PASS=true
-
- let rng=RAND()
-
- var RAW=[UInt8](count:100,repeatedValue:0)
-
- for var i=0;i<100;i++ {RAW[i]=UInt8((i+1)&0xff)}
- rng.seed(100,RAW)
-
- let EGS=MPIN.EFS
- let EFS=MPIN.EGS
- let G1S=2*EFS+1 /* Group 1 Size */
- let G2S=4*EFS; /* Group 2 Size */
- let EAS=MPIN.PAS
-
- var S=[UInt8](count:EGS,repeatedValue:0)
- var SST=[UInt8](count:G2S,repeatedValue:0)
- var TOKEN=[UInt8](count:G1S,repeatedValue:0)
- var PERMIT=[UInt8](count:G1S,repeatedValue:0)
- var SEC=[UInt8](count:G1S,repeatedValue:0)
- let xID=[UInt8](count:G1S,repeatedValue:0)
- let xCID=[UInt8](count:G1S,repeatedValue:0)
- var X=[UInt8](count:EGS,repeatedValue:0)
- var Y=[UInt8](count:EGS,repeatedValue:0)
- let E=[UInt8](count:12*EFS,repeatedValue:0)
- let F=[UInt8](count:12*EFS,repeatedValue:0)
- let HID=[UInt8](count:G1S,repeatedValue:0)
- let HTID=[UInt8](count:G1S,repeatedValue:0)
-
- var G1=[UInt8](count:12*EFS,repeatedValue:0)
- var G2=[UInt8](count:12*EFS,repeatedValue:0)
- var R=[UInt8](count:EGS,repeatedValue:0)
- var Z=[UInt8](count:G1S,repeatedValue:0)
- var W=[UInt8](count:EGS,repeatedValue:0)
- var T=[UInt8](count:G1S,repeatedValue:0)
- var CK=[UInt8](count:EAS,repeatedValue:0)
- var SK=[UInt8](count:EAS,repeatedValue:0)
-
- /* Trusted Authority set-up */
-
- MPIN.RANDOM_GENERATE(rng,&S)
- print("Master Secret s: 0x",terminator: ""); MPIN.printBinary(S)
-
- /* Create Client Identity */
- let IDstr = "testUser@miracl.com"
- let CLIENT_ID=[UInt8](IDstr.utf8)
-
- var HCID=MPIN.HASH_ID(CLIENT_ID) /* Either Client or TA calculates Hash(ID) - you decide! */
-
- print("Client ID= "); MPIN.printBinary(CLIENT_ID)
-
- /* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,&SST);
- print("Server Secret SS: 0x",terminator: ""); MPIN.printBinary(SST);
-
- MPIN.GET_CLIENT_SECRET(&S,HCID,&TOKEN);
- print("Client Secret CS: 0x",terminator: ""); MPIN.printBinary(TOKEN);
-
- /* Client extracts PIN from secret to create Token */
- var pin:Int32=1234
- print("Client extracts PIN= \(pin)")
- var rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,&TOKEN)
- if rtn != 0 {print("FAILURE: EXTRACT_PIN rtn: \(rtn)")}
-
- print("Client Token TK: 0x",terminator: ""); MPIN.printBinary(TOKEN);
-
- if FULL
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,&G1,&G2);
- }
-
- var date:Int32=0
- if (PERMITS)
- {
- date=MPIN.today()
- /* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(date,S,HCID,&PERMIT)
- print("Time Permit TP: 0x",terminator: ""); MPIN.printBinary(PERMIT)
-
- /* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,&PERMIT);
- print("Encoded Time Permit TP: 0x",terminator: ""); MPIN.printBinary(PERMIT)
- MPIN.DECODING(&PERMIT)
- print("Decoded Time Permit TP: 0x",terminator: ""); MPIN.printBinary(PERMIT)
- }
-
- /***** NOW ENTER PIN *******/
-
- pin=1234
-
- /***************************/
-
- /* Set date=0 and PERMIT=null if time permits not in use
-
- Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC
- If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
- IMPORTANT: To save space and time..
- If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
- If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
- */
-
- var pxID:[UInt8]?=xID
- var pxCID:[UInt8]?=xCID
- var pHID:[UInt8]?=HID
- var pHTID:[UInt8]?=HTID
- var pE:[UInt8]?=E
- var pF:[UInt8]?=F
- var pPERMIT:[UInt8]?=PERMIT
-
- if date != 0
- {
- if (!PINERROR)
- {
- pxID=nil;
- pHID=nil;
- }
- }
- else
- {
- pPERMIT=nil;
- pxCID=nil;
- pHTID=nil;
- }
- if (!PINERROR)
- {
- pE=nil;
- pF=nil;
- }
-
- if (SINGLE_PASS)
- {
- print("MPIN Single Pass")
- let timeValue = MPIN.GET_TIME()
-
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,&X,pin,TOKEN,&SEC,&pxID,&pxCID,pPERMIT!,timeValue,&Y)
-
- if rtn != 0 {print("FAILURE: CLIENT rtn: \(rtn)")}
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,&R,HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */
- }
- rtn=MPIN.SERVER(date,&pHID,&pHTID!,&Y,SST,pxID,pxCID!,SEC,&pE,&pF,CLIENT_ID,timeValue)
- if rtn != 0 {print("FAILURE: SERVER rtn: \(rtn)")}
-
- if (FULL)
- { /* Also send T=w.ID to client, remember random w */
- if date != 0 {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHTID!,&T)}
- else {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHID!,&T)}
-
- }
- }
- else
- {
- print("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,&X,pin,TOKEN,&SEC,&pxID,&pxCID,pPERMIT!)
- if rtn != 0 {print("FAILURE: CLIENT_1 rtn: \(rtn)")}
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,&R,HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(date,CLIENT_ID,&pHID,&pHTID!);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,&Y);
-
- if (FULL)
- { /* Also send T=w.ID to client, remember random w */
- if date != 0 {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHTID!,&T)}
- else {MPIN.GET_G1_MULTIPLE(rng,0,&W,pHID!,&T)}
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,&SEC);
- if rtn != 0 {print("FAILURE: CLIENT_2 rtn: \(rtn)")}
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn=MPIN.SERVER_2(date,pHID,pHTID!,Y,SST,pxID,pxCID!,SEC,&pE,&pF);
-
- if rtn != 0 {print("FAILURE: SERVER_1 rtn: \(rtn)")}
- }
- if (rtn == MPIN.BAD_PIN)
- {
- print("Server says - Bad Pin. I don't know you. Feck off.\n");
- if (PINERROR)
- {
- let err=MPIN.KANGAROO(pE!,pF!);
- if err != 0 {print("(Client PIN is out by \(err))\n")}
- }
- return;
- }
- else {print("Server says - PIN is good! You really are "+IDstr)}
-
- if (FULL)
- {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,&CK);
- print("Client Key = 0x",terminator: ""); MPIN.printBinary(CK)
-
- MPIN.SERVER_KEY(Z,SST,W,pxID!,pxCID!,&SK);
- print("Server Key = 0x",terminator: ""); MPIN.printBinary(SK)
- }
-
-}
-
-TestMPIN() // comment out for Xcode
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/TestRSA.swift
----------------------------------------------------------------------
diff --git a/swift/TestRSA.swift b/swift/TestRSA.swift
deleted file mode 100644
index 5167c69..0000000
--- a/swift/TestRSA.swift
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//
-// TestRSA.swift
-//
-//
-// Created by Michael Scott on 25/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-import clint // comment out for Xcode
-
-public func TestRSA()
-{
- let RFS=RSA.RFS;
-
- var message="Hello World\n"
-
- let pub=rsa_public_key(ROM.FFLEN);
- let priv=rsa_private_key(ROM.HFLEN);
-
- var ML=[UInt8](count:RFS,repeatedValue:0)
- var C=[UInt8](count:RFS,repeatedValue:0)
- var RAW=[UInt8](count:100,repeatedValue:0)
-
- let rng=RAND()
-
- rng.clean();
- for var i=0;i<100;i++ {RAW[i]=UInt8(i)}
-
- rng.seed(100,RAW);
-
- print("Generating public/private key pair");
- RSA.KEY_PAIR(rng,65537,priv,pub);
-
- let M=[UInt8](message.utf8)
- print("Encrypting test string\n");
- let E=RSA.OAEP_ENCODE(M,rng,nil); /* OAEP encode message m to e */
-
- RSA.ENCRYPT(pub,E,&C); /* encrypt encoded message */
- print("Ciphertext= 0x", terminator: ""); RSA.printBinary(C);
-
- print("Decrypting test string\n");
- RSA.DECRYPT(priv,C,&ML);
- var MS=RSA.OAEP_DECODE(nil,&ML); /* OAEP encode message m to e */
-
- message=""
- for var i=0;i<MS.count;i++
- {
- message+=String(UnicodeScalar(MS[i]))
- }
- print(message);
-
- RSA.PRIVATE_KEY_KILL(priv);
-}
-
-TestRSA() // comment out for Xcode
-
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/aes.swift
----------------------------------------------------------------------
diff --git a/swift/aes.swift b/swift/aes.swift
deleted file mode 100644
index 016388e..0000000
--- a/swift/aes.swift
+++ /dev/null
@@ -1,586 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// aes.swift
-//
-//
-// Created by Michael Scott on 22/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-// AES Encryption
-//
-
-final public class AES {
- var mode:Int=0;
- private var fkey=[UInt32](count:44,repeatedValue:0)
- private var rkey=[UInt32](count:44,repeatedValue:0)
- var f=[UInt8](count:16,repeatedValue:0)
-
- static let ECB:Int=0
- static let CBC:Int=1
- static let CFB1:Int=2
- static let CFB2:Int=3
- static let CFB4:Int=5
- static let OFB1:Int=14
- static let OFB2:Int=15
- static let OFB4:Int=17
- static let OFB8:Int=21
- static let OFB16:Int=29
- static public let KS:Int=16; /* Key Size in bytes */
- static public let BS:Int=16; /* Block Size */
-
- private static let InCo:[UInt8] = [ 0xB,0xD,0x9,0xE] /* Inverse Coefficients */
-
- private static let ptab:[UInt8] =
- [ 1, 3, 5, 15, 17, 51, 85, 255, 26, 46, 114, 150, 161, 248, 19, 53,
- 95, 225, 56, 72, 216, 115, 149, 164, 247, 2, 6, 10, 30, 34, 102, 170,
- 229, 52, 92, 228, 55, 89, 235, 38, 106, 190, 217, 112, 144, 171, 230, 49,
- 83, 245, 4, 12, 20, 60, 68, 204, 79, 209, 104, 184, 211, 110, 178, 205,
- 76, 212, 103, 169, 224, 59, 77, 215, 98, 166, 241, 8, 24, 40, 120, 136,
- 131, 158, 185, 208, 107, 189, 220, 127, 129, 152, 179, 206, 73, 219, 118, 154,
- 181, 196, 87, 249, 16, 48, 80, 240, 11, 29, 39, 105, 187, 214, 97, 163,
- 254, 25, 43, 125, 135, 146, 173, 236, 47, 113, 147, 174, 233, 32, 96, 160,
- 251, 22, 58, 78, 210, 109, 183, 194, 93, 231, 50, 86, 250, 21, 63, 65,
- 195, 94, 226, 61, 71, 201, 64, 192, 91, 237, 44, 116, 156, 191, 218, 117,
- 159, 186, 213, 100, 172, 239, 42, 126, 130, 157, 188, 223, 122, 142, 137, 128,
- 155, 182, 193, 88, 232, 35, 101, 175, 234, 37, 111, 177, 200, 67, 197, 84,
- 252, 31, 33, 99, 165, 244, 7, 9, 27, 45, 119, 153, 176, 203, 70, 202,
- 69, 207, 74, 222, 121, 139, 134, 145, 168, 227, 62, 66, 198, 81, 243, 14,
- 18, 54, 90, 238, 41, 123, 141, 140, 143, 138, 133, 148, 167, 242, 13, 23,
- 57, 75, 221, 124, 132, 151, 162, 253, 28, 36, 108, 180, 199, 82, 246, 1]
-
- private static let ltab:[UInt8] =
- [ 0, 255, 25, 1, 50, 2, 26, 198, 75, 199, 27, 104, 51, 238, 223, 3,
- 100, 4, 224, 14, 52, 141, 129, 239, 76, 113, 8, 200, 248, 105, 28, 193,
- 125, 194, 29, 181, 249, 185, 39, 106, 77, 228, 166, 114, 154, 201, 9, 120,
- 101, 47, 138, 5, 33, 15, 225, 36, 18, 240, 130, 69, 53, 147, 218, 142,
- 150, 143, 219, 189, 54, 208, 206, 148, 19, 92, 210, 241, 64, 70, 131, 56,
- 102, 221, 253, 48, 191, 6, 139, 98, 179, 37, 226, 152, 34, 136, 145, 16,
- 126, 110, 72, 195, 163, 182, 30, 66, 58, 107, 40, 84, 250, 133, 61, 186,
- 43, 121, 10, 21, 155, 159, 94, 202, 78, 212, 172, 229, 243, 115, 167, 87,
- 175, 88, 168, 80, 244, 234, 214, 116, 79, 174, 233, 213, 231, 230, 173, 232,
- 44, 215, 117, 122, 235, 22, 11, 245, 89, 203, 95, 176, 156, 169, 81, 160,
- 127, 12, 246, 111, 23, 196, 73, 236, 216, 67, 31, 45, 164, 118, 123, 183,
- 204, 187, 62, 90, 251, 96, 177, 134, 59, 82, 161, 108, 170, 85, 41, 157,
- 151, 178, 135, 144, 97, 190, 220, 252, 188, 149, 207, 205, 55, 63, 91, 209,
- 83, 57, 132, 60, 65, 162, 109, 71, 20, 42, 158, 93, 86, 242, 211, 171,
- 68, 17, 146, 217, 35, 32, 46, 137, 180, 124, 184, 38, 119, 153, 227, 165,
- 103, 74, 237, 222, 197, 49, 254, 24, 13, 99, 140, 128, 192, 247, 112, 7]
-
- private static let fbsub:[UInt8] =
- [ 99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
- 202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
- 183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
- 4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
- 9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
- 83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
- 208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
- 81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
- 205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
- 96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
- 224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
- 231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
- 186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
- 112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
- 225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
- 140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22]
-
- private static let rbsub:[UInt8] =
- [ 82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
- 124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
- 84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
- 8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
- 114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
- 108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
- 144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
- 208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
- 58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
- 150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
- 71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
- 252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
- 31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
- 96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
- 160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
- 23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125]
-
- private static let rco:[UInt8] =
- [1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47]
-
- private static let ftable:[UInt32] =
- [0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c]
-
- private static let rtable:[UInt32] =
- [0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0]
-
- /* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static func ROTL8(x: UInt32) -> UInt32
- {
- return (((x)<<8)|((x)>>24))
- }
-
- private static func ROTL16(x: UInt32) -> UInt32
- {
- return (((x)<<16)|((x)>>16))
- }
-
- private static func ROTL24(x: UInt32) -> UInt32
- {
- return (((x)<<24)|((x)>>8))
- }
-
- private static func pack(b: [UInt8]) -> UInt32
- { /* pack bytes into a 32-bit Word */
- var r=((UInt32(b[3])&0xff)<<24)|((UInt32(b[2])&0xff)<<16)
- r = r|((UInt32(b[1])&0xff)<<8)|(UInt32(b[0])&0xff)
- return r
- }
-
- private static func unpack(a: UInt32) -> [UInt8]
- { /* unpack bytes from a word */
- let b:[UInt8]=[UInt8(a&0xff),UInt8((a>>8)&0xff),UInt8((a>>16)&0xff),UInt8((a>>24)&0xff)];
- return b;
- }
-
- private static func bmul(x: UInt8,_ y:UInt8) -> UInt8
- { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- let ix=Int(x)&0xff
- let iy=Int(y)&0xff
- let lx=Int(ltab[ix])&0xff
- let ly=Int(ltab[iy])&0xff
-
- if x != 0 && y != 0 {return ptab[(lx+ly)%255]}
- else {return UInt8(0)}
- }
-
- private static func SubByte(a: UInt32) -> UInt32
- {
- var b=unpack(a)
- b[0]=fbsub[Int(b[0])]
- b[1]=fbsub[Int(b[1])]
- b[2]=fbsub[Int(b[2])]
- b[3]=fbsub[Int(b[3])]
- return pack(b);
- }
-
- private static func product(x: UInt32,_ y: UInt32) -> UInt8
- { /* dot product of two 4-byte arrays */
- var xb=unpack(x);
- var yb=unpack(y);
-
- return (bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]))
- }
-
- private static func InvMixCol(x: UInt32) -> UInt32
- { /* matrix Multiplication */
- var b=[UInt8](count:4,repeatedValue:0)
- var m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- let y=pack(b)
- return y
- }
-
- /* reset cipher */
- func reset(m: Int,_ iv:[UInt8]?)
- { /* reset mode, or reset iv */
- mode=m;
- for var i=0;i<16;i++ {f[i]=0}
- if (mode != AES.ECB) && (iv != nil)
- {for var i=0;i<16;i++ {f[i]=iv![i]}} /*??*/
- }
-
- func init_it(m:Int,_ key:[UInt8],_ iv:[UInt8]?)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- var CipherKey=[UInt32](count:4,repeatedValue:0)
- var b=[UInt8](count:4,repeatedValue:0)
- let nk=4;
- reset(m,iv);
- let N=44;
-
- var j=0
- for var i=0;i<nk;i++
- {
- for var k=0;k<4;k++ {b[k]=key[j+k]}
- CipherKey[i]=AES.pack(b);
- j+=4;
- }
- for var i=0;i<nk;i++ {fkey[i]=CipherKey[i]}
- j=nk
- for var k=0;j<N;k++
- {
- fkey[j]=fkey[j-nk]^AES.SubByte(AES.ROTL24(fkey[j-1]))^UInt32(AES.rco[k])
- for var i=1;i<nk && (i+j)<N;i++
- {
- fkey[i+j]=fkey[i+j-nk]^fkey[i+j-1]
- }
- j+=nk
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for var j=0;j<4;j++ {rkey[j+N-4]=fkey[j]}
- for var i=4;i<N-4;i+=4
- {
- let k=N-4-i;
- for var j=0;j<4;j++ {rkey[k+j]=AES.InvMixCol(fkey[i+j])}
- }
- for var j=N-4;j<N;j++ {rkey[j-N+4]=fkey[j]}
- }
-
- func getreg() -> [UInt8]
- {
- var ir=[UInt8](count:16,repeatedValue:0)
- for var i=0;i<16;i++ {ir[i]=f[i]}
- return ir;
- }
-
- /* Encrypt a single block */
- func ecb_encrypt(inout buff:[UInt8])
- {
- var b=[UInt8](count:4,repeatedValue:0)
- var p=[UInt32](count:4,repeatedValue:0)
- var q=[UInt32](count:4,repeatedValue:0)
-
- var j=0
- for var i=0;i<4;i++
- {
- for var k=0;k<4;k++ {b[k]=buff[j+k]}
- p[i]=AES.pack(b);
- p[i]^=fkey[i];
- j+=4
- }
-
- var k=4;
-
- /* State alternates between p and q */
- for var i=1;i<10;i++
- {
- q[0]=fkey[k]^AES.ftable[Int(p[0]&0xff)]^AES.ROTL8(AES.ftable[Int((p[1]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[2]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[3]>>24)&0xff)])
-
- q[1]=fkey[k+1]^AES.ftable[Int(p[1]&0xff)]^AES.ROTL8(AES.ftable[Int((p[2]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[3]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[0]>>24)&0xff)])
-
- q[2]=fkey[k+2]^AES.ftable[Int(p[2]&0xff)]^AES.ROTL8(AES.ftable[Int((p[3]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[0]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[1]>>24)&0xff)])
-
- q[3]=fkey[k+3]^AES.ftable[Int(p[3]&0xff)]^AES.ROTL8(AES.ftable[Int((p[0]>>8)&0xff)])^AES.ROTL16(AES.ftable[Int((p[1]>>16)&0xff)])^AES.ROTL24(AES.ftable[Int((p[2]>>24)&0xff)])
-
- k+=4;
- for (j=0;j<4;j++)
- {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=fkey[k]^UInt32(AES.fbsub[Int(p[0]&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[1]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[2]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[3]>>24)&0xff)]))
-
- q[1]=fkey[k+1]^UInt32(AES.fbsub[Int(p[1]&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[2]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[3]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[0]>>24)&0xff)]))
-
- q[2]=fkey[k+2]^UInt32(AES.fbsub[Int(p[2]&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[3]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[0]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[1]>>24)&0xff)]))
-
- q[3]=fkey[k+3]^UInt32(AES.fbsub[Int((p[3])&0xff)])^AES.ROTL8(UInt32(AES.fbsub[Int((p[0]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.fbsub[Int((p[1]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.fbsub[Int((p[2]>>24)&0xff)]))
-
- j=0
- for var i=0;i<4;i++
- {
- b=AES.unpack(q[i])
- for var k=0;k<4;k++ {buff[j+k]=b[k]}
- j+=4
- }
- }
-
- /* Decrypt a single block */
- func ecb_decrypt(inout buff:[UInt8])
- {
- var b=[UInt8](count:4,repeatedValue:0)
- var p=[UInt32](count:4,repeatedValue:0)
- var q=[UInt32](count:4,repeatedValue:0)
-
- var j=0
- for var i=0;i<4;i++
- {
- for var k=0;k<4;k++ {b[k]=buff[j+k]}
- p[i]=AES.pack(b);
- p[i]^=rkey[i];
- j+=4
- }
-
- var k=4
-
- /* State alternates between p and q */
- for var i=1;i<10;i++
- {
-
- q[0]=rkey[k]^AES.rtable[Int(p[0]&0xff)]^AES.ROTL8(AES.rtable[Int((p[3]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[2]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[1]>>24)&0xff)])
-
- q[1]=rkey[k+1]^AES.rtable[Int(p[1]&0xff)]^AES.ROTL8(AES.rtable[Int((p[0]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[3]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[2]>>24)&0xff)])
-
-
- q[2]=rkey[k+2]^AES.rtable[Int(p[2]&0xff)]^AES.ROTL8(AES.rtable[Int((p[1]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[0]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[3]>>24)&0xff)])
-
- q[3]=rkey[k+3]^AES.rtable[Int(p[3]&0xff)]^AES.ROTL8(AES.rtable[Int((p[2]>>8)&0xff)])^AES.ROTL16(AES.rtable[Int((p[1]>>16)&0xff)])^AES.ROTL24(AES.rtable[Int((p[0]>>24)&0xff)])
-
-
- k+=4;
- for var j=0;j<4;j++
- {
- let t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
- /* Last Round */
-
- q[0]=rkey[k]^UInt32(AES.rbsub[Int(p[0]&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[3]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[2]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[1]>>24)&0xff)]))
-
- q[1]=rkey[k+1]^UInt32(AES.rbsub[Int(p[1]&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[0]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[3]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[2]>>24)&0xff)]))
-
-
- q[2]=rkey[k+2]^UInt32(AES.rbsub[Int(p[2]&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[1]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[0]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[3]>>24)&0xff)]))
-
- q[3]=rkey[k+3]^UInt32(AES.rbsub[Int((p[3])&0xff)])^AES.ROTL8(UInt32(AES.rbsub[Int((p[2]>>8)&0xff)]))^AES.ROTL16(UInt32(AES.rbsub[Int((p[1]>>16)&0xff)]))^AES.ROTL24(UInt32(AES.rbsub[Int((p[0]>>24)&0xff)]))
-
- j=0
- for var i=0;i<4;i++
- {
- b=AES.unpack(q[i]);
- for var k=0;k<4;k++ {buff[j+k]=b[k]}
- j+=4
- }
- }
-
- /* Encrypt using selected mode of operation */
- func encrypt(inout buff:[UInt8]) -> UInt32
- {
- var st=[UInt8](count:16,repeatedValue:0)
-
- // Supported Modes of Operation
-
- var fell_off:UInt32=0;
- switch (mode)
- {
- case AES.ECB:
- ecb_encrypt(&buff)
- return 0
- case AES.CBC:
- for var j=0;j<16;j++ {buff[j]^=f[j]}
- ecb_encrypt(&buff);
- for var j=0;j<16;j++ {f[j]=buff[j]}
- return 0;
-
- case AES.CFB1:
- fallthrough
- case AES.CFB2:
- fallthrough
- case AES.CFB4:
- let bytes=mode-AES.CFB1+1
- for var j=0;j<bytes;j++ {fell_off=(fell_off<<8)|UInt32(f[j])}
- for var j=0;j<16;j++ {st[j]=f[j]}
- for var j=bytes;j<16;j++ {f[j-bytes]=f[j]}
- ecb_encrypt(&st);
- for var j=0;j<bytes;j++
- {
- buff[j]^=st[j];
- f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case AES.OFB1:
- fallthrough
- case AES.OFB2:
- fallthrough
- case AES.OFB4:
- fallthrough
- case AES.OFB8:
- fallthrough
- case AES.OFB16:
-
- let bytes=mode-AES.OFB1+1
- ecb_encrypt(&f)
- for var j=0;j<bytes;j++ {buff[j]^=f[j]}
- return 0;
-
- default:
- return 0;
- }
- }
-
- /* Decrypt using selected mode of operation */
- func decrypt(inout buff:[UInt8]) -> UInt32
- {
-
- var st=[UInt8](count:16,repeatedValue:0)
-
- // Supported Modes of Operation
-
- var fell_off:UInt32=0;
- switch (mode)
- {
- case AES.ECB:
- ecb_decrypt(&buff);
- return 0;
- case AES.CBC:
- for var j=0;j<16;j++
- {
- st[j]=f[j];
- f[j]=buff[j];
- }
- ecb_decrypt(&buff);
- for var j=0;j<16;j++
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case AES.CFB1:
- fallthrough
- case AES.CFB2:
- fallthrough
- case AES.CFB4:
- let bytes=mode-AES.CFB1+1;
- for var j=0;j<bytes;j++ {fell_off=(fell_off<<8)|UInt32(f[j])}
- for var j=0;j<16;j++ {st[j]=f[j]}
- for var j=bytes;j<16;j++ {f[j-bytes]=f[j]}
- ecb_encrypt(&st);
- for var j=0;j<bytes;j++
- {
- f[16-bytes+j]=buff[j]
- buff[j]^=st[j]
- }
- return fell_off
- case AES.OFB1:
- fallthrough
- case AES.OFB2:
- fallthrough
- case AES.OFB4:
- fallthrough
- case AES.OFB8:
- fallthrough
- case AES.OFB16:
- let bytes=mode-AES.OFB1+1
- ecb_encrypt(&f);
- for var j=0;j<bytes;j++ {buff[j]^=f[j]}
- return 0;
-
- default:
- return 0;
- }
- }
-
- /* Clean up and delete left-overs */
- func end()
- { // clean up
- for var i=0;i<44;i++
- {fkey[i]=0; rkey[i]=0}
- for var i=0;i<16;i++
- {f[i]=0}
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/big.swift
----------------------------------------------------------------------
diff --git a/swift/big.swift b/swift/big.swift
deleted file mode 100644
index 3ac9c63..0000000
--- a/swift/big.swift
+++ /dev/null
@@ -1,920 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// big.swift
-//
-//
-// Created by Michael Scott on 12/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-// BIG number class
-//
-
-final class BIG{
- var w=[Int32](count:ROM.NLEN,repeatedValue:0)
-/* Constructors */
- init() {
- for var i=0;i<ROM.NLEN;i++ {w[i]=0}
- }
- init(_ x: Int32)
- {
- w[0]=x;
- for var i=1;i<ROM.NLEN;i++ {w[i]=0}
- }
- init(_ x: BIG)
- {
- for var i=0;i<ROM.NLEN;i++ {w[i]=x.w[i]}
- }
- init(_ x: DBIG)
- {
- for var i=0;i<ROM.NLEN;i++ {w[i]=x.w[i]}
- }
- init(_ x: [Int32])
- {
- for var i=0;i<ROM.NLEN;i++ {w[i]=x[i]}
- }
- func get(i: Int) -> Int32
- {
- return w[i]
- }
- func set(i: Int,_ x: Int32)
- {
- w[i]=x
- }
- func xortop(x: Int32)
- {
- w[ROM.NLEN-1]^=x
- }
- func ortop(x: Int32)
- {
- w[ROM.NLEN-1]|=x
- }
-/* calculate Field Excess */
- static func EXCESS(a: BIG) -> Int32
- {
- return ((a.w[ROM.NLEN-1] & ROM.OMASK)>>Int32(ROM.MODBITS%ROM.BASEBITS))
- }
-/* test for zero */
- func iszilch() -> Bool
- {
- for var i=0;i<ROM.NLEN;i++ {if w[i] != 0 {return false}}
- return true
- }
-/* set to zero */
- func zero()
- {
- for var i=0;i<ROM.NLEN;i++ {w[i] = 0}
- }
-/* set to one */
- func one()
- {
- w[0]=1
- for var i=1;i<ROM.NLEN;i++ {w[i]=0}
- }
-/* Test for equal to one */
- func isunity() -> Bool
- {
- for var i=1;i<ROM.NLEN;i++ {if w[i] != 0 {return false}}
- if w[0] != 1 {return false}
- return true
- }
-/* Copy from another BIG */
- func copy(x: BIG)
- {
- for var i=0;i<ROM.NLEN;i++ {w[i] = x.w[i]}
- }
- func copy(x: DBIG)
- {
- for var i=0;i<ROM.NLEN;i++ {w[i] = x.w[i]}
- }
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- func cswap(b: BIG,_ d: Int32)
- {
- var c:Int32 = d
- c = ~(c-1)
- for var i=0;i<ROM.NLEN;i++
- {
- let t=c&(w[i]^b.w[i])
- w[i]^=t
- b.w[i]^=t
- }
- }
- func cmove(g: BIG,_ d: Int32)
- {
- let b:Int32 = -d;
-
- for var i=0;i<ROM.NLEN;i++
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-/* normalise BIG - force all digits < 2^BASEBITS */
- func norm() -> Int32
- {
- var carry:Int32=0
- for var i=0;i<ROM.NLEN-1;i++
- {
- let d=w[i]+carry
- w[i]=d&ROM.MASK
- carry=d>>ROM.BASEBITS
- }
- w[ROM.NLEN-1]+=carry
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS))
- }
-/* Shift right by less than a word */
- func fshr(k: Int) -> Int32
- {
- let kw=Int32(k)
- let r=w[0]&((Int32(1)<<kw)-1)
- for var i=0;i<ROM.NLEN-1;i++
- {
- w[i]=(w[i]>>kw)|((w[i+1]<<(ROM.BASEBITS-kw))&ROM.MASK)
- }
- w[ROM.NLEN-1]>>=kw;
- return r
- }
-/* general shift right */
- func shr(k: Int)
- {
- let n=Int32(k)%ROM.BASEBITS
- let m=(k/Int(ROM.BASEBITS))
- for var i=0;i<ROM.NLEN-m-1;i++
- {
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK)
- }
- w[ROM.NLEN - m - 1]=w[ROM.NLEN-1]>>n
- for var i=ROM.NLEN - m;i<ROM.NLEN;i++ {w[i]=0}
- }
-/* Shift right by less than a word */
- func fshl(k: Int) -> Int32
- {
- let kw=Int32(k)
- w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<kw))|(w[ROM.NLEN-2]>>(ROM.BASEBITS-kw))
- for var i=ROM.NLEN-2;i>0;i--
- {
- w[i]=((w[i]<<kw)&ROM.MASK)|(w[i-1]>>(ROM.BASEBITS-kw))
- }
- w[0]=(w[0]<<kw)&ROM.MASK
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS))
- }
-/* general shift left */
- func shl(k: Int)
- {
- let n=Int32(k)%ROM.BASEBITS
- let m=(k/Int(ROM.BASEBITS))
- w[ROM.NLEN-1]=((w[ROM.NLEN-1-m]<<n))|(w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n))
- for var i=ROM.NLEN-2;i>m;i--
- {
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n))
- }
- w[m]=(w[0]<<n)&ROM.MASK
- for var i=0;i<m;i++ {w[i]=0}
- }
-/* return number of bits */
- func nbits() -> Int
- {
- var k=(ROM.NLEN-1)
- norm()
- while k>=0 && w[k]==0 {k--}
- if k<0 {return 0}
- var bts=Int(ROM.BASEBITS)*k
- var c=w[k];
- while c != 0 {c/=2; bts++}
- return bts
- }
- func toRawString() -> String
- {
- var s:String="("
- for var i=0;i<ROM.NLEN-1;i++
- {
- let n=String(w[i],radix:16,uppercase:false)
- s+=n
- s+=","
-
- }
- let n=String(w[ROM.NLEN-1],radix:16,uppercase:false)
- s+=n
- s+=")"
- return s
- }
-/* Convert to Hex String */
- func toString() -> String
- {
- _ = BIG()
- var s:String=""
- var len=nbits()
- if len%4 == 0 {len/=4}
- else {len/=4; len++}
- if len<2*Int(ROM.MODBYTES) {len=2*Int(ROM.MODBYTES)}
-
- for var i=len-1;i>=0;i--
- {
- let b = BIG(self)
- b.shr(i*4)
- let n=String(b.w[0]&15,radix:16,uppercase:false)
- s+=n
- }
-
- return s
- }
-/* return this+x */
- func plus(x: BIG) -> BIG
- {
- let s=BIG()
- for var i=0;i<ROM.NLEN;i++
- {
- s.w[i]=w[i]+x.w[i]
- }
- return s
- }
-/* this+=x */
- func add(x: BIG)
- {
- for var i=0;i<ROM.NLEN;i++
- {
- w[i]+=x.w[i]
- }
- }
-/* this+=x, where x is int */
- func inc(x: Int32) {
- norm();
- w[0]+=x;
- }
-/* return this.x */
- func minus(x: BIG) -> BIG
- {
- let d=BIG();
- for var i=0;i<ROM.NLEN;i++
- {
- d.w[i]=w[i]-x.w[i];
- }
- return d;
- }
-/* this-=x */
- func sub(x: BIG)
- {
- for var i=0;i<ROM.NLEN;i++
- {
- w[i]-=x.w[i]
- }
- }
-/* reverse subtract this=x-this */
- func rsub(x: BIG)
- {
- for var i=0;i<ROM.NLEN;i++
- {
- w[i]=x.w[i]-w[i]
- }
- }
-/* this-=x where x is int */
- func dec(x: Int32) {
- norm();
- w[0]-=x;
- }
-/* this*=x, where x is small int<NEXCESS */
- func imul(c: Int32)
- {
- for var i=0;i<ROM.NLEN;i++ {w[i]*=c}
- }
-/* convert this BIG to byte array */
- func tobytearray(inout b: [UInt8],_ n: Int)
- {
- norm();
- let c=BIG(self);
-
- for var i=Int(ROM.MODBYTES)-1;i>=0;i--
- {
- b[i+n]=UInt8(c.w[0]&0xff);
- c.fshr(8);
- }
- }
-/* convert from byte array to BIG */
- static func frombytearray(b: [UInt8],_ n: Int) -> BIG
- {
- let m=BIG();
-
- for var i=0;i<Int(ROM.MODBYTES);i++
- {
- m.fshl(8)
- m.w[0]+=Int32(b[i+n])&0xff //(int)b[i+n]&0xff;
- }
- return m;
- }
- func toBytes(inout b: [UInt8])
- {
- tobytearray(&b,0)
- }
- static func fromBytes(b: [UInt8]) -> BIG
- {
- return frombytearray(b,0)
- }
-/* set this[i]+=x*y+c, and return high part */
- func muladd(x: Int32,_ y: Int32,_ c: Int32,_ i: Int) -> Int32
- {
- let prod:Int64 = Int64(x)*Int64(y)+Int64(c)+Int64(w[i])
- w[i]=Int32(prod&Int64(ROM.MASK))
- return Int32(prod>>Int64(ROM.BASEBITS))
- }
-/* this*=x, where x is >NEXCESS */
- func pmul(c: Int32) -> Int32
- {
- var carry:Int32=0;
- norm();
- for var i=0;i<ROM.NLEN;i++
- {
- let ak=w[i]
- w[i]=0
- carry=muladd(ak,c,carry,i);
- }
- return carry;
- }
-/* this*=c and catch overflow in DBIG */
- func pxmul(c: Int32) -> DBIG
- {
- let m=DBIG()
- var carry:Int32=0
- for var j=0;j<ROM.NLEN;j++
- {
- carry=m.muladd(w[j],c,carry,j)
- }
- m.w[ROM.NLEN]=carry
- return m;
- }
-/* divide by 3 */
- func div3() -> Int32
- {
- var carry:Int32=0
- norm();
- let base=(1<<ROM.BASEBITS);
- for var i=ROM.NLEN-1;i>=0;i--
- {
- let ak=(carry*base+w[i]);
- w[i]=ak/3;
- carry=ak%3;
- }
- return carry;
- }
-/* return a*b where result fits in a BIG */
- static func smul(a: BIG,_ b: BIG) -> BIG
- {
- let c=BIG()
- for var i=0;i<ROM.NLEN;i++
- {
- var carry:Int32=0
- for var j=0;j<ROM.NLEN;j++
- {
- if (i+j<ROM.NLEN) {carry=c.muladd(a.w[i],b.w[j],carry,i+j)}
- }
- }
- return c;
- }
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- static func comp(a: BIG,_ b: BIG) -> Int
- {
- for var i=ROM.NLEN-1;i>=0;i--
- {
- if (a.w[i]==b.w[i]) {continue}
- if (a.w[i]>b.w[i]) {return 1}
- else {return -1}
- }
- return 0;
- }
-/* set x = x mod 2^m */
- func mod2m(m: Int)
- {
- let wd=m/Int(ROM.BASEBITS)
- let bt=Int32(m)%ROM.BASEBITS
- let msk=(1<<bt)-1;
- w[wd]&=msk;
- for var i=wd+1;i<ROM.NLEN;i++ {w[i]=0}
- }
-/* Arazi and Qi inversion mod 256 */
- static func invmod256(a: Int32) -> Int32
- {
- var t1:Int32=0
- var c=(a>>1)&1
- t1+=c
- t1&=1
- t1=2-t1
- t1<<=1
- var U=t1+1
-
- // i=2
- var b=a&3
- t1=U*b; t1>>=2
- c=(a>>2)&3
- var t2=(U*c)&3
- t1+=t2
- t1*=U; t1&=3
- t1=4-t1
- t1<<=2
- U+=t1
-
- // i=4
- b=a&15
- t1=U*b; t1>>=4
- c=(a>>4)&15
- t2=(U*c)&15
- t1+=t2
- t1*=U; t1&=15
- t1=16-t1
- t1<<=4
- U+=t1
-
- return U
- }
-/* return parity */
- func parity() -> Int32
- {
- return Int32(w[0]%2)
- }
-
-/* return n-th bit */
- func bit(n: Int) -> Int32
- {
- if ((w[n/Int(ROM.BASEBITS)]&(Int32(1)<<(Int32(n)%ROM.BASEBITS)))>0) {return 1;}
- else {return 0;}
- }
-
- /* return n last bits */
- func lastbits(n: Int) -> Int32
- {
- let msk=(1<<Int32(n))-1;
- norm();
- return Int32((w[0])&msk)
- }
-/* a=1/a mod 2^256. This is very fast! */
- func invmod2m()
- {
- let U=BIG()
- var b=BIG()
- let c=BIG()
-
- U.inc(BIG.invmod256(Int32(lastbits(8))))
-
- for var i=8;i<256;i<<=1
- {
- b.copy(self)
- b.mod2m(i)
- let t1=BIG.smul(U,b)
- t1.shr(i)
- c.copy(self)
- c.shr(i)
- c.mod2m(i)
-
- let t2=BIG.smul(U,c)
- t2.mod2m(i)
- t1.add(t2)
- b=BIG.smul(t1,U)
- t1.copy(b)
- t1.mod2m(i)
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm()
- t1.shl(i)
- U.add(t1)
- }
- self.copy(U)
- }
- /* reduce this mod m */
- func mod(m: BIG)
- {
- var k=0
- norm()
- if (BIG.comp(self,m)<0) {return}
- repeat
- {
- m.fshl(1)
- k++
- } while (BIG.comp(self,m)>=0)
-
- while (k>0)
- {
- m.fshr(1)
- if (BIG.comp(self,m)>=0)
- {
- sub(m)
- norm()
- }
- k--
- }
- }
- /* divide this by m */
- func div(m: BIG)
- {
- var k=0
- norm()
- let e=BIG(1)
- let b=BIG(self)
- zero()
-
- while (BIG.comp(b,m)>=0)
- {
- e.fshl(1)
- m.fshl(1)
- k++
- }
-
- while (k>0)
- {
- m.fshr(1)
- e.fshr(1)
- if (BIG.comp(b,m)>=0)
- {
- add(e)
- norm()
- b.sub(m)
- b.norm()
- }
- k--;
- }
- }
- /* get 8*MODBYTES size random number */
- static func random(rng: RAND) -> BIG
- {
- let m=BIG();
- var j:Int=0
- var r:UInt8=0
- /* generate random BIG */
- for var i=0;i<Int(8*ROM.MODBYTES);i++
- {
- if (j==0) {r=rng.getByte()}
- else {r>>=1}
-
- let b=Int32(r&1);
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
- }
-
- /* Create random BIG in portable way, one bit at a time, less than q */
- static func randomnum(q: BIG,_ rng: RAND) -> BIG
- {
- let d=DBIG(0);
- var j:Int=0
- var r:UInt8=0
-
- for var i=0;i<Int(2*ROM.MODBITS);i++
- {
- if (j==0) {r=rng.getByte()}
- else {r>>=1}
-
- let b=Int32(r&1);
- d.shl(1); d.w[0]+=b; // m.inc(b);
- j++; j&=7;
- }
- let m=d.mod(q);
- return m;
- }
-
- /* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
- nbs is number of bits processed, and nzs is number of trailing 0s detected */
- static func nafbits(x: BIG,_ x3:BIG ,i:Int) -> [Int32]
- {
- var j:Int
- var n=[Int32](count:3,repeatedValue:0)
- var nb=x3.bit(i)-x.bit(i)
- n[1]=1;
- n[0]=0;
- if (nb==0) {n[0]=0; return n}
- if (i==0) {n[0]=nb; return n}
- if (nb>0) {n[0]=1}
- else {n[0]=(-1)}
-
- for j=i-1;j>0;j--
- {
- n[1]++
- n[0]*=2
- nb=x3.bit(j)-x.bit(j)
- if (nb>0) {n[0]+=1}
- if (nb<0) {n[0]-=1}
- if (n[0]>5 || n[0] < -5) {break}
- }
-
- if ((n[0]%2 != 0) && (j != 0))
- { /* backtrack */
- if (nb>0) {n[0]=(n[0]-1)/2}
- if (nb<0) {n[0]=(n[0]+1)/2}
- n[1]--;
- }
- while (n[0]%2==0)
- { /* remove trailing zeros */
- n[0]/=2
- n[2]++
- n[1]--
- }
- return n;
- }
- /* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- func jacobi(p: BIG) -> Int
- {
- var n8:Int32
- var k:Int
- var m:Int=0;
- let t=BIG()
- let x=BIG()
- let n=BIG()
- let zilch=BIG()
- let one=BIG(1)
- if (p.parity()==0 || BIG.comp(self,zilch)==0 || BIG.comp(p,one)<=0) {return 0}
- norm()
- x.copy(self)
- n.copy(p)
- x.mod(p)
-
- while (BIG.comp(n,one)>0)
- {
- if (BIG.comp(x,zilch)==0) {return 0}
- n8=n.lastbits(3)
- k=0
- while (x.parity()==0)
- {
- k++
- x.shr(1)
- }
- if (k%2==1) {m+=(n8*n8-1)/8}
- m+=(n8-1)*(x.lastbits(2)-1)/4
- t.copy(n)
- t.mod(x)
- n.copy(x)
- x.copy(t)
- m%=2
-
- }
- if (m==0) {return 1}
- else {return -1}
- }
- /* this=1/this mod p. Binary method */
- func invmodp(p: BIG)
- {
- mod(p)
- let u=BIG(self)
- let v=BIG(p)
- let x1=BIG(1)
- let x2=BIG()
- let t=BIG()
- let one=BIG(1)
-
- while ((BIG.comp(u,one) != 0 ) && (BIG.comp(v,one) != 0 ))
- {
- while (u.parity()==0)
- {
- u.shr(1);
- if (x1.parity() != 0 )
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()==0)
- {
- v.shr(1);
- if (x2.parity() != 0 )
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (BIG.comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (BIG.comp(x1,x2)>=0) {x1.sub(x2)}
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (BIG.comp(x2,x1)>=0) {x2.sub(x1)}
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (BIG.comp(u,one)==0) {copy(x1)}
- else {copy(x2)}
- }
- /* return a*b as DBIG */
- static func mul(a: BIG,_ b:BIG) -> DBIG
- {
- var t:Int64
- var co:Int64
- let c=DBIG()
- let RM:Int64=Int64(ROM.MASK);
- let RB:Int64=Int64(ROM.BASEBITS)
- a.norm();
- b.norm();
-
- t=Int64(a.w[0])*Int64(b.w[0]); c.w[0]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[1])*Int64(b.w[0])+Int64(a.w[0])*Int64(b.w[1])+co; c.w[1]=Int32(t&RM); co=t>>RB
-
- t=Int64(a.w[2])*Int64(b.w[0])+Int64(a.w[1])*Int64(b.w[1])+Int64(a.w[0])*Int64(b.w[2])+co; c.w[2]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[3])*Int64(b.w[0])+Int64(a.w[2])*Int64(b.w[1])+Int64(a.w[1])*Int64(b.w[2])+Int64(a.w[0])*Int64(b.w[3])+co; c.w[3]=Int32(t&RM); co=t>>RB
-
- t=Int64(a.w[4])*Int64(b.w[0])+Int64(a.w[3])*Int64(b.w[1])+Int64(a.w[2])*Int64(b.w[2])+Int64(a.w[1])*Int64(b.w[3])+Int64(a.w[0])*Int64(b.w[4])+co; c.w[4]=Int32(t&RM); co=t>>RB;
- t=Int64(a.w[5])*Int64(b.w[0])+Int64(a.w[4])*Int64(b.w[1])+Int64(a.w[3])*Int64(b.w[2])+Int64(a.w[2])*Int64(b.w[3])+Int64(a.w[1])*Int64(b.w[4])+Int64(a.w[0])*Int64(b.w[5])+co; c.w[5]=Int32(t&RM); co=t>>RB;
- t=Int64(a.w[6])*Int64(b.w[0])+Int64(a.w[5])*Int64(b.w[1])+Int64(a.w[4])*Int64(b.w[2])+Int64(a.w[3])*Int64(b.w[3])+Int64(a.w[2])*Int64(b.w[4])+Int64(a.w[1])*Int64(b.w[5])+Int64(a.w[0])*Int64(b.w[6])+co; c.w[6]=Int32(t&RM); co=t>>RB;
- t=Int64(a.w[7])*Int64(b.w[0])+Int64(a.w[6])*Int64(b.w[1])+Int64(a.w[5])*Int64(b.w[2])+Int64(a.w[4])*Int64(b.w[3])+Int64(a.w[3])*Int64(b.w[4])+Int64(a.w[2])*Int64(b.w[5])+Int64(a.w[1])*Int64(b.w[6])+Int64(a.w[0])*Int64(b.w[7])+co; c.w[7]=Int32(t&RM); co=t>>RB;
- t=Int64(a.w[8])*Int64(b.w[0])+Int64(a.w[7])*Int64(b.w[1])+Int64(a.w[6])*Int64(b.w[2])+Int64(a.w[5])*Int64(b.w[3])+Int64(a.w[4])*Int64(b.w[4])+Int64(a.w[3])*Int64(b.w[5])+Int64(a.w[2])*Int64(b.w[6])+Int64(a.w[1])*Int64(b.w[7])+Int64(a.w[0])*Int64(b.w[8])+co; c.w[8]=Int32(t&RM); co=t>>RB;
-
- t=Int64(a.w[8])*Int64(b.w[1])+Int64(a.w[7])*Int64(b.w[2])+Int64(a.w[6])*Int64(b.w[3])+Int64(a.w[5])*Int64(b.w[4])+Int64(a.w[4])*Int64(b.w[5])+Int64(a.w[3])*Int64(b.w[6])+Int64(a.w[2])*Int64(b.w[7])+Int64(a.w[1])*Int64(b.w[8])+co; c.w[9]=Int32(t&RM); co=t>>RB
-
- t=Int64(a.w[8])*Int64(b.w[2])+Int64(a.w[7])*Int64(b.w[3])+Int64(a.w[6])*Int64(b.w[4])+Int64(a.w[5])*Int64(b.w[5])+Int64(a.w[4])*Int64(b.w[6])+Int64(a.w[3])*Int64(b.w[7])+Int64(a.w[2])*Int64(b.w[8])+co; c.w[10]=Int32(t&RM); co=t>>RB
-
- t=Int64(a.w[8])*Int64(b.w[3])+Int64(a.w[7])*Int64(b.w[4])+Int64(a.w[6])*Int64(b.w[5])+Int64(a.w[5])*Int64(b.w[6])+Int64(a.w[4])*Int64(b.w[7])+Int64(a.w[3])*Int64(b.w[8])+co; c.w[11]=Int32(t&RM); co=t>>RB
-
- t=Int64(a.w[8])*Int64(b.w[4])+Int64(a.w[7])*Int64(b.w[5])+Int64(a.w[6])*Int64(b.w[6])+Int64(a.w[5])*Int64(b.w[7])+Int64(a.w[4])*Int64(b.w[8])+co; c.w[12]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(b.w[5])+Int64(a.w[7])*Int64(b.w[6])+Int64(a.w[6])*Int64(b.w[7])+Int64(a.w[5])*Int64(b.w[8])+co; c.w[13]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(b.w[6])+Int64(a.w[7])*Int64(b.w[7])+Int64(a.w[6])*Int64(b.w[8])+co; c.w[14]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(b.w[7])+Int64(a.w[7])*Int64(b.w[8])+co; c.w[15]=Int32(t&RM); co=t>>RB
-
- t=Int64(a.w[8])*Int64(b.w[8])+co; c.w[16]=Int32(t&RM); co=t>>RB
- c.w[17]=Int32(co)
-
- return c
- }
-
- /* return a^2 as DBIG */
- static func sqr(a: BIG) -> DBIG
- {
- var t:Int64
- var co:Int64
- let c=DBIG()
- let RM:Int64=Int64(ROM.MASK);
- let RB:Int64=Int64(ROM.BASEBITS)
- a.norm();
-
- t=Int64(a.w[0])*Int64(a.w[0]); c.w[0]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[1])*Int64(a.w[0]); t+=t; t+=co; c.w[1]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[2])*Int64(a.w[0]);t+=t; t+=Int64(a.w[1])*Int64(a.w[1]);t+=co;c.w[2]=Int32(t&RM);co=t>>RB
- t=Int64(a.w[3])*Int64(a.w[0])+Int64(a.w[2])*Int64(a.w[1]); t+=t; t+=co; c.w[3]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[4])*Int64(a.w[0])+Int64(a.w[3])*Int64(a.w[1]); t+=t; t+=Int64(a.w[2])*Int64(a.w[2]); t+=co; c.w[4]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[5])*Int64(a.w[0])+Int64(a.w[4])*Int64(a.w[1])
- t = t+Int64(a.w[3])*Int64(a.w[2])
- t+=t; t+=co; c.w[5]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[6])*Int64(a.w[0])+Int64(a.w[5])*Int64(a.w[1])
- t = t+Int64(a.w[4])*Int64(a.w[2])
- t+=t; t+=Int64(a.w[3])*Int64(a.w[3]); t+=co; c.w[6]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[7])*Int64(a.w[0])+Int64(a.w[6])*Int64(a.w[1])
- t = t+Int64(a.w[5])*Int64(a.w[2])+Int64(a.w[4])*Int64(a.w[3])
- t+=t; t+=co; c.w[7]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[0])+Int64(a.w[7])*Int64(a.w[1])
- t = t+Int64(a.w[6])*Int64(a.w[2])+Int64(a.w[5])*Int64(a.w[3])
- t+=t; t+=Int64(a.w[4])*Int64(a.w[4]); t+=co; c.w[8]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[1])+Int64(a.w[7])*Int64(a.w[2])
- t = t+Int64(a.w[6])*Int64(a.w[3])+Int64(a.w[5])*Int64(a.w[4])
- t+=t; t+=co; c.w[9]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[2])+Int64(a.w[7])*Int64(a.w[3])
- t = t+Int64(a.w[6])*Int64(a.w[4])
- t+=t; t+=Int64(a.w[5])*Int64(a.w[5]); t+=co; c.w[10]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[3])+Int64(a.w[7])*Int64(a.w[4])
- t = t+Int64(a.w[6])*Int64(a.w[5])
- t+=t; t+=co; c.w[11]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[4])+Int64(a.w[7])*Int64(a.w[5]); t+=t; t+=Int64(a.w[6])*Int64(a.w[6]); t+=co; c.w[12]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[5])+Int64(a.w[7])*Int64(a.w[6]); t+=t; t+=co; c.w[13]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[6]); t+=t; t+=Int64(a.w[7])*Int64(a.w[7]); t+=co; c.w[14]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[7]); t+=t; t+=co; c.w[15]=Int32(t&RM); co=t>>RB
- t=Int64(a.w[8])*Int64(a.w[8])+co; c.w[16]=Int32(t&RM); co=t>>RB
- c.w[17]=Int32(co)
-
- return c;
- }
-
- /* reduce a DBIG to a BIG using the appropriate form of the modulus */
- static func mod(d: DBIG) -> BIG
- {
- var b=BIG()
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- let t=d.split(ROM.MODBITS)
- b=BIG(d)
- let v=t.pmul(ROM.MConst);
- let tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1] &= ROM.TMASK;
- t.inc(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
-
- b.add(t);
- b.norm();
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- for var i=0;i<ROM.NLEN;i++
- {d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1)}
-
- b=BIG(0);
-
- for var i=0;i<ROM.NLEN;i++
- {
- b.w[i]=d.w[ROM.NLEN+i]
- }
- b.norm()
- }
-
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- let md=BIG(ROM.Modulus);
-
- var sum=Int64(d.w[0])
- for var j=0;j<ROM.NLEN;j++
- {
- for var i=0;i<j;i++ {sum+=Int64(d.w[i])*Int64(md.w[j-i])}
- let sp=(Int32(sum&Int64(ROM.MASK))&*ROM.MConst)&ROM.MASK
- d.w[j]=sp; sum+=Int64(sp)*Int64(md.w[0])
- sum=Int64(d.w[j+1])+(sum>>Int64(ROM.BASEBITS))
- }
-
- for var j=ROM.NLEN;j<ROM.DNLEN-2;j++
- {
- for var i=j-ROM.NLEN+1;i<ROM.NLEN;i++ {sum+=Int64(d.w[i])*Int64(md.w[j-i])}
- d.w[j]=Int32(sum&Int64(ROM.MASK))
- sum=Int64(d.w[j+1])+(sum>>Int64(ROM.BASEBITS))
- }
-
- sum+=Int64(d.w[ROM.NLEN-1])*Int64(md.w[ROM.NLEN-1])
- d.w[ROM.DNLEN-2]=Int32(sum&Int64(ROM.MASK))
- sum=Int64(d.w[ROM.DNLEN-1])+(sum>>Int64(ROM.BASEBITS))
- d.w[ROM.DNLEN-1]=Int32(sum&Int64(ROM.MASK))
-
- b=BIG(0);
-
- for var i=0;i<ROM.NLEN;i++
- {
- b.w[i]=d.w[ROM.NLEN+i];
- }
- b.norm();
- }
-
- return b;
- }
-
- /* return a*b mod m */
- static func modmul(a: BIG,_ b :BIG,_ m: BIG) -> BIG
- {
- a.mod(m)
- b.mod(m)
- let d=mul(a,b)
- return d.mod(m)
- }
-
- /* return a^2 mod m */
- static func modsqr(a: BIG,_ m: BIG) -> BIG
- {
- a.mod(m)
- let d=sqr(a)
- return d.mod(m)
- }
-
- /* return -a mod m */
- static func modneg(a: BIG,_ m: BIG) -> BIG
- {
- a.mod(m)
- return m.minus(a)
- }
-
- /* return this^e mod m */
- func powmod(e: BIG,_ m: BIG) -> BIG
- {
- norm();
- e.norm();
- var a=BIG(1)
- let z=BIG(e)
- var s=BIG(self)
- while (true)
- {
- let bt=z.parity();
- z.fshr(1)
- if bt==1 {a=BIG.modmul(a,s,m)}
- if (z.iszilch()) {break}
- s=BIG.modsqr(s,m)
- }
- return a
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/swift/dbig.swift
----------------------------------------------------------------------
diff --git a/swift/dbig.swift b/swift/dbig.swift
deleted file mode 100644
index 9a3d124..0000000
--- a/swift/dbig.swift
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-//
-// dbig.swift
-//
-//
-// Created by Michael Scott on 13/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-final class DBIG{
- var w=[Int32](count:ROM.DNLEN,repeatedValue:0)
- init() {
- for var i=0;i<ROM.DNLEN;i++ {w[i]=0}
- }
- init(_ x: Int32)
- {
- w[0]=x;
- for var i=1;i<ROM.DNLEN;i++ {w[i]=0}
- }
- init(_ x: BIG)
- {
- for var i=0;i<ROM.NLEN;i++ {w[i]=x.w[i]}
- w[ROM.NLEN-1]=x.w[ROM.NLEN-1]&ROM.MASK
- w[ROM.NLEN]=x.w[ROM.NLEN-1]>>ROM.BASEBITS
- for var i=ROM.NLEN+1;i<ROM.DNLEN;i++ {w[i]=0}
- }
- init(_ x: DBIG)
- {
- for var i=0;i<ROM.DNLEN;i++ {w[i]=x.w[i]}
- }
- init(_ x: [Int32])
- {
- for var i=0;i<ROM.DNLEN;i++ {w[i]=x[i]}
- }
- /* this-=x */
- func sub(x: DBIG)
- {
- for var i=0;i<ROM.DNLEN;i++
- {
- w[i]-=x.w[i]
- }
- }
- func muladd(x: Int32,_ y: Int32,_ c: Int32,_ i: Int) -> Int32
- {
- let prod:Int64 = Int64(x)*Int64(y)+Int64(c)+Int64(w[i])
- w[i]=Int32(prod&Int64(ROM.MASK))
- return Int32(prod>>Int64(ROM.BASEBITS))
- }
- /* general shift left */
- func shl(k: Int)
- {
- let n=Int32(k)%ROM.BASEBITS
- let m=(k/Int(ROM.BASEBITS))
- w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<n))|(w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n))
- for var i=ROM.DNLEN-2;i>m;i--
- {
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n))
- }
- w[m]=(w[0]<<n)&ROM.MASK
- for var i=0;i<m;i++ {w[i]=0}
- }
- /* general shift right */
- func shr(k: Int)
- {
- let n=Int32(k)%ROM.BASEBITS
- let m=(k/Int(ROM.BASEBITS))
- for var i=0;i<ROM.DNLEN-m-1;i++
- {
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK)
- }
- w[ROM.DNLEN - m - 1]=w[ROM.DNLEN-1]>>n
- for var i=ROM.DNLEN - m;i<ROM.DNLEN;i++ {w[i]=0}
- }
- /* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- static func comp(a: DBIG,_ b: DBIG) -> Int
- {
- for var i=ROM.DNLEN-1;i>=0;i--
- {
- if (a.w[i]==b.w[i]) {continue}
- if (a.w[i]>b.w[i]) {return 1}
- else {return -1}
- }
- return 0;
- }
- /* normalise BIG - force all digits < 2^BASEBITS */
- func norm()
- {
- var carry:Int32=0
- for var i=0;i<ROM.DNLEN-1;i++
- {
- let d=w[i]+carry
- w[i]=d&ROM.MASK
- carry=d>>ROM.BASEBITS
- }
- w[ROM.DNLEN-1]+=carry
- }
- /* reduces this DBIG mod a BIG, and returns the BIG */
- func mod(c: BIG) -> BIG
- {
- var k:Int=0
- norm()
- let m=DBIG(c)
-
- if DBIG.comp(self,m)<0 {return BIG(self)}
-
- repeat
- {
- m.shl(1)
- k++
- }
- while (DBIG.comp(self,m)>=0);
-
- while (k>0)
- {
- m.shr(1)
- if (DBIG.comp(self,m)>=0)
- {
- sub(m)
- norm()
- }
- k--;
- }
- return BIG(self)
- }
- /* return this/c */
- func div(c:BIG) -> BIG
- {
- var k:Int=0
- let m=DBIG(c)
- let a=BIG(0)
- let e=BIG(1)
- norm()
-
- while (DBIG.comp(self,m)>=0)
- {
- e.fshl(1)
- m.shl(1)
- k++
- }
-
- while (k>0)
- {
- m.shr(1)
- e.shr(1)
- if (DBIG.comp(self,m)>0)
- {
- a.add(e)
- a.norm()
- sub(m)
- norm()
- }
- k--
- }
- return a
- }
-
- /* split DBIG at position n, return higher half, keep lower half */
- func split(n: Int32) -> BIG
- {
- let t=BIG(0)
- let m=n%ROM.BASEBITS
- var carry=w[ROM.DNLEN-1]<<(ROM.BASEBITS-m)
-
- for var i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--
- {
- let nw=(w[i]>>m)|carry;
- carry=(w[i]<<(ROM.BASEBITS-m))&ROM.MASK;
- t.set(i-ROM.NLEN+1,nw);
- }
- w[ROM.NLEN-1]&=Int32((Int32(1)<<m)-1);
- return t;
- }
- /* return number of bits */
- func nbits() -> Int
- {
- var k=(ROM.DNLEN-1)
- norm()
- while k>=0 && w[k]==0 {k--}
- if k<0 {return 0}
- var bts=Int(ROM.BASEBITS)*k
- var c=w[k];
- while c != 0 {c/=2; bts++}
- return bts
- }
- /* Convert to Hex String */
- func toString() -> String
- {
- _ = DBIG()
- var s:String=""
- var len=nbits()
- if len%4 == 0 {len/=4}
- else {len/=4; len++}
-
- for var i=len-1;i>=0;i--
- {
- let b = DBIG(self)
- b.shr(i*4)
- let n=String(b.w[0]&15,radix:16,uppercase:false)
- s+=n
- }
-
- return s
- }
-
-}
[07/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/arch.h
----------------------------------------------------------------------
diff --git a/version22/c/arch.h b/version22/c/arch.h
new file mode 100644
index 0000000..21753bd
--- /dev/null
+++ b/version22/c/arch.h
@@ -0,0 +1,119 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+
+/* Architecture definition header file */
+
+/**
+ * @file arch.h
+ * @author Mike Scott
+ * @date 23rd February 2016
+ * @brief Architecture Header File
+ *
+ * Specify Processor Architecture
+ *
+ */
+
+/* NOTE: There is only one user configurable section in this header - see below */
+
+#ifndef ARCH_H
+#define ARCH_H
+
+
+
+
+/*** START OF USER CONFIGURABLE SECTION - set architecture ***/
+
+#ifdef CMAKE
+#define CHUNK @AMCL_CHUNK@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
+#else
+#define CHUNK 32 /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
+#endif
+
+/*** END OF USER CONFIGURABLE SECTION ***/
+
+
+
+/* Create Integer types */
+/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
+
+#if __STDC_VERSION__ >= 199901L
+/* C99 code */
+#define C99
+#else
+/* Not C99 code */
+#endif
+
+#ifndef C99 /* You are on your own! These are for Microsoft C */
+#define sign32 __int32 /**< 32-bit signed integer */
+#define sign8 signed char /**< 8-bit signed integer */
+#define unsign32 unsigned __int32 /**< 32-bit unsigned integer */
+#define unsign64 unsigned long long /**< 64-bit unsigned integer */
+#else
+#include <stdint.h>
+#define sign8 int8_t /**< 8-bit signed integer */
+#define sign32 int32_t /**< 32-bit signed integer */
+#define unsign32 uint32_t /**< 32-bit unsigned integer */
+#define unsign64 uint64_t /**< 64-bit unsigned integer */
+#endif
+
+#define uchar unsigned char /**< Unsigned char */
+
+/* Don't mess with anything below this line unless you know what you are doing */
+/* This next is probably OK, but may need changing for non-C99-standard environments */
+
+/* This next is probably OK, but may need changing for non-C99-standard environments */
+
+#if CHUNK==16
+#ifndef C99
+#define chunk __int16 /**< C type corresponding to word length */
+#define dchunk __int32 /**< Always define double length chunk type if available */
+#else
+#define chunk int16_t /**< C type corresponding to word length */
+#define dchunk int32_t /**< Always define double length chunk type if available */
+#endif
+#endif
+
+#if CHUNK == 32
+#ifndef C99
+#define chunk __int32 /**< C type corresponding to word length */
+#define dchunk __int64 /**< Always define double length chunk type if available */
+#else
+#define chunk int32_t /**< C type corresponding to word length */
+#define dchunk int64_t /**< Always define double length chunk type if available */
+#endif
+#endif
+
+#if CHUNK == 64
+
+#ifndef C99
+#define chunk __int64 /**< C type corresponding to word length */
+/**< Note - no 128-bit type available */
+#else
+#define chunk int64_t /**< C type corresponding to word length */
+#ifdef __GNUC__
+#define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
+#endif
+#endif
+#endif
+
+#ifdef dchunk
+#define COMBA /**< Use COMBA method for faster BN muls, sqrs and reductions */
+#endif
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/benchtest_ec.c
----------------------------------------------------------------------
diff --git a/version22/c/benchtest_ec.c b/version22/c/benchtest_ec.c
new file mode 100644
index 0000000..5929d0b
--- /dev/null
+++ b/version22/c/benchtest_ec.c
@@ -0,0 +1,212 @@
+/* Test and benchmark elliptic curve and RSA functions
+ First build amcl.a from build_ec batch file
+ gcc -O3 benchtest_ec.c amcl.a -o benchtest_ec.exe
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "amcl.h"
+#include "rsa.h"
+
+#define MIN_TIME 10.0
+#define MIN_ITERS 10
+
+int main()
+{
+ csprng RNG;
+ BIG s,r,x,y;
+ ECP P,G;
+ FP12 g;
+ int i,iterations;
+ clock_t start;
+ double elapsed;
+ char pr[10];
+ unsigned long ran;
+ rsa_public_key pub;
+ rsa_private_key priv;
+ char m[RFS],d[RFS],c[RFS];
+ octet M= {0,sizeof(m),m};
+ octet D= {0,sizeof(d),d};
+ octet C= {0,sizeof(c),c};
+
+#if CHOICE==NIST256
+ printf("NIST256 Curve\n");
+#endif
+#if CHOICE==C25519
+ printf("C25519 Curve\n");
+#endif
+#if CHOICE==BRAINPOOL
+ printf("BRAINPOOL Curve\n");
+#endif
+#if CHOICE==ANSSI
+ printf("ANSSI Curve\n");
+#endif
+#if CHOICE==MF254
+ printf("MF254 Curve\n");
+#endif
+#if CHOICE==MS255
+ printf("MS255 Curve\n");
+#endif
+#if CHOICE==MF256
+ printf("MF256 Curve\n");
+#endif
+#if CHOICE==MS256
+ printf("MS256 Curve\n");
+#endif
+#if CHOICE==HIFIVE
+ printf("HIFIVE Curve\n");
+#endif
+#if CHOICE==GOLDILOCKS
+ printf("GOLDILOCKS Curve\n");
+#endif
+#if CHOICE==NIST384
+ printf("NIST384 Curve\n");
+#endif
+#if CHOICE==C41417
+ printf("C41417 Curve\n");
+#endif
+#if CHOICE==NIST521
+ printf("NIST521 Curve\n");
+#endif
+
+#if CHOICE==BN254
+ printf("BN254 Curve\n");
+#endif
+#if CHOICE==BN454
+ printf("BN454 Curve\n");
+#endif
+#if CHOICE==BN646
+ printf("BN646 Curve\n");
+#endif
+
+#if CHOICE==BN254_CX
+ printf("BN254_CX Curve\n");
+#endif
+#if CHOICE==BN254_T
+ printf("BN254_T Curve\n");
+#endif
+#if CHOICE==BN254_T2
+ printf("BN254_T2 Curve\n");
+#endif
+#if CHOICE==BLS455
+ printf("BLS455 Curve\n");
+#endif
+#if CHOICE==BLS383
+ printf("BLS383 Curve\n");
+#endif
+
+#if CURVETYPE==WEIERSTRASS
+ printf("Weierstrass parameterization\n");
+#endif
+#if CURVETYPE==EDWARDS
+ printf("Edwards parameterization\n");
+#endif
+#if CURVETYPE==MONTGOMERY
+ printf("Montgomery parameterization\n");
+#endif
+
+#if CHUNK==16
+ printf("16-bit Build\n");
+#endif
+#if CHUNK==32
+ printf("32-bit Build\n");
+#endif
+#if CHUNK==64
+ printf("64-bit Build\n");
+#endif
+
+ time((time_t *)&ran);
+ pr[0]=ran;
+ pr[1]=ran>>8;
+ pr[2]=ran>>16;
+ pr[3]=ran>>24;
+ for (i=4;i<10;i++) pr[i]=i;
+ RAND_seed(&RNG,10,pr);
+
+ BIG_rcopy(x,CURVE_Gx);
+#if CURVETYPE!=MONTGOMERY
+ BIG_rcopy(y,CURVE_Gy);
+ ECP_set(&G,x,y);
+#else
+ ECP_set(&G,x);
+#endif
+
+ BIG_rcopy(r,CURVE_Order);
+ BIG_randomnum(s,r,&RNG);
+ ECP_copy(&P,&G);
+ ECP_mul(&P,r);
+
+ if (!ECP_isinf(&P))
+ {
+ printf("FAILURE - rG!=O\n");
+ return 0;
+ }
+
+ iterations=0;
+ start=clock();
+ do {
+ ECP_copy(&P,&G);
+ ECP_mul(&P,s);
+
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("EC mul - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ printf("Generating %d-bit RSA public/private key pair\n",FFLEN*BIGBITS);
+
+ iterations=0;
+ start=clock();
+ do {
+ RSA_KEY_PAIR(&RNG,65537,&priv,&pub,NULL,NULL);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("RSA gen - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ //FF_randomnum(plain,pub.n,&RNG,FFLEN);
+
+ M.len=RFS;
+ for (i=0;i<RFS;i++) M.val[i]=i%128;
+
+ iterations=0;
+ start=clock();
+ do {
+ RSA_ENCRYPT(&pub,&M,&C);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("RSA enc - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ iterations=0;
+ start=clock();
+ do {
+ RSA_DECRYPT(&priv,&C,&D);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("RSA dec - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ for (i=0;i<RFS;i++)
+ {
+ if (M.val[i]!=D.val[i])
+ {
+ printf("FAILURE - RSA decryption\n");
+ return 0;
+ }
+ }
+
+ printf("All tests pass\n");
+
+ return 0;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/benchtest_pair.c
----------------------------------------------------------------------
diff --git a/version22/c/benchtest_pair.c b/version22/c/benchtest_pair.c
new file mode 100644
index 0000000..c9dcf38
--- /dev/null
+++ b/version22/c/benchtest_pair.c
@@ -0,0 +1,257 @@
+/* Test and benchmark pairing functions
+ First build amcl.a from build_pair batch file
+ gcc -O3 benchtest_pair.c amcl.a -o benchtest_pair.exe
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "amcl.h" /* Make sure and select a pairing-friendly curve in here! */
+
+#define MIN_TIME 10.0
+#define MIN_ITERS 10
+
+int main()
+{
+ csprng RNG;
+ BIG q,s,r,x,y,a,b,m;
+ ECP P,G;
+ FP2 wx,wy,f;
+ FP4 c,cp,cpm1,cpm2,cr;
+ ECP2 Q,W;
+ FP12 g,w;
+ unsigned long ran;
+
+ int i,iterations;
+ clock_t start;
+ double elapsed;
+ char pr[10];
+
+#if CHOICE==BN254
+ printf("BN254 Curve\n");
+#endif
+#if CHOICE==BN454
+ printf("BN454 Curve\n");
+#endif
+#if CHOICE==BN646
+ printf("BN646 Curve\n");
+#endif
+
+#if CHOICE==BN254_CX
+ printf("BN254_CX Curve\n");
+#endif
+#if CHOICE==BN254_T
+ printf("BN254_T Curve\n");
+#endif
+#if CHOICE==BN254_T2
+ printf("BN254_T2 Curve\n");
+#endif
+#if CHOICE==BLS455
+ printf("BLS455 Curve\n");
+#endif
+#if CHOICE==BLS383
+ printf("BLS383 Curve\n");
+#endif
+
+#if CHUNK==16
+ printf("16-bit Build\n");
+#endif
+#if CHUNK==32
+ printf("32-bit Build\n");
+#endif
+#if CHUNK==64
+ printf("64-bit Build\n");
+#endif
+
+ time((time_t *)&ran);
+ pr[0]=ran;
+ pr[1]=ran>>8;
+ pr[2]=ran>>16;
+ pr[3]=ran>>24;
+ for (i=4;i<10;i++) pr[i]=i;
+
+ RAND_seed(&RNG,10,pr);
+
+ BIG_rcopy(x,CURVE_Gx);
+
+ BIG_rcopy(y,CURVE_Gy);
+ ECP_set(&G,x,y);
+
+
+ BIG_rcopy(r,CURVE_Order);
+ BIG_randomnum(s,r,&RNG);
+ ECP_copy(&P,&G);
+ PAIR_G1mul(&P,r);
+
+ if (!ECP_isinf(&P))
+ {
+ printf("FAILURE - rG!=O\n");
+ return 0;
+ }
+
+ iterations=0;
+ start=clock();
+ do {
+ ECP_copy(&P,&G);
+ PAIR_G1mul(&P,s);
+
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("G1 mul - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+
+ BIG_rcopy(wx.a,CURVE_Pxa); FP_nres(wx.a);
+ BIG_rcopy(wx.b,CURVE_Pxb); FP_nres(wx.b);
+ BIG_rcopy(wy.a,CURVE_Pya); FP_nres(wy.a);
+ BIG_rcopy(wy.b,CURVE_Pyb); FP_nres(wy.b);
+ ECP2_set(&W,&wx,&wy);
+
+ ECP2_copy(&Q,&W);
+ ECP2_mul(&Q,r);
+
+ if (!ECP2_isinf(&Q))
+ {
+ printf("FAILURE - rQ!=O\n");
+ return 0;
+ }
+
+ iterations=0;
+ start=clock();
+ do {
+ ECP2_copy(&Q,&W);
+ PAIR_G2mul(&Q,s);
+
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("G2 mul - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ PAIR_ate(&w,&Q,&P);
+ PAIR_fexp(&w);
+
+ FP12_copy(&g,&w);
+
+ PAIR_GTpow(&g,r);
+
+ if (!FP12_isunity(&g))
+ {
+ printf("FAILURE - g^r!=1\n");
+ return 0;
+ }
+
+ iterations=0;
+ start=clock();
+ do {
+ FP12_copy(&g,&w);
+ PAIR_GTpow(&g,s);
+
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("GT pow - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ BIG_rcopy(a,CURVE_Fra);
+ BIG_rcopy(b,CURVE_Frb);
+ FP2_from_BIGs(&f,a,b);
+
+ BIG_rcopy(q,Modulus);
+
+ BIG_copy(m,q);
+ BIG_mod(m,r);
+
+ BIG_copy(a,s);
+ BIG_mod(a,m);
+
+ BIG_copy(b,s);
+ BIG_sdiv(b,m);
+
+ FP12_copy(&g,&w);
+ FP12_trace(&c,&g);
+
+ FP12_frob(&g,&f);
+ FP12_trace(&cp,&g);
+
+ FP12_conj(&w,&w);
+ FP12_mul(&g,&w);
+
+ FP12_trace(&cpm1,&g);
+ FP12_mul(&g,&w);
+ FP12_trace(&cpm2,&g);
+
+ iterations=0;
+ start=clock();
+ do {
+ FP4_xtr_pow2(&cr,&cp,&c,&cpm1,&cpm2,a,b);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("GT pow (compressed) - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ iterations=0;
+ start=clock();
+ do {
+ PAIR_ate(&w,&Q,&P);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("PAIRing ATE - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ iterations=0;
+ start=clock();
+ do {
+ FP12_copy(&g,&w);
+ PAIR_fexp(&g);
+ iterations++;
+ elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
+ } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
+ elapsed=1000.0*elapsed/iterations;
+ printf("PAIRing FEXP - %8d iterations ",iterations);
+ printf(" %8.2lf ms per iteration\n",elapsed);
+
+ ECP_copy(&P,&G);
+ ECP2_copy(&Q,&W);
+
+ PAIR_G1mul(&P,s);
+ PAIR_ate(&g,&Q,&P);
+ PAIR_fexp(&g);
+
+ ECP_copy(&P,&G);
+
+ PAIR_G2mul(&Q,s);
+ PAIR_ate(&w,&Q,&P);
+ PAIR_fexp(&w);
+
+ if (!FP12_equals(&g,&w))
+ {
+ printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
+ return 0;
+ }
+
+ ECP2_copy(&Q,&W);
+ PAIR_ate(&g,&Q,&P);
+ PAIR_fexp(&g);
+
+ PAIR_GTpow(&g,s);
+
+ if (!FP12_equals(&g,&w))
+ {
+ printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
+ return 0;
+ }
+
+ printf("All tests pass\n");
+
+ return 0;
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/big.c
----------------------------------------------------------------------
diff --git a/version22/c/big.c b/version22/c/big.c
new file mode 100644
index 0000000..1fe6259
--- /dev/null
+++ b/version22/c/big.c
@@ -0,0 +1,1525 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+
+/* AMCL basic functions for BIG type */
+/* SU=m, SU is Stack Usage */
+
+#include "amcl.h"
+
+/* Calculates x*y+c+*r */
+
+#ifdef dchunk
+
+/* Method required to calculate x*y+c+r, bottom half in r, top half returned */
+chunk muladd(chunk x,chunk y,chunk c,chunk *r)
+{
+ dchunk prod=(dchunk)x*y+c+*r;
+ *r=(chunk)prod&BMASK;
+ return (chunk)(prod>>BASEBITS);
+}
+
+#else
+
+/* No integer type available that can store double the wordlength */
+/* accumulate partial products */
+
+chunk muladd(chunk x,chunk y,chunk c,chunk *r)
+{
+ chunk x0,x1,y0,y1;
+ chunk bot,top,mid,carry;
+ x0=x&HMASK;
+ x1=(x>>HBITS);
+ y0=y&HMASK;
+ y1=(y>>HBITS);
+ bot=x0*y0;
+ top=x1*y1;
+ mid=x0*y1+x1*y0;
+ x0=mid&HMASK1;
+ x1=(mid>>HBITS1);
+ bot+=x0<<HBITS;
+ bot+=*r;
+ bot+=c;
+
+#if HDIFF==1
+ bot+=(top&HDIFF)<<(BASEBITS-1);
+ top>>=HDIFF;
+#endif
+
+ top+=x1;
+ carry=bot>>BASEBITS;
+ bot&=BMASK;
+ top+=carry;
+
+ *r=bot;
+ return top;
+}
+
+#endif
+
+/*
+
+// Alternative non Standard Solution required if no type available that can store double the wordlength
+// The use of compiler intrinsics is permitted
+
+
+#if CHUNK==64
+#ifdef _WIN64
+#include <intrin.h>
+
+static INLINE chunk muladd(chunk x,chunk y,chunk c,chunk *r)
+{
+ chunk t,e;
+ uchunk b;
+ b=_mul128(x,y,&t);
+ e=c+*r;
+ b+=e;
+// make correction for possible carry to top half
+ if (e<0)
+ t-=(b>e);
+ else
+ t+=(b<e);
+
+ *r=b&MASK;
+ return (chunk)((t<<(CHUNK-BASEBITS)) | (b>>BASEBITS));
+}
+
+#endif
+#endif
+
+*/
+
+/* test a=0? */
+int BIG_iszilch(BIG a)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ if (a[i]!=0) return 0;
+ return 1;
+}
+
+/* test a=0? */
+int BIG_diszilch(DBIG a)
+{
+ int i;
+ for (i=0; i<DNLEN; i++)
+ if (a[i]!=0) return 0;
+ return 1;
+}
+
+/* SU= 56 */
+/* output a */
+void BIG_output(BIG a)
+{
+ BIG b;
+ int i,len;
+ len=BIG_nbits(a);
+ if (len%4==0) len/=4;
+ else
+ {
+ len/=4;
+ len++;
+ }
+ if (len<MODBYTES*2) len=MODBYTES*2;
+
+ for (i=len-1; i>=0; i--)
+ {
+ BIG_copy(b,a);
+ BIG_shr(b,i*4);
+ printf("%01x",(unsigned int) b[0]&15);
+ }
+}
+
+/* SU= 16 */
+void BIG_rawoutput(BIG a)
+{
+ int i;
+ printf("(");
+ for (i=0; i<NLEN-1; i++)
+#if CHUNK==64
+ printf("%"PRIxMAX",",(uint64_t) a[i]);
+ printf("%"PRIxMAX")",(uint64_t) a[NLEN-1]);
+#else
+ printf("%x,",(unsigned int) a[i]);
+ printf("%x)",(unsigned int) a[NLEN-1]);
+#endif
+}
+/*
+void BIG_rawdoutput(DBIG a)
+{
+ int i;
+ printf("(");
+ for (i=0;i<DNLEN-1;i++)
+#if CHUNK==64
+ printf("%llx,",(long long unsigned int) a[i]);
+ printf("%llx)",(long long unsigned int) a[DNLEN-1]);
+#else
+ printf("%x,",(unsigned int) a[i]);
+ printf("%x)",(unsigned int) a[NLEN-1]);
+#endif
+}
+*/
+/* Swap a and b if d=1 */
+void BIG_cswap(BIG a,BIG b,int d)
+{
+ int i;
+ chunk t,c=d;
+ c=~(c-1);
+#ifdef DEBUG_NORM
+ for (i=0; i<=NLEN; i++)
+#else
+ for (i=0; i<NLEN; i++)
+#endif
+ {
+ t=c&(a[i]^b[i]);
+ a[i]^=t;
+ b[i]^=t;
+ }
+}
+
+/* Move b to a if d=1 */
+void BIG_cmove(BIG f,BIG g,int d)
+{
+ int i;
+ chunk b=(chunk)-d;
+#ifdef DEBUG_NORM
+ for (i=0; i<=NLEN; i++)
+#else
+ for (i=0; i<NLEN; i++)
+#endif
+ {
+ f[i]^=(f[i]^g[i])&b;
+ }
+}
+
+/* Move g to f if d=1 */
+void BIG_dcmove(DBIG f,DBIG g,int d)
+{
+ int i;
+ chunk b=(chunk)-d;
+#ifdef DEBUG_NORM
+ for (i=0; i<=DNLEN; i++)
+#else
+ for (i=0; i<DNLEN; i++)
+#endif
+ {
+ f[i]^=(f[i]^g[i])&b;
+ }
+}
+
+/* convert BIG to/from bytes */
+/* SU= 64 */
+void BIG_toBytes(char *b,BIG a)
+{
+ int i;
+ BIG c;
+ BIG_norm(a);
+ BIG_copy(c,a);
+ for (i=MODBYTES-1; i>=0; i--)
+ {
+ b[i]=c[0]&0xff;
+ BIG_fshr(c,8);
+ }
+}
+
+/* SU= 16 */
+void BIG_fromBytes(BIG a,char *b)
+{
+ int i;
+ BIG_zero(a);
+ for (i=0; i<MODBYTES; i++)
+ {
+ BIG_fshl(a,8);
+ a[0]+=(int)(unsigned char)b[i];
+ //BIG_inc(a,(int)(unsigned char)b[i]); BIG_norm(a);
+ }
+#ifdef DEBUG_NORM
+ a[NLEN]=0;
+#endif
+}
+
+void BIG_fromBytesLen(BIG a,char *b,int s)
+{
+ int i,len=s;
+ BIG_zero(a);
+
+ if (s>MODBYTES) s=MODBYTES;
+ for (i=0; i<len; i++)
+ {
+ BIG_fshl(a,8);
+ a[0]+=(int)(unsigned char)b[i];
+ }
+#ifdef DEBUG_NORM
+ a[NLEN]=0;
+#endif
+}
+
+
+
+/* SU= 88 */
+void BIG_doutput(DBIG a)
+{
+ DBIG b;
+ int i,len;
+ BIG_dnorm(a);
+ len=BIG_dnbits(a);
+ if (len%4==0) len/=4;
+ else
+ {
+ len/=4;
+ len++;
+ }
+
+ for (i=len-1; i>=0; i--)
+ {
+ BIG_dcopy(b,a);
+ BIG_dshr(b,i*4);
+ printf("%01x",(unsigned int) b[0]&15);
+ }
+}
+
+/* Copy b=a */
+void BIG_copy(BIG b,BIG a)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ b[i]=a[i];
+#ifdef DEBUG_NORM
+ b[NLEN]=a[NLEN];
+#endif
+}
+
+/* Copy from ROM b=a */
+void BIG_rcopy(BIG b,const BIG a)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ b[i]=a[i];
+#ifdef DEBUG_NORM
+ b[NLEN]=0;
+#endif
+}
+
+/* double length DBIG copy b=a */
+void BIG_dcopy(DBIG b,DBIG a)
+{
+ int i;
+ for (i=0; i<DNLEN; i++)
+ b[i]=a[i];
+#ifdef DEBUG_NORM
+ b[DNLEN]=a[DNLEN];
+#endif
+}
+
+/* Copy BIG to bottom half of DBIG */
+void BIG_dscopy(DBIG b,BIG a)
+{
+ int i;
+ for (i=0; i<NLEN-1; i++)
+ b[i]=a[i];
+
+ b[NLEN-1]=a[NLEN-1]&BMASK; /* top word normalized */
+ b[NLEN]=a[NLEN-1]>>BASEBITS;
+
+ for (i=NLEN+1; i<DNLEN; i++) b[i]=0;
+#ifdef DEBUG_NORM
+ b[DNLEN]=a[NLEN];
+#endif
+}
+
+/* Copy BIG to top half of DBIG */
+void BIG_dsucopy(DBIG b,BIG a)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ b[i]=0;
+ for (i=NLEN; i<DNLEN; i++)
+ b[i]=a[i-NLEN];
+#ifdef DEBUG_NORM
+ b[DNLEN]=a[NLEN];
+#endif
+}
+
+/* Copy bottom half of DBIG to BIG */
+void BIG_sdcopy(BIG b,DBIG a)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ b[i]=a[i];
+#ifdef DEBUG_NORM
+ b[NLEN]=a[DNLEN];
+#endif
+}
+
+/* Copy top half of DBIG to BIG */
+void BIG_sducopy(BIG b,DBIG a)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ b[i]=a[i+NLEN];
+#ifdef DEBUG_NORM
+ b[NLEN]=a[DNLEN];
+#endif
+}
+
+/* Set a=0 */
+void BIG_zero(BIG a)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ a[i]=0;
+#ifdef DEBUG_NORM
+ a[NLEN]=0;
+#endif
+}
+
+void BIG_dzero(DBIG a)
+{
+ int i;
+ for (i=0; i<DNLEN; i++)
+ a[i]=0;
+#ifdef DEBUG_NORM
+ a[DNLEN]=0;
+#endif
+}
+
+/* set a=1 */
+void BIG_one(BIG a)
+{
+ int i;
+ a[0]=1;
+ for (i=1; i<NLEN; i++)
+ a[i]=0;
+#ifdef DEBUG_NORM
+ a[NLEN]=0;
+#endif
+}
+
+
+
+/* Set c=a+b */
+/* SU= 8 */
+void BIG_add(BIG c,BIG a,BIG b)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ c[i]=a[i]+b[i];
+#ifdef DEBUG_NORM
+ c[NLEN]=a[NLEN]+b[NLEN]+1;
+ if (c[NLEN]>=NEXCESS) printf("add problem - digit overflow %d\n",c[NLEN]);
+#endif
+}
+
+/* Set c=c+d */
+void BIG_inc(BIG c,int d)
+{
+ BIG_norm(c);
+ c[0]+=(chunk)d;
+#ifdef DEBUG_NORM
+ c[NLEN]=1;
+#endif
+}
+
+/* Set c=a-b */
+/* SU= 8 */
+void BIG_sub(BIG c,BIG a,BIG b)
+{
+ int i;
+ for (i=0; i<NLEN; i++)
+ c[i]=a[i]-b[i];
+#ifdef DEBUG_NORM
+ c[NLEN]=a[NLEN]+b[NLEN]+1;
+ if (c[NLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[NLEN]);
+#endif
+}
+
+/* SU= 8 */
+
+void BIG_dsub(DBIG c,DBIG a,DBIG b)
+{
+ int i;
+ for (i=0; i<DNLEN; i++)
+ c[i]=a[i]-b[i];
+#ifdef DEBUG_NORM
+ c[DNLEN]=a[DNLEN]+b[DNLEN]+1;
+ if (c[DNLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[DNLEN]);
+#endif
+}
+
+
+/* Set c=c-1 */
+void BIG_dec(BIG c,int d)
+{
+ BIG_norm(c);
+ c[0]-=(chunk)d;
+#ifdef DEBUG_NORM
+ c[NLEN]=1;
+#endif
+}
+
+/* multiplication r=a*c by c<=NEXCESS */
+void BIG_imul(BIG r,BIG a,int c)
+{
+ int i;
+ for (i=0; i<NLEN; i++) r[i]=a[i]*c;
+#ifdef DEBUG_NORM
+ r[NLEN]=(a[NLEN]+1)*c-1;
+ if (r[NLEN]>=NEXCESS) printf("int mul problem - digit overflow %d\n",r[NLEN]);
+#endif
+}
+
+/* multiplication r=a*c by larger integer - c<=FEXCESS */
+/* SU= 24 */
+chunk BIG_pmul(BIG r,BIG a,int c)
+{
+ int i;
+ chunk ak,carry=0;
+ BIG_norm(a);
+ for (i=0; i<NLEN; i++)
+ {
+ ak=a[i];
+ r[i]=0;
+ carry=muladd(ak,(chunk)c,carry,&r[i]);
+ }
+#ifdef DEBUG_NORM
+ r[NLEN]=0;
+#endif
+ return carry;
+}
+
+/* r/=3 */
+/* SU= 16 */
+int BIG_div3(BIG r)
+{
+ int i;
+ chunk ak,base,carry=0;
+ BIG_norm(r);
+ base=((chunk)1<<BASEBITS);
+ for (i=NLEN-1; i>=0; i--)
+ {
+ ak=(carry*base+r[i]);
+ r[i]=ak/3;
+ carry=ak%3;
+ }
+ return (int)carry;
+}
+
+/* multiplication c=a*b by even larger integer b>FEXCESS, resulting in DBIG */
+/* SU= 24 */
+void BIG_pxmul(DBIG c,BIG a,int b)
+{
+ int j;
+ chunk carry;
+ BIG_dzero(c);
+ carry=0;
+ for (j=0; j<NLEN; j++)
+ carry=muladd(a[j],(chunk)b,carry,&c[j]);
+ c[NLEN]=carry;
+#ifdef DEBUG_NORM
+ c[DNLEN]=0;
+#endif
+}
+
+/* .. if you know the result will fit in a BIG, c must be distinct from a and b */
+/* SU= 40 */
+void BIG_smul(BIG c,BIG a,BIG b)
+{
+ int i,j;
+ chunk carry;
+ BIG_norm(a);
+ BIG_norm(b);
+
+ BIG_zero(c);
+ for (i=0; i<NLEN; i++)
+ {
+ carry=0;
+ for (j=0; j<NLEN; j++)
+ {
+ if (i+j<NLEN)
+ carry=muladd(a[i],b[j],carry,&c[i+j]);
+ }
+ }
+#ifdef DEBUG_NORM
+ c[NLEN]=0;
+#endif
+}
+
+/* Set c=a*b */
+/* SU= 72 */
+void BIG_mul(DBIG c,BIG a,BIG b)
+{
+ int i;
+#ifdef dchunk
+ dchunk t,co;
+ dchunk s;
+ dchunk d[NLEN];
+ int k;
+#endif
+
+ /* change here - a and b MUST be normed on input */
+
+// BIG_norm(a); /* needed here to prevent overflow from addition of partial products */
+// BIG_norm(b);
+
+ /* Faster to Combafy it.. Let the compiler unroll the loops! */
+
+#ifdef COMBA
+
+ /* faster psuedo-Karatsuba method */
+#ifdef UNWOUND
+
+ /* Insert output of faster.c here */
+
+#else
+ for (i=0; i<NLEN; i++)
+ d[i]=(dchunk)a[i]*b[i];
+
+ s=d[0];
+ t=s;
+ c[0]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+
+ for (k=1; k<NLEN; k++)
+ {
+ s+=d[k];
+ t=co+s;
+ for (i=k; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
+ c[k]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ }
+ for (k=NLEN; k<2*NLEN-1; k++)
+ {
+ s-=d[k-NLEN];
+ t=co+s;
+ for (i=NLEN-1; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
+ c[k]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ }
+ c[2*NLEN-1]=(chunk)co;
+
+#endif
+
+#else
+ int j;
+ chunk carry;
+ BIG_dzero(c);
+ for (i=0; i<NLEN; i++)
+ {
+ carry=0;
+ for (j=0; j<NLEN; j++)
+ carry=muladd(a[i],b[j],carry,&c[i+j]);
+
+ c[NLEN+i]=carry;
+ }
+
+#endif
+
+#ifdef DEBUG_NORM
+ c[DNLEN]=0;
+#endif
+}
+
+/* Set c=a*a */
+/* SU= 80 */
+void BIG_sqr(DBIG c,BIG a)
+{
+ int i,j,last;
+#ifdef dchunk
+ dchunk t,co;
+#endif
+
+ /* change here - a MUST be normed on input */
+// BIG_norm(a);
+
+ /* Note 2*a[i] in loop below and extra addition */
+
+#ifdef COMBA
+
+#ifdef UNWOUND
+
+ /* Insert output of faster.c here */
+
+#else
+
+ t=(dchunk)a[0]*a[0];
+ c[0]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ t=(dchunk)a[1]*a[0];
+ t+=t;
+ t+=co;
+ c[1]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+
+ last=NLEN-NLEN%2;
+ for (j=2; j<last; j+=2)
+ {
+ t=(dchunk)a[j]*a[0];
+ for (i=1; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
+ t+=t;
+ t+=co;
+ t+=(dchunk)a[j/2]*a[j/2];
+ c[j]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ t=(dchunk)a[j+1]*a[0];
+ for (i=1; i<(j+2)/2; i++) t+=(dchunk)a[j+1-i]*a[i];
+ t+=t;
+ t+=co;
+ c[j+1]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ }
+ j=last;
+#if NLEN%2==1
+ t=(dchunk)a[j]*a[0];
+ for (i=1; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
+ t+=t;
+ t+=co;
+ t+=(dchunk)a[j/2]*a[j/2];
+ c[j]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ j++;
+ t=(dchunk)a[NLEN-1]*a[j-NLEN+1];
+ for (i=j-NLEN+2; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
+ t+=t;
+ t+=co;
+ c[j]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ j++;
+#endif
+ for (; j<DNLEN-2; j+=2)
+ {
+ t=(dchunk)a[NLEN-1]*a[j-NLEN+1];
+ for (i=j-NLEN+2; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
+ t+=t;
+ t+=co;
+ t+=(dchunk)a[j/2]*a[j/2];
+ c[j]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ t=(dchunk)a[NLEN-1]*a[j-NLEN+2];
+ for (i=j-NLEN+3; i<(j+2)/2; i++) t+=(dchunk)a[j+1-i]*a[i];
+ t+=t;
+ t+=co;
+ c[j+1]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ }
+
+ t=(dchunk)a[NLEN-1]*a[NLEN-1]+co;
+ c[DNLEN-2]=(chunk)t&BMASK;
+ co=t>>BASEBITS;
+ c[DNLEN-1]=(chunk)co;
+#endif
+
+#else
+ chunk carry;
+ BIG_dzero(c);
+ for (i=0; i<NLEN; i++)
+ {
+ carry=0;
+ for (j=i+1; j<NLEN; j++)
+ carry=muladd(a[i],a[j],carry,&c[i+j]);
+ c[NLEN+i]=carry;
+ }
+
+ for (i=0; i<DNLEN; i++) c[i]*=2;
+
+ for (i=0; i<NLEN; i++)
+ c[2*i+1]+=muladd(a[i],a[i],0,&c[2*i]);
+
+ BIG_dnorm(c);
+#endif
+
+
+#ifdef DEBUG_NORM
+ c[DNLEN]=0;
+#endif
+
+}
+
+/* Montgomery reduction */
+void BIG_monty(BIG a,BIG md,chunk MC,DBIG d)
+{
+ int i,k;
+
+#ifdef dchunk
+ dchunk t,c,s;
+ dchunk dd[NLEN];
+ chunk v[NLEN];
+#endif
+
+#ifdef COMBA
+
+#ifdef UNWOUND
+
+ /* Insert output of faster.c here */
+
+#else
+
+ t=d[0];
+ v[0]=((chunk)t*MC)&BMASK;
+ t+=(dchunk)v[0]*md[0];
+ c=(t>>BASEBITS)+d[1];
+ s=0;
+
+ for (k=1; k<NLEN; k++)
+ {
+ t=c+s+(dchunk)v[0]*md[k];
+ for (i=k-1; i>k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
+ v[k]=((chunk)t*MC)&BMASK;
+ t+=(dchunk)v[k]*md[0];
+ c=(t>>BASEBITS)+d[k+1];
+ dd[k]=(dchunk)v[k]*md[k];
+ s+=dd[k];
+ }
+ for (k=NLEN; k<2*NLEN-1; k++)
+ {
+ t=c+s;
+ for (i=NLEN-1; i>=1+k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
+ a[k-NLEN]=(chunk)t&BMASK;
+ c=(t>>BASEBITS)+d[k+1];
+ s-=dd[k-NLEN+1];
+ }
+ a[NLEN-1]=(chunk)c&BMASK;
+
+#endif
+
+#ifdef DEBUG_NORM
+ a[NLEN]=0;
+#endif
+
+#else
+ int j;
+ chunk m,carry;
+ for (i=0; i<NLEN; i++)
+ {
+ if (MC==-1) m=(-d[i])&BMASK;
+ else
+ {
+ if (MC==1) m=d[i];
+ else m=(MC*d[i])&BMASK;
+ }
+ carry=0;
+ for (j=0; j<NLEN; j++)
+ carry=muladd(m,md[j],carry,&d[i+j]);
+ d[NLEN+i]+=carry;
+ }
+ BIG_sducopy(a,d);
+ BIG_norm(a);
+
+#endif
+}
+
+/* General shift left of a by n bits */
+/* a MUST be normalised */
+/* SU= 32 */
+void BIG_shl(BIG a,int k)
+{
+ int i;
+ int n=k%BASEBITS;
+ int m=k/BASEBITS;
+
+// a[NLEN-1]=((a[NLEN-1-m]<<n))|(a[NLEN-m-2]>>(BASEBITS-n));
+
+ a[NLEN-1]=((a[NLEN-1-m]<<n));
+ if (NLEN>=m+2) a[NLEN-1]|=(a[NLEN-m-2]>>(BASEBITS-n));
+
+ for (i=NLEN-2; i>m; i--)
+ a[i]=((a[i-m]<<n)&BMASK)|(a[i-m-1]>>(BASEBITS-n));
+ a[m]=(a[0]<<n)&BMASK;
+ for (i=0; i<m; i++) a[i]=0;
+
+}
+
+/* Fast shift left of a by n bits, where n less than a word, Return excess (but store it as well) */
+/* a MUST be normalised */
+/* SU= 16 */
+int BIG_fshl(BIG a,int n)
+{
+ int i;
+
+ a[NLEN-1]=((a[NLEN-1]<<n))|(a[NLEN-2]>>(BASEBITS-n)); /* top word not masked */
+ for (i=NLEN-2; i>0; i--)
+ a[i]=((a[i]<<n)&BMASK)|(a[i-1]>>(BASEBITS-n));
+ a[0]=(a[0]<<n)&BMASK;
+
+ return (int)(a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* return excess - only used in ff.c */
+}
+
+/* double length left shift of a by k bits - k can be > BASEBITS , a MUST be normalised */
+/* SU= 32 */
+void BIG_dshl(DBIG a,int k)
+{
+ int i;
+ int n=k%BASEBITS;
+ int m=k/BASEBITS;
+
+ a[DNLEN-1]=((a[DNLEN-1-m]<<n))|(a[DNLEN-m-2]>>(BASEBITS-n));
+
+ for (i=DNLEN-2; i>m; i--)
+ a[i]=((a[i-m]<<n)&BMASK)|(a[i-m-1]>>(BASEBITS-n));
+ a[m]=(a[0]<<n)&BMASK;
+ for (i=0; i<m; i++) a[i]=0;
+
+}
+
+/* General shift rightof a by k bits */
+/* a MUST be normalised */
+/* SU= 32 */
+void BIG_shr(BIG a,int k)
+{
+ int i;
+ int n=k%BASEBITS;
+ int m=k/BASEBITS;
+ for (i=0; i<NLEN-m-1; i++)
+ a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&BMASK);
+ if (NLEN>m) a[NLEN-m-1]=a[NLEN-1]>>n;
+ for (i=NLEN-m; i<NLEN; i++) a[i]=0;
+
+}
+
+/* Faster shift right of a by k bits. Return shifted out part */
+/* a MUST be normalised */
+/* SU= 16 */
+int BIG_fshr(BIG a,int k)
+{
+ int i;
+ chunk r=a[0]&(((chunk)1<<k)-1); /* shifted out part */
+ for (i=0; i<NLEN-1; i++)
+ a[i]=(a[i]>>k)|((a[i+1]<<(BASEBITS-k))&BMASK);
+ a[NLEN-1]=a[NLEN-1]>>k;
+ return (int)r;
+}
+
+/* double length right shift of a by k bits - can be > BASEBITS */
+/* SU= 32 */
+void BIG_dshr(DBIG a,int k)
+{
+ int i;
+ int n=k%BASEBITS;
+ int m=k/BASEBITS;
+ for (i=0; i<DNLEN-m-1; i++)
+ a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&BMASK);
+ a[DNLEN-m-1]=a[DNLEN-1]>>n;
+ for (i=DNLEN-m; i<DNLEN; i++ ) a[i]=0;
+}
+
+/* Split DBIG d into two BIGs t|b. Split happens at n bits, where n falls into NLEN word */
+/* d MUST be normalised */
+/* SU= 24 */
+chunk BIG_split(BIG t,BIG b,DBIG d,int n)
+{
+ int i;
+ chunk nw,carry=0;
+ int m=n%BASEBITS;
+// BIG_dnorm(d);
+
+ if (m==0)
+ {
+ for (i=0; i<NLEN; i++) b[i]=d[i];
+ if (t!=b)
+ {
+ for (i=NLEN; i<2*NLEN; i++) t[i-NLEN]=d[i];
+ carry=t[NLEN-1]>>BASEBITS;
+ t[NLEN-1]=t[NLEN-1]&BMASK; /* top word normalized */
+ }
+ return carry;
+ }
+
+ for (i=0; i<NLEN-1; i++) b[i]=d[i];
+
+ b[NLEN-1]=d[NLEN-1]&(((chunk)1<<m)-1);
+
+ if (t!=b)
+ {
+ carry=(d[DNLEN-1]<<(BASEBITS-m));
+ for (i=DNLEN-2; i>=NLEN-1; i--)
+ {
+ nw=(d[i]>>m)|carry;
+ carry=(d[i]<<(BASEBITS-m))&BMASK;
+ t[i-NLEN+1]=nw;
+ }
+ }
+#ifdef DEBUG_NORM
+ t[NLEN]=0;
+ b[NLEN]=0;
+#endif
+ return carry;
+}
+
+/* you gotta keep the sign of carry! Look - no branching! */
+/* Note that sign bit is needed to disambiguate between +ve and -ve values */
+/* normalise BIG - force all digits < 2^BASEBITS */
+chunk BIG_norm(BIG a)
+{
+ int i;
+ chunk d,carry=0;
+ for (i=0; i<NLEN-1; i++)
+ {
+ d=a[i]+carry;
+ a[i]=d&BMASK;
+ carry=d>>BASEBITS;
+ }
+ a[NLEN-1]=(a[NLEN-1]+carry);
+
+#ifdef DEBUG_NORM
+ a[NLEN]=0;
+#endif
+ return (a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* only used in ff.c */
+}
+
+void BIG_dnorm(DBIG a)
+{
+ int i;
+ chunk d,carry=0;
+ for (i=0; i<DNLEN-1; i++)
+ {
+ d=a[i]+carry;
+ a[i]=d&BMASK;
+ carry=d>>BASEBITS;
+ }
+ a[DNLEN-1]=(a[DNLEN-1]+carry);
+#ifdef DEBUG_NORM
+ a[DNLEN]=0;
+#endif
+}
+
+/* Compare a and b. Return 1 for a>b, -1 for a<b, 0 for a==b */
+/* a and b MUST be normalised before call */
+int BIG_comp(BIG a,BIG b)
+{
+ int i;
+ for (i=NLEN-1; i>=0; i--)
+ {
+ if (a[i]==b[i]) continue;
+ if (a[i]>b[i]) return 1;
+ else return -1;
+ }
+ return 0;
+}
+
+int BIG_dcomp(DBIG a,DBIG b)
+{
+ int i;
+ for (i=DNLEN-1; i>=0; i--)
+ {
+ if (a[i]==b[i]) continue;
+ if (a[i]>b[i]) return 1;
+ else return -1;
+ }
+ return 0;
+}
+
+/* return number of bits in a */
+/* SU= 8 */
+int BIG_nbits(BIG a)
+{
+ int bts,k=NLEN-1;
+ chunk c;
+ BIG_norm(a);
+ while (k>=0 && a[k]==0) k--;
+ if (k<0) return 0;
+ bts=BASEBITS*k;
+ c=a[k];
+ while (c!=0)
+ {
+ c/=2;
+ bts++;
+ }
+ return bts;
+}
+
+/* SU= 8, Calculate number of bits in a DBIG - output normalised */
+int BIG_dnbits(DBIG a)
+{
+ int bts,k=DNLEN-1;
+ chunk c;
+ BIG_dnorm(a);
+ while (k>=0 && a[k]==0) k--;
+ if (k<0) return 0;
+ bts=BASEBITS*k;
+ c=a[k];
+ while (c!=0)
+ {
+ c/=2;
+ bts++;
+ }
+ return bts;
+}
+
+
+/* Set b=b mod c */
+/* SU= 16 */
+void BIG_mod(BIG b,BIG c)
+{
+ int k=0;
+ BIG r; /**/
+
+ BIG_norm(b);
+ if (BIG_comp(b,c)<0)
+ return;
+ do
+ {
+ BIG_fshl(c,1);
+ k++;
+ }
+ while (BIG_comp(b,c)>=0);
+
+ while (k>0)
+ {
+ BIG_fshr(c,1);
+
+// constant time...
+ BIG_sub(r,b,c);
+ BIG_norm(r);
+ BIG_cmove(b,r,1-((r[NLEN-1]>>(CHUNK-1))&1));
+ /*
+ if (BIG_comp(b,c)>=0)
+ {
+ BIG_sub(b,b,c);
+ BIG_norm(b);
+ }
+ */
+ k--;
+ }
+}
+
+/* Set a=b mod c, b is destroyed. Slow but rarely used. */
+/* SU= 96 */
+void BIG_dmod(BIG a,DBIG b,BIG c)
+{
+ int k=0;
+ DBIG m,r;
+ BIG_dnorm(b);
+ BIG_dscopy(m,c);
+
+ if (BIG_dcomp(b,m)<0)
+ {
+ BIG_sdcopy(a,b);
+ return;
+ }
+
+ do
+ {
+ BIG_dshl(m,1);
+ k++;
+ }
+ while (BIG_dcomp(b,m)>=0);
+
+ while (k>0)
+ {
+ BIG_dshr(m,1);
+// constant time...
+ BIG_dsub(r,b,m);
+ BIG_dnorm(r);
+ BIG_dcmove(b,r,1-((r[DNLEN-1]>>(CHUNK-1))&1));
+ /*
+ if (BIG_dcomp(b,m)>=0)
+ {
+ BIG_dsub(b,b,m);
+ BIG_dnorm(b);
+ }
+ */
+ k--;
+ }
+ BIG_sdcopy(a,b);
+}
+
+/* Set a=b/c, b is destroyed. Slow but rarely used. */
+/* SU= 136 */
+
+void BIG_ddiv(BIG a,DBIG b,BIG c)
+{
+ int d,k=0;
+ DBIG m,dr;
+ BIG e,r;
+ BIG_dnorm(b);
+ BIG_dscopy(m,c);
+
+ BIG_zero(a);
+ BIG_zero(e);
+ BIG_inc(e,1);
+
+ while (BIG_dcomp(b,m)>=0)
+ {
+ BIG_fshl(e,1);
+ BIG_dshl(m,1);
+ k++;
+ }
+
+ while (k>0)
+ {
+ BIG_dshr(m,1);
+ BIG_fshr(e,1);
+
+ BIG_dsub(dr,b,m);
+ BIG_dnorm(dr);
+ d=1-((dr[DNLEN-1]>>(CHUNK-1))&1);
+ BIG_dcmove(b,dr,d);
+
+ BIG_add(r,a,e);
+ BIG_norm(r);
+ BIG_cmove(a,r,d);
+ /*
+ if (BIG_dcomp(b,m)>=0)
+ {
+ BIG_add(a,a,e);
+ BIG_norm(a);
+ BIG_dsub(b,b,m);
+ BIG_dnorm(b);
+ } */
+ k--;
+ }
+}
+
+/* SU= 136 */
+
+void BIG_sdiv(BIG a,BIG c)
+{
+ int d,k=0;
+ BIG m,e,b,r;
+ BIG_norm(a);
+ BIG_copy(b,a);
+ BIG_copy(m,c);
+
+ BIG_zero(a);
+ BIG_zero(e);
+ BIG_inc(e,1);
+
+ while (BIG_comp(b,m)>=0)
+ {
+ BIG_fshl(e,1);
+ BIG_fshl(m,1);
+ k++;
+ }
+
+ while (k>0)
+ {
+ BIG_fshr(m,1);
+ BIG_fshr(e,1);
+
+ BIG_sub(r,b,m);
+ BIG_norm(r);
+ d=1-((r[NLEN-1]>>(CHUNK-1))&1);
+ BIG_cmove(b,r,d);
+
+ BIG_add(r,a,e);
+ BIG_norm(r);
+ BIG_cmove(a,r,d);
+ /*
+ if (BIG_comp(b,m)>=0)
+ {
+ BIG_sub(b,b,m);
+ BIG_norm(b);
+ BIG_add(a,a,e);
+ BIG_norm(a);
+ } */
+ k--;
+ }
+}
+
+/* return LSB of a */
+int BIG_parity(BIG a)
+{
+ return a[0]%2;
+}
+
+/* return n-th bit of a */
+/* SU= 16 */
+int BIG_bit(BIG a,int n)
+{
+ if (a[n/BASEBITS]&((chunk)1<<(n%BASEBITS))) return 1;
+ else return 0;
+}
+
+/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
+nbs is number of bits processed, and nzs is number of trailing 0s detected */
+/* SU= 32 */
+/*
+int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs)
+{
+ int j,r,nb;
+
+ nb=BIG_bit(x3,i)-BIG_bit(x,i);
+ *nbs=1;
+ *nzs=0;
+ if (nb==0) return 0;
+ if (i==0) return nb;
+
+ if (nb>0) r=1;
+ else r=(-1);
+
+ for (j=i-1;j>0;j--)
+ {
+ (*nbs)++;
+ r*=2;
+ nb=BIG_bit(x3,j)-BIG_bit(x,j);
+ if (nb>0) r+=1;
+ if (nb<0) r-=1;
+ if (abs(r)>5) break;
+ }
+
+ if (r%2!=0 && j!=0)
+ { // backtrack
+ if (nb>0) r=(r-1)/2;
+ if (nb<0) r=(r+1)/2;
+ (*nbs)--;
+ }
+
+ while (r%2==0)
+ { // remove trailing zeros
+ r/=2;
+ (*nzs)++;
+ (*nbs)--;
+ }
+ return r;
+}
+*/
+
+/* return last n bits of a, where n is small < BASEBITS */
+/* SU= 16 */
+int BIG_lastbits(BIG a,int n)
+{
+ int msk=(1<<n)-1;
+ BIG_norm(a);
+ return ((int)a[0])&msk;
+}
+
+/* get 8*MODBYTES size random number */
+void BIG_random(BIG m,csprng *rng)
+{
+ int i,b,j=0,r=0;
+ int len=8*MODBYTES;
+
+ BIG_zero(m);
+ /* generate random BIG */
+ for (i=0; i<len; i++)
+ {
+ if (j==0) r=RAND_byte(rng);
+ else r>>=1;
+ b=r&1;
+ BIG_shl(m,1);
+ m[0]+=b;
+ j++;
+ j&=7;
+ }
+
+#ifdef DEBUG_NORM
+ m[NLEN]=0;
+#endif
+}
+
+/* get random BIG from rng, modulo q. Done one bit at a time, so its portable */
+
+void BIG_randomnum(BIG m,BIG q,csprng *rng)
+{
+ int i,b,j=0,r=0;
+ DBIG d;
+ BIG_dzero(d);
+ /* generate random DBIG */
+ for (i=0; i<2*MODBITS; i++)
+ {
+ if (j==0) r=RAND_byte(rng);
+ else r>>=1;
+ b=r&1;
+ BIG_dshl(d,1);
+ d[0]+=b;
+ j++;
+ j&=7;
+ }
+ /* reduce modulo a BIG. Removes bias */
+ BIG_dmod(m,d,q);
+#ifdef DEBUG_NORM
+ m[NLEN]=0;
+#endif
+}
+
+/* Set r=a*b mod m */
+/* SU= 96 */
+void BIG_modmul(BIG r,BIG a,BIG b,BIG m)
+{
+ DBIG d;
+ BIG_mod(a,m);
+ BIG_mod(b,m);
+//BIG_norm(a); BIG_norm(b);
+ BIG_mul(d,a,b);
+ BIG_dmod(r,d,m);
+}
+
+/* Set a=a*a mod m */
+/* SU= 88 */
+void BIG_modsqr(BIG r,BIG a,BIG m)
+{
+ DBIG d;
+ BIG_mod(a,m);
+//BIG_norm(a);
+ BIG_sqr(d,a);
+ BIG_dmod(r,d,m);
+}
+
+/* Set r=-a mod m */
+/* SU= 16 */
+void BIG_modneg(BIG r,BIG a,BIG m)
+{
+ BIG_mod(a,m);
+ BIG_sub(r,m,a);
+ BIG_mod(r,m);
+}
+
+/* Set a=a/b mod m */
+/* SU= 136 */
+void BIG_moddiv(BIG r,BIG a,BIG b,BIG m)
+{
+ DBIG d;
+ BIG z;
+ BIG_mod(a,m);
+ BIG_invmodp(z,b,m);
+//BIG_norm(a); BIG_norm(z);
+ BIG_mul(d,a,z);
+ BIG_dmod(r,d,m);
+}
+
+/* Get jacobi Symbol (a/p). Returns 0, 1 or -1 */
+/* SU= 216 */
+int BIG_jacobi(BIG a,BIG p)
+{
+ int n8,k,m=0;
+ BIG t,x,n,zilch,one;
+ BIG_one(one);
+ BIG_zero(zilch);
+ if (BIG_parity(p)==0 || BIG_comp(a,zilch)==0 || BIG_comp(p,one)<=0) return 0;
+ BIG_norm(a);
+ BIG_copy(x,a);
+ BIG_copy(n,p);
+ BIG_mod(x,p);
+
+ while (BIG_comp(n,one)>0)
+ {
+ if (BIG_comp(x,zilch)==0) return 0;
+ n8=BIG_lastbits(n,3);
+ k=0;
+ while (BIG_parity(x)==0)
+ {
+ k++;
+ BIG_shr(x,1);
+ }
+ if (k%2==1) m+=(n8*n8-1)/8;
+ m+=(n8-1)*(BIG_lastbits(x,2)-1)/4;
+ BIG_copy(t,n);
+
+ BIG_mod(t,x);
+ BIG_copy(n,x);
+ BIG_copy(x,t);
+ m%=2;
+
+ }
+ if (m==0) return 1;
+ else return -1;
+}
+
+/* Set r=1/a mod p. Binary method */
+/* SU= 240 */
+void BIG_invmodp(BIG r,BIG a,BIG p)
+{
+ BIG u,v,x1,x2,t,one;
+ BIG_mod(a,p);
+ BIG_copy(u,a);
+ BIG_copy(v,p);
+ BIG_one(one);
+ BIG_copy(x1,one);
+ BIG_zero(x2);
+
+ while (BIG_comp(u,one)!=0 && BIG_comp(v,one)!=0)
+ {
+ while (BIG_parity(u)==0)
+ {
+ BIG_shr(u,1);
+ if (BIG_parity(x1)!=0)
+ {
+ BIG_add(x1,p,x1);
+ BIG_norm(x1);
+ }
+ BIG_shr(x1,1);
+ }
+ while (BIG_parity(v)==0)
+ {
+ BIG_shr(v,1);
+ if (BIG_parity(x2)!=0)
+ {
+ BIG_add(x2,p,x2);
+ BIG_norm(x2);
+ }
+ BIG_shr(x2,1);
+ }
+ if (BIG_comp(u,v)>=0)
+ {
+ BIG_sub(u,u,v);
+ BIG_norm(u);
+ if (BIG_comp(x1,x2)>=0) BIG_sub(x1,x1,x2);
+ else
+ {
+ BIG_sub(t,p,x2);
+ BIG_add(x1,x1,t);
+ }
+ BIG_norm(x1);
+ }
+ else
+ {
+ BIG_sub(v,v,u);
+ BIG_norm(v);
+ if (BIG_comp(x2,x1)>=0) BIG_sub(x2,x2,x1);
+ else
+ {
+ BIG_sub(t,p,x1);
+ BIG_add(x2,x2,t);
+ }
+ BIG_norm(x2);
+ }
+ }
+ if (BIG_comp(u,one)==0)
+ BIG_copy(r,x1);
+ else
+ BIG_copy(r,x2);
+}
+
+/* set x = x mod 2^m */
+void BIG_mod2m(BIG x,int m)
+{
+ int i,wd,bt;
+ chunk msk;
+// if (m>=MODBITS) return;
+ wd=m/BASEBITS;
+ bt=m%BASEBITS;
+ msk=((chunk)1<<bt)-1;
+ x[wd]&=msk;
+ for (i=wd+1; i<NLEN; i++) x[i]=0;
+}
+
+// new
+/* Convert to DBIG number from byte array of given length */
+void BIG_dfromBytesLen(DBIG a,char *b,int s)
+{
+ int i,len=s;
+ BIG_dzero(a);
+
+ for (i=0; i<len; i++)
+ {
+ BIG_dshl(a,8);
+ a[0]+=(int)(unsigned char)b[i];
+ }
+#ifdef DEBUG_NORM
+ a[NLEN]=0;
+#endif
+}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/build_ec
----------------------------------------------------------------------
diff --git a/version22/c/build_ec b/version22/c/build_ec
new file mode 100644
index 0000000..b5dc735
--- /dev/null
+++ b/version22/c/build_ec
@@ -0,0 +1,22 @@
+
+gcc -std=c99 -c -O3 big.c
+gcc -std=c99 -c -O3 fp.c
+gcc -std=c99 -c -O3 ecp.c
+gcc -std=c99 -c -O3 hash.c
+gcc -std=c99 -c -O3 rand.c
+gcc -std=c99 -c -O3 aes.c
+gcc -std=c99 -c -O3 gcm.c
+gcc -std=c99 -c -O3 oct.c
+gcc -std=c99 -c -O3 rom.c
+
+gcc -std=c99 -c -O3 ff.c
+
+rm amcl.a
+ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
+ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
+
+gcc -std=c99 -O3 testecdh.c ecdh.c randapi.c amcl.a -o testecdh
+gcc -std=c99 -O3 testrsa.c rsa.c randapi.c amcl.a -o testrsa
+gcc -std=c99 -O3 benchtest_ec.c rsa.c amcl.a -o benchtest_ec
+
+rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/build_ec.bat
----------------------------------------------------------------------
diff --git a/version22/c/build_ec.bat b/version22/c/build_ec.bat
new file mode 100644
index 0000000..a49fc25
--- /dev/null
+++ b/version22/c/build_ec.bat
@@ -0,0 +1,22 @@
+
+gcc -std=c99 -c -O3 big.c
+gcc -std=c99 -c -O3 fp.c
+gcc -std=c99 -c -O3 ecp.c
+gcc -std=c99 -c -O3 hash.c
+gcc -std=c99 -c -O3 rand.c
+gcc -std=c99 -c -O3 aes.c
+gcc -std=c99 -c -O3 gcm.c
+gcc -std=c99 -c -O3 oct.c
+gcc -std=c99 -c -O3 rom.c
+
+gcc -std=c99 -c -O3 ff.c
+
+del amcl.a
+ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
+ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
+
+gcc -std=c99 -O3 testecdh.c ecdh.c randapi.c amcl.a -o testecdh.exe
+gcc -std=c99 -O3 testrsa.c rsa.c randapi.c amcl.a -o testrsa.exe
+gcc -std=c99 -O3 benchtest_ec.c rsa.c amcl.a -o benchtest_ec.exe
+
+del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/build_pair
----------------------------------------------------------------------
diff --git a/version22/c/build_pair b/version22/c/build_pair
new file mode 100644
index 0000000..6b6bae2
--- /dev/null
+++ b/version22/c/build_pair
@@ -0,0 +1,27 @@
+
+gcc -std=c99 -c -O3 big.c
+gcc -std=c99 -c -O3 fp.c
+gcc -std=c99 -c -O3 ecp.c
+gcc -std=c99 -c -O3 hash.c
+gcc -std=c99 -c -O3 rand.c
+gcc -std=c99 -c -O3 aes.c
+gcc -std=c99 -c -O3 gcm.c
+gcc -std=c99 -c -O3 oct.c
+gcc -std=c99 -c -O3 rom.c
+
+gcc -std=c99 -c -O3 fp2.c
+gcc -std=c99 -c -O3 ecp2.c
+gcc -std=c99 -c -O3 fp4.c
+gcc -std=c99 -c -O3 fp12.c
+gcc -std=c99 -c -O3 pair.c
+
+rm amcl.a
+ar rc amcl.a big.o fp.o ecp.o hash.o
+ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
+
+ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
+
+gcc -std=c99 -O3 testmpin.c mpin.c randapi.c amcl.a -o testmpin
+gcc -std=c99 -O3 benchtest_pair.c amcl.a -o benchtest_pair
+
+rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/build_pair.bat
----------------------------------------------------------------------
diff --git a/version22/c/build_pair.bat b/version22/c/build_pair.bat
new file mode 100644
index 0000000..88b5daf
--- /dev/null
+++ b/version22/c/build_pair.bat
@@ -0,0 +1,27 @@
+
+gcc -std=c99 -c -O3 big.c
+gcc -std=c99 -c -O3 fp.c
+gcc -std=c99 -c -O3 ecp.c
+gcc -std=c99 -c -O3 hash.c
+gcc -std=c99 -c -O3 rand.c
+gcc -std=c99 -c -O3 aes.c
+gcc -std=c99 -c -O3 gcm.c
+gcc -std=c99 -c -O3 oct.c
+gcc -std=c99 -c -O3 rom.c
+
+gcc -std=c99 -c -O3 fp2.c
+gcc -std=c99 -c -O3 ecp2.c
+gcc -std=c99 -c -O3 fp4.c
+gcc -std=c99 -c -O3 fp12.c
+gcc -std=c99 -c -O3 pair.c
+
+del amcl.a
+ar rc amcl.a big.o fp.o ecp.o hash.o
+ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
+
+ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
+
+gcc -std=c99 -O3 testmpin.c mpin.c randapi.c amcl.a -o testmpin.exe
+gcc -std=c99 -O3 benchtest_pair.c amcl.a -o benchtest_pair.exe
+
+del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/ca.crt
----------------------------------------------------------------------
diff --git a/version22/c/ca.crt b/version22/c/ca.crt
new file mode 100644
index 0000000..e3ad02f
--- /dev/null
+++ b/version22/c/ca.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6zCCAtOgAwIBAgIJALJxywTGMUA7MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD
+VQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYD
+VQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQx
+JDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTAeFw0xNjA2MzAx
+NzQyNDFaFw0yMTA2MzAxNzQyNDFaMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwH
+SXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNV
+BAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1p
+a2Uuc2NvdHRAbWlyYWNsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAPCTPcPWgiI0ka5Czd0ZzW+gTaMEe9QW7FGu5+9fS6ALrCpdbxdwDX8+OQXZ
+uQJpLYEAIq1pDh3fVQguH/jUM9gQQrS2Lmz3KhXC/J3yv85FRotCGv13ztapMedT
+y2IxzbtPvoQQc+IAlUPX6DtD8JqBoAstrlQUnkMChKztMGR2OERdjNzXmXm+KMMP
+lZzk+EvRwCornVA+SB5QAWj7y/3ISFo0y1WG8ewoQEx3HQYrjXbQP1VTdiLW7dHP
+QP86XKoTMtTBEYWuFhKB9ClCeu4Qqqxqa9UPIVfdro7SoZScCt+OX4KhzLnOCFup
+oLxE+yTDhDpYcCcmI1yglCv9DpMCAwEAAaNQME4wHQYDVR0OBBYEFFH18YEMoxms
+7121N/nQ+Wm3b5smMB8GA1UdIwQYMBaAFFH18YEMoxms7121N/nQ+Wm3b5smMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALCUob0y2O4DSzsqG76yrtCx
+XWxDdgjSkHKzwFK62BzZK5EuCDJrVgCyoLX0SvYvoT9x0wtS+bxJ7TNEGn7Rkp5/
+iSQCUSF7sVRoHqzErk70xVKKDy5FS+zre8k08nJrtRg2u1PmY95NO1SE96BtUVLs
++8rQuqEX283tqlmqE/SF2+lxOb0WaVrya4oCJfj/XT83pRTcd5w9i7huWltMbKba
+gkmlQ/5q9Ayp/Jh1lLXmxr+/xEbZ2xEop/y+mgVF0vLxap7R5toBA0Yk7vvirlYv
+0hZGqGi5lBc9VeUqm1H/7XCi5xRU3AtJ4QRk4Z1xUa4qAPKfiqlPKd1dVe3Ah3w=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/eccert.pem
----------------------------------------------------------------------
diff --git a/version22/c/eccert.pem b/version22/c/eccert.pem
new file mode 100644
index 0000000..b9dfca5
--- /dev/null
+++ b/version22/c/eccert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZICCQCk9jKdJYtnjDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
+SUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwG
+TUlSQUNMMQ0wCwYDVQQLDARsYWJzMRMwEQYDVQQDDApNaWtlIFNjb3R0MSQwIgYJ
+KoZIhvcNAQkBFhVtaWtlLnNjb3R0QG1pcmFjbC5jb20wHhcNMTYwNjMwMTc0NjQ4
+WhcNMTYwNzMwMTc0NjQ4WjCBjDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxh
+bmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARs
+YWJzMRgwFgYDVQQDDA9LZWFsYW4gTWNDdXNrZXIxIDAeBgkqhkiG9w0BCQEWEWtl
+YWxhbkBtaXJhY2wuY29tMDkwFAYHKoZIzj0CAQYJKwYBBAHaRw8BAyEASiRQmhO9
+PP+SqodOhXYrnSlcyAOog63E6a4KLDFvAzEwDQYJKoZIhvcNAQELBQADggEBALBy
+fCM/EhdqWBrEnDHtH2/U8xr1eSylHdcfnDSDR+X6KXH5rIJ/397lZQMHB6QSsEiV
+rWzfFDFPPjDN3xEDsZw09ZTT+L8Wi5P3UKR1gtawQCx3ciKEywAU1CU2dV05gvye
+bqIsbFUyH7jOlj6/1hIx9zaiLcoEex6D55MYQuWo664HF3CNdJFk1k4HF+fclRhy
+l4iryp0F9p0Wl5vyn96kg0NwaBZG860oCWDHZsjRq1JeSSaRf9CKNXWbQwjByeEc
+DphpprqmoVcI60cC0TvZZm1x4y7vjCXLD6uCDw3P7fnSp40yce64+IKUr8/cS+QY
+us58KHdLaLXsojZHL3c=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/ecdh.c
----------------------------------------------------------------------
diff --git a/version22/c/ecdh.c b/version22/c/ecdh.c
new file mode 100644
index 0000000..74694f7
--- /dev/null
+++ b/version22/c/ecdh.c
@@ -0,0 +1,751 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* ECDH/ECIES/ECDSA Functions - see main program below */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <time.h>
+
+#include "ecdh.h"
+
+#define ROUNDUP(a,b) ((a)-1)/(b)+1
+
+/* general purpose hash function w=hash(p|n|x|y) */
+/* pad or truncate ouput to length pad if pad!=0 */
+static void hashit(int sha,octet *p,int n,octet *x,octet *w,int pad)
+{
+ int i,c[4],hlen;
+ hash256 sha256;
+ hash512 sha512;
+ char hh[64];
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_init(&sha256);
+ break;
+ case SHA384:
+ HASH384_init(&sha512);
+ break;
+ case SHA512:
+ HASH512_init(&sha512);
+ break;
+ }
+
+ hlen=sha;
+
+ for (i=0; i<p->len; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,p->val[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,p->val[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,p->val[i]);
+ break;
+ }
+ }
+ if (n>0)
+ {
+ c[0]=(n>>24)&0xff;
+ c[1]=(n>>16)&0xff;
+ c[2]=(n>>8)&0xff;
+ c[3]=(n)&0xff;
+ for (i=0; i<4; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,c[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,c[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,c[i]);
+ break;
+ }
+ }
+ }
+ if (x!=NULL) for (i=0; i<x->len; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,x->val[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,x->val[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,x->val[i]);
+ break;
+ }
+ }
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_hash(&sha256,hh);
+ break;
+ case SHA384:
+ HASH384_hash(&sha512,hh);
+ break;
+ case SHA512:
+ HASH512_hash(&sha512,hh);
+ break;
+ }
+
+ OCT_empty(w);
+ if (!pad)
+ OCT_jbytes(w,hh,hlen);
+ else
+ {
+ if (pad<=hlen)
+ OCT_jbytes(w,hh,pad);
+ else
+ {
+ OCT_jbytes(w,hh,hlen);
+ OCT_jbyte(w,0,pad-hlen);
+ }
+ }
+ return;
+}
+
+/* Hash octet p to octet w */
+void HASH(int sha,octet *p,octet *w)
+{
+ hashit(sha,p,-1,NULL,w,0);
+}
+
+/* Calculate HMAC of m using key k. HMAC is tag of length olen */
+int HMAC(int sha,octet *m,octet *k,int olen,octet *tag)
+{
+ /* Input is from an octet m *
+ * olen is requested output length in bytes. k is the key *
+ * The output is the calculated tag */
+ int hlen,b;
+ char h[128],k0[128];
+ octet H= {0,sizeof(h),h};
+ octet K0= {0,sizeof(k0),k0};
+
+ hlen=sha;
+ if (hlen>32) b=128;
+ else b=64;
+
+ if (olen<4 /*|| olen>hlen*/) return 0;
+
+ if (k->len > b) hashit(sha,k,-1,NULL,&K0,0);
+ else OCT_copy(&K0,k);
+
+ OCT_jbyte(&K0,0,b-K0.len);
+
+ OCT_xorbyte(&K0,0x36);
+
+ hashit(sha,&K0,-1,m,&H,0);
+
+ OCT_xorbyte(&K0,0x6a); /* 0x6a = 0x36 ^ 0x5c */
+ hashit(sha,&K0,-1,&H,&H,olen);
+
+ OCT_empty(tag);
+
+ OCT_jbytes(tag,H.val,olen);
+
+ return 1;
+}
+
+/* Key Derivation Functions */
+/* Input octet z */
+/* Output key of length olen */
+/*
+void KDF1(octet *z,int olen,octet *key)
+{
+ char h[32];
+ octet H={0,sizeof(h),h};
+ int counter,cthreshold;
+ int hlen=32;
+
+ OCT_empty(key);
+
+ cthreshold=ROUNDUP(olen,hlen);
+
+ for (counter=0;counter<cthreshold;counter++)
+ {
+ hashit(z,counter,NULL,NULL,&H);
+ if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
+ else OCT_joctet(key,&H);
+ }
+}
+*/
+void KDF2(int sha,octet *z,octet *p,int olen,octet *key)
+{
+ /* NOTE: the parameter olen is the length of the output k in bytes */
+ char h[64];
+ octet H= {0,sizeof(h),h};
+ int counter,cthreshold;
+ int hlen=sha;
+
+ OCT_empty(key);
+
+ cthreshold=ROUNDUP(olen,hlen);
+
+ for (counter=1; counter<=cthreshold; counter++)
+ {
+ hashit(sha,z,counter,p,&H,0);
+ if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
+ else OCT_joctet(key,&H);
+ }
+
+}
+
+/* Password based Key Derivation Function */
+/* Input password p, salt s, and repeat count */
+/* Output key of length olen */
+void PBKDF2(int sha,octet *p,octet *s,int rep,int olen,octet *key)
+{
+ int i,j,len,d=ROUNDUP(olen,sha);
+ char f[64],u[64]; /*****/
+ octet F= {0,sizeof(f),f};
+ octet U= {0,sizeof(u),u};
+ OCT_empty(key);
+
+ for (i=1; i<=d; i++)
+ {
+ len=s->len;
+ OCT_jint(s,i,4);
+
+ HMAC(sha,s,p,sha,&F); /* sha not EFS */
+
+ s->len=len;
+ OCT_copy(&U,&F);
+ for (j=2; j<=rep; j++)
+ {
+ HMAC(sha,&U,p,sha,&U); /* sha not EFS */
+ OCT_xor(&F,&U);
+ }
+
+ OCT_joctet(key,&F);
+ }
+
+ OCT_chop(key,NULL,olen);
+}
+
+/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
+void AES_CBC_IV0_ENCRYPT(octet *k,octet *m,octet *c)
+{
+ /* AES CBC encryption, with Null IV and key k */
+ /* Input is from an octet string m, output is to an octet string c */
+ /* Input is padded as necessary to make up a full final block */
+ amcl_aes a;
+ int fin;
+ int i,j,ipt,opt;
+ char buff[16];
+ int padlen;
+
+ OCT_clear(c);
+ if (m->len==0) return;
+ AES_init(&a,CBC,k->len,k->val,NULL);
+
+ ipt=opt=0;
+ fin=0;
+ for(;;)
+ {
+ for (i=0; i<16; i++)
+ {
+ if (ipt<m->len) buff[i]=m->val[ipt++];
+ else
+ {
+ fin=1;
+ break;
+ }
+ }
+ if (fin) break;
+ AES_encrypt(&a,buff);
+ for (i=0; i<16; i++)
+ if (opt<c->max) c->val[opt++]=buff[i];
+ }
+
+ /* last block, filled up to i-th index */
+
+ padlen=16-i;
+ for (j=i; j<16; j++) buff[j]=padlen;
+ AES_encrypt(&a,buff);
+ for (i=0; i<16; i++)
+ if (opt<c->max) c->val[opt++]=buff[i];
+ AES_end(&a);
+ c->len=opt;
+}
+
+/* decrypts and returns TRUE if all consistent, else returns FALSE */
+int AES_CBC_IV0_DECRYPT(octet *k,octet *c,octet *m)
+{
+ /* padding is removed */
+ amcl_aes a;
+ int i,ipt,opt,ch;
+ char buff[16];
+ int fin,bad;
+ int padlen;
+ ipt=opt=0;
+
+ OCT_clear(m);
+ if (c->len==0) return 1;
+ ch=c->val[ipt++];
+
+ AES_init(&a,CBC,k->len,k->val,NULL);
+ fin=0;
+
+ for(;;)
+ {
+ for (i=0; i<16; i++)
+ {
+ buff[i]=ch;
+ if (ipt>=c->len)
+ {
+ fin=1;
+ break;
+ }
+ else ch=c->val[ipt++];
+ }
+ AES_decrypt(&a,buff);
+ if (fin) break;
+ for (i=0; i<16; i++)
+ if (opt<m->max) m->val[opt++]=buff[i];
+ }
+ AES_end(&a);
+ bad=0;
+ padlen=buff[15];
+ if (i!=15 || padlen<1 || padlen>16) bad=1;
+ if (padlen>=2 && padlen<=16)
+ for (i=16-padlen; i<16; i++) if (buff[i]!=padlen) bad=1;
+
+ if (!bad) for (i=0; i<16-padlen; i++)
+ if (opt<m->max) m->val[opt++]=buff[i];
+
+ m->len=opt;
+ if (bad) return 0;
+ return 1;
+}
+
+/* Calculate a public/private EC GF(p) key pair. W=S.G mod EC(p),
+ * where S is the secret key and W is the public key
+ * and G is fixed generator.
+ * If RNG is NULL then the private key is provided externally in S
+ * otherwise it is generated randomly internally */
+int ECP_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W)
+{
+ BIG r,gx,s;
+ ECP G;
+ int res=0;
+ BIG_rcopy(gx,CURVE_Gx);
+
+#if CURVETYPE!=MONTGOMERY
+ BIG gy;
+ BIG_rcopy(gy,CURVE_Gy);
+ ECP_set(&G,gx,gy);
+#else
+ ECP_set(&G,gx);
+#endif
+
+ BIG_rcopy(r,CURVE_Order);
+ if (RNG!=NULL)
+ {
+ BIG_randomnum(s,r,RNG);
+ }
+ else
+ {
+ BIG_fromBytes(s,S->val);
+ BIG_mod(s,r);
+ }
+
+#ifdef AES_S
+ BIG_mod2m(s,2*AES_S);
+// BIG_toBytes(S->val,s);
+#endif
+
+ ECP_mul(&G,s);
+#if CURVETYPE!=MONTGOMERY
+ ECP_get(gx,gy,&G);
+#else
+ ECP_get(gx,&G);
+ /*
+ ECP_rhs(gy,gx);
+ FP_sqrt(gy,gy);
+ FP_neg(gy,gy);
+ FP_inv(gy,gy);
+ FP_mul(r,gx,gy);
+ FP_reduce(r);
+
+ BIG_zero(gy);
+ BIG_inc(gy,486664);
+ FP_neg(gy,gy);
+ FP_sqrt(gy,gy);
+ FP_reduce(gy);
+ FP_mul(r,r,gy);
+ FP_reduce(r);
+
+ printf("x= "); BIG_output(r); printf("\n");
+
+ BIG_copy(r,gx);
+ BIG_dec(r,1);
+ BIG_copy(gy,gx);
+ BIG_inc(gy,1);
+ FP_inv(gy,gy);
+ FP_mul(r,r,gy);
+ FP_reduce(r);
+
+ printf("y= "); BIG_output(r); printf("\n");
+
+ BIG_zero(r);
+ BIG_inc(r,121665);
+ BIG_zero(gy);
+ BIG_inc(gy,121666);
+ FP_inv(gy,gy);
+ FP_mul(r,r,gy);
+ FP_neg(r,r);
+ FP_reduce(r);
+
+ printf("d= "); BIG_output(r); printf("\n");
+ */
+
+#endif
+
+ S->len=EGS;
+ BIG_toBytes(S->val,s);
+
+#if CURVETYPE!=MONTGOMERY
+ W->len=2*EFS+1;
+ W->val[0]=4;
+ BIG_toBytes(&(W->val[1]),gx);
+ BIG_toBytes(&(W->val[EFS+1]),gy);
+#else
+ W->len=EFS+1;
+ W->val[0]=2;
+ BIG_toBytes(&(W->val[1]),gx);
+#endif
+
+ return res;
+}
+
+/* validate public key. Set full=true for fuller check */
+int ECP_PUBLIC_KEY_VALIDATE(int full,octet *W)
+{
+ BIG q,r,wx;
+ ECP WP;
+ int valid;
+ int res=0;
+
+ BIG_rcopy(q,Modulus);
+ BIG_rcopy(r,CURVE_Order);
+
+ BIG_fromBytes(wx,&(W->val[1]));
+ if (BIG_comp(wx,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
+#if CURVETYPE!=MONTGOMERY
+ BIG wy;
+ BIG_fromBytes(wy,&(W->val[EFS+1]));
+ if (BIG_comp(wy,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
+#endif
+ if (res==0)
+ {
+
+#if CURVETYPE!=MONTGOMERY
+ valid=ECP_set(&WP,wx,wy);
+#else
+ valid=ECP_set(&WP,wx);
+#endif
+ if (!valid || ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
+ if (res==0 && full)
+ {
+
+ ECP_mul(&WP,r);
+ if (!ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
+ }
+ }
+
+ return res;
+}
+
+/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
+int ECPSVDP_DH(octet *S,octet *WD,octet *Z)
+{
+ BIG r,s,wx;
+ int valid;
+ ECP W;
+ int res=0;
+
+ BIG_fromBytes(s,S->val);
+
+ BIG_fromBytes(wx,&(WD->val[1]));
+#if CURVETYPE!=MONTGOMERY
+ BIG wy;
+ BIG_fromBytes(wy,&(WD->val[EFS+1]));
+ valid=ECP_set(&W,wx,wy);
+#else
+ valid=ECP_set(&W,wx);
+#endif
+ if (!valid) res=ECDH_ERROR;
+ if (res==0)
+ {
+ BIG_rcopy(r,CURVE_Order);
+ BIG_mod(s,r);
+
+ ECP_mul(&W,s);
+ if (ECP_isinf(&W)) res=ECDH_ERROR;
+ else
+ {
+#if CURVETYPE!=MONTGOMERY
+ ECP_get(wx,wx,&W);
+#else
+ ECP_get(wx,&W);
+#endif
+ Z->len=MODBYTES;
+ BIG_toBytes(Z->val,wx);
+ }
+ }
+ return res;
+}
+
+#if CURVETYPE!=MONTGOMERY
+
+/* IEEE ECDSA Signature, C and D are signature on F using private key S */
+int ECPSP_DSA(int sha,csprng *RNG,octet *K,octet *S,octet *F,octet *C,octet *D)
+{
+ char h[128];
+ octet H= {0,sizeof(h),h};
+
+ BIG gx,gy,r,s,f,c,d,u,vx,w;
+ ECP G,V;
+
+ hashit(sha,F,-1,NULL,&H,sha);
+ BIG_rcopy(gx,CURVE_Gx);
+ BIG_rcopy(gy,CURVE_Gy);
+ BIG_rcopy(r,CURVE_Order);
+
+ BIG_fromBytes(s,S->val);
+
+ int hlen=H.len;
+ if (H.len>MODBYTES) hlen=MODBYTES;
+ BIG_fromBytesLen(f,H.val,hlen);
+
+ ECP_set(&G,gx,gy);
+
+ do
+ {
+ if (RNG!=NULL)
+ {
+ BIG_randomnum(u,r,RNG);
+ BIG_randomnum(w,r,RNG); /* randomize calculation */
+ }
+ else
+ {
+ BIG_fromBytes(u,K->val);
+ BIG_mod(u,r);
+ }
+
+#ifdef AES_S
+ BIG_mod2m(u,2*AES_S);
+#endif
+ ECP_copy(&V,&G);
+ ECP_mul(&V,u);
+
+ ECP_get(vx,vx,&V);
+
+ BIG_copy(c,vx);
+ BIG_mod(c,r);
+ if (BIG_iszilch(c)) continue;
+ if (RNG!=NULL)
+ {
+ BIG_modmul(u,u,w,r);
+ }
+
+ BIG_invmodp(u,u,r);
+ BIG_modmul(d,s,c,r);
+
+ BIG_add(d,f,d);
+ if (RNG!=NULL)
+ {
+ BIG_modmul(d,d,w,r);
+ }
+
+ BIG_modmul(d,u,d,r);
+
+ }
+ while (BIG_iszilch(d));
+
+ C->len=D->len=EGS;
+
+ BIG_toBytes(C->val,c);
+ BIG_toBytes(D->val,d);
+
+ return 0;
+}
+
+/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
+int ECPVP_DSA(int sha,octet *W,octet *F, octet *C,octet *D)
+{
+ char h[128];
+ octet H= {0,sizeof(h),h};
+
+ BIG r,gx,gy,wx,wy,f,c,d,h2;
+ int res=0;
+ ECP G,WP;
+ int valid;
+
+ hashit(sha,F,-1,NULL,&H,sha);
+ BIG_rcopy(gx,CURVE_Gx);
+ BIG_rcopy(gy,CURVE_Gy);
+ BIG_rcopy(r,CURVE_Order);
+
+ OCT_shl(C,C->len-MODBYTES);
+ OCT_shl(D,D->len-MODBYTES);
+
+ BIG_fromBytes(c,C->val);
+ BIG_fromBytes(d,D->val);
+
+ int hlen=H.len;
+ if (hlen>MODBYTES) hlen=MODBYTES;
+
+ BIG_fromBytesLen(f,H.val,hlen);
+
+ //BIG_fromBytes(f,H.val);
+
+ if (BIG_iszilch(c) || BIG_comp(c,r)>=0 || BIG_iszilch(d) || BIG_comp(d,r)>=0)
+ res=ECDH_INVALID;
+
+ if (res==0)
+ {
+ BIG_invmodp(d,d,r);
+ BIG_modmul(f,f,d,r);
+ BIG_modmul(h2,c,d,r);
+
+ ECP_set(&G,gx,gy);
+
+ BIG_fromBytes(wx,&(W->val[1]));
+ BIG_fromBytes(wy,&(W->val[EFS+1]));
+
+ valid=ECP_set(&WP,wx,wy);
+
+ if (!valid) res=ECDH_ERROR;
+ else
+ {
+ ECP_mul2(&WP,&G,h2,f);
+
+ if (ECP_isinf(&WP)) res=ECDH_INVALID;
+ else
+ {
+ ECP_get(d,d,&WP);
+ BIG_mod(d,r);
+ if (BIG_comp(d,c)!=0) res=ECDH_INVALID;
+ }
+ }
+ }
+
+ return res;
+}
+
+/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
+void ECP_ECIES_ENCRYPT(int sha,octet *P1,octet *P2,csprng *RNG,octet *W,octet *M,int tlen,octet *V,octet *C,octet *T)
+{
+
+ int i,len;
+ char z[EFS],vz[3*EFS+1],k[2*EAS],k1[EAS],k2[EAS],l2[8],u[EFS];
+ octet Z= {0,sizeof(z),z};
+ octet VZ= {0,sizeof(vz),vz};
+ octet K= {0,sizeof(k),k};
+ octet K1= {0,sizeof(k1),k1};
+ octet K2= {0,sizeof(k2),k2};
+ octet L2= {0,sizeof(l2),l2};
+ octet U= {0,sizeof(u),u};
+
+ if (ECP_KEY_PAIR_GENERATE(RNG,&U,V)!=0) return;
+ if (ECPSVDP_DH(&U,W,&Z)!=0) return;
+
+ OCT_copy(&VZ,V);
+ OCT_joctet(&VZ,&Z);
+
+ KDF2(sha,&VZ,P1,2*EAS,&K);
+
+ K1.len=K2.len=EAS;
+ for (i=0; i<EAS; i++)
+ {
+ K1.val[i]=K.val[i];
+ K2.val[i]=K.val[EAS+i];
+ }
+
+ AES_CBC_IV0_ENCRYPT(&K1,M,C);
+
+ OCT_jint(&L2,P2->len,8);
+
+ len=C->len;
+ OCT_joctet(C,P2);
+ OCT_joctet(C,&L2);
+ HMAC(sha,C,&K2,tlen,T);
+ C->len=len;
+}
+
+/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
+int ECP_ECIES_DECRYPT(int sha,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M)
+{
+
+ int i,len;
+ char z[EFS],vz[3*EFS+1],k[2*EAS],k1[EAS],k2[EAS],l2[8],tag[32];
+ octet Z= {0,sizeof(z),z};
+ octet VZ= {0,sizeof(vz),vz};
+ octet K= {0,sizeof(k),k};
+ octet K1= {0,sizeof(k1),k1};
+ octet K2= {0,sizeof(k2),k2};
+ octet L2= {0,sizeof(l2),l2};
+ octet TAG= {0,sizeof(tag),tag};
+
+ if (ECPSVDP_DH(U,V,&Z)!=0) return 0;
+
+ OCT_copy(&VZ,V);
+ OCT_joctet(&VZ,&Z);
+
+ KDF2(sha,&VZ,P1,EFS,&K);
+
+ K1.len=K2.len=EAS;
+ for (i=0; i<EAS; i++)
+ {
+ K1.val[i]=K.val[i];
+ K2.val[i]=K.val[EAS+i];
+ }
+
+ if (!AES_CBC_IV0_DECRYPT(&K1,C,M)) return 0;
+
+ OCT_jint(&L2,P2->len,8);
+
+ len=C->len;
+ OCT_joctet(C,P2);
+ OCT_joctet(C,&L2);
+ HMAC(sha,C,&K2,T->len,&TAG);
+ C->len=len;
+
+ if (!OCT_comp(T,&TAG)) return 0;
+
+ return 1;
+
+}
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/ecdh.h
----------------------------------------------------------------------
diff --git a/version22/c/ecdh.h b/version22/c/ecdh.h
new file mode 100644
index 0000000..7d0536b
--- /dev/null
+++ b/version22/c/ecdh.h
@@ -0,0 +1,206 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/**
+ * @file ecdh.h
+ * @author Mike Scott and Kealan McCusker
+ * @date 2nd June 2015
+ * @brief ECDH Header file for implementation of standard EC protocols
+ *
+ * declares functions
+ *
+ */
+
+#ifndef ECDH_H
+#define ECDH_H
+
+#include "amcl.h"
+
+#define EAS 16 /**< Symmetric Key size - 128 bits */
+#define EGS MODBYTES /**< ECC Group Size in bytes */
+#define EFS MODBYTES /**< ECC Field Size in bytes */
+
+#define HASH_TYPE_ECC SHA256 /**< Hash type */
+
+#define ECDH_OK 0 /**< Function completed without error */
+/*#define ECDH_DOMAIN_ERROR -1*/
+#define ECDH_INVALID_PUBLIC_KEY -2 /**< Public Key is Invalid */
+#define ECDH_ERROR -3 /**< ECDH Internal Error */
+#define ECDH_INVALID -4 /**< ECDH Internal Error */
+/*#define ECDH_DOMAIN_NOT_FOUND -5
+#define ECDH_OUT_OF_MEMORY -6
+#define ECDH_DIV_BY_ZERO -7
+#define ECDH_BAD_ASSUMPTION -8*/
+
+/* ECDH Auxiliary Functions */
+
+
+/** @brief hash an octet into another octet
+ *
+ @param h is the hash type
+ @param I input octet
+ @param O output octet - H(I)
+ */
+extern void HASH(int h,octet *I,octet *O);
+/** @brief HMAC of message M using key K to create tag of length len in octet tag
+ *
+ IEEE-1363 MAC1 function. Uses SHA256 internally.
+ @param h is the hash type
+ @param M input message octet
+ @param K input encryption key
+ @param len is output desired length of HMAC tag
+ @param tag is the output HMAC
+ @return 0 for bad parameters, else 1
+ */
+extern int HMAC(int h,octet *M,octet *K,int len,octet *tag);
+
+/*extern void KDF1(octet *,int,octet *);*/
+
+/** @brief Key Derivation Function - generates key K from inputs Z and P
+ *
+ IEEE-1363 KDF2 Key Derivation Function. Uses SHA256 internally.
+ @param h is the hash type
+ @param Z input octet
+ @param P input key derivation parameters - can be NULL
+ @param len is output desired length of key
+ @param K is the derived key
+ */
+extern void KDF2(int h,octet *Z,octet *P,int len,octet *K);
+/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
+ *
+ PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
+ @param h is the hash type
+ @param P input password
+ @param S input salt
+ @param rep Number of times to be iterated.
+ @param len is output desired length
+ @param K is the derived key
+ */
+extern void PBKDF2(int h,octet *P,octet *S,int rep,int len,octet *K);
+/** @brief AES encrypts a plaintext to a ciphtertext
+ *
+ IEEE-1363 AES_CBC_IV0_ENCRYPT function. Encrypts in CBC mode with a zero IV, padding as necessary to create a full final block.
+ @param K AES key
+ @param P input plaintext octet
+ @param C output ciphertext octet
+ */
+extern void AES_CBC_IV0_ENCRYPT(octet *K,octet *P,octet *C);
+/** @brief AES encrypts a plaintext to a ciphtertext
+ *
+ IEEE-1363 AES_CBC_IV0_DECRYPT function. Decrypts in CBC mode with a zero IV.
+ @param K AES key
+ @param C input ciphertext octet
+ @param P output plaintext octet
+ @return 0 if bad input, else 1
+ */
+extern int AES_CBC_IV0_DECRYPT(octet *K,octet *C,octet *P);
+
+/* ECDH primitives - support functions */
+/** @brief Generate an ECC public/private key pair
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ @param W the output public key, which is s.G, where G is a fixed generator
+ @return 0 or an error code
+ */
+extern int ECP_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
+/** @brief Validate an ECC public key
+ *
+ @param f if = 0 just does some simple checks, else tests that W is of the correct order
+ @param W the input public key to be validated
+ @return 0 if public key is OK, or an error code
+ */
+extern int ECP_PUBLIC_KEY_VALIDATE(int f,octet *W);
+
+/* ECDH primitives */
+
+/** @brief Generate Diffie-Hellman shared key
+ *
+ IEEE-1363 Diffie-Hellman shared secret calculation
+ @param s is the input private key,
+ @param W the input public key of the other party
+ @param K the output shared key, in fact the x-coordinate of s.W
+ @return 0 or an error code
+ */
+extern int ECPSVDP_DH(octet *s,octet *W,octet *K);
+/*extern int ECPSVDP_DHC(octet *,octet *,int,octet *);*/
+
+/*#if CURVETYPE!=MONTGOMERY */
+/* ECIES functions */
+/*#if CURVETYPE!=MONTGOMERY */
+/* ECIES functions */
+/** @brief ECIES Encryption
+ *
+ IEEE-1363 ECIES Encryption
+ @param h is the hash type
+ @param P1 input Key Derivation parameters
+ @param P2 input Encoding parameters
+ @param R is a pointer to a cryptographically secure random number generator
+ @param W the input public key of the recieving party
+ @param M is the plaintext message to be encrypted
+ @param len the length of the HMAC tag
+ @param V component of the output ciphertext
+ @param C the output ciphertext
+ @param T the output HMAC tag, part of the ciphertext
+ */
+extern void ECP_ECIES_ENCRYPT(int h,octet *P1,octet *P2,csprng *R,octet *W,octet *M,int len,octet *V,octet *C,octet *T);
+/** @brief ECIES Decryption
+ *
+ IEEE-1363 ECIES Decryption
+ @param h is the hash type
+ @param P1 input Key Derivation parameters
+ @param P2 input Encoding parameters
+ @param V component of the input ciphertext
+ @param C the input ciphertext
+ @param T the input HMAC tag, part of the ciphertext
+ @param U the input private key for decryption
+ @param M the output plaintext message
+ @return 1 if successful, else 0
+ */
+extern int ECP_ECIES_DECRYPT(int h,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M);
+
+/* ECDSA functions */
+/** @brief ECDSA Signature
+ *
+ IEEE-1363 ECDSA Signature
+ @param h is the hash type
+ @param R is a pointer to a cryptographically secure random number generator
+ @param k Ephemeral key. This value is used when R=NULL
+ @param s the input private signing key
+ @param M the input message to be signed
+ @param c component of the output signature
+ @param d component of the output signature
+
+ */
+extern int ECPSP_DSA(int h,csprng *R,octet *k,octet *s,octet *M,octet *c,octet *d);
+/** @brief ECDSA Signature Verification
+ *
+ IEEE-1363 ECDSA Signature Verification
+ @param h is the hash type
+ @param W the input public key
+ @param M the input message
+ @param c component of the input signature
+ @param d component of the input signature
+ @return 0 or an error code
+ */
+extern int ECPVP_DSA(int h,octet *W,octet *M,octet *c,octet *d);
+/*#endif*/
+
+#endif
+
[37/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/Doxyfile.in
----------------------------------------------------------------------
diff --git a/docs/Doxyfile.in b/docs/Doxyfile.in
deleted file mode 100644
index 0150171..0000000
--- a/docs/Doxyfile.in
+++ /dev/null
@@ -1,1796 +0,0 @@
-# Doxyfile 1.8.1.1
-
-# This file describes the settings to be used by the documentation system
-# doxygen (www.doxygen.org) for a project.
-#
-# All text after a hash (#) is considered a comment and will be ignored.
-# The format is:
-# TAG = value [value, ...]
-# For lists items can also be appended using:
-# TAG += value [value, ...]
-# Values that contain spaces should be placed between quotes (" ").
-
-#---------------------------------------------------------------------------
-# Project related configuration options
-#---------------------------------------------------------------------------
-
-# This tag specifies the encoding used for all characters in the config file
-# that follow. The default is UTF-8 which is also the encoding used for all
-# text before the first occurrence of this tag. Doxygen uses libiconv (or the
-# iconv built into libc) for the transcoding. See
-# http://www.gnu.org/software/libiconv for the list of possible encodings.
-
-DOXYFILE_ENCODING = UTF-8
-
-# The PROJECT_NAME tag is a single word (or sequence of words) that should
-# identify the project. Note that if you do not use Doxywizard you need
-# to put quotes around the project name if it contains spaces.
-
-PROJECT_NAME = "AMCL"
-
-# The PROJECT_NUMBER tag can be used to enter a project or revision number.
-# This could be handy for archiving the generated documentation or
-# if some version control system is used.
-
-PROJECT_NUMBER =
-
-# Using the PROJECT_BRIEF tag one can provide an optional one line description
-# for a project that appears at the top of each page and should give viewer
-# a quick idea about the purpose of the project. Keep the description short.
-
-PROJECT_BRIEF =
-
-# With the PROJECT_LOGO tag one can specify an logo or icon that is
-# included in the documentation. The maximum height of the logo should not
-# exceed 55 pixels and the maximum width should not exceed 200 pixels.
-# Doxygen will copy the logo to the output directory.
-
-PROJECT_LOGO =
-
-# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
-# base path where the generated documentation will be put.
-# If a relative path is entered, it will be relative to the location
-# where doxygen was started. If left blank the current directory will be used.
-
-OUTPUT_DIRECTORY =
-
-# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
-# 4096 sub-directories (in 2 levels) under the output directory of each output
-# format and will distribute the generated files over these directories.
-# Enabling this option can be useful when feeding doxygen a huge amount of
-# source files, where putting all generated files in the same directory would
-# otherwise cause performance problems for the file system.
-
-CREATE_SUBDIRS = NO
-
-# The OUTPUT_LANGUAGE tag is used to specify the language in which all
-# documentation generated by doxygen is written. Doxygen will use this
-# information to generate all constant output in the proper language.
-# The default language is English, other supported languages are:
-# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
-# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German,
-# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English
-# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian,
-# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrillic, Slovak,
-# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
-
-OUTPUT_LANGUAGE = English
-
-# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
-# include brief member descriptions after the members that are listed in
-# the file and class documentation (similar to JavaDoc).
-# Set to NO to disable this.
-
-BRIEF_MEMBER_DESC = YES
-
-# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
-# the brief description of a member or function before the detailed description.
-# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
-# brief descriptions will be completely suppressed.
-
-REPEAT_BRIEF = NO
-
-# This tag implements a quasi-intelligent brief description abbreviator
-# that is used to form the text in various listings. Each string
-# in this list, if found as the leading text of the brief description, will be
-# stripped from the text and the result after processing the whole list, is
-# used as the annotated text. Otherwise, the brief description is used as-is.
-# If left blank, the following values are used ("$name" is automatically
-# replaced with the name of the entity): "The $name class" "The $name widget"
-# "The $name file" "is" "provides" "specifies" "contains"
-# "represents" "a" "an" "the"
-
-ABBREVIATE_BRIEF =
-
-# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
-# Doxygen will generate a detailed section even if there is only a brief
-# description.
-
-ALWAYS_DETAILED_SEC = NO
-
-# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
-# inherited members of a class in the documentation of that class as if those
-# members were ordinary class members. Constructors, destructors and assignment
-# operators of the base classes will not be shown.
-
-INLINE_INHERITED_MEMB = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
-# path before files name in the file list and in the header files. If set
-# to NO the shortest path that makes the file name unique will be used.
-
-FULL_PATH_NAMES = NO
-
-# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
-# can be used to strip a user-defined part of the path. Stripping is
-# only done if one of the specified strings matches the left-hand part of
-# the path. The tag can be used to show relative paths in the file list.
-# If left blank the directory from which doxygen is run is used as the
-# path to strip.
-
-STRIP_FROM_PATH =
-
-# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
-# the path mentioned in the documentation of a class, which tells
-# the reader which header file to include in order to use a class.
-# If left blank only the name of the header file containing the class
-# definition is used. Otherwise one should specify the include paths that
-# are normally passed to the compiler using the -I flag.
-
-STRIP_FROM_INC_PATH =
-
-# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
-# (but less readable) file names. This can be useful if your file system
-# doesn't support long names like on DOS, Mac, or CD-ROM.
-
-SHORT_NAMES = NO
-
-# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
-# will interpret the first line (until the first dot) of a JavaDoc-style
-# comment as the brief description. If set to NO, the JavaDoc
-# comments will behave just like regular Qt-style comments
-# (thus requiring an explicit @brief command for a brief description.)
-
-JAVADOC_AUTOBRIEF = NO
-
-# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
-# interpret the first line (until the first dot) of a Qt-style
-# comment as the brief description. If set to NO, the comments
-# will behave just like regular Qt-style comments (thus requiring
-# an explicit \brief command for a brief description.)
-
-QT_AUTOBRIEF = NO
-
-# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
-# treat a multi-line C++ special comment block (i.e. a block of //! or ///
-# comments) as a brief description. This used to be the default behaviour.
-# The new default is to treat a multi-line C++ comment block as a detailed
-# description. Set this tag to YES if you prefer the old behaviour instead.
-
-MULTILINE_CPP_IS_BRIEF = NO
-
-# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
-# member inherits the documentation from any documented member that it
-# re-implements.
-
-INHERIT_DOCS = YES
-
-# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
-# a new page for each member. If set to NO, the documentation of a member will
-# be part of the file/class/namespace that contains it.
-
-SEPARATE_MEMBER_PAGES = NO
-
-# The TAB_SIZE tag can be used to set the number of spaces in a tab.
-# Doxygen uses this value to replace tabs by spaces in code fragments.
-
-TAB_SIZE = 8
-
-# This tag can be used to specify a number of aliases that acts
-# as commands in the documentation. An alias has the form "name=value".
-# For example adding "sideeffect=\par Side Effects:\n" will allow you to
-# put the command \sideeffect (or @sideeffect) in the documentation, which
-# will result in a user-defined paragraph with heading "Side Effects:".
-# You can put \n's in the value part of an alias to insert newlines.
-
-ALIASES =
-
-# This tag can be used to specify a number of word-keyword mappings (TCL only).
-# A mapping has the form "name=value". For example adding
-# "class=itcl::class" will allow you to use the command class in the
-# itcl::class meaning.
-
-TCL_SUBST =
-
-# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
-# sources only. Doxygen will then generate output that is more tailored for C.
-# For instance, some of the names that are used will be different. The list
-# of all members will be omitted, etc.
-
-OPTIMIZE_OUTPUT_FOR_C = YES
-
-# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
-# sources only. Doxygen will then generate output that is more tailored for
-# Java. For instance, namespaces will be presented as packages, qualified
-# scopes will look different, etc.
-
-OPTIMIZE_OUTPUT_JAVA = NO
-
-# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
-# sources only. Doxygen will then generate output that is more tailored for
-# Fortran.
-
-OPTIMIZE_FOR_FORTRAN = NO
-
-# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
-# sources. Doxygen will then generate output that is tailored for
-# VHDL.
-
-OPTIMIZE_OUTPUT_VHDL = NO
-
-# Doxygen selects the parser to use depending on the extension of the files it
-# parses. With this tag you can assign which parser to use for a given extension.
-# Doxygen has a built-in mapping, but you can override or extend it using this
-# tag. The format is ext=language, where ext is a file extension, and language
-# is one of the parsers supported by doxygen: IDL, Java, Javascript, CSharp, C,
-# C++, D, PHP, Objective-C, Python, Fortran, VHDL, C, C++. For instance to make
-# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C
-# (default is Fortran), use: inc=Fortran f=C. Note that for custom extensions
-# you also need to set FILE_PATTERNS otherwise the files are not read by doxygen.
-
-EXTENSION_MAPPING =
-
-# If MARKDOWN_SUPPORT is enabled (the default) then doxygen pre-processes all
-# comments according to the Markdown format, which allows for more readable
-# documentation. See http://daringfireball.net/projects/markdown/ for details.
-# The output of markdown processing is further processed by doxygen, so you
-# can mix doxygen, HTML, and XML commands with Markdown formatting.
-# Disable only in case of backward compatibilities issues.
-
-MARKDOWN_SUPPORT = YES
-
-# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
-# to include (a tag file for) the STL sources as input, then you should
-# set this tag to YES in order to let doxygen match functions declarations and
-# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
-# func(std::string) {}). This also makes the inheritance and collaboration
-# diagrams that involve STL classes more complete and accurate.
-
-BUILTIN_STL_SUPPORT = NO
-
-# If you use Microsoft's C++/CLI language, you should set this option to YES to
-# enable parsing support.
-
-CPP_CLI_SUPPORT = NO
-
-# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
-# Doxygen will parse them like normal C++ but will assume all classes use public
-# instead of private inheritance when no explicit protection keyword is present.
-
-SIP_SUPPORT = NO
-
-# For Microsoft's IDL there are propget and propput attributes to indicate getter
-# and setter methods for a property. Setting this option to YES (the default)
-# will make doxygen replace the get and set methods by a property in the
-# documentation. This will only work if the methods are indeed getting or
-# setting a simple type. If this is not the case, or you want to show the
-# methods anyway, you should set this option to NO.
-
-IDL_PROPERTY_SUPPORT = YES
-
-# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
-# tag is set to YES, then doxygen will reuse the documentation of the first
-# member in the group (if any) for the other members of the group. By default
-# all members of a group must be documented explicitly.
-
-DISTRIBUTE_GROUP_DOC = NO
-
-# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
-# the same type (for instance a group of public functions) to be put as a
-# subgroup of that type (e.g. under the Public Functions section). Set it to
-# NO to prevent subgrouping. Alternatively, this can be done per class using
-# the \nosubgrouping command.
-
-SUBGROUPING = YES
-
-# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and
-# unions are shown inside the group in which they are included (e.g. using
-# @ingroup) instead of on a separate page (for HTML and Man pages) or
-# section (for LaTeX and RTF).
-
-INLINE_GROUPED_CLASSES = NO
-
-# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and
-# unions with only public data fields will be shown inline in the documentation
-# of the scope in which they are defined (i.e. file, namespace, or group
-# documentation), provided this scope is documented. If set to NO (the default),
-# structs, classes, and unions are shown on a separate page (for HTML and Man
-# pages) or section (for LaTeX and RTF).
-
-INLINE_SIMPLE_STRUCTS = NO
-
-# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
-# is documented as struct, union, or enum with the name of the typedef. So
-# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
-# with name TypeT. When disabled the typedef will appear as a member of a file,
-# namespace, or class. And the struct will be named TypeS. This can typically
-# be useful for C code in case the coding convention dictates that all compound
-# types are typedef'ed and only the typedef is referenced, never the tag name.
-
-TYPEDEF_HIDES_STRUCT = NO
-
-# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to
-# determine which symbols to keep in memory and which to flush to disk.
-# When the cache is full, less often used symbols will be written to disk.
-# For small to medium size projects (<1000 input files) the default value is
-# probably good enough. For larger projects a too small cache size can cause
-# doxygen to be busy swapping symbols to and from disk most of the time
-# causing a significant performance penalty.
-# If the system has enough physical memory increasing the cache will improve the
-# performance by keeping more symbols in memory. Note that the value works on
-# a logarithmic scale so increasing the size by one will roughly double the
-# memory usage. The cache size is given by this formula:
-# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
-# corresponding to a cache size of 2^16 = 65536 symbols.
-
-# SYMBOL_CACHE_SIZE = 0
-
-# Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be
-# set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given
-# their name and scope. Since this can be an expensive process and often the
-# same symbol appear multiple times in the code, doxygen keeps a cache of
-# pre-resolved symbols. If the cache is too small doxygen will become slower.
-# If the cache is too large, memory is wasted. The cache size is given by this
-# formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0,
-# corresponding to a cache size of 2^16 = 65536 symbols.
-
-LOOKUP_CACHE_SIZE = 0
-
-#---------------------------------------------------------------------------
-# Build related configuration options
-#---------------------------------------------------------------------------
-
-# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
-# documentation are documented, even if no documentation was available.
-# Private class members and static file members will be hidden unless
-# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
-
-EXTRACT_ALL = NO
-
-# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
-# will be included in the documentation.
-
-EXTRACT_PRIVATE = NO
-
-# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal scope will be included in the documentation.
-
-EXTRACT_PACKAGE = NO
-
-# If the EXTRACT_STATIC tag is set to YES all static members of a file
-# will be included in the documentation.
-
-EXTRACT_STATIC = NO
-
-# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
-# defined locally in source files will be included in the documentation.
-# If set to NO only classes defined in header files are included.
-
-EXTRACT_LOCAL_CLASSES = YES
-
-# This flag is only useful for Objective-C code. When set to YES local
-# methods, which are defined in the implementation section but not in
-# the interface are included in the documentation.
-# If set to NO (the default) only methods in the interface are included.
-
-EXTRACT_LOCAL_METHODS = NO
-
-# If this flag is set to YES, the members of anonymous namespaces will be
-# extracted and appear in the documentation as a namespace called
-# 'anonymous_namespace{file}', where file will be replaced with the base
-# name of the file that contains the anonymous namespace. By default
-# anonymous namespaces are hidden.
-
-EXTRACT_ANON_NSPACES = NO
-
-# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
-# undocumented members of documented classes, files or namespaces.
-# If set to NO (the default) these members will be included in the
-# various overviews, but no documentation section is generated.
-# This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_MEMBERS = NO
-
-# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
-# undocumented classes that are normally visible in the class hierarchy.
-# If set to NO (the default) these classes will be included in the various
-# overviews. This option has no effect if EXTRACT_ALL is enabled.
-
-HIDE_UNDOC_CLASSES = NO
-
-# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
-# friend (class|struct|union) declarations.
-# If set to NO (the default) these declarations will be included in the
-# documentation.
-
-HIDE_FRIEND_COMPOUNDS = NO
-
-# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
-# documentation blocks found inside the body of a function.
-# If set to NO (the default) these blocks will be appended to the
-# function's detailed documentation block.
-
-HIDE_IN_BODY_DOCS = NO
-
-# The INTERNAL_DOCS tag determines if documentation
-# that is typed after a \internal command is included. If the tag is set
-# to NO (the default) then the documentation will be excluded.
-# Set it to YES to include the internal documentation.
-
-INTERNAL_DOCS = NO
-
-# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
-# file names in lower-case letters. If set to YES upper-case letters are also
-# allowed. This is useful if you have classes or files whose names only differ
-# in case and if your file system supports case sensitive file names. Windows
-# and Mac users are advised to set this option to NO.
-
-CASE_SENSE_NAMES = YES
-
-# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
-# will show members with their full class and namespace scopes in the
-# documentation. If set to YES the scope will be hidden.
-
-HIDE_SCOPE_NAMES = NO
-
-# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
-# will put a list of the files that are included by a file in the documentation
-# of that file.
-
-SHOW_INCLUDE_FILES = YES
-
-# If the FORCE_LOCAL_INCLUDES tag is set to YES then Doxygen
-# will list include files with double quotes in the documentation
-# rather than with sharp brackets.
-
-FORCE_LOCAL_INCLUDES = NO
-
-# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
-# is inserted in the documentation for inline members.
-
-INLINE_INFO = YES
-
-# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
-# will sort the (detailed) documentation of file and class members
-# alphabetically by member name. If set to NO the members will appear in
-# declaration order.
-
-SORT_MEMBER_DOCS = YES
-
-# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
-# brief documentation of file, namespace and class members alphabetically
-# by member name. If set to NO (the default) the members will appear in
-# declaration order.
-
-SORT_BRIEF_DOCS = NO
-
-# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen
-# will sort the (brief and detailed) documentation of class members so that
-# constructors and destructors are listed first. If set to NO (the default)
-# the constructors will appear in the respective orders defined by
-# SORT_MEMBER_DOCS and SORT_BRIEF_DOCS.
-# This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO
-# and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
-
-SORT_MEMBERS_CTORS_1ST = NO
-
-# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
-# hierarchy of group names into alphabetical order. If set to NO (the default)
-# the group names will appear in their defined order.
-
-SORT_GROUP_NAMES = NO
-
-# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
-# sorted by fully-qualified names, including namespaces. If set to
-# NO (the default), the class list will be sorted only by class name,
-# not including the namespace part.
-# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
-# Note: This option applies only to the class list, not to the
-# alphabetical list.
-
-SORT_BY_SCOPE_NAME = NO
-
-# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to
-# do proper type resolution of all parameters of a function it will reject a
-# match between the prototype and the implementation of a member function even
-# if there is only one candidate or it is obvious which candidate to choose
-# by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen
-# will still accept a match between prototype and implementation in such cases.
-
-STRICT_PROTO_MATCHING = NO
-
-# The GENERATE_TODOLIST tag can be used to enable (YES) or
-# disable (NO) the todo list. This list is created by putting \todo
-# commands in the documentation.
-
-GENERATE_TODOLIST = YES
-
-# The GENERATE_TESTLIST tag can be used to enable (YES) or
-# disable (NO) the test list. This list is created by putting \test
-# commands in the documentation.
-
-GENERATE_TESTLIST = YES
-
-# The GENERATE_BUGLIST tag can be used to enable (YES) or
-# disable (NO) the bug list. This list is created by putting \bug
-# commands in the documentation.
-
-GENERATE_BUGLIST = YES
-
-# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
-# disable (NO) the deprecated list. This list is created by putting
-# \deprecated commands in the documentation.
-
-GENERATE_DEPRECATEDLIST= YES
-
-# The ENABLED_SECTIONS tag can be used to enable conditional
-# documentation sections, marked by \if sectionname ... \endif.
-
-ENABLED_SECTIONS =
-
-# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
-# the initial value of a variable or macro consists of for it to appear in
-# the documentation. If the initializer consists of more lines than specified
-# here it will be hidden. Use a value of 0 to hide initializers completely.
-# The appearance of the initializer of individual variables and macros in the
-# documentation can be controlled using \showinitializer or \hideinitializer
-# command in the documentation regardless of this setting.
-
-MAX_INITIALIZER_LINES = 30
-
-# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
-# at the bottom of the documentation of classes and structs. If set to YES the
-# list will mention the files that were used to generate the documentation.
-
-SHOW_USED_FILES = YES
-
-# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
-# This will remove the Files entry from the Quick Index and from the
-# Folder Tree View (if specified). The default is YES.
-
-SHOW_FILES = YES
-
-# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
-# Namespaces page.
-# This will remove the Namespaces entry from the Quick Index
-# and from the Folder Tree View (if specified). The default is YES.
-
-SHOW_NAMESPACES = YES
-
-# The FILE_VERSION_FILTER tag can be used to specify a program or script that
-# doxygen should invoke to get the current version for each file (typically from
-# the version control system). Doxygen will invoke the program by executing (via
-# popen()) the command <command> <input-file>, where <command> is the value of
-# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
-# provided by doxygen. Whatever the program writes to standard output
-# is used as the file version. See the manual for examples.
-
-FILE_VERSION_FILTER =
-
-# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed
-# by doxygen. The layout file controls the global structure of the generated
-# output files in an output format independent way. To create the layout file
-# that represents doxygen's defaults, run doxygen with the -l option.
-# You can optionally specify a file name after the option, if omitted
-# DoxygenLayout.xml will be used as the name of the layout file.
-
-LAYOUT_FILE =
-
-# The CITE_BIB_FILES tag can be used to specify one or more bib files
-# containing the references data. This must be a list of .bib files. The
-# .bib extension is automatically appended if omitted. Using this command
-# requires the bibtex tool to be installed. See also
-# http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style
-# of the bibliography can be controlled using LATEX_BIB_STYLE. To use this
-# feature you need bibtex and perl available in the search path.
-
-CITE_BIB_FILES =
-
-#---------------------------------------------------------------------------
-# configuration options related to warning and progress messages
-#---------------------------------------------------------------------------
-
-# The QUIET tag can be used to turn on/off the messages that are generated
-# by doxygen. Possible values are YES and NO. If left blank NO is used.
-
-QUIET = NO
-
-# The WARNINGS tag can be used to turn on/off the warning messages that are
-# generated by doxygen. Possible values are YES and NO. If left blank
-# NO is used.
-
-WARNINGS = YES
-
-# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
-# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
-# automatically be disabled.
-
-WARN_IF_UNDOCUMENTED = YES
-
-# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
-# potential errors in the documentation, such as not documenting some
-# parameters in a documented function, or documenting parameters that
-# don't exist or using markup commands wrongly.
-
-WARN_IF_DOC_ERROR = YES
-
-# The WARN_NO_PARAMDOC option can be enabled to get warnings for
-# functions that are documented, but have no documentation for their parameters
-# or return value. If set to NO (the default) doxygen will only warn about
-# wrong or incomplete parameter documentation, but not about the absence of
-# documentation.
-
-WARN_NO_PARAMDOC = NO
-
-# The WARN_FORMAT tag determines the format of the warning messages that
-# doxygen can produce. The string should contain the $file, $line, and $text
-# tags, which will be replaced by the file and line number from which the
-# warning originated and the warning text. Optionally the format may contain
-# $version, which will be replaced by the version of the file (if it could
-# be obtained via FILE_VERSION_FILTER)
-
-WARN_FORMAT = "$file:$line: $text"
-
-# The WARN_LOGFILE tag can be used to specify a file to which warning
-# and error messages should be written. If left blank the output is written
-# to stderr.
-
-WARN_LOGFILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-
-# The INPUT tag can be used to specify the files and/or directories that contain
-# documented source files. You may enter file names like "myfile.cpp" or
-# directories like "/usr/src/myproject". Separate the files or directories
-# with spaces.
-
-INPUT = @CMAKE_CURRENT_SOURCE_DIR@/../c/ecdh.h \
- @CMAKE_CURRENT_SOURCE_DIR@/../c/mpin.h \
- @CMAKE_CURRENT_SOURCE_DIR@/../c/wcc.c \
- @CMAKE_CURRENT_SOURCE_DIR@/../c/rsa.h \
- @CMAKE_CURRENT_SOURCE_DIR@/AMCL.dox
-
-# This tag can be used to specify the character encoding of the source files
-# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
-# also the default input encoding. Doxygen uses libiconv (or the iconv built
-# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
-# the list of possible encodings.
-
-INPUT_ENCODING = UTF-8
-
-# If the value of the INPUT tag contains directories, you can use the
-# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank the following patterns are tested:
-# *.c *.cc *.cxx *.cpp *.c++ *.d *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh
-# *.hxx *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.dox *.py
-# *.f90 *.f *.for *.vhd *.vhdl
-
-FILE_PATTERNS =
-
-# The RECURSIVE tag can be used to turn specify whether or not subdirectories
-# should be searched for input files as well. Possible values are YES and NO.
-# If left blank NO is used.
-
-RECURSIVE = NO
-
-# The EXCLUDE tag can be used to specify files and/or directories that should be
-# excluded from the INPUT source files. This way you can easily exclude a
-# subdirectory from a directory tree whose root is specified with the INPUT tag.
-# Note that relative paths are relative to the directory from which doxygen is
-# run.
-
-EXCLUDE =
-
-# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
-# directories that are symbolic links (a Unix file system feature) are excluded
-# from the input.
-
-EXCLUDE_SYMLINKS = NO
-
-# If the value of the INPUT tag contains directories, you can use the
-# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
-# certain files from those directories. Note that the wildcards are matched
-# against the file with absolute path, so to exclude all test directories
-# for example use the pattern */test/*
-
-EXCLUDE_PATTERNS =
-
-# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
-# (namespaces, classes, functions, etc.) that should be excluded from the
-# output. The symbol name can be a fully qualified name, a word, or if the
-# wildcard * is used, a substring. Examples: ANamespace, AClass,
-# AClass::ANamespace, ANamespace::*Test
-
-EXCLUDE_SYMBOLS =
-
-# The EXAMPLE_PATH tag can be used to specify one or more files or
-# directories that contain example code fragments that are included (see
-# the \include command).
-
-EXAMPLE_PATH =
-
-# If the value of the EXAMPLE_PATH tag contains directories, you can use the
-# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
-# and *.h) to filter out the source-files in the directories. If left
-# blank all files are included.
-
-EXAMPLE_PATTERNS =
-
-# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
-# searched for input files to be used with the \include or \dontinclude
-# commands irrespective of the value of the RECURSIVE tag.
-# Possible values are YES and NO. If left blank NO is used.
-
-EXAMPLE_RECURSIVE = NO
-
-# The IMAGE_PATH tag can be used to specify one or more files or
-# directories that contain image that are included in the documentation (see
-# the \image command).
-
-IMAGE_PATH = @CMAKE_CURRENT_BINARY_DIR@/
-
-# The INPUT_FILTER tag can be used to specify a program that doxygen should
-# invoke to filter for each input file. Doxygen will invoke the filter program
-# by executing (via popen()) the command <filter> <input-file>, where <filter>
-# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
-# input file. Doxygen will then use the output that the filter program writes
-# to standard output.
-# If FILTER_PATTERNS is specified, this tag will be
-# ignored.
-
-INPUT_FILTER =
-
-# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
-# basis.
-# Doxygen will compare the file name with each pattern and apply the
-# filter if there is a match.
-# The filters are a list of the form:
-# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
-# info on how filters are used. If FILTER_PATTERNS is empty or if
-# non of the patterns match the file name, INPUT_FILTER is applied.
-
-FILTER_PATTERNS =
-
-# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
-# INPUT_FILTER) will be used to filter the input files when producing source
-# files to browse (i.e. when SOURCE_BROWSER is set to YES).
-
-FILTER_SOURCE_FILES = NO
-
-# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file
-# pattern. A pattern will override the setting for FILTER_PATTERN (if any)
-# and it is also possible to disable source filtering for a specific pattern
-# using *.ext= (so without naming a filter). This option only has effect when
-# FILTER_SOURCE_FILES is enabled.
-
-FILTER_SOURCE_PATTERNS =
-
-#---------------------------------------------------------------------------
-# configuration options related to source browsing
-#---------------------------------------------------------------------------
-
-# If the SOURCE_BROWSER tag is set to YES then a list of source files will
-# be generated. Documented entities will be cross-referenced with these sources.
-# Note: To get rid of all source code in the generated output, make sure also
-# VERBATIM_HEADERS is set to NO.
-
-SOURCE_BROWSER = NO
-
-# Setting the INLINE_SOURCES tag to YES will include the body
-# of functions and classes directly in the documentation.
-
-INLINE_SOURCES = NO
-
-# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
-# doxygen to hide any special comment blocks from generated source code
-# fragments. Normal C, C++ and Fortran comments will always remain visible.
-
-STRIP_CODE_COMMENTS = YES
-
-# If the REFERENCED_BY_RELATION tag is set to YES
-# then for each documented function all documented
-# functions referencing it will be listed.
-
-REFERENCED_BY_RELATION = NO
-
-# If the REFERENCES_RELATION tag is set to YES
-# then for each documented function all documented entities
-# called/used by that function will be listed.
-
-REFERENCES_RELATION = NO
-
-# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
-# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
-# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
-# link to the source code.
-# Otherwise they will link to the documentation.
-
-REFERENCES_LINK_SOURCE = YES
-
-# If the USE_HTAGS tag is set to YES then the references to source code
-# will point to the HTML generated by the htags(1) tool instead of doxygen
-# built-in source browser. The htags tool is part of GNU's global source
-# tagging system (see http://www.gnu.org/software/global/global.html). You
-# will need version 4.8.6 or higher.
-
-USE_HTAGS = NO
-
-# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
-# will generate a verbatim copy of the header file for each class for
-# which an include is specified. Set to NO to disable this.
-
-VERBATIM_HEADERS = YES
-
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-
-# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
-# of all compounds will be generated. Enable this if the project
-# contains a lot of classes, structs, unions or interfaces.
-
-ALPHABETICAL_INDEX = YES
-
-# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
-# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
-# in which this list will be split (can be a number in the range [1..20])
-
-COLS_IN_ALPHA_INDEX = 5
-
-# In case all classes in a project start with a common prefix, all
-# classes will be put under the same header in the alphabetical index.
-# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
-# should be ignored while generating the index headers.
-
-IGNORE_PREFIX =
-
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
-# generate HTML output.
-
-GENERATE_HTML = YES
-
-# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `html' will be used as the default path.
-
-HTML_OUTPUT = html
-
-# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
-# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
-# doxygen will generate files with .html extension.
-
-HTML_FILE_EXTENSION = .html
-
-# The HTML_HEADER tag can be used to specify a personal HTML header for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard header. Note that when using a custom header you are responsible
-# for the proper inclusion of any scripts and style sheets that doxygen
-# needs, which is dependent on the configuration options used.
-# It is advised to generate a default header using "doxygen -w html
-# header.html footer.html stylesheet.css YourConfigFile" and then modify
-# that header. Note that the header is subject to change so you typically
-# have to redo this when upgrading to a newer version of doxygen or when
-# changing the value of configuration settings such as GENERATE_TREEVIEW!
-
-HTML_HEADER =
-
-# The HTML_FOOTER tag can be used to specify a personal HTML footer for
-# each generated HTML page. If it is left blank doxygen will generate a
-# standard footer.
-
-HTML_FOOTER =
-
-# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
-# style sheet that is used by each HTML page. It can be used to
-# fine-tune the look of the HTML output. If the tag is left blank doxygen
-# will generate a default style sheet. Note that doxygen will try to copy
-# the style sheet file to the HTML output directory, so don't put your own
-# style sheet in the HTML output directory as well, or it will be erased!
-
-HTML_STYLESHEET =
-
-# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or
-# other source files which should be copied to the HTML output directory. Note
-# that these files will be copied to the base HTML output directory. Use the
-# $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these
-# files. In the HTML_STYLESHEET file, use the file name only. Also note that
-# the files will be copied as-is; there are no commands or markers available.
-
-HTML_EXTRA_FILES =
-
-# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output.
-# Doxygen will adjust the colors in the style sheet and background images
-# according to this color. Hue is specified as an angle on a colorwheel,
-# see http://en.wikipedia.org/wiki/Hue for more information.
-# For instance the value 0 represents red, 60 is yellow, 120 is green,
-# 180 is cyan, 240 is blue, 300 purple, and 360 is red again.
-# The allowed range is 0 to 359.
-
-HTML_COLORSTYLE_HUE = 220
-
-# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of
-# the colors in the HTML output. For a value of 0 the output will use
-# grayscales only. A value of 255 will produce the most vivid colors.
-
-HTML_COLORSTYLE_SAT = 100
-
-# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to
-# the luminance component of the colors in the HTML output. Values below
-# 100 gradually make the output lighter, whereas values above 100 make
-# the output darker. The value divided by 100 is the actual gamma applied,
-# so 80 represents a gamma of 0.8, The value 220 represents a gamma of 2.2,
-# and 100 does not change the gamma.
-
-HTML_COLORSTYLE_GAMMA = 80
-
-# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
-# page will contain the date and time when the page was generated. Setting
-# this to NO can help when comparing the output of multiple runs.
-
-HTML_TIMESTAMP = NO
-
-# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
-# documentation will contain sections that can be hidden and shown after the
-# page has loaded.
-
-HTML_DYNAMIC_SECTIONS = NO
-
-# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of
-# entries shown in the various tree structured indices initially; the user
-# can expand and collapse entries dynamically later on. Doxygen will expand
-# the tree to such a level that at most the specified number of entries are
-# visible (unless a fully collapsed tree already exceeds this amount).
-# So setting the number of entries 1 will produce a full collapsed tree by
-# default. 0 is a special value representing an infinite number of entries
-# and will result in a full expanded tree by default.
-
-HTML_INDEX_NUM_ENTRIES = 100
-
-# If the GENERATE_DOCSET tag is set to YES, additional index files
-# will be generated that can be used as input for Apple's Xcode 3
-# integrated development environment, introduced with OSX 10.5 (Leopard).
-# To create a documentation set, doxygen will generate a Makefile in the
-# HTML output directory. Running make will produce the docset in that
-# directory and running "make install" will install the docset in
-# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
-# it at startup.
-# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html
-# for more information.
-
-GENERATE_DOCSET = NO
-
-# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
-# feed. A documentation feed provides an umbrella under which multiple
-# documentation sets from a single provider (such as a company or product suite)
-# can be grouped.
-
-DOCSET_FEEDNAME = "Doxygen generated docs"
-
-# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
-# should uniquely identify the documentation set bundle. This should be a
-# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
-# will append .docset to the name.
-
-DOCSET_BUNDLE_ID = org.doxygen.Project
-
-# When GENERATE_PUBLISHER_ID tag specifies a string that should uniquely identify
-# the documentation publisher. This should be a reverse domain-name style
-# string, e.g. com.mycompany.MyDocSet.documentation.
-
-DOCSET_PUBLISHER_ID = org.doxygen.Publisher
-
-# The GENERATE_PUBLISHER_NAME tag identifies the documentation publisher.
-
-DOCSET_PUBLISHER_NAME = Publisher
-
-# If the GENERATE_HTMLHELP tag is set to YES, additional index files
-# will be generated that can be used as input for tools like the
-# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
-# of the generated HTML documentation.
-
-GENERATE_HTMLHELP = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
-# be used to specify the file name of the resulting .chm file. You
-# can add a path in front of the file if the result should not be
-# written to the html output directory.
-
-CHM_FILE =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
-# be used to specify the location (absolute path including file name) of
-# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
-# the HTML help compiler on the generated index.hhp.
-
-HHC_LOCATION =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
-# controls if a separate .chi index file is generated (YES) or that
-# it should be included in the master .chm file (NO).
-
-GENERATE_CHI = NO
-
-# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
-# is used to encode HtmlHelp index (hhk), content (hhc) and project file
-# content.
-
-CHM_INDEX_ENCODING =
-
-# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
-# controls whether a binary table of contents is generated (YES) or a
-# normal table of contents (NO) in the .chm file.
-
-BINARY_TOC = NO
-
-# The TOC_EXPAND flag can be set to YES to add extra items for group members
-# to the contents of the HTML help documentation and to the tree view.
-
-TOC_EXPAND = NO
-
-# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
-# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated
-# that can be used as input for Qt's qhelpgenerator to generate a
-# Qt Compressed Help (.qch) of the generated HTML documentation.
-
-GENERATE_QHP = NO
-
-# If the QHG_LOCATION tag is specified, the QCH_FILE tag can
-# be used to specify the file name of the resulting .qch file.
-# The path specified is relative to the HTML output folder.
-
-QCH_FILE =
-
-# The QHP_NAMESPACE tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#namespace
-
-QHP_NAMESPACE = org.doxygen.Project
-
-# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating
-# Qt Help Project output. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#virtual-folders
-
-QHP_VIRTUAL_FOLDER = doc
-
-# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to
-# add. For more information please see
-# http://doc.trolltech.com/qthelpproject.html#custom-filters
-
-QHP_CUST_FILTER_NAME =
-
-# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the
-# custom filter to add. For more information please see
-# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">
-# Qt Help Project / Custom Filters</a>.
-
-QHP_CUST_FILTER_ATTRS =
-
-# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
-# project's
-# filter section matches.
-# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">
-# Qt Help Project / Filter Attributes</a>.
-
-QHP_SECT_FILTER_ATTRS =
-
-# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can
-# be used to specify the location of Qt's qhelpgenerator.
-# If non-empty doxygen will try to run qhelpgenerator on the generated
-# .qhp file.
-
-QHG_LOCATION =
-
-# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files
-# will be generated, which together with the HTML files, form an Eclipse help
-# plugin. To install this plugin and make it available under the help contents
-# menu in Eclipse, the contents of the directory containing the HTML and XML
-# files needs to be copied into the plugins directory of eclipse. The name of
-# the directory within the plugins directory should be the same as
-# the ECLIPSE_DOC_ID value. After copying Eclipse needs to be restarted before
-# the help appears.
-
-GENERATE_ECLIPSEHELP = NO
-
-# A unique identifier for the eclipse help plugin. When installing the plugin
-# the directory name containing the HTML and XML files should also have
-# this name.
-
-ECLIPSE_DOC_ID = org.doxygen.Project
-
-# The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs)
-# at top of each HTML page. The value NO (the default) enables the index and
-# the value YES disables it. Since the tabs have the same information as the
-# navigation tree you can set this option to NO if you already set
-# GENERATE_TREEVIEW to YES.
-
-DISABLE_INDEX = NO
-
-# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
-# structure should be generated to display hierarchical information.
-# If the tag value is set to YES, a side panel will be generated
-# containing a tree-like index structure (just like the one that
-# is generated for HTML Help). For this to work a browser that supports
-# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
-# Windows users are probably better off using the HTML help feature.
-# Since the tree basically has the same information as the tab index you
-# could consider to set DISABLE_INDEX to NO when enabling this option.
-
-GENERATE_TREEVIEW = NO
-
-# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values
-# (range [0,1..20]) that doxygen will group on one line in the generated HTML
-# documentation. Note that a value of 0 will completely suppress the enum
-# values from appearing in the overview section.
-
-ENUM_VALUES_PER_LINE = 4
-
-# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
-# used to set the initial width (in pixels) of the frame in which the tree
-# is shown.
-
-TREEVIEW_WIDTH = 250
-
-# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open
-# links to external symbols imported via tag files in a separate window.
-
-EXT_LINKS_IN_WINDOW = NO
-
-# Use this tag to change the font size of Latex formulas included
-# as images in the HTML documentation. The default is 10. Note that
-# when you change the font size after a successful doxygen run you need
-# to manually remove any form_*.png images from the HTML output directory
-# to force them to be regenerated.
-
-FORMULA_FONTSIZE = 10
-
-# Use the FORMULA_TRANPARENT tag to determine whether or not the images
-# generated for formulas are transparent PNGs. Transparent PNGs are
-# not supported properly for IE 6.0, but are supported on all modern browsers.
-# Note that when changing this option you need to delete any form_*.png files
-# in the HTML output before the changes have effect.
-
-FORMULA_TRANSPARENT = YES
-
-# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax
-# (see http://www.mathjax.org) which uses client side Javascript for the
-# rendering instead of using prerendered bitmaps. Use this if you do not
-# have LaTeX installed or if you want to formulas look prettier in the HTML
-# output. When enabled you may also need to install MathJax separately and
-# configure the path to it using the MATHJAX_RELPATH option.
-
-USE_MATHJAX = NO
-
-# When MathJax is enabled you need to specify the location relative to the
-# HTML output directory using the MATHJAX_RELPATH option. The destination
-# directory should contain the MathJax.js script. For instance, if the mathjax
-# directory is located at the same level as the HTML output directory, then
-# MATHJAX_RELPATH should be ../mathjax. The default value points to
-# the MathJax Content Delivery Network so you can quickly see the result without
-# installing MathJax.
-# However, it is strongly recommended to install a local
-# copy of MathJax from http://www.mathjax.org before deployment.
-
-MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest
-
-# The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension
-# names that should be enabled during MathJax rendering.
-
-MATHJAX_EXTENSIONS =
-
-# When the SEARCHENGINE tag is enabled doxygen will generate a search box
-# for the HTML output. The underlying search engine uses javascript
-# and DHTML and should work on any modern browser. Note that when using
-# HTML help (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets
-# (GENERATE_DOCSET) there is already a search function so this one should
-# typically be disabled. For large projects the javascript based search engine
-# can be slow, then enabling SERVER_BASED_SEARCH may provide a better solution.
-
-SEARCHENGINE = YES
-
-# When the SERVER_BASED_SEARCH tag is enabled the search engine will be
-# implemented using a PHP enabled web server instead of at the web client
-# using Javascript. Doxygen will generate the search PHP script and index
-# file to put on the web server. The advantage of the server
-# based approach is that it scales better to large projects and allows
-# full text search. The disadvantages are that it is more difficult to setup
-# and does not have live searching capabilities.
-
-SERVER_BASED_SEARCH = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
-# generate Latex output.
-
-GENERATE_LATEX = YES
-
-# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `latex' will be used as the default path.
-
-LATEX_OUTPUT = latex
-
-# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
-# invoked. If left blank `latex' will be used as the default command name.
-# Note that when enabling USE_PDFLATEX this option is only used for
-# generating bitmaps for formulas in the HTML output, but not in the
-# Makefile that is written to the output directory.
-
-LATEX_CMD_NAME = latex
-
-# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
-# generate index for LaTeX. If left blank `makeindex' will be used as the
-# default command name.
-
-MAKEINDEX_CMD_NAME = makeindex
-
-# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
-# LaTeX documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_LATEX = NO
-
-# The PAPER_TYPE tag can be used to set the paper type that is used
-# by the printer. Possible values are: a4, letter, legal and
-# executive. If left blank a4wide will be used.
-
-PAPER_TYPE = a4
-
-# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
-# packages that should be included in the LaTeX output.
-
-EXTRA_PACKAGES =
-
-# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
-# the generated latex document. The header should contain everything until
-# the first chapter. If it is left blank doxygen will generate a
-# standard header. Notice: only use this tag if you know what you are doing!
-
-LATEX_HEADER =
-
-# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for
-# the generated latex document. The footer should contain everything after
-# the last chapter. If it is left blank doxygen will generate a
-# standard footer. Notice: only use this tag if you know what you are doing!
-
-LATEX_FOOTER =
-
-# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
-# is prepared for conversion to pdf (using ps2pdf). The pdf file will
-# contain links (just like the HTML output) instead of page references
-# This makes the output suitable for online browsing using a pdf viewer.
-
-PDF_HYPERLINKS = YES
-
-# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
-# plain latex in the generated Makefile. Set this option to YES to get a
-# higher quality PDF documentation.
-
-USE_PDFLATEX = YES
-
-# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
-# command to the generated LaTeX files. This will instruct LaTeX to keep
-# running if errors occur, instead of asking the user for help.
-# This option is also used when generating formulas in HTML.
-
-LATEX_BATCHMODE = NO
-
-# If LATEX_HIDE_INDICES is set to YES then doxygen will not
-# include the index chapters (such as File Index, Compound Index, etc.)
-# in the output.
-
-LATEX_HIDE_INDICES = NO
-
-# If LATEX_SOURCE_CODE is set to YES then doxygen will include
-# source code with syntax highlighting in the LaTeX output.
-# Note that which sources are shown also depends on other settings
-# such as SOURCE_BROWSER.
-
-LATEX_SOURCE_CODE = NO
-
-# The LATEX_BIB_STYLE tag can be used to specify the style to use for the
-# bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See
-# http://en.wikipedia.org/wiki/BibTeX for more info.
-
-LATEX_BIB_STYLE = plain
-
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
-# The RTF output is optimized for Word 97 and may not look very pretty with
-# other RTF readers or editors.
-
-GENERATE_RTF = NO
-
-# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `rtf' will be used as the default path.
-
-RTF_OUTPUT = rtf
-
-# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
-# RTF documents. This may be useful for small projects and may help to
-# save some trees in general.
-
-COMPACT_RTF = NO
-
-# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
-# will contain hyperlink fields. The RTF file will
-# contain links (just like the HTML output) instead of page references.
-# This makes the output suitable for online browsing using WORD or other
-# programs which support those fields.
-# Note: wordpad (write) and others do not support links.
-
-RTF_HYPERLINKS = NO
-
-# Load style sheet definitions from file. Syntax is similar to doxygen's
-# config file, i.e. a series of assignments. You only have to provide
-# replacements, missing definitions are set to their default value.
-
-RTF_STYLESHEET_FILE =
-
-# Set optional variables used in the generation of an rtf document.
-# Syntax is similar to doxygen's config file.
-
-RTF_EXTENSIONS_FILE =
-
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
-# generate man pages
-
-GENERATE_MAN = NO
-
-# The MAN_OUTPUT tag is used to specify where the man pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `man' will be used as the default path.
-
-MAN_OUTPUT = man
-
-# The MAN_EXTENSION tag determines the extension that is added to
-# the generated man pages (default is the subroutine's section .3)
-
-MAN_EXTENSION = .3
-
-# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
-# then it will generate one additional man file for each entity
-# documented in the real man page(s). These additional files
-# only source the real man page, but without them the man command
-# would be unable to find the correct page. The default is NO.
-
-MAN_LINKS = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the XML output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_XML tag is set to YES Doxygen will
-# generate an XML file that captures the structure of
-# the code including all documentation.
-
-GENERATE_XML = NO
-
-# The XML_OUTPUT tag is used to specify where the XML pages will be put.
-# If a relative path is entered the value of OUTPUT_DIRECTORY will be
-# put in front of it. If left blank `xml' will be used as the default path.
-
-XML_OUTPUT = xml
-
-# The XML_SCHEMA tag can be used to specify an XML schema,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_SCHEMA =
-
-# The XML_DTD tag can be used to specify an XML DTD,
-# which can be used by a validating XML parser to check the
-# syntax of the XML files.
-
-XML_DTD =
-
-# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
-# dump the program listings (including syntax highlighting
-# and cross-referencing information) to the XML output. Note that
-# enabling this will significantly increase the size of the XML output.
-
-XML_PROGRAMLISTING = YES
-
-#---------------------------------------------------------------------------
-# configuration options for the AutoGen Definitions output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
-# generate an AutoGen Definitions (see autogen.sf.net) file
-# that captures the structure of the code including all
-# documentation. Note that this feature is still experimental
-# and incomplete at the moment.
-
-GENERATE_AUTOGEN_DEF = NO
-
-#---------------------------------------------------------------------------
-# configuration options related to the Perl module output
-#---------------------------------------------------------------------------
-
-# If the GENERATE_PERLMOD tag is set to YES Doxygen will
-# generate a Perl module file that captures the structure of
-# the code including all documentation. Note that this
-# feature is still experimental and incomplete at the
-# moment.
-
-GENERATE_PERLMOD = NO
-
-# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
-# the necessary Makefile rules, Perl scripts and LaTeX code to be able
-# to generate PDF and DVI output from the Perl module output.
-
-PERLMOD_LATEX = NO
-
-# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
-# nicely formatted so it can be parsed by a human reader.
-# This is useful
-# if you want to understand what is going on.
-# On the other hand, if this
-# tag is set to NO the size of the Perl module output will be much smaller
-# and Perl will parse it just the same.
-
-PERLMOD_PRETTY = YES
-
-# The names of the make variables in the generated doxyrules.make file
-# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
-# This is useful so different doxyrules.make files included by the same
-# Makefile don't overwrite each other's variables.
-
-PERLMOD_MAKEVAR_PREFIX =
-
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-
-# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
-# evaluate all C-preprocessor directives found in the sources and include
-# files.
-
-ENABLE_PREPROCESSING = YES
-
-# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
-# names in the source code. If set to NO (the default) only conditional
-# compilation will be performed. Macro expansion can be done in a controlled
-# way by setting EXPAND_ONLY_PREDEF to YES.
-
-MACRO_EXPANSION = NO
-
-# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
-# then the macro expansion is limited to the macros specified with the
-# PREDEFINED and EXPAND_AS_DEFINED tags.
-
-EXPAND_ONLY_PREDEF = NO
-
-# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
-# pointed to by INCLUDE_PATH will be searched when a #include is found.
-
-SEARCH_INCLUDES = YES
-
-# The INCLUDE_PATH tag can be used to specify one or more directories that
-# contain include files that are not input files but should be processed by
-# the preprocessor.
-
-INCLUDE_PATH =
-
-# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
-# patterns (like *.h and *.hpp) to filter out the header-files in the
-# directories. If left blank, the patterns specified with FILE_PATTERNS will
-# be used.
-
-INCLUDE_FILE_PATTERNS =
-
-# The PREDEFINED tag can be used to specify one or more macro names that
-# are defined before the preprocessor is started (similar to the -D option of
-# gcc). The argument of the tag is a list of macros of the form: name
-# or name=definition (no spaces). If the definition and the = are
-# omitted =1 is assumed. To prevent a macro definition from being
-# undefined via #undef or recursively expanded use the := operator
-# instead of the = operator.
-
-PREDEFINED =
-
-# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
-# this tag can be used to specify a list of macro names that should be expanded.
-# The macro definition that is found in the sources will be used.
-# Use the PREDEFINED tag if you want to use a different macro definition that
-# overrules the definition found in the source code.
-
-EXPAND_AS_DEFINED =
-
-# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
-# doxygen's preprocessor will remove all references to function-like macros
-# that are alone on a line, have an all uppercase name, and do not end with a
-# semicolon, because these will confuse the parser if not removed.
-
-SKIP_FUNCTION_MACROS = YES
-
-#---------------------------------------------------------------------------
-# Configuration::additions related to external references
-#---------------------------------------------------------------------------
-
-# The TAGFILES option can be used to specify one or more tagfiles. For each
-# tag file the location of the external documentation should be added. The
-# format of a tag file without this location is as follows:
-#
-# TAGFILES = file1 file2 ...
-# Adding location for the tag files is done as follows:
-#
-# TAGFILES = file1=loc1 "file2 = loc2" ...
-# where "loc1" and "loc2" can be relative or absolute paths
-# or URLs. Note that each tag file must have a unique name (where the name does
-# NOT include the path). If a tag file is not located in the directory in which
-# doxygen is run, you must also specify the path to the tagfile here.
-
-TAGFILES =
-
-# When a file name is specified after GENERATE_TAGFILE, doxygen will create
-# a tag file that is based on the input files it reads.
-
-GENERATE_TAGFILE =
-
-# If the ALLEXTERNALS tag is set to YES all external classes will be listed
-# in the class index. If set to NO only the inherited external classes
-# will be listed.
-
-ALLEXTERNALS = NO
-
-# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
-# in the modules index. If set to NO, only the current project's groups will
-# be listed.
-
-EXTERNAL_GROUPS = YES
-
-# The PERL_PATH should be the absolute path and name of the perl script
-# interpreter (i.e. the result of `which perl').
-
-PERL_PATH = /usr/bin/perl
-
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-
-# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
-# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
-# or super classes. Setting the tag to NO turns the diagrams off. Note that
-# this option also works with HAVE_DOT disabled, but it is recommended to
-# install and use dot, since it yields more powerful graphs.
-
-CLASS_DIAGRAMS = YES
-
-# You can define message sequence charts within doxygen comments using the \msc
-# command. Doxygen will then run the mscgen tool (see
-# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
-# documentation. The MSCGEN_PATH tag allows you to specify the directory where
-# the mscgen tool resides. If left empty the tool is assumed to be found in the
-# default search path.
-
-MSCGEN_PATH =
-
-# If set to YES, the inheritance and collaboration graphs will hide
-# inheritance and usage relations if the target is undocumented
-# or is not a class.
-
-HIDE_UNDOC_RELATIONS = YES
-
-# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
-# available from the path. This tool is part of Graphviz, a graph visualization
-# toolkit from AT&T and Lucent Bell Labs. The other options in this section
-# have no effect if this option is set to NO (the default)
-
-HAVE_DOT = NO
-
-# The DOT_NUM_THREADS specifies the number of dot invocations doxygen is
-# allowed to run in parallel. When set to 0 (the default) doxygen will
-# base this on the number of processors available in the system. You can set it
-# explicitly to a value larger than 0 to get control over the balance
-# between CPU load and processing speed.
-
-DOT_NUM_THREADS = 0
-
-# By default doxygen will use the Helvetica font for all dot files that
-# doxygen generates. When you want a differently looking font you can specify
-# the font name using DOT_FONTNAME. You need to make sure dot is able to find
-# the font, which can be done by putting it in a standard location or by setting
-# the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the
-# directory containing the font.
-
-DOT_FONTNAME = Helvetica
-
-# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
-# The default size is 10pt.
-
-DOT_FONTSIZE = 10
-
-# By default doxygen will tell dot to use the Helvetica font.
-# If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to
-# set the path where dot can find it.
-
-DOT_FONTPATH =
-
-# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect inheritance relations. Setting this tag to YES will force the
-# CLASS_DIAGRAMS tag to NO.
-
-CLASS_GRAPH = YES
-
-# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for each documented class showing the direct and
-# indirect implementation dependencies (inheritance, containment, and
-# class references variables) of the class with other documented classes.
-
-COLLABORATION_GRAPH = YES
-
-# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
-# will generate a graph for groups, showing the direct groups dependencies
-
-GROUP_GRAPHS = YES
-
-# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
-# collaboration diagrams in a style similar to the OMG's Unified Modeling
-# Language.
-
-UML_LOOK = NO
-
-# If the UML_LOOK tag is enabled, the fields and methods are shown inside
-# the class node. If there are many fields or methods and many nodes the
-# graph may become too big to be useful. The UML_LIMIT_NUM_FIELDS
-# threshold limits the number of items for each type to make the size more
-# managable. Set this to 0 for no limit. Note that the threshold may be
-# exceeded by 50% before the limit is enforced.
-
-UML_LIMIT_NUM_FIELDS = 10
-
-# If set to YES, the inheritance and collaboration graphs will show the
-# relations between templates and their instances.
-
-TEMPLATE_RELATIONS = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
-# tags are set to YES then doxygen will generate a graph for each documented
-# file showing the direct and indirect include dependencies of the file with
-# other documented files.
-
-INCLUDE_GRAPH = NO
-
-# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
-# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
-# documented header file showing the documented files that directly or
-# indirectly include this file.
-
-INCLUDED_BY_GRAPH = YES
-
-# If the CALL_GRAPH and HAVE_DOT options are set to YES then
-# doxygen will generate a call dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable call graphs
-# for selected functions only using the \callgraph command.
-
-CALL_GRAPH = YES
-
-# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
-# doxygen will generate a caller dependency graph for every global function
-# or class method. Note that enabling this option will significantly increase
-# the time of a run. So in most cases it will be better to enable caller
-# graphs for selected functions only using the \callergraph command.
-
-CALLER_GRAPH = YES
-
-# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
-# will generate a graphical hierarchy of all classes instead of a textual one.
-
-GRAPHICAL_HIERARCHY = YES
-
-# If the DIRECTORY_GRAPH and HAVE_DOT tags are set to YES
-# then doxygen will show the dependencies a directory has on other directories
-# in a graphical way. The dependency relations are determined by the #include
-# relations between the files in the directories.
-
-DIRECTORY_GRAPH = NO
-
-# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
-# generated by dot. Possible values are svg, png, jpg, or gif.
-# If left blank png will be used. If you choose svg you need to set
-# HTML_FILE_EXTENSION to xhtml in order to make the SVG files
-# visible in IE 9+ (other browsers do not have this requirement).
-
-DOT_IMAGE_FORMAT = png
-
-# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to
-# enable generation of interactive SVG images that allow zooming and panning.
-# Note that this requires a modern browser other than Internet Explorer.
-# Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you
-# need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files
-# visible. Older versions of IE do not have SVG support.
-
-INTERACTIVE_SVG = NO
-
-# The tag DOT_PATH can be used to specify the path where the dot tool can be
-# found. If left blank, it is assumed the dot tool can be found in the path.
-
-DOT_PATH =
-
-# The DOTFILE_DIRS tag can be used to specify one or more directories that
-# contain dot files that are included in the documentation (see the
-# \dotfile command).
-
-DOTFILE_DIRS =
-
-# The MSCFILE_DIRS tag can be used to specify one or more directories that
-# contain msc files that are included in the documentation (see the
-# \mscfile command).
-
-MSCFILE_DIRS =
-
-# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
-# nodes that will be shown in the graph. If the number of nodes in a graph
-# becomes larger than this value, doxygen will truncate the graph, which is
-# visualized by representing a node as a red box. Note that doxygen if the
-# number of direct children of the root node in a graph is already larger than
-# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
-# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
-
-DOT_GRAPH_MAX_NODES = 50
-
-# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
-# graphs generated by dot. A depth value of 3 means that only nodes reachable
-# from the root by following a path via at most 3 edges will be shown. Nodes
-# that lay further from the root node will be omitted. Note that setting this
-# option to 1 or 2 may greatly reduce the computation time needed for large
-# code bases. Also note that the size of a graph can be further restricted by
-# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
-
-MAX_DOT_GRAPH_DEPTH = 0
-
-# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
-# background. This is disabled by default, because dot on Windows does not
-# seem to support this out of the box. Warning: Depending on the platform used,
-# enabling this option may lead to badly anti-aliased labels on the edges of
-# a graph (i.e. they become hard to read).
-
-DOT_TRANSPARENT = NO
-
-# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
-# files in one run (i.e. multiple -o and -T options on the command line). This
-# makes dot run faster, but since only newer versions of dot (>1.8.10)
-# support this, this feature is disabled by default.
-
-DOT_MULTI_TARGETS = NO
-
-# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
-# generate a legend page explaining the meaning of the various boxes and
-# arrows in the dot generated graphs.
-
-GENERATE_LEGEND = YES
-
-# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
-# remove the intermediate dot files that are used to generate
-# the various graphs.
-
-DOT_CLEANUP = YES
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/README.txt
----------------------------------------------------------------------
diff --git a/docs/README.txt b/docs/README.txt
deleted file mode 100755
index 17fd90d..0000000
--- a/docs/README.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-./Doxyfile.in This file describes the settings to be used by the
- documentation system
-
-./AMCL.dox Main page of the documentation.
-
-To generate the documentation type: make doc
-
-This will generate the directories
-
-./html This can be read by typing:
- firefox ./html/index.html
-
-./latex These are the latex source files. The pdf can be generated by
- typing: make. The output is refman.pdf.
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/latex/README.txt
----------------------------------------------------------------------
diff --git a/docs/latex/README.txt b/docs/latex/README.txt
deleted file mode 100644
index ad1c410..0000000
--- a/docs/latex/README.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-latex amcl.tex
-dvips -Ppdf -G0 amcl.dvi
-ps2pdf amcl.ps
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/latex/amcl.bib
----------------------------------------------------------------------
diff --git a/docs/latex/amcl.bib b/docs/latex/amcl.bib
deleted file mode 100644
index 3d6d22e..0000000
--- a/docs/latex/amcl.bib
+++ /dev/null
@@ -1,156 +0,0 @@
-@misc{aranha-karabina-longa-gebotys-lopez,
- author = "D.~F.~Aranha and K.~Karabina and P.~Longa and C.~H.~ Gebotys and J.~Lopez",
- title = "Faster Explicit Formulae for Computing Pairings over Ordinary Curves",
- year = "2010",
- howpublished = "Cryptology ePrint Archive, Report 2010/526",
- note = {\url{http://eprint.iacr.org/2010/526}},
-}
-
-@misc{bernstein-chuengsatiansup-lange,
- author = {Daniel J. Bernstein and Chitchanok Chuengsatiansup and Tanja Lange},
- title = {Curve41417: Karatsuba revisited},
- howpublished = {Cryptology ePrint Archive, Report 2014/526},
- year = {2014},
- note = {\url{http://eprint.iacr.org/2014/526}},
-}
-
-@article{montgomery,
- author={Peter L. Montgomery},
- title={Modular Multiplication Without Trial Division},
- journal={Mathematics of Computation},
- volume="44",
- number="170",
- pages="519�-521",
- year="1985"
-}
-
-@misc{bos-costello-longa-naehrig,
- author = {Joppe W. Bos and Craig Costello and Patrick Longa and Michael Naehrig},
- title = {Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis},
- howpublished = {Cryptology ePrint Archive, Report 2014/130},
- year = {2014},
- note = {\url{http://eprint.iacr.org/2014/130}},
-}
-
-@misc{bernstein-duif-lange-schwabe-yang,
- author = {Daniel J. Bernstein and Niels Duif and Tanja Lange and Peter Schwabe and Bo-Yin Yang},
- title = {High-speed high-security signatures},
- howpublished = {Cryptology ePrint Archive, Report 2011/368},
- year = {2011},
- note = {\url{http://eprint.iacr.org/2011/368}},
-}
-
-@misc{tss,
- author="Tangible Software Solutions",
- note={\url{http://www.tangiblesoftwaresolutions.com/}},
-}
-
-@misc{ml,
- author="A.~ Miele and A.~K.~Lenstra",
- title = "Efficient ephemeral elliptic curve cryptographic keys",
- year="2015",
- note={\url{http://csrc.nist.gov/groups/ST/ecc-workshop-2015/papers/session1-miele-paper.pdf}},
-}
-
-@misc{gol,
- author="Google j2objc",
- note={\url{https://github.com/google/j2objc}},
-}
-
-@Inproceedings{bernstein,
- author={Daniel J. Bernstein},
- title={Curve25519: new {D}iffie-{H}ellman speed records},
- booktitle="PKC 2006",
- pages="207--228",
- publisher="Springer-Verlag",
- series = "Lecture Notes in Computer Science",
- volume="3958",
- year="2006"
-}
-
-@misc{nist,
- author="National Institute for Standards and Technology",
- title="Federal Information Processing Standards Publication 186-2",
- year="2000",
- note = {\url{http://csrc.nist.gov/publications/fips/archive/fips186-2/fips186-2.pdf}},
-}
-
-@misc{mpin,
- author="M. ~Scott",
- title= "M-{P}in: A Multi-Factor Zero Knowledge Authentication Protocol",
- year="2014",
- note={\url{http://www.miracl.com/crypto-labs}},
-}
-
-@Inproceedings{barreto-naehrig,
- author="P.S.L.M.~Barreto and M.~Naehrig",
- title="Pairing-Friendly elliptic curves of prime order",
- booktitle="Selected Areas in Cryptology -- {SAC} 2005",
- pages="319--331",
- publisher="Springer-Verlag",
- series = "Lecture Notes in Computer Science",
- volume= "3897",
- year="2006",
-}
-
-@book{knuth,
- author = {Knuth, Donald E.},
- title = {The Art of Computer Programming, Volume 2 (3rd Ed.): Seminumerical Algorithms},
- year = {1997},
- isbn = {0-201-89684-2},
- publisher = {Addison-Wesley Longman Publishing Co., Inc.},
-}
-
-
-
-@Inproceedings{scott,
- author="M.~ Scott",
- title= "Implementing Cryptographic Pairings",
- booktitle="Pairing 2007",
- pages="177--196",
- year="2007",
- series = "Lecture Notes in Computer Science",
- volume= "4575"
-}
-
-@article{montgomery2,
- author={Peter L. Montgomery},
- title="Speeding the {P}ollard and Elliptic Curve Methods of Factorisation",
- journal={Mathematics of Computation},
- volume="48",
- number="177",
- pages="243�-264",
- year="1987"
-}
-
-@misc{bernstein-lange,
- author = {Daniel J. Bernstein and Tanja Lange},
- title = {Inverted {E}dwards coordinates},
- howpublished = {Cryptology ePrint Archive, Report 2007/410},
- year = {2007},
- note = {\url{http://eprint.iacr.org/2007/410}},
-}
-
-@misc{brainpool,
- author="Brainpool",
- title="{ECC} Brainpool standard curves and curve generation.",
- year={2005},
- note={\url{http://www.ecc-brainpool.org/download/Domain-parameters.pdf}},
-}
-
-@misc{ANSSI,
- author="{ANSSI}",
- title="Publication d'un param�trage de courbe elliptique visant des applications de passeport �lectronique et de l'administration �lectronique fran�aise.",
- year={2011},
- note={\url{http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000024668816}},
-}
-
-@misc{certicom,
- author="Certicom",
- title="SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0",
- year={2010},
- note={\url{ http://www.secg.org/download/aid-784/sec2-v2.pdf }},
-}
-
-
-
[38/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/ROM.cs
----------------------------------------------------------------------
diff --git a/cs/ROM.cs b/cs/ROM.cs
deleted file mode 100644
index 2daf906..0000000
--- a/cs/ROM.cs
+++ /dev/null
@@ -1,434 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-public class ROM
-{
-/* Don't Modify from here... */
- public const int NOT_SPECIAL = 0;
- public const int PSEUDO_MERSENNE = 1;
- public const int MONTGOMERY_FRIENDLY = 2;
- public const int WEIERSTRASS = 0;
- public const int EDWARDS = 1;
- public const int MONTGOMERY = 2;
-/* ...to here */
-
-/// <summary>
-///* Enter Some Field details here ** </summary>
-// BN Curve
- public const int MODBITS = 254; // Number of bits in Modulus
- public const int MOD8 = 3; // Modulus mod 8
-// Curve 25519
-// public static final int MODBITS=255;
-// public static final int MOD8=5;
-// NIST256 or Brainpool
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MF254
-// public static final int MODBITS=254;
-// public static final int MOD8=7;
-// MS255
-//public static final int MODBITS= 255;
-//public static final int MOD8= 3;
-// MF256
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MS256
-//public static final int MODBITS= 256;
-//public static final int MOD8= 3;
-// ANSSI
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-
-/* Don't Modify from here... */
- public const int NLEN = 5;
- public const int CHUNK = 64;
- public static readonly int DNLEN = 2 * NLEN;
- public const int BASEBITS = 56;
- public static readonly long MASK = (((long)1 << BASEBITS) - 1);
- public static readonly int HBITS = BASEBITS / 2;
- public static readonly long HMASK = (((long)1 << HBITS) - 1);
- public const int MODBYTES = 32;
- public static readonly int NEXCESS = ((int)1 << (CHUNK - BASEBITS - 1));
- public static readonly long FEXCESS = ((long)1 << (BASEBITS * NLEN - MODBITS));
- public static readonly long OMASK = (long)(-1) << (MODBITS % BASEBITS);
- public static readonly int TBITS = MODBITS % BASEBITS; // Number of active bits in top word
- public static readonly long TMASK = ((long)1 << TBITS) - 1;
-/* ...to here */
-
-/* Finite field support - for RSA, DH etc. */
- public const int FF_BITS = 2048; // Finite Field Size in bits - must be 256.2^n
- public static readonly int FFLEN = (FF_BITS / 256);
- public static readonly int HFLEN = (FFLEN / 2); // Useful for half-size RSA private key operations
-
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-// public static final long MConst=0x13L;
-
-
-// NIST-256 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL};
-// public static final long MConst=0x1L;
-
-// MF254 Modulus
-// public static final int MODTYPE=MONTGOMERY_FRIENDLY;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-// public static final long MConst=0x3F810000L;
-
-// MS255 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFD03L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long MConst=0x2FDL;
-
-// MS256 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long MConst=0xBDL;
-
-// MF256 Modulus
-//public static final int MODTYPE= 2;
-//public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long MConst=0xFFA80000L;
-
-// Brainpool
-// public static final int MODTYPE= NOT_SPECIAL;
-// public static final long[] Modulus= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long MConst=0xA75590CEFD89B9L;
-
-// ANSSI
-// public static final int MODTYPE= 0;
-// public static final long[] Modulus= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long MConst=0x97483A164E1155L;
-
-// BNCX Curve Modulus
-public const int MODTYPE = NOT_SPECIAL;
-public static readonly long[] Modulus = new long[] {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
-public const long MConst = 0x4E205BF9789E85L;
-
-// BN Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-//public static final long MConst=0x435E50D79435E5L;
-
-// BNT Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0x9DBBFEEEB4A713L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-//public static final long MConst=0xC5A872D914C4E5L;
-
-// BNT2 Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0xB2DC2BB460A48BL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
-//public static final long MConst=0xFE6A47A6505CDDL;
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A = -1;
-// public static final long[] CURVE_B = {0xEB4DCA135978A3L,0xA4D4141D8AB75L,0x797779E8980070L,0x2B6FFE738CC740L,0x52036CEEL};
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x562D608F25D51AL,0xC7609525A7B2C9L,0x31FDD6DC5C692CL,0xCD6E53FEC0A4E2L,0x216936D3L};
-// public static final long[] CURVE_Gy ={0x66666666666658L,0x66666666666666L,0x66666666666666L,0x66666666666666L,0x66666666L};
-
-// Original Curve25519
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =486662;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x9L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// NIST-256 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xCE3C3E27D2604BL,0x6B0CC53B0F63BL,0x55769886BC651DL,0xAA3A93E7B3EBBDL,0x5AC635D8L};
-// public static final long[] CURVE_Order={0xB9CAC2FC632551L,0xFAADA7179E84F3L,0xFFFFFFFFFFBCE6L,0xFFFFFFL,0xFFFFFFFFL};
-// public static final long[] CURVE_Gx ={0xA13945D898C296L,0x7D812DEB33A0F4L,0xE563A440F27703L,0xE12C4247F8BCE6L,0x6B17D1F2L};
-// public static final long[] CURVE_Gy ={0xB6406837BF51F5L,0x33576B315ECECBL,0x4A7C0F9E162BCEL,0xFE1A7F9B8EE7EBL,0x4FE342E2L};
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFD08DL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Order={0xA419C4AF8DF83FL,0x8BEA0DA375C06FL,0xFFFFFFFFFFEB81L,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Gx ={0x2L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x65DF37F90D4EBCL,0x38E3F8511931ADL,0x75BD778AEBDFB7L,0x3B2E56014AE15AL,0x140E3FD3L};
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x367BL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x52D0FDAF2701E5L,0x9A840E3212187CL,0xD502363F4E3632L,0xD6A4C335951D00L,0x19F0E690L};
-
-// MF254 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-55790;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-// public static final long[] CURVE_Gx ={0x3L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS255 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFAB46L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Order={0x8FAC983C594AEBL,0x38283AD2B3DFABL,0xFFFFFFFFFF864AL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x33FF6769CB44BAL,0xC78CDDFDA60D17L,0xF9B2FF7D177DB6L,0xEDBA7833921EBFL,0x6F7A6AC0L};
-
-// MS255 Modulus, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0xEA97L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x2A255BD08736A0L,0x4B8AED445A45BAL,0xDD8E0C47E55291L,0x4A7BB545EC254CL,0x26CB7853L};
-
-// MS255 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-240222;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-// public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS256, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x25581L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xAB20294751A825L,0x8275EA265C6020L,0xFFFFFFFFFFE43CL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xF46306C2B56C77L,0x2F9375894EC10BL,0x6CCEEEDD6BD02CL,0xC1E466D7FC82C9L,0x696F1853L};
-
-// MS256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x3BEEL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-//public static final long[] CURVE_Gx ={0xDL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7F6FB5331CADBAL,0x6D63824D303F70L,0xB39FA046BFBE2AL,0x2A1276DBA3D330L,0x7D0AB41EL};
-
-// MS256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-61370;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-// public static final long[] CURVE_Gx ={0xbL,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MF256 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x14E6AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x10C5E1A79857EBL,0x7513E6E5074B9DL,0xFFFFFFFFFFFC51L,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7954C2B724D2AL,0x47EB8D94DC6610L,0x26123DAE289569L,0xBE1808CE7BABBAL,0x20887C87L};
-
-// MF256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x350AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xEAA722F2F3C908L,0x5E648DFEA68D7DL,0xF3DB2C1AACA0C0L,0xF8CC4D5AEAEBEEL,0xDAD8D4F8L};
-
-// MF256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-54314;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-// public static final long[] CURVE_Gx ={0x8L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-
-
-// Brainpool
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xE58101FEE92B04L,0xEBC4AF2F49256AL,0x733D0B76B7BF93L,0x30D84EA4FE66A7L,0x662C61C4L};
-// public static final long[] CURVE_Order={0x1E0E82974856A7L,0x7AA3B561A6F790L,0x909D838D718C39L,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long[] CURVE_Gx ={0xA191562E1305F4L,0x42C47AAFBC2B79L,0xB23A656149AFA1L,0xC1CFE7B7732213L,0xA3E8EB3CL};
-// public static final long[] CURVE_Gy ={0xABE8F35B25C9BEL,0xB6DE39D027001DL,0xE14644417E69BCL,0x3439C56D7F7B22L,0x2D996C82L};
-
-// ANSSI
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL};
-// public static final long[] CURVE_Order={0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long[] CURVE_Gx ={0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L};
-// public static final long[] CURVE_Gy ={0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L};
-
-// BNCX Curve
-
- public const int CURVETYPE = WEIERSTRASS;
- public const int CURVE_A = 0;
- public static readonly long[] CURVE_B = new long[] {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static readonly long[] CURVE_Order = new long[] {0x11C0A636EB1F6DL,0xD6EE0CC906CEBEL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L};
- public static readonly long[] CURVE_Bnx = new long[] {0x3C012B1L,0x40L,0x0L,0x0L,0x0L};
- public static readonly long[] CURVE_Cru = new long[] {0xE0931794235C97L,0xDF6471EF875631L,0xCA83F1440BDL,0x480000L,0x0L};
- public static readonly long[] CURVE_Fra = new long[] {0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL};
- public static readonly long[] CURVE_Frb = new long[] {0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L};
- public static readonly long[] CURVE_Pxa = new long[] {0x851CEEE4D2EC74L,0x85BFA03E2726C0L,0xF5C34BBB907CL,0x7053B256358B25L,0x19682D2CL};
- public static readonly long[] CURVE_Pxb = new long[] {0xA58E8B2E29CFE1L,0x97B0C209C30F47L,0x37A8E99743F81BL,0x3E19F64AA011C9L,0x1466B9ECL};
- public static readonly long[] CURVE_Pya = new long[] {0xFBFCEBCF0BE09FL,0xB33D847EC1B30CL,0x157DAEE2096361L,0x72332B8DD81E22L,0xA79EDD9L};
- public static readonly long[] CURVE_Pyb = new long[] {0x904B228898EE9DL,0x4EA569D2EDEBEDL,0x512D8D3461C286L,0xECC4C09035C6E4L,0x6160C39L};
- public static readonly long[] CURVE_Gx = new long[] {0x6623EF5C1B55B2L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
- public static readonly long[] CURVE_Gy = new long[] {0x1L,0x0L,0x0L,0x0L,0x0L};
- public static readonly long[][] CURVE_W = new long[][]
- {
- new long[] {0x546349162FEB83L,0xB40381200L,0x6000L,0x0L,0x0L},
- new long[] {0x7802561L,0x80L,0x0L,0x0L,0x0L}
- };
- public static readonly long[][][] CURVE_SB = new long[][][]
- {
- new long[][]
- {
- new long[] {0x5463491DB010E4L,0xB40381280L,0x6000L,0x0L,0x0L},
- new long[] {0x7802561L,0x80L,0x0L,0x0L,0x0L}
- },
- new long[][]
- {
- new long[] {0x7802561L,0x80L,0x0L,0x0L,0x0L},
- new long[] {0xBD5D5D20BB33EAL,0xD6EE0188CEBCBDL,0x647A6366D2643FL,0x8702A0DB0BDDFL,0x24000000L}
- }
- };
- public static readonly long[][] CURVE_WB = new long[][]
- {
- new long[] {0x1C2118567A84B0L,0x3C012B040L,0x2000L,0x0L,0x0L},
- new long[] {0xCDF995BE220475L,0x94EDA8CA7F9A36L,0x8702A0DC07EL,0x300000L,0x0L},
- new long[] {0x66FCCAE0F10B93L,0x4A76D4653FCD3BL,0x4381506E03FL,0x180000L,0x0L},
- new long[] {0x1C21185DFAAA11L,0x3C012B0C0L,0x2000L,0x0L,0x0L}
- };
- public static readonly long[][][] CURVE_BB = new long[][][]
- {
- new long[][]
- {
- new long[] {0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},
- new long[] {0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},
- new long[] {0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},
- new long[] {0x7802562L,0x80L,0x0L,0x0L,0x0L}
- },
- new long[][]
- {
- new long[] {0x7802561L,0x80L,0x0L,0x0L,0x0L},
- new long[] {0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},
- new long[] {0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},
- new long[] {0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L}
- },
- new long[][]
- {
- new long[] {0x7802562L,0x80L,0x0L,0x0L,0x0L},
- new long[] {0x7802561L,0x80L,0x0L,0x0L,0x0L},
- new long[] {0x7802561L,0x80L,0x0L,0x0L,0x0L},
- new long[] {0x7802561L,0x80L,0x0L,0x0L,0x0L}
- },
- new long[][]
- {
- new long[] {0x3C012B2L,0x40L,0x0L,0x0L,0x0L},
- new long[] {0xF004AC2L,0x100L,0x0L,0x0L,0x0L},
- new long[] {0x11C0A62F6AFA0AL,0xD6EE0CC906CE3EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},
- new long[] {0x3C012B2L,0x40L,0x0L,0x0L,0x0L}
- }
- };
-
- public const bool USE_GLV = true;
- public const bool USE_GS_G2 = true;
- public const bool USE_GS_GT = true;
- public const bool GT_STRONG = true;
-
-// BNT Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Order={0x75777E8D30210DL,0xD43492B2CB363AL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Bnx={0x806000004081L,0x40L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cru={0xEB53D5AB4FCD87L,0x82A5F2BAB11FADL,0x47651504C9764CL,0x4801B1L,0x0L};
-public static final long[] CURVE_Fra={0xF5D14EADC80022L,0x4904D6FACCE359L,0xF190A13211BE6CL,0xC9BBC4394F6509L,0x1328A292L};
-public static final long[] CURVE_Frb={0xA7EAB040ECA6F1L,0xC513DF997D764L,0x450657A3DEB01EL,0x9B5B3D15AAA6A1L,0x10D87E48L};
-public static final long[] CURVE_Pxa={0x8987E2288E65BBL,0xAD1CAA6313BEL,0x325041548B7CCCL,0x4C1339EBCC055L,0x14483FCDL};
-public static final long[] CURVE_Pxb={0x67888808DBE2C0L,0x7FE1F81E34853AL,0xA631A51B57B95L,0x384EC302DA3FC5L,0x87F46B3L};
-public static final long[] CURVE_Pya={0x202C47E020CA1DL,0xB4167E8399F36CL,0xC6E5439F72C94CL,0x102B0BD74A2C69L,0x14E8C29CL};
-public static final long[] CURVE_Pyb={0xD8437C716628F2L,0x27E167BCB7DC6BL,0xA82C7572681D0AL,0x62454BD1EDEC18L,0x17AFE2A4L};
-public static final long[] CURVE_Gx ={0x9DBBFEEEB4A712L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[][] CURVE_W={{0x26430061838403L,0x81218241998384L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}};
-public static final long[][][] CURVE_SB={{{0x2743C061840504L,0x81218241998404L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x4F347E2BAC9D0AL,0x5313107131B2B6L,0x3696F8D5EFAE87L,0x6517014EFA0BABL,0x240120DBL}}};
-public static final long[][] CURVE_WB={{0x6140602080C080L,0x806080C08880C1L,0x2000L,0x0L,0x0L},{0xB53904088C4A85L,0xAD2FA352DC6C36L,0xDA436358868EDEL,0x300120L,0x0L},{0x5ADCB204464583L,0x5697D1A96E363BL,0x6D21B1AC43476FL,0x180090L,0x0L},{0x62412020814181L,0x806080C0888141L,0x2000L,0x0L,0x0L}};
-public static final long[][][] CURVE_BB={{{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x100C000008102L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL}},{{0x100C000008102L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x806000004082L,0x40L,0x0L,0x0L,0x0L},{0x2018000010202L,0x100L,0x0L,0x0L,0x0L},{0x7476BE8D2FA00AL,0xD43492B2CB35BAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x806000004082L,0x40L,0x0L
,0x0L,0x0L}}};
-
-*/
-
-// BNT2 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0xFB71A511AA2BF5L,0x8DE127B73833D7L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Bnx={0x20100608205L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x5027444866BD33L,0x5B773016470EFBL,0xC3617BECF23675L,0x480006L,0x0L};
- public static final long[] CURVE_Fra={0xB268C973AEF062L,0xC69B33C3BCE492L,0xF67FA37F195BBCL,0x29E8CAB6BD0A41L,0x124E0B8DL};
- public static final long[] CURVE_Frb={0x736240B1B429L,0xCD48F52D196D56L,0x18BBE650E72612L,0x17268FF6FA43DEL,0x11B1F8F5L};
- public static final long[] CURVE_Pxa={0xCC92399F40A3C8L,0xCDA4E96611784AL,0x7B056961706B35L,0x9693C6318279D7L,0x16FC17CFL};
- public static final long[] CURVE_Pxb={0x557A8AD8549540L,0x6F7BE6F6510610L,0x565907A95D17DBL,0xBD5975909C8188L,0x1EB5B500L};
- public static final long[] CURVE_Pya={0x7BECC514220513L,0x4A78860E737B14L,0x51B83935F12684L,0x761422AA9D4DFAL,0x1E8EE498L};
- public static final long[] CURVE_Pyb={0xB9328F577CE78EL,0xB746E26FA5781FL,0xA93DBC1FB8E27EL,0xBAE33BDBA29D76L,0x23CEF4CDL};
- public static final long[] CURVE_Gx ={0xB2DC2BB460A48AL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0xB76282A1347083L,0x60301399E1D10L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0xB76684A1F5748CL,0x60301399E1D90L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x440F227075BB72L,0x87DE267D9A16C7L,0xF3B89CFFFC1CFL,0x410F5AADB74E20L,0x24000482L}}};
- public static final long[][] CURVE_WB={{0x9272D48A70A224L,0x20100688A0945L,0x2000L,0x0L,0x0L},{0x5A572CF030EF19L,0x9651763543721DL,0x8240FD48A1B9A3L,0x300004L,0x0L},{0xAD2C96F848B88FL,0xCB28BB1AA1B92EL,0x41207EA450DCD1L,0x180002L,0x0L},{0x9276D68B31A62DL,0x20100688A09C5L,0x2000L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L}},{{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x20100608206L,0x40L,0x0L,0x0L,0x0L},{0x80401820812L,0x100L,0x0L,0x0L,0x0L},{0xFB6DA310E927EAL,0x8DE127B7383357L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x20100608206L,0x40L,0x0L,0x0L,0x0L}}};
-*/
-
-// BN Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Order={0xDL,0x800000000010A1L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L};
-public static final long[] CURVE_Bnx={0x80000000000001L,0x40L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cru={0x80000000000007L,0x6CDL,0x40000000024909L,0x49B362L,0x0L};
-public static final long[] CURVE_Fra={0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L};
-public static final long[] CURVE_Frb={0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L};
-public static final long[] CURVE_Pxa={0xAB2C7935FD0CB4L,0xE319E4FCC57C2BL,0x24F6DF763B05A5L,0xF55EA7EA335FB7L,0x95B04D4L};
-public static final long[] CURVE_Pxb={0xA07D0790962455L,0x86BE3D27AA5E38L,0x89E05747F39D6DL,0xC08347B49D42BFL,0x5D4D8A7L};
-public static final long[] CURVE_Pya={0xADCE687A08A46CL,0x2B30E98A4191F9L,0x4C3784B1F16908L,0x25E5313FA16D1CL,0xABF2ABFL};
-public static final long[] CURVE_Pyb={0xDF88D405F306ECL,0x82076ADD13A0E6L,0x1E47819D6A5C04L,0xE679DABDB38627L,0x18769A87L};
-public static final long[] CURVE_Gx ={0x12L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[][] CURVE_W={{0x3L,0x80000000000204L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}};
-public static final long[][][] CURVE_SB={{{0x4L,0x80000000000285L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0xAL,0xE9DL,0x80000000079E1EL,0x40000001BA344DL,0x25236482L}}};
-public static final long[][] CURVE_WB={{0x80000000000000L,0x80000000000040L,0x2080L,0x0L,0x0L},{0x80000000000005L,0x54AL,0x8000000001C707L,0x312241L,0x0L},{0x80000000000003L,0x800000000002C5L,0xC000000000E383L,0x189120L,0x0L},{0x80000000000001L,0x800000000000C1L,0x2080L,0x0L,0x0L}};
-public static final long[][][] CURVE_BB={{{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x2L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L}},{{0x2L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x80000000000002L,0x40L,0x0L,0x0L,0x0L},{0x2L,0x102L,0x0L,0x0L,0x0L},{0xAL,0x80000000001020L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x80000000000002L,0x40L,0x0L,0x0L,0x0L}}};
-
-*/
-
-// public static boolean debug=false;
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/RSA.cs
----------------------------------------------------------------------
diff --git a/cs/RSA.cs b/cs/RSA.cs
deleted file mode 100644
index 20c7dcf..0000000
--- a/cs/RSA.cs
+++ /dev/null
@@ -1,443 +0,0 @@
-using System;
-
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-public sealed class rsa_private_key
-{
- public FF p, q, dp, dq, c;
-
- public rsa_private_key(int n)
- {
- p = new FF(n);
- q = new FF(n);
- dp = new FF(n);
- dq = new FF(n);
- c = new FF(n);
- }
-}
-
-public sealed class rsa_public_key
-{
- public int e;
- public FF n;
-
- public rsa_public_key(int m)
- {
- e = 0;
- n = new FF(m);
- }
-}
-
-public sealed class RSA
-{
-
- public static readonly int RFS = ROM.MODBYTES * ROM.FFLEN;
-
-/* generate an RSA key pair */
-
- public static void KEY_PAIR(RAND rng, int e, rsa_private_key PRIV, rsa_public_key PUB)
- { // IEEE1363 A16.11/A16.12 more or less
- int n = PUB.n.getlen() / 2;
- FF t = new FF(n);
- FF p1 = new FF(n);
- FF q1 = new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2) != 3)
- {
- PRIV.p.inc(1);
- }
- while (!FF.prime(PRIV.p,rng))
- {
- PRIV.p.inc(4);
- }
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e))
- {
- continue;
- }
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2) != 3)
- {
- PRIV.q.inc(1);
- }
- while (!FF.prime(PRIV.q,rng))
- {
- PRIV.q.inc(4);
- }
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e))
- {
- continue;
- }
-
- break;
- }
-
- PUB.n = FF.mul(PRIV.p,PRIV.q);
- PUB.e = e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity() == 0)
- {
- PRIV.dp.add(t);
- }
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity() == 0)
- {
- PRIV.dq.add(t);
- }
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
-
-/* Mask Generation Function */
-
- public static void MGF1(sbyte[] Z, int olen, sbyte[] K)
- {
- HASH H = new HASH();
- int hlen = HASH.len;
- sbyte[] B = new sbyte[hlen];
-
- int counter , cthreshold , k = 0;
- for (int i = 0;i < K.Length;i++)
- {
- K[i] = 0;
- }
-
- cthreshold = olen / hlen;
- if (olen % hlen != 0)
- {
- cthreshold++;
- }
- for (counter = 0;counter < cthreshold;counter++)
- {
- H.process_array(Z);
- H.process_num(counter);
- B = H.hash();
-
- if (k + hlen > olen)
- {
- for (int i = 0;i < olen % hlen;i++)
- {
- K[k++] = B[i];
- }
- }
- else
- {
- for (int i = 0;i < hlen;i++)
- {
- K[k++] = B[i];
- }
- }
- }
- }
-
- public static void printBinary(sbyte[] array)
- {
- int i;
- for (i = 0;i < array.Length;i++)
- {
- Console.Write("{0:x2}", array[i]);
- }
- Console.WriteLine();
- }
-
- /* OAEP Message Encoding for Encryption */
- public static sbyte[] OAEP_ENCODE(sbyte[] m, RAND rng, sbyte[] p)
- {
- int i , slen , olen = RFS - 1;
- int mlen = m.Length;
- int hlen, seedlen;
- sbyte[] f = new sbyte[RFS];
-
- HASH H = new HASH();
- hlen = HASH.len;
- sbyte[] SEED = new sbyte[hlen];
- seedlen = hlen;
- if (mlen > olen - hlen - seedlen - 1)
- {
- return new sbyte[0];
- }
-
- sbyte[] DBMASK = new sbyte[olen - seedlen];
-
- if (p != null)
- {
- H.process_array(p);
- }
- sbyte[] h = H.hash();
- for (i = 0;i < hlen;i++)
- {
- f[i] = h[i];
- }
-
- slen = olen - mlen - hlen - seedlen - 1;
-
- for (i = 0;i < slen;i++)
- {
- f[hlen + i] = 0;
- }
- f[hlen + slen] = 1;
- for (i = 0;i < mlen;i++)
- {
- f[hlen + slen + 1 + i] = m[i];
- }
-
- for (i = 0;i < seedlen;i++)
- {
- SEED[i] = (sbyte)rng.Byte;
- }
- MGF1(SEED,olen - seedlen,DBMASK);
-
- for (i = 0;i < olen - seedlen;i++)
- {
- DBMASK[i] ^= f[i];
- }
- MGF1(DBMASK,seedlen,f);
-
- for (i = 0;i < seedlen;i++)
- {
- f[i] ^= SEED[i];
- }
-
- for (i = 0;i < olen - seedlen;i++)
- {
- f[i + seedlen] = DBMASK[i];
- }
-
- /* pad to length RFS */
- int d = 1;
- for (i = RFS - 1;i >= d;i--)
- {
- f[i] = f[i - d];
- }
- for (i = d - 1;i >= 0;i--)
- {
- f[i] = 0;
- }
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- public static sbyte[] OAEP_DECODE(sbyte[] p, sbyte[] f)
- {
- int x, t;
- bool comp;
- int i , k , olen = RFS - 1;
- int hlen, seedlen;
-
- HASH H = new HASH();
- hlen = HASH.len;
- sbyte[] SEED = new sbyte[hlen];
- seedlen = hlen;
- sbyte[] CHASH = new sbyte[hlen];
-
- if (olen < seedlen + hlen + 1)
- {
- return new sbyte[0];
- }
- sbyte[] DBMASK = new sbyte[olen - seedlen];
- for (i = 0;i < olen - seedlen;i++)
- {
- DBMASK[i] = 0;
- }
-
- if (f.Length < RFS)
- {
- int d = RFS - f.Length;
- for (i = RFS - 1;i >= d;i--)
- {
- f[i] = f[i - d];
- }
- for (i = d - 1;i >= 0;i--)
- {
- f[i] = 0;
- }
-
- }
-
- if (p != null)
- {
- H.process_array(p);
- }
- sbyte[] h = H.hash();
- for (i = 0;i < hlen;i++)
- {
- CHASH[i] = h[i];
- }
-
- x = f[0];
-
- for (i = seedlen;i < olen;i++)
- {
- DBMASK[i - seedlen] = f[i + 1];
- }
-
- MGF1(DBMASK,seedlen,SEED);
- for (i = 0;i < seedlen;i++)
- {
- SEED[i] ^= f[i + 1];
- }
- MGF1(SEED,olen - seedlen,f);
- for (i = 0;i < olen - seedlen;i++)
- {
- DBMASK[i] ^= f[i];
- }
-
- comp = true;
- for (i = 0;i < hlen;i++)
- {
- if (CHASH[i] != DBMASK[i])
- {
- comp = false;
- }
- }
-
- for (i = 0;i < olen - seedlen - hlen;i++)
- {
- DBMASK[i] = DBMASK[i + hlen];
- }
-
- for (i = 0;i < hlen;i++)
- {
- SEED[i] = CHASH[i] = 0;
- }
-
- for (k = 0;;k++)
- {
- if (k >= olen - seedlen - hlen)
- {
- return new sbyte[0];
- }
- if (DBMASK[k] != 0)
- {
- break;
- }
- }
-
- t = DBMASK[k];
- if (!comp || x != 0 || t != 0x01)
- {
- for (i = 0;i < olen - seedlen;i++)
- {
- DBMASK[i] = 0;
- }
- return new sbyte[0];
- }
-
- sbyte[] r = new sbyte[olen - seedlen - hlen - k - 1];
-
- for (i = 0;i < olen - seedlen - hlen - k - 1;i++)
- {
- r[i] = DBMASK[i + k + 1];
- }
-
- for (i = 0;i < olen - seedlen;i++)
- {
- DBMASK[i] = 0;
- }
-
- return r;
- }
-
- /* destroy the Private Key structure */
- public static void PRIVATE_KEY_KILL(rsa_private_key PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
-
- /* RSA encryption with the public key */
- public static void ENCRYPT(rsa_public_key PUB, sbyte[] F, sbyte[] G)
- {
- int n = PUB.n.getlen();
- FF f = new FF(n);
-
- FF.fromBytes(f,F);
- f.power(PUB.e,PUB.n);
- f.toBytes(G);
- }
-
- /* RSA decryption with the private key */
- public static void DECRYPT(rsa_private_key PRIV, sbyte[] G, sbyte[] F)
- {
- int n = PRIV.p.getlen();
- FF g = new FF(2 * n);
-
- FF.fromBytes(g,G);
- FF jp = g.dmod(PRIV.p);
- FF jq = g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq) > 0)
- {
- jq.add(PRIV.q);
- }
- jq.sub(jp);
- jq.norm();
-
- FF t = FF.mul(PRIV.c,jq);
- jq = t.dmod(PRIV.q);
-
- t = FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/RectangularArrays.cs
----------------------------------------------------------------------
diff --git a/cs/RectangularArrays.cs b/cs/RectangularArrays.cs
deleted file mode 100644
index 976a070..0000000
--- a/cs/RectangularArrays.cs
+++ /dev/null
@@ -1,29 +0,0 @@
-//----------------------------------------------------------------------------------------
-// Copyright © 2007 - 2015 Tangible Software Solutions Inc.
-// This class can be used by anyone provided that the copyright notice remains intact.
-//
-// This class provides the logic to simulate Java rectangular arrays, which are jagged
-// arrays with inner arrays of the same length. A size of -1 indicates unknown length.
-//----------------------------------------------------------------------------------------
-internal static partial class RectangularArrays
-{
- internal static int[][] ReturnRectangularIntArray(int size1, int size2)
- {
- int[][] newArray;
- if (size1 > -1)
- {
- newArray = new int[size1][];
- if (size2 > -1)
- {
- for (int array1 = 0; array1 < size1; array1++)
- {
- newArray[array1] = new int[size2];
- }
- }
- }
- else
- newArray = null;
-
- return newArray;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/StringHelperClass.cs
----------------------------------------------------------------------
diff --git a/cs/StringHelperClass.cs b/cs/StringHelperClass.cs
deleted file mode 100644
index 3bcece0..0000000
--- a/cs/StringHelperClass.cs
+++ /dev/null
@@ -1,90 +0,0 @@
-//-------------------------------------------------------------------------------------------
-// Copyright © 2007 - 2015 Tangible Software Solutions Inc.
-// This class can be used by anyone provided that the copyright notice remains intact.
-//
-// This class is used to convert some aspects of the Java String class.
-//-------------------------------------------------------------------------------------------
-internal static class StringHelperClass
-{
- //----------------------------------------------------------------------------------
- // This method replaces the Java String.substring method when 'start' is a
- // method call or calculated value to ensure that 'start' is obtained just once.
- //----------------------------------------------------------------------------------
- internal static string SubstringSpecial(this string self, int start, int end)
- {
- return self.Substring(start, end - start);
- }
-
- //------------------------------------------------------------------------------------
- // This method is used to replace calls to the 2-arg Java String.startsWith method.
- //------------------------------------------------------------------------------------
- internal static bool StartsWith(this string self, string prefix, int toffset)
- {
- return self.IndexOf(prefix, toffset, System.StringComparison.Ordinal) == toffset;
- }
-
- //------------------------------------------------------------------------------
- // This method is used to replace most calls to the Java String.split method.
- //------------------------------------------------------------------------------
- internal static string[] Split(this string self, string regexDelimiter, bool trimTrailingEmptyStrings)
- {
- string[] splitArray = System.Text.RegularExpressions.Regex.Split(self, regexDelimiter);
-
- if (trimTrailingEmptyStrings)
- {
- if (splitArray.Length > 1)
- {
- for (int i = splitArray.Length; i > 0; i--)
- {
- if (splitArray[i - 1].Length > 0)
- {
- if (i < splitArray.Length)
- System.Array.Resize(ref splitArray, i);
-
- break;
- }
- }
- }
- }
-
- return splitArray;
- }
-
- //-----------------------------------------------------------------------------
- // These methods are used to replace calls to some Java String constructors.
- //-----------------------------------------------------------------------------
- internal static string NewString(sbyte[] bytes)
- {
- return NewString(bytes, 0, bytes.Length);
- }
- internal static string NewString(sbyte[] bytes, int index, int count)
- {
- return System.Text.Encoding.UTF8.GetString((byte[])(object)bytes, index, count);
- }
- internal static string NewString(sbyte[] bytes, string encoding)
- {
- return NewString(bytes, 0, bytes.Length, encoding);
- }
- internal static string NewString(sbyte[] bytes, int index, int count, string encoding)
- {
- return System.Text.Encoding.GetEncoding(encoding).GetString((byte[])(object)bytes, index, count);
- }
-
- //--------------------------------------------------------------------------------
- // These methods are used to replace calls to the Java String.getBytes methods.
- //--------------------------------------------------------------------------------
- internal static sbyte[] GetBytes(this string self)
- {
- return GetSBytesForEncoding(System.Text.Encoding.UTF8, self);
- }
- internal static sbyte[] GetBytes(this string self, string encoding)
- {
- return GetSBytesForEncoding(System.Text.Encoding.GetEncoding(encoding), self);
- }
- private static sbyte[] GetSBytesForEncoding(System.Text.Encoding encoding, string s)
- {
- sbyte[] sbytes = new sbyte[encoding.GetByteCount(s)];
- encoding.GetBytes(s, 0, s.Length, (byte[])(object)sbytes, 0);
- return sbytes;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/TestECDH.cs
----------------------------------------------------------------------
diff --git a/cs/TestECDH.cs b/cs/TestECDH.cs
deleted file mode 100644
index 216414d..0000000
--- a/cs/TestECDH.cs
+++ /dev/null
@@ -1,210 +0,0 @@
-using System;
-
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-public class TestECDH
-{
- public static void printBinary(sbyte[] array)
- {
- int i;
- for (i = 0;i < array.Length;i++)
- {
- Console.Write("{0:x2}", array[i]);
- }
- Console.WriteLine();
- }
-
- public static void Main(string[] args)
- {
- int i , j = 0, res ;
- int result;
- string pp = "M0ng00se";
-
- int EGS = ECDH.EGS;
- int EFS = ECDH.EFS;
- int EAS = AES.KS;
-
- sbyte[] S1 = new sbyte[EGS];
- sbyte[] W0 = new sbyte[2 * EFS + 1];
- sbyte[] W1 = new sbyte[2 * EFS + 1];
- sbyte[] Z0 = new sbyte[EFS];
- sbyte[] Z1 = new sbyte[EFS];
- sbyte[] RAW = new sbyte[100];
- sbyte[] SALT = new sbyte[8];
- sbyte[] P1 = new sbyte[3];
- sbyte[] P2 = new sbyte[4];
- sbyte[] V = new sbyte[2 * EFS + 1];
- sbyte[] M = new sbyte[17];
- sbyte[] T = new sbyte[12];
- sbyte[] CS = new sbyte[EGS];
- sbyte[] DS = new sbyte[EGS];
-
- RAND rng = new RAND();
-
- rng.clean();
- for (i = 0;i < 100;i++)
- {
- RAW[i] = (sbyte)(i);
- }
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i = 0;i < 8;i++)
- {
- SALT[i] = (sbyte)(i + 1); // set Salt
- }
-
- Console.WriteLine("Alice's Passphrase= " + pp);
- sbyte[] PW = pp.GetBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- sbyte[] S0 = ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- Console.Write("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- Console.Write("Alice's public key= 0x");
- printBinary(W0);
-
- res = ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res != 0)
- {
- Console.WriteLine("ECP Public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- Console.Write("Servers private key= 0x");
- printBinary(S1);
-
- Console.Write("Servers public key= 0x");
- printBinary(W1);
-
-
- res = ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res != 0)
- {
- Console.Write("ECP Public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- bool same = true;
- for (i = 0;i < EFS;i++)
- {
- if (Z0[i] != Z1[i])
- {
- same = false;
- }
- }
-
- if (!same)
- {
- Console.WriteLine("*** ECPSVDP-DH Failed");
- return;
- }
-
- sbyte[] KEY = ECDH.KDF1(Z0,EAS);
-
- Console.Write("Alice's DH Key= 0x");
- printBinary(KEY);
- Console.Write("Servers DH Key= 0x");
- printBinary(KEY);
-
- Console.WriteLine("Testing ECIES");
-
- P1[0] = 0x0;
- P1[1] = 0x1;
- P1[2] = 0x2;
- P2[0] = 0x0;
- P2[1] = 0x1;
- P2[2] = 0x2;
- P2[3] = 0x3;
-
- for (i = 0;i <= 16;i++)
- {
- M[i] = (sbyte)i;
- }
-
- sbyte[] C = ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T);
-
- Console.WriteLine("Ciphertext= ");
- Console.Write("V= 0x");
- printBinary(V);
- Console.Write("C= 0x");
- printBinary(C);
- Console.Write("T= 0x");
- printBinary(T);
-
-
- M = ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1);
- if (M.Length == 0)
- {
- Console.WriteLine("*** ECIES Decryption Failed\n");
- return;
- }
- else
- {
- Console.WriteLine("Decryption succeeded");
- }
-
- Console.Write("Message is 0x");
- printBinary(M);
-
- Console.WriteLine("Testing ECDSA");
-
- if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS) != 0)
- {
- Console.WriteLine("***ECDSA Signature Failed");
- return;
- }
- Console.WriteLine("Signature= ");
- Console.Write("C= 0x");
- printBinary(CS);
- Console.Write("D= 0x");
- printBinary(DS);
-
- if (ECDH.ECPVP_DSA(W0,M,CS,DS) != 0)
- {
- Console.WriteLine("***ECDSA Verification Failed");
- return;
- }
- else
- {
- Console.WriteLine("ECDSA Signature/Verification succeeded " + j);
- }
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/TestECM.cs
----------------------------------------------------------------------
diff --git a/cs/TestECM.cs b/cs/TestECM.cs
deleted file mode 100644
index d9c1eeb..0000000
--- a/cs/TestECM.cs
+++ /dev/null
@@ -1,141 +0,0 @@
-using System;
-
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH API Function only - for use with Montgomery curves */
-
-public class TestECM
-{
- public static void printBinary(sbyte[] array)
- {
- int i;
- for (i = 0;i < array.Length;i++)
- {
- Console.Write("{0:x2}", array[i]);
- }
- Console.WriteLine();
- }
-
- public static void Main(string[] args)
- {
- int i , j = 0, res ;
- int result;
- string pp = "M0ng00se";
-
- int EGS = ECDH.EGS;
- int EFS = ECDH.EFS;
- int EAS = AES.KS;
-
- sbyte[] S1 = new sbyte[EGS];
- sbyte[] W0 = new sbyte[2 * EFS + 1];
- sbyte[] W1 = new sbyte[2 * EFS + 1];
- sbyte[] Z0 = new sbyte[EFS];
- sbyte[] Z1 = new sbyte[EFS];
- sbyte[] RAW = new sbyte[100];
- sbyte[] SALT = new sbyte[8];
-
- RAND rng = new RAND();
-
- rng.clean();
- for (i = 0;i < 100;i++)
- {
- RAW[i] = (sbyte)(i);
- }
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i = 0;i < 8;i++)
- {
- SALT[i] = (sbyte)(i + 1); // set Salt
- }
-
- Console.WriteLine("Alice's Passphrase= " + pp);
- sbyte[] PW = pp.GetBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- sbyte[] S0 = ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- Console.Write("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- Console.Write("Alice's public key= 0x");
- printBinary(W0);
-
- res = ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res != 0)
- {
- Console.WriteLine("Alice's public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- Console.Write("Servers private key= 0x");
- printBinary(S1);
-
- Console.Write("Servers public key= 0x");
- printBinary(W1);
-
-
- res = ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res != 0)
- {
- Console.Write("Server's public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- bool same = true;
- for (i = 0;i < EFS;i++)
- {
- if (Z0[i] != Z1[i])
- {
- same = false;
- }
- }
-
- if (!same)
- {
- Console.WriteLine("*** ECPSVDP-DH Failed");
- return;
- }
-
- sbyte[] KEY = ECDH.KDF1(Z0,EAS);
-
- Console.Write("Alice's DH Key= 0x");
- printBinary(KEY);
- Console.Write("Servers DH Key= 0x");
- printBinary(KEY);
-
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/TestMPIN.cs
----------------------------------------------------------------------
diff --git a/cs/TestMPIN.cs b/cs/TestMPIN.cs
deleted file mode 100644
index e3eeb83..0000000
--- a/cs/TestMPIN.cs
+++ /dev/null
@@ -1,298 +0,0 @@
-using System;
-
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN API Functions */
-
-
-public class TestMPIN
-{
- internal static bool PERMITS = true;
- internal static bool PINERROR = true;
- internal static bool FULL = true;
- internal static bool SINGLE_PASS = false;
-
- internal static void printBinary(sbyte[] array)
- {
- int i;
- for (i = 0;i < array.Length;i++)
- {
- Console.Write("{0:x2}", array[i]);
- }
- Console.WriteLine();
- }
-
- public static void Main(string[] args)
- {
- RAND rng = new RAND();
- sbyte[] raw = new sbyte[100];
- for (int i = 0;i < 100;i++)
- {
- raw[i] = (sbyte)(i + 1);
- }
- rng.seed(100,raw);
-
- int EGS = MPIN.EGS;
- int EFS = MPIN.EFS;
- int G1S = 2 * EFS + 1; // Group 1 Size
- int G2S = 4 * EFS; // Group 2 Size
- int EAS = 16;
-
- sbyte[] S = new sbyte[EGS];
- sbyte[] SST = new sbyte[G2S];
- sbyte[] TOKEN = new sbyte[G1S];
- sbyte[] PERMIT = new sbyte[G1S];
- sbyte[] SEC = new sbyte[G1S];
- sbyte[] xID = new sbyte[G1S];
- sbyte[] xCID = new sbyte[G1S];
- sbyte[] X = new sbyte[EGS];
- sbyte[] Y = new sbyte[EGS];
- sbyte[] E = new sbyte[12 * EFS];
- sbyte[] F = new sbyte[12 * EFS];
- sbyte[] HID = new sbyte[G1S];
- sbyte[] HTID = new sbyte[G1S];
-
- sbyte[] G1 = new sbyte[12 * EFS];
- sbyte[] G2 = new sbyte[12 * EFS];
- sbyte[] R = new sbyte[EGS];
- sbyte[] Z = new sbyte[G1S];
- sbyte[] W = new sbyte[EGS];
- sbyte[] T = new sbyte[G1S];
- sbyte[] CK = new sbyte[EAS];
- sbyte[] SK = new sbyte[EAS];
-
-/* Trusted Authority set-up */
-
- MPIN.RANDOM_GENERATE(rng,S);
- Console.Write("Master Secret s: 0x");
- printBinary(S);
-
- /* Create Client Identity */
- string IDstr = "testUser@miracl.com";
- sbyte[] CLIENT_ID = IDstr.GetBytes();
-
- sbyte[] HCID = MPIN.HASH_ID(CLIENT_ID); // Either Client or TA calculates Hash(ID) - you decide!
-
- Console.Write("Client ID= ");
- printBinary(CLIENT_ID);
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- Console.Write("Server Secret SS: 0x");
- printBinary(SST);
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- Console.Write("Client Secret CS: 0x");
- printBinary(TOKEN);
-
-/* Client extracts PIN from secret to create Token */
- int pin = 1234;
- Console.WriteLine("Client extracts PIN= " + pin);
- int rtn = MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- {
- Console.WriteLine("FAILURE: EXTRACT_PIN rtn: " + rtn);
- }
-
- Console.Write("Client Token TK: 0x");
- printBinary(TOKEN);
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
- int date;
- if (PERMITS)
- {
- date = MPIN.today();
- Console.WriteLine("Date= "+date);
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT);
- Console.Write("Time Permit TP: 0x");
- printBinary(PERMIT);
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- Console.Write("Encoded Time Permit TP: 0x");
- printBinary(PERMIT);
- MPIN.DECODING(PERMIT);
- Console.Write("Decoded Time Permit TP: 0x");
- printBinary(PERMIT);
- }
- else
- {
- date = 0;
- }
-
- Console.Write("\nPIN= ");
-// Scanner scan = new Scanner(System.in);
-// pin = scan.Next();
-
- pin=int.Parse(Console.ReadLine());
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-IMPORTANT: To save space and time..
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
-
- sbyte[] pxID = xID;
- sbyte[] pxCID = xCID;
- sbyte[] pHID = HID;
- sbyte[] pHTID = HTID;
- sbyte[] pE = E;
- sbyte[] pF = F;
- sbyte[] pPERMIT = PERMIT;
- sbyte[] prHID;
-
- if (date != 0)
- {
-
- prHID = pHTID;
- if (!PINERROR)
- {
- pxID = null;
- pHID = null;
- }
- }
- else
- {
- prHID = pHID;
- pPERMIT = null;
- pxCID = null;
- pHTID = null;
- }
- if (!PINERROR)
- {
- pE = null;
- pF = null;
- }
-
- if (SINGLE_PASS)
- {
- Console.WriteLine("MPIN Single Pass");
- int timeValue = MPIN.GET_TIME();
- rtn = MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- if (rtn != 0)
- {
- Console.WriteLine("FAILURE: CLIENT rtn: " + rtn);
- }
-
- if (FULL)
- {
- HCID = MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); // Also Send Z=r.ID to Server, remember random r
- }
-
- rtn = MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- {
- Console.WriteLine("FAILURE: SERVER rtn: " + rtn);
- }
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); // Also send T=w.ID to client, remember random w
- }
- }
- else
- {
- Console.WriteLine("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn = MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- {
- Console.WriteLine("FAILURE: CLIENT_1 rtn: " + rtn);
- }
-
- if (FULL)
- {
- HCID = MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); // Also Send Z=r.ID to Server, remember random r
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); // Also send T=w.ID to client, remember random w
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn = MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- {
- Console.WriteLine("FAILURE: CLIENT_2 rtn: " + rtn);
- }
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn = MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- {
- Console.WriteLine("FAILURE: SERVER_1 rtn: " + rtn);
- }
- }
-
- if (rtn == MPIN.BAD_PIN)
- {
- Console.WriteLine("Server says - Bad Pin. I don't know you. Feck off.\n");
- if (PINERROR)
- {
- int err = MPIN.KANGAROO(E,F);
- if (err != 0)
- {
- Console.Write("(Client PIN is out by {0:D})\n",err);
- }
- }
- return;
- }
- else
- {
- Console.WriteLine("Server says - PIN is good! You really are " + IDstr);
- }
-
-
- if (FULL)
- {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- Console.Write("Client Key = 0x");
- printBinary(CK);
-
- MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK);
- Console.Write("Server Key = 0x");
- printBinary(SK);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/TestRSA.cs
----------------------------------------------------------------------
diff --git a/cs/TestRSA.cs b/cs/TestRSA.cs
deleted file mode 100644
index 07cd6f9..0000000
--- a/cs/TestRSA.cs
+++ /dev/null
@@ -1,72 +0,0 @@
-using System;
-
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-public class TestRSA
-{
-
- public static void Main(string[] args)
- {
- int i;
- int RFS = RSA.RFS;
-
- string message = "Hello World\n";
-
- rsa_public_key pub = new rsa_public_key(ROM.FFLEN);
- rsa_private_key priv = new rsa_private_key(ROM.HFLEN);
-
- sbyte[] ML = new sbyte[RFS];
- sbyte[] C = new sbyte[RFS];
- sbyte[] RAW = new sbyte[100];
-
- RAND rng = new RAND();
-
- rng.clean();
- for (i = 0;i < 100;i++)
- {
- RAW[i] = (sbyte)(i);
- }
-
- rng.seed(100,RAW);
-//for (i=0;i<10;i++)
-//{
- Console.WriteLine("Generating public/private key pair");
- RSA.KEY_PAIR(rng,65537,priv,pub);
-
- sbyte[] M = message.GetBytes();
- Console.Write("Encrypting test string\n");
- sbyte[] E = RSA.OAEP_ENCODE(M,rng,null); // OAEP encode message M to E
-
- RSA.ENCRYPT(pub,E,C); // encrypt encoded message
- Console.Write("Ciphertext= 0x");
- RSA.printBinary(C);
-
- Console.Write("Decrypting test string\n");
- RSA.DECRYPT(priv,C,ML);
- sbyte[] MS = RSA.OAEP_DECODE(null,ML); // OAEP decode message
-
- message = StringHelperClass.NewString(MS);
- Console.Write(message);
-//}
- RSA.PRIVATE_KEY_KILL(priv);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/readme.txt
----------------------------------------------------------------------
diff --git a/cs/readme.txt b/cs/readme.txt
deleted file mode 100644
index 14b81d0..0000000
--- a/cs/readme.txt
+++ /dev/null
@@ -1,30 +0,0 @@
-AMCL is very simple to build for C#.
-
-NOTE: The C# code was automatically generated from the Java64 code using
-the Java to C# Converter from Tangible Software Solutions. A few minor
-fix-ups were required.
-
-First - decide the modulus and curve type you want to use. Edit ROM.cs
-where indicated. You will probably want to use one of the curves whose
-details are already in there.
-
-Three example API files are provided, MPIN.cs which
-supports our M-Pin (tm) protocol, ECDH.cs which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.cs
-which supports the RSA method.
-
-In the ROM.cs file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-For a quick jumpstart:-
-
-csc TestMPIN.cs MPIN.cs FP.cs BIG.cs DBIG.cs AES.cs HASH.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs FP2.cs ECP2.cs FP4.cs FP12.cs PAIR.cs RectangularArrays.cs
-
-or
-
-csc TestECDH.cs ECDH.cs FP.cs BIG.cs DBIG.cs AES.cs HASH.cs RAND.cs ROM.cs StringHelperClass.cs ECP.cs
-
-or
-
-csc TestRSA.cs RSA.cs FF.cs BIG.cs DBIG.cs HASH.cs RAND.cs ROM.cs StringHelperClass.cs
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/data/icon.bmp
----------------------------------------------------------------------
diff --git a/data/icon.bmp b/data/icon.bmp
deleted file mode 100644
index 3e53971..0000000
Binary files a/data/icon.bmp and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/data/icon.ico
----------------------------------------------------------------------
diff --git a/data/icon.ico b/data/icon.ico
deleted file mode 100644
index 89dfae6..0000000
Binary files a/data/icon.ico and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/AMCL.dox
----------------------------------------------------------------------
diff --git a/docs/AMCL.dox b/docs/AMCL.dox
deleted file mode 100755
index 68f1fa8..0000000
--- a/docs/AMCL.dox
+++ /dev/null
@@ -1,266 +0,0 @@
-/*
- This file contains NO source code, just some documentation for doxygen to
- parse.
-*/
-
-/*!
- \mainpage Apache Milagro Crypto Library (AMCL)
-
- Read <a href="AMCL.pdf">AMCL.pdf</a> for an introduction to AMCL
-
- AMCL is provided in these languages;
-
-<ul type="disc">
- <li> C
- <li> JAVA
- <li> JavaScript
- <li> C#
- <li> Swift
- <li> GO
-</ul>
-
- There is also a Python wrapper provided that requires <a href="https://cffi.readthedocs.org/en/release-0.8/">CFFI</a>
-
- \section homepage Project page
- The official project page is hosted at
- <a href="http://www.miracl.com/index">MIRACL Products</a>
-
- \section license License
-
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-
- \section platforms Platforms
-
- The software can be compiled and installed for these operating systems;
-
-<ul type="disc">
- <li>Linux</li>
- <li>Windows</li>
- <li>Mac OS</li>
-</ul>
-
-
-
- \section downloads Downloads
-
- The source code is available from the GIT repository:
-
- git clone https://github.com/miracl/milagro-crypto
-
- \section installonmainpage Installation
-
- There are instructions for building for \ref linux, \ref mac and \ref windows.
-
-*/
-
-
-/*!
- \page linux Linux
-
-<h2>Software dependencies</h2>
-
-CMake is required to build the library and can usually be installed from
-the operating system package manager.
-
-<ul type="disc">
- <li>sudo apt-get install cmake</li>
-</ul>
-
-If not, then you can download it from www.cmake.org
-
-The C Foreign Function Interface for Python <a href="https://cffi.readthedocs.org/en/latest/">CFFI</a> module
-is also required if you wish to use the Python module.
-
-<ul type="disc">
- <li>sudo pip install cffi</li>
-</ul>
-
-In order to build the documentation <a href="http://www.stack.nl/~dimitri/doxygen/">doxygen</a> is required.
-
-<h2>Build Instructions</h2>
-
-<p>The default build is for 32 bit machines</p>
-
-<ol type="disc">
- <li>mkdir Release</li>
- <li>cd Release</li>
- <li>cmake ..</li>
- <li>make</li>
- <li>make test</li>
- <li>make doc</li>
- <li>sudo make install</li>
-</ol>
-
-<p>The build can be configured using by setting flags on the command line i.e.</p>
-
-<ol type="disc">
- <li>cmake -D CMAKE_INSTALL_PREFIX=/opt/amcl -D WORD_LENGTH=64 ..</li>
-</ol>
-
-<h2>Uninstall software</h2>
-
-<ul type="disc">
- <li>sudo make uninstall</li>
-</ul>
-
-<h2>Building an installer</h2>
-
-<p>After having built the libraries you can build a binary installer and a source distribution by running this command</p>
-
-<ul type="disc">
- <li>make package</li>
-</ul>
-
-*/
-
-
-
-
-/*!
- \page mac Mac OS
-
-<h2>Software dependencies</h2>
-
-Install <a href="http://brew.sh/">Homebrew</a>
-
-<ul type="disc">
- <li>ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"</li>
-</ul>
-
-Install <a href="http://www.cmake.org/download/">cmake</a>
-
-<ul type="disc">
- <li>brew install cmake</li>
-</ul>
-
-The C Foreign Function Interface for Python <a href="https://cffi.readthedocs.org/en/latest/">CFFI</a> module
-is also required if you wish to use the Python module.
-
-<ul type="disc">
- <li>brew install pkg-config libffi</li>
- <li>sudo pip install cffi</li>
-</ul>
-
-In order to build the documentation <a href="http://www.stack.nl/~dimitri/doxygen/">doxygen</a> is required.
-
-<ul type="disc">
- <li>brew install doxygen</li>
-</ul>
-
-<h2>Build Instructions</h2>
-
-<p>The default build is for 32 bit machines</p>
-
-<ol type="disc">
- <li>mkdir Release</li>
- <li>cd Release</li>
- <li>cmake ..</li>
- <li>make</li>
- <li>make test</li>
- <li>make doc</li>
- <li>sudo make install</li>
-</ol>
-
-<p>The build can be configured using by setting flags on the command line i.e.</p>
-
-<ol type="disc">
- <li>cmake -DWORD_LENGTH=64 ..</li>
-</ol>
-
-<h2>Uninstall software</h2>
-
-<ul type="disc">
- <li>sudo make uninstall</li>
-</ul>
-
-*/
-
-/*!
- \page windows Windows
-
-<h2>Software dependencies</h2>
-
-<p>Minimalist GNU for Windows <a href="http://www.mingw.org/">MinGW</a> provides the
-tool set used to build the library and should be installed. When the MinGW installer
-starts select the mingw32-base and mingw32-gcc-g++ components. From the menu select
-"Installation" -> "Apply Changes", then click "Apply". Finally add C:\\MinGW\\bin
-to the PATH variable.</p>
-
-<p>CMake is required to build the library and can be downloaded from www.cmake.org</p>
-
-<p>The C Foreign Function Interface for Python <a href="https://cffi.readthedocs.org/en/latest/">CFFI</a> module
-is also required, if you wish to use the Python module.</p>
-
-<ul type="disc">
- <li>pip install cffi</li>
-</ul>
-
-In order to build the documentation <a href="http://www.stack.nl/~dimitri/doxygen/">doxygen</a> is required.
-
-<h2>Build Instructions</h2>
-
-<p>Start a command prompt as an administrator</p>
-
-<p>The default build is for 32 bit machines</p>
-
-<ol type="disc">
- <li>mkdir Release</li>
- <li>cd Release</li>
- <li>cmake -G "MinGW Makefiles" ..</li>
- <li>mingw32-make</li>
- <li>mingw32-make test</li>
- <li>mingw32-make doc</li>
- <li>mingw32-make install</li>
-</ol>
-
-<p>
-
-Post install append the PATH system variable to point to the install ./lib.
-
-My Computer -> Properties -> Advanced > Environment Variables
-
-</p>
-
-
-<p>The build can be configured using by setting flags on the command line i.e.</p>
-
-<ol type="disc">
- <li>cmake -G "MinGW Makefiles" -DWORD_LENGTH=64 ..</li>
-</ol>
-
-<h2>Uninstall software</h2>
-
-<ul type="disc">
- <li>mingw32-make uninstall</li>
-</ul>
-
-<h2>Building an installer</h2>
-
-<p>After having built the libraries you can build a Windows installer using this command</p>
-
-<ul type="disc">
- <li>sudo mingw32-make package</li>
-</ul>
-
-<p>In order for this to work <a href="http://nsis.sourceforge.net/Download">NSSI</a> has
-to have been installed</p>
-
-*/
-
-
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/docs/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt
deleted file mode 100644
index 55efd99..0000000
--- a/docs/CMakeLists.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile.in ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile @ONLY)
-
-add_custom_target(doc
-${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile
-WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
-COMMENT "Generating documentation with Doxygen" VERBATIM)
-
-file(COPY ${PROJECT_SOURCE_DIR}/AMCL.pdf DESTINATION "${CMAKE_CURRENT_BINARY_DIR}/html/")
-
-
-
[44/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/rom.c
----------------------------------------------------------------------
diff --git a/c/rom.c b/c/rom.c
deleted file mode 100755
index 2b61c17..0000000
--- a/c/rom.c
+++ /dev/null
@@ -1,852 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL - ROM file */
-
-#include "amcl.h"
-
-/* Field and Curve Details */
-
-#if CHOICE==BN
-
-/* Nogami's fast curve */
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x15E5;
-const BIG Modulus={0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG CURVE_Order={0xD,0x0,0x0,0x0,0xA10,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x1,0x0,0x0,0x0,0x408};
-const BIG CURVE_Cru={0x7,0x0,0x0,0x0,0xCD8,0x3,0x0,0x0,0x900,0x1248,0x0,0x0,0x400,0x19B1,0x126};
-const BIG CURVE_Fra={0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36};
-const BIG CURVE_Frb={0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13};
-const BIG CURVE_Pxa={0xCB4,0xFE8,0x1E4D,0x1658,0x2BA,0x2BE,0x13F3,0x33C,0x5E3,0x182D,0x1D8E,0xDBE,0x124F,0xFDB,0x8CD,0x14FD,0x155E,0x6A7,0x16C1,0x12};
-const BIG CURVE_Pxb={0x455,0x4B1,0x1E4,0xFA,0x38A,0x152F,0x149E,0x17C7,0xD86,0x1CEB,0x11FC,0xAE,0x189E,0x15F,0x1275,0x8F6,0x83,0x53E,0x1536,0xB};
-const BIG CURVE_Pya={0x46C,0x1045,0x1A1E,0x1B9C,0x1F9A,0xC8,0x629,0x61D,0x82B,0xB48,0xC7C,0xF09,0x4C3,0x168E,0x1E85,0x627,0x5E5,0x15F9,0xFCA,0x15};
-const BIG CURVE_Pyb={0x6EC,0xF98,0x1501,0x1F11,0xE6D,0x9D0,0xB74,0xED,0x482,0x12E0,0x75A,0xF03,0x11E4,0x313,0x16CE,0x1B57,0x679,0x143F,0x1DA6,0x30};
-const BIG CURVE_Gx={0x12,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x3,0x0,0x0,0x0,0x40,0x1,0x0,0x0,0x180,0x30C},{0x1,0x0,0x0,0x0,0x810}};
-const BIG CURVE_SB[2][2]={{{0x4,0x0,0x0,0x0,0x850,0x1,0x0,0x0,0x180,0x30C},{0x1,0x0,0x0,0x0,0x810}},{{0x1,0x0,0x0,0x0,0x810},{0xA,0x0,0x0,0x0,0x9D0,0x7,0x0,0x0,0x1E00,0x1CF0,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}}};
-const BIG CURVE_WB[4]={{0x0,0x0,0x0,0x0,0x408,0x0,0x0,0x0,0x80,0x104},{0x5,0x0,0x0,0x0,0x14A8,0x2,0x0,0x0,0x700,0xE38,0x0,0x0,0x1800,0x1120,0xC4},{0x3,0x0,0x0,0x0,0xC58,0x1,0x0,0x0,0x380,0x71C,0x0,0x0,0xC00,0x890,0x62},{0x1,0x0,0x0,0x0,0xC18,0x0,0x0,0x0,0x80,0x104}};
-const BIG CURVE_BB[4][4]={{{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x810}},{{0x1,0x0,0x0,0x0,0x810},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}},{{0x2,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810}},{{0x2,0x0,0x0,0x0,0x408},{0x2,0x0,0x0,0x0,0x1020},{0xA,0x0,0x0,0x0,0x200,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x408}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x179435E5;
-const BIG Modulus={0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
-const BIG CURVE_Order={0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x1,0x4000000,0x10};
-const BIG CURVE_Cru={0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD};
-const BIG CURVE_Fra={0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776};
-const BIG CURVE_Frb={0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE};
-const BIG CURVE_Pxa={0x15FD0CB4,0x1D5963C9,0x1F315F0A,0xBC633C9,0x1763B05A,0x1B927B6F,0x1FA8CD7E,0x1A9EABD4,0x95B04};
-const BIG CURVE_Pxb={0x10962455,0x503E83C,0x9EA978E,0x1B0D7C7A,0x147F39D6,0x1FC4F02B,0x1ED2750A,0x14F81068,0x5D4D8};
-const BIG CURVE_Pya={0x1A08A46C,0xD6E7343,0x290647E,0x105661D3,0xB1F1690,0xE261BC2,0x4FE85B4,0x17E4BCA6,0xABF2A};
-const BIG CURVE_Pyb={0x5F306EC,0x16FC46A0,0x1744E839,0x9040ED5,0x19D6A5C0,0x138F23C0,0xAF6CE18,0x10FCCF3B,0x18769A};
-const BIG CURVE_Gx={0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x3,0x0,0x81,0x3000000,0x618},{0x1,0x8000000,0x20}};
-const BIG CURVE_SB[2][2]={{{0x4,0x8000000,0xA1,0x3000000,0x618},{0x1,0x8000000,0x20}},{{0x1,0x8000000,0x20},{0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364}}};
-const BIG CURVE_WB[4]={{0x0,0x4000000,0x10,0x1000000,0x208},{0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489},{0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244},{0x1,0xC000000,0x30,0x1000000,0x208}};
-const BIG CURVE_BB[4][4]={{{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x8000000,0x20}},{{0x1,0x8000000,0x20},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364}},{{0x2,0x8000000,0x20},{0x1,0x8000000,0x20},{0x1,0x8000000,0x20},{0x1,0x8000000,0x20}},{{0x2,0x4000000,0x10},{0x2,0x10000000,0x40},{0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x4000000,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0x435E50D79435E5;
-const BIG Modulus={0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482};
-const BIG CURVE_Order={0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x80000000000001,0x40};
-const BIG CURVE_Cru={0x80000000000007,0x6CD,0x40000000024909,0x49B362};
-const BIG CURVE_Fra={0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619};
-const BIG CURVE_Frb={0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69};
-const BIG CURVE_Pxa={0xAB2C7935FD0CB4,0xE319E4FCC57C2B,0x24F6DF763B05A5,0xF55EA7EA335FB7,0x95B04D4};
-const BIG CURVE_Pxb={0xA07D0790962455,0x86BE3D27AA5E38,0x89E05747F39D6D,0xC08347B49D42BF,0x5D4D8A7};
-const BIG CURVE_Pya={0xADCE687A08A46C,0x2B30E98A4191F9,0x4C3784B1F16908,0x25E5313FA16D1C,0xABF2ABF};
-const BIG CURVE_Pyb={0xDF88D405F306EC,0x82076ADD13A0E6,0x1E47819D6A5C04,0xE679DABDB38627,0x18769A87};
-const BIG CURVE_Gx={0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x3,0x80000000000204,0x6181},{0x1,0x81}};
-const BIG CURVE_SB[2][2]={{{0x4,0x80000000000285,0x6181},{0x1,0x81}},{{0x1,0x81},{0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482}}};
-const BIG CURVE_WB[4]={{0x80000000000000,0x80000000000040,0x2080},{0x80000000000005,0x54A,0x8000000001C707,0x312241},{0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120},{0x80000000000001,0x800000000000C1,0x2080}};
-const BIG CURVE_BB[4][4]={{{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x2,0x81}},{{0x1,0x81},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482}},{{0x2,0x81},{0x1,0x81},{0x1,0x81},{0x1,0x81}},{{0x80000000000002,0x40},{0x2,0x102},{0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x80000000000002,0x40}}};
-#endif
-
-#endif
-
-#if CHOICE==BNT
-
-/* GT-Strong BN curve */
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x4E5;
-const BIG Modulus={0x713,0x15A5,0x1FBB,0x1B77,0xBE9,0x125D,0x13D1,0xAC2,0xA55,0x374,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
-const BIG CURVE_Order={0x10D,0x981,0x1FA3,0xAEE,0x3A7,0x59B,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x81,0x2,0x1800,0x100,0x400};
-const BIG CURVE_Cru={0xD87,0x1A7E,0x156A,0x16A7,0x1ADE,0x188F,0xAEA,0x14BE,0xC82,0xBB2,0x132,0xA2A,0x1476,0xD8,0x120};
-const BIG CURVE_Fra={0x22,0xE40,0x13AB,0xBA2,0x159F,0x671,0x1BEB,0x9A,0xC49,0xDF3,0xC84,0x142,0x1F19,0x1284,0x53D,0x1887,0x9BB,0x1496,0xA28,0x26};
-const BIG CURVE_Frb={0x6F1,0x765,0xC10,0xFD5,0x164A,0xBEB,0x17E6,0xA27,0x1E0C,0x1580,0x8F7,0xCAF,0x1450,0x1350,0x16AA,0x7A2,0x1B5B,0x1244,0x161F,0x21};
-const BIG CURVE_Pxa={0x5BB,0x473,0x188A,0x130F,0x1BE8,0x1189,0x12A9,0x15A3,0xC00,0x1BE6,0x1522,0x82,0x1325,0x2A,0x1AF3,0x673,0x4C1,0x1E68,0x120F,0x28};
-const BIG CURVE_Pxb={0x2C0,0x6DF,0x202,0xF11,0x13A6,0x1A42,0x78,0x1C3F,0x157F,0xBDC,0x146D,0x634,0x10A6,0x1FE2,0xB68,0x1860,0x184E,0x1599,0x1FD1,0x10};
-const BIG CURVE_Pya={0xA1D,0x106,0x11F8,0x58,0x16C2,0xCF9,0x1A0E,0x2CF,0xCB4,0x164A,0x7DC,0xA87,0x1C6E,0x1634,0x1D28,0x17A,0x102B,0x14E0,0x1A30,0x29};
-const BIG CURVE_Pyb={0x8F2,0xB31,0x1F1C,0x1086,0x6BD,0x1BEE,0x1EF2,0x1C2C,0xA27,0xE8,0x1C9A,0x18EA,0xA82,0x160C,0x7B7,0x97A,0x245,0x1523,0xBF8,0x2F};
-const BIG CURVE_Gx={0x712,0x15A5,0x1FBB,0x1B77,0xBE9,0x125D,0x13D1,0xAC2,0xA55,0x374,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x403,0xC1C,0x18,0xC86,0x1842,0xCC1,0x906,0x430,0x181,0x300},{0x101,0x4,0x1000,0x201,0x800}};
-const BIG CURVE_SB[2][2]={{{0x504,0xC20,0x1018,0xE87,0x42,0xCC2,0x906,0x430,0x181,0x300},{0x101,0x4,0x1000,0x201,0x800}},{{0x101,0x4,0x1000,0x201,0x800},{0x1D0A,0x1D64,0x1F8A,0x1E68,0xB64,0x18D9,0x1C4,0x262,0x753,0x1D74,0x157B,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48}}};
-const BIG CURVE_WB[4]={{0x80,0x406,0x1808,0x280,0xC16,0x440,0x302,0xC10,0x80,0x100},{0xA85,0x462,0x102,0xA72,0x36B,0xE36,0xD4B,0x5F4,0x1EAD,0x1476,0x1621,0x6C6,0xDA4,0x90,0xC0},{0x583,0x232,0xC81,0x15B9,0x3B5,0x171B,0x6A5,0x12FA,0xF56,0x1A3B,0xB10,0x363,0x6D2,0x48,0x60},{0x181,0x40A,0x808,0x482,0x1416,0x440,0x302,0xC10,0x80,0x100}};
-const BIG CURVE_BB[4][4]={{{0x8D,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x102,0x4,0x1000,0x201,0x800}},{{0x101,0x4,0x1000,0x201,0x800},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8D,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48}},{{0x102,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800}},{{0x82,0x2,0x1800,0x100,0x400},{0x202,0x8,0x0,0x403,0
x1000},{0xA,0x97D,0xFA3,0x8ED,0x1BA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x82,0x2,0x1800,0x100,0x400}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x1914C4E5;
-const BIG Modulus={0xEB4A713,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-const BIG CURVE_Order={0xD30210D,0x13ABBBF4,0xCB2CD8E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x4081,0x40300,0x10};
-const BIG CURVE_Cru={0xB4FCD87,0xF5A9EAD,0xEAC47EB,0x19054BE5,0x104C9764,0x18A3B28A,0x12006};
-const BIG CURVE_Fra={0xDC80022,0xFAE8A75,0x1EB338D6,0x189209AD,0x13211BE6,0x4F8C850,0x10E53D94,0x12593778,0x1328A2};
-const BIG CURVE_Frb={0xECA6F1,0x53F5582,0x1E65F5D9,0x1C18A27B,0x1A3DEB01,0x10A2832B,0x1456AA9A,0x9136B67,0x10D87E};
-const BIG CURVE_Pxa={0x88E65BB,0x144C3F11,0xA98C4EF,0x18015A39,0x1548B7CC,0xA992820,0xE7AF301,0x19A09826,0x14483F};
-const BIG CURVE_Pxb={0x8DBE2C0,0x133C4440,0x78D214E,0xAFFC3F0,0x51B57B9,0x285318D,0xC0B68FF,0x166709D8,0x87F46};
-const BIG CURVE_Pya={0x20CA1D,0x101623F,0xE67CDB,0x19682CFD,0x19F72C94,0x14E372A1,0xF5D28B1,0x13820561,0x14E8C2};
-const BIG CURVE_Pyb={0x116628F2,0x1EC21BE3,0xF2DF71A,0x144FC2CF,0x172681D0,0xC54163A,0xF47B7B0,0x148C48A9,0x17AFE2};
-const BIG CURVE_Gx={0xEB4A712,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x1838403,0x1321803,0x106660E1,0x3024304,0x600},{0x8101,0x80600,0x20}};
-const BIG CURVE_SB[2][2]={{{0x1840504,0x13A1E03,0x10666101,0x3024304,0x600},{0x8101,0x80600,0x20}},{{0x8101,0x80600,0x20},{0xBAC9D0A,0x1279A3F1,0x1C4C6CAD,0xEA62620,0xD5EFAE8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}}};
-const BIG CURVE_WB[4]={{0x80C080,0xB0A0301,0x10222030,0x100C101,0x200},{0x88C4A85,0x15A9C820,0x14B71B0D,0x1D5A5F46,0x158868ED,0x106D21B1,0xC004},{0x4464583,0x1AD6E590,0xA5B8D8E,0x1EAD2FA3,0x1AC43476,0x83690D8,0x6002},{0x814181,0xB120901,0x10222050,0x100C101,0x200}};
-const BIG CURVE_BB[4][4]={{{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x8102,0x80600,0x20}},{{0x8101,0x80600,0x20},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}},{{0x8102,0x80600,0x20},{0x8101,0x80600,0x20},{0x8101,0x80600,0x20},{0x8101,0x80600,0x20}},{{0x4082,0x40300,0x10},{0x10202,0x100C00,0x40},{0xD2FA00A,0x13A3B5F4,0xCB2CD6E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x4082,0x40300,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0xC5A872D914C4E5;
-const BIG Modulus={0x9DBBFEEEB4A713,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB};
-const BIG CURVE_Order={0x75777E8D30210D,0xD43492B2CB363A,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x806000004081,0x40};
-const BIG CURVE_Cru={0xEB53D5AB4FCD87,0x82A5F2BAB11FAD,0x47651504C9764C,0x4801B1};
-const BIG CURVE_Fra={0xF5D14EADC80022,0x4904D6FACCE359,0xF190A13211BE6C,0xC9BBC4394F6509,0x1328A292};
-const BIG CURVE_Frb={0xA7EAB040ECA6F1,0xC513DF997D764,0x450657A3DEB01E,0x9B5B3D15AAA6A1,0x10D87E48};
-const BIG CURVE_Pxa={0x8987E2288E65BB,0xAD1CAA6313BE,0x325041548B7CCC,0x4C1339EBCC055,0x14483FCD};
-const BIG CURVE_Pxb={0x67888808DBE2C0,0x7FE1F81E34853A,0xA631A51B57B95,0x384EC302DA3FC5,0x87F46B3};
-const BIG CURVE_Pya={0x202C47E020CA1D,0xB4167E8399F36C,0xC6E5439F72C94C,0x102B0BD74A2C69,0x14E8C29C};
-const BIG CURVE_Pyb={0xD8437C716628F2,0x27E167BCB7DC6B,0xA82C7572681D0A,0x62454BD1EDEC18,0x17AFE2A4};
-const BIG CURVE_Gx={0x9DBBFEEEB4A712,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x26430061838403,0x81218241998384,0x6001},{0x100C000008101,0x80}};
-const BIG CURVE_SB[2][2]={{{0x2743C061840504,0x81218241998404,0x6001},{0x100C000008101,0x80}},{{0x100C000008101,0x80},{0x4F347E2BAC9D0A,0x5313107131B2B6,0x3696F8D5EFAE87,0x6517014EFA0BAB,0x240120DB}}};
-const BIG CURVE_WB[4]={{0x6140602080C080,0x806080C08880C1,0x2000},{0xB53904088C4A85,0xAD2FA352DC6C36,0xDA436358868EDE,0x300120},{0x5ADCB204464583,0x5697D1A96E363B,0x6D21B1AC43476F,0x180090},{0x62412020814181,0x806080C0888141,0x2000}};
-const BIG CURVE_BB[4][4]={{{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x100C000008102,0x80}},{{0x100C000008101,0x80},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}},{{0x100C000008102,0x80},{0x100C000008101,0x80},{0x100C000008101,0x80},{0x100C000008101,0x80}},{{0x806000004082,0x40},{0x2018000010202,0x100},{0x7476BE8D2FA00A,0xD43492B2CB35BA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x806000004082,0x40}}};
-#endif
-
-#endif
-
-#if CHOICE==BNT2
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x1CDD;
-const BIG Modulus={0x48B,0x305,0xAED,0x5B8,0x1E8B,0xB28,0x3C3,0x1C85,0xF93,0x40E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
-const BIG CURVE_Order={0xBF5,0xD51,0x944,0x16E3,0x1D7F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x205,0x304,0x40,0x4,0x400};
-const BIG CURVE_Cru={0x1D33,0x335,0x1112,0x4E,0xFB5,0x387,0x59,0xEE6,0x155B,0x11B3,0x1B3C,0x2F7,0xC36,0x3,0x120};
-const BIG CURVE_Fra={0x1062,0x1D77,0x125C,0x4D1,0x92B,0x1E72,0xF0E,0x1366,0x1CC6,0xADD,0x1FC6,0x1F46,0x1F67,0x520,0x1AF4,0x1956,0x9E8,0x1C69,0x1382,0x24};
-const BIG CURVE_Frb={0x1429,0x58D,0x1890,0xE6,0x1560,0xCB6,0x14B4,0x91E,0x12CD,0x1930,0x1439,0x17CC,0x18B,0x1EF,0x1BE9,0x11FE,0x1726,0x7A8,0xC7E,0x23};
-const BIG CURVE_Pxa={0x3C8,0x1A05,0xE67,0x1924,0x4AC,0x8BC,0x598,0x149D,0x15CD,0x359,0x185C,0xAD2,0x17B0,0x1CEB,0x609,0x18C6,0x1693,0x1E7C,0x1F05,0x2D};
-const BIG CURVE_Pxb={0x1540,0x2A4,0x2B6,0xAF5,0x105,0x883,0x1BD9,0xF7C,0x1B6F,0x8BE,0xA57,0x120F,0x565,0xC4,0x272,0xEB2,0x1D59,0x805,0xD6D,0x3D};
-const BIG CURVE_Pya={0x513,0x110,0x1145,0x17D9,0x1147,0x19BD,0x1839,0xF10,0x44A,0x934,0xD7C,0x1072,0x51B,0x6FD,0xA75,0x455,0x1614,0x4C3,0x3B9,0x3D};
-const BIG CURVE_Pyb={0x78E,0x1BE7,0x3D5,0x1265,0x1FB,0x12BC,0x9BE,0x8DC,0x1EB7,0x713,0x7EE,0x1B78,0xA93,0xEBB,0xE8A,0x77B,0x1AE3,0x66D,0x13BD,0x47};
-const BIG CURVE_Gx={0x48A,0x305,0xAED,0x5B8,0x1E8B,0xB28,0x3C3,0x1C85,0xF93,0x40E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x1083,0x9A3,0xA8,0xEC5,0x110B,0xF0E,0x4E6,0x60,0x6,0x300},{0x409,0x608,0x80,0x8,0x800}};
-const BIG CURVE_SB[2][2]={{{0x148C,0xFAB,0x128,0xECD,0x190B,0xF0E,0x4E6,0x60,0x6,0x300},{0x409,0x608,0x80,0x8,0x800}},{{0x409,0x608,0x80,0x8,0x800},{0x1B72,0x3AD,0x89C,0x81E,0xC74,0xD0B,0x19F6,0x1BC4,0xF87,0x1E0E,0x13FF,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48}}};
-const BIG CURVE_WB[4]={{0x224,0x1385,0x1522,0x4E5,0x1459,0x504,0x1A2,0x20,0x2,0x100},{0xF19,0x187,0xB3C,0x14AE,0x1D5,0x1B9,0x18D5,0xA2E,0x396,0xDCD,0x1228,0x1FA,0x824,0x2,0xC0},{0x188F,0x245,0x5BE,0x1A59,0x12EA,0x10DC,0xC6A,0x517,0x11CB,0x6E6,0x914,0xFD,0x412,0x1,0x60},{0x62D,0x198D,0x15A2,0x4ED,0x1C59,0x504,0x1A2,0x20,0x2,0x100}};
-const BIG CURVE_BB[4][4]={{{0x9F1,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x40A,0x608,0x80,0x8,0x800}},{{0x409,0x608,0x80,0x8,0x800},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F1,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48}},{{0x40A,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800}},{{0x206,0x304,0x40,0x4,0x400},{0x81
2,0xC10,0x100,0x10,0x1000},{0x7EA,0x749,0x8C4,0x16DB,0x157F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x206,0x304,0x40,0x4,0x400}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x6505CDD;
-const BIG Modulus={0x1460A48B,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-const BIG CURVE_Order={0x11AA2BF5,0x1FDB8D28,0xDCE0CF5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x608205,0x1008,0x10};
-const BIG CURVE_Cru={0x866BD33,0x1A813A22,0x591C3BE,0xAB6EE60,0x1ECF2367,0x361B0BD,0x12000};
-const BIG CURVE_Fra={0x13AEF062,0x1593464B,0x10EF3924,0x198D3667,0x17F195BB,0xFB3FD1,0xADAF429,0x11A53D19,0x124E0B};
-const BIG CURVE_Frb={0xB1B429,0x10039B12,0xB465B55,0x59A91EA,0x50E7261,0xF0C5DF3,0x1FDBE90F,0x1EA2E4D1,0x11B1F8};
-const BIG CURVE_Pxa={0x1F40A3C8,0x166491CC,0x19845E12,0xB9B49D2,0x161706B3,0xBBD82B4,0x18C609E7,0x19F2D278,0x16FC17};
-const BIG CURVE_Pxb={0x18549540,0x2ABD456,0x1D944184,0x16DEF7CD,0x1A95D17D,0x42B2C83,0x16427206,0x17AB2E,0x1EB5B5};
-const BIG CURVE_Pya={0x14220513,0x3DF6628,0x39CDEC5,0x894F10C,0x135F1268,0x1D28DC1C,0xAAA7537,0x130EC284,0x1E8EE4};
-const BIG CURVE_Pyb={0x177CE78E,0x1DC9947A,0x1BE95E07,0x1D6E8DC4,0x1FB8E27,0x1B549EDE,0xF6E8A75,0x19B75C67,0x23CEF4};
-const BIG CURVE_Gx={0x1460A48A,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x1347083,0x5BB1415,0xE678744,0xC0602,0x600},{0xC10409,0x2010,0x20}};
-const BIG CURVE_SB[2][2]={{{0x1F5748C,0x5BB3425,0xE678764,0xC0602,0x600},{0xC10409,0x2010,0x20}},{{0xC10409,0x2010,0x20},{0x1075BB72,0x1A207913,0x1F6685B1,0x1F0FBC4C,0x1CFFFC1C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}}};
-const BIG CURVE_WB[4]={{0xA70A224,0xC9396A4,0x1A228251,0x40200,0x200},{0x1030EF19,0xAD2B967,0xD50DC87,0x72CA2EC,0x148A1B9A,0x241207E,0xC000},{0x1848B88F,0x156964B7,0x6A86E4B,0x3965176,0xA450DCD,0x120903F,0x6000},{0xB31A62D,0xC93B6B4,0x1A228271,0x40200,0x200}};
-const BIG CURVE_BB[4][4]={{{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0xC1040A,0x2010,0x20}},{{0xC10409,0x2010,0x20},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}},{{0xC1040A,0x2010,0x20},{0xC10409,0x2010,0x20},{0xC10409,0x2010,0x20},{0xC10409,0x2010,0x20}},{{0x608206,0x1008,0x10},{0x1820812,0x4020,0x40},{0x10E927EA,0x1FDB6D18,0xDCE0CD5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x608206,0x1008,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0xFE6A47A6505CDD;
-const BIG Modulus={0xB2DC2BB460A48B,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482};
-const BIG CURVE_Order={0xFB71A511AA2BF5,0x8DE127B73833D7,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x20100608205,0x40};
-const BIG CURVE_Cru={0x5027444866BD33,0x5B773016470EFB,0xC3617BECF23675,0x480006};
-const BIG CURVE_Fra={0xB268C973AEF062,0xC69B33C3BCE492,0xF67FA37F195BBC,0x29E8CAB6BD0A41,0x124E0B8D};
-const BIG CURVE_Frb={0x736240B1B429,0xCD48F52D196D56,0x18BBE650E72612,0x17268FF6FA43DE,0x11B1F8F5};
-const BIG CURVE_Pxa={0xCC92399F40A3C8,0xCDA4E96611784A,0x7B056961706B35,0x9693C6318279D7,0x16FC17CF};
-const BIG CURVE_Pxb={0x557A8AD8549540,0x6F7BE6F6510610,0x565907A95D17DB,0xBD5975909C8188,0x1EB5B500};
-const BIG CURVE_Pya={0x7BECC514220513,0x4A78860E737B14,0x51B83935F12684,0x761422AA9D4DFA,0x1E8EE498};
-const BIG CURVE_Pyb={0xB9328F577CE78E,0xB746E26FA5781F,0xA93DBC1FB8E27E,0xBAE33BDBA29D76,0x23CEF4CD};
-const BIG CURVE_Gx={0xB2DC2BB460A48A,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0xB76282A1347083,0x60301399E1D10,0x6000},{0x40200C10409,0x80}};
-const BIG CURVE_SB[2][2]={{{0xB76684A1F5748C,0x60301399E1D90,0x6000},{0x40200C10409,0x80}},{{0x40200C10409,0x80},{0x440F227075BB72,0x87DE267D9A16C7,0xF3B89CFFFC1CF,0x410F5AADB74E20,0x24000482}}};
-const BIG CURVE_WB[4]={{0x9272D48A70A224,0x20100688A0945,0x2000},{0x5A572CF030EF19,0x9651763543721D,0x8240FD48A1B9A3,0x300004},{0xAD2C96F848B88F,0xCB28BB1AA1B92E,0x41207EA450DCD1,0x180002},{0x9276D68B31A62D,0x20100688A09C5,0x2000}};
-const BIG CURVE_BB[4][4]={{{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x40200C1040A,0x80}},{{0x40200C10409,0x80},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}},{{0x40200C1040A,0x80},{0x40200C10409,0x80},{0x40200C10409,0x80},{0x40200C10409,0x80}},{{0x20100608206,0x40},{0x80401820812,0x100},{0xFB6DA310E927EA,0x8DE127B7383357,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x20100608206,0x40}}};
-#endif
-
-
-#endif
-
-#if CHOICE==BNCX
-
-/* MIRACL BN Curve */
-
-const int CURVE_A=0;
-#if CHUNK==16
-
-const chunk MConst=0x1E85;
-const BIG Modulus={0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG CURVE_Order={0x1F6D,0x1758,0x98D,0x381,0xBE1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x12B1,0x1E00,0x0,0x0,0x400};
-const BIG CURVE_Cru={0x1C97,0x11A,0x5E5,0x126,0x31E,0x3AB,0x7BE,0xC8E,0x1DDF,0x205,0xFC5,0x1950,0x0,0x0,0x120};
-const BIG CURVE_Fra={0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26};
-const BIG CURVE_Frb={0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21};
-const BIG CURVE_Pxa={0xC74,0x697,0x1BB9,0xA39,0xC08,0x1393,0xF8,0x17F4,0x1C85,0x1C83,0x12EE,0xB86,0x100F,0x592,0x18D6,0x164A,0x1053,0x963,0x1A0B,0x32};
-const BIG CURVE_Pxb={0xFE1,0x114E,0x2CB,0xB1D,0x147A,0x187,0x827,0x1618,0x1B97,0x1FC0,0x5D0,0x11D3,0x137A,0x8E4,0xA80,0x1EC9,0x1E19,0xF61,0x19AE,0x28};
-const BIG CURVE_Pya={0x9F,0x185F,0x1AF3,0x17F9,0x10CF,0xD9,0x11FB,0x7B0,0x1B3,0xB1B,0x1882,0x1B5D,0x157,0xF11,0x1760,0x571,0x1233,0xECB,0x1E7B,0x14};
-const BIG CURVE_Pyb={0xE9D,0x4C7,0x8A2,0x96,0x1ED9,0x16F5,0x74B,0x14AD,0x64E,0xE14,0xD18,0x1B1A,0x512,0x372,0xD7,0x1812,0xCC4,0x1CF,0x583,0xC};
-const BIG CURVE_Gx={0x15B2,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0xB83,0x117F,0x1245,0x8C6,0x5,0x1C09,0xD00,0x1,0x0,0x300},{0x561,0x1C01,0x1,0x0,0x800}};
-const BIG CURVE_SB[2][2]={{{0x10E4,0xD80,0x1247,0x8C6,0x805,0x1C09,0xD00,0x1,0x0,0x300},{0x561,0x1C01,0x1,0x0,0x800}},{{0x561,0x1C01,0x1,0x0,0x800},{0x13EA,0x5D9,0x1748,0x1ABA,0xBDB,0x75E,0x623,0x1DC0,0x1FD6,0x1321,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}}};
-const BIG CURVE_WB[4]={{0x4B0,0x13D4,0x615,0x1842,0x401,0x958,0xF00,0x0,0x0,0x100},{0x475,0x1110,0x56F,0x1BF3,0x36C,0x1FCD,0x329,0x1DB5,0x1E94,0xE03,0xA83,0x10E0,0x0,0x0,0xC0},{0xB93,0x788,0x12B8,0xDF9,0x13B6,0x1FE6,0x1194,0xEDA,0x1F4A,0x1701,0x541,0x870,0x0,0x0,0x60},{0xA11,0xFD5,0x617,0x1842,0xC01,0x958,0xF00,0x0,0x0,0x100}};
-const BIG CURVE_BB[4][4]={{{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x562,0x1C01,0x1,0x0,0x800}},{{0x561,0x1C01,0x1,0x0,0x800},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}},{{0x562,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800}},{{0x12B2,0x1E00,0x0,0x0,0x400
},{0xAC2,0x1802,0x3,0x0,0x1000},{0x1A0A,0x1B57,0x98B,0x381,0x3E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x12B2,0x1E00,0x0,0x0,0x400}}};
-#endif
-
-#if CHUNK==32
-
-const chunk MConst=0x19789E85;
-const BIG Modulus={0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
-const BIG CURVE_Order={0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x3C012B1,0x0,0x10};
-const BIG CURVE_Cru={0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000};
-const BIG CURVE_Fra={0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908};
-const BIG CURVE_Frb={0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7};
-const BIG CURVE_Pxa={0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D};
-const BIG CURVE_Pxb={0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9};
-const BIG CURVE_Pya={0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED};
-const BIG CURVE_Pyb={0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C};
-const BIG CURVE_Gx={0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600},{0x7802561,0x0,0x20}};
-const BIG CURVE_SB[2][2]={{{0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600},{0x7802561,0x0,0x20}},{{0x7802561,0x0,0x20},{0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000}}};
-const BIG CURVE_WB[4]={{0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200},{0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000},{0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000},{0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200}};
-const BIG CURVE_BB[4][4]={{{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x7802562,0x0,0x20}},{{0x7802561,0x0,0x20},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000}},{{0x7802562,0x0,0x20},{0x7802561,0x0,0x20},{0x7802561,0x0,0x20},{0x7802561,0x0,0x20}},{{0x3C012B2,0x0,0x10},{0xF004AC2,0x0,0x40},{0xF6AFA0A,0x108E0531,0x1241B38F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x3C012B2,0x0,0x10}}};
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=0x4E205BF9789E85;
-const BIG Modulus={0x6623EF5C1B55B3,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000};
-const BIG CURVE_Order={0x11C0A636EB1F6D,0xD6EE0CC906CEBE,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000};
-const BIG CURVE_B={0x2};
-const BIG CURVE_Bnx={0x3C012B1,0x40};
-const BIG CURVE_Cru={0xE0931794235C97,0xDF6471EF875631,0xCA83F1440BD,0x480000};
-const BIG CURVE_Fra={0xD9083355C80EA3,0x7326F173F8215B,0x8AACA718986867,0xA63A0164AFE18B,0x1359082F};
-const BIG CURVE_Frb={0x8D1BBC06534710,0x63C7269546C062,0xD9CDBC4E3ABBD8,0x623628A900DC53,0x10A6F7D0};
-const BIG CURVE_Pxa={0x851CEEE4D2EC74,0x85BFA03E2726C0,0xF5C34BBB907C,0x7053B256358B25,0x19682D2C};
-const BIG CURVE_Pxb={0xA58E8B2E29CFE1,0x97B0C209C30F47,0x37A8E99743F81B,0x3E19F64AA011C9,0x1466B9EC};
-const BIG CURVE_Pya={0xFBFCEBCF0BE09F,0xB33D847EC1B30C,0x157DAEE2096361,0x72332B8DD81E22,0xA79EDD9};
-const BIG CURVE_Pyb={0x904B228898EE9D,0x4EA569D2EDEBED,0x512D8D3461C286,0xECC4C09035C6E4,0x6160C39};
-const BIG CURVE_Gx={0x6623EF5C1B55B2,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000};
-const BIG CURVE_Gy={0x1};
-const BIG CURVE_W[2]={{0x546349162FEB83,0xB40381200,0x6000},{0x7802561,0x80}};
-const BIG CURVE_SB[2][2]={{{0x5463491DB010E4,0xB40381280,0x6000},{0x7802561,0x80}},{{0x7802561,0x80},{0xBD5D5D20BB33EA,0xD6EE0188CEBCBD,0x647A6366D2643F,0x8702A0DB0BDDF,0x24000000}}};
-const BIG CURVE_WB[4]={{0x1C2118567A84B0,0x3C012B040,0x2000},{0xCDF995BE220475,0x94EDA8CA7F9A36,0x8702A0DC07E,0x300000},{0x66FCCAE0F10B93,0x4A76D4653FCD3B,0x4381506E03F,0x180000},{0x1C21185DFAAA11,0x3C012B0C0,0x2000}};
-const BIG CURVE_BB[4][4]={{{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x7802562,0x80}},{{0x7802561,0x80},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000}},{{0x7802562,0x80},{0x7802561,0x80},{0x7802561,0x80},{0x7802561,0x80}},{{0x3C012B2,0x40},{0xF004AC2,0x100},{0x11C0A62F6AFA0A,0xD6EE0CC906CE3E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x3C012B2,0x40}}};
-#endif
-
-#endif
-
-#if CHOICE==NIST
-
-/* Standard NIST-256 Curve */
-
-const int CURVE_A= -3;
-const chunk MConst=1;
-
-#if CHUNK==16
-
-const BIG Modulus={0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1F,0x0,0x0,0x0,0x0,0x0,0x0,0x400,0x0,0x0,0x1FF8,0x1FFF,0x1FF};
-const BIG CURVE_B={0x4B,0x1E93,0xF89,0x1C78,0x3BC,0x187B,0x114E,0x1619,0x1D06,0x328,0x1AF,0xD31,0x1557,0x15DE,0x1ECF,0x127C,0xA3A,0xEC5,0x118D,0xB5};
-const BIG CURVE_Order={0x551,0x319,0x10BF,0x1395,0xF3B,0xF42,0x1C5E,0x15B4,0x6FA,0x1DE7,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x3FF,0x0,0x0,0x1FF8,0x1FFF,0x1FF};
-const BIG CURVE_Gx={0x296,0x4C6,0x1176,0x272,0xF4A,0x19D0,0x17AC,0x1025,0x37D,0x13B8,0x103C,0x748,0xE56,0x1E73,0x1FE2,0x848,0x12C,0xF97,0x5F4,0xD6};
-const BIG CURVE_Gy={0x11F5,0x1DFA,0x1A0D,0xC80,0xCBB,0xF67,0xCC5,0xAED,0xE33,0x115E,0x785,0x181F,0x14A7,0x13F5,0xE3B,0xFF3,0x1E1A,0x1717,0x18D0,0x9F};
-
-#endif
-
-#if CHUNK==32
-
-const BIG Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF};
-const BIG CURVE_B={0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635};
-const BIG CURVE_Order={0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF};
-const BIG CURVE_Gx={0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1};
-const BIG CURVE_Gy={0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342};
-
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus={0xFFFFFFFFFFFFFF,0xFFFFFFFFFF,0x0,0x1000000,0xFFFFFFFF};
-const BIG CURVE_B={0xCE3C3E27D2604B,0x6B0CC53B0F63B,0x55769886BC651D,0xAA3A93E7B3EBBD,0x5AC635D8};
-const BIG CURVE_Order={0xB9CAC2FC632551,0xFAADA7179E84F3,0xFFFFFFFFFFBCE6,0xFFFFFF,0xFFFFFFFF};
-const BIG CURVE_Gx={0xA13945D898C296,0x7D812DEB33A0F4,0xE563A440F27703,0xE12C4247F8BCE6,0x6B17D1F2};
-const BIG CURVE_Gy={0xB6406837BF51F5,0x33576B315ECECB,0x4A7C0F9E162BCE,0xFE1A7F9B8EE7EB,0x4FE342E2};
-
-#endif
-
-#endif
-
-#if CHOICE==MF254
-
-/* Montgomery-Friendly NUMS curves http://eprint.iacr.org/2014/130 */
-
-/* p=k.2^n-1 where n is multiple of BASEBITS - but k can be adjusted. */
-/* Here p=2^240(2^14-127)-1 = 2^232(2^22-256.127)-1 where 8*29=232 and (2^22-256.127)=0x3F8100 */
-/* or = 2^224(2^30-65536.127)-1 where 4*56=224 and (2^30-65536.127) = 0x3F810000 */
-
-#if CHUNK==32
-
-const BIG Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-const chunk MConst=0x3F8100;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order={0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-const BIG CURVE_B={0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
-const BIG CURVE_Gx={0x2};
-const BIG CURVE_Gy={0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order={0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-const BIG CURVE_B={0x367B};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=-55790;
-const BIG CURVE_Order={0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
-const BIG CURVE_Gx={0x3};
-
-#endif
-
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus={0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF};
-const chunk MConst=0x3F810000;
-
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order={0xA419C4AF8DF83F,0x8BEA0DA375C06F,0xFFFFFFFFFFEB81,0xFFFFFFFFFFFFFF,0x3F80FFFF};
-const BIG CURVE_B={0xFFFFFFFFFFD08D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF};
-const BIG CURVE_Gx={0x2};
-const BIG CURVE_Gy={0x65DF37F90D4EBC,0x38E3F8511931AD,0x75BD778AEBDFB7,0x3B2E56014AE15A,0x140E3FD3};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order={0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF};
-const BIG CURVE_B={0x367B};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0x52D0FDAF2701E5,0x9A840E3212187C,0xD502363F4E3632,0xD6A4C335951D00,0x19F0E690};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-55790;
-const BIG CURVE_Order={0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF};
-const BIG CURVE_Gx={0x3};
-#endif
-
-#endif
-
-#endif
-
-
-
-
-#if CHOICE==MF256
-
-/* Montgomery-Friendly NUMS curves http://eprint.iacr.org/2014/130 */
-
-#if CHUNK==32
-
-const BIG Modulus={0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-const chunk MConst=0xFFA800;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order={0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
-const BIG CURVE_B={0x14E6A};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order={0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-const BIG CURVE_B={0x350A};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=-54314;
-const BIG CURVE_Order={0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
-const BIG CURVE_Gx={0x8};
-
-#endif
-
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus={0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFA7FFFF};
-const chunk MConst=0xFFA80000;
-
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A= -3;
-const BIG CURVE_Order={0x10C5E1A79857EB,0x7513E6E5074B9D,0xFFFFFFFFFFFC51,0xFFFFFFFFFFFFFF,0xFFA7FFFF};
-const BIG CURVE_B={0x14E6A};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0x7954C2B724D2A,0x47EB8D94DC6610,0x26123DAE289569,0xBE1808CE7BABBA,0x20887C87};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A= -1;
-const BIG CURVE_Order={0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF};
-const BIG CURVE_B={0x350A};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0xEAA722F2F3C908,0x5E648DFEA68D7D,0xF3DB2C1AACA0C0,0xF8CC4D5AEAEBEE,0xDAD8D4F8};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-54314;
-const BIG CURVE_Order={0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF};
-const BIG CURVE_Gx={0x8};
-#endif
-
-#endif
-
-#endif
-
-
-
-
-#if CHOICE==MS255
-/* Pseudo-Mersenne NUMS curves http://eprint.iacr.org/2014/130 */
-
-#if CHUNK==16
-const BIG Modulus={0x1D03,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-const chunk MConst=0x2FD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order={0xAEB,0x2CA,0x60F,0x1F59,0x1AB8,0x19EF,0xB4A,0x507,0xA38,0x1C32,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-const BIG CURVE_B={0xB46,0x1FFD,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0x4BA,0xE5A,0x19DA,0x7FE,0x1173,0x1306,0x17F6,0x119B,0x16C7,0x1BED,0x1F45,0x5FE,0x1F9B,0xF5F,0xE48,0xF06,0xDBA,0x1607,0x1E9A,0xDE};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order={0xB75,0x1B7,0x1B41,0x13A3,0xAC4,0x197,0x169A,0x10BD,0x11A7,0x1EE7,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x3F};
-const BIG CURVE_B={0xA97,0x7};
-const BIG CURVE_Gx={0x4};
-const BIG CURVE_Gy={0x16A0,0x439,0x16F4,0x144A,0x1BA2,0xD22,0x1511,0x115D,0x114B,0xA94,0x11F9,0x1C18,0xDD8,0x12A6,0x17B0,0x16A8,0xA7B,0x29A,0x12DE,0x4D};
-#endif
-
-#endif
-
-#if CHUNK==32
-const BIG Modulus={0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-const chunk MConst=0x2FD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order={0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-const BIG CURVE_B={0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order={0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-const BIG CURVE_B={0xEA97};
-const BIG CURVE_Gx={0x4};
-const BIG CURVE_Gy={0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-240222;
-const BIG CURVE_Order={0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
-const BIG CURVE_Gx={0x4};
-#endif
-
-
-#endif
-
-#if CHUNK==64
-const BIG Modulus={0xFFFFFFFFFFFD03,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-const chunk MConst=0x2FD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order={0x8FAC983C594AEB,0x38283AD2B3DFAB,0xFFFFFFFFFF864A,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-const BIG CURVE_B={0xFFFFFFFFFFAB46,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0x33FF6769CB44BA,0xC78CDDFDA60D17,0xF9B2FF7D177DB6,0xEDBA7833921EBF,0x6F7A6AC0};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order={0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF};
-const BIG CURVE_B={0xEA97};
-const BIG CURVE_Gx={0x4};
-const BIG CURVE_Gy={0x2A255BD08736A0,0x4B8AED445A45BA,0xDD8E0C47E55291,0x4A7BB545EC254C,0x26CB7853};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-240222;
-const BIG CURVE_Order={0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF};
-const BIG CURVE_Gx={0x4};
-#endif
-
-#endif
-
-#endif
-
-
-
-#if CHOICE==MS256
-/* Pseudo-Mersenne NUMS curves http://eprint.iacr.org/2014/130 */
-
-#if CHUNK==16
-const BIG Modulus={0x1F43,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
-const chunk MConst=0xBD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order={0x825,0x1A8D,0xA51,0x1640,0x20A,0xE30,0x899,0xEBD,0x1C82,0x1F21,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
-const BIG CURVE_B={0x1581,0x12};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0xC77,0x15AB,0x1B0,0x8C6,0x10BF,0x760,0x1625,0x126E,0xC2F,0x1E81,0x175A,0x1DDD,0x16CC,0x164,0x1FF2,0xCDA,0x1E4,0x29E,0x1BC6,0xD2};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order={0x14AD,0x915,0x1BC4,0x109C,0xE5B,0x1E32,0x29A,0xB5A,0xAA5,0x1DF3,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x7F};
-const BIG CURVE_B={0x1BEE,0x1};
-const BIG CURVE_Gx={0xd};
-const BIG CURVE_Gy={0xDBA,0x18E5,0xD4C,0x1EDF,0x1707,0x181F,0x934,0xC70,0xA6D,0x1DF1,0x11AF,0x1F40,0xB39,0x998,0xE8F,0xEDB,0xA12,0xF1,0x2AD,0xFA};
-#endif
-
-#endif
-
-#if CHUNK==32
-const BIG Modulus={0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-const chunk MConst=0xBD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order={0x751A825,0x559014A,0x9971808,0x1904EBD4,0x1FFFFE43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
-const BIG CURVE_B={0x25581};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0x2B56C77,0x1FA31836,0x253B042,0x185F26EB,0xDD6BD02,0x4B66777,0x1B5FF20B,0xA783C8C,0x696F18};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order={0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-const BIG CURVE_B={0x3BEE};
-const BIG CURVE_Gx={0xd};
-const BIG CURVE_Gy={0x131CADBA,0x3FB7DA9,0x134C0FDC,0x14DAC704,0x46BFBE2,0x1859CFD0,0x1B6E8F4C,0x3C5424E,0x7D0AB4};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-61370;
-const BIG CURVE_Order={0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
-const BIG CURVE_Gx={0xb};
-#endif
-
-
-#endif
-
-#if CHUNK==64
-const BIG Modulus={0xFFFFFFFFFFFF43,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFF};
-const chunk MConst=0xBD;
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_Order={0xAB20294751A825,0x8275EA265C6020,0xFFFFFFFFFFE43C,0xFFFFFFFFFFFFFF,0xFFFFFFFF};
-const BIG CURVE_B={0x25581};
-const BIG CURVE_Gx={0x1};
-const BIG CURVE_Gy={0xF46306C2B56C77,0x2F9375894EC10B,0x6CCEEEDD6BD02C,0xC1E466D7FC82C9,0x696F1853};
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_Order={0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF};
-const BIG CURVE_B={0x3BEE};
-const BIG CURVE_Gx={0xd};
-const BIG CURVE_Gy={0x7F6FB5331CADBA,0x6D63824D303F70,0xB39FA046BFBE2A,0x2A1276DBA3D330,0x7D0AB41E};
-#endif
-
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=-61370;
-const BIG CURVE_Order={0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF};
-const BIG CURVE_Gx={0xb};
-#endif
-
-#endif
-
-#endif
-
-
-
-
-#if CHOICE==C25519
-
-/* Modulus p = 2^MODBITS-MConst*/
-/* Three Curves for the price of one..*/
-
-#if CHUNK==16
-
-const chunk MConst=19;
-const BIG Modulus={0x1FED,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
-
-#if CURVETYPE==WEIERSTRASS
-/* Curve I generated myself */
-const int CURVE_A=-3;
-const BIG CURVE_B={0x28};
-const BIG CURVE_Order={0xCA1,0x1945,0x1865,0x19C8,0x16D1,0x11B9,0xD0E,0x1C96,0x1E0F,0x2EA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x100};
-const BIG CURVE_Gx={0x61F,0x6C1,0x1DD,0xEA7,0x4C4,0x124C,0x1BE3,0x1560,0x74E,0x7CD,0x6F4,0x14B,0x13DE,0x133A,0xFB4,0x106,0x15F,0x909,0x18FD,0xCF};
-const BIG CURVE_Gy={0xF38,0xEF7,0x11F8,0xC65,0x1574,0x10E3,0x4,0x12E7,0xB2B,0xA6,0x17A8,0x1C8B,0x1CD4,0xFA,0x1D79,0xBB2,0x1E68,0x1640,0x1A15,0x6};
-
-#endif
-
-#if CURVETYPE==EDWARDS
-/* Ed25519 Curve */
-const int CURVE_A=-1;
-const BIG CURVE_B={0x18A3,0x1ACB,0x1284,0x169B,0x175E,0xC55,0x507,0x9A8,0x100A,0x3,0x1A26,0xEF3,0x797,0x3A0,0xE33,0x1FCE,0xB6F,0x771,0xDB,0xA4};
-const BIG CURVE_Order={0x13ED,0x7AE,0x697,0x4C6,0x581,0xE6B,0xBDE,0x1BD4,0x1EF9,0xA6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x20};
-const BIG CURVE_Gx={0x151A,0x192E,0x1823,0xC5A,0xC95,0x13D9,0x1496,0xC12,0xCC7,0x349,0x1717,0x1BAD,0x31F,0x1271,0x1B02,0xA7F,0xD6E,0x169E,0x1A4D,0x42};
-const BIG CURVE_Gy={0x658,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCC};
-
-#endif
-
-/*
-#if CURVETYPE==MONTGOMERY
-const int CURVE_A=486662; // Not Working as A too big for 16-bit int
-const BIG CURVE_Order={0x13ED,0x7AE,0x697,0x4C6,0x581,0xE6B,0xBDE,0x1BD4,0x1EF9,0xA6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x20};
-const BIG CURVE_Gx={0x9};
-#endif
-*/
-
-#endif
-
-
-#if CHUNK==32
-
-const chunk MConst=19;
-const BIG Modulus={0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_B={0x28};
-const BIG CURVE_Order={0x1728ACA1,0x8E7230C,0x10E8DCDB,0x1C1FC966,0x5D5,0x0,0x0,0x0,0x800000};
-const BIG CURVE_Gx={0x14D8261F,0x23A9C3B,0x1E392613,0xE9D560D,0x19BD0F9A,0x1A9EF052,0xCFB499,0x4242BE1,0x67E3F5};
-const BIG CURVE_Gy={0x1DEEF38,0x1A31963F,0x4871D5,0x16572E70,0x1DEA014C,0x1AE6A722,0x165D7907,0x1903CD0B,0x36856};
-
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_B={0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C};
-const BIG CURVE_Order={0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-const BIG CURVE_Gx={0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936};
-const BIG CURVE_Gy={0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666};
-
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=486662;
-const BIG CURVE_Order={0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
-const BIG CURVE_Gx={0x9};
-
-#endif
-
-#endif
-
-#if CHUNK==64
-
-const chunk MConst=19;
-const BIG Modulus={0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
-
-#if CURVETYPE==WEIERSTRASS
-const int CURVE_A=-3;
-const BIG CURVE_B={0x28};
-const BIG CURVE_Order={0x1CE4619728ACA1,0xFE4B343A3736D,0x5D5E,0x0,0x80000000};
-const BIG CURVE_Gx={0x47538774D8261F,0x4EAB06F8E4984C,0x3DE0A59BD0F9A7,0x215F0833ED2675,0x67E3F521};
-const BIG CURVE_Gy={0x4632C7E1DEEF38,0x2B97380121C757,0xCD4E45DEA014CB,0x1E685D975E41F5,0x36856C8};
-
-#endif
-
-#if CURVETYPE==EDWARDS
-const int CURVE_A=-1;
-const BIG CURVE_B={0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE};
-const BIG CURVE_Order={0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000};
-const BIG CURVE_Gx={0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3};
-const BIG CURVE_Gy={0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666};
-
-#endif
-
-#if CURVETYPE==MONTGOMERY
-
-const int CURVE_A=486662;
-const BIG CURVE_Order={0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000};
-const BIG CURVE_Gx={0x9};
-
-#endif
-
-#endif
-
-#endif
-
-
-#if CHOICE==BRAINPOOL
-
-const int CURVE_A=-3;
-#if CHUNK==16
-
-const BIG Modulus={0x1377,0x1B72,0x747,0x690,0x201,0x1014,0x1498,0x47A,0x1BF6,0x1371,0x35C,0x1B07,0x909,0x1305,0x10F9,0x1537,0x1EE,0x1EDD,0x1ED5,0x153};
-const chunk MConst=0x9B9;
-const BIG CURVE_Order={0x16A7,0x1A42,0xA5,0x1C1D,0x1901,0x137B,0x1586,0x1476,0x197A,0xC61,0x35C,0x1B07,0x909,0x1305,0x10F9,0x1537,0x1EE,0x1EDD,0x1ED5,0x153};
-const BIG CURVE_B={0xB04,0x1749,0x7F,0xB02,0x16AE,0x492,0x1CBD,0x1895,0x13EB,0x1DFC,0x1DAD,0x1A16,0x1733,0x1353,0x13F9,0x9D4,0x10D8,0xE21,0xB18,0xCC};
-const BIG CURVE_Gx={0x5F4,0x1098,0x158B,0x322,0x179A,0x1E15,0xABE,0x188F,0x142,0xD7D,0x1852,0x14CA,0x1B23,0x1109,0x1DCC,0x1CF6,0x1CF,0x19E6,0x1A3A,0x147};
-const BIG CURVE_Gy={0x9BE,0x192E,0x1CD6,0x17D1,0x1DA,0x1380,0x740,0x1BC7,0x1CB6,0x134D,0x105F,0xC88,0xE14,0x1D91,0x15FD,0x18AD,0x1439,0x411,0x65B,0x5B};
-#endif
-
-#if CHUNK==32
-
-const BIG Modulus={0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-const chunk MConst=0xEFD89B9;
-const BIG CURVE_Order={0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
-const BIG CURVE_B={0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61};
-const BIG CURVE_Gx={0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB};
-const BIG CURVE_Gy={0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C};
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus={0x13481D1F6E5377,0xF623D526202820,0x909D838D726E3B,0xA1EEA9BC3E660A,0xA9FB57DB};
-const chunk MConst=0xA75590CEFD89B9;
-const BIG CURVE_Order={0x1E0E82974856A7,0x7AA3B561A6F790,0x909D838D718C39,0xA1EEA9BC3E660A,0xA9FB57DB};
-const BIG CURVE_B={0xE58101FEE92B04,0xEBC4AF2F49256A,0x733D0B76B7BF93,0x30D84EA4FE66A7,0x662C61C4};
-const BIG CURVE_Gx={0xA191562E1305F4,0x42C47AAFBC2B79,0xB23A656149AFA1,0xC1CFE7B7732213,0xA3E8EB3C};
-const BIG CURVE_Gy={0xABE8F35B25C9BE,0xB6DE39D027001D,0xE14644417E69BC,0x3439C56D7F7B22,0x2D996C82};
-#endif
-
-#endif
-
-
-#if CHOICE==ANSSI
-
-const int CURVE_A=-3;
-#if CHUNK==16
-
-const BIG Modulus={0x1C03,0x374,0x14F6,0x19E6,0x1E8F,0x536,0xF23,0x1795,0x1AD,0x19CB,0x10D6,0x1C84,0x1E8C,0x936,0x1C40,0x1AB1,0xB3A,0x1C60,0x1F45,0x1E3};
-const chunk MConst=0x1155;
-const BIG CURVE_Order={0x15E1,0x16B2,0x1671,0x1BA8,0x1FF,0x1FCA,0x34A,0x1C28,0x1C67,0x1A9E,0x10D6,0x1C84,0x1E8C,0x936,0x1C40,0x1AB1,0xB3A,0x1C60,0x1F45,0x1E3};
-const BIG CURVE_B={0x173F,0x1BDD,0x59E,0xBDB,0x307,0x10C0,0x12C6,0x135C,0xC0C,0x1EFF,0x1003,0x1489,0x754,0x55D,0x35,0x1526,0x1428,0x1E52,0xD4F,0x1DC};
-const BIG CURVE_Gx={0x1CFF,0xC7A,0xB76,0x12F4,0x164C,0x1B80,0x1E62,0x1B95,0x7D2,0xC61,0x8E5,0x13A8,0x1474,0xC1E,0xCC4,0x73D,0x16C1,0x61A,0xCF5,0x16D};
-const BIG CURVE_Gy={0xCFB,0x31,0x555,0x2B4,0x1831,0x4F0,0x393,0xFD,0x1C3,0x138,0x1BE3,0x7D9,0x1F0F,0x938,0x47E,0x92,0x8B2,0x7BE,0x10B8,0xC2};
-#endif
-
-#if CHUNK==32
-
-const BIG Modulus={0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-const chunk MConst=0x164E1155;
-const BIG CURVE_Order={0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
-const BIG CURVE_B={0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F};
-const BIG CURVE_Gx={0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4};
-const BIG CURVE_Gy={0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0};
-#endif
-
-#if CHUNK==64
-
-const BIG Modulus={0xFCF353D86E9C03,0xADBCABC8CA6DE8,0xE8CE42435B3961,0xB3AD58F10126D,0xF1FD178C};
-const chunk MConst=0x97483A164E1155;
-const BIG CURVE_Order={0xFDD459C6D655E1,0x67E140D2BF941F,0xE8CE42435B53DC,0xB3AD58F10126D,0xF1FD178C};
-const BIG CURVE_B={0x75ED967B7BB73F,0xC9AE4B1A18030,0x754A44C00FDFEC,0x5428A9300D4ABA,0xEE353FCA};
-const BIG CURVE_Gx={0xC97A2DD98F5CFF,0xD2DCAF98B70164,0x4749D423958C27,0x56C139EB31183D,0xB6B3D4C3};
-const BIG CURVE_Gy={0x115A1554062CFB,0xC307E8E4C9E183,0xF0F3ECEF8C2701,0xC8B204911F9271,0x6142E0F7};
-#endif
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/rsa.c
----------------------------------------------------------------------
diff --git a/c/rsa.c b/c/rsa.c
deleted file mode 100755
index d74ff97..0000000
--- a/c/rsa.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* RSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "rsa.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-static void hashit(octet *p,int n,octet *w)
-{
- int i,c[4];
- hash sha;
- char hh[32];
-
- HASH_init(&sha);
- if (p!=NULL)
- for (i=0;i<p->len;i++) HASH_process(&sha,p->val[i]);
- if (n>=0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0;i<4;i++) HASH_process(&sha,c[i]);
- }
-
- HASH_hash(&sha,hh);
-
- OCT_empty(w);
- OCT_jbytes(w,hh,32);
- for (i=0;i<32;i++) hh[i]=0;
-}
-
-/* Initialise a Cryptographically Strong Random Number Generator from
- an octet of raw random data */
-void RSA_CREATE_CSPRNG(csprng *RNG,octet *RAW)
-{
- RAND_seed(RNG,RAW->len,RAW->val);
-}
-
-void RSA_KILL_CSPRNG(csprng *RNG)
-{
- RAND_clean(RNG);
-}
-
-/* generate an RSA key pair */
-
-void RSA_KEY_PAIR(csprng *RNG,sign32 e,rsa_private_key *PRIV,rsa_public_key *PUB)
-{ /* IEEE1363 A16.11/A16.12 more or less */
-
- int hE,m,r,bytes,hbytes,words,err,res=0;
- BIG t[HFLEN],p1[HFLEN],q1[HFLEN];
-
- for (;;)
- {
-
- FF_random(PRIV->p,RNG,HFLEN);
- while (FF_lastbits(PRIV->p,2)!=3) FF_inc(PRIV->p,1,HFLEN);
- while (!FF_prime(PRIV->p,RNG,HFLEN))
- FF_inc(PRIV->p,4,HFLEN);
-
- FF_copy(p1,PRIV->p,HFLEN);
- FF_dec(p1,1,HFLEN);
-
- if (FF_cfactor(p1,e,HFLEN)) continue;
- break;
- }
-
- for (;;)
- {
- FF_random(PRIV->q,RNG,HFLEN);
- while (FF_lastbits(PRIV->q,2)!=3) FF_inc(PRIV->q,1,HFLEN);
- while (!FF_prime(PRIV->q,RNG,HFLEN))
- FF_inc(PRIV->q,4,HFLEN);
-
- FF_copy(q1,PRIV->q,HFLEN);
- FF_dec(q1,1,HFLEN);
- if (FF_cfactor(q1,e,HFLEN)) continue;
-
- break;
- }
-
- FF_mul(PUB->n,PRIV->p,PRIV->q,HFLEN);
- PUB->e=e;
-
- FF_copy(t,p1,HFLEN);
- FF_shr(t,HFLEN);
- FF_init(PRIV->dp,e,HFLEN);
- FF_invmodp(PRIV->dp,PRIV->dp,t,HFLEN);
- if (FF_parity(PRIV->dp)==0) FF_add(PRIV->dp,PRIV->dp,t,HFLEN);
- FF_norm(PRIV->dp,HFLEN);
-
- FF_copy(t,q1,HFLEN);
- FF_shr(t,HFLEN);
- FF_init(PRIV->dq,e,HFLEN);
- FF_invmodp(PRIV->dq,PRIV->dq,t,HFLEN);
- if (FF_parity(PRIV->dq)==0) FF_add(PRIV->dq,PRIV->dq,t,HFLEN);
- FF_norm(PRIV->dq,HFLEN);
-
- FF_invmodp(PRIV->c,PRIV->p,PRIV->q,HFLEN);
-
- return;
-}
-
-/* Mask Generation Function */
-
-void MGF1(octet *z,int olen,octet *mask)
-{
- char h[32];
- octet H={0,sizeof(h),h};
- int hlen=32;
- int counter,cthreshold;
-
- OCT_empty(mask);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=0;counter<cthreshold;counter++)
- {
- hashit(z,counter,&H);
- if (mask->len+hlen>olen) OCT_jbytes(mask,H.val,olen%hlen);
- else OCT_joctet(mask,&H);
- }
- OCT_clear(&H);
-}
-
-/* OAEP Message Encoding for Encryption */
-
-int RSA_OAEP_ENCODE(octet *m,csprng *RNG,octet *p,octet *f)
-{
- int i,slen,olen=RFS-1;
- int mlen=m->len;
- int hlen,seedlen;
- char dbmask[RFS],seed[32];
- octet DBMASK={0,sizeof(dbmask),dbmask};
- octet SEED={0,sizeof(seed),seed};
-
- hlen=seedlen=32;
- if (mlen>olen-hlen-seedlen-1) return 0;
- if (m==f) return 0; /* must be distinct octets */
-
- hashit(p,-1,f);
-
- slen=olen-mlen-hlen-seedlen-1;
-
- OCT_jbyte(f,0,slen);
- OCT_jbyte(f,0x1,1);
- OCT_joctet(f,m);
-
- OCT_rand(&SEED,RNG,seedlen);
-
- MGF1(&SEED,olen-seedlen,&DBMASK);
-
- OCT_xor(&DBMASK,f);
- MGF1(&DBMASK,seedlen,f);
-
- OCT_xor(f,&SEED);
-
- OCT_joctet(f,&DBMASK);
-
- OCT_pad(f,RFS);
- OCT_clear(&SEED);
- OCT_clear(&DBMASK);
-
- return 1;
-}
-
-/* OAEP Message Decoding for Decryption */
-
-int RSA_OAEP_DECODE(octet *p,octet *f)
-{
- int comp,x,t;
- int i,k,olen=RFS-1;
- int hlen,seedlen;
- char dbmask[RFS],seed[32],chash[32];;
- octet DBMASK={0,sizeof(dbmask),dbmask};
- octet SEED={0,sizeof(seed),seed};
- octet CHASH={0,sizeof(chash),chash};
-
- seedlen=hlen=32;;
- if (olen<seedlen+hlen+1) return 0;
- if (!OCT_pad(f,olen+1)) return 0;
- hashit(p,-1,&CHASH);
-
- x=f->val[0];
- for (i=seedlen;i<olen;i++)
- DBMASK.val[i-seedlen]=f->val[i+1];
- DBMASK.len=olen-seedlen;
-
- MGF1(&DBMASK,seedlen,&SEED);
- for (i=0;i<seedlen;i++) SEED.val[i]^=f->val[i+1];
- MGF1(&SEED,olen-seedlen,f);
- OCT_xor(&DBMASK,f);
-
- comp=OCT_ncomp(&CHASH,&DBMASK,hlen);
-
- OCT_shl(&DBMASK,hlen);
-
- OCT_clear(&SEED);
- OCT_clear(&CHASH);
-
- for (k=0;;k++)
- {
- if (k>=DBMASK.len)
- {
- OCT_clear(&DBMASK);
- return 0;
- }
- if (DBMASK.val[k]!=0) break;
- }
-
- t=DBMASK.val[k];
- if (!comp || x!=0 || t!=0x01)
- {
- OCT_clear(&DBMASK);
- return 0;
- }
-
- OCT_shl(&DBMASK,k+1);
- OCT_copy(f,&DBMASK);
- OCT_clear(&DBMASK);
-
- return 1;
-}
-
-/* destroy the Private Key structure */
-void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV)
-{
- FF_zero(PRIV->p,HFLEN);
- FF_zero(PRIV->q,HFLEN);
- FF_zero(PRIV->dp,HFLEN);
- FF_zero(PRIV->dq,HFLEN);
- FF_zero(PRIV->c,HFLEN);
-}
-
-/* RSA encryption with the public key */
-void RSA_ENCRYPT(rsa_public_key *PUB,octet *F,octet *G)
-{
- BIG f[FFLEN];
- FF_fromOctet(f,F,FFLEN);
-
- FF_power(f,f,PUB->e,PUB->n,FFLEN);
-
- FF_toOctet(G,f,FFLEN);
-}
-
-/* RSA decryption with the private key */
-void RSA_DECRYPT(rsa_private_key *PRIV,octet *G,octet *F)
-{
- BIG g[FFLEN],t[FFLEN],jp[HFLEN],jq[HFLEN];
-
- FF_fromOctet(g,G,FFLEN);
-
- FF_dmod(jp,g,PRIV->p,HFLEN);
- FF_dmod(jq,g,PRIV->q,HFLEN);
-
- FF_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN);
- FF_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN);
-
-
- FF_zero(g,FFLEN);
- FF_copy(g,jp,HFLEN);
- FF_mod(jp,PRIV->q,HFLEN);
- if (FF_comp(jp,jq,HFLEN)>0)
- FF_add(jq,jq,PRIV->q,HFLEN);
- FF_sub(jq,jq,jp,HFLEN);
- FF_norm(jq,HFLEN);
-
- FF_mul(t,PRIV->c,jq,HFLEN);
- FF_dmod(jq,t,PRIV->q,HFLEN);
-
- FF_mul(t,jq,PRIV->p,HFLEN);
- FF_add(g,t,g,FFLEN);
- FF_norm(g,FFLEN);
-
- FF_toOctet(F,g,FFLEN);
-
- return;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/rsa.h
----------------------------------------------------------------------
diff --git a/c/rsa.h b/c/rsa.h
deleted file mode 100755
index df1a151..0000000
--- a/c/rsa.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file rsa.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief RSA Header file for implementation of RSA protocol
- *
- * declares functions
- *
- */
-
-#ifndef RSA_H
-#define RSA_H
-
-#include "amcl.h"
-
-#define RFS MODBYTES*FFLEN /**< RSA Public Key Size in bytes */
-
-/* RSA Auxiliary Functions */
-/** @brief Initialise a random number generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param S is an input truly random seed value
- */
-extern void RSA_CREATE_CSPRNG(csprng *R,octet *S);
-/** @brief Kill a random number generator
- *
- Deletes all internal state
- @param R is a pointer to a cryptographically secure random number generator
- */
-extern void RSA_KILL_CSPRNG(csprng *R);
-/** @brief RSA Key Pair Generator
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param e the encryption exponent
- @param PRIV the output RSA private key
- @param PUB the output RSA public key
- */
-extern void RSA_KEY_PAIR(csprng *R,sign32 e,rsa_private_key* PRIV,rsa_public_key* PUB);
-/** @brief OAEP padding of a message prior to RSA encryption
- *
- @param M is the input message
- @param R is a pointer to a cryptographically secure random number generator
- @param P are input encoding parameter string (could be NULL)
- @param F is the output encoding, ready for RSA encryption
- @return 1 if OK, else 0
- */
-extern int RSA_OAEP_ENCODE(octet *M,csprng *R,octet *P,octet *F);
-/** @brief OAEP unpadding of a message after RSA decryption
- *
- Unpadding is done in-place
- @param P are input encoding parameter string (could be NULL)
- @param F is input padded message, unpadded on output
- @return 1 if OK, else 0
- */
-extern int RSA_OAEP_DECODE(octet *P,octet *F);
-/** @brief RSA encryption of suitably padded plaintext
- *
- @param PUB the input RSA public key
- @param F is input padded message
- @param G is the output ciphertext
- */
-extern void RSA_ENCRYPT(rsa_public_key* PUB,octet *F,octet *G);
-/** @brief RSA decryption of ciphertext
- *
- @param PRIV the input RSA private key
- @param G is the input ciphertext
- @param F is output plaintext (requires unpadding)
-
- */
-extern void RSA_DECRYPT(rsa_private_key* PRIV,octet *G,octet *F);
-/** @brief Destroy an RSA private Key
- *
- @param PRIV the input RSA private key. Destroyed on output.
- */
-extern void RSA_PRIVATE_KEY_KILL(rsa_private_key *PRIV);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/testecdh.c
----------------------------------------------------------------------
diff --git a/c/testecdh.c b/c/testecdh.c
deleted file mode 100755
index 26621a7..0000000
--- a/c/testecdh.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-/* gcc -std=c99 -O3 testecdh.c ecdh.c amcl.a -o testecdh.exe */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "ecdh.h"
-
-int main()
-{
- int i,j=0,res;
- int result;
- unsigned long ran;
- char *pp="M0ng00se";
-/* These octets are automatically protected against buffer overflow attacks */
-/* Note salt must be big enough to include an appended word */
-/* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
-/* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
- char s0[EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],raw[100],key[EAS],salt[32],pw[20],p1[30],p2[30],v[2*EFS+1],m[32],c[64],t[32],cs[EGS],ds[EGS];
- octet S0={0,sizeof(s0),s0};
- octet S1={0,sizeof(s1),s1};
- octet W0={0,sizeof(w0),w0};
- octet W1={0,sizeof(w1),w1};
- octet Z0={0,sizeof(z0),z0};
- octet Z1={0,sizeof(z1),z1};
- octet RAW={0,sizeof(raw),raw};
- octet KEY={0,sizeof(key),key};
- octet SALT={0,sizeof(salt),salt};
- octet PW={0,sizeof(pw),pw};
- octet P1={0,sizeof(p1),p1};
- octet P2={0,sizeof(p2),p2};
- octet V={0,sizeof(v),v};
- octet M={0,sizeof(m),m};
- octet C={0,sizeof(c),c};
- octet T={0,sizeof(t),t};
- octet CS={0,sizeof(cs),cs};
- octet DS={0,sizeof(ds),ds};
-
- csprng RNG; /* Crypto Strong RNG */
-
- time((time_t *)&ran);
-
- RAW.len=100; /* fake random seed source */
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=0;i<100;i++) RAW.val[i]=i;
-
- ECP_CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-
-//for (j=0;j<100;j++)
-//{
- SALT.len=8;
- for (i=0;i<8;i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_empty(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- ECP_PBKDF2(&PW,&SALT,1000,EGS,&S0);
- printf("Alices private key= 0x"); OCT_output(&S0);
-
-/* Generate Key pair S/W */
-
- ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
-
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
-
- printf("Alice's public key= 0x"); OCT_output(&W0);
-
-/* Random private key for other party */
- ECP_KEY_PAIR_GENERATE(&RNG,&S1,&W1);
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
- if (res!=0)
- {
- printf("ECP Public Key is invalid!\n");
- return 0;
- }
- printf("Servers private key= 0x"); OCT_output(&S1);
- printf("Servers public key= 0x"); OCT_output(&W1);
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECP_SVDP_DH(&S0,&W1,&Z0);
- ECP_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECPSVDP-DH Failed\n");
- return 0;
- }
-
- ECP_KDF2(&Z0,NULL,EAS,&KEY);
-
- printf("Alice's DH Key= 0x"); OCT_output(&KEY);
- printf("Servers DH Key= 0x"); OCT_output(&KEY);
-
- printf("Testing ECIES\n");
-
- P1.len=3; P1.val[0]=0x0; P1.val[1]=0x1; P1.val[2]=0x2;
- P2.len=4; P2.val[0]=0x0; P2.val[1]=0x1; P2.val[2]=0x2; P2.val[3]=0x3;
-
- M.len=17;
- for (i=0;i<=16;i++) M.val[i]=i;
-
- ECP_ECIES_ENCRYPT(&P1,&P2,&RNG,&W1,&M,12,&V,&C,&T);
-
- printf("Ciphertext= \n");
- printf("V= 0x"); OCT_output(&V);
- printf("C= 0x"); OCT_output(&C);
- printf("T= 0x"); OCT_output(&T);
-
- if (!ECP_ECIES_DECRYPT(&P1,&P2,&V,&C,&T,&S1,&M))
- {
- printf("*** ECIES Decryption Failed\n");
- return 0;
- }
- else printf("Decryption succeeded\n");
-
- printf("Message is 0x"); OCT_output(&M);
-
-
- printf("Testing ECDSA\n");
-
- if (ECP_SP_DSA(&RNG,&S0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Signature Failed\n");
- return 0;
- }
-
- printf("Signature C = 0x"); OCT_output(&CS);
- printf("Signature D = 0x"); OCT_output(&DS);
-
- if (ECP_VP_DSA(&W0,&M,&CS,&DS)!=0)
- {
- printf("***ECDSA Verification Failed\n");
- return 0;
- }
- else printf("ECDSA Signature/Verification succeeded %d\n",j);
-//}
-//printf("Test Completed Successfully\n");
- ECP_KILL_CSPRNG(&RNG);
-
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/testecm.c
----------------------------------------------------------------------
diff --git a/c/testecm.c b/c/testecm.c
deleted file mode 100755
index 94c996d..0000000
--- a/c/testecm.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH API Functions only - suitable for testing Montgomery curves */
-/* gcc -std=c99 -O3 testecm.c ecdh.c amcl.a -o testecm.exe */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "ecdh.h"
-
-int main()
-{
- int i,j=0,res;
- int result;
- unsigned long ran;
- char *pp="M0ng00se";
-/* These octets are automatically protected against buffer overflow attacks */
-/* Note salt must be big enough to include an appended word */
-/* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
-/* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
- char s0[EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],raw[100],key[EAS],salt[32],pw[20];
- octet S0={0,sizeof(s0),s0};
- octet S1={0,sizeof(s1),s1};
- octet W0={0,sizeof(w0),w0};
- octet W1={0,sizeof(w1),w1};
- octet Z0={0,sizeof(z0),z0};
- octet Z1={0,sizeof(z1),z1};
- octet RAW={0,sizeof(raw),raw};
- octet KEY={0,sizeof(key),key};
- octet SALT={0,sizeof(salt),salt};
- octet PW={0,sizeof(pw),pw};
-
- csprng RNG; /* Crypto Strong RNG */
-
- time((time_t *)&ran);
-
- RAW.len=100; /* fake random seed source */
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=4;i<100;i++) RAW.val[i]=i;
-
- ECP_CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-
-//for (j=0;j<1000;j++)
-//{
- SALT.len=8;
- for (i=0;i<8;i++) SALT.val[i]=i+1; // set Salt
-
- printf("Alice's Passphrase= %s\n",pp);
-
- OCT_clear(&PW);
- OCT_jstring(&PW,pp); // set Password from string
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- ECP_PBKDF2(&PW,&SALT,1000,EGS,&S0);
- printf("Alices private key= 0x"); OCT_output(&S0);
-
-/* Generate Key pair S/W */
-
- ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
-
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
- if (res!=0)
- {
- printf("Alice's ECP Public Key is invalid!\n");
- return 0;
- }
-
- printf("Alice's public key= 0x"); OCT_output(&W0);
-
-/* Random private key for other party */
- ECP_KEY_PAIR_GENERATE(&RNG,&S1,&W1);
- printf("Servers private key= 0x"); OCT_output(&S1);
- printf("Servers public key= 0x"); OCT_output(&W1);
-
- res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
- if (res!=0)
- {
- printf("Server's ECP Public Key is invalid!\n");
- return 0;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECP_SVDP_DH(&S0,&W1,&Z0);
- ECP_SVDP_DH(&S1,&W0,&Z1);
-
- if (!OCT_comp(&Z0,&Z1))
- {
- printf("*** ECP_SVDP-DH Failed\n");
- return 0;
- }
-
- ECP_KDF2(&Z0,NULL,EAS,&KEY);
-
- printf("Alice's DH Key= 0x"); OCT_output(&KEY);
- printf("Servers DH Key= 0x"); OCT_output(&KEY);
-//}
-//printf("Test Completed Successfully\n");
-
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/testmpin.c
----------------------------------------------------------------------
diff --git a/c/testmpin.c b/c/testmpin.c
deleted file mode 100755
index 6dedf7c..0000000
--- a/c/testmpin.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN Functions */
-/* Version 3.0 - supports Time Permits */
-
-
-/* Build executible after installation:
-
- gcc -std=c99 -g ./testmpin.c -I/opt/amcl/include -L/opt/amcl/lib -lamcl -lmpin -o testmpin
-
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "mpin.h"
-
-#define PERMITS /* for time permits ON or OFF */
-#define PINERROR /* For PIN ERROR detection ON or OFF */
-#define FULL /* for M-Pin Full or M-Pin regular */
-#define SINGLE_PASS /* SINGLE PASS M-Pin */
-
-int main()
-{
- int i,pin,rtn,err,timeValue;
-#ifdef PERMITS
- int date=MPIN_today();
-#else
- int date=0;
-#endif
- unsigned long ran;
- char x[PGS],s[PGS],y[PGS],client_id[100],raw[100],sst[4*PFS],token[2*PFS+1],sec[2*PFS+1],permit[2*PFS+1],xcid[2*PFS+1],xid[2*PFS+1],e[12*PFS],f[12*PFS];
- char hcid[HASH_BYTES],hsid[HASH_BYTES],hid[2*PFS+1],htid[2*PFS+1],h[PGS];
-#ifdef FULL
- char r[PGS],z[2*PFS+1],w[PGS],t[2*PFS+1];
- char g1[12*PFS],g2[12*PFS];
- char ck[PAS],sk[PAS];
-#endif
- octet S={0,sizeof(s),s};
- octet X={0,sizeof(x),x};
- octet Y={0,sizeof(y),y};
- octet H={0,sizeof(h),h};
- octet RAW={0,sizeof(raw),raw};
- octet CLIENT_ID={0,sizeof(client_id),client_id};
- octet SST={0,sizeof(sst),sst};
- octet TOKEN={0,sizeof(token),token};
- octet SEC={0,sizeof(sec),sec};
- octet PERMIT={0,sizeof(permit),permit};
- octet xCID={0,sizeof(xcid),xcid};
- octet xID={0,sizeof(xid),xid};
- octet HCID={0,sizeof(hcid),hcid};
- octet HSID={0,sizeof(hsid),hsid};
- octet HID={0,sizeof(hid),hid};
- octet HTID={0,sizeof(htid),htid};
- octet E={0,sizeof(e),e};
- octet F={0,sizeof(f),f};
-#ifdef FULL
- octet R={0,sizeof(r),r};
- octet Z={0,sizeof(z),z};
- octet W={0,sizeof(w),w};
- octet T={0,sizeof(t),t};
- octet G1={0,sizeof(g1),g1};
- octet G2={0,sizeof(g2),g2};
- octet SK={0,sizeof(sk),sk};
- octet CK={0,sizeof(ck),ck};
-#endif
- octet *pxID,*pxCID,*pHID,*pHTID,*pE,*pF,*pPERMIT,*prHID;
-
- /* Crypto Strong RNG */
- csprng RNG;
- /* fake random seed source */
- time((time_t *)&ran);
- RAW.len=100;
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=4;i<100;i++) RAW.val[i]=i+1;
-
- /* initialise strong RNG */
- MPIN_CREATE_CSPRNG(&RNG,&RAW);
-
- /* Trusted Authority set-up */
- MPIN_RANDOM_GENERATE(&RNG,&S);
- printf("Master Secret= "); OCT_output(&S);
-
- /* Create Client Identity */
- OCT_jstring(&CLIENT_ID,"testUser@miracl.com");
- MPIN_HASH_ID(&CLIENT_ID,&HCID); /* Either Client or TA calculates Hash(ID) - you decide! */
- printf("Client ID= "); OCT_output_string(&CLIENT_ID); printf("\n");
-
- /* When set only send hashed IDs to server */
- octet *pID;
-#ifdef USE_ANONYMOUS
- pID = &HCID;
-#else
- pID = &CLIENT_ID;
-#endif
-
- /* Client and Server are issued secrets by DTA */
- MPIN_GET_SERVER_SECRET(&S,&SST);
- printf("Server Secret= "); OCT_output(&SST);
-
- MPIN_GET_CLIENT_SECRET(&S,&HCID,&TOKEN);
- printf("Client Secret= "); OCT_output(&TOKEN);
-
- /* Client extracts PIN from secret to create Token */
- pin=1234;
- printf("Client extracts PIN= %d\n",pin);
- MPIN_EXTRACT_PIN(&CLIENT_ID,pin,&TOKEN);
- printf("Client Token= "); OCT_output(&TOKEN);
-
-#ifdef FULL
- MPIN_PRECOMPUTE(&TOKEN,&HCID,&G1,&G2);
-#endif
-
-#ifdef PERMITS
- /* Client gets "Time Permit" from DTA */
- printf("Client gets Time Permit\n");
-
- MPIN_GET_CLIENT_PERMIT(date,&S,&HCID,&PERMIT);
- printf("Time Permit= "); OCT_output(&PERMIT);
-
- /* This encoding makes Time permit look random */
- if (MPIN_ENCODING(&RNG,&PERMIT)!=0) printf("Encoding error\n");
- /* printf("Encoded Time Permit= "); OCT_output(&PERMIT); */
- if (MPIN_DECODING(&PERMIT)!=0) printf("Decoding error\n");
- /* printf("Decoded Time Permit= "); OCT_output(&PERMIT); */
-#endif
-
- /* MPin Protocol */
-
- /* Client enters PIN */
- printf("\nPIN= ");
- if(scanf("%d",&pin)){};
- /* to avoid silly compile error */
- getchar();
-
- /* Set date=0 and PERMIT=NULL if time permits not in use
-
- Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
- If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
- Random value x is supplied externally if RNG=NULL, otherwise generated and passed out by RNG
-
- HSID - hashed client ID as calculated by the server
- HCID - hashed client ID as calculated by the client
-
- IMPORTANT: To save space and time..
- If Time Permits OFF set xCID = NULL, HTID=NULL and use xID and HID only
- If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
- If Time permits are ON, AND pin error detection is NOT required, set xID=NULL, HID=NULL and use xCID and HTID only.
-
- */
-
- pxID=&xID;
- pxCID=&xCID;
- pHID=&HID;
- pHTID=&HTID;
- pE=&E;
- pF=&F;
- pPERMIT=&PERMIT;
-
-#ifdef PERMITS
- prHID=pHTID;
-#ifndef PINERROR
- pxID=NULL;
- // pHID=NULL;
-#endif
-#else
- prHID=pHID;
- pPERMIT=NULL;
- pxCID=NULL;
- pHTID=NULL;
-#endif
-#ifndef PINERROR
- pE=NULL;
- pF=NULL;
-#endif
-
-#ifdef SINGLE_PASS
- printf("MPIN Single Pass\n");
- timeValue = MPIN_GET_TIME();
- rtn=MPIN_CLIENT(date,&CLIENT_ID,&RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT,NULL,timeValue,&Y);
- if (rtn != 0)
- {
- printf("MPIN_CLIENT ERROR %d\n", rtn);
- return 1;
- }
-
-#ifdef FULL
- MPIN_GET_G1_MULTIPLE(&RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */
-#endif
-
- rtn=MPIN_SERVER(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF,&CLIENT_ID,NULL,timeValue);
- if (rtn != 0)
- {
- printf("MPIN_SERVER ERROR %d\n", rtn);
- }
-
-#ifdef FULL
- MPIN_GET_G1_MULTIPLE(&RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w */
-#endif
-
-#else // SINGLE_PASS
- printf("MPIN Multi Pass\n");
-
- if (MPIN_CLIENT_1(date,&CLIENT_ID,&RNG,&X,pin,&TOKEN,&SEC,pxID,pxCID,pPERMIT)!=0)
- {
- printf("Error from Client side - First Pass\n");
- return 0;
- }
-
- /* Send U=x.ID to server, and recreate secret from token and pin */
-
-#ifdef FULL
- MPIN_GET_G1_MULTIPLE(&RNG,1,&R,&HCID,&Z); /* Also Send Z=r.ID to Server, remember random r */
-#endif
-
- /* Server calculates H(ID) and H(ID)+H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN_SERVER_1(date,pID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN_RANDOM_GENERATE(&RNG,&Y);
-
-#ifdef FULL
- MPIN_GET_G1_MULTIPLE(&RNG,0,&W,prHID,&T); /* Also send T=w.ID to client, remember random w */
-#endif
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- if (MPIN_CLIENT_2(&X,&Y,&SEC)!=0)
- {
- printf("Error from Client side - Second Pass\n");
- return 1;
- }
-
- /* Server Second phase. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = NULL */
- rtn=MPIN_SERVER_2(date,pHID,pHTID,&Y,&SST,pxID,pxCID,&SEC,pE,pF);
-#endif // SINGLE_PASS
-
- if (rtn!=0)
- {
- printf("Server says - Bad Pin. \n");
-#ifdef PINERROR
-
- err=MPIN_KANGAROO(&E,&F);
- if (err) printf("(Client PIN is out by %d)\n",err);
-
-#endif
- return 1;
- }
- else
- {
- printf("Server says - PIN is good! ID: ");
- OCT_output_string(&CLIENT_ID);
- printf(".\n");
- }
-
-#ifdef FULL
- MPIN_HASH_ALL(&HCID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- MPIN_CLIENT_KEY(&G1,&G2,pin,&R,&X,&H,&T,&CK);
- printf("Client Key = "); OCT_output(&CK);
-
- /* Server will use the hashed ID if anonymous connection required.
- MPIN_HASH_ID(&CLIENT_ID,&HSID);
- MPIN_HASH_ALL(&HSID,pxID,pxCID,&SEC,&Y,&Z,&T,&H);
- */
- MPIN_SERVER_KEY(&Z,&SST,&W,&H,pHID,pxID,pxCID,&SK);
- printf("Server Key = "); OCT_output(&SK);
-#endif
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/testrsa.c
----------------------------------------------------------------------
diff --git a/c/testrsa.c b/c/testrsa.c
deleted file mode 100755
index 81b5887..0000000
--- a/c/testrsa.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-/* gcc -std=c99 -O3 testrsa.c rsa.c amcl.a -o testrsa.exe */
-
-
-#include <stdio.h>
-#include <time.h>
-#include "rsa.h"
-
-int main()
-{
- int i,bytes,res;
- unsigned long ran;
- char m[RFS],ml[RFS],c[RFS],e[RFS],raw[100];
- rsa_public_key pub;
- rsa_private_key priv;
- csprng RNG;
- octet M={0,sizeof(m),m};
- octet ML={0,sizeof(ml),ml};
- octet C={0,sizeof(c),c};
- octet E={0,sizeof(e),e};
- octet RAW={0,sizeof(raw),raw};
-
- time((time_t *)&ran);
-
- RAW.len=100; /* fake random seed source */
- RAW.val[0]=ran;
- RAW.val[1]=ran>>8;
- RAW.val[2]=ran>>16;
- RAW.val[3]=ran>>24;
- for (i=4;i<100;i++) RAW.val[i]=i;
-
- RSA_CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
-//for (i=0;i<10;i++)
-//{
-
- printf("Generating public/private key pair\n");
- RSA_KEY_PAIR(&RNG,65537,&priv,&pub);
-
- printf("Encrypting test string\n");
- OCT_jstring(&M,(char *)"Hello World\n");
- RSA_OAEP_ENCODE(&M,&RNG,NULL,&E); /* OAEP encode message m to e */
-
- RSA_ENCRYPT(&pub,&E,&C); /* encrypt encoded message */
- printf("Ciphertext= "); OCT_output(&C);
-
- printf("Decrypting test string\n");
- RSA_DECRYPT(&priv,&C,&ML); /* ... and then decrypt it */
-
- RSA_OAEP_DECODE(NULL,&ML); /* decode it */
- OCT_output_string(&ML);
-
- OCT_clear(&M); OCT_clear(&ML); /* clean up afterwards */
- OCT_clear(&C); OCT_clear(&RAW); OCT_clear(&E);
-//}
- RSA_KILL_CSPRNG(&RNG);
-
- RSA_PRIVATE_KEY_KILL(&priv);
-
- return 0;
-}
[03/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/rom.c
----------------------------------------------------------------------
diff --git a/version22/c/rom.c b/version22/c/rom.c
new file mode 100644
index 0000000..9fada44
--- /dev/null
+++ b/version22/c/rom.c
@@ -0,0 +1,1206 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL - ROM file */
+
+#include "amcl.h"
+
+/* Field and Curve Details */
+
+#if CHOICE==BN254
+
+/* Nogami's fast curve */
+
+const int CURVE_A=0;
+#if CHUNK==16
+
+const chunk MConst=0x15E5;
+const BIG Modulus= {0x13,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
+const BIG CURVE_Order= {0xD,0x0,0x0,0x0,0xA10,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x1,0x0,0x0,0x0,0x408};
+const BIG CURVE_Cru= {0x7,0x0,0x0,0x0,0xCD8,0x3,0x0,0x0,0x900,0x1248,0x0,0x0,0x400,0x19B1,0x126};
+const BIG CURVE_Fra= {0xDE9,0x1953,0x101B,0x1BCD,0xE17,0x1BE1,0x14FD,0x1249,0x974,0x1C28,0x54F,0x108D,0x150A,0x4CD,0x12D9,0xF91,0x12E,0x10C9,0xDDD,0x36};
+const BIG CURVE_Frb= {0x122A,0x6AC,0xFE4,0x432,0xC58,0x428,0xB02,0xDB6,0x178B,0x6E0,0x1AB2,0xF72,0x2F5,0x1559,0x140F,0x106E,0x1ED1,0x1348,0x1AFB,0x13};
+//const BIG CURVE_Pxa={0xCB4,0xFE8,0x1E4D,0x1658,0x2BA,0x2BE,0x13F3,0x33C,0x5E3,0x182D,0x1D8E,0xDBE,0x124F,0xFDB,0x8CD,0x14FD,0x155E,0x6A7,0x16C1,0x12};
+//const BIG CURVE_Pxb={0x455,0x4B1,0x1E4,0xFA,0x38A,0x152F,0x149E,0x17C7,0xD86,0x1CEB,0x11FC,0xAE,0x189E,0x15F,0x1275,0x8F6,0x83,0x53E,0x1536,0xB};
+//const BIG CURVE_Pya={0x46C,0x1045,0x1A1E,0x1B9C,0x1F9A,0xC8,0x629,0x61D,0x82B,0xB48,0xC7C,0xF09,0x4C3,0x168E,0x1E85,0x627,0x5E5,0x15F9,0xFCA,0x15};
+//const BIG CURVE_Pyb={0x6EC,0xF98,0x1501,0x1F11,0xE6D,0x9D0,0xB74,0xED,0x482,0x12E0,0x75A,0xF03,0x11E4,0x313,0x16CE,0x1B57,0x679,0x143F,0x1DA6,0x30};
+const BIG CURVE_Pxa= {0x1B2B,0x1F,0x932,0x1C84,0x191E,0x1F86,0x262,0x1769,0x48B,0x1523,0x1B6D,0x18C3,0x7E8,0x6C6,0x1FAE,0x16C5,0x119E,0x5DA,0x684,0xC};
+const BIG CURVE_Pxb= {0xCF3,0x1EAA,0x1079,0x1869,0x10D8,0x25B,0x18DE,0xD75,0xD74,0x18FA,0xA96,0x1305,0x18C5,0x553,0xCC4,0xF06,0x1A73,0x17CD,0x5AA,0xA};
+const BIG CURVE_Pya= {0xB9A,0xE69,0x1E24,0x1C0,0x119F,0x4DE,0x16F8,0x1CD7,0x1D0A,0x194D,0x88,0x1319,0x966,0x870,0xE6A,0x1268,0xBAF,0x1D03,0x625,0x4};
+const BIG CURVE_Pyb= {0xE9B,0x19D6,0x1B1A,0x1A35,0x18A2,0x4AB,0x1CE7,0x1FFA,0x1006,0x1D84,0x34D,0xBE7,0x56F,0x16A2,0x1A3D,0x2A4,0x1C8B,0x1873,0xECA,0x1D};
+const BIG CURVE_Gx= {0x12,0x0,0x0,0x0,0x1A70,0x9,0x0,0x0,0x100,0x309,0x2,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x3,0x0,0x0,0x0,0x40,0x1,0x0,0x0,0x180,0x30C},{0x1,0x0,0x0,0x0,0x810}};
+const BIG CURVE_SB[2][2]= {{{0x4,0x0,0x0,0x0,0x850,0x1,0x0,0x0,0x180,0x30C},{0x1,0x0,0x0,0x0,0x810}},{{0x1,0x0,0x0,0x0,0x810},{0xA,0x0,0x0,0x0,0x9D0,0x7,0x0,0x0,0x1E00,0x1CF0,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}}};
+const BIG CURVE_WB[4]= {{0x0,0x0,0x0,0x0,0x408,0x0,0x0,0x0,0x80,0x104},{0x5,0x0,0x0,0x0,0x14A8,0x2,0x0,0x0,0x700,0xE38,0x0,0x0,0x1800,0x1120,0xC4},{0x3,0x0,0x0,0x0,0xC58,0x1,0x0,0x0,0x380,0x71C,0x0,0x0,0xC00,0x890,0x62},{0x1,0x0,0x0,0x0,0xC18,0x0,0x0,0x0,0x80,0x104}};
+const BIG CURVE_BB[4][4]= {{{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x810}},{{0x1,0x0,0x0,0x0,0x810},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xD,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0xC,0x0,0x0,0x0,0x608,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A}},{{0x2,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810},{0x1,0x0,0x0,0x0,0x810}},{{0x2,0x0,0x0,0x0,0x408},{0x2,0x0,0x0,0x0,0x1020},{0xA,0x0,0x0,0x0,0x200,0x8,0x0,0x0,0x1F80,0x1FFC,0x1,0x0,0x1800,0x1A26,0x6E8,0x0,0x0,0x412,0x8D9,0x4A},{0x2,0x0,0x0,0x0,0x408}}};
+#endif
+
+#if CHUNK==32
+
+const chunk MConst=0x179435E5;
+const BIG Modulus= {0x13,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
+const BIG CURVE_Order= {0xD,0x8000000,0x428,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x1,0x4000000,0x10};
+const BIG CURVE_Cru= {0x7,0xC000000,0x1B3,0x12000000,0x2490,0x11200000,0x126CD};
+const BIG CURVE_Fra= {0xF2A6DE9,0xBEF3603,0xFDDF0B8,0x12E9249A,0x953F850,0xDA85423,0x1232D926,0x32425CF,0x1B3776};
+const BIG CURVE_Frb= {0x10D5922A,0xC10C9FC,0x10221431,0xF16DB65,0x16AC8DC1,0x1917ABDC,0xDD40FAA,0xD23DA30,0x9EBEE};
+//const BIG CURVE_Pxa={0x15FD0CB4,0x1D5963C9,0x1F315F0A,0xBC633C9,0x1763B05A,0x1B927B6F,0x1FA8CD7E,0x1A9EABD4,0x95B04};
+//const BIG CURVE_Pxb={0x10962455,0x503E83C,0x9EA978E,0x1B0D7C7A,0x147F39D6,0x1FC4F02B,0x1ED2750A,0x14F81068,0x5D4D8};
+//const BIG CURVE_Pya={0x1A08A46C,0xD6E7343,0x290647E,0x105661D3,0xB1F1690,0xE261BC2,0x4FE85B4,0x17E4BCA6,0xABF2A};
+//const BIG CURVE_Pyb={0x5F306EC,0x16FC46A0,0x1744E839,0x9040ED5,0x19D6A5C0,0x138F23C0,0xAF6CE18,0x10FCCF3B,0x18769A};
+const BIG CURVE_Pxa= {0x803FB2B,0xF721126,0x62FC364,0x9177691,0x1EDB6A46,0x63F4630,0x18BFAE36,0x176A33D6,0x61A10};
+const BIG CURVE_Pxb= {0x7D54CF3,0xC61A60F,0xDE12DC3,0x1AE8D75C,0xAA5B1F4,0x13C62CC1,0xCCC42A,0x1F374E6F,0x516AA};
+const BIG CURVE_Pya= {0x11CD2B9A,0xF8703C4,0xF826F46,0x1A15CD7B,0x822329B,0x104B34C6,0xD0E6A43,0x140D75F2,0x21897};
+const BIG CURVE_Pyb= {0xB3ACE9B,0x1168D763,0xE7255E2,0xDFFAE,0x18D37B09,0x22B7AF9,0x149A3DB5,0x1CF9162,0xEBB2B};
+const BIG CURVE_Gx= {0x12,0x18000000,0x4E9,0x2000000,0x8612,0x6C00000,0x6E8D1,0x10480000,0x252364};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x3,0x0,0x81,0x3000000,0x618},{0x1,0x8000000,0x20}};
+const BIG CURVE_SB[2][2]= {{{0x4,0x8000000,0xA1,0x3000000,0x618},{0x1,0x8000000,0x20}},{{0x1,0x8000000,0x20},{0xA,0x8000000,0x3A7,0x1C000000,0x79E1,0x6C00000,0x6E8D1,0x10480000,0x252364}}};
+const BIG CURVE_WB[4]= {{0x0,0x4000000,0x10,0x1000000,0x208},{0x5,0x14000000,0x152,0xE000000,0x1C70,0xC00000,0xC489},{0x3,0xC000000,0xB1,0x7000000,0xE38,0x10600000,0x6244},{0x1,0xC000000,0x30,0x1000000,0x208}};
+const BIG CURVE_BB[4][4]= {{{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x8000000,0x20}},{{0x1,0x8000000,0x20},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xD,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0xC,0x4000000,0x418,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364}},{{0x2,0x8000000,0x20},{0x1,0x8000000,0x20},{0x1,0x8000000,0x20},{0x1,0x8000000,0x20}},{{0x2,0x4000000,0x10},{0x2,0x10000000,0x40},{0xA,0x0,0x408,0x1F000000,0x7FF9,0x6C00000,0x6E8D1,0x10480000,0x252364},{0x2,0x4000000,0x10}}};
+#endif
+
+#if CHUNK==64
+
+const chunk MConst=0x435E50D79435E5;
+const BIG Modulus= {0x13,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482};
+const BIG CURVE_Order= {0xD,0x800000000010A1,0x8000000007FF9F,0x40000001BA344D,0x25236482};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x80000000000001,0x40};
+const BIG CURVE_Cru= {0x80000000000007,0x6CD,0x40000000024909,0x49B362};
+const BIG CURVE_Fra= {0x7DE6C06F2A6DE9,0x74924D3F77C2E1,0x50A846953F8509,0x212E7C8CB6499B,0x1B377619};
+const BIG CURVE_Frb= {0x82193F90D5922A,0x8B6DB2C08850C5,0x2F57B96AC8DC17,0x1ED1837503EAB2,0x9EBEE69};
+//const BIG CURVE_Pxa={0xAB2C7935FD0CB4,0xE319E4FCC57C2B,0x24F6DF763B05A5,0xF55EA7EA335FB7,0x95B04D4};
+//const BIG CURVE_Pxb={0xA07D0790962455,0x86BE3D27AA5E38,0x89E05747F39D6D,0xC08347B49D42BF,0x5D4D8A7};
+//const BIG CURVE_Pya={0xADCE687A08A46C,0x2B30E98A4191F9,0x4C3784B1F16908,0x25E5313FA16D1C,0xABF2ABF};
+//const BIG CURVE_Pyb={0xDF88D405F306EC,0x82076ADD13A0E6,0x1E47819D6A5C04,0xE679DABDB38627,0x18769A87};
+const BIG CURVE_Pxa= {0xEE4224C803FB2B,0x8BBB4898BF0D91,0x7E8C61EDB6A464,0x519EB62FEB8D8C,0x61A10BB};
+const BIG CURVE_Pxb= {0x8C34C1E7D54CF3,0x746BAE3784B70D,0x8C5982AA5B1F4D,0xBA737833310AA7,0x516AAF9};
+const BIG CURVE_Pya= {0xF0E07891CD2B9A,0xAE6BDBE09BD19,0x96698C822329BD,0x6BAF93439A90E0,0x21897A0};
+const BIG CURVE_Pyb= {0x2D1AEC6B3ACE9B,0x6FFD739C9578A,0x56F5F38D37B090,0x7C8B15268F6D44,0xEBB2B0E};
+
+const BIG CURVE_Gx= {0x12,0x13A7,0x80000000086121,0x40000001BA344D,0x25236482};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x3,0x80000000000204,0x6181},{0x1,0x81}};
+const BIG CURVE_SB[2][2]= {{{0x4,0x80000000000285,0x6181},{0x1,0x81}},{{0x1,0x81},{0xA,0xE9D,0x80000000079E1E,0x40000001BA344D,0x25236482}}};
+const BIG CURVE_WB[4]= {{0x80000000000000,0x80000000000040,0x2080},{0x80000000000005,0x54A,0x8000000001C707,0x312241},{0x80000000000003,0x800000000002C5,0xC000000000E383,0x189120},{0x80000000000001,0x800000000000C1,0x2080}};
+const BIG CURVE_BB[4][4]= {{{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x2,0x81}},{{0x1,0x81},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000D,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x8000000000000C,0x80000000001060,0x8000000007FF9F,0x40000001BA344D,0x25236482}},{{0x2,0x81},{0x1,0x81},{0x1,0x81},{0x1,0x81}},{{0x80000000000002,0x40},{0x2,0x102},{0xA,0x80000000001020,0x8000000007FF9F,0x40000001BA344D,0x25236482},{0x80000000000002,0x40}}};
+#endif
+
+#endif
+
+#if CHOICE==BN254_T
+
+/* GT-Strong BN curve */
+
+const int CURVE_A=0;
+#if CHUNK==16
+
+const chunk MConst=0x4E5;
+const BIG Modulus= {0x713,0x15A5,0x1FBB,0x1B77,0xBE9,0x125D,0x13D1,0xAC2,0xA55,0x374,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
+const BIG CURVE_Order= {0x10D,0x981,0x1FA3,0xAEE,0x3A7,0x59B,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x81,0x2,0x1800,0x100,0x400};
+const BIG CURVE_Cru= {0xD87,0x1A7E,0x156A,0x16A7,0x1ADE,0x188F,0xAEA,0x14BE,0xC82,0xBB2,0x132,0xA2A,0x1476,0xD8,0x120};
+const BIG CURVE_Fra= {0x22,0xE40,0x13AB,0xBA2,0x159F,0x671,0x1BEB,0x9A,0xC49,0xDF3,0xC84,0x142,0x1F19,0x1284,0x53D,0x1887,0x9BB,0x1496,0xA28,0x26};
+const BIG CURVE_Frb= {0x6F1,0x765,0xC10,0xFD5,0x164A,0xBEB,0x17E6,0xA27,0x1E0C,0x1580,0x8F7,0xCAF,0x1450,0x1350,0x16AA,0x7A2,0x1B5B,0x1244,0x161F,0x21};
+const BIG CURVE_Pxa= {0x5BB,0x473,0x188A,0x130F,0x1BE8,0x1189,0x12A9,0x15A3,0xC00,0x1BE6,0x1522,0x82,0x1325,0x2A,0x1AF3,0x673,0x4C1,0x1E68,0x120F,0x28};
+const BIG CURVE_Pxb= {0x2C0,0x6DF,0x202,0xF11,0x13A6,0x1A42,0x78,0x1C3F,0x157F,0xBDC,0x146D,0x634,0x10A6,0x1FE2,0xB68,0x1860,0x184E,0x1599,0x1FD1,0x10};
+const BIG CURVE_Pya= {0xA1D,0x106,0x11F8,0x58,0x16C2,0xCF9,0x1A0E,0x2CF,0xCB4,0x164A,0x7DC,0xA87,0x1C6E,0x1634,0x1D28,0x17A,0x102B,0x14E0,0x1A30,0x29};
+const BIG CURVE_Pyb= {0x8F2,0xB31,0x1F1C,0x1086,0x6BD,0x1BEE,0x1EF2,0x1C2C,0xA27,0xE8,0x1C9A,0x18EA,0xA82,0x160C,0x7B7,0x97A,0x245,0x1523,0xBF8,0x2F};
+const BIG CURVE_Gx= {0x712,0x15A5,0x1FBB,0x1B77,0xBE9,0x125D,0x13D1,0xAC2,0xA55,0x374,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x403,0xC1C,0x18,0xC86,0x1842,0xCC1,0x906,0x430,0x181,0x300},{0x101,0x4,0x1000,0x201,0x800}};
+const BIG CURVE_SB[2][2]= {{{0x504,0xC20,0x1018,0xE87,0x42,0xCC2,0x906,0x430,0x181,0x300},{0x101,0x4,0x1000,0x201,0x800}},{{0x101,0x4,0x1000,0x201,0x800},{0x1D0A,0x1D64,0x1F8A,0x1E68,0xB64,0x18D9,0x1C4,0x262,0x753,0x1D74,0x157B,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48}}};
+const BIG CURVE_WB[4]= {{0x80,0x406,0x1808,0x280,0xC16,0x440,0x302,0xC10,0x80,0x100},{0xA85,0x462,0x102,0xA72,0x36B,0xE36,0xD4B,0x5F4,0x1EAD,0x1476,0x1621,0x6C6,0xDA4,0x90,0xC0},{0x583,0x232,0xC81,0x15B9,0x3B5,0x171B,0x6A5,0x12FA,0xF56,0x1A3B,0xB10,0x363,0x6D2,0x48,0x60},{0x181,0x40A,0x808,0x482,0x1416,0x440,0x302,0xC10,0x80,0x100}};
+const BIG CURVE_BB[4][4]= {{{0x8D,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x102,0x4,0x1000,0x201,0x800}},{{0x101,0x4,0x1000,0x201,0x800},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8D,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x8C,0x97F,0x7A3,0x9EE,0x1FA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48}},{{0x102,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800},{0x101,0x4,0x1000,0x201,0x800}},{{0x82,0x2,0x1800,0x100,0x400},{0x202,0x8,0x0,0x403,
0x1000},{0xA,0x97D,0xFA3,0x8ED,0x1BA7,0x59A,0xACB,0x692,0x8D4,0x74,0x157C,0xDF1,0x1369,0x5D5,0x1BE8,0x29,0x517,0x6DB,0x48,0x48},{0x82,0x2,0x1800,0x100,0x400}}};
+#endif
+
+#if CHUNK==32
+
+const chunk MConst=0x1914C4E5;
+const BIG Modulus= {0xEB4A713,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
+const BIG CURVE_Order= {0xD30210D,0x13ABBBF4,0xCB2CD8E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x4081,0x40300,0x10};
+const BIG CURVE_Cru= {0xB4FCD87,0xF5A9EAD,0xEAC47EB,0x19054BE5,0x104C9764,0x18A3B28A,0x12006};
+const BIG CURVE_Fra= {0xDC80022,0xFAE8A75,0x1EB338D6,0x189209AD,0x13211BE6,0x4F8C850,0x10E53D94,0x12593778,0x1328A2};
+const BIG CURVE_Frb= {0xECA6F1,0x53F5582,0x1E65F5D9,0x1C18A27B,0x1A3DEB01,0x10A2832B,0x1456AA9A,0x9136B67,0x10D87E};
+const BIG CURVE_Pxa= {0x88E65BB,0x144C3F11,0xA98C4EF,0x18015A39,0x1548B7CC,0xA992820,0xE7AF301,0x19A09826,0x14483F};
+const BIG CURVE_Pxb= {0x8DBE2C0,0x133C4440,0x78D214E,0xAFFC3F0,0x51B57B9,0x285318D,0xC0B68FF,0x166709D8,0x87F46};
+const BIG CURVE_Pya= {0x20CA1D,0x101623F,0xE67CDB,0x19682CFD,0x19F72C94,0x14E372A1,0xF5D28B1,0x13820561,0x14E8C2};
+const BIG CURVE_Pyb= {0x116628F2,0x1EC21BE3,0xF2DF71A,0x144FC2CF,0x172681D0,0xC54163A,0xF47B7B0,0x148C48A9,0x17AFE2};
+const BIG CURVE_Gx= {0xEB4A712,0x14EDDFF7,0x1D192EAF,0x14AAAC29,0xD5F06E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x1838403,0x1321803,0x106660E1,0x3024304,0x600},{0x8101,0x80600,0x20}};
+const BIG CURVE_SB[2][2]= {{{0x1840504,0x13A1E03,0x10666101,0x3024304,0x600},{0x8101,0x80600,0x20}},{{0x8101,0x80600,0x20},{0xBAC9D0A,0x1279A3F1,0x1C4C6CAD,0xEA62620,0xD5EFAE8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}}};
+const BIG CURVE_WB[4]= {{0x80C080,0xB0A0301,0x10222030,0x100C101,0x200},{0x88C4A85,0x15A9C820,0x14B71B0D,0x1D5A5F46,0x158868ED,0x106D21B1,0xC004},{0x4464583,0x1AD6E590,0xA5B8D8E,0x1EAD2FA3,0x1AC43476,0x83690D8,0x6002},{0x814181,0xB120901,0x10222050,0x100C101,0x200}};
+const BIG CURVE_BB[4][4]= {{{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x8102,0x80600,0x20}},{{0x8101,0x80600,0x20},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08D,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0xD2FE08C,0x13A7B8F4,0xCB2CD7E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120}},{{0x8102,0x80600,0x20},{0x8101,0x80600,0x20},{0x8101,0x80600,0x20},{0x8101,0x80600,0x20}},{{0x4082,0x40300,0x10},{0x10202,0x100C00,0x40},{0xD2FA00A,0x13A3B5F4,0xCB2CD6E,0x11A86925,0xD5F00E8,0x159B4B7C,0x53BE82E,0x1B6CA2E0,0x240120},{0x4082,0x40300,0x10}}};
+#endif
+
+#if CHUNK==64
+
+const chunk MConst=0xC5A872D914C4E5;
+const BIG Modulus= {0x9DBBFEEEB4A713,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB};
+const BIG CURVE_Order= {0x75777E8D30210D,0xD43492B2CB363A,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x806000004081,0x40};
+const BIG CURVE_Cru= {0xEB53D5AB4FCD87,0x82A5F2BAB11FAD,0x47651504C9764C,0x4801B1};
+const BIG CURVE_Fra= {0xF5D14EADC80022,0x4904D6FACCE359,0xF190A13211BE6C,0xC9BBC4394F6509,0x1328A292};
+const BIG CURVE_Frb= {0xA7EAB040ECA6F1,0xC513DF997D764,0x450657A3DEB01E,0x9B5B3D15AAA6A1,0x10D87E48};
+const BIG CURVE_Pxa= {0x8987E2288E65BB,0xAD1CAA6313BE,0x325041548B7CCC,0x4C1339EBCC055,0x14483FCD};
+const BIG CURVE_Pxb= {0x67888808DBE2C0,0x7FE1F81E34853A,0xA631A51B57B95,0x384EC302DA3FC5,0x87F46B3};
+const BIG CURVE_Pya= {0x202C47E020CA1D,0xB4167E8399F36C,0xC6E5439F72C94C,0x102B0BD74A2C69,0x14E8C29C};
+const BIG CURVE_Pyb= {0xD8437C716628F2,0x27E167BCB7DC6B,0xA82C7572681D0A,0x62454BD1EDEC18,0x17AFE2A4};
+const BIG CURVE_Gx= {0x9DBBFEEEB4A712,0x555614F464BABE,0x3696F8D5F06E8A,0x6517014EFA0BAB,0x240120DB};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x26430061838403,0x81218241998384,0x6001},{0x100C000008101,0x80}};
+const BIG CURVE_SB[2][2]= {{{0x2743C061840504,0x81218241998404,0x6001},{0x100C000008101,0x80}},{{0x100C000008101,0x80},{0x4F347E2BAC9D0A,0x5313107131B2B6,0x3696F8D5EFAE87,0x6517014EFA0BAB,0x240120DB}}};
+const BIG CURVE_WB[4]= {{0x6140602080C080,0x806080C08880C1,0x2000},{0xB53904088C4A85,0xAD2FA352DC6C36,0xDA436358868EDE,0x300120},{0x5ADCB204464583,0x5697D1A96E363B,0x6D21B1AC43476F,0x180090},{0x62412020814181,0x806080C0888141,0x2000}};
+const BIG CURVE_BB[4][4]= {{{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x100C000008102,0x80}},{{0x100C000008101,0x80},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08D,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x74F71E8D2FE08C,0xD43492B2CB35FA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB}},{{0x100C000008102,0x80},{0x100C000008101,0x80},{0x100C000008101,0x80},{0x100C000008101,0x80}},{{0x806000004082,0x40},{0x2018000010202,0x100},{0x7476BE8D2FA00A,0xD43492B2CB35BA,0x3696F8D5F00E88,0x6517014EFA0BAB,0x240120DB},{0x806000004082,0x40}}};
+#endif
+
+#endif
+
+#if CHOICE==BN254_T2
+
+const int CURVE_A=0;
+#if CHUNK==16
+
+const chunk MConst=0x1CDD;
+const BIG Modulus= {0x48B,0x305,0xAED,0x5B8,0x1E8B,0xB28,0x3C3,0x1C85,0xF93,0x40E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
+const BIG CURVE_Order= {0xBF5,0xD51,0x944,0x16E3,0x1D7F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x205,0x304,0x40,0x4,0x400};
+const BIG CURVE_Cru= {0x1D33,0x335,0x1112,0x4E,0xFB5,0x387,0x59,0xEE6,0x155B,0x11B3,0x1B3C,0x2F7,0xC36,0x3,0x120};
+const BIG CURVE_Fra= {0x1062,0x1D77,0x125C,0x4D1,0x92B,0x1E72,0xF0E,0x1366,0x1CC6,0xADD,0x1FC6,0x1F46,0x1F67,0x520,0x1AF4,0x1956,0x9E8,0x1C69,0x1382,0x24};
+const BIG CURVE_Frb= {0x1429,0x58D,0x1890,0xE6,0x1560,0xCB6,0x14B4,0x91E,0x12CD,0x1930,0x1439,0x17CC,0x18B,0x1EF,0x1BE9,0x11FE,0x1726,0x7A8,0xC7E,0x23};
+const BIG CURVE_Pxa= {0x3C8,0x1A05,0xE67,0x1924,0x4AC,0x8BC,0x598,0x149D,0x15CD,0x359,0x185C,0xAD2,0x17B0,0x1CEB,0x609,0x18C6,0x1693,0x1E7C,0x1F05,0x2D};
+const BIG CURVE_Pxb= {0x1540,0x2A4,0x2B6,0xAF5,0x105,0x883,0x1BD9,0xF7C,0x1B6F,0x8BE,0xA57,0x120F,0x565,0xC4,0x272,0xEB2,0x1D59,0x805,0xD6D,0x3D};
+const BIG CURVE_Pya= {0x513,0x110,0x1145,0x17D9,0x1147,0x19BD,0x1839,0xF10,0x44A,0x934,0xD7C,0x1072,0x51B,0x6FD,0xA75,0x455,0x1614,0x4C3,0x3B9,0x3D};
+const BIG CURVE_Pyb= {0x78E,0x1BE7,0x3D5,0x1265,0x1FB,0x12BC,0x9BE,0x8DC,0x1EB7,0x713,0x7EE,0x1B78,0xA93,0xEBB,0xE8A,0x77B,0x1AE3,0x66D,0x13BD,0x47};
+const BIG CURVE_Gx= {0x48A,0x305,0xAED,0x5B8,0x1E8B,0xB28,0x3C3,0x1C85,0xF93,0x40E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x1083,0x9A3,0xA8,0xEC5,0x110B,0xF0E,0x4E6,0x60,0x6,0x300},{0x409,0x608,0x80,0x8,0x800}};
+const BIG CURVE_SB[2][2]= {{{0x148C,0xFAB,0x128,0xECD,0x190B,0xF0E,0x4E6,0x60,0x6,0x300},{0x409,0x608,0x80,0x8,0x800}},{{0x409,0x608,0x80,0x8,0x800},{0x1B72,0x3AD,0x89C,0x81E,0xC74,0xD0B,0x19F6,0x1BC4,0xF87,0x1E0E,0x13FF,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48}}};
+const BIG CURVE_WB[4]= {{0x224,0x1385,0x1522,0x4E5,0x1459,0x504,0x1A2,0x20,0x2,0x100},{0xF19,0x187,0xB3C,0x14AE,0x1D5,0x1B9,0x18D5,0xA2E,0x396,0xDCD,0x1228,0x1FA,0x824,0x2,0xC0},{0x188F,0x245,0x5BE,0x1A59,0x12EA,0x10DC,0xC6A,0x517,0x11CB,0x6E6,0x914,0xFD,0x412,0x1,0x60},{0x62D,0x198D,0x15A2,0x4ED,0x1C59,0x504,0x1A2,0x20,0x2,0x100}};
+const BIG CURVE_BB[4][4]= {{{0x9F1,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x40A,0x608,0x80,0x8,0x800}},{{0x409,0x608,0x80,0x8,0x800},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F1,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x9F0,0xA4D,0x904,0x16DF,0x197F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48}},{{0x40A,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800},{0x409,0x608,0x80,0x8,0x800}},{{0x206,0x304,0x40,0x4,0x400},{0x8
12,0xC10,0x100,0x10,0x1000},{0x7EA,0x749,0x8C4,0x16DB,0x157F,0x1C19,0x1EDC,0x1C24,0xF8D,0x10E,0x1400,0x1713,0xF3,0x710,0x16DD,0xB55,0x10F,0x412,0x1,0x48},{0x206,0x304,0x40,0x4,0x400}}};
+#endif
+
+#if CHUNK==32
+
+const chunk MConst=0x6505CDD;
+const BIG Modulus= {0x1460A48B,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
+const BIG CURVE_Order= {0x11AA2BF5,0x1FDB8D28,0xDCE0CF5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x608205,0x1008,0x10};
+const BIG CURVE_Cru= {0x866BD33,0x1A813A22,0x591C3BE,0xAB6EE60,0x1ECF2367,0x361B0BD,0x12000};
+const BIG CURVE_Fra= {0x13AEF062,0x1593464B,0x10EF3924,0x198D3667,0x17F195BB,0xFB3FD1,0xADAF429,0x11A53D19,0x124E0B};
+const BIG CURVE_Frb= {0xB1B429,0x10039B12,0xB465B55,0x59A91EA,0x50E7261,0xF0C5DF3,0x1FDBE90F,0x1EA2E4D1,0x11B1F8};
+const BIG CURVE_Pxa= {0x1F40A3C8,0x166491CC,0x19845E12,0xB9B49D2,0x161706B3,0xBBD82B4,0x18C609E7,0x19F2D278,0x16FC17};
+const BIG CURVE_Pxb= {0x18549540,0x2ABD456,0x1D944184,0x16DEF7CD,0x1A95D17D,0x42B2C83,0x16427206,0x17AB2E,0x1EB5B5};
+const BIG CURVE_Pya= {0x14220513,0x3DF6628,0x39CDEC5,0x894F10C,0x135F1268,0x1D28DC1C,0xAAA7537,0x130EC284,0x1E8EE4};
+const BIG CURVE_Pyb= {0x177CE78E,0x1DC9947A,0x1BE95E07,0x1D6E8DC4,0x1FB8E27,0x1B549EDE,0xF6E8A75,0x19B75C67,0x23CEF4};
+const BIG CURVE_Gx= {0x1460A48A,0x596E15D,0x1C35947A,0x1F27C851,0x1D00081C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x1347083,0x5BB1415,0xE678744,0xC0602,0x600},{0xC10409,0x2010,0x20}};
+const BIG CURVE_SB[2][2]= {{{0x1F5748C,0x5BB3425,0xE678764,0xC0602,0x600},{0xC10409,0x2010,0x20}},{{0xC10409,0x2010,0x20},{0x1075BB72,0x1A207913,0x1F6685B1,0x1F0FBC4C,0x1CFFFC1C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}}};
+const BIG CURVE_WB[4]= {{0xA70A224,0xC9396A4,0x1A228251,0x40200,0x200},{0x1030EF19,0xAD2B967,0xD50DC87,0x72CA2EC,0x148A1B9A,0x241207E,0xC000},{0x1848B88F,0x156964B7,0x6A86E4B,0x3965176,0xA450DCD,0x120903F,0x6000},{0xB31A62D,0xC93B6B4,0x1A228271,0x40200,0x200}};
+const BIG CURVE_BB[4][4]= {{{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0xC1040A,0x2010,0x20}},{{0xC10409,0x2010,0x20},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F1,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x1149A9F0,0x1FDB7D20,0xDCE0CE5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004}},{{0xC1040A,0x2010,0x20},{0xC10409,0x2010,0x20},{0xC10409,0x2010,0x20},{0xC10409,0x2010,0x20}},{{0x608206,0x1008,0x10},{0x1820812,0x4020,0x40},{0x10E927EA,0x1FDB6D18,0xDCE0CD5,0x1F1BC24F,0x1D00021C,0x10079DC4,0xAB6DD38,0x104821EB,0x240004},{0x608206,0x1008,0x10}}};
+#endif
+
+#if CHUNK==64
+
+const chunk MConst=0xFE6A47A6505CDD;
+const BIG Modulus= {0xB2DC2BB460A48B,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482};
+const BIG CURVE_Order= {0xFB71A511AA2BF5,0x8DE127B73833D7,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x20100608205,0x40};
+const BIG CURVE_Cru= {0x5027444866BD33,0x5B773016470EFB,0xC3617BECF23675,0x480006};
+const BIG CURVE_Fra= {0xB268C973AEF062,0xC69B33C3BCE492,0xF67FA37F195BBC,0x29E8CAB6BD0A41,0x124E0B8D};
+const BIG CURVE_Frb= {0x736240B1B429,0xCD48F52D196D56,0x18BBE650E72612,0x17268FF6FA43DE,0x11B1F8F5};
+const BIG CURVE_Pxa= {0xCC92399F40A3C8,0xCDA4E96611784A,0x7B056961706B35,0x9693C6318279D7,0x16FC17CF};
+const BIG CURVE_Pxb= {0x557A8AD8549540,0x6F7BE6F6510610,0x565907A95D17DB,0xBD5975909C8188,0x1EB5B500};
+const BIG CURVE_Pya= {0x7BECC514220513,0x4A78860E737B14,0x51B83935F12684,0x761422AA9D4DFA,0x1E8EE498};
+const BIG CURVE_Pyb= {0xB9328F577CE78E,0xB746E26FA5781F,0xA93DBC1FB8E27E,0xBAE33BDBA29D76,0x23CEF4CD};
+const BIG CURVE_Gx= {0xB2DC2BB460A48A,0x93E428F0D651E8,0xF3B89D00081CF,0x410F5AADB74E20,0x24000482};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0xB76282A1347083,0x60301399E1D10,0x6000},{0x40200C10409,0x80}};
+const BIG CURVE_SB[2][2]= {{{0xB76684A1F5748C,0x60301399E1D90,0x6000},{0x40200C10409,0x80}},{{0x40200C10409,0x80},{0x440F227075BB72,0x87DE267D9A16C7,0xF3B89CFFFC1CF,0x410F5AADB74E20,0x24000482}}};
+const BIG CURVE_WB[4]= {{0x9272D48A70A224,0x20100688A0945,0x2000},{0x5A572CF030EF19,0x9651763543721D,0x8240FD48A1B9A3,0x300004},{0xAD2C96F848B88F,0xCB28BB1AA1B92E,0x41207EA450DCD1,0x180002},{0x9276D68B31A62D,0x20100688A09C5,0x2000}};
+const BIG CURVE_BB[4][4]= {{{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x40200C1040A,0x80}},{{0x40200C10409,0x80},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F1,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0xFB6FA41149A9F0,0x8DE127B7383397,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482}},{{0x40200C1040A,0x80},{0x40200C10409,0x80},{0x40200C10409,0x80},{0x40200C10409,0x80}},{{0x20100608206,0x40},{0x80401820812,0x100},{0xFB6DA310E927EA,0x8DE127B7383357,0xF3B89D00021CF,0x410F5AADB74E20,0x24000482},{0x20100608206,0x40}}};
+#endif
+
+
+#endif
+
+#if CHOICE==BN254_CX
+
+/* CertiVox BN Curve */
+
+const int CURVE_A=0;
+#if CHUNK==16
+
+const chunk MConst=0x1E85;
+const BIG Modulus= {0x15B3,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
+const BIG CURVE_Order= {0x1F6D,0x1758,0x98D,0x381,0xBE1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x12B1,0x1E00,0x0,0x0,0x400};
+const BIG CURVE_Cru= {0x1C97,0x11A,0x5E5,0x126,0x31E,0x3AB,0x7BE,0xC8E,0x1DDF,0x205,0xFC5,0x1950,0x0,0x0,0x120};
+const BIG CURVE_Fra= {0xEA3,0xE40,0xCD5,0x1210,0x15BD,0x1C10,0x5CF,0x4DE,0x773,0x343,0x626,0x194E,0x18AA,0x10C5,0x12BF,0x2C,0x63A,0x17D,0x1642,0x26};
+const BIG CURVE_Frb= {0x710,0x129A,0xF01,0x1A37,0x628,0x360,0x1A55,0x18E4,0x1863,0x15DE,0x138E,0x1B78,0x1D9C,0xE29,0x403,0x515,0x236,0x1E83,0x9BD,0x21};
+const BIG CURVE_Pxa= {0xC74,0x697,0x1BB9,0xA39,0xC08,0x1393,0xF8,0x17F4,0x1C85,0x1C83,0x12EE,0xB86,0x100F,0x592,0x18D6,0x164A,0x1053,0x963,0x1A0B,0x32};
+const BIG CURVE_Pxb= {0xFE1,0x114E,0x2CB,0xB1D,0x147A,0x187,0x827,0x1618,0x1B97,0x1FC0,0x5D0,0x11D3,0x137A,0x8E4,0xA80,0x1EC9,0x1E19,0xF61,0x19AE,0x28};
+const BIG CURVE_Pya= {0x9F,0x185F,0x1AF3,0x17F9,0x10CF,0xD9,0x11FB,0x7B0,0x1B3,0xB1B,0x1882,0x1B5D,0x157,0xF11,0x1760,0x571,0x1233,0xECB,0x1E7B,0x14};
+const BIG CURVE_Pyb= {0xE9D,0x4C7,0x8A2,0x96,0x1ED9,0x16F5,0x74B,0x14AD,0x64E,0xE14,0xD18,0x1B1A,0x512,0x372,0xD7,0x1812,0xCC4,0x1CF,0x583,0xC};
+const BIG CURVE_Gx= {0x15B2,0xDA,0x1BD7,0xC47,0x1BE6,0x1F70,0x24,0x1DC3,0x1FD6,0x1921,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0xB83,0x117F,0x1245,0x8C6,0x5,0x1C09,0xD00,0x1,0x0,0x300},{0x561,0x1C01,0x1,0x0,0x800}};
+const BIG CURVE_SB[2][2]= {{{0x10E4,0xD80,0x1247,0x8C6,0x805,0x1C09,0xD00,0x1,0x0,0x300},{0x561,0x1C01,0x1,0x0,0x800}},{{0x561,0x1C01,0x1,0x0,0x800},{0x13EA,0x5D9,0x1748,0x1ABA,0xBDB,0x75E,0x623,0x1DC0,0x1FD6,0x1321,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}}};
+const BIG CURVE_WB[4]= {{0x4B0,0x13D4,0x615,0x1842,0x401,0x958,0xF00,0x0,0x0,0x100},{0x475,0x1110,0x56F,0x1BF3,0x36C,0x1FCD,0x329,0x1DB5,0x1E94,0xE03,0xA83,0x10E0,0x0,0x0,0xC0},{0xB93,0x788,0x12B8,0xDF9,0x13B6,0x1FE6,0x1194,0xEDA,0x1F4A,0x1701,0x541,0x870,0x0,0x0,0x60},{0xA11,0xFD5,0x617,0x1842,0xC01,0x958,0xF00,0x0,0x0,0x100}};
+const BIG CURVE_BB[4][4]= {{{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x562,0x1C01,0x1,0x0,0x800}},{{0x561,0x1C01,0x1,0x0,0x800},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBD,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0xCBC,0x1958,0x98C,0x381,0x7E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48}},{{0x562,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800},{0x561,0x1C01,0x1,0x0,0x800}},{{0x12B2,0x1E00,0x0,0x0,0x40
0},{0xAC2,0x1802,0x3,0x0,0x1000},{0x1A0A,0x1B57,0x98B,0x381,0x3E1,0x367,0x1324,0x1DC1,0x1FD6,0x1621,0x19B4,0x14C6,0x1647,0x1EEF,0x16C2,0x541,0x870,0x0,0x0,0x48},{0x12B2,0x1E00,0x0,0x0,0x400}}};
+#endif
+
+#if CHUNK==32
+
+const chunk MConst=0x19789E85;
+const BIG Modulus= {0x1C1B55B3,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
+const BIG CURVE_Order= {0x16EB1F6D,0x108E0531,0x1241B3AF,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x3C012B1,0x0,0x10};
+const BIG CURVE_Cru= {0x14235C97,0xF0498BC,0x1BE1D58C,0x1BBEC8E3,0x3F1440B,0x654,0x12000};
+const BIG CURVE_Fra= {0x15C80EA3,0x1EC8419A,0x1CFE0856,0xEE64DE2,0x11898686,0x5C55653,0x592BF86,0x5F4C740,0x135908};
+const BIG CURVE_Frb= {0x6534710,0x1468DDE0,0x551B018,0x10C78E4D,0x4E3ABBD,0x9ECE6DE,0x2A40371,0x1A0C46C5,0x10A6F7};
+const BIG CURVE_Pxa= {0x4D2EC74,0x428E777,0xF89C9B0,0x190B7F40,0x14BBB907,0x12807AE1,0x958D62C,0x58E0A76,0x19682D};
+const BIG CURVE_Pxb= {0xE29CFE1,0x1D2C7459,0x270C3D1,0x172F6184,0x19743F81,0x49BD474,0x192A8047,0x1D87C33E,0x1466B9};
+const BIG CURVE_Pya= {0xF0BE09F,0x7DFE75E,0x1FB06CC3,0x3667B08,0xE209636,0x110ABED7,0xE376078,0x1B2E4665,0xA79ED};
+const BIG CURVE_Pyb= {0x898EE9D,0xC825914,0x14BB7AFB,0xC9D4AD3,0x13461C28,0x122896C6,0x240D71B,0x73D9898,0x6160C};
+const BIG CURVE_Gx= {0x1C1B55B2,0x13311F7A,0x24FB86F,0x1FADDC30,0x166D3243,0xFB23D31,0x836C2F7,0x10E05,0x240000};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x162FEB83,0x2A31A48,0x100E0480,0x16,0x600},{0x7802561,0x0,0x20}};
+const BIG CURVE_SB[2][2]= {{{0x1DB010E4,0x2A31A48,0x100E04A0,0x16,0x600},{0x7802561,0x0,0x20}},{{0x7802561,0x0,0x20},{0xBB33EA,0xDEAEAE9,0x233AF2F,0x1FADDC03,0x166D2643,0xFB23D31,0x836C2F7,0x10E05,0x240000}}};
+const BIG CURVE_WB[4]= {{0x167A84B0,0xE108C2,0x1004AC10,0x7,0x200},{0x1E220475,0x166FCCAD,0x129FE68D,0x1D29DB51,0x2A0DC07,0x438,0xC000},{0xF10B93,0x1B37E657,0x194FF34E,0x1E94EDA8,0x1506E03,0x21C,0x6000},{0x1DFAAA11,0xE108C2,0x1004AC30,0x7,0x200}};
+const BIG CURVE_BB[4][4]= {{{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x7802562,0x0,0x20}},{{0x7802561,0x0,0x20},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBD,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x132B0CBC,0x108E0531,0x1241B39F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000}},{{0x7802562,0x0,0x20},{0x7802561,0x0,0x20},{0x7802561,0x0,0x20},{0x7802561,0x0,0x20}},{{0x3C012B2,0x0,0x10},{0xF004AC2,0x0,0x40},{0xF6AFA0A,0x108E0531,0x1241B38F,0x1FADDC19,0x166D2C43,0xFB23D31,0x836C2F7,0x10E05,0x240000},{0x3C012B2,0x0,0x10}}};
+#endif
+
+#if CHUNK==64
+
+const chunk MConst=0x4E205BF9789E85;
+const BIG Modulus= {0x6623EF5C1B55B3,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000};
+const BIG CURVE_Order= {0x11C0A636EB1F6D,0xD6EE0CC906CEBE,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x3C012B1,0x40};
+const BIG CURVE_Cru= {0xE0931794235C97,0xDF6471EF875631,0xCA83F1440BD,0x480000};
+const BIG CURVE_Fra= {0xD9083355C80EA3,0x7326F173F8215B,0x8AACA718986867,0xA63A0164AFE18B,0x1359082F};
+const BIG CURVE_Frb= {0x8D1BBC06534710,0x63C7269546C062,0xD9CDBC4E3ABBD8,0x623628A900DC53,0x10A6F7D0};
+const BIG CURVE_Pxa= {0x851CEEE4D2EC74,0x85BFA03E2726C0,0xF5C34BBB907C,0x7053B256358B25,0x19682D2C};
+const BIG CURVE_Pxb= {0xA58E8B2E29CFE1,0x97B0C209C30F47,0x37A8E99743F81B,0x3E19F64AA011C9,0x1466B9EC};
+const BIG CURVE_Pya= {0xFBFCEBCF0BE09F,0xB33D847EC1B30C,0x157DAEE2096361,0x72332B8DD81E22,0xA79EDD9};
+const BIG CURVE_Pyb= {0x904B228898EE9D,0x4EA569D2EDEBED,0x512D8D3461C286,0xECC4C09035C6E4,0x6160C39};
+const BIG CURVE_Gx= {0x6623EF5C1B55B2,0xD6EE18093EE1BE,0x647A6366D3243F,0x8702A0DB0BDDF,0x24000000};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x546349162FEB83,0xB40381200,0x6000},{0x7802561,0x80}};
+const BIG CURVE_SB[2][2]= {{{0x5463491DB010E4,0xB40381280,0x6000},{0x7802561,0x80}},{{0x7802561,0x80},{0xBD5D5D20BB33EA,0xD6EE0188CEBCBD,0x647A6366D2643F,0x8702A0DB0BDDF,0x24000000}}};
+const BIG CURVE_WB[4]= {{0x1C2118567A84B0,0x3C012B040,0x2000},{0xCDF995BE220475,0x94EDA8CA7F9A36,0x8702A0DC07E,0x300000},{0x66FCCAE0F10B93,0x4A76D4653FCD3B,0x4381506E03F,0x180000},{0x1C21185DFAAA11,0x3C012B0C0,0x2000}};
+const BIG CURVE_BB[4][4]= {{{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x7802562,0x80}},{{0x7802561,0x80},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBD,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x11C0A6332B0CBC,0xD6EE0CC906CE7E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000}},{{0x7802562,0x80},{0x7802561,0x80},{0x7802561,0x80},{0x7802561,0x80}},{{0x3C012B2,0x40},{0xF004AC2,0x100},{0x11C0A62F6AFA0A,0xD6EE0CC906CE3E,0x647A6366D2C43F,0x8702A0DB0BDDF,0x24000000},{0x3C012B2,0x40}}};
+#endif
+
+#endif
+
+#if CHOICE==NIST256
+
+/* Standard NIST-256 Curve */
+
+const int CURVE_A= -3;
+const chunk MConst=1;
+
+#if CHUNK==16
+
+const BIG Modulus= {0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1F,0x0,0x0,0x0,0x0,0x0,0x0,0x400,0x0,0x0,0x1FF8,0x1FFF,0x1FF};
+const BIG CURVE_B= {0x4B,0x1E93,0xF89,0x1C78,0x3BC,0x187B,0x114E,0x1619,0x1D06,0x328,0x1AF,0xD31,0x1557,0x15DE,0x1ECF,0x127C,0xA3A,0xEC5,0x118D,0xB5};
+const BIG CURVE_Order= {0x551,0x319,0x10BF,0x1395,0xF3B,0xF42,0x1C5E,0x15B4,0x6FA,0x1DE7,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x3FF,0x0,0x0,0x1FF8,0x1FFF,0x1FF};
+const BIG CURVE_Gx= {0x296,0x4C6,0x1176,0x272,0xF4A,0x19D0,0x17AC,0x1025,0x37D,0x13B8,0x103C,0x748,0xE56,0x1E73,0x1FE2,0x848,0x12C,0xF97,0x5F4,0xD6};
+const BIG CURVE_Gy= {0x11F5,0x1DFA,0x1A0D,0xC80,0xCBB,0xF67,0xCC5,0xAED,0xE33,0x115E,0x785,0x181F,0x14A7,0x13F5,0xE3B,0xFF3,0x1E1A,0x1717,0x18D0,0x9F};
+
+#endif
+
+#if CHUNK==32
+
+const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FF,0x0,0x0,0x40000,0x1FE00000,0xFFFFFF};
+const BIG CURVE_B= {0x7D2604B,0x1E71E1F1,0x14EC3D8E,0x1A0D6198,0x86BC651,0x1EAABB4C,0xF9ECFAE,0x1B154752,0x5AC635};
+const BIG CURVE_Order= {0x1C632551,0x1DCE5617,0x5E7A13C,0xDF55B4E,0x1FFFFBCE,0x1FFFFFFF,0x3FFFF,0x1FE00000,0xFFFFFF};
+const BIG CURVE_Gx= {0x1898C296,0x509CA2E,0x1ACCE83D,0x6FB025B,0x40F2770,0x1372B1D2,0x91FE2F3,0x1E5C2588,0x6B17D1};
+const BIG CURVE_Gy= {0x17BF51F5,0x1DB20341,0xC57B3B2,0x1C66AED6,0x19E162BC,0x15A53E07,0x1E6E3B9F,0x1C5FC34F,0x4FE342};
+
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0xFFFFFFFFFFFFFF,0xFFFFFFFFFF,0x0,0x1000000,0xFFFFFFFF};
+const BIG CURVE_B= {0xCE3C3E27D2604B,0x6B0CC53B0F63B,0x55769886BC651D,0xAA3A93E7B3EBBD,0x5AC635D8};
+const BIG CURVE_Order= {0xB9CAC2FC632551,0xFAADA7179E84F3,0xFFFFFFFFFFBCE6,0xFFFFFF,0xFFFFFFFF};
+const BIG CURVE_Gx= {0xA13945D898C296,0x7D812DEB33A0F4,0xE563A440F27703,0xE12C4247F8BCE6,0x6B17D1F2};
+const BIG CURVE_Gy= {0xB6406837BF51F5,0x33576B315ECECB,0x4A7C0F9E162BCE,0xFE1A7F9B8EE7EB,0x4FE342E2};
+
+#endif
+
+#endif
+
+#if CHOICE==MF254
+
+/* Montgomery-Friendly NUMS curves http://eprint.iacr.org/2014/130 */
+
+/* p=k.2^n-1 where n is multiple of BASEBITS - but k can be adjusted. */
+/* Here p=2^240(2^14-127)-1 = 2^232(2^22-256.127)-1 where 8*29=232 and (2^22-256.127)=0x3F8100 */
+/* or = 2^224(2^30-65536.127)-1 where 4*56=224 and (2^30-65536.127) = 0x3F810000 */
+
+#if CHUNK==32
+
+const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
+const chunk MConst=0x3F8100;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A= -3;
+const BIG CURVE_Order= {0xF8DF83F,0x1D20CE25,0x8DD701B,0x317D41B,0x1FFFFEB8,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
+const BIG CURVE_B= {0x1FFFD08D,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3F80FF};
+const BIG CURVE_Gx= {0x2};
+const BIG CURVE_Gy= {0x190D4EBC,0xB2EF9BF,0x14464C6B,0xE71C7F0,0x18AEBDFB,0xD3ADEBB,0x18052B85,0x1A6765CA,0x140E3F};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A= -1;
+const BIG CURVE_Order= {0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
+const BIG CURVE_B= {0x367B};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0xF2701E5,0x29687ED,0xC84861F,0x535081C,0x3F4E363,0x6A811B,0xCD65474,0x121AD498,0x19F0E6};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+
+const int CURVE_A=-55790;
+const BIG CURVE_Order= {0x46E98C7,0x179E9FF6,0x158BEC3A,0xA60D917,0x1FFFFEB9,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFE03F};
+const BIG CURVE_Gx= {0x3};
+
+#endif
+
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF};
+const chunk MConst=0x3F810000;
+
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A= -3;
+const BIG CURVE_Order= {0xA419C4AF8DF83F,0x8BEA0DA375C06F,0xFFFFFFFFFFEB81,0xFFFFFFFFFFFFFF,0x3F80FFFF};
+const BIG CURVE_B= {0xFFFFFFFFFFD08D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x3F80FFFF};
+const BIG CURVE_Gx= {0x2};
+const BIG CURVE_Gy= {0x65DF37F90D4EBC,0x38E3F8511931AD,0x75BD778AEBDFB7,0x3B2E56014AE15A,0x140E3FD3};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A= -1;
+const BIG CURVE_Order= {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF};
+const BIG CURVE_B= {0x367B};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0x52D0FDAF2701E5,0x9A840E3212187C,0xD502363F4E3632,0xD6A4C335951D00,0x19F0E690};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+const int CURVE_A=-55790;
+const BIG CURVE_Order= {0xF3D3FEC46E98C7,0x306C8BD62FB0EA,0xFFFFFFFFFFEB95,0xFFFFFFFFFFFFFF,0xFE03FFF};
+const BIG CURVE_Gx= {0x3};
+#endif
+
+#endif
+
+#endif
+
+
+
+
+#if CHOICE==MF256
+
+/* Montgomery-Friendly NUMS curves http://eprint.iacr.org/2014/130 */
+
+#if CHUNK==32
+
+const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
+const chunk MConst=0xFFA800;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A= -3;
+const BIG CURVE_Order= {0x79857EB,0x8862F0D,0x1941D2E7,0x2EA27CD,0x1FFFFFC5,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFA7FF};
+const BIG CURVE_B= {0x14E6A};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0xB724D2A,0x3CAA61,0x5371984,0x128FD71B,0x1AE28956,0x1D13091E,0x339EEAE,0x10F7C301,0x20887C};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A= -1;
+const BIG CURVE_Order= {0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
+const BIG CURVE_B= {0x350A};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0x12F3C908,0xF553917,0x1FA9A35F,0xBCC91B,0x1AACA0C,0x1779ED96,0x156BABAF,0x1F1F1989,0xDAD8D4};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+
+const int CURVE_A=-54314;
+const BIG CURVE_Order= {0x18EC7BAB,0x16C976F6,0x19CCF259,0x9775F70,0x1FFFFB15,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FE9FF};
+const BIG CURVE_Gx= {0x8};
+
+#endif
+
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFA7FFFF};
+const chunk MConst=0xFFA80000;
+
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A= -3;
+const BIG CURVE_Order= {0x10C5E1A79857EB,0x7513E6E5074B9D,0xFFFFFFFFFFFC51,0xFFFFFFFFFFFFFF,0xFFA7FFFF};
+const BIG CURVE_B= {0x14E6A};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0x7954C2B724D2A,0x47EB8D94DC6610,0x26123DAE289569,0xBE1808CE7BABBA,0x20887C87};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A= -1;
+const BIG CURVE_Order= {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF};
+const BIG CURVE_B= {0x350A};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0xEAA722F2F3C908,0x5E648DFEA68D7D,0xF3DB2C1AACA0C0,0xF8CC4D5AEAEBEE,0xDAD8D4F8};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+const int CURVE_A=-54314;
+const BIG CURVE_Order= {0xD92EDED8EC7BAB,0xBBAFB86733C966,0xFFFFFFFFFFB154,0xFFFFFFFFFFFFFF,0x3FE9FFFF};
+const BIG CURVE_Gx= {0x8};
+#endif
+
+#endif
+
+#endif
+
+
+
+
+#if CHOICE==MS255
+/* Pseudo-Mersenne NUMS curves http://eprint.iacr.org/2014/130 */
+
+#if CHUNK==16
+const BIG Modulus= {0x1D03,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
+const chunk MConst=0x2FD;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_Order= {0xAEB,0x2CA,0x60F,0x1F59,0x1AB8,0x19EF,0xB4A,0x507,0xA38,0x1C32,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
+const BIG CURVE_B= {0xB46,0x1FFD,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0x4BA,0xE5A,0x19DA,0x7FE,0x1173,0x1306,0x17F6,0x119B,0x16C7,0x1BED,0x1F45,0x5FE,0x1F9B,0xF5F,0xE48,0xF06,0xDBA,0x1607,0x1E9A,0xDE};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_Order= {0xB75,0x1B7,0x1B41,0x13A3,0xAC4,0x197,0x169A,0x10BD,0x11A7,0x1EE7,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x3F};
+const BIG CURVE_B= {0xA97,0x7};
+const BIG CURVE_Gx= {0x4};
+const BIG CURVE_Gy= {0x16A0,0x439,0x16F4,0x144A,0x1BA2,0xD22,0x1511,0x115D,0x114B,0xA94,0x11F9,0x1C18,0xDD8,0x12A6,0x17B0,0x16A8,0xA7B,0x29A,0x12DE,0x4D};
+#endif
+
+#endif
+
+#if CHUNK==32
+const BIG Modulus= {0x1FFFFD03,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
+const chunk MConst=0x2FD;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_Order= {0x1C594AEB,0x1C7D64C1,0x14ACF7EA,0x14705075,0x1FFFF864,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
+const BIG CURVE_B= {0x1FFFAB46,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0x9CB44BA,0x199FFB3B,0x1F698345,0xD8F19BB,0x17D177DB,0x1FFCD97F,0xCE487A,0x181DB74F,0x6F7A6A};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_Order= {0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
+const BIG CURVE_B= {0xEA97};
+const BIG CURVE_Gx= {0x4};
+const BIG CURVE_Gy= {0x108736A0,0x11512ADE,0x1116916E,0x29715DA,0x47E5529,0x66EC706,0x1517B095,0xA694F76,0x26CB78};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+const int CURVE_A=-240222;
+const BIG CURVE_Order= {0x436EB75,0x24E8F68,0x9A0CBAB,0x34F0BDB,0x1FFFFDCF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFF};
+const BIG CURVE_Gx= {0x4};
+#endif
+
+
+#endif
+
+#if CHUNK==64
+const BIG Modulus= {0xFFFFFFFFFFFD03,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
+const chunk MConst=0x2FD;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_Order= {0x8FAC983C594AEB,0x38283AD2B3DFAB,0xFFFFFFFFFF864A,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
+const BIG CURVE_B= {0xFFFFFFFFFFAB46,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0x33FF6769CB44BA,0xC78CDDFDA60D17,0xF9B2FF7D177DB6,0xEDBA7833921EBF,0x6F7A6AC0};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_Order= {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF};
+const BIG CURVE_B= {0xEA97};
+const BIG CURVE_Gx= {0x4};
+const BIG CURVE_Gy= {0x2A255BD08736A0,0x4B8AED445A45BA,0xDD8E0C47E55291,0x4A7BB545EC254C,0x26CB7853};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+const int CURVE_A=-240222;
+const BIG CURVE_Order= {0x49D1ED0436EB75,0xA785EDA6832EAC,0xFFFFFFFFFFDCF1,0xFFFFFFFFFFFFFF,0x1FFFFFFF};
+const BIG CURVE_Gx= {0x4};
+#endif
+
+#endif
+
+#endif
+
+
+
+#if CHOICE==MS256
+/* Pseudo-Mersenne NUMS curves http://eprint.iacr.org/2014/130 */
+
+#if CHUNK==16
+const BIG Modulus= {0x1F43,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
+const chunk MConst=0xBD;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_Order= {0x825,0x1A8D,0xA51,0x1640,0x20A,0xE30,0x899,0xEBD,0x1C82,0x1F21,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FF};
+const BIG CURVE_B= {0x1581,0x12};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0xC77,0x15AB,0x1B0,0x8C6,0x10BF,0x760,0x1625,0x126E,0xC2F,0x1E81,0x175A,0x1DDD,0x16CC,0x164,0x1FF2,0xCDA,0x1E4,0x29E,0x1BC6,0xD2};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_Order= {0x14AD,0x915,0x1BC4,0x109C,0xE5B,0x1E32,0x29A,0xB5A,0xAA5,0x1DF3,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x7F};
+const BIG CURVE_B= {0x1BEE,0x1};
+const BIG CURVE_Gx= {0xd};
+const BIG CURVE_Gy= {0xDBA,0x18E5,0xD4C,0x1EDF,0x1707,0x181F,0x934,0xC70,0xA6D,0x1DF1,0x11AF,0x1F40,0xB39,0x998,0xE8F,0xEDB,0xA12,0xF1,0x2AD,0xFA};
+#endif
+
+#endif
+
+#if CHUNK==32
+const BIG Modulus= {0x1FFFFF43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
+const chunk MConst=0xBD;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_Order= {0x751A825,0x559014A,0x9971808,0x1904EBD4,0x1FFFFE43,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFFFFFF};
+const BIG CURVE_B= {0x25581};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0x2B56C77,0x1FA31836,0x253B042,0x185F26EB,0xDD6BD02,0x4B66777,0x1B5FF20B,0xA783C8C,0x696F18};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_Order= {0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
+const BIG CURVE_B= {0x3BEE};
+const BIG CURVE_Gx= {0xd};
+const BIG CURVE_Gy= {0x131CADBA,0x3FB7DA9,0x134C0FDC,0x14DAC704,0x46BFBE2,0x1859CFD0,0x1B6E8F4C,0x3C5424E,0x7D0AB4};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+const int CURVE_A=-61370;
+const BIG CURVE_Order= {0x1122B4AD,0xDC27378,0x9AF1939,0x154AB5A1,0x1FFFFBE6,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x3FFFFF};
+const BIG CURVE_Gx= {0xb};
+#endif
+
+
+#endif
+
+#if CHUNK==64
+const BIG Modulus= {0xFFFFFFFFFFFF43,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFF};
+const chunk MConst=0xBD;
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_Order= {0xAB20294751A825,0x8275EA265C6020,0xFFFFFFFFFFE43C,0xFFFFFFFFFFFFFF,0xFFFFFFFF};
+const BIG CURVE_B= {0x25581};
+const BIG CURVE_Gx= {0x1};
+const BIG CURVE_Gy= {0xF46306C2B56C77,0x2F9375894EC10B,0x6CCEEEDD6BD02C,0xC1E466D7FC82C9,0x696F1853};
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_Order= {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF};
+const BIG CURVE_B= {0x3BEE};
+const BIG CURVE_Gx= {0xd};
+const BIG CURVE_Gy= {0x7F6FB5331CADBA,0x6D63824D303F70,0xB39FA046BFBE2A,0x2A1276DBA3D330,0x7D0AB41E};
+#endif
+
+#if CURVETYPE==MONTGOMERY
+const int CURVE_A=-61370;
+const BIG CURVE_Order= {0xB84E6F1122B4AD,0xA55AD0A6BC64E5,0xFFFFFFFFFFBE6A,0xFFFFFFFFFFFFFF,0x3FFFFFFF};
+const BIG CURVE_Gx= {0xb};
+#endif
+
+#endif
+
+#endif
+
+
+
+
+#if CHOICE==C25519
+
+/* Modulus p = 2^MODBITS-MConst*/
+/* Three Curves for the price of one..*/
+
+#if CHUNK==16
+
+const chunk MConst=19;
+const BIG Modulus= {0x1FED,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0x1FFF,0xFF};
+
+#if CURVETYPE==WEIERSTRASS
+/* Curve I generated myself */
+const int CURVE_A=-3;
+const BIG CURVE_B= {0x28};
+const BIG CURVE_Order= {0xCA1,0x1945,0x1865,0x19C8,0x16D1,0x11B9,0xD0E,0x1C96,0x1E0F,0x2EA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x100};
+const BIG CURVE_Gx= {0x61F,0x6C1,0x1DD,0xEA7,0x4C4,0x124C,0x1BE3,0x1560,0x74E,0x7CD,0x6F4,0x14B,0x13DE,0x133A,0xFB4,0x106,0x15F,0x909,0x18FD,0xCF};
+const BIG CURVE_Gy= {0xF38,0xEF7,0x11F8,0xC65,0x1574,0x10E3,0x4,0x12E7,0xB2B,0xA6,0x17A8,0x1C8B,0x1CD4,0xFA,0x1D79,0xBB2,0x1E68,0x1640,0x1A15,0x6};
+
+#endif
+
+#if CURVETYPE==EDWARDS
+/* Ed25519 Curve */
+const int CURVE_A=-1;
+const BIG CURVE_B= {0x18A3,0x1ACB,0x1284,0x169B,0x175E,0xC55,0x507,0x9A8,0x100A,0x3,0x1A26,0xEF3,0x797,0x3A0,0xE33,0x1FCE,0xB6F,0x771,0xDB,0xA4};
+const BIG CURVE_Order= {0x13ED,0x7AE,0x697,0x4C6,0x581,0xE6B,0xBDE,0x1BD4,0x1EF9,0xA6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x20};
+const BIG CURVE_Gx= {0x151A,0x192E,0x1823,0xC5A,0xC95,0x13D9,0x1496,0xC12,0xCC7,0x349,0x1717,0x1BAD,0x31F,0x1271,0x1B02,0xA7F,0xD6E,0x169E,0x1A4D,0x42};
+const BIG CURVE_Gy= {0x658,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCCC,0x666,0x1333,0x1999,0xCC};
+
+#endif
+
+/*
+#if CURVETYPE==MONTGOMERY
+const int CURVE_A=486662; // Not Working as A too big for 16-bit int
+const BIG CURVE_Order={0x13ED,0x7AE,0x697,0x4C6,0x581,0xE6B,0xBDE,0x1BD4,0x1EF9,0xA6,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x20};
+const BIG CURVE_Gx={0x9};
+#endif
+*/
+
+#endif
+
+
+#if CHUNK==32
+
+const chunk MConst=19;
+const BIG Modulus= {0x1FFFFFED,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FFFFF};
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_B= {0x28};
+const BIG CURVE_Order= {0x1728ACA1,0x8E7230C,0x10E8DCDB,0x1C1FC966,0x5D5,0x0,0x0,0x0,0x800000};
+const BIG CURVE_Gx= {0x14D8261F,0x23A9C3B,0x1E392613,0xE9D560D,0x19BD0F9A,0x1A9EF052,0xCFB499,0x4242BE1,0x67E3F5};
+const BIG CURVE_Gy= {0x1DEEF38,0x1A31963F,0x4871D5,0x16572E70,0x1DEA014C,0x1AE6A722,0x165D7907,0x1903CD0B,0x36856};
+
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_B= {0x135978A3,0xF5A6E50,0x10762ADD,0x149A82,0x1E898007,0x3CBBBC,0x19CE331D,0x1DC56DFF,0x52036C};
+const BIG CURVE_Order= {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
+const BIG CURVE_Gx= {0xF25D51A,0xAB16B04,0x969ECB2,0x198EC12A,0xDC5C692,0x1118FEEB,0xFFB0293,0x1A79ADCA,0x216936};
+const BIG CURVE_Gy= {0x6666658,0x13333333,0x19999999,0xCCCCCCC,0x6666666,0x13333333,0x19999999,0xCCCCCCC,0x666666};
+
+#endif
+
+#if CURVETYPE==MONTGOMERY
+
+const int CURVE_A=486662;
+const BIG CURVE_Order= {0x1CF5D3ED,0x9318D2,0x1DE73596,0x1DF3BD45,0x14D,0x0,0x0,0x0,0x100000};
+const BIG CURVE_Gx= {0x9};
+
+#endif
+
+#endif
+
+#if CHUNK==64
+
+const chunk MConst=19;
+const BIG Modulus= {0xFFFFFFFFFFFFED,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0x7FFFFFFF};
+
+#if CURVETYPE==WEIERSTRASS
+const int CURVE_A=-3;
+const BIG CURVE_B= {0x28};
+const BIG CURVE_Order= {0x1CE4619728ACA1,0xFE4B343A3736D,0x5D5E,0x0,0x80000000};
+const BIG CURVE_Gx= {0x47538774D8261F,0x4EAB06F8E4984C,0x3DE0A59BD0F9A7,0x215F0833ED2675,0x67E3F521};
+const BIG CURVE_Gy= {0x4632C7E1DEEF38,0x2B97380121C757,0xCD4E45DEA014CB,0x1E685D975E41F5,0x36856C8};
+
+#endif
+
+#if CURVETYPE==EDWARDS
+const int CURVE_A=-1;
+const BIG CURVE_B= {0xEB4DCA135978A3,0xA4D4141D8AB75,0x797779E8980070,0x2B6FFE738CC740,0x52036CEE};
+const BIG CURVE_Order= {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000};
+const BIG CURVE_Gx= {0x562D608F25D51A,0xC7609525A7B2C9,0x31FDD6DC5C692C,0xCD6E53FEC0A4E2,0x216936D3};
+const BIG CURVE_Gy= {0x66666666666658,0x66666666666666,0x66666666666666,0x66666666666666,0x66666666};
+
+#endif
+
+#if CURVETYPE==MONTGOMERY
+
+const int CURVE_A=486662;
+const BIG CURVE_Order= {0x12631A5CF5D3ED,0xF9DEA2F79CD658,0x14DE,0x0,0x10000000};
+const BIG CURVE_Gx= {0x9};
+
+#endif
+
+#endif
+
+#endif
+
+
+#if CHOICE==BRAINPOOL
+
+const int CURVE_A=-3;
+#if CHUNK==16
+
+const BIG Modulus= {0x1377,0x1B72,0x747,0x690,0x201,0x1014,0x1498,0x47A,0x1BF6,0x1371,0x35C,0x1B07,0x909,0x1305,0x10F9,0x1537,0x1EE,0x1EDD,0x1ED5,0x153};
+const chunk MConst=0x9B9;
+const BIG CURVE_Order= {0x16A7,0x1A42,0xA5,0x1C1D,0x1901,0x137B,0x1586,0x1476,0x197A,0xC61,0x35C,0x1B07,0x909,0x1305,0x10F9,0x1537,0x1EE,0x1EDD,0x1ED5,0x153};
+const BIG CURVE_B= {0xB04,0x1749,0x7F,0xB02,0x16AE,0x492,0x1CBD,0x1895,0x13EB,0x1DFC,0x1DAD,0x1A16,0x1733,0x1353,0x13F9,0x9D4,0x10D8,0xE21,0xB18,0xCC};
+const BIG CURVE_Gx= {0x5F4,0x1098,0x158B,0x322,0x179A,0x1E15,0xABE,0x188F,0x142,0xD7D,0x1852,0x14CA,0x1B23,0x1109,0x1DCC,0x1CF6,0x1CF,0x19E6,0x1A3A,0x147};
+const BIG CURVE_Gy= {0x9BE,0x192E,0x1CD6,0x17D1,0x1DA,0x1380,0x740,0x1BC7,0x1CB6,0x134D,0x105F,0xC88,0xE14,0x1D91,0x15FD,0x18AD,0x1439,0x411,0x65B,0x5B};
+#endif
+
+#if CHUNK==32
+
+const BIG Modulus= {0x1F6E5377,0x9A40E8,0x9880A08,0x17EC47AA,0x18D726E3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
+const chunk MConst=0xEFD89B9;
+const BIG CURVE_Order= {0x174856A7,0xF07414,0x1869BDE4,0x12F5476A,0x18D718C3,0x5484EC1,0x6F0F998,0x1B743DD5,0xA9FB57};
+const BIG CURVE_B= {0x1EE92B04,0x172C080F,0xBD2495A,0x7D7895E,0x176B7BF9,0x13B99E85,0x1A93F99A,0x18861B09,0x662C61};
+const BIG CURVE_Gx= {0xE1305F4,0xD0C8AB1,0xBEF0ADE,0x28588F5,0x16149AFA,0x9D91D32,0x1EDDCC88,0x79839FC,0xA3E8EB};
+const BIG CURVE_Gy= {0x1B25C9BE,0xD5F479A,0x1409C007,0x196DBC73,0x417E69B,0x1170A322,0x15B5FDEC,0x10468738,0x2D996C};
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0x13481D1F6E5377,0xF623D526202820,0x909D838D726E3B,0xA1EEA9BC3E660A,0xA9FB57DB};
+const chunk MConst=0xA75590CEFD89B9;
+const BIG CURVE_Order= {0x1E0E82974856A7,0x7AA3B561A6F790,0x909D838D718C39,0xA1EEA9BC3E660A,0xA9FB57DB};
+const BIG CURVE_B= {0xE58101FEE92B04,0xEBC4AF2F49256A,0x733D0B76B7BF93,0x30D84EA4FE66A7,0x662C61C4};
+const BIG CURVE_Gx= {0xA191562E1305F4,0x42C47AAFBC2B79,0xB23A656149AFA1,0xC1CFE7B7732213,0xA3E8EB3C};
+const BIG CURVE_Gy= {0xABE8F35B25C9BE,0xB6DE39D027001D,0xE14644417E69BC,0x3439C56D7F7B22,0x2D996C82};
+#endif
+
+#endif
+
+
+#if CHOICE==ANSSI
+
+const int CURVE_A=-3;
+#if CHUNK==16
+
+const BIG Modulus= {0x1C03,0x374,0x14F6,0x19E6,0x1E8F,0x536,0xF23,0x1795,0x1AD,0x19CB,0x10D6,0x1C84,0x1E8C,0x936,0x1C40,0x1AB1,0xB3A,0x1C60,0x1F45,0x1E3};
+const chunk MConst=0x1155;
+const BIG CURVE_Order= {0x15E1,0x16B2,0x1671,0x1BA8,0x1FF,0x1FCA,0x34A,0x1C28,0x1C67,0x1A9E,0x10D6,0x1C84,0x1E8C,0x936,0x1C40,0x1AB1,0xB3A,0x1C60,0x1F45,0x1E3};
+const BIG CURVE_B= {0x173F,0x1BDD,0x59E,0xBDB,0x307,0x10C0,0x12C6,0x135C,0xC0C,0x1EFF,0x1003,0x1489,0x754,0x55D,0x35,0x1526,0x1428,0x1E52,0xD4F,0x1DC};
+const BIG CURVE_Gx= {0x1CFF,0xC7A,0xB76,0x12F4,0x164C,0x1B80,0x1E62,0x1B95,0x7D2,0xC61,0x8E5,0x13A8,0x1474,0xC1E,0xCC4,0x73D,0x16C1,0x61A,0xCF5,0x16D};
+const BIG CURVE_Gy= {0xCFB,0x31,0x555,0x2B4,0x1831,0x4F0,0x393,0xFD,0x1C3,0x138,0x1BE3,0x7D9,0x1F0F,0x938,0x47E,0x92,0x8B2,0x7BE,0x10B8,0xC2};
+#endif
+
+#if CHUNK==32
+
+const BIG Modulus= {0x186E9C03,0x7E79A9E,0x12329B7A,0x35B7957,0x435B396,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
+const chunk MConst=0x164E1155;
+const BIG CURVE_Order= {0x6D655E1,0x1FEEA2CE,0x14AFE507,0x18CFC281,0x435B53D,0x16F46721,0x163C4049,0x1181675A,0xF1FD17};
+const BIG CURVE_B= {0x1B7BB73F,0x3AF6CB3,0xC68600C,0x181935C9,0xC00FDFE,0x1D3AA522,0x4C0352A,0x194A8515,0xEE353F};
+const BIG CURVE_Gx= {0x198F5CFF,0x64BD16E,0x62DC059,0xFA5B95F,0x23958C2,0x1EA3A4EA,0x7ACC460,0x186AD827,0xB6B3D4};
+const BIG CURVE_Gy= {0x14062CFB,0x188AD0AA,0x19327860,0x3860FD1,0xEF8C270,0x18F879F6,0x12447E49,0x1EF91640,0x6142E0};
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0xFCF353D86E9C03,0xADBCABC8CA6DE8,0xE8CE42435B3961,0xB3AD58F10126D,0xF1FD178C};
+const chunk MConst=0x97483A164E1155;
+const BIG CURVE_Order= {0xFDD459C6D655E1,0x67E140D2BF941F,0xE8CE42435B53DC,0xB3AD58F10126D,0xF1FD178C};
+const BIG CURVE_B= {0x75ED967B7BB73F,0xC9AE4B1A18030,0x754A44C00FDFEC,0x5428A9300D4ABA,0xEE353FCA};
+const BIG CURVE_Gx= {0xC97A2DD98F5CFF,0xD2DCAF98B70164,0x4749D423958C27,0x56C139EB31183D,0xB6B3D4C3};
+const BIG CURVE_Gy= {0x115A1554062CFB,0xC307E8E4C9E183,0xF0F3ECEF8C2701,0xC8B204911F9271,0x6142E0F7};
+#endif
+
+#endif
+
+
+#if CHOICE==HIFIVE
+
+const int CURVE_A=1;
+#if CHUNK==32
+const BIG Modulus= {0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFF};
+const chunk MConst=0x3;
+const BIG CURVE_Order= {0x1E9FA805,0x197CACB9,0x1E4EEA9E,0x17AD70F,0x1FA9850C,0x38A0A,0x0,0x0,0x0,0x0,0x0,0x4000};
+const BIG CURVE_B= {0x2B67};
+const BIG CURVE_Gx= {0xC};
+const BIG CURVE_Gy= {0x5FE8632,0x15F63428,0xD976C4,0x1AACA194,0x35B6DB5,0x8E3F7A,0x52D1B0E,0xF0A7A36,0x1C161D00,0x8170C70,0x1185AD59,0x181B};
+#endif
+
+#if CHUNK==64
+const BIG Modulus= {0xFFFFFFFFFFFFFFD,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFF};
+const chunk MConst=0x3;
+const BIG CURVE_Order= {0xB2F95973E9FA805,0xC0BD6B87F93BAA7,0x71415FA9850,0x0,0x0,0x200000000};
+const BIG CURVE_B= {0x2B67};
+const BIG CURVE_Gx= {0xC};
+const BIG CURVE_Gy= {0x2BEC68505FE8632,0x5D5650CA0365DB1,0x3811C7EF435B6DB,0x7853D1B14B46C,0x56502E18E1C161D,0xC0DC616B};
+#endif
+#endif
+
+
+#if CHOICE==GOLDILOCKS
+
+const int CURVE_A=1;
+#if CHUNK==32
+
+const BIG Modulus= {0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
+const chunk MConst=0x1;
+const BIG CURVE_Order= {0xB5844F3,0x1BC61495,0x1163D548,0x1984E51B,0x3690216,0xDA4D76B,0xFA7113B,0x1FEF9944,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x7FF};
+const BIG CURVE_B= {0x1FFF6756,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FDFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFF};
+const BIG CURVE_Gx= {0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0x152AAAAA,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x15555555,0xAAAAAAA,0x1555};
+const BIG CURVE_Gy= {0xA9386ED,0x1757DE6F,0x13681AF6,0x19657DA3,0x3098BBB,0x12C19D15,0x12E03595,0xE515B18,0x17B7E36D,0x1AC426E,0xDBB5E8,0x10D8560,0x159D6205,0xB8246D9,0x17A58D2B,0x15C0};
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF};
+const chunk MConst=0x1;
+const BIG CURVE_Order= {0x378C292AB5844F3,0x6CC2728DC58F552,0xEDB49AED6369021,0xFFFF7CCA23E9C44,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFF};
+const BIG CURVE_B= {0xFFFFFFFFFFF6756,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFEFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFF};
+const BIG CURVE_Gx= {0x555555555555555,0x555555555555555,0x555555555555555,0xAAA955555555555,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAAAAAAAAAA,0xAAAAAAA};
+const BIG CURVE_Gy= {0xAEAFBCDEA9386ED,0xBCB2BED1CDA06BD,0x565833A2A3098BB,0x6D728AD8C4B80D6,0x7A035884DD7B7E3,0x205086C2B0036ED,0x34AD7048DB359D6,0xAE05E96};
+#endif
+#endif
+
+#if CHOICE==NIST384
+
+const int CURVE_A=-3;
+#if CHUNK==32
+
+const BIG Modulus= {0xFFFFFFF,0xF,0x0,0xFFFF000,0xFFEFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFF};
+const chunk MConst=0x1;
+const BIG CURVE_Order= {0xCC52973,0xEC196AC,0xA77AEC,0xDB248B,0xDDF581A,0x81F4372,0xFC7634D,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFF};
+const BIG CURVE_B= {0x3EC2AEF,0x85C8EDD,0xED19D2A,0x398D8A2,0x75AC656,0x8F50138,0x2031408,0xFE81411,0x81D9C6E,0xF82D191,0xE056BE3,0xE7E4988,0xFA7E23E,0xB3312};
+const BIG CURVE_Gx= {0x2760AB7,0x545E387,0x5296C3A,0xF25DBF5,0xA385502,0xE082542,0x859F741,0x8BA79B9,0xE1D3B62,0x20AD746,0x1C71EF3,0x5378EB,0xA22BE8B,0xAA87C};
+const BIG CURVE_Gy= {0xEA0E5F,0x431D7C9,0xE819D7A,0xB1CE1D7,0x8C00A60,0x13B5F0B,0xCE9DA31,0x289A147,0x8F41DBD,0x92DC29F,0xE98BF92,0x2C6F5D9,0xE4A9626,0x3617D};
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0xFFFFFFFF,0xFFFF0000000000,0xFFFFFFFFFEFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFF};
+const chunk MConst=0x100000001;
+const BIG CURVE_Order= {0xEC196ACCC52973,0xDB248B0A77AEC,0x81F4372DDF581A,0xFFFFFFFFC7634D,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFF,0xFFFFFFFFFFFF};
+const BIG CURVE_B= {0x85C8EDD3EC2AEF,0x398D8A2ED19D2A,0x8F5013875AC656,0xFE814112031408,0xF82D19181D9C6E,0xE7E4988E056BE3,0xB3312FA7E23E};
+const BIG CURVE_Gx= {0x545E3872760AB7,0xF25DBF55296C3A,0xE082542A385502,0x8BA79B9859F741,0x20AD746E1D3B62,0x5378EB1C71EF3,0xAA87CA22BE8B};
+const BIG CURVE_Gy= {0x431D7C90EA0E5F,0xB1CE1D7E819D7A,0x13B5F0B8C00A60,0x289A147CE9DA31,0x92DC29F8F41DBD,0x2C6F5D9E98BF92,0x3617DE4A9626};
+#endif
+#endif
+
+#if CHOICE==C41417
+
+const int CURVE_A=1;
+#if CHUNK==32
+
+const BIG Modulus= {0x1FFFFFEF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0xFF};
+const chunk MConst=0x11;
+const BIG CURVE_Order= {0x106AF79,0x18738D2F,0x18F3C606,0x1806715A,0x22B36F1,0xA67B830,0xCF32490,0x1FFFFFFD,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1FFFFFFF,0x1F};
+const BIG CURVE_B= {0xE21};
+const BIG CURVE_Gx= {0x13CBC595,0x7E9C097,0x14DF1931,0x14E7F550,0x1A111301,0x15A6B6B5,0xD526292,0x18FEAFFE,0x1F44C03E,0x1E6A31B4,0x70C9B97,0x43180C6,0x1443300,0x19A4828A,0x68};
+const BIG CURVE_Gy= {0x22};
+#endif
+
+#if CHUNK==64
+const BIG Modulus= {0xFFFFFFFFFFFFFEF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x3FFFFFFFFFFFFF};
+const chunk MConst=0x11;
+const BIG CURVE_Order= {0xB0E71A5E106AF79,0x1C0338AD63CF181,0x414CF706022B36F,0xFFFFFFFFEB3CC92,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x7FFFFFFFFFFFF};
+const BIG CURVE_B= {0xE21};
+const BIG CURVE_Gx= {0x4FD3812F3CBC595,0x1A73FAA8537C64C,0x4AB4D6D6BA11130,0x3EC7F57FF35498A,0xE5FCD46369F44C0,0x300218C0631C326,0x1A334905141443};
+const BIG CURVE_Gy= {0x22};
+#endif
+#endif
+
+
+#if CHOICE==NIST521
+
+const int CURVE_A=-3;
+#if CHUNK==32
+
+const BIG Modulus= {0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
+const chunk MConst=0x1;
+const BIG CURVE_Order= {0x1386409,0x6FB71E9,0xC47AEBB,0xC9B8899,0x5D03BB5,0x48F709A,0xB7FCC01,0xBF2F966,0x1868783,0xFFFFFA5,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0xFFFFFFF,0x1FFFF};
+const BIG CURVE_B= {0xB503F00,0x451FD46,0xC34F1EF,0xDF883D2,0xF073573,0xBD3BB1B,0xB1652C0,0xEC7E937,0x6193951,0xF109E15,0x489918E,0x15F3B8B,0x25B99B3,0xEEA2DA7,0xB68540,0x929A21A,0xE1C9A1F,0x3EB9618,0x5195};
+const BIG CURVE_Gx= {0x2E5BD66,0x7E7E31C,0xA429BF9,0xB3C1856,0x8DE3348,0x27A2FFA,0x8FE1DC1,0xEFE7592,0x14B5E77,0x4D3DBAA,0x8AF606B,0xB521F82,0x139053F,0x429C648,0x62395B4,0x9E3ECB6,0x404E9CD,0x8E06B70,0xC685};
+const BIG CURVE_Gy= {0xFD16650,0xBE94769,0x2C24088,0x7086A27,0x761353C,0x13FAD0,0xC550B9,0x5EF4264,0x7EE7299,0x3E662C9,0xFBD1727,0x446817A,0x449579B,0xD998F54,0x42C7D1B,0x5C8A5FB,0xA3BC004,0x296A789,0x11839};
+#endif
+
+#if CHUNK==64
+
+const BIG Modulus= {0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x1FFFFFFFFFF};
+const chunk MConst=0x1;
+const BIG CURVE_Order= {0xB6FB71E91386409,0xB5C9B8899C47AEB,0xC0148F709A5D03B,0x8783BF2F966B7FC,0xFFFFFFFFFFA5186,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFF,0x1FFFFFFFFFF};
+const BIG CURVE_B= {0xF451FD46B503F00,0x73DF883D2C34F1E,0x2C0BD3BB1BF0735,0x3951EC7E937B165,0x9918EF109E15619,0x5B99B315F3B8B48,0xB68540EEA2DA72,0x8E1C9A1F929A21A,0x51953EB961};
+const BIG CURVE_Gx= {0x97E7E31C2E5BD66,0x48B3C1856A429BF,0xDC127A2FFA8DE33,0x5E77EFE75928FE1,0xF606B4D3DBAA14B,0x39053FB521F828A,0x62395B4429C6481,0x404E9CD9E3ECB6,0xC6858E06B7};
+const BIG CURVE_Gy= {0x8BE94769FD16650,0x3C7086A272C2408,0xB9013FAD076135,0x72995EF42640C55,0xD17273E662C97EE,0x49579B446817AFB,0x42C7D1BD998F544,0x9A3BC0045C8A5FB,0x11839296A78};
+#endif
+#endif
+
+#if CHOICE==BN646
+
+const int CURVE_A=0;
+
+#if CHUNK==32
+
+const chunk MConst=0x15F615E5;
+const BIG Modulus= {0x404E013,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
+const BIG CURVE_Order= {0x1E04200D,0x1203603,0x420000,0x80A207E,0x2,0xC303F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x1001,0x0,0x10000,0x0,0x0,0x8000};
+const BIG CURVE_Cru= {0x401B007,0x901,0x1B0000,0x1B024,0x0,0x288120,0xD812,0x900000,0x1B0120,0x0,0xD80000,0x6C048,0x0,0x6C0000,0x0,0x0,0x120000};
+const BIG CURVE_Fra= {0x4929A14,0x3B756CA,0x4337DD0,0xFC1417C,0x193166BB,0x1DC54515,0x1C0DF653,0x19BF8961,0x155980E,0x1983CB14,0x4D76309,0x1DEAB1A4,0xF9C3CF5,0x128FEC2D,0x867E339,0xDA0548A,0x1A480AF,0xA3CBCD2,0x116DA6E0,0x2A546E9,0x789577C,0x1F9459D2,0x27};
+const BIG CURVE_Frb= {0x1F7245FF,0x1D68DF39,0x1C1A822F,0x1848DF07,0x6CE9946,0x303BF0A,0x7F71A24,0x9A0769F,0x1F4C6E51,0x67C3521,0x38A5F6,0x123DD2C4,0x1063C317,0xFF825D2,0x17981E76,0x125FAB75,0x1EC78CD0,0x15C34375,0xE92591F,0x1D5ABD96,0x1876A883,0x6BA62D,0x68};
+const BIG CURVE_Pxa= {0x1CCC5E10,0x119F939,0xC6C7FE9,0x81022FF,0x6486AA6,0x1CBC560B,0x1F707429,0xC82F7B9,0x1A7F5CDA,0x14C0EB47,0x11412373,0x13DAF21E,0x126BE416,0x166744A7,0x506E81,0x1048FFA3,0x13A6B0C9,0x1A90979A,0xE78C338,0x1722C561,0xBFFF9A1,0xC1AF83C,0x3F};
+const BIG CURVE_Pxb= {0x67F4BC0,0x1BFC3C9,0x1E9DC3B6,0x87E2B03,0xB820274,0x1DD03B1E,0x517C463,0x1EFCBBC9,0x19F786A8,0x5572E90,0xD0BA5E0,0x16E8A40A,0x1013CF3B,0x11A7F82B,0x1C27B302,0x15E7CD12,0xB79A6DF,0x1EC6895B,0x5775A7E,0xBB28D24,0x416A171,0x127D284E,0x5D};
+const BIG CURVE_Pya= {0xC3FB414,0x2B868EE,0xD858793,0x157FCFE,0x16C849AD,0x1D17B0A4,0x1353CFEA,0x940A061,0x1CEF834E,0x7BE766A,0x4584C1C,0xE2397E9,0x418E9D4,0x8F53B8,0x53B37E0,0x11CA29D9,0xE425654,0x9EFF9AF,0x18CF27A1,0x17755A26,0x3F5481A,0x6C531BC,0x1E};
+const BIG CURVE_Pyb= {0x133908AD,0x17F1F1ED,0x14196532,0x19A85214,0x173EC3F7,0x1021EC2C,0xD798A3E,0x18F4C857,0x82EE2FA,0x11B5296D,0x1831D9C6,0x4463DB5,0x11B4812C,0xF93B884,0xC72653,0xEC6F6ED,0x916CFFF,0x1E81ED0A,0x1103518E,0x1E478B01,0x6B01074,0xC46CCAA,0x48};
+const BIG CURVE_Gx= {0x404E012,0x1203604,0x4E0000,0x80A2084,0x2,0xC90420,0x4051078,0x3600001,0xA20660,0x36,0x5100900,0x10288468,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x6008003,0x0,0x80000,0x6,0x0,0x40030,0x3,0x0,0x30,0x0,0x0,0xC},{0x2001,0x0,0x20000,0x0,0x0,0x10000}};
+const BIG CURVE_SB[2][2]= {{{0x600A004,0x0,0xA0000,0x6,0x0,0x50030,0x3,0x0,0x30,0x0,0x0,0xC},{0x2001,0x0,0x20000,0x0,0x0,0x10000}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x1803A00A,0x1203603,0x3A0000,0x80A2078,0x2,0xBF03C0,0x4051072,0x3600001,0xA20600,0x36,0x5100900,0x10288450,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}}};
+const BIG CURVE_WB[4]= {{0x2001000,0x0,0x10000,0x2,0x0,0x8010,0x1,0x0,0x10,0x0,0x0,0x4},{0x1C015005,0x600,0x150000,0x1201C,0x0,0x1C80E0,0x900E,0x600000,0x1200E0,0x0,0x900000,0x48038,0x0,0x480000,0x0,0x0,0xC0000},{0xE00B003,0x300,0xB0000,0x900E,0x0,0xE8070,0x4807,0x300000,0x90070,0x0,0x480000,0x2401C,0x0,0x240000,0x0,0x0,0x60000},{0x2003001,0x0,0x30000,0x2,0x0,0x18010,0x1,0x0,0x10,0x0,0x0,0x4}};
+const BIG CURVE_BB[4][4]= {{{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x2002,0x0,0x20000,0x0,0x0,0x10000}},{{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x1E04100C,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100D,0x1203603,0x410000,0x80A207E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1E04100C,0x1203603,0x410000,0x80A20
7E,0x2,0xC283F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90}},{{0x2002,0x0,0x20000,0x0,0x0,0x10000},{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x2001,0x0,0x20000,0x0,0x0,0x10000},{0x2001,0x0,0x20000,0x0,0x0,0x10000}},{{0x1002,0x0,0x10000,0x0,0x0,0x8000},{0x4002,0x0,0x40000,0x0,0x0,0x20000},{0x1E04000A,0x1203603,0x400000,0x80A207E,0x2,0xC203F0,0x4051075,0x3600001,0xA20630,0x36,0x5100900,0x1028845C,0xD,0x2881200,0x1B0,0x0,0x6C0D80,0x48,0x0,0x480,0x0,0x0,0x90},{0x1002,0x0,0x10000,0x0,0x0,0x8000}}};
+#endif
+
+#if CHUNK==64
+
+const chunk MConst=0xCE50F5CF5F615E5;
+const BIG Modulus= {0x2406C08404E013,0x240510420138000,0xE01920840000000,0x601B00000901441,0x400000006C0A206,0xD814423414402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000};
+const BIG CURVE_Order= {0x2406C07E04200D,0x2405103F0108000,0xD418607E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000};
+const BIG CURVE_Cof= {0x1};
+const BIG CURVE_B= {0x2};
+const BIG CURVE_Bnx= {0x1001,0x4000,0x10000000000};
+const BIG CURVE_Cru= {0x1202401B007,0xD812006C000,0x480510240000000,0x200480000000360,0x1B01,0x3602403600,0xD800000000,0x0,0x12};
+const BIG CURVE_Fra= {0x76EAD944929A14,0xB7E0A0BE10CDF74,0x4FB8A8A2B93166B,0xECDFC4B0F037D9,0xC27307962815598,0xCF5EF558D2135D8,0x8CE651FD85AF9C3,0x80AF6D02A45219F,0x69B8147979A41A4,0x9577C152A374C5B,0x9FF28B3A478};
+const BIG CURVE_Frb= {0xFAD1BE73F7245FF,0x6C246F83F06A08B,0x906077E146CE994,0x514D03B4F9FDC68,0x7D8CF86A43F4C6E,0x31791EE96200E29,0x79D9FF04BA5063C,0x8CD092FD5BADE60,0x9647EB8686EBEC7,0x6A883EAD5ECB3A4,0x1A00D74C5B87};
+const BIG CURVE_Pxa= {0x4233F273CCC5E10,0x6408117FB1B1FFA,0xA7978AC166486AA,0xDA6417BDCFDC1D0,0xDCE981D68FA7F5C,0x4169ED790F45048,0xBA06CCE894F26BE,0xB0C98247FD18141,0x30CE35212F353A6,0xFF9A1B9162B0B9E,0xFD835F078BF};
+const BIG CURVE_Pxb= {0x837F879267F4BC0,0x443F1581FA770ED,0x8FBA0763CB82027,0xA8F7E5DE4945F11,0x780AAE5D219F786,0xF3BB745205342E9,0xCC0A34FF057013C,0xA6DFAF3E689709E,0xD69FBD8D12B6B79,0x6A1715D9469215D,0x1764FA509C41};
+const BIG CURVE_Pya= {0xC570D1DCC3FB414,0xD0ABFE7F36161E4,0xABA2F61496C849A,0x4E4A05030CD4F3F,0x70F7CECD5CEF83,0x9D4711CBF491613,0xDF8011EA770418E,0x56548E514EC94EC,0xC9E853DFF35EE42,0x5481ABBAAD13633,0x78D8A63783F};
+const BIG CURVE_Pyb= {0xAFE3E3DB33908AD,0x7CD4290A506594C,0xFA043D85973EC3F,0xFAC7A642BB5E628,0x71A36A52DA82EE2,0x12C2231EDAE0C76,0x994DF2771091B48,0xCFFF7637B76831C,0xD463BD03DA14916,0x1074F23C580C40,0x12188D99546B};
+const BIG CURVE_Gx= {0x2406C08404E012,0x240510420138000,0xE01920840000000,0x601B00000901441,0x400000006C0A206,0xD814423414402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000};
+const BIG CURVE_Gy= {0x1};
+const BIG CURVE_W[2]= {{0x6008003,0x30020000,0xC0080060000000,0x300000000000000,0x0,0x600000},{0x2001,0x8000,0x20000000000}};
+const BIG CURVE_SB[2][2]= {{{0x600A004,0x30028000,0xC00A0060000000,0x300000000000000,0x0,0x600000},{0x2001,0x8000,0x20000000000}},{{0x2001,0x8000,0x20000000000},{0x2406C07803A00A,0x2405103C00E8000,0xC817E0780000000,0x1B00000901441,0x400000006C0A206,0xD814422814402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}}};
+const BIG CURVE_WB[4]= {{0x2001000,0x10004000,0x40010020000000,0x100000000000000,0x0,0x200000},{0xC01C015005,0x900E0054000,0x3803901C0000000,0xE00300000000240,0x1200,0x2401C02400,0x9000000000,0x0,0xC},{0x600E00B003,0x4807002C000,0x1C01D00E0000000,0x700180000000120,0x900,0x1200E01200,0x4800000000,0x0,0x6},{0x2003001,0x1000C000,0x40030020000000,0x100000000000000,0x0,0x200000}};
+const BIG CURVE_BB[4][4]= {{{0x2406C07E04100D,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2002,0x8000,0x20000000000}},{{0x2001,0x8000,0x20000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100D,0x2405103F0104000,0xD418507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x2406C07E04100C,0x2405103F0104000,0xD418
507E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000}},{{0x2002,0x8000,0x20000000000},{0x2001,0x8000,0x20000000000},{0x2001,0x8000,0x20000000000},{0x2001,0x8000,0x20000000000}},{{0x1002,0x4000,0x10000000000},{0x4002,0x10000,0x40000000000},{0x2406C07E04000A,0x2405103F0100000,0xD418407E0000000,0x301B00000901441,0x400000006C0A206,0xD814422E14402,0x6C051024000000,0xD8000000000000,0x9006C,0x240000,0x240000000000},{0x1002,0x4000,0x10000000000}}};
+#endif
+
+#endif
+
+#if CHOICE==BN454
+
+const int CURVE_A=0;
+
+#if CHUNK==32
+
+const chunk MConst=0x179435E5;
+const BIG Modulus= {0x13,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
+const BIG CURVE_Order= {0xD,0x210,0x1F80,0x400D884,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
+const BIG CURVE_Cof= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG CURVE_B= {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG CURVE_Gx= {0x12,0x270,0x2100,0x1C00D89C,0x25084,0xA284,0x24720,0x10803AA1,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000};
+const BIG CURVE_Gy= {0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+
+const BIG CURVE_Bnx= {0x1,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG CURVE_Cru= {0x7,0xD8,0x900,0x16002436,0x481,0x1B24,0x168,0x48006C9,0x1600006C,0x10000091,0xD80000D,0x240000,0x0,0x0,0x0,0x0};
+const BIG CURVE_Fra= {0x1573B0EC,0x1816E4FE,0xA42E6E0,0x15DDCD87,0x2B17EC7,0x35B9A50,0x15AA1F74,0x1B7B2AC5,0x1CB5A200,0x9937657,0x17389A4A,0x738BADB,0xD92B321,0x3F5F0E6,0x1B1C9E9A,0x25CF3};
+const BIG CURVE_Frb= {0xA8C4F27,0x7E91D71,0x15BD3A1F,0x6230B14,0x1D50D1BD,0x1CA50833,0xA5827AB,0x15050FDB,0x74B3887,0x166C9A92,0x19C78A3C,0x199F4886,0x1B6D4F39,0x80A0F61,0x7236169,0x2230C};
+const BIG CURVE_Pxa= {0xF02B14,0x1DD1DD61,0x330AEC7,0x178617DE,0x1CEFFF36,0x116D35AF,0x1F879FBF,0x105DBF83,0x8345436,0x13664BCA,0x12EE86B5,0x776BB31,0x14AAFE16,0x41B3478,0x13E03554,0x2807A};
+const BIG CURVE_Pxb= {0x45BF266,0xE036876,0x8F0DBA,0xCB5976F,0x10DBC523,0x1723123C,0xBDDA7F4,0x10077CDE,0x11971DE0,0x14F1554A,0x195995EE,0x82E6FD7,0x40D5258,0x1400A58F,0x15A7850B,0x2B2A5};
+const BIG CURVE_Pya= {0x1E1B15C7,0x9CD5B5D,0x1571B2D2,0x1E4C048A,0x1474FB5D,0x18E2328C,0x11775519,0x144EF51F,0xF2FAABA,0x438F741,0x1930EAC0,0x144DC38,0x1287A0FE,0x36D8962,0x10011EAF,0x3ACF4};
+const BIG CURVE_Pyb= {0x571D60,0x8737DB,0xC4A363B,0x124E308F,0x13A65C7E,0x1387693A,0x10CDDA2F,0x184C096E,0x385175,0x5A34088,0xF17A93C,0x1E194915,0x1903ED91,0x4D6FA9F,0x8D8210B,0x12EDC};
+const BIG CURVE_W[2]= {{0x3,0x40,0x180,0x10000010,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG CURVE_SB[2][2]= {{{0x4,0x50,0x180,0x14000014,0xC0,0x6,0x10000018,0xC00001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x1D0,0x1E00,0x1400D874,0x24F03,0xA278,0x246F0,0xF003A9E,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000}}};
+const BIG CURVE_WB[4]= {{0x0,0x8,0x80,0x2000002,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x5,0xA8,0x700,0xA00182A,0x381,0x121C,0x100,0x3800487,0x4000048,0x61,0x9000009,0x180000,0x0,0x0,0x0,0x0},{0x3,0x58,0x380,0x16000C16,0x1C0,0x90E,0x10000080,0x1C00243,0x12000024,0x10000030,0x4800004,0xC0000,0x0,0x0,0x0,0x0},{0x1,0x18,0x80,0x6000006,0x40,0x2,0x10000008,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}};
+const BIG CURVE_BB[4][4]= {{{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xD,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0xC,0x208,0x1F80,0x200D882,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,
0x2400003,0x48000}},{{0x2,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x1,0x10,0x0,0x4000004,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}},{{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0x2,0x20,0x0,0x8000008,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},{0xA,0x200,0x1F80,0xD880,0x24FC4,0xA27E,0x10024708,0xFC03A9F,0x400DA88,0x10EA,0x11002487,0xD80362,0x900025B,0xC000048,0x2400003,0x48000},{0x2,0x8,0x0,0x2000002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0}}};
+
+#endif
+
+#if CHUNK==64
+
+const chunk MConst=0xF33C46ED79435E5L;
+const BIG Modulus= {0x4E00000013L,0x4E006C4E0000840L,0x800014508002508L,0x888401D5080091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
+const BIG CURVE_Order= {0x420000000DL,0x42006C4200007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
+const BIG CURVE_Cof= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG CURVE_B= {0x2L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG CURVE_Gx= {0x4E00000012L,0x4E006C4E0000840L,0x800014508002508L,0x888401D5080091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L};
+const BIG CURVE_Gy= {0x1L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+
+const BIG CURVE_Bnx= {0x100000001L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L};
+const BIG CURVE_Cru= {0x1B00000007L,0x1B00121B0000240L,0xA00003648000048L,0x6C2400364800005L,0x36000012360000L,0x12000036000L,0x0L,0x0L};
+const BIG CURVE_Fra= {0x302DC9FD573B0ECL,0x7AEEE6C3A90B9B8L,0xD06B734A02B17ECL,0xDBD9562D6A87DL,0x929326ECAFCB5A2L,0x32139C5D6DDCE26L,0x7A687EBE1CCD92BL,0x12E79EC72L};
+const BIG CURVE_Frb= {0xCFD23AE2A8C4F27L,0xD311858A56F4E87L,0xAF94A1067D50D1BL,0x87A8287EDA9609EL,0x8F2CD9352474B38L,0xF39CCFA443671E2L,0x85A50141EC3B6D4L,0x111861C8DL};
+const BIG CURVE_Pxa= {0xFBA3BAC20F02B14L,0x6BC30BEF0CC2BB1L,0xFE2DA6B5FCEFFF3L,0x3682EDFC1FE1E7EL,0xAD66CC979483454L,0xE163BB5D98CBBA1L,0xD55083668F14AAFL,0x1403D4F80L};
+const BIG CURVE_Pxb= {0x9C06D0EC45BF266L,0x365ACBB7823C36EL,0xD2E4624790DBC52L,0xE0803BE6F2F769FL,0x7BA9E2AA951971DL,0x25841737EBE5665L,0x142E8014B1E40D5L,0x15952D69EL};
+const BIG CURVE_Pya= {0x939AB6BBE1B15C7L,0xDF26024555C6CB4L,0x671C46519474FB5L,0xBAA277A8FC5DD54L,0xB00871EE82F2FAAL,0xFE0A26E1C64C3AL,0x7ABC6DB12C5287AL,0x1D67A4004L};
+const BIG CURVE_Pyb= {0xC10E6FB60571D60L,0xE9271847B128D8EL,0xBE70ED2753A65C7L,0x75C2604B7433768L,0x4F0B46811003851L,0xD91F0CA48ABC5EAL,0x842C9ADF53F903EL,0x976E2360L};
+const BIG CURVE_W[2]= {{0x800000003L,0x80000080000060L,0x60000000C00000CL,0x600000C00000L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}};
+const BIG CURVE_SB[2][2]= {{{0xA00000004L,0xA00000A0000060L,0x60000000C00000CL,0x600000C00000L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x3A0000000AL,0x3A006C3A0000780L,0xC000144F00024F0L,0x887801D4F00091BL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L}}};
+const BIG CURVE_WB[4]= {{0x100000000L,0x10000010000020L,0x200000004000004L,0x200000400000L,0x0L,0x0L,0x0L,0x0L},{0x1500000005L,0x15000C1500001C0L,0x2438000038L,0x481C00243800004L,0x2400000C240000L,0xC000024000L,0x0L,0x0L},{0xB00000003L,0xB00060B00000E0L,0x121C00001CL,0x240E00121C00002L,0x12000006120000L,0x6000012000L,0x0L,0x0L},{0x300000001L,0x30000030000020L,0x200000004000004L,0x200000400000L,0x0L,0x0L,0x0L,0x0L}};
+const BIG CURVE_BB[4][4]= {{{0x410000000DL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x200000002L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000DL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x410000000CL,0x41006C4100007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L}},
{{0x200000002L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x200000001L,0x20000020000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}},{{0x100000002L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x400000002L,0x40000040000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L},{0x400000000AL,0x40006C4000007E0L,0x2000144FC0024FCL,0x887E01D4FC0091CL,0x21C00021D4400DAL,0x25B06C01B144009L,0xD80000909000L,0x240000900L},{0x100000002L,0x10000010000000L,0x0L,0x0L,0x0L,0x0L,0x0L,0x0L}}};
+
+
+#endif
+
+#endif
+
+
+#if CHOICE==BLS455
+
+const int CURVE_A=0;
+
+#if CHUNK==32
+
+const chunk MConst=0x1F4017FD;
+const BIG Modulus= {0x2AB,0x1500000C,0xAAA55AA,0xB12AAD6,0x6D1BA6C,0xCCA5674,0x12E2CF6E,0xA9F9662,0x34BD939,0x12D8EAB1,0xFD9978E,0x9240600,0xE0F95B,0xAAB9550,0x55555E5,0xAAAAB};
+const BIG CURVE_Order= {0x1FC00001,0x3FFF,0x10000070,0x1400000,0x1D100,0xF0003A8,0x13C0009,0x1E200,0x180002E0,0x400001,0x4000,0x0,0x0,0x0,0x0,0x0};
+const BIG CURVE_Cof= {0xABFFAAB,0x14AABFFD,0xD52AADA,0x1562AAAB,0x15556AAA,0x2A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG CURVE_B= {0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG CURVE_Gx= {0x1DFCEDD1,0x16A62EEF,0xE80D3ED,0xB8DE876,0x179C7253,0x182DAB52,0x46CC85F,0x1E571D9C,0x1E8392B1,0x1A155867,0x19E6527C,0x23DC64E,0xABEDA59,0xF20662B,0x17CECC01,0x310A};
+const BIG CURVE_Gy= {0x6619B9B,0x27EBCD,0x1BE80A19,0x13B014BA,0x191A4936,0x13911916,0x107A5A3B,0x1DCB0863,0x1F5FB1,0xDE44A9C,0x18E23B2A,0x1FA81FD3,0xB0D6DFA,0xC2FE1EF,0xDDFA7E2,0x3351B};
+
+const BIG CURVE_Bnx= {0x800,0x1000004,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};
+const BIG CURVE_Cru= {0xAA9,0x9017FE0,0x128DD8AA,0x1F4A321E,0x148FEC90,0x195CDEEA,0xE961AA2,0x168D3B66,0xAFD99D7,0xB989AA6,0x1F9A5724,0x91A05FF,0xE0EF5B,0xAAB9548,0x55555E5,0xAAAAB};
+const BIG CURVE_Fra= {0xA2EBF21,0x4E67DEE,0xCDE6590,0xE5EA94E,0x15454985,0x140CFC43,0x7E14D1C,0x1778395A,0x1944F022,0x166BEA1A,0xC3DEEA0,0x9F031A0,0x16A7459,0x1F1D6E00,0x125CFB72,0x72FD4};
+const BIG CURVE_Frb= {0x15D1438A,0x1019821D,0x1DCBF01A,0x1CB40187,0x118C70E6,0x18BD5A30,0xB018251,0x13275D08,0xA06E916,0x1C6D0096,0x39BA8ED,0x1F33D460,0x1F768501,0xB8E274F,0x12F85A72,0x37AD6};
+const BIG CURVE_Pxa= {0x10C1F542,0x23AF907,0x159F840,0xBAC0E1F,0x133D7766,0x1C034C5D,0x14C5C875,0x1ED0BDA2,0x16A49C71,0x1E9FF62D,0x14F3ACC0,0x1E0C9FEA,0xC4638DE,0x74D18DA,0xBEA0030,0x5D962};
+const BIG CURVE_Pxb= {0x749F03D,0xC843773,0xB17BCBA,0x1134AB4B,0x8EA016E,0x1A0D766C,0x58F819E,0x48A1FCC,0xE296F62,0x83370E4,0xC9BA1D5,0x1E43290E,0xEE59A80,0x1FDD85F5,0x1F3819B6,0x1D9F};
+const BIG CURVE_Pya= {0x181A77F4,0x191AD22,0x1E9F842A,0x1E1E6CF6,0xD55B9D9,0x1D062533,0x15BB1323,0x7ECBC1,0x1A9EC2EF,0x1EE14CE0,0x1E96B271,0xA794439,0x1C544324,0xE6AD5DC,0x16429B0F,0x448E3};
+const BIG CURVE_Pyb= {0x1E1FDBA2,0x1A09DB6C,0xF680D5B,0xFCC6122,0xC488E2A,0x1E489ECD,0x1005617E,0x1CF9EC36,0x1C89ED72,0x16C00D90,0x1563E595,0x1243DDC0,0x8698F9E,0x1BD81E7E,0xF2A0F4A,0x66A0};
+
+#endif
+
+#if CHUNK==64
+
+const ch
<TRUNCATED>
[05/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/fp12.c
----------------------------------------------------------------------
diff --git a/version22/c/fp12.c b/version22/c/fp12.c
new file mode 100644
index 0000000..f7d9815
--- /dev/null
+++ b/version22/c/fp12.c
@@ -0,0 +1,727 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL Fp^12 functions */
+/* SU=m, m is Stack Usage (no lazy )*/
+/* FP12 elements are of the form a+i.b+i^2.c */
+
+#include "amcl.h"
+
+/* test x==0 ? */
+/* SU= 8 */
+int FP12_iszilch(FP12 *x)
+{
+ if (FP4_iszilch(&(x->a)) && FP4_iszilch(&(x->b)) && FP4_iszilch(&(x->c))) return 1;
+ return 0;
+}
+
+/* test x==1 ? */
+/* SU= 8 */
+int FP12_isunity(FP12 *x)
+{
+ if (FP4_isunity(&(x->a)) && FP4_iszilch(&(x->b)) && FP4_iszilch(&(x->c))) return 1;
+ return 0;
+}
+
+/* FP12 copy w=x */
+/* SU= 16 */
+void FP12_copy(FP12 *w,FP12 *x)
+{
+ if (x==w) return;
+ FP4_copy(&(w->a),&(x->a));
+ FP4_copy(&(w->b),&(x->b));
+ FP4_copy(&(w->c),&(x->c));
+}
+
+/* FP12 w=1 */
+/* SU= 8 */
+void FP12_one(FP12 *w)
+{
+ FP4_one(&(w->a));
+ FP4_zero(&(w->b));
+ FP4_zero(&(w->c));
+}
+
+/* return 1 if x==y, else 0 */
+/* SU= 16 */
+int FP12_equals(FP12 *x,FP12 *y)
+{
+ if (FP4_equals(&(x->a),&(y->a)) && FP4_equals(&(x->b),&(y->b)) && FP4_equals(&(x->b),&(y->b)))
+ return 1;
+ return 0;
+}
+
+/* Set w=conj(x) */
+/* SU= 8 */
+void FP12_conj(FP12 *w,FP12 *x)
+{
+ FP12_copy(w,x);
+ FP4_conj(&(w->a),&(w->a));
+ FP4_nconj(&(w->b),&(w->b));
+ FP4_conj(&(w->c),&(w->c));
+}
+
+/* Create FP12 from FP4 */
+/* SU= 8 */
+void FP12_from_FP4(FP12 *w,FP4 *a)
+{
+ FP4_copy(&(w->a),a);
+ FP4_zero(&(w->b));
+ FP4_zero(&(w->c));
+}
+
+/* Create FP12 from 3 FP4's */
+/* SU= 16 */
+void FP12_from_FP4s(FP12 *w,FP4 *a,FP4 *b,FP4 *c)
+{
+ FP4_copy(&(w->a),a);
+ FP4_copy(&(w->b),b);
+ FP4_copy(&(w->c),c);
+}
+
+/* Granger-Scott Unitary Squaring. This does not benefit from lazy reduction */
+/* SU= 600 */
+void FP12_usqr(FP12 *w,FP12 *x)
+{
+ FP4 A,B,C,D;
+
+ FP4_copy(&A,&(x->a));
+
+ FP4_sqr(&(w->a),&(x->a));
+ FP4_add(&D,&(w->a),&(w->a));
+ FP4_add(&(w->a),&D,&(w->a));
+
+ FP4_norm(&(w->a));
+ FP4_nconj(&A,&A);
+
+ FP4_add(&A,&A,&A);
+ FP4_add(&(w->a),&(w->a),&A);
+ FP4_sqr(&B,&(x->c));
+ FP4_times_i(&B);
+
+ FP4_add(&D,&B,&B);
+ FP4_add(&B,&B,&D);
+ FP4_norm(&B);
+
+ FP4_sqr(&C,&(x->b));
+
+ FP4_add(&D,&C,&C);
+ FP4_add(&C,&C,&D);
+
+ FP4_norm(&C);
+ FP4_conj(&(w->b),&(x->b));
+ FP4_add(&(w->b),&(w->b),&(w->b));
+ FP4_nconj(&(w->c),&(x->c));
+
+ FP4_add(&(w->c),&(w->c),&(w->c));
+ FP4_add(&(w->b),&B,&(w->b));
+ FP4_add(&(w->c),&C,&(w->c));
+ FP12_reduce(w); /* reduce here as in pow function repeated squarings would trigger multiple reductions */
+
+}
+
+/* FP12 squaring w=x^2 */
+/* SU= 600 */
+void FP12_sqr(FP12 *w,FP12 *x)
+{
+ /* Use Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
+
+ FP4 A,B,C,D;
+
+ FP4_sqr(&A,&(x->a));
+ FP4_mul(&B,&(x->b),&(x->c));
+ FP4_add(&B,&B,&B);
+ FP4_sqr(&C,&(x->c));
+ FP4_mul(&D,&(x->a),&(x->b));
+ FP4_add(&D,&D,&D);
+ FP4_add(&(w->c),&(x->a),&(x->c));
+ FP4_add(&(w->c),&(x->b),&(w->c));
+
+ FP4_sqr(&(w->c),&(w->c));
+
+ FP4_copy(&(w->a),&A);
+
+ FP4_add(&A,&A,&B);
+
+ FP4_norm(&A);
+
+ FP4_add(&A,&A,&C);
+ FP4_add(&A,&A,&D);
+
+ FP4_norm(&A);
+
+ FP4_neg(&A,&A);
+ FP4_times_i(&B);
+ FP4_times_i(&C);
+
+ FP4_add(&(w->a),&(w->a),&B);
+ FP4_add(&(w->b),&C,&D);
+ FP4_add(&(w->c),&(w->c),&A);
+
+ FP12_norm(w);
+}
+
+/* FP12 full multiplication w=w*y */
+
+
+/* SU= 896 */
+/* FP12 full multiplication w=w*y */
+void FP12_mul(FP12 *w,FP12 *y)
+{
+ FP4 z0,z1,z2,z3,t0,t1;
+
+ FP4_mul(&z0,&(w->a),&(y->a));
+ FP4_mul(&z2,&(w->b),&(y->b)); //
+
+ FP4_add(&t0,&(w->a),&(w->b));
+ FP4_add(&t1,&(y->a),&(y->b)); //
+ FP4_mul(&z1,&t0,&t1);
+ FP4_add(&t0,&(w->b),&(w->c));
+
+ FP4_add(&t1,&(y->b),&(y->c)); //
+ FP4_mul(&z3,&t0,&t1);
+
+ FP4_neg(&t0,&z0);
+ FP4_neg(&t1,&z2);
+
+ FP4_add(&z1,&z1,&t0); // z1=z1-z0
+
+ FP4_norm(&z1);
+
+ FP4_add(&(w->b),&z1,&t1);
+// z1=z1-z2
+ FP4_add(&z3,&z3,&t1); // z3=z3-z2
+ FP4_add(&z2,&z2,&t0); // z2=z2-z0
+
+ FP4_add(&t0,&(w->a),&(w->c));
+
+ FP4_add(&t1,&(y->a),&(y->c));
+ FP4_mul(&t0,&t1,&t0);
+ FP4_add(&z2,&z2,&t0);
+
+ FP4_mul(&t0,&(w->c),&(y->c));
+ FP4_neg(&t1,&t0);
+
+ FP4_norm(&z2);
+ FP4_norm(&z3);
+ FP4_norm(&(w->b));
+
+ FP4_add(&(w->c),&z2,&t1);
+ FP4_add(&z3,&z3,&t1);
+ FP4_times_i(&t0);
+ FP4_add(&(w->b),&(w->b),&t0);
+
+ FP4_times_i(&z3);
+ FP4_add(&(w->a),&z0,&z3);
+
+ FP12_norm(w);
+}
+
+/* FP12 multiplication w=w*y */
+/* SU= 744 */
+/* catering for special case that arises from special form of ATE pairing line function */
+void FP12_smul(FP12 *w,FP12 *y)
+{
+ FP4 z0,z2,z3,t0,t1;
+
+ FP4_copy(&z3,&(w->b));
+ FP4_mul(&z0,&(w->a),&(y->a));
+ FP4_pmul(&z2,&(w->b),&(y->b).a);
+ FP4_add(&(w->b),&(w->a),&(w->b));
+ FP4_copy(&t1,&(y->a));
+ FP2_add(&t1.a,&t1.a,&(y->b).a);
+
+ FP4_mul(&(w->b),&(w->b),&t1);
+ FP4_add(&z3,&z3,&(w->c));
+ FP4_pmul(&z3,&z3,&(y->b).a);
+ FP4_neg(&t0,&z0);
+ FP4_neg(&t1,&z2);
+
+ FP4_add(&(w->b),&(w->b),&t0); // z1=z1-z0
+
+ FP4_norm(&(w->b));
+
+ FP4_add(&(w->b),&(w->b),&t1); // z1=z1-z2
+
+ FP4_add(&z3,&z3,&t1); // z3=z3-z2
+ FP4_add(&z2,&z2,&t0); // z2=z2-z0
+
+ FP4_add(&t0,&(w->a),&(w->c));
+
+ FP4_mul(&t0,&(y->a),&t0);
+ FP4_add(&(w->c),&z2,&t0);
+
+ FP4_times_i(&z3);
+ FP4_add(&(w->a),&z0,&z3);
+
+ FP12_norm(w);
+}
+
+/* Set w=1/x */
+/* SU= 600 */
+void FP12_inv(FP12 *w,FP12 *x)
+{
+ FP4 f0,f1,f2,f3;
+ FP12_norm(x);
+
+ FP4_sqr(&f0,&(x->a));
+ FP4_mul(&f1,&(x->b),&(x->c));
+ FP4_times_i(&f1);
+ FP4_sub(&f0,&f0,&f1); /* y.a */
+
+ FP4_sqr(&f1,&(x->c));
+ FP4_times_i(&f1);
+ FP4_mul(&f2,&(x->a),&(x->b));
+ FP4_sub(&f1,&f1,&f2); /* y.b */
+
+ FP4_sqr(&f2,&(x->b));
+ FP4_mul(&f3,&(x->a),&(x->c));
+ FP4_sub(&f2,&f2,&f3); /* y.c */
+
+ FP4_mul(&f3,&(x->b),&f2);
+ FP4_times_i(&f3);
+ FP4_mul(&(w->a),&f0,&(x->a));
+ FP4_add(&f3,&(w->a),&f3);
+ FP4_mul(&(w->c),&f1,&(x->c));
+ FP4_times_i(&(w->c));
+
+ FP4_add(&f3,&(w->c),&f3);
+ FP4_inv(&f3,&f3);
+
+ FP4_mul(&(w->a),&f0,&f3);
+ FP4_mul(&(w->b),&f1,&f3);
+ FP4_mul(&(w->c),&f2,&f3);
+
+}
+
+/* constant time powering by small integer of max length bts */
+
+void FP12_pinpow(FP12 *r,int e,int bts)
+{
+ int i,b;
+ FP12 R[2];
+
+ FP12_one(&R[0]);
+ FP12_copy(&R[1],r);
+
+ for (i=bts-1; i>=0; i--)
+ {
+ b=(e>>i)&1;
+ FP12_mul(&R[1-b],&R[b]);
+ FP12_usqr(&R[b],&R[b]);
+ }
+ FP12_copy(r,&R[0]);
+}
+
+/* SU= 528 */
+/* set r=a^b */
+/* Note this is simple square and multiply, so not side-channel safe */
+
+void FP12_pow(FP12 *r,FP12 *a,BIG b)
+{
+ FP12 w;
+ BIG z,zilch;
+ int bt;
+ BIG_zero(zilch);
+ BIG_norm(b);
+ BIG_copy(z,b);
+ FP12_copy(&w,a);
+ FP12_one(r);
+
+ while(1)
+ {
+ bt=BIG_parity(z);
+ BIG_shr(z,1);
+ if (bt)
+ FP12_mul(r,&w);
+ if (BIG_comp(z,zilch)==0) break;
+ FP12_usqr(&w,&w);
+ }
+
+ FP12_reduce(r);
+}
+
+/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
+/* Timing attack secure, but not cache attack secure */
+
+void FP12_pow4(FP12 *p,FP12 *q,BIG u[4])
+{
+ int i,j,a[4],nb,m;
+ FP12 g[8],c,s[2];
+ BIG t[4],mt;
+ sign8 w[NLEN*BASEBITS+1];
+
+ for (i=0; i<4; i++)
+ BIG_copy(t[i],u[i]);
+
+ FP12_copy(&g[0],&q[0]);
+ FP12_conj(&s[0],&q[1]);
+ FP12_mul(&g[0],&s[0]); /* P/Q */
+ FP12_copy(&g[1],&g[0]);
+ FP12_copy(&g[2],&g[0]);
+ FP12_copy(&g[3],&g[0]);
+ FP12_copy(&g[4],&q[0]);
+ FP12_mul(&g[4],&q[1]); /* P*Q */
+ FP12_copy(&g[5],&g[4]);
+ FP12_copy(&g[6],&g[4]);
+ FP12_copy(&g[7],&g[4]);
+
+ FP12_copy(&s[1],&q[2]);
+ FP12_conj(&s[0],&q[3]);
+ FP12_mul(&s[1],&s[0]); /* R/S */
+ FP12_conj(&s[0],&s[1]);
+ FP12_mul(&g[1],&s[0]);
+ FP12_mul(&g[2],&s[1]);
+ FP12_mul(&g[5],&s[0]);
+ FP12_mul(&g[6],&s[1]);
+ FP12_copy(&s[1],&q[2]);
+ FP12_mul(&s[1],&q[3]); /* R*S */
+ FP12_conj(&s[0],&s[1]);
+ FP12_mul(&g[0],&s[0]);
+ FP12_mul(&g[3],&s[1]);
+ FP12_mul(&g[4],&s[0]);
+ FP12_mul(&g[7],&s[1]);
+
+ /* if power is even add 1 to power, and add q to correction */
+ FP12_one(&c);
+
+ BIG_zero(mt);
+ for (i=0; i<4; i++)
+ {
+ if (BIG_parity(t[i])==0)
+ {
+ BIG_inc(t[i],1);
+ BIG_norm(t[i]);
+ FP12_mul(&c,&q[i]);
+ }
+ BIG_add(mt,mt,t[i]);
+ BIG_norm(mt);
+ }
+
+ FP12_conj(&c,&c);
+ nb=1+BIG_nbits(mt);
+
+ /* convert exponent to signed 1-bit window */
+ for (j=0; j<nb; j++)
+ {
+ for (i=0; i<4; i++)
+ {
+ a[i]=BIG_lastbits(t[i],2)-2;
+ BIG_dec(t[i],a[i]);
+ BIG_norm(t[i]);
+ BIG_fshr(t[i],1);
+ }
+ w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
+ }
+ w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
+ FP12_copy(p,&g[(w[nb]-1)/2]);
+
+ for (i=nb-1; i>=0; i--)
+ {
+ m=w[i]>>7;
+ j=(w[i]^m)-m; /* j=abs(w[i]) */
+ j=(j-1)/2;
+ FP12_copy(&s[0],&g[j]);
+ FP12_conj(&s[1],&g[j]);
+ FP12_usqr(p,p);
+ FP12_mul(p,&s[m&1]);
+ }
+ FP12_mul(p,&c); /* apply correction */
+ FP12_reduce(p);
+}
+
+/* Set w=w^p using Frobenius */
+/* SU= 160 */
+void FP12_frob(FP12 *w,FP2 *f)
+{
+ FP2 f2,f3;
+ FP2_sqr(&f2,f); /* f2=f^2 */
+ FP2_mul(&f3,&f2,f); /* f3=f^3 */
+
+ FP4_frob(&(w->a),&f3);
+ FP4_frob(&(w->b),&f3);
+ FP4_frob(&(w->c),&f3);
+
+ FP4_pmul(&(w->b),&(w->b),f);
+ FP4_pmul(&(w->c),&(w->c),&f2);
+}
+
+/* SU= 8 */
+/* normalise all components of w */
+void FP12_norm(FP12 *w)
+{
+ FP4_norm(&(w->a));
+ FP4_norm(&(w->b));
+ FP4_norm(&(w->c));
+}
+
+/* SU= 8 */
+/* reduce all components of w */
+void FP12_reduce(FP12 *w)
+{
+ FP4_reduce(&(w->a));
+ FP4_reduce(&(w->b));
+ FP4_reduce(&(w->c));
+}
+
+/* trace function w=trace(x) */
+/* SU= 8 */
+void FP12_trace(FP4 *w,FP12 *x)
+{
+ FP4_imul(w,&(x->a),3);
+ FP4_reduce(w);
+}
+
+/* SU= 8 */
+/* Output w in hex */
+void FP12_output(FP12 *w)
+{
+ printf("[");
+ FP4_output(&(w->a));
+ printf(",");
+ FP4_output(&(w->b));
+ printf(",");
+ FP4_output(&(w->c));
+ printf("]");
+}
+
+/* SU= 64 */
+/* Convert g to octet string w */
+void FP12_toOctet(octet *W,FP12 *g)
+{
+ BIG a;
+ W->len=12*MODBYTES;
+
+ BIG_copy(a,(*g).a.a.a);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[0]),a);
+ BIG_copy(a,(*g).a.a.b);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[MODBYTES]),a);
+ BIG_copy(a,(*g).a.b.a);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[2*MODBYTES]),a);
+ BIG_copy(a,(*g).a.b.b);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[3*MODBYTES]),a);
+ BIG_copy(a,(*g).b.a.a);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[4*MODBYTES]),a);
+ BIG_copy(a,(*g).b.a.b);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[5*MODBYTES]),a);
+ BIG_copy(a,(*g).b.b.a);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[6*MODBYTES]),a);
+ BIG_copy(a,(*g).b.b.b);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[7*MODBYTES]),a);
+ BIG_copy(a,(*g).c.a.a);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[8*MODBYTES]),a);
+ BIG_copy(a,(*g).c.a.b);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[9*MODBYTES]),a);
+ BIG_copy(a,(*g).c.b.a);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[10*MODBYTES]),a);
+ BIG_copy(a,(*g).c.b.b);
+ FP_redc(a);
+ BIG_toBytes(&(W->val[11*MODBYTES]),a);
+}
+
+/* SU= 24 */
+/* Restore g from octet string w */
+void FP12_fromOctet(FP12 *g,octet *W)
+{
+ BIG_fromBytes((*g).a.a.a,&W->val[0]);
+ FP_nres((*g).a.a.a);
+ BIG_fromBytes((*g).a.a.b,&W->val[MODBYTES]);
+ FP_nres((*g).a.a.b);
+ BIG_fromBytes((*g).a.b.a,&W->val[2*MODBYTES]);
+ FP_nres((*g).a.b.a);
+ BIG_fromBytes((*g).a.b.b,&W->val[3*MODBYTES]);
+ FP_nres((*g).a.b.b);
+ BIG_fromBytes((*g).b.a.a,&W->val[4*MODBYTES]);
+ FP_nres((*g).b.a.a);
+ BIG_fromBytes((*g).b.a.b,&W->val[5*MODBYTES]);
+ FP_nres((*g).b.a.b);
+ BIG_fromBytes((*g).b.b.a,&W->val[6*MODBYTES]);
+ FP_nres((*g).b.b.a);
+ BIG_fromBytes((*g).b.b.b,&W->val[7*MODBYTES]);
+ FP_nres((*g).b.b.b);
+ BIG_fromBytes((*g).c.a.a,&W->val[8*MODBYTES]);
+ FP_nres((*g).c.a.a);
+ BIG_fromBytes((*g).c.a.b,&W->val[9*MODBYTES]);
+ FP_nres((*g).c.a.b);
+ BIG_fromBytes((*g).c.b.a,&W->val[10*MODBYTES]);
+ FP_nres((*g).c.b.a);
+ BIG_fromBytes((*g).c.b.b,&W->val[11*MODBYTES]);
+ FP_nres((*g).c.b.b);
+}
+
+/*
+int main(){
+ FP2 f,w0,w1;
+ FP4 t0,t1,t2;
+ FP12 w,t,lv;
+ BIG a,b;
+ BIG p;
+
+ //Test w^(P^4) = w mod p^2
+// BIG_randomnum(a);
+// BIG_randomnum(b);
+// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
+ BIG_zero(a); BIG_zero(b); BIG_inc(a,1); BIG_inc(b,2); FP_nres(a); FP_nres(b);
+ FP2_from_zps(&w0,a,b);
+
+// BIG_randomnum(a); BIG_randomnum(b);
+// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
+ BIG_zero(a); BIG_zero(b); BIG_inc(a,3); BIG_inc(b,4); FP_nres(a); FP_nres(b);
+ FP2_from_zps(&w1,a,b);
+
+ FP4_from_FP2s(&t0,&w0,&w1);
+ FP4_reduce(&t0);
+
+// BIG_randomnum(a);
+// BIG_randomnum(b);
+// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
+ BIG_zero(a); BIG_zero(b); BIG_inc(a,5); BIG_inc(b,6); FP_nres(a); FP_nres(b);
+ FP2_from_zps(&w0,a,b);
+
+// BIG_randomnum(a); BIG_randomnum(b);
+// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
+
+ BIG_zero(a); BIG_zero(b); BIG_inc(a,7); BIG_inc(b,8); FP_nres(a); FP_nres(b);
+ FP2_from_zps(&w1,a,b);
+
+ FP4_from_FP2s(&t1,&w0,&w1);
+ FP4_reduce(&t1);
+
+// BIG_randomnum(a);
+// BIG_randomnum(b);
+// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
+ BIG_zero(a); BIG_zero(b); BIG_inc(a,9); BIG_inc(b,10); FP_nres(a); FP_nres(b);
+ FP2_from_zps(&w0,a,b);
+
+// BIG_randomnum(a); BIG_randomnum(b);
+// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
+ BIG_zero(a); BIG_zero(b); BIG_inc(a,11); BIG_inc(b,12); FP_nres(a); FP_nres(b);
+ FP2_from_zps(&w1,a,b);
+
+ FP4_from_FP2s(&t2,&w0,&w1);
+ FP4_reduce(&t2);
+
+ FP12_from_FP4s(&w,&t0,&t1,&t2);
+
+ FP12_copy(&t,&w);
+
+ printf("w= ");
+ FP12_output(&w);
+ printf("\n");
+
+ BIG_rcopy(p,Modulus);
+ //BIG_zero(p); BIG_inc(p,7);
+
+ FP12_pow(&w,&w,p);
+
+ printf("w^p= ");
+ FP12_output(&w);
+ printf("\n");
+
+ FP2_gfc(&f,12);
+ FP12_frob(&t,&f);
+ printf("w^p= ");
+ FP12_output(&t);
+ printf("\n");
+
+//exit(0);
+
+ FP12_pow(&w,&w,p);
+ //printf("w^p^2= ");
+ //FP12_output(&w);
+ //printf("\n");
+ FP12_pow(&w,&w,p);
+ //printf("w^p^3= ");
+ //FP12_output(&w);
+ //printf("\n");
+ FP12_pow(&w,&w,p);
+ FP12_pow(&w,&w,p);
+ FP12_pow(&w,&w,p);
+ printf("w^p^6= ");
+ FP12_output(&w);
+ printf("\n");
+ FP12_pow(&w,&w,p);
+ FP12_pow(&w,&w,p);
+ printf("w^p^8= ");
+ FP12_output(&w);
+ printf("\n");
+ FP12_pow(&w,&w,p);
+ FP12_pow(&w,&w,p);
+ FP12_pow(&w,&w,p);
+ printf("w^p^11= ");
+ FP12_output(&w);
+ printf("\n");
+
+ // BIG_zero(p); BIG_inc(p,7); BIG_norm(p);
+ FP12_pow(&w,&w,p);
+
+ printf("w^p12= ");
+ FP12_output(&w);
+ printf("\n");
+//exit(0);
+
+ FP12_inv(&t,&w);
+ printf("1/w mod p^4 = ");
+ FP12_output(&t);
+ printf("\n");
+
+ FP12_inv(&w,&t);
+ printf("1/(1/w) mod p^4 = ");
+ FP12_output(&w);
+ printf("\n");
+
+
+
+ FP12_inv(&lv,&w);
+//printf("w= "); FP12_output(&w); printf("\n");
+ FP12_conj(&w,&w);
+//printf("w= "); FP12_output(&w); printf("\n");
+//exit(0);
+ FP12_mul(&w,&w,&lv);
+//printf("w= "); FP12_output(&w); printf("\n");
+ FP12_copy(&lv,&w);
+ FP12_frob(&w,&f);
+ FP12_frob(&w,&f);
+ FP12_mul(&w,&w,&lv);
+
+//printf("w= "); FP12_output(&w); printf("\n");
+//exit(0);
+
+w.unitary=0;
+FP12_conj(&lv,&w);
+ printf("rx= "); FP12_output(&lv); printf("\n");
+FP12_inv(&lv,&w);
+ printf("ry= "); FP12_output(&lv); printf("\n");
+
+
+ return 0;
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/fp2.c
----------------------------------------------------------------------
diff --git a/version22/c/fp2.c b/version22/c/fp2.c
new file mode 100644
index 0000000..93aa31e
--- /dev/null
+++ b/version22/c/fp2.c
@@ -0,0 +1,435 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL Fp^2 functions */
+/* SU=m, m is Stack Usage (no lazy )*/
+
+/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
+
+#include "amcl.h"
+
+/* test x==0 ? */
+/* SU= 8 */
+int FP2_iszilch(FP2 *x)
+{
+ FP2_reduce(x);
+ if (BIG_iszilch(x->a) && BIG_iszilch(x->b)) return 1;
+ return 0;
+}
+
+/* Move b to a if d=1 */
+void FP2_cmove(FP2 *f,FP2 *g,int d)
+{
+ BIG_cmove(f->a,g->a,d);
+ BIG_cmove(f->b,g->b,d);
+}
+
+/* test x==1 ? */
+/* SU= 48 */
+int FP2_isunity(FP2 *x)
+{
+ BIG one;
+ FP_one(one);
+ FP2_reduce(x);
+ if (BIG_comp(x->a,one)==0 && BIG_iszilch(x->b)) return 1;
+ return 0;
+}
+
+/* SU= 8 */
+/* Fully reduce a and b mod Modulus */
+void FP2_reduce(FP2 *w)
+{
+ FP_reduce(w->a);
+ FP_reduce(w->b);
+}
+
+/* return 1 if x==y, else 0 */
+/* SU= 16 */
+int FP2_equals(FP2 *x,FP2 *y)
+{
+ FP2_reduce(x);
+ FP2_reduce(y);
+ if (BIG_comp(x->a,y->a)==0 && BIG_comp(x->b,y->b)==0)
+ return 1;
+ return 0;
+}
+
+/* Create FP2 from two FPs */
+/* SU= 16 */
+void FP2_from_FPs(FP2 *w,BIG x,BIG y)
+{
+ BIG_copy(w->a,x);
+ BIG_copy(w->b,y);
+}
+
+/* Create FP2 from two BIGS */
+/* SU= 16 */
+void FP2_from_BIGs(FP2 *w,BIG x,BIG y)
+{
+ BIG_copy(w->a,x);
+ BIG_copy(w->b,y);
+ FP_nres(w->a);
+ FP_nres(w->b);
+}
+
+/* Create FP2 from FP */
+/* SU= 8 */
+void FP2_from_FP(FP2 *w,BIG x)
+{
+ BIG_copy(w->a,x);
+ BIG_zero(w->b);
+}
+
+/* Create FP2 from BIG */
+/* SU= 8 */
+void FP2_from_BIG(FP2 *w,BIG x)
+{
+ BIG_copy(w->a,x);
+ FP_nres(w->a);
+ BIG_zero(w->b);
+}
+
+/* FP2 copy w=x */
+/* SU= 16 */
+void FP2_copy(FP2 *w,FP2 *x)
+{
+ if (w==x) return;
+ BIG_copy(w->a,x->a);
+ BIG_copy(w->b,x->b);
+}
+
+/* FP2 set w=0 */
+/* SU= 8 */
+void FP2_zero(FP2 *w)
+{
+ BIG_zero(w->a);
+ BIG_zero(w->b);
+}
+
+/* FP2 set w=1 */
+/* SU= 48 */
+void FP2_one(FP2 *w)
+{
+ BIG one;
+ FP_one(one);
+ FP2_from_FP(w,one);
+}
+
+/* Set w=-x */
+/* SU= 88 */
+void FP2_neg(FP2 *w,FP2 *x)
+{
+ /* Just one neg! */
+ BIG m,t;
+ FP2_norm(x);
+ FP_add(m,x->a,x->b);
+ FP_neg(m,m);
+ BIG_norm(m);
+ FP_add(t,m,x->b);
+ FP_add(w->b,m,x->a);
+ BIG_copy(w->a,t);
+}
+
+/* Set w=conj(x) */
+/* SU= 16 */
+void FP2_conj(FP2 *w,FP2 *x)
+{
+ BIG_copy(w->a,x->a);
+ FP_neg(w->b,x->b);
+}
+
+/* Set w=x+y */
+/* SU= 16 */
+void FP2_add(FP2 *w,FP2 *x,FP2 *y)
+{
+ FP_add(w->a,x->a,y->a);
+ FP_add(w->b,x->b,y->b);
+}
+
+/* Set w=x-y */
+/* SU= 16 */
+void FP2_sub(FP2 *w,FP2 *x,FP2 *y)
+{
+ FP2 m;
+ FP2_neg(&m,y);
+ FP2_add(w,x,&m);
+}
+
+/* Set w=s*x, where s is FP */
+/* SU= 16 */
+void FP2_pmul(FP2 *w,FP2 *x,BIG s)
+{
+ FP_mul(w->a,x->a,s);
+ FP_mul(w->b,x->b,s);
+}
+
+/* SU= 16 */
+/* Set w=s*x, where s is int */
+void FP2_imul(FP2 *w,FP2 *x,int s)
+{
+ FP_imul(w->a,x->a,s);
+ FP_imul(w->b,x->b,s);
+}
+
+/* Set w=x^2 */
+/* SU= 128 */
+void FP2_sqr(FP2 *w,FP2 *x)
+{
+ BIG w1,w3,mb;
+
+ FP_mul(w3,x->a,x->b); /* norms x */
+ FP_add(w1,x->a,x->b); /* w1#2 w1=2 */
+ FP_neg(mb,x->b); /* mb#2 mb=1 */
+ FP_add(w->a,x->a,mb); /* w2#3 w2=3 */
+ FP_mul(w->a,w1,w->a); /* w->a#2 w->a=1 w1&w2=6 w1*w2=2 */
+
+ FP_add(w->b,w3,w3); /* w->b#4 w->b=2 */
+
+ FP2_norm(w);
+
+}
+
+
+/* Set w=x*y */
+/* SU= 168 */
+void FP2_mul(FP2 *w,FP2 *x,FP2 *y)
+{
+ BIG w1,w2,w5,mw;
+
+ FP_mul(w1,x->a,y->a); /* norms x */
+ FP_mul(w2,x->b,y->b); /* and y */
+
+ FP_add(w5,x->a,x->b);
+
+ FP_add(w->b,y->a,y->b);
+
+ FP_mul(w->b,w->b,w5);
+ FP_add(mw,w1,w2);
+ FP_neg(mw,mw);
+
+ FP_add(w->b,w->b,mw);
+ FP_add(mw,w1,mw);
+ FP_add(w->a,w1,mw);
+
+ FP2_norm(w);
+
+}
+
+/* output FP2 in hex format [a,b] */
+/* SU= 16 */
+void FP2_output(FP2 *w)
+{
+ FP2_reduce(w);
+ FP_redc(w->a);
+ FP_redc(w->b);
+ printf("[");
+ BIG_output(w->a);
+ printf(",");
+ BIG_output(w->b);
+ printf("]");
+ FP_nres(w->a);
+ FP_nres(w->b);
+}
+
+/* SU= 8 */
+void FP2_rawoutput(FP2 *w)
+{
+ printf("[");
+ BIG_rawoutput(w->a);
+ printf(",");
+ BIG_rawoutput(w->b);
+ printf("]");
+}
+
+
+/* Set w=1/x */
+/* SU= 128 */
+void FP2_inv(FP2 *w,FP2 *x)
+{
+ BIG m,w1,w2;
+ BIG_rcopy(m,Modulus);
+ FP2_norm(x);
+ FP_sqr(w1,x->a);
+ FP_sqr(w2,x->b);
+ FP_add(w1,w1,w2);
+
+ FP_redc(w1);
+ BIG_invmodp(w1,w1,m);
+ FP_nres(w1);
+ FP_mul(w->a,x->a,w1);
+ FP_neg(w1,w1);
+ FP_mul(w->b,x->b,w1);
+// FP2_norm(w);
+}
+
+
+/* Set w=x/2 */
+/* SU= 16 */
+void FP2_div2(FP2 *w,FP2 *x)
+{
+ FP_div2(w->a,x->a);
+ FP_div2(w->b,x->b);
+}
+
+/* Set w*=(1+sqrt(-1)) */
+/* where X^2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
+
+/* SU= 128 */
+void FP2_mul_ip(FP2 *w)
+{
+ FP2 t;
+ BIG z;
+
+ FP2_norm(w);
+ FP2_copy(&t,w);
+
+ BIG_copy(z,w->a);
+ FP_neg(w->a,w->b);
+ BIG_copy(w->b,z);
+
+ FP2_add(w,&t,w);
+ FP2_norm(w);
+}
+
+/* Set w/=(1+sqrt(-1)) */
+/* SU= 88 */
+void FP2_div_ip(FP2 *w)
+{
+ FP2 t;
+ FP2_norm(w);
+ FP_add(t.a,w->a,w->b);
+ FP_sub(t.b,w->b,w->a);
+ FP2_div2(w,&t);
+}
+
+/* SU= 8 */
+/* normalise a and b components of w */
+void FP2_norm(FP2 *w)
+{
+ BIG_norm(w->a);
+ BIG_norm(w->b);
+}
+
+/* Set w=a^b mod m */
+/* SU= 208 */
+void FP2_pow(FP2 *r,FP2* a,BIG b)
+{
+ FP2 w;
+ BIG z,one,zilch;
+ int bt;
+
+ BIG_norm(b);
+ BIG_copy(z,b);
+ FP2_copy(&w,a);
+ FP_one(one);
+ BIG_zero(zilch);
+ FP2_from_FP(r,one);
+ while(1)
+ {
+ bt=BIG_parity(z);
+ BIG_shr(z,1);
+ if (bt) FP2_mul(r,r,&w);
+ if (BIG_comp(z,zilch)==0) break;
+ FP2_sqr(&w,&w);
+ }
+ FP2_reduce(r);
+}
+
+/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
+/* returns true if u is QR */
+
+int FP2_sqrt(FP2 *w,FP2 *u)
+{
+ BIG w1,w2,q;
+ FP2_copy(w,u);
+ if (FP2_iszilch(w)) return 1;
+
+ BIG_rcopy(q,Modulus);
+ FP_sqr(w1,w->b);
+ FP_sqr(w2,w->a);
+ FP_add(w1,w1,w2);
+ if (!FP_qr(w1))
+ {
+ FP2_zero(w);
+ return 0;
+ }
+ FP_sqrt(w1,w1);
+ FP_add(w2,w->a,w1);
+ FP_div2(w2,w2);
+ if (!FP_qr(w2))
+ {
+ FP_sub(w2,w->a,w1);
+ FP_div2(w2,w2);
+ if (!FP_qr(w2))
+ {
+ FP2_zero(w);
+ return 0;
+ }
+ }
+ FP_sqrt(w2,w2);
+ BIG_copy(w->a,w2);
+ FP_add(w2,w2,w2);
+ FP_redc(w2);
+ BIG_invmodp(w2,w2,q);
+ FP_nres(w2);
+ FP_mul(w->b,w->b,w2);
+ return 1;
+}
+
+/*
+int main()
+{
+ int i;
+ FP2 w,z;
+ BIG a,b,e;
+ BIG pp1,pm1;
+ BIG_unity(a); BIG_unity(b);
+ FP2_from_BIGs(&w,a,b);
+// for (i=0;i<100;i++)
+// {
+// BIG_randomnum(a); BIG_randomnum(b);
+// BIG_mod(a,Modulus); BIG_mod(b,Modulus);
+// FP2_from_FPs(&w,a,b);
+// FP2_output(&w);
+// FP2_inv(&z,&w);
+// FP2_output(&z);
+// FP2_inv(&z,&z);
+// FP2_output(&z);
+// FP2_output(&w);
+// if (FP2_comp(&w,&z)!=1) printf("error \n");
+// else printf("OK \n");
+// }
+//exit(0);
+ printf("w= "); FP2_output(&w); printf("\n");
+ BIG_zero(e); BIG_inc(e,27);
+ FP2_pow(&w,&w,e);
+ FP2_output(&w);
+exit(0);
+ BIG_rcopy(pp1,Modulus);
+ BIG_rcopy(pm1,Modulus);
+ BIG_inc(pp1,1);
+ BIG_dec(pm1,1);
+ BIG_norm(pp1);
+ BIG_norm(pm1);
+ FP2_pow(&w,&w,pp1);
+ FP2_pow(&w,&w,pm1);
+ FP2_output(&w);
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/fp4.c
----------------------------------------------------------------------
diff --git a/version22/c/fp4.c b/version22/c/fp4.c
new file mode 100644
index 0000000..f61811f
--- /dev/null
+++ b/version22/c/fp4.c
@@ -0,0 +1,651 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL Fp^4 functions */
+/* SU=m, m is Stack Usage (no lazy )*/
+
+/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
+
+#include "amcl.h"
+
+/* test x==0 ? */
+/* SU= 8 */
+int FP4_iszilch(FP4 *x)
+{
+ if (FP2_iszilch(&(x->a)) && FP2_iszilch(&(x->b))) return 1;
+ return 0;
+}
+
+/* test x==1 ? */
+/* SU= 8 */
+int FP4_isunity(FP4 *x)
+{
+ if (FP2_isunity(&(x->a)) && FP2_iszilch(&(x->b))) return 1;
+ return 0;
+}
+
+/* test is w real? That is in a+ib test b is zero */
+int FP4_isreal(FP4 *w)
+{
+ return FP2_iszilch(&(w->b));
+}
+
+/* return 1 if x==y, else 0 */
+/* SU= 16 */
+int FP4_equals(FP4 *x,FP4 *y)
+{
+ if (FP2_equals(&(x->a),&(y->a)) && FP2_equals(&(x->b),&(y->b)))
+ return 1;
+ return 0;
+}
+
+/* set FP4 from two FP2s */
+/* SU= 16 */
+void FP4_from_FP2s(FP4 *w,FP2 * x,FP2* y)
+{
+ FP2_copy(&(w->a), x);
+ FP2_copy(&(w->b), y);
+}
+
+/* set FP4 from FP2 */
+/* SU= 8 */
+void FP4_from_FP2(FP4 *w,FP2 *x)
+{
+ FP2_copy(&(w->a), x);
+ FP2_zero(&(w->b));
+}
+
+/* FP4 copy w=x */
+/* SU= 16 */
+void FP4_copy(FP4 *w,FP4 *x)
+{
+ if (w==x) return;
+ FP2_copy(&(w->a), &(x->a));
+ FP2_copy(&(w->b), &(x->b));
+}
+
+/* FP4 w=0 */
+/* SU= 8 */
+void FP4_zero(FP4 *w)
+{
+ FP2_zero(&(w->a));
+ FP2_zero(&(w->b));
+}
+
+/* FP4 w=1 */
+/* SU= 8 */
+void FP4_one(FP4 *w)
+{
+ FP2_one(&(w->a));
+ FP2_zero(&(w->b));
+}
+
+/* Set w=-x */
+/* SU= 160 */
+void FP4_neg(FP4 *w,FP4 *x)
+{
+ /* Just one field neg */
+ FP2 m,t;
+ FP2_add(&m,&(x->a),&(x->b));
+ FP2_neg(&m,&m);
+ FP2_norm(&m);
+ FP2_add(&t,&m,&(x->b));
+ FP2_add(&(w->b),&m,&(x->a));
+ FP2_copy(&(w->a),&t);
+}
+
+/* Set w=conj(x) */
+/* SU= 16 */
+void FP4_conj(FP4 *w,FP4 *x)
+{
+ FP2_copy(&(w->a), &(x->a));
+ FP2_neg(&(w->b), &(x->b));
+ FP2_norm(&(w->b));
+}
+
+/* Set w=-conj(x) */
+/* SU= 16 */
+void FP4_nconj(FP4 *w,FP4 *x)
+{
+ FP2_copy(&(w->b),&(x->b));
+ FP2_neg(&(w->a), &(x->a));
+ FP2_norm(&(w->a));
+}
+
+/* Set w=x+y */
+/* SU= 16 */
+void FP4_add(FP4 *w,FP4 *x,FP4 *y)
+{
+ FP2_add(&(w->a), &(x->a), &(y->a));
+ FP2_add(&(w->b), &(x->b), &(y->b));
+}
+
+/* Set w=x-y */
+/* SU= 160 */
+void FP4_sub(FP4 *w,FP4 *x,FP4 *y)
+{
+ FP4 my;
+ FP4_neg(&my, y);
+ FP4_add(w, x, &my);
+
+}
+/* SU= 8 */
+/* reduce all components of w mod Modulus */
+void FP4_reduce(FP4 *w)
+{
+ FP2_reduce(&(w->a));
+ FP2_reduce(&(w->b));
+}
+
+/* SU= 8 */
+/* normalise all elements of w */
+void FP4_norm(FP4 *w)
+{
+ FP2_norm(&(w->a));
+ FP2_norm(&(w->b));
+}
+
+/* Set w=s*x, where s is FP2 */
+/* SU= 16 */
+void FP4_pmul(FP4 *w,FP4 *x,FP2 *s)
+{
+ FP2_mul(&(w->a),&(x->a),s);
+ FP2_mul(&(w->b),&(x->b),s);
+}
+
+/* SU= 16 */
+/* Set w=s*x, where s is int */
+void FP4_imul(FP4 *w,FP4 *x,int s)
+{
+ FP2_imul(&(w->a),&(x->a),s);
+ FP2_imul(&(w->b),&(x->b),s);
+}
+
+/* Set w=x^2 */
+/* SU= 232 */
+void FP4_sqr(FP4 *w,FP4 *x)
+{
+ FP2 t1,t2,t3;
+
+ FP2_mul(&t3,&(x->a),&(x->b)); /* norms x */
+ FP2_copy(&t2,&(x->b));
+ FP2_add(&t1,&(x->a),&(x->b));
+ FP2_mul_ip(&t2);
+
+ FP2_add(&t2,&(x->a),&t2);
+
+ FP2_mul(&(w->a),&t1,&t2);
+
+ FP2_copy(&t2,&t3);
+ FP2_mul_ip(&t2);
+
+ FP2_add(&t2,&t2,&t3);
+
+ FP2_neg(&t2,&t2);
+ FP2_add(&(w->a),&(w->a),&t2); /* a=(a+b)(a+i^2.b)-i^2.ab-ab = a*a+ib*ib */
+ FP2_add(&(w->b),&t3,&t3); /* b=2ab */
+
+ FP4_norm(w);
+}
+
+/* Set w=x*y */
+/* SU= 312 */
+void FP4_mul(FP4 *w,FP4 *x,FP4 *y)
+{
+
+ FP2 t1,t2,t3,t4;
+ FP2_mul(&t1,&(x->a),&(y->a)); /* norms x */
+ FP2_mul(&t2,&(x->b),&(y->b)); /* and y */
+ FP2_add(&t3,&(y->b),&(y->a));
+ FP2_add(&t4,&(x->b),&(x->a));
+
+
+ FP2_mul(&t4,&t4,&t3); /* (xa+xb)(ya+yb) */
+ FP2_sub(&t4,&t4,&t1);
+ FP2_norm(&t4);
+
+ FP2_sub(&(w->b),&t4,&t2);
+ FP2_mul_ip(&t2);
+ FP2_add(&(w->a),&t2,&t1);
+
+ FP4_norm(w);
+}
+
+/* output FP4 in format [a,b] */
+/* SU= 8 */
+void FP4_output(FP4 *w)
+{
+ printf("[");
+ FP2_output(&(w->a));
+ printf(",");
+ FP2_output(&(w->b));
+ printf("]");
+}
+
+/* SU= 8 */
+void FP4_rawoutput(FP4 *w)
+{
+ printf("[");
+ FP2_rawoutput(&(w->a));
+ printf(",");
+ FP2_rawoutput(&(w->b));
+ printf("]");
+}
+
+/* Set w=1/x */
+/* SU= 160 */
+void FP4_inv(FP4 *w,FP4 *x)
+{
+ FP2 t1,t2;
+ FP2_sqr(&t1,&(x->a));
+ FP2_sqr(&t2,&(x->b));
+ FP2_mul_ip(&t2);
+ FP2_sub(&t1,&t1,&t2);
+ FP2_inv(&t1,&t1);
+ FP2_mul(&(w->a),&t1,&(x->a));
+ FP2_neg(&t1,&t1);
+ FP2_mul(&(w->b),&t1,&(x->b));
+}
+
+/* w*=i where i = sqrt(-1+sqrt(-1)) */
+/* SU= 200 */
+void FP4_times_i(FP4 *w)
+{
+ BIG z;
+ FP2 s,t;
+
+ FP4_norm(w);
+ FP2_copy(&t,&(w->b));
+
+ FP2_copy(&s,&t);
+
+ BIG_copy(z,s.a);
+ FP_neg(s.a,s.b);
+ BIG_copy(s.b,z);
+
+ FP2_add(&t,&t,&s);
+ FP2_norm(&t);
+
+ FP2_copy(&(w->b),&(w->a));
+ FP2_copy(&(w->a),&t);
+}
+
+/* Set w=w^p using Frobenius */
+/* SU= 16 */
+void FP4_frob(FP4 *w,FP2 *f)
+{
+ FP2_conj(&(w->a),&(w->a));
+ FP2_conj(&(w->b),&(w->b));
+ FP2_mul( &(w->b),f,&(w->b));
+}
+
+/* Set r=a^b mod m */
+/* SU= 240 */
+void FP4_pow(FP4 *r,FP4* a,BIG b)
+{
+ FP4 w;
+ BIG z,zilch;
+ int bt;
+
+ BIG_zero(zilch);
+ BIG_norm(b);
+ BIG_copy(z,b);
+ FP4_copy(&w,a);
+ FP4_one(r);
+
+ while(1)
+ {
+ bt=BIG_parity(z);
+ BIG_shr(z,1);
+ if (bt) FP4_mul(r,r,&w);
+ if (BIG_comp(z,zilch)==0) break;
+ FP4_sqr(&w,&w);
+ }
+ FP4_reduce(r);
+}
+
+/* SU= 304 */
+/* XTR xtr_a function */
+void FP4_xtr_A(FP4 *r,FP4 *w,FP4 *x,FP4 *y,FP4 *z)
+{
+ FP4 t1,t2;
+
+ FP4_copy(r,x);
+
+ FP4_sub(&t1,w,y);
+
+ FP4_pmul(&t1,&t1,&(r->a));
+ FP4_add(&t2,w,y);
+ FP4_pmul(&t2,&t2,&(r->b));
+ FP4_times_i(&t2);
+
+ FP4_add(r,&t1,&t2);
+ FP4_add(r,r,z);
+
+ FP4_norm(r);
+}
+
+/* SU= 152 */
+/* XTR xtr_d function */
+void FP4_xtr_D(FP4 *r,FP4 *x)
+{
+ FP4 w;
+ FP4_copy(r,x);
+ FP4_conj(&w,r);
+ FP4_add(&w,&w,&w);
+ FP4_sqr(r,r);
+ FP4_sub(r,r,&w);
+ FP4_reduce(r); /* reduce here as multiple calls trigger automatic reductions */
+}
+
+/* SU= 728 */
+/* r=x^n using XTR method on traces of FP12s */
+void FP4_xtr_pow(FP4 *r,FP4 *x,BIG n)
+{
+ int i,par,nb;
+ BIG v;
+ FP2 w;
+ FP4 t,a,b,c;
+
+ BIG_zero(v);
+ BIG_inc(v,3);
+ FP2_from_BIG(&w,v);
+ FP4_from_FP2(&a,&w);
+ FP4_copy(&b,x);
+ FP4_xtr_D(&c,x);
+
+ BIG_norm(n);
+ par=BIG_parity(n);
+ BIG_copy(v,n);
+ BIG_shr(v,1);
+ if (par==0)
+ {
+ BIG_dec(v,1);
+ BIG_norm(v);
+ }
+
+ nb=BIG_nbits(v);
+
+ for (i=nb-1; i>=0; i--)
+ {
+ if (!BIG_bit(v,i))
+ {
+ FP4_copy(&t,&b);
+ FP4_conj(x,x);
+ FP4_conj(&c,&c);
+ FP4_xtr_A(&b,&a,&b,x,&c);
+ FP4_conj(x,x);
+ FP4_xtr_D(&c,&t);
+ FP4_xtr_D(&a,&a);
+ }
+ else
+ {
+ FP4_conj(&t,&a);
+ FP4_xtr_D(&a,&b);
+ FP4_xtr_A(&b,&c,&b,x,&t);
+ FP4_xtr_D(&c,&c);
+ }
+ }
+ if (par==0) FP4_copy(r,&c);
+ else FP4_copy(r,&b);
+ FP4_reduce(r);
+}
+
+/* SU= 872 */
+/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
+void FP4_xtr_pow2(FP4 *r,FP4 *ck,FP4 *cl,FP4 *ckml,FP4 *ckm2l,BIG a,BIG b)
+{
+ int i,f2;
+ BIG d,e,w;
+ FP4 t,cu,cv,cumv,cum2v;
+
+ BIG_norm(a);
+ BIG_norm(b);
+ BIG_copy(e,a);
+ BIG_copy(d,b);
+ FP4_copy(&cu,ck);
+ FP4_copy(&cv,cl);
+ FP4_copy(&cumv,ckml);
+ FP4_copy(&cum2v,ckm2l);
+
+ f2=0;
+ while (BIG_parity(d)==0 && BIG_parity(e)==0)
+ {
+ BIG_shr(d,1);
+ BIG_shr(e,1);
+ f2++;
+ }
+ while (BIG_comp(d,e)!=0)
+ {
+ if (BIG_comp(d,e)>0)
+ {
+ BIG_imul(w,e,4);
+ BIG_norm(w);
+ if (BIG_comp(d,w)<=0)
+ {
+ BIG_copy(w,d);
+ BIG_copy(d,e);
+ BIG_sub(e,w,e);
+ BIG_norm(e);
+ FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
+ FP4_conj(&cum2v,&cumv);
+ FP4_copy(&cumv,&cv);
+ FP4_copy(&cv,&cu);
+ FP4_copy(&cu,&t);
+ }
+ else if (BIG_parity(d)==0)
+ {
+ BIG_shr(d,1);
+ FP4_conj(r,&cum2v);
+ FP4_xtr_A(&t,&cu,&cumv,&cv,r);
+ FP4_xtr_D(&cum2v,&cumv);
+ FP4_copy(&cumv,&t);
+ FP4_xtr_D(&cu,&cu);
+ }
+ else if (BIG_parity(e)==1)
+ {
+ BIG_sub(d,d,e);
+ BIG_norm(d);
+ BIG_shr(d,1);
+ FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
+ FP4_xtr_D(&cu,&cu);
+ FP4_xtr_D(&cum2v,&cv);
+ FP4_conj(&cum2v,&cum2v);
+ FP4_copy(&cv,&t);
+ }
+ else
+ {
+ BIG_copy(w,d);
+ BIG_copy(d,e);
+ BIG_shr(d,1);
+ BIG_copy(e,w);
+ FP4_xtr_D(&t,&cumv);
+ FP4_conj(&cumv,&cum2v);
+ FP4_conj(&cum2v,&t);
+ FP4_xtr_D(&t,&cv);
+ FP4_copy(&cv,&cu);
+ FP4_copy(&cu,&t);
+ }
+ }
+ if (BIG_comp(d,e)<0)
+ {
+ BIG_imul(w,d,4);
+ BIG_norm(w);
+ if (BIG_comp(e,w)<=0)
+ {
+ BIG_sub(e,e,d);
+ BIG_norm(e);
+ FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
+ FP4_copy(&cum2v,&cumv);
+ FP4_copy(&cumv,&cu);
+ FP4_copy(&cu,&t);
+ }
+ else if (BIG_parity(e)==0)
+ {
+ BIG_copy(w,d);
+ BIG_copy(d,e);
+ BIG_shr(d,1);
+ BIG_copy(e,w);
+ FP4_xtr_D(&t,&cumv);
+ FP4_conj(&cumv,&cum2v);
+ FP4_conj(&cum2v,&t);
+ FP4_xtr_D(&t,&cv);
+ FP4_copy(&cv,&cu);
+ FP4_copy(&cu,&t);
+ }
+ else if (BIG_parity(d)==1)
+ {
+ BIG_copy(w,e);
+ BIG_copy(e,d);
+ BIG_sub(w,w,d);
+ BIG_norm(w);
+ BIG_copy(d,w);
+ BIG_shr(d,1);
+ FP4_xtr_A(&t,&cu,&cv,&cumv,&cum2v);
+ FP4_conj(&cumv,&cumv);
+ FP4_xtr_D(&cum2v,&cu);
+ FP4_conj(&cum2v,&cum2v);
+ FP4_xtr_D(&cu,&cv);
+ FP4_copy(&cv,&t);
+ }
+ else
+ {
+ BIG_shr(d,1);
+ FP4_conj(r,&cum2v);
+ FP4_xtr_A(&t,&cu,&cumv,&cv,r);
+ FP4_xtr_D(&cum2v,&cumv);
+ FP4_copy(&cumv,&t);
+ FP4_xtr_D(&cu,&cu);
+ }
+ }
+ }
+ FP4_xtr_A(r,&cu,&cv,&cumv,&cum2v);
+ for (i=0; i<f2; i++) FP4_xtr_D(r,r);
+ FP4_xtr_pow(r,r,d);
+}
+/*
+int main(){
+ FP2 w0,w1,f;
+ FP4 w,t;
+ FP4 c1,c2,c3,c4,cr;
+ BIG a,b;
+ BIG e,e1,e2;
+ BIG p,md;
+
+
+ BIG_rcopy(md,Modulus);
+ //Test w^(P^4) = w mod p^2
+ BIG_zero(a); BIG_inc(a,27);
+ BIG_zero(b); BIG_inc(b,45);
+ FP2_from_BIGs(&w0,a,b);
+
+ BIG_zero(a); BIG_inc(a,33);
+ BIG_zero(b); BIG_inc(b,54);
+ FP2_from_BIGs(&w1,a,b);
+
+ FP4_from_FP2s(&w,&w0,&w1);
+ FP4_reduce(&w);
+
+ printf("w= ");
+ FP4_output(&w);
+ printf("\n");
+
+
+ FP4_copy(&t,&w);
+
+
+ BIG_copy(p,md);
+ FP4_pow(&w,&w,p);
+
+ printf("w^p= ");
+ FP4_output(&w);
+ printf("\n");
+//exit(0);
+
+ BIG_rcopy(a,CURVE_Fra);
+ BIG_rcopy(b,CURVE_Frb);
+ FP2_from_BIGs(&f,a,b);
+
+ FP4_frob(&t,&f);
+ printf("w^p= ");
+ FP4_output(&t);
+ printf("\n");
+
+ FP4_pow(&w,&w,p);
+ FP4_pow(&w,&w,p);
+ FP4_pow(&w,&w,p);
+ printf("w^p4= ");
+ FP4_output(&w);
+ printf("\n");
+
+// Test 1/(1/x) = x mod p^4
+ FP4_from_FP2s(&w,&w0,&w1);
+ printf("Test Inversion \nw= ");
+ FP4_output(&w);
+ printf("\n");
+
+ FP4_inv(&w,&w);
+ printf("1/w mod p^4 = ");
+ FP4_output(&w);
+ printf("\n");
+
+ FP4_inv(&w,&w);
+ printf("1/(1/w) mod p^4 = ");
+ FP4_output(&w);
+ printf("\n");
+
+ BIG_zero(e); BIG_inc(e,12);
+
+
+
+ // FP4_xtr_A(&w,&t,&w,&t,&t);
+ FP4_xtr_pow(&w,&w,e);
+
+ printf("w^e= ");
+ FP4_output(&w);
+ printf("\n");
+
+
+ BIG_zero(a); BIG_inc(a,37);
+ BIG_zero(b); BIG_inc(b,17);
+ FP2_from_BIGs(&w0,a,b);
+
+ BIG_zero(a); BIG_inc(a,49);
+ BIG_zero(b); BIG_inc(b,31);
+ FP2_from_BIGs(&w1,a,b);
+
+ FP4_from_FP2s(&c1,&w0,&w1);
+ FP4_from_FP2s(&c2,&w0,&w1);
+ FP4_from_FP2s(&c3,&w0,&w1);
+ FP4_from_FP2s(&c4,&w0,&w1);
+
+ BIG_zero(e1); BIG_inc(e1,3331);
+ BIG_zero(e2); BIG_inc(e2,3372);
+
+ FP4_xtr_pow2(&w,&c1,&w,&c2,&c3,e1,e2);
+
+ printf("c^e= ");
+ FP4_output(&w);
+ printf("\n");
+
+
+ return 0;
+}
+*/
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/gcm.c
----------------------------------------------------------------------
diff --git a/version22/c/gcm.c b/version22/c/gcm.c
new file mode 100644
index 0000000..3bd9b8d
--- /dev/null
+++ b/version22/c/gcm.c
@@ -0,0 +1,411 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/*
+ * Implementation of the AES-GCM Encryption/Authentication
+ *
+ * Some restrictions..
+ * 1. Only for use with AES
+ * 2. Returned tag is always 128-bits. Truncate at your own risk.
+ * 3. The order of function calls must follow some rules
+ *
+ * Typical sequence of calls..
+ * 1. call GCM_init
+ * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
+ * 3. call GCM_add_header one last time with any length of header
+ * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
+ * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
+ * 6. call GCM_finish to extract the tag.
+ *
+ * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
+ */
+/* SU=m, m is Stack Usage */
+
+#include <stdlib.h>
+#include <string.h>
+#include "arch.h"
+#include "amcl.h"
+
+#define NB 4
+#define MR_TOBYTE(x) ((uchar)((x)))
+
+static unsign32 pack(const uchar *b)
+{
+ /* pack bytes into a 32-bit Word */
+ return ((unsign32)b[0]<<24)|((unsign32)b[1]<<16)|((unsign32)b[2]<<8)|(unsign32)b[3];
+}
+
+static void unpack(unsign32 a,uchar *b)
+{
+ /* unpack bytes from a word */
+ b[3]=MR_TOBYTE(a);
+ b[2]=MR_TOBYTE(a>>8);
+ b[1]=MR_TOBYTE(a>>16);
+ b[0]=MR_TOBYTE(a>>24);
+}
+
+static void precompute(gcm *g,uchar *H)
+{
+ /* precompute small 2k bytes gf2m table of x^n.H */
+ int i,j;
+ unsign32 *last,*next,b;
+
+ for (i=j=0; i<NB; i++,j+=4) g->table[0][i]=pack((uchar *)&H[j]);
+
+ for (i=1; i<128; i++)
+ {
+ next=g->table[i];
+ last=g->table[i-1];
+ b=0;
+ for (j=0; j<NB; j++)
+ {
+ next[j]=b|(last[j])>>1;
+ b=last[j]<<31;
+ }
+ if (b) next[0]^=0xE1000000; /* irreducible polynomial */
+ }
+}
+
+/* SU= 32 */
+static void gf2mul(gcm *g)
+{
+ /* gf2m mul - Z=H*X mod 2^128 */
+ int i,j,m,k;
+ unsign32 P[4];
+ unsign32 b;
+
+ P[0]=P[1]=P[2]=P[3]=0;
+ j=8;
+ m=0;
+ for (i=0; i<128; i++)
+ {
+ b=(unsign32)(g->stateX[m]>>(--j))&1;
+ b=~b+1;
+ for (k=0; k<NB; k++) P[k]^=(g->table[i][k]&b);
+ if (j==0)
+ {
+ j=8;
+ m++;
+ if (m==16) break;
+ }
+ }
+ for (i=j=0; i<NB; i++,j+=4) unpack(P[i],(uchar *)&g->stateX[j]);
+}
+
+/* SU= 32 */
+static void GCM_wrap(gcm *g)
+{
+ /* Finish off GHASH */
+ int i,j;
+ unsign32 F[4];
+ uchar L[16];
+
+ /* convert lengths from bytes to bits */
+ F[0]=(g->lenA[0]<<3)|(g->lenA[1]&0xE0000000)>>29;
+ F[1]=g->lenA[1]<<3;
+ F[2]=(g->lenC[0]<<3)|(g->lenC[1]&0xE0000000)>>29;
+ F[3]=g->lenC[1]<<3;
+ for (i=j=0; i<NB; i++,j+=4) unpack(F[i],(uchar *)&L[j]);
+
+ for (i=0; i<16; i++) g->stateX[i]^=L[i];
+ gf2mul(g);
+}
+
+static int GCM_ghash(gcm *g,char *plain,int len)
+{
+ int i,j=0;
+ if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
+ if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
+
+ while (j<len)
+ {
+ for (i=0; i<16 && j<len; i++)
+ {
+ g->stateX[i]^=plain[j++];
+ g->lenC[1]++;
+ if (g->lenC[1]==0) g->lenC[0]++;
+ }
+ gf2mul(g);
+ }
+ if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
+ return 1;
+}
+
+/* SU= 48 */
+/* Initialize GCM mode */
+void GCM_init(gcm* g,int nk,char *key,int niv,char *iv)
+{
+ /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
+ int i;
+ uchar H[16];
+ for (i=0; i<16; i++)
+ {
+ H[i]=0;
+ g->stateX[i]=0;
+ }
+
+ AES_init(&(g->a),ECB,nk,key,iv);
+ AES_ecb_encrypt(&(g->a),H); /* E(K,0) */
+ precompute(g,H);
+
+ g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
+ if (niv==12)
+ {
+ for (i=0; i<12; i++) g->a.f[i]=iv[i];
+ unpack((unsign32)1,(uchar *)&(g->a.f[12])); /* initialise IV */
+ for (i=0; i<16; i++) g->Y_0[i]=g->a.f[i];
+ }
+ else
+ {
+ g->status=GCM_ACCEPTING_CIPHER;
+ GCM_ghash(g,iv,niv); /* GHASH(H,0,IV) */
+ GCM_wrap(g);
+ for (i=0; i<16; i++)
+ {
+ g->a.f[i]=g->stateX[i];
+ g->Y_0[i]=g->a.f[i];
+ g->stateX[i]=0;
+ }
+ g->lenA[0]=g->lenC[0]=g->lenA[1]=g->lenC[1]=0;
+ }
+ g->status=GCM_ACCEPTING_HEADER;
+}
+
+/* SU= 24 */
+/* Add Header data - included but not encrypted */
+int GCM_add_header(gcm* g,char *header,int len)
+{
+ /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
+ int i,j=0;
+ if (g->status!=GCM_ACCEPTING_HEADER) return 0;
+
+ while (j<len)
+ {
+ for (i=0; i<16 && j<len; i++)
+ {
+ g->stateX[i]^=header[j++];
+ g->lenA[1]++;
+ if (g->lenA[1]==0) g->lenA[0]++;
+ }
+ gf2mul(g);
+ }
+ if (len%16!=0) g->status=GCM_ACCEPTING_CIPHER;
+ return 1;
+}
+
+/* SU= 48 */
+/* Add Plaintext - included and encrypted */
+int GCM_add_plain(gcm *g,char *cipher,char *plain,int len)
+{
+ /* Add plaintext to extract ciphertext, len is length of plaintext. */
+ int i,j=0;
+ unsign32 counter;
+ uchar B[16];
+ if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
+ if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
+
+ while (j<len)
+ {
+ counter=pack((uchar *)&(g->a.f[12]));
+ counter++;
+ unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
+ for (i=0; i<16; i++) B[i]=g->a.f[i];
+ AES_ecb_encrypt(&(g->a),B); /* encrypt it */
+
+ for (i=0; i<16 && j<len; i++)
+ {
+ cipher[j]=plain[j]^B[i];
+ g->stateX[i]^=cipher[j++];
+ g->lenC[1]++;
+ if (g->lenC[1]==0) g->lenC[0]++;
+ }
+ gf2mul(g);
+ }
+ if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
+ return 1;
+}
+
+/* SU= 48 */
+/* Add Ciphertext - decrypts to plaintext */
+int GCM_add_cipher(gcm *g,char *plain,char *cipher,int len)
+{
+ /* Add ciphertext to extract plaintext, len is length of ciphertext. */
+ int i,j=0;
+ unsign32 counter;
+ char oc;
+ uchar B[16];
+ if (g->status==GCM_ACCEPTING_HEADER) g->status=GCM_ACCEPTING_CIPHER;
+ if (g->status!=GCM_ACCEPTING_CIPHER) return 0;
+
+ while (j<len)
+ {
+ counter=pack((uchar *)&(g->a.f[12]));
+ counter++;
+ unpack(counter,(uchar *)&(g->a.f[12])); /* increment counter */
+ for (i=0; i<16; i++) B[i]=g->a.f[i];
+ AES_ecb_encrypt(&(g->a),B); /* encrypt it */
+ for (i=0; i<16 && j<len; i++)
+ {
+ oc=cipher[j];
+ plain[j]=cipher[j]^B[i];
+ g->stateX[i]^=oc;
+ j++;
+ g->lenC[1]++;
+ if (g->lenC[1]==0) g->lenC[0]++;
+ }
+ gf2mul(g);
+ }
+ if (len%16!=0) g->status=GCM_NOT_ACCEPTING_MORE;
+ return 1;
+}
+
+/* SU= 16 */
+/* Finish and extract Tag */
+void GCM_finish(gcm *g,char *tag)
+{
+ /* Finish off GHASH and extract tag (MAC) */
+ int i;
+
+ GCM_wrap(g);
+
+ /* extract tag */
+ if (tag!=NULL)
+ {
+ AES_ecb_encrypt(&(g->a),g->Y_0); /* E(K,Y0) */
+ for (i=0; i<16; i++) g->Y_0[i]^=g->stateX[i];
+ for (i=0; i<16; i++)
+ {
+ tag[i]=g->Y_0[i];
+ g->Y_0[i]=g->stateX[i]=0;
+ }
+ }
+ g->status=GCM_FINISHED;
+ AES_end(&(g->a));
+}
+
+
+// Compile with
+// gcc -O2 gcm.c aes.c -o gcm.exe
+/* SU= 16
+*/
+
+/* static void hex2bytes(char *hex,char *bin) */
+/* { */
+/* int i; */
+/* char v; */
+/* int len=strlen(hex); */
+/* for (i = 0; i < len/2; i++) { */
+/* char c = hex[2*i]; */
+/* if (c >= '0' && c <= '9') { */
+/* v = c - '0'; */
+/* } else if (c >= 'A' && c <= 'F') { */
+/* v = c - 'A' + 10; */
+/* } else if (c >= 'a' && c <= 'f') { */
+/* v = c - 'a' + 10; */
+/* } else { */
+/* v = 0; */
+/* } */
+/* v <<= 4; */
+/* c = hex[2*i + 1]; */
+/* if (c >= '0' && c <= '9') { */
+/* v += c - '0'; */
+/* } else if (c >= 'A' && c <= 'F') { */
+/* v += c - 'A' + 10; */
+/* } else if (c >= 'a' && c <= 'f') { */
+/* v += c - 'a' + 10; */
+/* } else { */
+/* v = 0; */
+/* } */
+/* bin[i] = v; */
+/* } */
+/* } */
+
+/*
+int main()
+{
+ int i;
+
+// char* KT="feffe9928665731c6d6a8f9467308308";
+// char* MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
+// char* HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
+// char* NT="cafebabefacedbaddecaf888";
+// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
+// char* NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
+// Tag should be 619cc5aefffe0bfa462af43c1699d050
+
+ char* KT="6dfb5dc68af6ae2f3242e9184f100918";
+ char* MT="47809d16c2c6ec685962c90e53fe1bba";
+ char* HT="dd0fa6e494031139d71ee45f00d56fa4";
+ char* NT="37d36f5c54d53479d4745dd1";
+
+
+ int len=strlen(MT)/2;
+ int lenH=strlen(HT)/2;
+ int lenK=strlen(KT)/2;
+ int lenIV=strlen(NT)/2;
+
+ char T[16]; // Tag
+ char K[16]; // AES Key
+ char H[64]; // Header - to be included in Authentication, but not encrypted
+ char N[100]; // IV - Initialisation vector
+ char M[100]; // Plaintext to be encrypted/authenticated
+ char C[100]; // Ciphertext
+ char P[100]; // Recovered Plaintext
+
+ gcm g;
+
+ hex2bytes(MT, M);
+ hex2bytes(HT, H);
+ hex2bytes(NT, N);
+ hex2bytes(KT, K);
+
+ printf("lenK= %d\n",lenK);
+
+ printf("Plaintext=\n");
+ for (i=0;i<len;i++) printf("%02x",(unsigned char)M[i]);
+ printf("\n");
+
+ GCM_init(&g,16,K,lenIV,N);
+ GCM_add_header(&g,H,lenH);
+ GCM_add_plain(&g,C,M,len);
+ GCM_finish(&g,T);
+
+ printf("Ciphertext=\n");
+ for (i=0;i<len;i++) printf("%02x",(unsigned char)C[i]);
+ printf("\n");
+
+ printf("Tag=\n");
+ for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
+ printf("\n");
+
+ GCM_init(&g,16,K,lenIV,N);
+ GCM_add_header(&g,H,lenH);
+ GCM_add_cipher(&g,P,C,len);
+ GCM_finish(&g,T);
+
+ printf("Plaintext=\n");
+ for (i=0;i<len;i++) printf("%02x",(unsigned char)P[i]);
+ printf("\n");
+
+ printf("Tag=\n");
+ for (i=0;i<16;i++) printf("%02x",(unsigned char)T[i]);
+ printf("\n");
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/hash.c
----------------------------------------------------------------------
diff --git a/version22/c/hash.c b/version22/c/hash.c
new file mode 100644
index 0000000..6e6192d
--- /dev/null
+++ b/version22/c/hash.c
@@ -0,0 +1,422 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/*
+ * Implementation of the Secure Hashing Algorithm (SHA-256/384/512)
+ *
+ * Generates a 256/384/512 bit message digest. It should be impossible to come
+ * come up with two messages that hash to the same value ("collision free").
+ *
+ * For use with byte-oriented messages only. Could/Should be speeded
+ * up by unwinding loops in HASH_transform(), and assembly patches.
+ */
+
+#include "arch.h"
+#include "amcl.h"
+
+
+#define H0_256 0x6A09E667L
+#define H1_256 0xBB67AE85L
+#define H2_256 0x3C6EF372L
+#define H3_256 0xA54FF53AL
+#define H4_256 0x510E527FL
+#define H5_256 0x9B05688CL
+#define H6_256 0x1F83D9ABL
+#define H7_256 0x5BE0CD19L
+
+static const unsign32 K_256[64]=
+{
+ 0x428a2f98L,0x71374491L,0xb5c0fbcfL,0xe9b5dba5L,0x3956c25bL,0x59f111f1L,0x923f82a4L,0xab1c5ed5L,
+ 0xd807aa98L,0x12835b01L,0x243185beL,0x550c7dc3L,0x72be5d74L,0x80deb1feL,0x9bdc06a7L,0xc19bf174L,
+ 0xe49b69c1L,0xefbe4786L,0x0fc19dc6L,0x240ca1ccL,0x2de92c6fL,0x4a7484aaL,0x5cb0a9dcL,0x76f988daL,
+ 0x983e5152L,0xa831c66dL,0xb00327c8L,0xbf597fc7L,0xc6e00bf3L,0xd5a79147L,0x06ca6351L,0x14292967L,
+ 0x27b70a85L,0x2e1b2138L,0x4d2c6dfcL,0x53380d13L,0x650a7354L,0x766a0abbL,0x81c2c92eL,0x92722c85L,
+ 0xa2bfe8a1L,0xa81a664bL,0xc24b8b70L,0xc76c51a3L,0xd192e819L,0xd6990624L,0xf40e3585L,0x106aa070L,
+ 0x19a4c116L,0x1e376c08L,0x2748774cL,0x34b0bcb5L,0x391c0cb3L,0x4ed8aa4aL,0x5b9cca4fL,0x682e6ff3L,
+ 0x748f82eeL,0x78a5636fL,0x84c87814L,0x8cc70208L,0x90befffaL,0xa4506cebL,0xbef9a3f7L,0xc67178f2L
+};
+
+#define PAD 0x80
+#define ZERO 0
+
+/* functions */
+
+#define S(m,n,x) (((x)>>n) | ((x)<<(m-n)))
+#define R(n,x) ((x)>>n)
+
+#define Ch(x,y,z) ((x&y)^(~(x)&z))
+#define Maj(x,y,z) ((x&y)^(x&z)^(y&z))
+#define Sig0_256(x) (S(32,2,x)^S(32,13,x)^S(32,22,x))
+#define Sig1_256(x) (S(32,6,x)^S(32,11,x)^S(32,25,x))
+#define theta0_256(x) (S(32,7,x)^S(32,18,x)^R(3,x))
+#define theta1_256(x) (S(32,17,x)^S(32,19,x)^R(10,x))
+
+#define Sig0_512(x) (S(64,28,x)^S(64,34,x)^S(64,39,x))
+#define Sig1_512(x) (S(64,14,x)^S(64,18,x)^S(64,41,x))
+#define theta0_512(x) (S(64,1,x)^S(64,8,x)^R(7,x))
+#define theta1_512(x) (S(64,19,x)^S(64,61,x)^R(6,x))
+
+
+/* SU= 72 */
+static void HASH256_transform(hash256 *sh)
+{
+ /* basic transformation step */
+ unsign32 a,b,c,d,e,f,g,h,t1,t2;
+ int j;
+ for (j=16; j<64; j++)
+ sh->w[j]=theta1_256(sh->w[j-2])+sh->w[j-7]+theta0_256(sh->w[j-15])+sh->w[j-16];
+
+ a=sh->h[0];
+ b=sh->h[1];
+ c=sh->h[2];
+ d=sh->h[3];
+ e=sh->h[4];
+ f=sh->h[5];
+ g=sh->h[6];
+ h=sh->h[7];
+
+ for (j=0; j<64; j++)
+ {
+ /* 64 times - mush it up */
+ t1=h+Sig1_256(e)+Ch(e,f,g)+K_256[j]+sh->w[j];
+ t2=Sig0_256(a)+Maj(a,b,c);
+ h=g;
+ g=f;
+ f=e;
+ e=d+t1;
+ d=c;
+ c=b;
+ b=a;
+ a=t1+t2;
+ }
+
+ sh->h[0]+=a;
+ sh->h[1]+=b;
+ sh->h[2]+=c;
+ sh->h[3]+=d;
+ sh->h[4]+=e;
+ sh->h[5]+=f;
+ sh->h[6]+=g;
+ sh->h[7]+=h;
+}
+
+/* Initialise Hash function */
+void HASH256_init(hash256 *sh)
+{
+ /* re-initialise */
+ int i;
+ for (i=0; i<64; i++) sh->w[i]=0L;
+ sh->length[0]=sh->length[1]=0L;
+ sh->h[0]=H0_256;
+ sh->h[1]=H1_256;
+ sh->h[2]=H2_256;
+ sh->h[3]=H3_256;
+ sh->h[4]=H4_256;
+ sh->h[5]=H5_256;
+ sh->h[6]=H6_256;
+ sh->h[7]=H7_256;
+
+ sh->hlen=32;
+}
+
+/* process a single byte */
+void HASH256_process(hash256 *sh,int byte)
+{
+ /* process the next message byte */
+ int cnt;
+//printf("byt= %x\n",byte);
+ cnt=(int)((sh->length[0]/32)%16);
+
+ sh->w[cnt]<<=8;
+ sh->w[cnt]|=(unsign32)(byte&0xFF);
+
+ sh->length[0]+=8;
+ if (sh->length[0]==0L)
+ {
+ sh->length[1]++;
+ sh->length[0]=0L;
+ }
+ if ((sh->length[0]%512)==0) HASH256_transform(sh);
+}
+
+/* SU= 24 */
+/* Generate 32-byte Hash */
+void HASH256_hash(hash256 *sh,char *digest)
+{
+ /* pad message and finish - supply digest */
+ int i;
+ unsign32 len0,len1;
+ len0=sh->length[0];
+ len1=sh->length[1];
+ HASH256_process(sh,PAD);
+ while ((sh->length[0]%512)!=448) HASH256_process(sh,ZERO);
+ sh->w[14]=len1;
+ sh->w[15]=len0;
+ HASH256_transform(sh);
+ for (i=0; i<sh->hlen; i++)
+ {
+ /* convert to bytes */
+ digest[i]=(char)((sh->h[i/4]>>(8*(3-i%4))) & 0xffL);
+ }
+ HASH256_init(sh);
+}
+
+
+#define H0_512 0x6a09e667f3bcc908
+#define H1_512 0xbb67ae8584caa73b
+#define H2_512 0x3c6ef372fe94f82b
+#define H3_512 0xa54ff53a5f1d36f1
+#define H4_512 0x510e527fade682d1
+#define H5_512 0x9b05688c2b3e6c1f
+#define H6_512 0x1f83d9abfb41bd6b
+#define H7_512 0x5be0cd19137e2179
+
+#define H8_512 0xcbbb9d5dc1059ed8
+#define H9_512 0x629a292a367cd507
+#define HA_512 0x9159015a3070dd17
+#define HB_512 0x152fecd8f70e5939
+#define HC_512 0x67332667ffc00b31
+#define HD_512 0x8eb44a8768581511
+#define HE_512 0xdb0c2e0d64f98fa7
+#define HF_512 0x47b5481dbefa4fa4
+
+/* */
+
+static const unsign64 K_512[80]=
+{
+ 0x428a2f98d728ae22 ,0x7137449123ef65cd ,0xb5c0fbcfec4d3b2f ,0xe9b5dba58189dbbc ,
+ 0x3956c25bf348b538 ,0x59f111f1b605d019 ,0x923f82a4af194f9b ,0xab1c5ed5da6d8118 ,
+ 0xd807aa98a3030242 ,0x12835b0145706fbe ,0x243185be4ee4b28c ,0x550c7dc3d5ffb4e2 ,
+ 0x72be5d74f27b896f ,0x80deb1fe3b1696b1 ,0x9bdc06a725c71235 ,0xc19bf174cf692694 ,
+ 0xe49b69c19ef14ad2 ,0xefbe4786384f25e3 ,0x0fc19dc68b8cd5b5 ,0x240ca1cc77ac9c65 ,
+ 0x2de92c6f592b0275 ,0x4a7484aa6ea6e483 ,0x5cb0a9dcbd41fbd4 ,0x76f988da831153b5 ,
+ 0x983e5152ee66dfab ,0xa831c66d2db43210 ,0xb00327c898fb213f ,0xbf597fc7beef0ee4 ,
+ 0xc6e00bf33da88fc2 ,0xd5a79147930aa725 ,0x06ca6351e003826f ,0x142929670a0e6e70 ,
+ 0x27b70a8546d22ffc ,0x2e1b21385c26c926 ,0x4d2c6dfc5ac42aed ,0x53380d139d95b3df ,
+ 0x650a73548baf63de ,0x766a0abb3c77b2a8 ,0x81c2c92e47edaee6 ,0x92722c851482353b ,
+ 0xa2bfe8a14cf10364 ,0xa81a664bbc423001 ,0xc24b8b70d0f89791 ,0xc76c51a30654be30 ,
+ 0xd192e819d6ef5218 ,0xd69906245565a910 ,0xf40e35855771202a ,0x106aa07032bbd1b8 ,
+ 0x19a4c116b8d2d0c8 ,0x1e376c085141ab53 ,0x2748774cdf8eeb99 ,0x34b0bcb5e19b48a8 ,
+ 0x391c0cb3c5c95a63 ,0x4ed8aa4ae3418acb ,0x5b9cca4f7763e373 ,0x682e6ff3d6b2b8a3 ,
+ 0x748f82ee5defb2fc ,0x78a5636f43172f60 ,0x84c87814a1f0ab72 ,0x8cc702081a6439ec ,
+ 0x90befffa23631e28 ,0xa4506cebde82bde9 ,0xbef9a3f7b2c67915 ,0xc67178f2e372532b ,
+ 0xca273eceea26619c ,0xd186b8c721c0c207 ,0xeada7dd6cde0eb1e ,0xf57d4f7fee6ed178 ,
+ 0x06f067aa72176fba ,0x0a637dc5a2c898a6 ,0x113f9804bef90dae ,0x1b710b35131c471b ,
+ 0x28db77f523047d84 ,0x32caab7b40c72493 ,0x3c9ebe0a15c9bebc ,0x431d67c49c100d4c ,
+ 0x4cc5d4becb3e42b6 ,0x597f299cfc657e2a ,0x5fcb6fab3ad6faec ,0x6c44198c4a475817
+};
+
+
+static void HASH512_transform(hash512 *sh)
+{
+ /* basic transformation step */
+ unsign64 a,b,c,d,e,f,g,h,t1,t2;
+ int j;
+ for (j=16; j<80; j++)
+ sh->w[j]=theta1_512(sh->w[j-2])+sh->w[j-7]+theta0_512(sh->w[j-15])+sh->w[j-16];
+
+ a=sh->h[0];
+ b=sh->h[1];
+ c=sh->h[2];
+ d=sh->h[3];
+ e=sh->h[4];
+ f=sh->h[5];
+ g=sh->h[6];
+ h=sh->h[7];
+
+ for (j=0; j<80; j++)
+ {
+ /* 80 times - mush it up */
+ t1=h+Sig1_512(e)+Ch(e,f,g)+K_512[j]+sh->w[j];
+ t2=Sig0_512(a)+Maj(a,b,c);
+ h=g;
+ g=f;
+ f=e;
+ e=d+t1;
+ d=c;
+ c=b;
+ b=a;
+ a=t1+t2;
+ }
+ sh->h[0]+=a;
+ sh->h[1]+=b;
+ sh->h[2]+=c;
+ sh->h[3]+=d;
+ sh->h[4]+=e;
+ sh->h[5]+=f;
+ sh->h[6]+=g;
+ sh->h[7]+=h;
+}
+
+void HASH384_init(hash384 *sh)
+{
+ /* re-initialise */
+ int i;
+ for (i=0; i<80; i++) sh->w[i]=0;
+ sh->length[0]=sh->length[1]=0;
+ sh->h[0]=H8_512;
+ sh->h[1]=H9_512;
+ sh->h[2]=HA_512;
+ sh->h[3]=HB_512;
+ sh->h[4]=HC_512;
+ sh->h[5]=HD_512;
+ sh->h[6]=HE_512;
+ sh->h[7]=HF_512;
+
+ sh->hlen=48;
+
+}
+
+void HASH384_process(hash384 *sh,int byte)
+{
+ /* process the next message byte */
+ HASH512_process(sh,byte);
+}
+
+void HASH384_hash(hash384 *sh,char *hash)
+{
+ /* pad message and finish - supply digest */
+ HASH512_hash(sh,hash);
+}
+
+void HASH512_init(hash512 *sh)
+{
+ /* re-initialise */
+ int i;
+
+ for (i=0; i<80; i++) sh->w[i]=0;
+ sh->length[0]=sh->length[1]=0;
+ sh->h[0]=H0_512;
+ sh->h[1]=H1_512;
+ sh->h[2]=H2_512;
+ sh->h[3]=H3_512;
+ sh->h[4]=H4_512;
+ sh->h[5]=H5_512;
+ sh->h[6]=H6_512;
+ sh->h[7]=H7_512;
+
+ sh->hlen=64;
+}
+
+void HASH512_process(hash512 *sh,int byte)
+{
+ /* process the next message byte */
+ int cnt;
+
+ cnt=(int)((sh->length[0]/64)%16);
+
+ sh->w[cnt]<<=8;
+ sh->w[cnt]|=(unsign64)(byte&0xFF);
+
+ sh->length[0]+=8;
+ if (sh->length[0]==0L)
+ {
+ sh->length[1]++;
+ sh->length[0]=0L;
+ }
+ if ((sh->length[0]%1024)==0) HASH512_transform(sh);
+}
+
+void HASH512_hash(hash512 *sh,char *hash)
+{
+ /* pad message and finish - supply digest */
+ int i;
+ unsign64 len0,len1;
+ len0=sh->length[0];
+ len1=sh->length[1];
+ HASH512_process(sh,PAD);
+ while ((sh->length[0]%1024)!=896) HASH512_process(sh,ZERO);
+ sh->w[14]=len1;
+ sh->w[15]=len0;
+ HASH512_transform(sh);
+ for (i=0; i<sh->hlen; i++)
+ {
+ /* convert to bytes */
+ hash[i]=(char)((sh->h[i/8]>>(8*(7-i%8))) & 0xffL);
+ }
+ HASH512_init(sh);
+}
+
+
+/* test program: should produce digest
+
+160 bit
+
+84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1
+
+256 bit
+
+248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
+
+512 bit
+
+8e959b75dae313da 8cf4f72814fc143f 8f7779c6eb9f7fa1 7299aeadb6889018
+501d289e4900f7e4 331b99dec4b5433a c7d329eeb6dd2654 5e96e55b874be909
+
+384 bit
+
+09330c33f71147e8 3d192fc782cd1b47 53111b173b3b05d2 2fa08086e3b0f712
+fcc7c71a557e2db9 66c3e9fa91746039
+*/
+/*
+#include <stdio.h>
+#include "aracrypt.h"
+
+char test160[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+char test256[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+char test512[]="abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
+
+int main()
+{
+ char digest[64];
+ int i;
+ hash160 sh160;
+ hash256 sh256;
+ hash384 sh384;
+ hash512 sh512;
+
+ HASH160_init(&sh160);
+ for (i=0;test256[i]!=0;i++) HASH160_process(&sh160,test160[i]);
+ HASH160_hash(&sh160,digest);
+ for (i=0;i<20;i++) printf("%02x",(unsigned char)digest[i]);
+ printf("\n");
+
+ HASH256_init(&sh256);
+ for (i=0;test256[i]!=0;i++) HASH256_process(&sh256,test256[i]);
+ HASH256_hash(&sh256,digest);
+ for (i=0;i<32;i++) printf("%02x",(unsigned char)digest[i]);
+ printf("\n");
+
+ HASH384_init(&sh384);
+ for (i=0;test512[i]!=0;i++) HASH384_process(&sh384,test512[i]);
+ HASH384_hash(&sh384,digest);
+ for (i=0;i<48;i++) printf("%02x",(unsigned char)digest[i]);
+ printf("\n");
+
+ HASH512_init(&sh512);
+ for (i=0;test512[i]!=0;i++) HASH512_process(&sh512,test512[i]);
+ HASH512_hash(&sh512,digest);
+ for (i=0;i<64;i++) printf("%02x",(unsigned char)digest[i]);
+ printf("\n");
+
+
+ return 0;
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/maxstack.c
----------------------------------------------------------------------
diff --git a/version22/c/maxstack.c b/version22/c/maxstack.c
new file mode 100644
index 0000000..77b2062
--- /dev/null
+++ b/version22/c/maxstack.c
@@ -0,0 +1,62 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/*
+ How to determine maximum stack usage
+ 1. Compile this file *with no optimization*, for example gcc -c maxstack.c
+ 2. Rename your main() function to mymain()
+ 3. Compile with normal level of optimization, linking to maxstack.o for example gcc maxstack.o -O3 myprogram.c -o myprogam
+ 4. Execute myprogram
+ 5. Program runs, at end prints out maximum stack usage
+
+ Caveat Code!
+ Mike Scott October 2014
+*/
+
+#include <stdio.h>
+
+#define MAXSTACK 65536 /* greater than likely stack requirement */
+
+extern void mymain();
+
+void start()
+{
+ char stack[MAXSTACK];
+ int i;
+ for (i=0; i<MAXSTACK; i++) stack[i]=0x55;
+}
+
+void finish()
+{
+ char stack[MAXSTACK];
+ int i;
+ for (i=0; i<MAXSTACK; i++)
+ if (stack[i]!=0x55) break;
+ printf("Max Stack usage = %d\n",MAXSTACK-i);
+}
+
+int main()
+{
+ start();
+
+ mymain();
+
+ finish();
+ return 0;
+}
[04/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/mpin.c
----------------------------------------------------------------------
diff --git a/version22/c/mpin.c b/version22/c/mpin.c
new file mode 100644
index 0000000..5086ad5
--- /dev/null
+++ b/version22/c/mpin.c
@@ -0,0 +1,1212 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* MPIN Functions */
+
+/* Version 3.0 - supports Time Permits */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "mpin.h"
+
+#define ROUNDUP(a,b) ((a)-1)/(b)+1
+
+/* Special mpin hashing */
+static void mpin_hash(int sha,FP4 *f, ECP *P,octet *w)
+{
+ int i;
+ BIG x,y;
+ char h[64];
+ hash256 sha256;
+ hash512 sha512;
+ char t[6*MODBYTES]; // to hold 6 BIGs
+ int hlen=sha;
+ BIG_copy(x,f->a.a);
+ FP_redc(x);
+ BIG_toBytes(&t[0],x);
+ BIG_copy(x,f->a.b);
+ FP_redc(x);
+ BIG_toBytes(&t[MODBYTES],x);
+ BIG_copy(x,f->b.a);
+ FP_redc(x);
+ BIG_toBytes(&t[2*MODBYTES],x);
+ BIG_copy(x,f->b.b);
+ FP_redc(x);
+ BIG_toBytes(&t[3*MODBYTES],x);
+ ECP_get(x,y,P);
+ BIG_toBytes(&t[4*MODBYTES],x);
+ BIG_toBytes(&t[5*MODBYTES],y);
+
+ OCT_empty(w);
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_init(&sha256);
+ for (i=0; i<6*MODBYTES; i++) HASH256_process(&sha256,t[i]);
+ HASH256_hash(&sha256,h);
+ break;
+ case SHA384:
+ HASH384_init(&sha512);
+ for (i=0; i<6*MODBYTES; i++) HASH384_process(&sha512,t[i]);
+ HASH384_hash(&sha512,h);
+ break;
+ case SHA512:
+ HASH512_init(&sha512);
+ for (i=0; i<6*MODBYTES; i++) HASH512_process(&sha512,t[i]);
+ HASH512_hash(&sha512,h);
+ break;
+ }
+
+ OCT_jbytes(w,h,PAS);
+ for (i=0; i<hlen; i++) h[i]=0;
+}
+
+/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
+/* maps a random u to a point on the curve */
+static void map(ECP *P,BIG u,int cb)
+{
+ BIG x,q;
+
+ BIG_rcopy(q,Modulus);
+ BIG_copy(x,u);
+ BIG_mod(x,q);
+
+ while (!ECP_setx(P,x,cb))
+ BIG_inc(x,1);
+}
+
+/* returns u derived from P. Random value in range 1 to return value should then be added to u */
+static int unmap(BIG u,int *cb,ECP *P)
+{
+ int s,r=0;
+ BIG x;
+
+ s=ECP_get(x,x,P);
+ BIG_copy(u,x);
+ do
+ {
+ BIG_dec(u,1);
+ r++;
+ }
+ while (!ECP_setx(P,u,s));
+ ECP_setx(P,x,s);
+
+ *cb=s;
+
+ return r;
+}
+
+/* map octet string containing hash to point on curve of correct order */
+static void mapit(octet *h,ECP *P)
+{
+ BIG q,x,c;
+ BIG_fromBytes(x,h->val);
+ BIG_rcopy(q,Modulus);
+ BIG_mod(x,q);
+
+ while (!ECP_setx(P,x,0))
+ BIG_inc(x,1);
+
+ BIG_rcopy(c,CURVE_Cof);
+ ECP_mul(P,c);
+}
+
+/* needed for SOK */
+/* static void mapit2(octet *h,ECP2 *Q) */
+/* { */
+/* BIG q,one,Fx,Fy,x,hv; */
+/* FP2 X; */
+/* ECP2 T,K; */
+/* BIG_fromBytes(hv,h->val); */
+/* BIG_rcopy(q,Modulus); */
+/* BIG_one(one); */
+/* BIG_mod(hv,q); */
+
+/* for (;;) */
+/* { */
+/* FP2_from_BIGs(&X,one,hv); */
+/* if (ECP2_setx(Q,&X)) break; */
+/* BIG_inc(hv,1); */
+/* } */
+
+/* /\* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez *\/ */
+/* BIG_rcopy(Fx,CURVE_Fra); */
+/* BIG_rcopy(Fy,CURVE_Frb); */
+/* FP2_from_BIGs(&X,Fx,Fy); */
+/* BIG_rcopy(x,CURVE_Bnx); */
+
+/* ECP2_copy(&T,Q); */
+/* ECP2_mul(&T,x); */
+/* ECP2_neg(&T); /\* our x is negative *\/ */
+/* ECP2_copy(&K,&T); */
+/* ECP2_dbl(&K); */
+/* ECP2_add(&K,&T); */
+/* ECP2_affine(&K); */
+
+/* ECP2_frob(&K,&X); */
+/* ECP2_frob(Q,&X); ECP2_frob(Q,&X); ECP2_frob(Q,&X); */
+/* ECP2_add(Q,&T); */
+/* ECP2_add(Q,&K); */
+/* ECP2_frob(&T,&X); ECP2_frob(&T,&X); */
+/* ECP2_add(Q,&T); */
+/* ECP2_affine(Q); */
+/* } */
+
+
+
+/* general purpose hash function w=hash(p|n|x|y) */
+static void hashit(int sha,int n,octet *x,octet *w)
+{
+ int i,c[4],hlen;
+ hash256 sha256;
+ hash512 sha512;
+ char hh[64];
+
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_init(&sha256);
+ break;
+ case SHA384:
+ HASH384_init(&sha512);
+ break;
+ case SHA512:
+ HASH512_init(&sha512);
+ break;
+ }
+
+ hlen=sha;
+
+ if (n>0)
+ {
+ c[0]=(n>>24)&0xff;
+ c[1]=(n>>16)&0xff;
+ c[2]=(n>>8)&0xff;
+ c[3]=(n)&0xff;
+ for (i=0; i<4; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,c[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,c[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,c[i]);
+ break;
+ }
+ }
+ }
+ if (x!=NULL) for (i=0; i<x->len; i++)
+ {
+ switch(sha)
+ {
+ case SHA256:
+ HASH256_process(&sha256,x->val[i]);
+ break;
+ case SHA384:
+ HASH384_process(&sha512,x->val[i]);
+ break;
+ case SHA512:
+ HASH512_process(&sha512,x->val[i]);
+ break;
+ }
+ }
+
+ for (i=0; i<hlen; i++) hh[i]=0;
+ switch (sha)
+ {
+ case SHA256:
+ HASH256_hash(&sha256,hh);
+ break;
+ case SHA384:
+ HASH384_hash(&sha512,hh);
+ break;
+ case SHA512:
+ HASH512_hash(&sha512,hh);
+ break;
+ }
+
+ OCT_empty(w);
+
+ if (hlen>=MODBYTES)
+ OCT_jbytes(w,hh,MODBYTES);
+ else
+ {
+ OCT_jbytes(w,hh,hlen);
+ OCT_jbyte(w,0,MODBYTES-hlen);
+ }
+}
+
+unsign32 MPIN_today(void)
+{
+ /* return time in slots since epoch */
+ unsign32 ti=(unsign32)time(NULL);
+ return (uint32_t)(ti/(60*TIME_SLOT_MINUTES));
+}
+
+/* Hash the M-Pin transcript - new */
+
+void MPIN_HASH_ALL(int sha,octet *HID,octet *xID,octet *xCID,octet *SEC,octet *Y,octet *R,octet *W,octet *H)
+{
+ char t[10*MODBYTES+4];
+ octet T= {0,sizeof(t),t};
+
+ OCT_joctet(&T,HID);
+ if (xCID!=NULL) OCT_joctet(&T,xCID);
+ else OCT_joctet(&T,xID);
+ OCT_joctet(&T,SEC);
+ OCT_joctet(&T,Y);
+ OCT_joctet(&T,R);
+ OCT_joctet(&T,W);
+
+ hashit(sha,0,&T,H);
+}
+
+void MPIN_HASH_ID(int sha,octet *ID,octet *HID)
+{
+ hashit(sha,0,ID,HID);
+}
+
+/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
+/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
+/* Note that u and v are indistinguisible from random strings */
+int MPIN_ENCODING(csprng *RNG,octet *E)
+{
+ int rn,m,su,sv,res=0;
+
+ BIG q,u,v;
+ ECP P,W;
+
+ if (!ECP_fromOctet(&P,E)) res=MPIN_INVALID_POINT;
+
+ if (res==0)
+ {
+ BIG_rcopy(q,Modulus);
+
+ BIG_randomnum(u,q,RNG);
+
+ su=RAND_byte(RNG);
+ if (su<0) su=-su;
+ su%=2;
+ map(&W,u,su);
+ ECP_sub(&P,&W);
+
+ rn=unmap(v,&sv,&P);
+ m=RAND_byte(RNG);
+ if (m<0) m=-m;
+ m%=rn;
+ BIG_inc(v,m+1);
+ E->val[0]=su+2*sv;
+ BIG_toBytes(&(E->val[1]),u);
+ BIG_toBytes(&(E->val[PFS+1]),v);
+ }
+
+ return res;
+}
+
+int MPIN_DECODING(octet *D)
+{
+ int su,sv;
+ BIG u,v;
+ ECP P,W;
+ int res=0;
+
+ if ((D->val[0]&0x04)!=0) res=MPIN_INVALID_POINT;
+ if (res==0)
+ {
+
+ BIG_fromBytes(u,&(D->val[1]));
+ BIG_fromBytes(v,&(D->val[PFS+1]));
+
+ su=D->val[0]&1;
+ sv=(D->val[0]>>1)&1;
+
+ map(&W,u,su);
+ map(&P,v,sv);
+
+ ECP_add(&P,&W);
+ ECP_toOctet(D,&P);
+ }
+ return res;
+}
+
+/* R=R1+R2 in group G1 */
+int MPIN_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
+{
+ ECP P,T;
+ int res=0;
+ if (res==0)
+ {
+ if (!ECP_fromOctet(&P,R1)) res=MPIN_INVALID_POINT;
+ if (!ECP_fromOctet(&T,R2)) res=MPIN_INVALID_POINT;
+ }
+ if (res==0)
+ {
+ ECP_add(&P,&T);
+ ECP_toOctet(R,&P);
+ }
+ return res;
+}
+
+/* W=W1+W2 in group G2 */
+int MPIN_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
+{
+ ECP2 Q,T;
+ int res=0;
+ if (!ECP2_fromOctet(&Q,W1)) res=MPIN_INVALID_POINT;
+ if (!ECP2_fromOctet(&T,W2)) res=MPIN_INVALID_POINT;
+ if (res==0)
+ {
+ ECP2_add(&Q,&T);
+ ECP2_toOctet(W,&Q);
+ }
+ return res;
+}
+
+/* create random secret S */
+int MPIN_RANDOM_GENERATE(csprng *RNG,octet* S)
+{
+ BIG r,s;
+
+ BIG_rcopy(r,CURVE_Order);
+ BIG_randomnum(s,r,RNG);
+#ifdef AES_S
+ BIG_mod2m(s,2*AES_S);
+#endif
+ BIG_toBytes(S->val,s);
+ S->len=MODBYTES;
+ return 0;
+}
+
+/* Extract PIN from TOKEN for identity CID */
+int MPIN_EXTRACT_PIN(int sha,octet *CID,int pin,octet *TOKEN)
+{
+ ECP P,R;
+ int res=0;
+ char h[MODBYTES];
+ octet H= {0,sizeof(h),h};
+
+ if (!ECP_fromOctet(&P,TOKEN)) res=MPIN_INVALID_POINT;
+ if (res==0)
+ {
+ hashit(sha,-1,CID,&H);
+ mapit(&H,&R);
+
+ pin%=MAXPIN;
+
+ ECP_pinmul(&R,pin,PBLEN);
+ ECP_sub(&P,&R);
+
+ ECP_toOctet(TOKEN,&P);
+ }
+ return res;
+}
+
+/* Implement step 2 on client side of MPin protocol - SEC=-(x+y)*SEC */
+int MPIN_CLIENT_2(octet *X,octet *Y,octet *SEC)
+{
+ BIG px,py,r;
+ ECP P;
+ int res=0;
+ BIG_rcopy(r,CURVE_Order);
+ if (!ECP_fromOctet(&P,SEC)) res=MPIN_INVALID_POINT;
+ if (res==0)
+ {
+ BIG_fromBytes(px,X->val);
+ BIG_fromBytes(py,Y->val);
+ BIG_add(px,px,py);
+ BIG_mod(px,r);
+ // BIG_sub(px,r,px);
+ PAIR_G1mul(&P,px);
+ ECP_neg(&P);
+ ECP_toOctet(SEC,&P);
+ }
+ return res;
+}
+
+/*
+ W=x*H(G);
+ if RNG == NULL then X is passed in
+ if RNG != NULL the X is passed out
+ if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
+*/
+
+int MPIN_GET_G1_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
+{
+ ECP P;
+ BIG r,x;
+ int res=0;
+ if (RNG!=NULL)
+ {
+ BIG_rcopy(r,CURVE_Order);
+ BIG_randomnum(x,r,RNG);
+#ifdef AES_S
+ BIG_mod2m(x,2*AES_S);
+#endif
+ X->len=MODBYTES;
+ BIG_toBytes(X->val,x);
+ }
+ else
+ BIG_fromBytes(x,X->val);
+
+ if (type==0)
+ {
+ if (!ECP_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
+ }
+ else mapit(G,&P);
+
+ if (res==0)
+ {
+ PAIR_G1mul(&P,x);
+ ECP_toOctet(W,&P);
+ }
+ return res;
+}
+
+/*
+ if RNG == NULL then X is passed in
+ if RNG != NULL the X is passed out
+ W=x*G where G is point on the curve
+ if type==1 W=(x^-1)G
+*/
+
+int MPIN_GET_G2_MULTIPLE(csprng *RNG,int type,octet *X,octet *G,octet *W)
+{
+ ECP2 P;
+ BIG r,x;
+ int res=0;
+ BIG_rcopy(r,CURVE_Order);
+ if (RNG!=NULL)
+ {
+ BIG_randomnum(x,r,RNG);
+#ifdef AES_S
+ BIG_mod2m(x,2*AES_S);
+#endif
+ X->len=MODBYTES;
+ BIG_toBytes(X->val,x);
+ }
+ else
+ {
+ BIG_fromBytes(x,X->val);
+ if (type==1) BIG_invmodp(x,x,r);
+ }
+
+ if (!ECP2_fromOctet(&P,G)) res=MPIN_INVALID_POINT;
+
+ if (res==0)
+ {
+ PAIR_G2mul(&P,x);
+ ECP2_toOctet(W,&P);
+ }
+ return res;
+}
+
+
+
+/* Client secret CST=s*H(CID) where CID is client ID and s is master secret */
+/* CID is hashed externally */
+int MPIN_GET_CLIENT_SECRET(octet *S,octet *CID,octet *CST)
+{
+ return MPIN_GET_G1_MULTIPLE(NULL,1,S,CID,CST);
+}
+
+/* Implement step 1 on client side of MPin protocol */
+int MPIN_CLIENT_1(int sha,int date,octet *CLIENT_ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *SEC,octet *xID,octet *xCID,octet *PERMIT)
+{
+ BIG r,x;
+ ECP P,T,W;
+ int res=0;
+ char h[MODBYTES];
+ octet H= {0,sizeof(h),h};
+
+ BIG_rcopy(r,CURVE_Order);
+ if (RNG!=NULL)
+ {
+ BIG_randomnum(x,r,RNG);
+#ifdef AES_S
+ BIG_mod2m(x,2*AES_S);
+#endif
+ X->len=MODBYTES;
+ BIG_toBytes(X->val,x);
+ }
+ else
+ BIG_fromBytes(x,X->val);
+
+ hashit(sha,-1,CLIENT_ID,&H);
+ mapit(&H,&P);
+
+ if (!ECP_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
+
+ if (res==0)
+ {
+ pin%=MAXPIN;
+
+ ECP_copy(&W,&P); // W=H(ID)
+ ECP_pinmul(&W,pin,PBLEN); // W=alpha.H(ID)
+ ECP_add(&T,&W); // T=Token+alpha.H(ID) = s.H(ID)
+
+ if (date)
+ {
+ if (PERMIT!=NULL)
+ {
+ if (!ECP_fromOctet(&W,PERMIT)) res=MPIN_INVALID_POINT;
+ ECP_add(&T,&W); // SEC=s.H(ID)+s.H(T|ID)
+ }
+ hashit(sha,date,&H,&H);
+ mapit(&H,&W);
+ if (xID!=NULL)
+ {
+ PAIR_G1mul(&P,x); // P=x.H(ID)
+ ECP_toOctet(xID,&P); // xID
+ PAIR_G1mul(&W,x); // W=x.H(T|ID)
+ ECP_add(&P,&W);
+ }
+ else
+ {
+ ECP_add(&P,&W);
+ PAIR_G1mul(&P,x);
+ }
+ if (xCID!=NULL) ECP_toOctet(xCID,&P); // U
+ }
+ else
+ {
+ if (xID!=NULL)
+ {
+ PAIR_G1mul(&P,x); // P=x.H(ID)
+ ECP_toOctet(xID,&P); // xID
+ }
+ }
+ }
+
+ if (res==0)
+ ECP_toOctet(SEC,&T); // V
+
+ return res;
+}
+
+/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
+int MPIN_GET_SERVER_SECRET(octet *S,octet *SST)
+{
+ BIG r,s;
+ FP2 qx,qy;
+ ECP2 Q;
+ int res=0;
+
+ BIG_rcopy(r,CURVE_Order);
+ BIG_rcopy(qx.a,CURVE_Pxa);
+ FP_nres(qx.a);
+ BIG_rcopy(qx.b,CURVE_Pxb);
+ FP_nres(qx.b);
+ BIG_rcopy(qy.a,CURVE_Pya);
+ FP_nres(qy.a);
+ BIG_rcopy(qy.b,CURVE_Pyb);
+ FP_nres(qy.b);
+ ECP2_set(&Q,&qx,&qy);
+
+ if (res==0)
+ {
+ BIG_fromBytes(s,S->val);
+ PAIR_G2mul(&Q,s);
+ ECP2_toOctet(SST,&Q);
+ }
+
+ return res;
+}
+
+
+/* Time Permit CTT=s*H(date|H(CID)) where s is master secret */
+int MPIN_GET_CLIENT_PERMIT(int sha,int date,octet *S,octet *CID,octet *CTT)
+{
+ BIG s;
+ ECP P;
+ char h[MODBYTES];
+ octet H= {0,sizeof(h),h};
+
+ hashit(sha,date,CID,&H);
+
+ mapit(&H,&P);
+ BIG_fromBytes(s,S->val);
+ PAIR_G1mul(&P,s);
+
+ ECP_toOctet(CTT,&P);
+ return 0;
+}
+
+// if date=0 only use HID, set HCID=NULL
+// if date and PE, use HID and HCID
+
+/* Outputs H(CID) and H(CID)+H(T|H(CID)) for time permits. If no time permits set HTID=NULL */
+void MPIN_SERVER_1(int sha,int date,octet *CID,octet *HID,octet *HTID)
+{
+ char h[MODBYTES];
+ octet H= {0,sizeof(h),h};
+ ECP P,R;
+
+#ifdef USE_ANONYMOUS
+ mapit(CID,&P);
+#else
+ hashit(sha,-1,CID,&H);
+ mapit(&H,&P);
+#endif
+
+ ECP_toOctet(HID,&P); // new
+
+ if (date)
+ {
+ // if (HID!=NULL) ECP_toOctet(HID,&P);
+#ifdef USE_ANONYMOUS
+ hashit(sha,date,CID,&H);
+#else
+ hashit(sha,date,&H,&H);
+#endif
+ mapit(&H,&R);
+ ECP_add(&P,&R);
+ ECP_toOctet(HTID,&P);
+ }
+ //else ECP_toOctet(HID,&P);
+
+}
+
+/* Implement M-Pin on server side */
+int MPIN_SERVER_2(int date,octet *HID,octet *HTID,octet *Y,octet *SST,octet *xID,octet *xCID,octet *mSEC,octet *E,octet *F)
+{
+ BIG px,py,y;
+ FP2 qx,qy;
+ FP12 g;
+ ECP2 Q,sQ;
+ ECP P,R;
+ int res=0;
+
+ BIG_rcopy(qx.a,CURVE_Pxa);
+ FP_nres(qx.a);
+ BIG_rcopy(qx.b,CURVE_Pxb);
+ FP_nres(qx.b);
+ BIG_rcopy(qy.a,CURVE_Pya);
+ FP_nres(qy.a);
+ BIG_rcopy(qy.b,CURVE_Pyb);
+ FP_nres(qy.b);
+
+ if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
+
+ if (res==0)
+ {
+ if (!ECP2_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
+ }
+
+ if (res==0)
+ {
+ if (date)
+ {
+ BIG_fromBytes(px,&(xCID->val[1]));
+ BIG_fromBytes(py,&(xCID->val[PFS+1]));
+ }
+ else
+ {
+ BIG_fromBytes(px,&(xID->val[1]));
+ BIG_fromBytes(py,&(xID->val[PFS+1]));
+ }
+ if (!ECP_set(&R,px,py)) res=MPIN_INVALID_POINT; // x(A+AT)
+ }
+ if (res==0)
+ {
+ BIG_fromBytes(y,Y->val);
+ if (date)
+ {
+ if (!ECP_fromOctet(&P,HTID)) res=MPIN_INVALID_POINT;
+ }
+ else
+ {
+ if (!ECP_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
+ }
+ }
+ if (res==0)
+ {
+ PAIR_G1mul(&P,y); // y(A+AT)
+ ECP_add(&P,&R); // x(A+AT)+y(A+T)
+ if (!ECP_fromOctet(&R,mSEC)) res=MPIN_INVALID_POINT; // V
+ }
+ if (res==0)
+ {
+ PAIR_double_ate(&g,&Q,&R,&sQ,&P);
+ PAIR_fexp(&g);
+
+ if (!FP12_isunity(&g))
+ {
+ if (HID!=NULL && xID!=NULL && E!=NULL && F !=NULL)
+ {
+ /* xID is set to NULL if there is no way to calculate PIN error */
+ FP12_toOctet(E,&g);
+
+ /* Note error is in the PIN, not in the time permit! Hence the need to exclude Time Permit from this check */
+
+ if (date)
+ {
+ if (!ECP_fromOctet(&P,HID)) res=MPIN_INVALID_POINT;
+ if (!ECP_fromOctet(&R,xID)) res=MPIN_INVALID_POINT; // U
+
+ if (res==0)
+ {
+ PAIR_G1mul(&P,y); // yA
+ ECP_add(&P,&R); // yA+xA
+ }
+ }
+ if (res==0)
+ {
+ PAIR_ate(&g,&Q,&P);
+ PAIR_fexp(&g);
+ FP12_toOctet(F,&g);
+ }
+ }
+ res=MPIN_BAD_PIN;
+ }
+ }
+
+ return res;
+}
+
+#if MAXPIN==10000
+#define MR_TS 10 /* 2^10/10 approx = sqrt(MAXPIN) */
+#define TRAP 200 /* 2*sqrt(MAXPIN) */
+#endif
+
+#if MAXPIN==1000000
+#define MR_TS 14
+#define TRAP 2000
+#endif
+
+/* Pollards kangaroos used to return PIN error */
+int MPIN_KANGAROO(octet *E,octet *F)
+{
+ int i,j,m,s,dn,dm,steps;
+ int distance[MR_TS];
+ FP12 ge,gf,t,table[MR_TS];
+ int res=0;
+ // BIG w;
+
+ FP12_fromOctet(&ge,E);
+ FP12_fromOctet(&gf,F);
+
+ FP12_copy(&t,&gf);
+
+ for (s=1,m=0; m<MR_TS; m++)
+ {
+ distance[m]=s;
+ FP12_copy(&table[m],&t);
+ s*=2;
+ FP12_usqr(&t,&t);
+ FP12_reduce(&t);
+ }
+
+ FP12_one(&t);
+
+ for (dn=0,j=0; j<TRAP; j++)
+ {
+
+ //BIG_copy(w,t.a.a.a);
+ //FP_redc(w);
+ //i=BIG_lastbits(w,20)%MR_TS;
+
+ i=t.a.a.a[0]%MR_TS;
+
+ FP12_mul(&t,&table[i]);
+ FP12_reduce(&t);
+ dn+=distance[i];
+ }
+
+ FP12_conj(&gf,&t);
+ steps=0;
+ dm=0;
+ while (dm-dn<MAXPIN)
+ {
+ steps++;
+ if (steps>4*TRAP) break;
+
+ //BIG_copy(w,ge.a.a.a);
+ //FP_redc(w);
+ //i=BIG_lastbits(w,20)%MR_TS;
+
+ i=ge.a.a.a[0]%MR_TS;
+
+ FP12_mul(&ge,&table[i]);
+ FP12_reduce(&ge);
+ dm+=distance[i];
+ if (FP12_equals(&ge,&t))
+ {
+ res=dm-dn;
+ break;
+ }
+ if (FP12_equals(&ge,&gf))
+ {
+ res=dn-dm;
+ break;
+ }
+ }
+ if (steps>4*TRAP || dm-dn>=MAXPIN)
+ {
+ res=0; /* Trap Failed - probable invalid token */
+ }
+
+ return res;
+}
+
+/* Functions to support M-Pin Full */
+
+int MPIN_PRECOMPUTE(octet *TOKEN,octet *CID,octet *CP,octet *G1,octet *G2)
+{
+ ECP P,T;
+ ECP2 Q;
+ FP2 qx,qy;
+ FP12 g;
+ int res=0;
+
+ if (!ECP_fromOctet(&T,TOKEN)) res=MPIN_INVALID_POINT;
+
+ if (res==0)
+ {
+ mapit(CID,&P);
+ if (CP!=NULL)
+ {
+ if (!ECP2_fromOctet(&Q,CP)) res=MPIN_INVALID_POINT;
+ }
+ else
+ {
+ BIG_rcopy(qx.a,CURVE_Pxa);
+ FP_nres(qx.a);
+ BIG_rcopy(qx.b,CURVE_Pxb);
+ FP_nres(qx.b);
+ BIG_rcopy(qy.a,CURVE_Pya);
+ FP_nres(qy.a);
+ BIG_rcopy(qy.b,CURVE_Pyb);
+ FP_nres(qy.b);
+ if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
+ }
+ }
+ if (res==0)
+ {
+ PAIR_ate(&g,&Q,&T);
+ PAIR_fexp(&g);
+
+ FP12_toOctet(G1,&g);
+ if (G2!=NULL)
+ {
+ PAIR_ate(&g,&Q,&P);
+ PAIR_fexp(&g);
+ FP12_toOctet(G2,&g);
+ }
+ }
+ return res;
+}
+
+/* calculate common key on client side */
+/* wCID = w.(A+AT) */
+int MPIN_CLIENT_KEY(int sha,octet *G1,octet *G2,int pin,octet *R,octet *X,octet *H,octet *wCID,octet *CK)
+{
+ FP12 g1,g2;
+ FP4 c,cp,cpm1,cpm2;
+ FP2 f;
+ ECP W;
+ int res=0;
+ BIG r,z,x,q,m,a,b,h;
+
+ FP12_fromOctet(&g1,G1);
+ FP12_fromOctet(&g2,G2);
+ BIG_fromBytes(z,R->val);
+ BIG_fromBytes(x,X->val);
+ BIG_fromBytes(h,H->val);
+
+ if (!ECP_fromOctet(&W,wCID)) res=MPIN_INVALID_POINT;
+
+ if (res==0)
+ {
+ BIG_rcopy(r,CURVE_Order);
+ BIG_add(z,z,h); // new
+ BIG_mod(z,r);
+
+ PAIR_G1mul(&W,x);
+
+ BIG_rcopy(a,CURVE_Fra);
+ BIG_rcopy(b,CURVE_Frb);
+ FP2_from_BIGs(&f,a,b);
+
+ BIG_rcopy(q,Modulus);
+ BIG_copy(m,q);
+ BIG_mod(m,r);
+
+ BIG_copy(a,z);
+ BIG_mod(a,m);
+
+ BIG_copy(b,z);
+ BIG_sdiv(b,m);
+
+ FP12_pinpow(&g2,pin,PBLEN);
+ FP12_mul(&g1,&g2);
+
+ FP12_trace(&c,&g1);
+
+ FP12_copy(&g2,&g1);
+ FP12_frob(&g2,&f);
+ FP12_trace(&cp,&g2);
+
+ FP12_conj(&g1,&g1);
+ FP12_mul(&g2,&g1);
+ FP12_trace(&cpm1,&g2);
+ FP12_mul(&g2,&g1);
+ FP12_trace(&cpm2,&g2);
+
+ FP4_xtr_pow2(&c,&cp,&c,&cpm1,&cpm2,a,b);
+ mpin_hash(sha,&c,&W,CK);
+
+ }
+ return res;
+}
+
+/* calculate common key on server side */
+/* Z=r.A - no time permits involved */
+
+int MPIN_SERVER_KEY(int sha,octet *Z,octet *SST,octet *W,octet *H,octet *HID,octet *xID,octet *xCID,octet *SK)
+{
+ int res=0;
+ FP12 g;
+ FP4 c;
+ ECP R,U,A;
+ ECP2 sQ;
+ BIG w,h;
+
+ if (!ECP2_fromOctet(&sQ,SST)) res=MPIN_INVALID_POINT;
+ if (!ECP_fromOctet(&R,Z)) res=MPIN_INVALID_POINT;
+
+
+ if (!ECP_fromOctet(&A,HID)) res=MPIN_INVALID_POINT;
+
+ // new
+ if (xCID!=NULL)
+ {
+ if (!ECP_fromOctet(&U,xCID)) res=MPIN_INVALID_POINT;
+ }
+ else
+ {
+ if (!ECP_fromOctet(&U,xID)) res=MPIN_INVALID_POINT;
+ }
+ BIG_fromBytes(w,W->val);
+ BIG_fromBytes(h,H->val);
+
+
+ PAIR_ate(&g,&sQ,&A);
+ PAIR_fexp(&g);
+
+ if (res==0)
+ {
+ PAIR_G1mul(&A,h);
+ ECP_add(&R,&A); // new
+ PAIR_ate(&g,&sQ,&R);
+ PAIR_fexp(&g);
+ PAIR_G1mul(&U,w);
+ FP12_trace(&c,&g);
+ mpin_hash(sha,&c,&U,SK);
+ }
+ return res;
+}
+
+unsign32 MPIN_GET_TIME(void)
+{
+ return (unsign32)time(NULL);
+}
+
+/* Generate Y = H(TimeValue, xCID/xID) */
+void MPIN_GET_Y(int sha,int TimeValue,octet *xCID,octet *Y)
+{
+ BIG q,y;
+ char h[MODBYTES];
+ octet H= {0,sizeof(h),h};
+
+ hashit(sha,TimeValue,xCID,&H);
+ BIG_fromBytes(y,H.val);
+ BIG_rcopy(q,CURVE_Order);
+ BIG_mod(y,q);
+ BIG_toBytes(Y->val,y);
+ Y->len=PGS;
+}
+
+/* One pass MPIN Client */
+int MPIN_CLIENT(int sha,int date,octet *ID,csprng *RNG,octet *X,int pin,octet *TOKEN,octet *V,octet *U,octet *UT,octet *TP,octet *MESSAGE,int TimeValue,octet *Y)
+{
+ int rtn=0;
+ char m[M_SIZE];
+ octet M= {0,sizeof(m),m};
+
+ octet *pID;
+ if (date == 0)
+ pID = U;
+ else
+ pID = UT;
+
+ rtn = MPIN_CLIENT_1(sha,date,ID,RNG,X,pin,TOKEN,V,U,UT,TP);
+ if (rtn != 0)
+ return rtn;
+
+ OCT_joctet(&M,pID);
+ if (MESSAGE!=NULL)
+ {
+ OCT_joctet(&M,MESSAGE);
+ }
+
+ MPIN_GET_Y(sha,TimeValue,&M,Y);
+
+ rtn = MPIN_CLIENT_2(X,Y,V);
+ if (rtn != 0)
+ return rtn;
+
+ return 0;
+}
+
+/* One pass MPIN Server */
+int MPIN_SERVER(int sha,int date,octet *HID,octet *HTID,octet *Y,octet *sQ,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE,int TimeValue)
+{
+ int rtn=0;
+ char m[M_SIZE];
+ octet M= {0,sizeof(m),m};
+
+ octet *pU;
+ if (date == 0)
+ pU = U;
+ else
+ pU = UT;
+
+ MPIN_SERVER_1(sha,date,ID,HID,HTID);
+
+ OCT_joctet(&M,pU);
+ if (MESSAGE!=NULL)
+ {
+ OCT_joctet(&M,MESSAGE);
+ }
+
+ MPIN_GET_Y(sha,TimeValue,&M,Y);
+
+ rtn = MPIN_SERVER_2(date,HID,HTID,Y,sQ,U,UT,V,E,F);
+ if (rtn != 0)
+ return rtn;
+
+ return 0;
+}
+
+/* AES-GCM Encryption of octets, K is key, H is header,
+ P is plaintext, C is ciphertext, T is authentication tag */
+void MPIN_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T)
+{
+ gcm g;
+ GCM_init(&g,K->len,K->val,IV->len,IV->val);
+ GCM_add_header(&g,H->val,H->len);
+ GCM_add_plain(&g,C->val,P->val,P->len);
+ C->len=P->len;
+ GCM_finish(&g,T->val);
+ T->len=16;
+}
+
+/* AES-GCM Decryption of octets, K is key, H is header,
+ P is plaintext, C is ciphertext, T is authentication tag */
+void MPIN_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T)
+{
+ gcm g;
+ GCM_init(&g,K->len,K->val,IV->len,IV->val);
+ GCM_add_header(&g,H->val,H->len);
+ GCM_add_cipher(&g,P->val,C->val,C->len);
+ P->len=C->len;
+ GCM_finish(&g,T->val);
+ T->len=16;
+}
+
+/* Return the Field size */
+int MPIN_FS()
+{
+ return PFS;
+}
+
+/* Return the Group size */
+int MPIN_GS()
+{
+ return PGS;
+}
+
+/*
+int MPIN_TEST_PAIRING(octet *CID,octet *R)
+{
+ BIG b,px;
+ FP2 qx,qy;
+ FP12 g;
+ ECP2 Q;
+ ECP P;
+ int res=0;
+
+ hashit(-1,CID,&P);
+ BIG_rcopy(qx.a,CURVE_Pxa); FP_nres(qx.a);
+ BIG_rcopy(qx.b,CURVE_Pxb); FP_nres(qx.b);
+ BIG_rcopy(qy.a,CURVE_Pya); FP_nres(qy.a);
+ BIG_rcopy(qy.b,CURVE_Pyb); FP_nres(qy.b);
+
+ if (!ECP2_set(&Q,&qx,&qy)) res=MPIN_INVALID_POINT;
+
+ if (res==0)
+ {
+ PAIR_ate(&g,&Q,&P);
+ PAIR_fexp(&g);
+ FP12_trace(&(g.a),&g);
+
+ BIG_copy(b,g.a.a.a); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
+ BIG_copy(b,g.a.a.b); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
+ BIG_copy(b,g.a.b.a); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
+ BIG_copy(b,g.a.b.b); FP_redc(b); printf("trace pairing= "); BIG_output(b); printf("\n");
+
+ }
+
+ return res;
+}
+*/
+
+/*
+int main()
+{
+ ECP2 X;
+ FP2 x,y,rhs;
+ BIG r;
+ char hcid[HASH_BYTES],client_id[100];
+ octet HCID={0,sizeof(hcid),hcid};
+ octet CLIENT_ID={0,sizeof(client_id),client_id};
+
+ OCT_jstring(&CLIENT_ID,"testUser@certivox.com");
+ MPIN_HASH_ID(&CLIENT_ID,&HCID);
+
+ printf("Client ID= "); OCT_output_string(&CLIENT_ID); printf("\n");
+
+ mapit2(&HCID,&X);
+
+ ECP2_output(&X);
+
+ BIG_rcopy(r,CURVE_Order);
+
+ ECP2_mul(&X,r);
+
+ ECP2_output(&X);
+
+}
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/mpin.h
----------------------------------------------------------------------
diff --git a/version22/c/mpin.h b/version22/c/mpin.h
new file mode 100644
index 0000000..9627eb8
--- /dev/null
+++ b/version22/c/mpin.h
@@ -0,0 +1,408 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/**
+ * @file mpin.h
+ * @author Mike Scott and Kealan McCusker
+ * @date 2nd June 2015
+ * @brief M-Pin Header file
+ *
+ * Allows some user configuration
+ * defines structures
+ * declares functions
+ *
+ */
+
+#ifndef MPIN_H
+#define MPIN_H
+
+#include "amcl.h"
+
+/* Field size is assumed to be greater than or equal to group size */
+
+#define PGS MODBYTES /**< MPIN Group Size */
+#define PFS MODBYTES /**< MPIN Field Size */
+#define PAS 16 /**< MPIN Symmetric Key Size */
+
+#define MPIN_OK 0 /**< Function completed without error */
+#define MPIN_INVALID_POINT -14 /**< Point is NOT on the curve */
+#define MPIN_BAD_PIN -19 /**< Bad PIN number entered */
+
+
+/* Configure your PIN here */
+
+#ifdef CMAKE
+#define MAXPIN @AMCL_MAXPIN@ /**< max PIN */
+#define PBLEN @AMCL_PBLEN@ /**< max length of PIN in bits */
+#else
+#define MAXPIN 10000 /**< max PIN */
+#define PBLEN 14 /**< max length of PIN in bits */
+#endif
+
+#define TIME_SLOT_MINUTES 1440 /**< Time Slot = 1 day */
+#define HASH_TYPE_MPIN SHA256 /**< Choose Hash function */
+
+#define MESSAGE_SIZE 256 /**< Signature message size */
+#define M_SIZE (MESSAGE_SIZE+2*PFS+1) /**< Signature message size and G1 size */
+
+/* MPIN support functions */
+
+/* MPIN primitives */
+
+/** @brief Hash an M-Pin Identity to an octet string
+ *
+ @param h is the hash type
+ @param ID an octet containing the identity
+ @param HID an octet containing the hashed identity
+ */
+void MPIN_HASH_ID(int h,octet *ID,octet *HID);
+/** @brief Get epoch time as unsigned integer
+ *
+ @return current epoch time in seconds
+ */
+unsign32 MPIN_GET_TIME(void);
+/** @brief Generate Y=H(s,O), where s is epoch time, O is an octet, and H(.) is a hash function
+ *
+ @param h is the hash type
+ @param t is epoch time in seconds
+ @param O is an input octet
+ @param Y is the output octet
+ */
+void MPIN_GET_Y(int h,int t,octet *O,octet *Y);
+/** @brief Extract a PIN number from a client secret
+ *
+ @param h is the hash type
+ @param ID is the input client identity
+ @param pin is an input PIN number
+ @param CS is the client secret from which the PIN is to be extracted
+ @return 0 or an error code
+ */
+int MPIN_EXTRACT_PIN(int h,octet *ID,int pin,octet *CS);
+/** @brief Perform client side of the one-pass version of the M-Pin protocol
+ *
+ If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
+ @param h is the hash type
+ @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
+ @param ID is the input client identity
+ @param R is a pointer to a cryptographically secure random number generator
+ @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ @param pin is the input PIN number
+ @param T is the input M-Pin token (the client secret with PIN portion removed)
+ @param V is output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit
+ @param U is output = x.H(ID)
+ @param UT is output = x.(H(ID)+H(d|H(ID)))
+ @param TP is the input time permit
+ @param MESSAGE is the message to be signed
+ @param t is input epoch time in seconds - a timestamp
+ @param y is output H(t|U) or H(t|UT) if Time Permits enabled
+ @return 0 or an error code
+ */
+int MPIN_CLIENT(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *V,octet *U,octet *UT,octet *TP, octet* MESSAGE, int t, octet *y);
+/** @brief Perform first pass of the client side of the 3-pass version of the M-Pin protocol
+ *
+ If Time Permits are disabled, set d = 0, and UT is not generated and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is OFF, U is not generated and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is ON, U and UT are both generated.
+ @param h is the hash type
+ @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
+ @param ID is the input client identity
+ @param R is a pointer to a cryptographically secure random number generator
+ @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ @param pin is the input PIN number
+ @param T is the input M-Pin token (the client secret with PIN portion removed)
+ @param S is output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit
+ @param U is output = x.H(ID)
+ @param UT is output = x.(H(ID)+H(d|H(ID)))
+ @param TP is the input time permit
+ @return 0 or an error code
+ */
+int MPIN_CLIENT_1(int h,int d,octet *ID,csprng *R,octet *x,int pin,octet *T,octet *S,octet *U,octet *UT,octet *TP);
+/** @brief Generate a random group element
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param S is the output random octet
+ @return 0 or an error code
+ */
+int MPIN_RANDOM_GENERATE(csprng *R,octet *S);
+/** @brief Perform second pass of the client side of the 3-pass version of the M-Pin protocol
+ *
+ @param x an input, a locally generated random number
+ @param y an input random challenge from the server
+ @param V on output = -(x+y).V
+ @return 0 or an error code
+ */
+int MPIN_CLIENT_2(octet *x,octet *y,octet *V);
+/** @brief Perform server side of the one-pass version of the M-Pin protocol
+ *
+ If Time Permits are disabled, set d = 0, and UT and HTID are not generated and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
+ @param h is the hash type
+ @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
+ @param HID is output H(ID), a hash of the client ID
+ @param HTID is output H(ID)+H(d|H(ID))
+ @param y is output H(t|U) or H(t|UT) if Time Permits enabled
+ @param SS is the input server secret
+ @param U is input from the client = x.H(ID)
+ @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
+ @param V is an input from the client
+ @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
+ @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
+ @param ID is the input claimed client identity
+ @param MESSAGE is the message to be signed
+ @param t is input epoch time in seconds - a timestamp
+ @return 0 or an error code
+ */
+int MPIN_SERVER(int h,int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F,octet *ID,octet *MESSAGE, int t);
+/** @brief Perform first pass of the server side of the 3-pass version of the M-Pin protocol
+ *
+ @param h is the hash type
+ @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
+ @param ID is the input claimed client identity
+ @param HID is output H(ID), a hash of the client ID
+ @param HTID is output H(ID)+H(d|H(ID))
+ @return 0 or an error code
+ */
+void MPIN_SERVER_1(int h,int d,octet *ID,octet *HID,octet *HTID);
+/** @brief Perform third pass on the server side of the 3-pass version of the M-Pin protocol
+ *
+ If Time Permits are disabled, set d = 0, and UT and HTID are not needed and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is OFF, U and HID are not needed and can be set to NULL.
+ If Time Permits are enabled, and PIN error detection is ON, U, UT, HID and HTID are all required.
+ @param d is input date, in days since the epoch. Set to 0 if Time permits disabled
+ @param HID is input H(ID), a hash of the client ID
+ @param HTID is input H(ID)+H(d|H(ID))
+ @param y is the input server's randomly generated challenge
+ @param SS is the input server secret
+ @param U is input from the client = x.H(ID)
+ @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
+ @param V is an input from the client
+ @param E is an output to help the Kangaroos to find the PIN error, or NULL if not required
+ @param F is an output to help the Kangaroos to find the PIN error, or NULL if not required
+ @return 0 or an error code
+ */
+int MPIN_SERVER_2(int d,octet *HID,octet *HTID,octet *y,octet *SS,octet *U,octet *UT,octet *V,octet *E,octet *F);
+/** @brief Add two members from the group G1
+ *
+ @param Q1 an input member of G1
+ @param Q2 an input member of G1
+ @param Q an output member of G1 = Q1+Q2
+ @return 0 or an error code
+ */
+int MPIN_RECOMBINE_G1(octet *Q1,octet *Q2,octet *Q);
+/** @brief Add two members from the group G2
+ *
+ @param P1 an input member of G2
+ @param P2 an input member of G2
+ @param P an output member of G2 = P1+P2
+ @return 0 or an error code
+ */
+int MPIN_RECOMBINE_G2(octet *P1,octet *P2,octet *P);
+/** @brief Use Kangaroos to find PIN error
+ *
+ @param E a member of the group GT
+ @param F a member of the group GT = E^e
+ @return 0 if Kangaroos failed, or the PIN error e
+ */
+int MPIN_KANGAROO(octet *E,octet *F);
+/** @brief Encoding of a Time Permit to make it indistinguishable from a random string
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param TP is the input time permit, obfuscated on output
+ @return 0 or an error code
+ */
+int MPIN_ENCODING(csprng *R,octet *TP);
+/** @brief Encoding of an obfuscated Time Permit
+ *
+ @param TP is the input obfuscated time permit, restored on output
+ @return 0 or an error code
+ */
+int MPIN_DECODING(octet *TP);
+/** @brief Supply today's date as days from the epoch
+ *
+ @return today's date, as number of days elapsed since the epoch
+ */
+unsign32 MPIN_today(void);
+
+/** @brief Find a random multiple of a point in G1
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param type determines type of action to be taken
+ @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ @param G if type=0 a point in G1, else an octet to be mapped to G1
+ @param W the output =x.G or x.M(G), where M(.) is a mapping
+ @return 0 or an error code
+ */
+int MPIN_GET_G1_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
+/** @brief Find a random multiple of a point in G1
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param type determines type of action to betaken
+ @param x an output internally randomly generated if R!=NULL, otherwise must be provided as an input
+ @param G a point in G2
+ @param W the output =x.G or (1/x).G
+ @return 0 or an error code
+ */
+int MPIN_GET_G2_MULTIPLE(csprng *R,int type,octet *x,octet *G,octet *W);
+/** @brief Hash the session transcript
+ @param h is the hash type
+ @param I is the hashed input client ID = H(ID)
+ @param U is the client output = x.H(ID)
+ @param CU is the client output = x.(H(ID)+H(T|H(ID)))
+ @param Y is the server challenge
+ @param V is the client part response
+ @param R is the client part response
+ @param W is the server part response
+ @param H the output is the hash of all of the above that apply
+*/
+void MPIN_HASH_ALL(int h,octet *I,octet *U,octet *CU,octet *Y,octet *V,octet *R,octet *W,octet *H);
+/** @brief Create a client secret in G1 from a master secret and the client ID
+ *
+ @param S is an input master secret
+ @param ID is the input client identity
+ @param CS is the full client secret = s.H(ID)
+ @return 0 or an error code
+ */
+int MPIN_GET_CLIENT_SECRET(octet *S,octet *ID,octet *CS);
+/** @brief Create a Time Permit in G1 from a master secret and the client ID
+ *
+ @param h is the hash type
+ @param d is input date, in days since the epoch.
+ @param S is an input master secret
+ @param ID is the input client identity
+ @param TP is a Time Permit for the given date = s.H(d|H(ID))
+ @return 0 or an error code
+ */
+int MPIN_GET_CLIENT_PERMIT(int h,int d,octet *S,octet *ID,octet *TP);
+/** @brief Create a server secret in G2 from a master secret
+ *
+ @param S is an input master secret
+ @param SS is the server secret = s.Q where Q is a fixed generator of G2
+ @return 0 or an error code
+ */
+int MPIN_GET_SERVER_SECRET(octet *S,octet *SS);
+/* int MPIN_TEST_PAIRING(octet *,octet *); */
+
+/* For M-Pin Full */
+/** @brief Precompute values for use by the client side of M-Pin Full
+ *
+ @param T is the input M-Pin token (the client secret with PIN portion removed)
+ @param ID is the input client identity
+ @param CP is Public Key (or NULL)
+ @param g1 precomputed output
+ @param g2 precomputed output
+ @return 0 or an error code
+ */
+int MPIN_PRECOMPUTE(octet *T,octet *ID,octet *CP,octet *g1,octet *g2);
+/** @brief Calculate Key on Server side for M-Pin Full
+ *
+ Uses UT internally for the key calculation, unless not available in which case U is used
+ @param h is the hash type
+ @param Z is the input Client-side Diffie-Hellman component
+ @param SS is the input server secret
+ @param w is an input random number generated by the server
+ @param p is an input, hash of the protocol transcript
+ @param I is the hashed input client ID = H(ID)
+ @param U is input from the client = x.H(ID)
+ @param UT is input from the client= x.(H(ID)+H(d|H(ID)))
+ @param K is the output calculated shared key
+ @return 0 or an error code
+ */
+int MPIN_SERVER_KEY(int h,octet *Z,octet *SS,octet *w,octet *p,octet *I,octet *U,octet *UT,octet *K);
+/** @brief Calculate Key on Client side for M-Pin Full
+ *
+ @param h is the hash type
+ @param g1 precomputed input
+ @param g2 precomputed input
+ @param pin is the input PIN number
+ @param r is an input, a locally generated random number
+ @param x is an input, a locally generated random number
+ @param p is an input, hash of the protocol transcript
+ @param T is the input Server-side Diffie-Hellman component
+ @param K is the output calculated shared key
+ @return 0 or an error code
+ */
+int MPIN_CLIENT_KEY(int h,octet *g1,octet *g2,int pin,octet *r,octet *x,octet *p,octet *T,octet *K);
+
+/** @brief AES-GCM Encryption
+ *
+ @param K AES key
+ @param IV Initialization vector
+ @param H Header
+ @param P Plaintext
+ @param C Ciphertext
+ @param T Checksum
+ */
+void MPIN_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
+
+/** @brief AES-GCM Decryption
+ *
+ @param K AES key
+ @param IV Initialization vector
+ @param H Header
+ @param P Plaintext
+ @param C Ciphertext
+ @param T Checksum
+ */
+void MPIN_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
+
+/**
+ * @brief Return the field size
+ *
+ * Return the field size.
+ *
+ * @return Field size
+ */
+int MPIN_FS();
+
+/**
+ * @brief Return the group size
+ *
+ * Return the group size.
+ *
+ * @return Group size
+ */
+int MPIN_GS();
+
+/** @brief HMAC of message M using key K to create tag of length len in octet tag
+ *
+ IEEE-1363 MAC1 function. Uses SHA256 internally.
+ @param M input message octet
+ @param K input encryption key
+ @param len is output desired length of HMAC tag
+ @param tag is the output HMAC
+ @return 0 for bad parameters, else 1
+ */
+//int HMAC(octet *M,octet *K,int len,octet *tag);
+
+/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
+ *
+ PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
+ @param P input password
+ @param S input salt
+ @param rep Number of times to be iterated.
+ @param len is output desired length of key
+ @param K is the derived key
+ */
+//void PBKDF2(octet *P,octet *S,int rep,int len,octet *K);
+
+#endif
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/oct.c
----------------------------------------------------------------------
diff --git a/version22/c/oct.c b/version22/c/oct.c
new file mode 100644
index 0000000..8d5bdb2
--- /dev/null
+++ b/version22/c/oct.c
@@ -0,0 +1,428 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/*** Basic Octet string maintainance routines ***/
+/* SU=m, m is Stack Usage */
+
+#include <string.h>
+#include "amcl.h"
+
+/* Output an octet string (Debug Only) */
+
+/* SU= 16 */
+/* output octet */
+void OCT_output(octet *w)
+{
+ int i;
+ unsigned char ch;
+ for (i=0; i<w->len; i++)
+ {
+ ch=w->val[i];
+ printf("%02x",ch);
+ }
+ printf("\n");
+}
+
+/* SU= 16 */
+void OCT_output_string(octet *w)
+{
+ int i;
+ unsigned char ch;
+ for (i=0; i<w->len; i++)
+ {
+ ch=w->val[i];
+ printf("%c",ch);
+ }
+ /* printf("\n"); */
+}
+
+/* Convert C string to octet format - truncates if no room */
+void OCT_jstring(octet *y,char *s)
+{
+ int i,j;
+ i=y->len;
+ j=0;
+ while (s[j]!=0 && i<y->max)
+ {
+ y->val[i]=s[j];
+ y->len++;
+ i++;
+ j++;
+ }
+}
+
+/* compare 2 octet strings.
+ * If x==y return TRUE, else return FALSE */
+/* SU= 8 */
+int OCT_comp(octet *x,octet *y)
+{
+ int i;
+ if (x->len>y->len) return 0;
+ if (x->len<y->len) return 0;
+ for (i=0; i<x->len; i++)
+ {
+ if (x->val[i]!=y->val[i]) return 0;
+ }
+ return 1;
+}
+
+/* check are first n bytes the same */
+
+int OCT_ncomp(octet *x,octet *y,int n)
+{
+ int i;
+ if (n>y->len || n>x->len) return 0;
+ for (i=0; i<n; i++)
+ {
+ if (x->val[i]!=y->val[i]) return 0;
+ }
+ return 1;
+}
+
+/* Shift octet to the left by n bytes. Leftmost bytes disappear */
+void OCT_shl(octet *x,int n)
+{
+ int i;
+ if (n>=x->len)
+ {
+ x->len=0;
+ return;
+ }
+ x->len-=n;
+ for (i=0; i<x->len; i++)
+ x->val[i]=x->val[i+n];
+}
+
+/* Append binary string to octet - truncates if no room */
+/* SU= 12 */
+void OCT_jbytes(octet *y,char *b,int len)
+{
+ int i,j;
+ i=y->len;
+ for (j=0; j<len && i<y->max; j++)
+ {
+ y->val[i]=b[j];
+ y->len++;
+ i++;
+ }
+}
+
+/* Concatenates two octet strings */
+/* SU= 8 */
+void OCT_joctet(octet *y,octet *x)
+{
+ /* y=y || x */
+ int i,j;
+ if (x==NULL) return;
+
+ for (i=0; i<x->len; i++)
+ {
+ j=y->len+i;
+ if (j>=y->max)
+ {
+ y->len=y->max;
+ return;
+ }
+ y->val[j]=x->val[i];
+ }
+ y->len+=x->len;
+}
+
+/* Append byte to octet rep times */
+/* SU= 8 */
+void OCT_jbyte(octet *y,int ch,int rep)
+{
+ int i,j;
+ i=y->len;
+ for (j=0; j<rep && i<y->max; j++)
+ {
+ y->val[i]=ch;
+ y->len++;
+ i++;
+ }
+}
+
+/* XOR common bytes of x with y */
+/* SU= 8 */
+void OCT_xor(octet *y,octet *x)
+{
+ /* xor first x->len bytes of y */
+
+ int i;
+ for (i=0; i<x->len && i<y->len; i++)
+ {
+ y->val[i]^=x->val[i];
+ }
+}
+
+/* clear an octet */
+void OCT_empty(octet *w)
+{
+ w->len=0;
+}
+
+/* Kill an octet string - Zeroise it for security */
+void OCT_clear(octet *w)
+{
+ int i;
+ for (i=0; i<w->max; i++) w->val[i]=0;
+ w->len=0;
+}
+
+/* appends int x of length len bytes to OCTET string */
+/* SU= 8 */
+void OCT_jint(octet *y,int x,int len)
+{
+ int i,n;
+ n=y->len+len;
+ if (n>y->max || len<=0) return;
+ for (i=y->len; i<n; i++) y->val[i]=0;
+ y->len=n;
+
+ i=y->len;
+ while (x>0 && i>0)
+ {
+ i--;
+ y->val[i]=x%256;
+ x/=256;
+ }
+}
+
+/* Pad an octet to a given length */
+/* SU= 8 */
+int OCT_pad(octet *w,int n)
+{
+ int i,d;
+ if (w->len>n || n>w->max) return 0;
+ if (n==w->len) return 1;
+ d=n-w->len;
+ for (i=n-1; i>=d; i--)
+ w->val[i]=w->val[i-d];
+ for (i=d-1; i>=0; i--)
+ w->val[i]=0;
+ w->len=n;
+ return 1;
+}
+
+
+/* Convert an octet string to base64 string */
+/* SU= 56 */
+void OCT_tobase64(char *b,octet *w)
+{
+ int i,j,k,rem,last;
+ int c,ch[4];
+ unsigned char ptr[3];
+ rem=w->len%3;
+ j=k=0;
+ last=4;
+ while (j<w->len)
+ {
+ for (i=0; i<3; i++)
+ {
+ if (j<w->len) ptr[i]=w->val[j++];
+ else
+ {
+ ptr[i]=0;
+ last--;
+ }
+ }
+ ch[0]=(ptr[0]>>2)&0x3f;
+ ch[1]=((ptr[0]<<4)|(ptr[1]>>4))&0x3f;
+ ch[2]=((ptr[1]<<2)|(ptr[2]>>6))&0x3f;
+ ch[3]=ptr[2]&0x3f;
+ for (i=0; i<last; i++)
+ {
+ c=ch[i];
+ if (c<26) c+=65;
+ if (c>=26 && c<52) c+=71;
+ if (c>=52 && c<62) c-=4;
+ if (c==62) c='+';
+ if (c==63) c='/';
+ b[k++]=c;
+ }
+ }
+ if (rem>0) for (i=rem; i<3; i++) b[k++]='=';
+ b[k]='\0'; /* dangerous! */
+}
+
+/* SU= 56 */
+void OCT_frombase64(octet *w,char *b)
+{
+ int i,j,k,pads,len=(int)strlen(b);
+ int c,ch[4],ptr[3];
+ /* int lead=1; */
+ j=k=0;
+ while (j<len && k<w->max)
+ {
+ pads=0;
+ for (i=0; i<4; i++)
+ {
+ c=80+b[j++];
+ if (c<=112) continue; /* ignore white space */
+ if (c>144 && c<171) c-=145;
+ if (c>176 && c<203) c-=151;
+ if (c>127 && c<138) c-=76;
+ if (c==123) c=62;
+ if (c==127) c=63;
+ if (c==141)
+ {
+ pads++; /* ignore pads '=' */
+ continue;
+ }
+ ch[i]=c;
+ }
+ ptr[0]=(ch[0]<<2)|(ch[1]>>4);
+ ptr[1]=(ch[1]<<4)|(ch[2]>>2);
+ ptr[2]=(ch[2]<<6)|ch[3];
+ for (i=0; i<3-pads && k<w->max; i++)
+ {
+ /* don't put in leading zeros */
+ /* if (lead && ptr[i]==0) continue; */
+ w->val[k++]=ptr[i];
+ /* lead=0; */
+ }
+
+ }
+ w->len=k;
+}
+
+/* copy an octet string - truncates if no room */
+/* SU= 16 */
+void OCT_copy(octet *y,octet *x)
+{
+ int i;
+ OCT_clear(y);
+ y->len=x->len;
+ if (y->len>y->max) y->len=y->max;
+
+ for (i=0; i<y->len; i++)
+ y->val[i]=x->val[i];
+}
+
+/* XOR m with all of x */
+void OCT_xorbyte(octet *x,int m)
+{
+ int i;
+ for (i=0; i<x->len; i++) x->val[i]^=m;
+}
+
+/* truncates x to n bytes and places the rest in y (if y is not NULL) */
+/* SU= 8 */
+void OCT_chop(octet *x,octet *y,int n)
+{
+ int i;
+ if (n>=x->len)
+ {
+ if (y!=NULL) y->len=0;
+ return;
+ }
+ if (y!=NULL) y->len=x->len-n;
+ x->len=n;
+
+ if (y!=NULL)
+ {
+ for (i=0; i<y->len && i<y->max; i++) y->val[i]=x->val[i+n];
+ }
+}
+
+/* set x to len random bytes */
+void OCT_rand(octet *x,csprng *RNG,int len)
+{
+ int i;
+ if (len>x->max) len=x->max;
+ x->len=len;
+
+ for (i=0; i<len; i++) x->val[i]=RAND_byte(RNG);
+}
+
+/* Convert an octet to a hex string */
+void OCT_toHex(octet *src,char *dst)
+{
+ int i;
+ unsigned char ch;
+ for (i=0; i<src->len; i++)
+ {
+ ch=src->val[i];
+ sprintf(&dst[i*2],"%02x", ch);
+ }
+}
+
+static int char2int(char input)
+{
+ if(input >= '0' && input <= '9')
+ return input - '0';
+ if(input >= 'A' && input <= 'F')
+ return input - 'A' + 10;
+ if(input >= 'a' && input <= 'f')
+ return input - 'a' + 10;
+ return 0;
+}
+
+/* Convert from a hex string */
+void OCT_fromHex(octet *dst,char *src)
+{
+ int i=0;
+ int j=0;
+ OCT_clear(dst);
+
+ while(src[j]!=0)
+ {
+ dst->val[i++] = char2int(src[j])*16 + char2int(src[j+1]);
+ j += 2;
+ }
+ dst->len=i;
+}
+
+
+/* Convert an octet to a string */
+void OCT_toStr(octet *src,char *dst)
+{
+ int i;
+ unsigned char ch;
+ for (i=0; i<src->len; i++)
+ {
+ ch=src->val[i];
+ sprintf(&dst[i],"%c", ch);
+ }
+}
+
+/* Test program
+#include <stdio.h>
+#include "amcl.h"
+
+char test[]="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+
+int main()
+{
+ char gm[100],gn[100],t[100];
+ octet m={0,sizeof(gm),gm};
+ octet n={0,sizeof(gn),gn};
+
+ OCT_jbytes(&m,test,strlen(test));
+ OCT_output(&m);
+
+ OCT_tobase64(t,&m);
+ printf(t); printf("\n");
+
+ OCT_frombase64(&n,t);
+ OCT_output(&n);
+
+ return 0;
+}
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/pair.c
----------------------------------------------------------------------
diff --git a/version22/c/pair.c b/version22/c/pair.c
new file mode 100644
index 0000000..5b4e987
--- /dev/null
+++ b/version22/c/pair.c
@@ -0,0 +1,828 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL BN Curve pairing functions */
+
+//#define HAS_MAIN
+
+#include "amcl.h"
+
+/* Line function */
+static void PAIR_line(FP12 *v,ECP2 *A,ECP2 *B,BIG Qx,BIG Qy)
+{
+ ECP2 P;
+ FP2 Z3,X,Y,ZZ,T,NY;
+ FP4 a,b,c;
+ int D;
+ ECP2_copy(&P,A);
+ if (A==B)
+ D=ECP2_dbl(A); // check these return numbers...
+ else
+ D=ECP2_add(A,B);
+ if (D<0)
+ {
+ /* Infinity */
+ FP12_one(v);
+ return;
+ }
+
+ FP2_copy(&Z3,&(A->z));
+ FP4_zero(&c);
+ FP2_sqr(&ZZ,&(P.z)); /* ZZ=Z^2 */
+ if (D==0)
+ {
+ /* addition */
+ ECP2_get(&X,&Y,B);
+ FP2_mul(&T,&(P.z),&Y); /* T=Z*Y2 */
+
+ FP2_mul(&ZZ,&ZZ,&T);
+
+ FP2_neg(&NY,&(P.y));
+ FP2_add(&ZZ,&ZZ,&NY); /* ZZ=Z^3*Y2-Y (slope numerator) */
+ FP2_pmul(&Z3,&Z3,Qy); /* Z3*Qy */
+ FP2_mul(&T,&T,&(P.x));
+ FP2_mul(&X,&X,&NY);
+ FP2_add(&T,&T,&X); /* Z*Y2*X-X2*Y */
+ FP4_from_FP2s(&a,&Z3,&T); /* a=[Z3*Qy,Z*Y2*X-X2*Y] */
+ FP2_neg(&ZZ,&ZZ);
+ FP2_pmul(&ZZ,&ZZ,Qx);
+ FP4_from_FP2(&b,&ZZ); /* b=-slope*Qx */
+ }
+ else
+ {
+ /* doubling */
+ FP2_sqr(&T,&(P.x));
+ FP2_imul(&T,&T,3); /* T=3X^2 (slope numerator) */
+ FP2_sqr(&Y,&(P.y));
+
+ FP2_add(&Y,&Y,&Y); /* Y=2Y^2 */
+ FP2_mul(&Z3,&Z3,&ZZ); /* Z3=Z3*ZZ */
+ FP2_pmul(&Z3,&Z3,Qy); /* Z3=Z3*ZZ*Qy */
+
+ FP2_mul(&X,&(P.x),&T);
+ FP2_sub(&X,&X,&Y); /* X=X*slope-2Y^2 */
+ FP4_from_FP2s(&a,&Z3,&X); /* a=[Z3*ZZ*Qy , X*slope-2Y^2] */
+ FP2_neg(&T,&T);
+ FP2_mul(&ZZ,&ZZ,&T);
+ FP2_pmul(&ZZ,&ZZ,Qx);
+ FP4_from_FP2(&b,&ZZ); /* b=-slope*ZZ*Qx */
+ }
+
+ FP12_from_FP4s(v,&a,&b,&c);
+}
+
+/* Optimal R-ate pairing r=e(P,Q) */
+void PAIR_ate(FP12 *r,ECP2 *P,ECP *Q)
+{
+ FP2 X;
+ BIG x,n,Qx,Qy;
+ int i,nb;
+ ECP2 A;
+ FP12 lv;
+#if CHOICE<BLS_CURVES
+ ECP2 KA;
+#endif
+
+ BIG_rcopy(Qx,CURVE_Fra);
+ BIG_rcopy(Qy,CURVE_Frb);
+ FP2_from_BIGs(&X,Qx,Qy);
+
+ BIG_rcopy(x,CURVE_Bnx);
+
+#if CHOICE<BLS_CURVES
+ BIG_pmul(n,x,6);
+ BIG_dec(n,2);
+#else
+ BIG_copy(n,x);
+#endif
+
+ BIG_norm(n);
+
+ ECP2_affine(P);
+ ECP_affine(Q);
+
+ BIG_copy(Qx,Q->x);
+ BIG_copy(Qy,Q->y);
+
+ ECP2_copy(&A,P);
+ FP12_one(r);
+ nb=BIG_nbits(n);
+
+ /* Main Miller Loop */
+ for (i=nb-2; i>=1; i--)
+ {
+ PAIR_line(&lv,&A,&A,Qx,Qy);
+ FP12_smul(r,&lv);
+ if (BIG_bit(n,i))
+ {
+
+ PAIR_line(&lv,&A,P,Qx,Qy);
+ FP12_smul(r,&lv);
+ }
+ FP12_sqr(r,r);
+ }
+
+ PAIR_line(&lv,&A,&A,Qx,Qy);
+ FP12_smul(r,&lv);
+
+ if (BIG_parity(n))
+ {
+ PAIR_line(&lv,&A,P,Qx,Qy);
+ FP12_smul(r,&lv);
+ }
+
+ /* R-ate fixup required for BN curves */
+#if CHOICE<BLS_CURVES
+ ECP2_copy(&KA,P);
+ ECP2_frob(&KA,&X);
+
+ ECP2_neg(&A);
+ FP12_conj(r,r);
+
+ PAIR_line(&lv,&A,&KA,Qx,Qy);
+ FP12_smul(r,&lv);
+ ECP2_frob(&KA,&X);
+ ECP2_neg(&KA);
+ PAIR_line(&lv,&A,&KA,Qx,Qy);
+ FP12_smul(r,&lv);
+#endif
+}
+
+/* Optimal R-ate double pairing e(P,Q).e(R,S) */
+void PAIR_double_ate(FP12 *r,ECP2 *P,ECP *Q,ECP2 *R,ECP *S)
+{
+ FP2 X;
+ BIG x,n,Qx,Qy,Sx,Sy;
+ int i,nb;
+ ECP2 A,B;
+ FP12 lv;
+#if CHOICE<BLS_CURVES
+ ECP2 K;
+#endif
+ BIG_rcopy(Qx,CURVE_Fra);
+ BIG_rcopy(Qy,CURVE_Frb);
+ FP2_from_BIGs(&X,Qx,Qy);
+
+ BIG_rcopy(x,CURVE_Bnx);
+
+#if CHOICE<BLS_CURVES
+ BIG_pmul(n,x,6);
+ BIG_dec(n,2);
+#else
+ BIG_copy(n,x);
+#endif
+
+ BIG_norm(n);
+
+ ECP2_affine(P);
+ ECP_affine(Q);
+
+ ECP2_affine(R);
+ ECP_affine(S);
+
+ BIG_copy(Qx,Q->x);
+ BIG_copy(Qy,Q->y);
+
+ BIG_copy(Sx,S->x);
+ BIG_copy(Sy,S->y);
+
+ ECP2_copy(&A,P);
+ ECP2_copy(&B,R);
+ FP12_one(r);
+ nb=BIG_nbits(n);
+
+ /* Main Miller Loop */
+ for (i=nb-2; i>=1; i--)
+ {
+ PAIR_line(&lv,&A,&A,Qx,Qy);
+ FP12_smul(r,&lv);
+ PAIR_line(&lv,&B,&B,Sx,Sy);
+ FP12_smul(r,&lv);
+
+ if (BIG_bit(n,i))
+ {
+ PAIR_line(&lv,&A,P,Qx,Qy);
+ FP12_smul(r,&lv);
+
+ PAIR_line(&lv,&B,R,Sx,Sy);
+ FP12_smul(r,&lv);
+ }
+ FP12_sqr(r,r);
+ }
+
+ PAIR_line(&lv,&A,&A,Qx,Qy);
+ FP12_smul(r,&lv);
+
+ PAIR_line(&lv,&B,&B,Sx,Sy);
+ FP12_smul(r,&lv);
+
+ if (BIG_parity(n))
+ {
+ PAIR_line(&lv,&A,P,Qx,Qy);
+ FP12_smul(r,&lv);
+
+ PAIR_line(&lv,&B,R,Sx,Sy);
+ FP12_smul(r,&lv);
+ }
+
+ /* R-ate fixup required for BN curves */
+#if CHOICE<BLS_CURVES
+ FP12_conj(r,r);
+
+ ECP2_copy(&K,P);
+ ECP2_frob(&K,&X);
+ ECP2_neg(&A);
+ PAIR_line(&lv,&A,&K,Qx,Qy);
+ FP12_smul(r,&lv);
+ ECP2_frob(&K,&X);
+ ECP2_neg(&K);
+ PAIR_line(&lv,&A,&K,Qx,Qy);
+ FP12_smul(r,&lv);
+
+ ECP2_copy(&K,R);
+ ECP2_frob(&K,&X);
+ ECP2_neg(&B);
+ PAIR_line(&lv,&B,&K,Sx,Sy);
+ FP12_smul(r,&lv);
+ ECP2_frob(&K,&X);
+ ECP2_neg(&K);
+ PAIR_line(&lv,&B,&K,Sx,Sy);
+ FP12_smul(r,&lv);
+#endif
+}
+
+/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
+void PAIR_fexp(FP12 *r)
+{
+ FP2 X;
+ BIG x,a,b;
+ FP12 t0,y0,y1,y2,y3;
+
+ BIG_rcopy(x,CURVE_Bnx);
+ BIG_rcopy(a,CURVE_Fra);
+ BIG_rcopy(b,CURVE_Frb);
+ FP2_from_BIGs(&X,a,b);
+
+ /* Easy part of final exp */
+
+ FP12_inv(&t0,r);
+ FP12_conj(r,r);
+
+ FP12_mul(r,&t0);
+ FP12_copy(&t0,r);
+
+ FP12_frob(r,&X);
+ FP12_frob(r,&X);
+ FP12_mul(r,&t0);
+
+ /* Hard part of final exp - see Duquesne & Ghamman eprint 2015/192.pdf */
+#if CHOICE<BLS_CURVES
+ FP12_pow(&t0,r,x); // t0=f^-u
+ FP12_usqr(&y3,&t0); // y3=t0^2
+ FP12_copy(&y0,&t0);
+ FP12_mul(&y0,&y3); // y0=t0*y3
+ FP12_copy(&y2,&y3);
+ FP12_frob(&y2,&X); // y2=y3^p
+ FP12_mul(&y2,&y3); //y2=y2*y3
+ FP12_usqr(&y2,&y2); //y2=y2^2
+ FP12_mul(&y2,&y3); // y2=y2*y3
+
+ FP12_pow(&t0,&y0,x); //t0=y0^-u
+ FP12_conj(&y0,r); //y0=~r
+ FP12_copy(&y1,&t0);
+ FP12_frob(&y1,&X);
+ FP12_frob(&y1,&X); //y1=t0^p^2
+ FP12_mul(&y1,&y0); // y1=y0*y1
+ FP12_conj(&t0,&t0); // t0=~t0
+ FP12_copy(&y3,&t0);
+ FP12_frob(&y3,&X); //y3=t0^p
+ FP12_mul(&y3,&t0); // y3=t0*y3
+ FP12_usqr(&t0,&t0); // t0=t0^2
+ FP12_mul(&y1,&t0); // y1=t0*y1
+
+ FP12_pow(&t0,&y3,x); // t0=y3^-u
+ FP12_usqr(&t0,&t0); //t0=t0^2
+ FP12_conj(&t0,&t0); //t0=~t0
+ FP12_mul(&y3,&t0); // y3=t0*y3
+
+ FP12_frob(r,&X);
+ FP12_copy(&y0,r);
+ FP12_frob(r,&X);
+ FP12_mul(&y0,r);
+ FP12_frob(r,&X);
+ FP12_mul(&y0,r);
+
+ FP12_usqr(r,&y3); //r=y3^2
+ FP12_mul(r,&y2); //r=y2*r
+ FP12_copy(&y3,r);
+ FP12_mul(&y3,&y0); // y3=r*y0
+ FP12_mul(r,&y1); // r=r*y1
+ FP12_usqr(r,r); // r=r^2
+ FP12_mul(r,&y3); // r=r*y3
+ FP12_reduce(r);
+#else
+// Ghamman & Fouotsa Method
+
+ FP12_usqr(&y0,r);
+ FP12_pow(&y1,&y0,x);
+ BIG_fshr(x,1);
+ FP12_pow(&y2,&y1,x);
+ BIG_fshl(x,1); // x must be even
+ FP12_conj(&y3,r);
+ FP12_mul(&y1,&y3);
+
+ FP12_conj(&y1,&y1);
+ FP12_mul(&y1,&y2);
+
+ FP12_pow(&y2,&y1,x);
+
+ FP12_pow(&y3,&y2,x);
+ FP12_conj(&y1,&y1);
+ FP12_mul(&y3,&y1);
+
+ FP12_conj(&y1,&y1);
+ FP12_frob(&y1,&X);
+ FP12_frob(&y1,&X);
+ FP12_frob(&y1,&X);
+ FP12_frob(&y2,&X);
+ FP12_frob(&y2,&X);
+ FP12_mul(&y1,&y2);
+
+ FP12_pow(&y2,&y3,x);
+ FP12_mul(&y2,&y0);
+ FP12_mul(&y2,r);
+
+ FP12_mul(&y1,&y2);
+ FP12_copy(&y2,&y3);
+ FP12_frob(&y2,&X);
+ FP12_mul(&y1,&y2);
+ FP12_copy(r,&y1);
+ FP12_reduce(r);
+
+// Aranha et al method as described by Ghamman & Fouotsa
+ /*
+ FP12_usqr(&y0,r); // t0=f^2
+ FP12_conj(&y3,&y0); // t0=f^-2
+ FP12_pow(&t0,r,x); // t5=f^u
+ FP12_usqr(&y1,&t0); // t1=t5^2
+ FP12_mul(&y3,&t0); // t3=t0*t5
+
+ FP12_pow(&y0,&y3,x);
+
+ FP12_pow(&y2,&y0,x);
+
+ FP12_pow(&y4,&y2,x);
+
+ FP12_mul(&y4,&y1);
+ FP12_pow(&y1,&y4,x);
+ FP12_conj(&y3,&y3);
+ FP12_mul(&y1,&y3);
+ FP12_mul(&y1,r);
+
+ FP12_conj(&y3,r);
+ FP12_mul(&y0,r);
+ FP12_frob(&y0,&X); FP12_frob(&y0,&X); FP12_frob(&y0,&X);
+
+ FP12_mul(&y4,&y3);
+ FP12_frob(&y4,&X);
+
+ FP12_mul(&t0,&y2);
+ FP12_frob(&t0,&X); FP12_frob(&t0,&X);
+
+ FP12_mul(&t0,&y0);
+ FP12_mul(&t0,&y4);
+ FP12_mul(&t0,&y1);
+ FP12_copy(r,&t0);
+ FP12_reduce(r);*/
+
+//-----------------------------------
+ /*
+ FP12_copy(&y0,r); // y0=r;
+ FP12_copy(&y1,r); // y1=r;
+ FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
+ FP12_conj(&y3,&t0); FP12_mul(&y1,&y3); // y1*=inverse(t0);
+ FP12_frob(&t0,&X); FP12_frob(&t0,&X); // t0=Frobenius(t0,X,2);
+ FP12_mul(&y1,&t0); // y1*=t0;
+
+ FP12_pow(r,r,x); // r=pow(r,x);
+ FP12_conj(&y3,r); FP12_mul(&y1,&y3); // y1*=inverse(r);
+ FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
+ FP12_mul(&y0,&t0); // y0*=t0;
+ FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
+ FP12_mul(&y1,&t0); // y1*=t0;
+ FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
+ FP12_conj(&y3,&t0); FP12_mul(&y0,&y3); // y0*=inverse(t0);
+
+ FP12_pow(r,r,x); // r=pow(r,x);
+ FP12_mul(&y0,r); // y0*=r;
+ FP12_copy(&t0,r); FP12_frob(&t0,&X); FP12_frob(&t0,&X); // t0=Frobenius(r,X,2);
+ FP12_conj(&y3,&t0); FP12_mul(&y0,&y3); // y0*=inverse(t0);
+ FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
+ FP12_mul(&y1,&t0); // y1*=t0;
+
+ FP12_pow(r,r,x); // r=pow(r,x); // r^x3
+ FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
+ FP12_conj(&y3,&t0); FP12_mul(&y0,&y3); // y0*=inverse(t0);
+ FP12_frob(&t0,&X); // t0=Frobenius(t0,X,1);
+ FP12_mul(&y1,&t0); // y1*=t0;
+
+ FP12_pow(r,r,x); // r=pow(r,x); // r^x4
+ FP12_conj(&y3,r); FP12_mul(&y0,&y3); // y0*=inverse(r);
+ FP12_copy(&t0,r); FP12_frob(&t0,&X); // t0=Frobenius(r,X,1);
+ FP12_mul(&y1,&t0); //y1*=t0;
+
+ FP12_pow(r,r,x); // r=pow(r,x); // r^x5
+ FP12_mul(&y1,r); // y1*=r;
+
+ FP12_usqr(&y0,&y0); // r=y0*y0*y1;
+ FP12_mul(&y0,&y1);
+ FP12_copy(r,&y0);
+ FP12_reduce(r); */
+#endif
+}
+
+#ifdef USE_GLV
+/* GLV method */
+static void glv(BIG u[2],BIG e)
+{
+#if CHOICE<BLS_CURVES
+ int i,j;
+ BIG v[2],t,q;
+ DBIG d;
+ BIG_rcopy(q,CURVE_Order);
+ for (i=0; i<2; i++)
+ {
+ BIG_rcopy(t,CURVE_W[i]);
+//BIG_norm(t); BIG_norm(e);
+ BIG_mul(d,t,e);
+ BIG_ddiv(v[i],d,q);
+ BIG_zero(u[i]);
+ }
+ BIG_copy(u[0],e);
+ for (i=0; i<2; i++)
+ for (j=0; j<2; j++)
+ {
+ BIG_rcopy(t,CURVE_SB[j][i]);
+ BIG_modmul(t,v[j],t,q);
+ BIG_add(u[i],u[i],q);
+ BIG_sub(u[i],u[i],t);
+ BIG_mod(u[i],q);
+ }
+
+#else
+// -(x^2).P = (Beta.x,y)
+
+ BIG x,x2,q;
+ BIG_rcopy(x,CURVE_Bnx);
+ BIG_smul(x2,x,x);
+ BIG_copy(u[0],e);
+ BIG_mod(u[0],x2);
+ BIG_copy(u[1],e);
+ BIG_sdiv(u[1],x2);
+
+ BIG_rcopy(q,CURVE_Order);
+ BIG_sub(u[1],q,u[1]);
+
+#endif
+
+ return;
+}
+#endif // USE_GLV
+
+/* Galbraith & Scott Method */
+static void gs(BIG u[4],BIG e)
+{
+ int i;
+#if CHOICE<BLS_CURVES
+ int j;
+ BIG v[4],t,q;
+ DBIG d;
+ BIG_rcopy(q,CURVE_Order);
+ for (i=0; i<4; i++)
+ {
+ BIG_rcopy(t,CURVE_WB[i]);
+//BIG_norm(t); BIG_norm(e);
+ BIG_mul(d,t,e);
+ BIG_ddiv(v[i],d,q);
+ BIG_zero(u[i]);
+ }
+
+ BIG_copy(u[0],e);
+ for (i=0; i<4; i++)
+ for (j=0; j<4; j++)
+ {
+ BIG_rcopy(t,CURVE_BB[j][i]);
+ BIG_modmul(t,v[j],t,q);
+ BIG_add(u[i],u[i],q);
+ BIG_sub(u[i],u[i],t);
+ BIG_mod(u[i],q);
+ }
+
+#else
+
+ BIG x,w;
+ BIG_rcopy(x,CURVE_Bnx);
+ BIG_copy(w,e);
+
+ for (i=0; i<4; i++)
+ {
+ BIG_copy(u[i],w);
+ BIG_mod(u[i],x);
+ BIG_sdiv(w,x);
+ }
+
+#endif
+ return;
+}
+
+/* Multiply P by e in group G1 */
+void PAIR_G1mul(ECP *P,BIG e)
+{
+#ifdef USE_GLV /* Note this method is patented */
+ int np,nn;
+ ECP Q;
+ BIG cru,t,q;
+ BIG u[2];
+
+ BIG_rcopy(q,CURVE_Order);
+ glv(u,e);
+
+ ECP_affine(P);
+ ECP_copy(&Q,P);
+ BIG_rcopy(cru,CURVE_Cru);
+ FP_nres(cru);
+ FP_mul(Q.x,Q.x,cru);
+
+ /* note that -a.B = a.(-B). Use a or -a depending on which is smaller */
+
+ np=BIG_nbits(u[0]);
+ BIG_modneg(t,u[0],q);
+ nn=BIG_nbits(t);
+ if (nn<np)
+ {
+ BIG_copy(u[0],t);
+ ECP_neg(P);
+ }
+
+ np=BIG_nbits(u[1]);
+ BIG_modneg(t,u[1],q);
+ nn=BIG_nbits(t);
+ if (nn<np)
+ {
+ BIG_copy(u[1],t);
+ ECP_neg(&Q);
+ }
+
+ ECP_mul2(P,&Q,u[0],u[1]);
+
+#else
+ ECP_mul(P,e);
+#endif
+}
+
+/* Multiply P by e in group G2 */
+void PAIR_G2mul(ECP2 *P,BIG e)
+{
+#ifdef USE_GS_G2 /* Well I didn't patent it :) */
+ int i,np,nn;
+ ECP2 Q[4];
+ FP2 X;
+ BIG x,y;
+ BIG u[4];
+
+ BIG_rcopy(x,CURVE_Fra);
+ BIG_rcopy(y,CURVE_Frb);
+ FP2_from_BIGs(&X,x,y);
+
+ BIG_rcopy(y,CURVE_Order);
+ gs(u,e);
+
+
+ ECP2_affine(P);
+
+ ECP2_copy(&Q[0],P);
+ for (i=1; i<4; i++)
+ {
+ ECP2_copy(&Q[i],&Q[i-1]);
+ ECP2_frob(&Q[i],&X);
+ }
+
+ for (i=0; i<4; i++)
+ {
+ np=BIG_nbits(u[i]);
+ BIG_modneg(x,u[i],y);
+ nn=BIG_nbits(x);
+ if (nn<np)
+ {
+ BIG_copy(u[i],x);
+ ECP2_neg(&Q[i]);
+ }
+ }
+
+ ECP2_mul4(P,Q,u);
+
+#else
+ ECP2_mul(P,e);
+#endif
+}
+
+/* f=f^e */
+void PAIR_GTpow(FP12 *f,BIG e)
+{
+#ifdef USE_GS_GT /* Note that this option requires a lot of RAM! Maybe better to use compressed XTR method, see fp4.c */
+ int i,np,nn;
+ FP12 g[4];
+ FP2 X;
+ BIG t,q,x,y;
+ BIG u[4];
+
+ BIG_rcopy(x,CURVE_Fra);
+ BIG_rcopy(y,CURVE_Frb);
+ FP2_from_BIGs(&X,x,y);
+
+ BIG_rcopy(q,CURVE_Order);
+ gs(u,e);
+
+ FP12_copy(&g[0],f);
+ for (i=1; i<4; i++)
+ {
+ FP12_copy(&g[i],&g[i-1]);
+ FP12_frob(&g[i],&X);
+ }
+
+ for (i=0; i<4; i++)
+ {
+ np=BIG_nbits(u[i]);
+ BIG_modneg(t,u[i],q);
+ nn=BIG_nbits(t);
+ if (nn<np)
+ {
+ BIG_copy(u[i],t);
+ FP12_conj(&g[i],&g[i]);
+ }
+ }
+ FP12_pow4(f,g,u);
+
+#else
+ FP12_pow(f,f,e);
+#endif
+}
+
+/* test group membership test - no longer needed */
+/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
+
+/*
+int PAIR_GTmember(FP12 *m)
+{
+ BIG a,b;
+ FP2 X;
+ FP12 r,w;
+ if (FP12_isunity(m)) return 0;
+ FP12_conj(&r,m);
+ FP12_mul(&r,m);
+ if (!FP12_isunity(&r)) return 0;
+
+ BIG_rcopy(a,CURVE_Fra);
+ BIG_rcopy(b,CURVE_Frb);
+ FP2_from_BIGs(&X,a,b);
+
+
+ FP12_copy(&r,m); FP12_frob(&r,&X); FP12_frob(&r,&X);
+ FP12_copy(&w,&r); FP12_frob(&w,&X); FP12_frob(&w,&X);
+ FP12_mul(&w,m);
+
+
+#ifndef GT_STRONG
+ if (!FP12_equals(&w,&r)) return 0;
+
+ BIG_rcopy(a,CURVE_Bnx);
+
+ FP12_copy(&r,m); FP12_pow(&w,&r,a); FP12_pow(&w,&w,a);
+ FP12_sqr(&r,&w); FP12_mul(&r,&w); FP12_sqr(&r,&r);
+
+ FP12_copy(&w,m); FP12_frob(&w,&X);
+ #endif
+
+ return FP12_equals(&w,&r);
+}
+
+*/
+
+
+#ifdef HAS_MAIN
+/*
+#if CHOICE==BN254_T
+
+const BIG TEST_Gx={0x18AFF11A,0xF2EF406,0xAF68220,0x171F2E27,0x6BA0959,0x124C50E0,0x450BE27,0x7003EA8,0x8A914};
+const BIG TEST_Gy={0x6E010F4,0xA71D07E,0x7ECADA8,0x8260E8E,0x1F79C328,0x17A09412,0xBFAE690,0x1C57CBD1,0x17DF54};
+
+const BIG TEST_Pxa={0x1047D566,0xD83CD71,0x10322E9D,0x991FA93,0xA282C48,0x18AEBEC8,0xCB05850,0x13B4F669,0x21794A};
+const BIG TEST_Pxb={0x1E305936,0x16885BF1,0x327060,0xE26F794,0x1547D870,0x1963E5B2,0x1BEBB96C,0x988A33C,0x1A9B47};
+const BIG TEST_Pya={0x20FF876,0x4427E67,0x18732211,0xE88E45E,0x174D1A7E,0x17D877ED,0x343AB37,0x97EB453,0xB00D5};
+const BIG TEST_Pyb={0x1D746B7B,0x732F4C2,0x122A49B0,0x16267985,0x235DF56,0x10B1E4D,0x14D8F210,0x17A05C3E,0x5ECF8};
+
+#endif
+
+#if CHOICE==BN254_T2
+
+const BIG TEST_Gx={0x15488765,0x46790D7,0xD9900A,0x1DFB43F,0x9F2D307,0xC4724E8,0x5678E51,0x15C3E3A7,0x1BEC8E};
+const BIG TEST_Gy={0x3D3273C,0x1AFA5FF,0x1880A139,0xACD34DF,0x17493067,0x10FA4103,0x1D4C9766,0x1A73F3DB,0x2D148};
+
+const BIG TEST_Pxa={0xF8DC275,0xAC27FA,0x11815151,0x152691C8,0x5CDEBF1,0x7D5A965,0x1BF70CE3,0x679A1C8,0xD62CF};
+const BIG TEST_Pxb={0x1D17D7A8,0x6B28DF4,0x174A0389,0xFE67E5F,0x1FA97A3C,0x7F5F473,0xFFB5146,0x4BC19A5,0x227010};
+const BIG TEST_Pya={0x16CC1F90,0x5284627,0x171B91AB,0x11F843B9,0x1D468755,0x67E279C,0x19FE0EF8,0x1A0CAA6B,0x1CC6CB};
+const BIG TEST_Pyb={0x1FF0CF2A,0xBC83255,0x6DD6EE8,0xB8B752F,0x13E484EC,0x1809BE81,0x1A648AA1,0x8CEF3F3,0x86EE};
+
+
+#endif
+
+#if CHOICE==BN254
+
+const BIG TEST_Gx={0x14BEC4670E4EB7,0xEA2973860F6861,0x35C14B2FC3C28F,0x4402A0B63B9473,0x2074A81D};
+const BIG TEST_Gy={0xC284846631CBEB,0x34A6E8D871B3B,0x89FB94A82B2006,0x87B20038771FC,0x6A41108};
+
+const BIG TEST_Pxa={0xE4A00F52183C77,0x554E02DF4F8354,0xB65EB5CF1C2F89,0x8B71A87BFCFC9,0x49EEDB1};
+const BIG TEST_Pxb={0xCFB8FA9AA8845D,0x8A9CC76D966697,0x185BA05BF5EC08,0x76140E87D97226,0x1FB93AB6};
+const BIG TEST_Pya={0x3644CC1EDF208A,0xA637FB3FF8E257,0x4453DA2BB9E686,0xD14AD3CDF6A1FE,0xCD04A1E};
+const BIG TEST_Pyb={0x71BD7630A43C14,0x1CAA9F14EA264E,0x3C3C2DFC765DEF,0xCF59D1A1A7D6EE,0x11FF7795};
+
+
+#endif
+*/
+int main()
+{
+ int i;
+ char byt[32];
+ csprng rng;
+ BIG xa,xb,ya,yb,w,a,b,t1,q,u[2],v[4],m,r;
+ ECP2 P,G;
+ ECP Q,R;
+ FP12 g,gp;
+ FP4 t,c,cp,cpm1,cpm2;
+ FP2 x,y,X;
+
+
+ BIG_rcopy(a,CURVE_Fra);
+ BIG_rcopy(b,CURVE_Frb);
+ FP2_from_BIGs(&X,a,b);
+
+ BIG_rcopy(xa,CURVE_Gx);
+ BIG_rcopy(ya,CURVE_Gy);
+
+ ECP_set(&Q,xa,ya);
+ if (Q.inf) printf("Failed to set - point not on curve\n");
+ else printf("G1 set success\n");
+
+ printf("Q= ");
+ ECP_output(&Q);
+ printf("\n");
+
+// BIG_rcopy(r,CURVE_Order); BIG_dec(r,7); BIG_norm(r);
+ BIG_rcopy(xa,CURVE_Pxa);
+ BIG_rcopy(xb,CURVE_Pxb);
+ BIG_rcopy(ya,CURVE_Pya);
+ BIG_rcopy(yb,CURVE_Pyb);
+
+ FP2_from_BIGs(&x,xa,xb);
+ FP2_from_BIGs(&y,ya,yb);
+
+ ECP2_set(&P,&x,&y);
+ if (P.inf) printf("Failed to set - point not on curve\n");
+ else printf("G2 set success\n");
+
+ printf("P= ");
+ ECP2_output(&P);
+ printf("\n");
+
+ for (i=0; i<1000; i++ )
+ {
+
+ PAIR_ate(&g,&P,&Q);
+ PAIR_fexp(&g);
+
+// PAIR_GTpow(&g,xa);
+
+ }
+ printf("g= ");
+ FP12_output(&g);
+ printf("\n");
+
+}
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/rand.c
----------------------------------------------------------------------
diff --git a/version22/c/rand.c b/version22/c/rand.c
new file mode 100644
index 0000000..4a2cd0a
--- /dev/null
+++ b/version22/c/rand.c
@@ -0,0 +1,172 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/*
+ * Cryptographic strong random number generator
+ *
+ * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
+ * Slow - but secure
+ *
+ * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
+ */
+/* SU=m, m is Stack Usage */
+
+#include "amcl.h"
+
+/* SU= 20 */
+static unsign32 sbrand(csprng *rng)
+{
+ /* Marsaglia & Zaman random number generator */
+ int i,k;
+ unsign32 pdiff,t;
+ rng->rndptr++;
+ if (rng->rndptr<NK) return rng->ira[rng->rndptr];
+ rng->rndptr=0;
+ for (i=0,k=NK-NJ; i<NK; i++,k++)
+ {
+ /* calculate next NK values */
+ if (k==NK) k=0;
+ t=rng->ira[k];
+ pdiff=t - rng->ira[i] - rng->borrow;
+
+ if (pdiff<t) rng->borrow=0;
+ if (pdiff>t) rng->borrow=1;
+ rng->ira[i]=pdiff;
+ }
+ return rng->ira[0];
+}
+
+/* SU= 20 */
+static void sirand(csprng* rng,unsign32 seed)
+{
+ /* initialise random number system */
+ /* modified so that a subsequent call "stirs" in another seed value */
+ /* in this way as many seed bits as desired may be used */
+ int i,in;
+ unsign32 t,m=1;
+ rng->borrow=0L;
+ rng->rndptr=0;
+ rng->ira[0]^=seed;
+ for (i=1; i<NK; i++)
+ {
+ /* fill initialisation vector */
+ in=(NV*i)%NK;
+ rng->ira[in]^=m; /* note XOR */
+ t=m;
+ m=seed-m;
+ seed=t;
+ }
+ for (i=0; i<10000; i++) sbrand(rng ); /* "warm-up" & stir the generator */
+}
+
+/* SU= 312 */
+static void fill_pool(csprng *rng)
+{
+ /* hash down output of RNG to re-fill the pool */
+ int i;
+ hash256 sh;
+ HASH256_init(&sh);
+ for (i=0; i<128; i++) HASH256_process(&sh,sbrand(rng));
+ HASH256_hash(&sh,rng->pool);
+ rng->pool_ptr=0;
+}
+
+static unsign32 pack(const uchar *b)
+{
+ /* pack bytes into a 32-bit Word */
+ return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
+}
+
+/* SU= 360 */
+/* Initialize RNG with some real entropy from some external source */
+void RAND_seed(csprng *rng,int rawlen,char *raw)
+{
+ /* initialise from at least 128 byte string of raw *
+ * random (keyboard?) input, and 32-bit time-of-day */
+ int i;
+ char digest[32];
+ uchar b[4];
+ hash256 sh;
+ rng->pool_ptr=0;
+ for (i=0; i<NK; i++) rng->ira[i]=0;
+ if (rawlen>0)
+ {
+ HASH256_init(&sh);
+ for (i=0; i<rawlen; i++)
+ HASH256_process(&sh,raw[i]);
+ HASH256_hash(&sh,digest);
+
+ /* initialise PRNG from distilled randomness */
+
+ for (i=0; i<8; i++)
+ {
+ b[0]=digest[4*i];
+ b[1]=digest[4*i+1];
+ b[2]=digest[4*i+2];
+ b[3]=digest[4*i+3];
+ // printf("%08x\n",pack(b));
+ sirand(rng,pack(b));
+ }
+ }
+ fill_pool(rng);
+}
+
+/* Terminate and clean up */
+void RAND_clean(csprng *rng)
+{
+ /* kill internal state */
+ int i;
+ rng->pool_ptr=rng->rndptr=0;
+ for (i=0; i<32; i++) rng->pool[i]=0;
+ for (i=0; i<NK; i++) rng->ira[i]=0;
+ rng->borrow=0;
+}
+
+/* get random byte */
+/* SU= 8 */
+int RAND_byte(csprng *rng)
+{
+ int r;
+ r=rng->pool[rng->pool_ptr++];
+ if (rng->pool_ptr>=32) fill_pool(rng);
+ return (r&0xff);
+}
+
+/* test main program */
+/*
+#include <stdio.h>
+#include <string.h>
+
+void main()
+{
+ int i;
+ char raw[256];
+ csprng rng;
+
+ RAND_clean(&rng);
+
+
+ for (i=0;i<256;i++) raw[i]=(char)i;
+ RAND_seed(&rng,256,raw);
+
+ for (i=0;i<1000;i++)
+ printf("%02x ",(unsigned char)RAND_byte(&rng));
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/randapi.c
----------------------------------------------------------------------
diff --git a/version22/c/randapi.c b/version22/c/randapi.c
new file mode 100644
index 0000000..9b32efb
--- /dev/null
+++ b/version22/c/randapi.c
@@ -0,0 +1,15 @@
+#include "randapi.h"
+
+/* Initialise a Cryptographically Strong Random Number Generator from
+ an octet of raw random data */
+
+void CREATE_CSPRNG(csprng *RNG,octet *RAW)
+{
+ RAND_seed(RNG,RAW->len,RAW->val);
+}
+
+void KILL_CSPRNG(csprng *RNG)
+{
+ RAND_clean(RNG);
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/randapi.h
----------------------------------------------------------------------
diff --git a/version22/c/randapi.h b/version22/c/randapi.h
new file mode 100644
index 0000000..631499d
--- /dev/null
+++ b/version22/c/randapi.h
@@ -0,0 +1,20 @@
+#ifndef RANDOM_H
+#define RANDOM_H
+
+#include "amcl.h"
+
+/** @brief Initialise a random number generator
+ *
+ @param R is a pointer to a cryptographically secure random number generator
+ @param S is an input truly random seed value
+ */
+extern void CREATE_CSPRNG(csprng *R,octet *S);
+/** @brief Kill a random number generator
+ *
+ Deletes all internal state
+ @param R is a pointer to a cryptographically secure random number generator
+ */
+extern void KILL_CSPRNG(csprng *R);
+
+#endif
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/readme.txt
----------------------------------------------------------------------
diff --git a/version22/c/readme.txt b/version22/c/readme.txt
new file mode 100644
index 0000000..278770a
--- /dev/null
+++ b/version22/c/readme.txt
@@ -0,0 +1,77 @@
+AMCL is very simple to build.
+
+The examples here are for GCC under Linux and Windows (using MINGW).
+
+First indicate your computer/compiler architecture by setting the wordlength
+in arch.h
+
+Next - decide what you want to do. Edit amcl.h - note there is only
+one area where USER CONFIGURABLE input is requested.
+
+Here choose your curve.
+
+Once this is done, build the library, and compile and link your program
+with an API file and the ROM file rom.c that contains curve constants.
+
+Three example API files are provided, mpin.c which supports our M-Pin
+(tm) protocol, ecdh.c which supports standard elliptic
+curve key exchange, digital signature and public key crypto, and rsa.c
+which supports the RSA method. The first
+can be tested using the testmpin.c driver programs, the second can
+be tested using testecdh.c, and the third can be tested using
+testrsa.c
+
+In the ROM file you must provide the curve constants. Several examples
+are provided there, and if you are willing to use one of these, simply
+select your curve of CHOICE in amcl.h
+
+Example (1), in amcl.h choose
+
+#define CHOICE BN254
+
+and
+
+#define CURVETYPE WEIERSTRASS
+
+Under windows run the batch file build_pair.bat to build the amcl.a library
+and the testmpin.exe applications.
+
+For linux execute "bash build_pair"
+
+Example (2), in amcl.h choose
+
+#define CHOICE C25519
+
+and
+
+#define CURVETYPE EDWARDS
+
+to select the Edwards curve ed25519.
+
+Under Windows run the batch file build_ec.bat to build the amcl.a library and
+the testecdh.exe application.
+
+For Linux execute "bash build_ec"
+
+
+To help generate the ROM constants for your own curve some MIRACL helper
+programs are included. The programs bngen.cpp and blsgen.cpp generate ROM
+data for a BN and BLS pairing friendly curves, and the program ecgen.cpp
+generates ROM data for regular EC curves.
+
+The MIRACL based program check.cpp helps choose the best number base for
+big number representation, given the word-length and the size of the modulus.
+
+The program bigtobig.cpp converts a big number to the AMCL
+BIG format.
+
+
+For quick jumpstart:-
+
+(Linux)
+bash build_pair
+./testmpin
+
+(Windows + MingW)
+build_pair
+testmpin
[29/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/examples-go/timempinWrap.go
----------------------------------------------------------------------
diff --git a/go/examples-go/timempinWrap.go b/go/examples-go/timempinWrap.go
deleted file mode 100644
index 520b1a9..0000000
--- a/go/examples-go/timempinWrap.go
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package main
-
-import (
- "encoding/hex"
- "flag"
- "log"
- "os"
- "runtime/pprof"
- "time"
-
- "git.apache.org/incubator-milagro-crypto.git/go/amcl-go"
-)
-
-// Number of iterations to time functions
-const nIter int = 1000
-
-var cpuprofile = flag.String("cpuprofile", "", "write cpu profile to file")
-
-func main() {
- flag.Parse()
- if *cpuprofile != "" {
- f, err := os.Create(*cpuprofile)
- if err != nil {
- log.Fatal(err)
- }
- pprof.StartCPUProfile(f)
- defer pprof.StopCPUProfile()
- }
-
- // Assign the End-User an ID
- IDstr := "testUser@miracl.com"
- ID := []byte(IDstr)
-
- // Epoch time in days
- date := 16673
-
- // Epoch time in seconds
- timeValue := 1440594584
-
- SSHex := "07f8181687f42ce22ea0dee4ba9df3f2cea67ad2d79e59adc953142556d510831bbd59e9477ac479019887020579aed16af43dc7089ae8c14262e64b5d09740109917efd0618c557fbf7efaa68fb64e8d46b3766bb184dea9bef9638f23bbbeb03aedbc6e4eb9fbd658719aab26b849638690521723c0efb9c8622df2a8efa3c"
- SS, _ := hex.DecodeString(SSHex)
- UHex := "0403e76a28df08ea591912e0ff84ebf419e21aadf8ec5aed4b0f3cd0fc1cdea14a06f05a3be4f9f2d16530c6b4934da2e3439ea287796faac079d396f8cdb9f565"
- U, _ := hex.DecodeString(UHex)
- UTHex := "041012e53c991edc9514889de50fb7d893c406dc9bf4c89d46fec9ba408cc5f596226402e7c468c823a28b9003a3944c4600a1b797f10cf01060d3729729212932"
- UT, _ := hex.DecodeString(UTHex)
- SECHex := "04051b0d3e9dfdb2a378f0ac7056fb264a900d0867e39c334950527d8c460d76132346bf8ed8a419e2eab4ad52a8b7a51d8c09cbcfa4e80bc0487965ece72ab0ce"
- SEC, _ := hex.DecodeString(SECHex)
- var MESSAGE []byte
- // MESSAGE := []byte("test sign message")
-
- t0 := time.Now()
- var rtn int
- for i := 0; i < nIter; i++ {
- rtn, _, _, _, _, _ = amcl.MPIN_SERVER_WRAP(date, timeValue, SS[:], U[:], UT[:], SEC[:], ID[:], MESSAGE[:])
- }
- t1 := time.Now()
- log.Printf("Number Iterations: %d Time: %v\n", nIter, t1.Sub(t0))
-
- if rtn != 0 {
- log.Printf("Authentication failed Error Code %d\n", rtn)
- return
- } else {
- log.Printf("Authenticated ID: %s \n", IDstr)
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/readme.txt
----------------------------------------------------------------------
diff --git a/go/readme.txt b/go/readme.txt
deleted file mode 100644
index d27f74d..0000000
--- a/go/readme.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-AMCL is very simple to build for Go.
-
-First - decide the modulus and curve type you want to use. Edit ROM.go
-where indicated. You will probably want to use one of the curves whose
-details are already in there.
-
-Three example API files are provided, MPIN.go which
-supports our M-Pin (tm) protocol, ECDH.go which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.go
-which supports the RSA method.
-
-In the ROM.go file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-For a quick jumpstart:-
-
-export GOPATH=$PWD
-
-go run ./examples-go/mpin.go
-
-or
-
-go run ./examples-go/ecdh.go
-
-or
-
-go run ./examples-go/rsa.go
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/AES.java
----------------------------------------------------------------------
diff --git a/java/AES.java b/java/AES.java
deleted file mode 100755
index 1c9d5b6..0000000
--- a/java/AES.java
+++ /dev/null
@@ -1,648 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/* AES Encryption */
-
-
-public class AES {
- int mode;
- private int[] fkey=new int[44];
- private int[] rkey=new int[44];
- public byte[] f=new byte[16];
-
-
- public static final int ECB=0;
- public static final int CBC=1;
- public static final int CFB1=2;
- public static final int CFB2=3;
- public static final int CFB4=5;
- public static final int OFB1=14;
- public static final int OFB2=15;
- public static final int OFB4=17;
- public static final int OFB8=21;
- public static final int OFB16=29;
-
- private static final byte[] InCo={(byte)0xB,(byte)0xD,(byte)0x9,(byte)0xE}; /* Inverse Coefficients */
-
- public static final int KS=16; /* Key Size in bytes */
- public static final int BS=16; /* Block Size */
-
- private static final byte[] ptab=
- {(byte)1,(byte)3,(byte)5,(byte)15,(byte)17,(byte)51,(byte)85,(byte)255,(byte)26,(byte)46,(byte)114,(byte)150,(byte)161,(byte)248,(byte)19,(byte)53,
- (byte)95,(byte)225,(byte)56,(byte)72,(byte)216,(byte)115,(byte)149,(byte)164,(byte)247,(byte)2,(byte)6,(byte)10,(byte)30,(byte)34,(byte)102,(byte)170,
- (byte)229,(byte)52,(byte)92,(byte)228,(byte)55,(byte)89,(byte)235,(byte)38,(byte)106,(byte)190,(byte)217,(byte)112,(byte)144,(byte)171,(byte)230,(byte)49,
- (byte)83,(byte)245,(byte)4,(byte)12,(byte)20,(byte)60,(byte)68,(byte)204,(byte)79,(byte)209,(byte)104,(byte)184,(byte)211,(byte)110,(byte)178,(byte)205,
- (byte)76,(byte)212,(byte)103,(byte)169,(byte)224,(byte)59,(byte)77,(byte)215,(byte)98,(byte)166,(byte)241,(byte)8,(byte)24,(byte)40,(byte)120,(byte)136,
- (byte)131,(byte)158,(byte)185,(byte)208,(byte)107,(byte)189,(byte)220,(byte)127,(byte)129,(byte)152,(byte)179,(byte)206,(byte)73,(byte)219,(byte)118,(byte)154,
- (byte)181,(byte)196,(byte)87,(byte)249,(byte)16,(byte)48,(byte)80,(byte)240,(byte)11,(byte)29,(byte)39,(byte)105,(byte)187,(byte)214,(byte)97,(byte)163,
- (byte)254,(byte)25,(byte)43,(byte)125,(byte)135,(byte)146,(byte)173,(byte)236,(byte)47,(byte)113,(byte)147,(byte)174,(byte)233,(byte)32,(byte)96,(byte)160,
- (byte)251,(byte)22,(byte)58,(byte)78,(byte)210,(byte)109,(byte)183,(byte)194,(byte)93,(byte)231,(byte)50,(byte)86,(byte)250,(byte)21,(byte)63,(byte)65,
- (byte)195,(byte)94,(byte)226,(byte)61,(byte)71,(byte)201,(byte)64,(byte)192,(byte)91,(byte)237,(byte)44,(byte)116,(byte)156,(byte)191,(byte)218,(byte)117,
- (byte)159,(byte)186,(byte)213,(byte)100,(byte)172,(byte)239,(byte)42,(byte)126,(byte)130,(byte)157,(byte)188,(byte)223,(byte)122,(byte)142,(byte)137,(byte)128,
- (byte)155,(byte)182,(byte)193,(byte)88,(byte)232,(byte)35,(byte)101,(byte)175,(byte)234,(byte)37,(byte)111,(byte)177,(byte)200,(byte)67,(byte)197,(byte)84,
- (byte)252,(byte)31,(byte)33,(byte)99,(byte)165,(byte)244,(byte)7,(byte)9,(byte)27,(byte)45,(byte)119,(byte)153,(byte)176,(byte)203,(byte)70,(byte)202,
- (byte)69,(byte)207,(byte)74,(byte)222,(byte)121,(byte)139,(byte)134,(byte)145,(byte)168,(byte)227,(byte)62,(byte)66,(byte)198,(byte)81,(byte)243,(byte)14,
- (byte)18,(byte)54,(byte)90,(byte)238,(byte)41,(byte)123,(byte)141,(byte)140,(byte)143,(byte)138,(byte)133,(byte)148,(byte)167,(byte)242,(byte)13,(byte)23,
- (byte)57,(byte)75,(byte)221,(byte)124,(byte)132,(byte)151,(byte)162,(byte)253,(byte)28,(byte)36,(byte)108,(byte)180,(byte)199,(byte)82,(byte)246,(byte)1};
-
- private static final byte[] ltab=
- {(byte)0,(byte)255,(byte)25,(byte)1,(byte)50,(byte)2,(byte)26,(byte)198,(byte)75,(byte)199,(byte)27,(byte)104,(byte)51,(byte)238,(byte)223,(byte)3,
- (byte)100,(byte)4,(byte)224,(byte)14,(byte)52,(byte)141,(byte)129,(byte)239,(byte)76,(byte)113,(byte)8,(byte)200,(byte)248,(byte)105,(byte)28,(byte)193,
- (byte)125,(byte)194,(byte)29,(byte)181,(byte)249,(byte)185,(byte)39,(byte)106,(byte)77,(byte)228,(byte)166,(byte)114,(byte)154,(byte)201,(byte)9,(byte)120,
- (byte)101,(byte)47,(byte)138,(byte)5,(byte)33,(byte)15,(byte)225,(byte)36,(byte)18,(byte)240,(byte)130,(byte)69,(byte)53,(byte)147,(byte)218,(byte)142,
- (byte)150,(byte)143,(byte)219,(byte)189,(byte)54,(byte)208,(byte)206,(byte)148,(byte)19,(byte)92,(byte)210,(byte)241,(byte)64,(byte)70,(byte)131,(byte)56,
- (byte)102,(byte)221,(byte)253,(byte)48,(byte)191,(byte)6,(byte)139,(byte)98,(byte)179,(byte)37,(byte)226,(byte)152,(byte)34,(byte)136,(byte)145,(byte)16,
- (byte)126,(byte)110,(byte)72,(byte)195,(byte)163,(byte)182,(byte)30,(byte)66,(byte)58,(byte)107,(byte)40,(byte)84,(byte)250,(byte)133,(byte)61,(byte)186,
- (byte)43,(byte)121,(byte)10,(byte)21,(byte)155,(byte)159,(byte)94,(byte)202,(byte)78,(byte)212,(byte)172,(byte)229,(byte)243,(byte)115,(byte)167,(byte)87,
- (byte)175,(byte)88,(byte)168,(byte)80,(byte)244,(byte)234,(byte)214,(byte)116,(byte)79,(byte)174,(byte)233,(byte)213,(byte)231,(byte)230,(byte)173,(byte)232,
- (byte)44,(byte)215,(byte)117,(byte)122,(byte)235,(byte)22,(byte)11,(byte)245,(byte)89,(byte)203,(byte)95,(byte)176,(byte)156,(byte)169,(byte)81,(byte)160,
- (byte)127,(byte)12,(byte)246,(byte)111,(byte)23,(byte)196,(byte)73,(byte)236,(byte)216,(byte)67,(byte)31,(byte)45,(byte)164,(byte)118,(byte)123,(byte)183,
- (byte)204,(byte)187,(byte)62,(byte)90,(byte)251,(byte)96,(byte)177,(byte)134,(byte)59,(byte)82,(byte)161,(byte)108,(byte)170,(byte)85,(byte)41,(byte)157,
- (byte)151,(byte)178,(byte)135,(byte)144,(byte)97,(byte)190,(byte)220,(byte)252,(byte)188,(byte)149,(byte)207,(byte)205,(byte)55,(byte)63,(byte)91,(byte)209,
- (byte)83,(byte)57,(byte)132,(byte)60,(byte)65,(byte)162,(byte)109,(byte)71,(byte)20,(byte)42,(byte)158,(byte)93,(byte)86,(byte)242,(byte)211,(byte)171,
- (byte)68,(byte)17,(byte)146,(byte)217,(byte)35,(byte)32,(byte)46,(byte)137,(byte)180,(byte)124,(byte)184,(byte)38,(byte)119,(byte)153,(byte)227,(byte)165,
- (byte)103,(byte)74,(byte)237,(byte)222,(byte)197,(byte)49,(byte)254,(byte)24,(byte)13,(byte)99,(byte)140,(byte)128,(byte)192,(byte)247,(byte)112,(byte)7};
-
- private static final byte[] fbsub=
- {(byte)99,(byte)124,(byte)119,(byte)123,(byte)242,(byte)107,(byte)111,(byte)197,(byte)48,(byte)1,(byte)103,(byte)43,(byte)254,(byte)215,(byte)171,(byte)118,
- (byte)202,(byte)130,(byte)201,(byte)125,(byte)250,(byte)89,(byte)71,(byte)240,(byte)173,(byte)212,(byte)162,(byte)175,(byte)156,(byte)164,(byte)114,(byte)192,
- (byte)183,(byte)253,(byte)147,(byte)38,(byte)54,(byte)63,(byte)247,(byte)204,(byte)52,(byte)165,(byte)229,(byte)241,(byte)113,(byte)216,(byte)49,(byte)21,
- (byte)4,(byte)199,(byte)35,(byte)195,(byte)24,(byte)150,(byte)5,(byte)154,(byte)7,(byte)18,(byte)128,(byte)226,(byte)235,(byte)39,(byte)178,(byte)117,
- (byte)9,(byte)131,(byte)44,(byte)26,(byte)27,(byte)110,(byte)90,(byte)160,(byte)82,(byte)59,(byte)214,(byte)179,(byte)41,(byte)227,(byte)47,(byte)132,
- (byte)83,(byte)209,(byte)0,(byte)237,(byte)32,(byte)252,(byte)177,(byte)91,(byte)106,(byte)203,(byte)190,(byte)57,(byte)74,(byte)76,(byte)88,(byte)207,
- (byte)208,(byte)239,(byte)170,(byte)251,(byte)67,(byte)77,(byte)51,(byte)133,(byte)69,(byte)249,(byte)2,(byte)127,(byte)80,(byte)60,(byte)159,(byte)168,
- (byte)81,(byte)163,(byte)64,(byte)143,(byte)146,(byte)157,(byte)56,(byte)245,(byte)188,(byte)182,(byte)218,(byte)33,(byte)16,(byte)255,(byte)243,(byte)210,
- (byte)205,(byte)12,(byte)19,(byte)236,(byte)95,(byte)151,(byte)68,(byte)23,(byte)196,(byte)167,(byte)126,(byte)61,(byte)100,(byte)93,(byte)25,(byte)115,
- (byte)96,(byte)129,(byte)79,(byte)220,(byte)34,(byte)42,(byte)144,(byte)136,(byte)70,(byte)238,(byte)184,(byte)20,(byte)222,(byte)94,(byte)11,(byte)219,
- (byte)224,(byte)50,(byte)58,(byte)10,(byte)73,(byte)6,(byte)36,(byte)92,(byte)194,(byte)211,(byte)172,(byte)98,(byte)145,(byte)149,(byte)228,(byte)121,
- (byte)231,(byte)200,(byte)55,(byte)109,(byte)141,(byte)213,(byte)78,(byte)169,(byte)108,(byte)86,(byte)244,(byte)234,(byte)101,(byte)122,(byte)174,(byte)8,
- (byte)186,(byte)120,(byte)37,(byte)46,(byte)28,(byte)166,(byte)180,(byte)198,(byte)232,(byte)221,(byte)116,(byte)31,(byte)75,(byte)189,(byte)139,(byte)138,
- (byte)112,(byte)62,(byte)181,(byte)102,(byte)72,(byte)3,(byte)246,(byte)14,(byte)97,(byte)53,(byte)87,(byte)185,(byte)134,(byte)193,(byte)29,(byte)158,
- (byte)225,(byte)248,(byte)152,(byte)17,(byte)105,(byte)217,(byte)142,(byte)148,(byte)155,(byte)30,(byte)135,(byte)233,(byte)206,(byte)85,(byte)40,(byte)223,
- (byte)140,(byte)161,(byte)137,(byte)13,(byte)191,(byte)230,(byte)66,(byte)104,(byte)65,(byte)153,(byte)45,(byte)15,(byte)176,(byte)84,(byte)187,(byte)22};
-
- private static final byte[] rbsub=
- {(byte)82,(byte)9,(byte)106,(byte)213,(byte)48,(byte)54,(byte)165,(byte)56,(byte)191,(byte)64,(byte)163,(byte)158,(byte)129,(byte)243,(byte)215,(byte)251,
- (byte)124,(byte)227,(byte)57,(byte)130,(byte)155,(byte)47,(byte)255,(byte)135,(byte)52,(byte)142,(byte)67,(byte)68,(byte)196,(byte)222,(byte)233,(byte)203,
- (byte)84,(byte)123,(byte)148,(byte)50,(byte)166,(byte)194,(byte)35,(byte)61,(byte)238,(byte)76,(byte)149,(byte)11,(byte)66,(byte)250,(byte)195,(byte)78,
- (byte)8,(byte)46,(byte)161,(byte)102,(byte)40,(byte)217,(byte)36,(byte)178,(byte)118,(byte)91,(byte)162,(byte)73,(byte)109,(byte)139,(byte)209,(byte)37,
- (byte)114,(byte)248,(byte)246,(byte)100,(byte)134,(byte)104,(byte)152,(byte)22,(byte)212,(byte)164,(byte)92,(byte)204,(byte)93,(byte)101,(byte)182,(byte)146,
- (byte)108,(byte)112,(byte)72,(byte)80,(byte)253,(byte)237,(byte)185,(byte)218,(byte)94,(byte)21,(byte)70,(byte)87,(byte)167,(byte)141,(byte)157,(byte)132,
- (byte)144,(byte)216,(byte)171,(byte)0,(byte)140,(byte)188,(byte)211,(byte)10,(byte)247,(byte)228,(byte)88,(byte)5,(byte)184,(byte)179,(byte)69,(byte)6,
- (byte)208,(byte)44,(byte)30,(byte)143,(byte)202,(byte)63,(byte)15,(byte)2,(byte)193,(byte)175,(byte)189,(byte)3,(byte)1,(byte)19,(byte)138,(byte)107,
- (byte)58,(byte)145,(byte)17,(byte)65,(byte)79,(byte)103,(byte)220,(byte)234,(byte)151,(byte)242,(byte)207,(byte)206,(byte)240,(byte)180,(byte)230,(byte)115,
- (byte)150,(byte)172,(byte)116,(byte)34,(byte)231,(byte)173,(byte)53,(byte)133,(byte)226,(byte)249,(byte)55,(byte)232,(byte)28,(byte)117,(byte)223,(byte)110,
- (byte)71,(byte)241,(byte)26,(byte)113,(byte)29,(byte)41,(byte)197,(byte)137,(byte)111,(byte)183,(byte)98,(byte)14,(byte)170,(byte)24,(byte)190,(byte)27,
- (byte)252,(byte)86,(byte)62,(byte)75,(byte)198,(byte)210,(byte)121,(byte)32,(byte)154,(byte)219,(byte)192,(byte)254,(byte)120,(byte)205,(byte)90,(byte)244,
- (byte)31,(byte)221,(byte)168,(byte)51,(byte)136,(byte)7,(byte)199,(byte)49,(byte)177,(byte)18,(byte)16,(byte)89,(byte)39,(byte)128,(byte)236,(byte)95,
- (byte)96,(byte)81,(byte)127,(byte)169,(byte)25,(byte)181,(byte)74,(byte)13,(byte)45,(byte)229,(byte)122,(byte)159,(byte)147,(byte)201,(byte)156,(byte)239,
- (byte)160,(byte)224,(byte)59,(byte)77,(byte)174,(byte)42,(byte)245,(byte)176,(byte)200,(byte)235,(byte)187,(byte)60,(byte)131,(byte)83,(byte)153,(byte)97,
- (byte)23,(byte)43,(byte)4,(byte)126,(byte)186,(byte)119,(byte)214,(byte)38,(byte)225,(byte)105,(byte)20,(byte)99,(byte)85,(byte)33,(byte)12,(byte)125};
-
- private static final byte[] rco=
- {(byte)1,(byte)2,(byte)4,(byte)8,(byte)16,(byte)32,(byte)64,(byte)128,(byte)27,(byte)54,(byte)108,(byte)216,(byte)171,(byte)77,(byte)154,(byte)47};
-
- private static final int[] ftable=
- {0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c};
-
- private static final int[] rtable=
- {0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0};
-
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static int ROTL8(int x)
- {
- return (((x)<<8)|((x)>>>24));
- }
-
- private static int ROTL16(int x)
- {
- return (((x)<<16)|((x)>>>16));
- }
-
- private static int ROTL24(int x)
- {
- return (((x)<<24)|((x)>>>8));
- }
-
- private static int pack(byte[] b)
- { /* pack bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
- private static byte[] unpack(int a)
- { /* unpack bytes from a word */
- byte [] b=new byte[4];
- b[0]=(byte)(a);
- b[1]=(byte)(a>>>8);
- b[2]=(byte)(a>>>16);
- b[3]=(byte)(a>>>24);
- return b;
- }
-
- private static byte bmul(byte x,byte y)
- { /* x.y= AntiLog(Log(x) + Log(y)) */
-
- int ix=((int)x)&0xff;
- int iy=((int)y)&0xff;
- int lx=((int)ltab[ix])&0xff;
- int ly=((int)ltab[iy])&0xff;
- if (x!=0 && y!=0) return ptab[(lx+ly)%255];
- else return (byte)0;
- }
-
- // if (x && y)
-
- private static int SubByte(int a)
- {
- byte [] b=unpack(a);
- b[0]=fbsub[(int)b[0]&0xff];
- b[1]=fbsub[(int)b[1]&0xff];
- b[2]=fbsub[(int)b[2]&0xff];
- b[3]=fbsub[(int)b[3]&0xff];
- return pack(b);
- }
-
- private static byte product(int x,int y)
- { /* dot product of two 4-byte arrays */
- byte [] xb;//=new byte[4];
- byte [] yb;//=new byte[4];
- xb=unpack(x);
- yb=unpack(y);
-
- return (byte)(bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]));
- }
-
- private static int InvMixCol(int x)
- { /* matrix Multiplication */
- int y,m;
- byte [] b=new byte[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
- }
-
-/* reset cipher */
- public void reset(int m,byte[] iv)
- { /* reset mode, or reset iv */
- mode=m;
- for (int i=0;i<16;i++)
- f[i]=0;
- if (mode!=ECB && iv!=null)
- for (int i=0;i<16;i++)
- f[i]=iv[i];
- }
-
- public byte[] getreg()
- {
- byte [] ir=new byte[16];
- for (int i=0;i<16;i++) ir[i]=f[i];
- return ir;
- }
-
-/* Initialise cipher */
- public void init(int m,byte[] key,byte[] iv)
- { /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nk;
- int [] CipherKey=new int[4];
- byte [] b=new byte[4];
- nk=4;
- reset(m,iv);
- N=44;
-
- for (i=j=0;i<nk;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=key[j+k];
- CipherKey[i]=pack(b);
- }
- for (i=0;i<nk;i++) fkey[i]=CipherKey[i];
- for (j=nk,k=0;j<N;j+=nk,k++)
- {
- fkey[j]=fkey[j-nk]^SubByte(ROTL24(fkey[j-1]))^((int)rco[k])&0xff;
- for (i=1;i<nk && (i+j)<N;i++)
- fkey[i+j]=fkey[i+j-nk]^fkey[i+j-1];
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0;j<4;j++) rkey[j+N-4]=fkey[j];
- for (i=4;i<N-4;i+=4)
- {
- k=N-4-i;
- for (j=0;j<4;j++) rkey[k+j]=InvMixCol(fkey[i+j]);
- }
- for (j=N-4;j<N;j++) rkey[j-N+4]=fkey[j];
- }
-
-/* Encrypt a single block */
- public void ecb_encrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=fkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=fkey[k]^ftable[p[0]&0xff]^
- ROTL8(ftable[(p[1]>>>8)&0xff])^
- ROTL16(ftable[(p[2]>>>16)&0xff])^
- ROTL24(ftable[(p[3]>>>24)&0xff]);
- q[1]=fkey[k+1]^ftable[p[1]&0xff]^
- ROTL8(ftable[(p[2]>>>8)&0xff])^
- ROTL16(ftable[(p[3]>>>16)&0xff])^
- ROTL24(ftable[(p[0]>>>24)&0xff]);
- q[2]=fkey[k+2]^ftable[p[2]&0xff]^
- ROTL8(ftable[(p[3]>>>8)&0xff])^
- ROTL16(ftable[(p[0]>>>16)&0xff])^
- ROTL24(ftable[(p[1]>>>24)&0xff]);
- q[3]=fkey[k+3]^ftable[p[3]&0xff]^
- ROTL8(ftable[(p[0]>>>8)&0xff])^
- ROTL16(ftable[(p[1]>>>16)&0xff])^
- ROTL24(ftable[(p[2]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=fkey[k]^((int)fbsub[p[0]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[3]>>>24)&0xff]&0xff);
-
- q[1]=fkey[k+1]^((int)fbsub[p[1]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[0]>>>24)&0xff]&0xff);
-
- q[2]=fkey[k+2]^((int)fbsub[p[2]&0xff]&0xff)^
- ROTL8((int)fbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[1]>>>24)&0xff]&0xff);
-
- q[3]=fkey[k+3]^((int)fbsub[(p[3])&0xff]&0xff)^
- ROTL8((int)fbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)fbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)fbsub[(p[2]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
- }
-
-/* Decrypt a single block */
- public void ecb_decrypt(byte[] buff)
- {
- int i,j,k;
- int t;
- byte [] b=new byte[4];
- int [] p=new int[4];
- int [] q=new int[4];
-
- for (i=j=0;i<4;i++,j+=4)
- {
- for (k=0;k<4;k++) b[k]=buff[j+k];
- p[i]=pack(b);
- p[i]^=rkey[i];
- }
-
- k=4;
-
-/* State alternates between p and q */
- for (i=1;i<10;i++)
- {
- q[0]=rkey[k]^rtable[p[0]&0xff]^
- ROTL8(rtable[(p[3]>>>8)&0xff])^
- ROTL16(rtable[(p[2]>>>16)&0xff])^
- ROTL24(rtable[(p[1]>>>24)&0xff]);
- q[1]=rkey[k+1]^rtable[p[1]&0xff]^
- ROTL8(rtable[(p[0]>>>8)&0xff])^
- ROTL16(rtable[(p[3]>>>16)&0xff])^
- ROTL24(rtable[(p[2]>>>24)&0xff]);
- q[2]=rkey[k+2]^rtable[p[2]&0xff]^
- ROTL8(rtable[(p[1]>>>8)&0xff])^
- ROTL16(rtable[(p[0]>>>16)&0xff])^
- ROTL24(rtable[(p[3]>>>24)&0xff]);
- q[3]=rkey[k+3]^rtable[p[3]&0xff]^
- ROTL8(rtable[(p[2]>>>8)&0xff])^
- ROTL16(rtable[(p[1]>>>16)&0xff])^
- ROTL24(rtable[(p[0]>>>24)&0xff]);
-
- k+=4;
- for (j=0;j<4;j++)
- {
- t=p[j]; p[j]=q[j]; q[j]=t;
- }
- }
-
-/* Last Round */
-
- q[0]=rkey[k]^((int)rbsub[p[0]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[3]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[2]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[1]>>>24)&0xff]&0xff);
- q[1]=rkey[k+1]^((int)rbsub[p[1]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[0]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[3]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[2]>>>24)&0xff]&0xff);
- q[2]=rkey[k+2]^((int)rbsub[p[2]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[1]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[0]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[3]>>>24)&0xff]&0xff);
- q[3]=rkey[k+3]^((int)rbsub[p[3]&0xff]&0xff)^
- ROTL8((int)rbsub[(p[2]>>>8)&0xff]&0xff)^
- ROTL16((int)rbsub[(p[1]>>>16)&0xff]&0xff)^
- ROTL24((int)rbsub[(p[0]>>>24)&0xff]&0xff);
-
- for (i=j=0;i<4;i++,j+=4)
- {
- b=unpack(q[i]);
- for (k=0;k<4;k++) buff[j+k]=b[k];
- }
-
- }
-
-/* Encrypt using selected mode of operation */
- public int encrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
-// Supported Modes of Operation
-
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_encrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++) buff[j]^=f[j];
- ecb_encrypt(buff);
- for (j=0;j<16;j++) f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- buff[j]^=st[j];
- f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
- default:
- return 0;
- }
- }
-
-/* Decrypt using selected mode of operation */
- public int decrypt(byte[] buff)
- {
- int j,bytes;
- byte[] st=new byte[16];
- int fell_off;
-
- // Supported modes of operation
- fell_off=0;
- switch (mode)
- {
- case ECB:
- ecb_decrypt(buff);
- return 0;
- case CBC:
- for (j=0;j<16;j++)
- {
- st[j]=f[j];
- f[j]=buff[j];
- }
- ecb_decrypt(buff);
- for (j=0;j<16;j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|f[j];
- for (j=0;j<16;j++) st[j]=f[j];
- for (j=bytes;j<16;j++) f[j-bytes]=f[j];
- ecb_encrypt(st);
- for (j=0;j<bytes;j++)
- {
- f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=mode-OFB1+1;
- ecb_encrypt(f);
- for (j=0;j<bytes;j++) buff[j]^=f[j];
- return 0;
-
-
- default:
- return 0;
- }
- }
-
-/* Clean up and delete left-overs */
- public void end()
- { // clean up
- int i;
- for (i=0;i<44;i++)
- fkey[i]=rkey[i]=0;
- for (i=0;i<16;i++)
- f[i]=0;
- }
-
- public static void main(String[] args) {
- int i;
-
- byte[] key=new byte[16];
- byte[] block=new byte[16];
- byte[] iv=new byte[16];
-
- for (i=0;i<16;i++) key[i]=0;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=(byte)i;
- for (i=0;i<16;i++) block[i]=(byte)i;
-
- AES a=new AES();
-
- a.init(CBC,key,iv);
- System.out.println("Plain= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.encrypt(block);
-
- System.out.println("Encrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.reset(CBC,iv);
- a.decrypt(block);
-
- System.out.println("Decrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.end();
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/BIG.java
----------------------------------------------------------------------
diff --git a/java/BIG.java b/java/BIG.java
deleted file mode 100755
index 1a7c884..0000000
--- a/java/BIG.java
+++ /dev/null
@@ -1,919 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-public class BIG {
- private int[] w=new int[ROM.NLEN];
-/* Constructors */
-
- public BIG()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
- public BIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public BIG(int[] x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x[i];
- }
-
- public int get(int i)
- {
- return w[i];
- }
-
- public void set(int i,int x)
- {
- w[i]=x;
- }
-
- public void xortop(int x)
- {
- w[ROM.NLEN-1]^=x;
- }
-
- public void ortop(int x)
- {
- w[ROM.NLEN-1]|=x;
- }
-
-/* calculate Field Excess */
- public static int EXCESS(BIG a)
- {
- return ((a.w[ROM.NLEN-1]&ROM.OMASK)>>(ROM.MODBITS%ROM.BASEBITS));
- }
-
-/* test for zero */
- public boolean iszilch() {
- for (int i=0;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* set to one */
- public void one()
- {
- w[0]=1;
- for (int i=1;i<ROM.NLEN;i++)
- w[i]=0;
- }
-
-/* Test for equal to one */
- public boolean isunity()
- {
- for (int i=1;i<ROM.NLEN;i++)
- if (w[i]!=0) return false;
- if (w[0]!=1) return false;
- return true;
- }
-
-/* Copy from another BIG */
- public void copy(BIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
- public void copy(DBIG x)
- {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i];
- }
-
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- public void cswap(BIG b,int d)
- {
- int i;
- int t,c=d;
- c=~(c-1);
-
- for (i=0;i<ROM.NLEN;i++)
- {
- t=c&(w[i]^b.w[i]);
- w[i]^=t;
- b.w[i]^=t;
- }
- }
-
- public void cmove(BIG g,int d)
- {
- int i;
- int t,b=-d;
-
- for (i=0;i<ROM.NLEN;i++)
- {
- w[i]^=(w[i]^g.w[i])&b;
- }
- }
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- public int norm() {
- int d,carry=0;
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- w[ROM.NLEN-1]=(w[ROM.NLEN-1]+carry);
-
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS));
- }
-
-/* Shift right by less than a word */
- public int fshr(int k) {
- int r=w[0]&(((int)1<<k)-1); /* shifted out part */
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=(w[i]>>k)|((w[i+1]<<(ROM.BASEBITS-k))&ROM.MASK);
- w[ROM.NLEN-1]=w[ROM.NLEN-1]>>k;
- return r;
- }
-
-/* general shift right */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.NLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- w[ROM.NLEN-m-1]=w[ROM.NLEN-1]>>n;
- for (int i=ROM.NLEN-m;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* Shift right by less than a word */
- public int fshl(int k) {
- w[ROM.NLEN-1]=((w[ROM.NLEN-1]<<k))|(w[ROM.NLEN-2]>>(ROM.BASEBITS-k));
- for (int i=ROM.NLEN-2;i>0;i--)
- w[i]=((w[i]<<k)&ROM.MASK)|(w[i-1]>>(ROM.BASEBITS-k));
- w[0]=(w[0]<<k)&ROM.MASK;
-
- return (w[ROM.NLEN-1]>>((8*ROM.MODBYTES)%ROM.BASEBITS)); /* return excess - only used in FF.java */
- }
-
-/* general shift left */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.NLEN-1]=((w[ROM.NLEN-1-m]<<n))|(w[ROM.NLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.NLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.MASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return number of bits */
- public int nbits() {
- int bts,k=ROM.NLEN-1;
- int c;
- norm();
- while (k>=0 && w[k]==0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
- public String toRawString()
- {
- BIG b=new BIG(this);
- String s="(";
- for (int i=0;i<ROM.NLEN-1;i++)
- {
- s+=Integer.toHexString(b.w[i]); s+=",";
- }
- s+=Integer.toHexString(b.w[ROM.NLEN-1]); s+=")";
- return s;
- }
-
-/* Convert to Hex String */
- public String toString() {
- BIG b;
- String s="";
- int len=nbits();
-
- if (len%4==0) len/=4;
- else {len/=4; len++;}
- if (len<ROM.MODBYTES*2) len=ROM.MODBYTES*2;
-
- for (int i=len-1;i>=0;i--)
- {
- b=new BIG(this);
- b.shr(i*4);
- s+=Integer.toHexString(b.w[0]&15);
- }
- return s;
- }
-
-/* return this+x */
- public BIG plus(BIG x) {
- BIG s=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-
-/* this+=x */
- public void add(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this+=x, where x is int */
- public void inc(int x) {
- norm();
- w[0]+=x;
- }
-
-/* return this.x */
- public BIG minus(BIG x) {
- BIG d=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-
-/* this-=x */
- public void sub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* reverse subtract this=x-this */
- public void rsub(BIG x) {
- for (int i=0;i<ROM.NLEN;i++)
- w[i]=x.w[i]-w[i];
- }
-
-/* this-=x where x is int */
- public void dec(int x) {
- norm();
- w[0]-=x;
- }
-
-/* this*=x, where x is small int<NEXCESS */
- public void imul(int c)
- {
- for (int i=0;i<ROM.NLEN;i++) w[i]*=c;
- }
-
-/* convert this BIG to byte array */
- public void tobytearray(byte[] b,int n)
- {
- norm();
- BIG c=new BIG(this);
-
- for (int i=ROM.MODBYTES-1;i>=0;i--)
- {
- b[i+n]=(byte)c.w[0];
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- public static BIG frombytearray(byte[] b,int n)
- {
- BIG m=new BIG(0);
-
- for (int i=0;i<ROM.MODBYTES;i++)
- {
- m.fshl(8); m.w[0]+=(int)b[i+n]&0xff;
- //m.inc((int)b[i]&0xff);
- }
- return m;
- }
-
- public void toBytes(byte[] b)
- {
- tobytearray(b,0);
- }
-
- public static BIG fromBytes(byte[] b)
- {
- return frombytearray(b,0);
- }
-
-/* set this[i]+=x*y+c, and return high part */
- public int muladd(int x,int y,int c,int i)
- {
- long prod=(long)x*y+c+w[i];
- w[i]=(int)prod&ROM.MASK;
- return (int)(prod>>ROM.BASEBITS);
- }
-
-/* this*=x, where x is >NEXCESS */
- public int pmul(int c)
- {
- int ak,carry=0;
- norm();
- for (int i=0;i<ROM.NLEN;i++)
- {
- ak=w[i];
- w[i]=0;
- carry=muladd(ak,c,carry,i);
- }
- return carry;
- }
-
-/* this*=c and catch overflow in DBIG */
- public DBIG pxmul(int c)
- {
- DBIG m=new DBIG(0);
- int carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- carry=m.muladd(w[j],c,carry,j);
- m.w[ROM.NLEN]=carry;
- return m;
- }
-
-/* divide by 3 */
- public int div3()
- {
- int ak,base,carry=0;
- norm();
- base=((int)1<<ROM.BASEBITS);
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- ak=(carry*base+w[i]);
- w[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
- }
-
-/* return a*b where result fits in a BIG */
- public static BIG smul(BIG a,BIG b)
- {
- int carry;
- BIG c=new BIG(0);
- for (int i=0;i<ROM.NLEN;i++)
- {
- carry=0;
- for (int j=0;j<ROM.NLEN;j++)
- if (i+j<ROM.NLEN) carry=c.muladd(a.w[i],b.w[j],carry,i+j);
- }
- return c;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(BIG a,BIG b)
- {
- for (int i=ROM.NLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* set x = x mod 2^m */
- public void mod2m(int m)
- {
- int i,wd,bt;
- int msk;
-
- wd=m/ROM.BASEBITS;
- bt=m%ROM.BASEBITS;
- msk=((int)1<<bt)-1;
- w[wd]&=msk;
- for (i=wd+1;i<ROM.NLEN;i++) w[i]=0;
- }
-
-/* Arazi and Qi inversion mod 256 */
- public static int invmod256(int a)
- {
- int U,t1,t2,b,c;
- t1=0;
- c=(a>>1)&1;
- t1+=c;
- t1&=1;
- t1=2-t1;
- t1<<=1;
- U=t1+1;
-
-// i=2
- b=a&3;
- t1=U*b; t1>>=2;
- c=(a>>2)&3;
- t2=(U*c)&3;
- t1+=t2;
- t1*=U; t1&=3;
- t1=4-t1;
- t1<<=2;
- U+=t1;
-
-// i=4
- b=a&15;
- t1=U*b; t1>>=4;
- c=(a>>4)&15;
- t2=(U*c)&15;
- t1+=t2;
- t1*=U; t1&=15;
- t1=16-t1;
- t1<<=4;
- U+=t1;
-
- return U;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- public void invmod2m()
- {
- int i;
- BIG U=new BIG(0);
- BIG b=new BIG(0);
- BIG c=new BIG(0);
-
- U.inc(invmod256(lastbits(8)));
-
- for (i=8;i<256;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- BIG t1=BIG.smul(U,b); t1.shr(i);
- c.copy(this); c.shr(i); c.mod2m(i);
-
- BIG t2=BIG.smul(U,c); t2.mod2m(i);
- t1.add(t2);
- b=BIG.smul(t1,U); t1.copy(b);
- t1.mod2m(i);
-
- t2.one(); t2.shl(i); t1.rsub(t2); t1.norm();
- t1.shl(i);
- U.add(t1);
- }
- this.copy(U);
- }
-
-/* reduce this mod m */
- public void mod(BIG m)
- {
- int k=0;
-
- norm();
- if (comp(this,m)<0) return;
- do
- {
- m.fshl(1);
- k++;
- } while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.fshr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- }
-
-/* divide this by m */
- public void div(BIG m)
- {
- int k=0;
- norm();
- BIG e=new BIG(1);
- BIG b=new BIG(this);
- zero();
-
- while (comp(b,m)>=0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k>0)
- {
- m.fshr(1);
- e.fshr(1);
- if (comp(b,m)>=0)
- {
- add(e);
- norm();
- b.sub(m);
- b.norm();
- }
- k--;
- }
- }
-
-/* return parity */
- public int parity()
- {
- return w[0]%2;
- }
-
-/* return n-th bit */
- public int bit(int n)
- {
- if ((w[n/ROM.BASEBITS]&((int)1<<(n%ROM.BASEBITS)))>0) return 1;
- else return 0;
- }
-
-/* return n last bits */
- public int lastbits(int n)
- {
- int msk=(1<<n)-1;
- norm();
- return ((int)w[0])&msk;
- }
-
-/* get 8*MODBYTES size random number */
- public static BIG random(RAND rng)
- {
- BIG m=new BIG(0);
- int i,b,j=0,r=0;
-
-/* generate random BIG */
- for (i=0;i<8*ROM.MODBYTES;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- m.shl(1); m.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- public static BIG randomnum(BIG q,RAND rng)
- {
- DBIG d=new DBIG(0);
- int i,b,j=0,r=0;
- for (i=0;i<2*ROM.MODBITS;i++)
- {
- if (j==0) r=rng.getByte();
- else r>>=1;
-
- b=r&1;
- d.shl(1); d.w[0]+=b;// m.inc(b);
- j++; j&=7;
- }
- BIG m=d.mod(q);
- return m;
- }
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
- public static int[] nafbits(BIG x,BIG x3,int i)
- {
- int[] n=new int[3];
- int nb=x3.bit(i)-x.bit(i);
- int j;
- n[1]=1;
- n[0]=0;
- if (nb==0) {n[0]=0; return n;}
- if (i==0) {n[0]=nb; return n;}
- if (nb>0) n[0]=1;
- else n[0]=(-1);
-
- for (j=i-1;j>0;j--)
- {
- n[1]++;
- n[0]*=2;
- nb=x3.bit(j)-x.bit(j);
- if (nb>0) n[0]+=1;
- if (nb<0) n[0]-=1;
- if (n[0]>5 || n[0]<-5) break;
- }
-
- if (n[0]%2!=0 && j!=0)
- { /* backtrack */
- if (nb>0) n[0]=(n[0]-1)/2;
- if (nb<0) n[0]=(n[0]+1)/2;
- n[1]--;
- }
- while (n[0]%2==0)
- { /* remove trailing zeros */
- n[0]/=2;
- n[2]++;
- n[1]--;
- }
- return n;
- }
-
-/* return a*b as DBIG */
- public static DBIG mul(BIG a,BIG b)
- {
- long t,co;
- DBIG c=new DBIG(0);
- a.norm();
- b.norm();
-
- t=(long)a.w[0]*b.w[0]; c.w[0]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[1]*b.w[0]+(long)a.w[0]*b.w[1]+co; c.w[1]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[2]*b.w[0]+(long)a.w[1]*b.w[1]+(long)a.w[0]*b.w[2]+co; c.w[2]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[3]*b.w[0]+(long)a.w[2]*b.w[1]+(long)a.w[1]*b.w[2]+(long)a.w[0]*b.w[3]+co; c.w[3]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[4]*b.w[0]+(long)a.w[3]*b.w[1]+(long)a.w[2]*b.w[2]+(long)a.w[1]*b.w[3]+(long)a.w[0]*b.w[4]+co; c.w[4]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[5]*b.w[0]+(long)a.w[4]*b.w[1]+(long)a.w[3]*b.w[2]+(long)a.w[2]*b.w[3]+(long)a.w[1]*b.w[4]+(long)a.w[0]*b.w[5]+co; c.w[5]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[6]*b.w[0]+(long)a.w[5]*b.w[1]+(long)a.w[4]*b.w[2]+(long)a.w[3]*b.w[3]+(long)a.w[2]*b.w[4]+(long)a.w[1]*b.w[5]+(long)a.w[0]*b.w[6]+co; c.w[6]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[7]*b.w[0]+(long)a.w[6]*b.w[1]+(long)a.w[5]*b.w[2]+(long)a.w[4]*b.w[3]+(long)a.w[3]*b.w[4]+(long)a.w[2]*b.w[5]+(long)a.w[1]*b.w[6]+(long)a.w[0]*b.w[7]+co; c.w[7]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*b.w[0]+(long)a.w[7]*b.w[1]+(long)a.w[6]*b.w[2]+(long)a.w[5]*b.w[3]+(long)a.w[4]*b.w[4]+(long)a.w[3]*b.w[5]+(long)a.w[2]*b.w[6]+(long)a.w[1]*b.w[7]+(long)a.w[0]*b.w[8]+co; c.w[8]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
-
- t=(long)a.w[8]*b.w[1]+(long)a.w[7]*b.w[2]+(long)a.w[6]*b.w[3]+(long)a.w[5]*b.w[4]+(long)a.w[4]*b.w[5]+(long)a.w[3]*b.w[6]+(long)a.w[2]*b.w[7]+(long)a.w[1]*b.w[8]+co; c.w[9]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*b.w[2]+(long)a.w[7]*b.w[3]+(long)a.w[6]*b.w[4]+(long)a.w[5]*b.w[5]+(long)a.w[4]*b.w[6]+(long)a.w[3]*b.w[7]+(long)a.w[2]*b.w[8]+co; c.w[10]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*b.w[3]+(long)a.w[7]*b.w[4]+(long)a.w[6]*b.w[5]+(long)a.w[5]*b.w[6]+(long)a.w[4]*b.w[7]+(long)a.w[3]*b.w[8]+co; c.w[11]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*b.w[4]+(long)a.w[7]*b.w[5]+(long)a.w[6]*b.w[6]+(long)a.w[5]*b.w[7]+(long)a.w[4]*b.w[8]+co; c.w[12]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*b.w[5]+(long)a.w[7]*b.w[6]+(long)a.w[6]*b.w[7]+(long)a.w[5]*b.w[8]+co; c.w[13]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*b.w[6]+(long)a.w[7]*b.w[7]+(long)a.w[6]*b.w[8]+co; c.w[14]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*b.w[7]+(long)a.w[7]*b.w[8]+co; c.w[15]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
-
- t=(long)a.w[8]*b.w[8]+co; c.w[16]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- c.w[17]=(int)co;
-
- return c;
- }
-
-
-/* return a^2 as DBIG */
- public static DBIG sqr(BIG a)
- {
- long t,co;
- DBIG c=new DBIG(0);
- a.norm();
-
- t=(long)a.w[0]*a.w[0]; c.w[0]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[1]*a.w[0]; t+=t; t+=co; c.w[1]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[2]*a.w[0]; t+=t; t+=(long)a.w[1]*a.w[1]; t+=co; c.w[2]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[3]*a.w[0]+(long)a.w[2]*a.w[1]; t+=t; t+=co; c.w[3]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[4]*a.w[0]+(long)a.w[3]*a.w[1]; t+=t; t+=(long)a.w[2]*a.w[2]; t+=co; c.w[4]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[5]*a.w[0]+(long)a.w[4]*a.w[1]+(long)a.w[3]*a.w[2]; t+=t; t+=co; c.w[5]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[6]*a.w[0]+(long)a.w[5]*a.w[1]+(long)a.w[4]*a.w[2]; t+=t; t+=(long)a.w[3]*a.w[3]; t+=co; c.w[6]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[7]*a.w[0]+(long)a.w[6]*a.w[1]+(long)a.w[5]*a.w[2]+(long)a.w[4]*a.w[3]; t+=t; t+=co; c.w[7]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[0]+(long)a.w[7]*a.w[1]+(long)a.w[6]*a.w[2]+(long)a.w[5]*a.w[3]; t+=t; t+=(long)a.w[4]*a.w[4]; t+=co; c.w[8]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[1]+(long)a.w[7]*a.w[2]+(long)a.w[6]*a.w[3]+(long)a.w[5]*a.w[4]; t+=t; t+=co; c.w[9]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[2]+(long)a.w[7]*a.w[3]+(long)a.w[6]*a.w[4]; t+=t; t+=(long)a.w[5]*a.w[5]; t+=co; c.w[10]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[3]+(long)a.w[7]*a.w[4]+(long)a.w[6]*a.w[5]; t+=t; t+=co; c.w[11]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[4]+(long)a.w[7]*a.w[5]; t+=t; t+=(long)a.w[6]*a.w[6]; t+=co; c.w[12]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[5]+(long)a.w[7]*a.w[6]; t+=t; t+=co; c.w[13]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[6]; t+=t; t+=(long)a.w[7]*a.w[7]; t+=co; c.w[14]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[7]; t+=t; t+=co; c.w[15]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- t=(long)a.w[8]*a.w[8]+co; c.w[16]=(int)t&ROM.MASK; co=t>>ROM.BASEBITS;
- c.w[17]=(int)co;
-
- return c;
- }
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
- public static BIG mod(DBIG d)
- {
- BIG b;
- if (ROM.MODTYPE==ROM.PSEUDO_MERSENNE)
- {
- int v,tw;
- BIG t=d.split(ROM.MODBITS);
- b=new BIG(d);
-
- v=t.pmul(ROM.MConst);
- tw=t.w[ROM.NLEN-1];
- t.w[ROM.NLEN-1]&=ROM.TMASK;
- t.inc(ROM.MConst*((tw>>ROM.TBITS)+(v<<(ROM.BASEBITS-ROM.TBITS))));
-
- b.add(t);
- b.norm();
- }
- if (ROM.MODTYPE==ROM.MONTGOMERY_FRIENDLY)
- {
- for (int i=0;i<ROM.NLEN;i++)
- d.w[ROM.NLEN+i]+=d.muladd(d.w[i],ROM.MConst-1,d.w[i],ROM.NLEN+i-1);
-
- b=new BIG(0);
-
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- }
-
- if (ROM.MODTYPE==ROM.NOT_SPECIAL)
- {
- BIG md=new BIG(ROM.Modulus);
- long sum;
- int sp;
- sum=d.w[0];
- for (int j=0;j<ROM.NLEN;j++)
- {
- for (int i=0;i<j;i++) sum+=(long)d.w[i]*md.w[j-i];
- sp=((int)sum*ROM.MConst)&ROM.MASK;
- d.w[j]=sp; sum+=(long)sp*md.w[0];
- sum=d.w[j+1]+(sum>>ROM.BASEBITS);
- }
-
- for (int j=ROM.NLEN;j<ROM.DNLEN-2;j++)
- {
- for (int i=j-ROM.NLEN+1;i<ROM.NLEN;i++) sum+=(long)d.w[i]*md.w[j-i];
- d.w[j]=(int)sum&ROM.MASK;
- sum=d.w[j+1]+(sum>>ROM.BASEBITS);
- }
-
- sum+=(long)d.w[ROM.NLEN-1]*md.w[ROM.NLEN-1];
- d.w[ROM.DNLEN-2]=(int)sum&ROM.MASK;
- sum=d.w[ROM.DNLEN-1]+(sum>>ROM.BASEBITS);
- d.w[ROM.DNLEN-1]=(int)sum&ROM.MASK;
-
- b=new BIG(0);
-
- for (int i=0;i<ROM.NLEN;i++ )
- b.w[i]=d.w[ROM.NLEN+i];
- b.norm();
- }
-
- return b;
- }
-
-/* return a*b mod m */
- public static BIG modmul(BIG a,BIG b,BIG m)
- {
- a.mod(m);
- b.mod(m);
- DBIG d=mul(a,b);
- return d.mod(m);
- }
-
-/* return a^2 mod m */
- public static BIG modsqr(BIG a,BIG m)
- {
- a.mod(m);
- DBIG d=sqr(a);
- return d.mod(m);
- }
-
-/* return -a mod m */
- public static BIG modneg(BIG a,BIG m)
- {
- a.mod(m);
- return m.minus(a);
- }
-
-/* return this^e mod m */
- public BIG powmod(BIG e,BIG m)
- {
- int bt;
- norm();
- e.norm();
- BIG a=new BIG(1);
- BIG z=new BIG(e);
- BIG s=new BIG(this);
- while (true)
- {
- bt=z.parity();
- z.fshr(1);
- if (bt==1) a=modmul(a,s,m);
- if (z.iszilch()) break;
- s=modsqr(s,m);
- }
- return a;
- }
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- public int jacobi(BIG p)
- {
- int n8,k,m=0;
- BIG t=new BIG(0);
- BIG x=new BIG(0);
- BIG n=new BIG(0);
- BIG zilch=new BIG(0);
- BIG one=new BIG(1);
- if (p.parity()==0 || comp(this,zilch)==0 || comp(p,one)<=0) return 0;
- norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (comp(n,one)>0)
- {
- if (comp(x,zilch)==0) return 0;
- n8=n.lastbits(3);
- k=0;
- while (x.parity()==0)
- {
- k++;
- x.shr(1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(x.lastbits(2)-1)/4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
- }
-
-/* this=1/this mod p. Binary method */
- public void invmodp(BIG p)
- {
- mod(p);
- BIG u=new BIG(this);
- BIG v=new BIG(p);
- BIG x1=new BIG(1);
- BIG x2=new BIG(0);
- BIG t=new BIG(0);
- BIG one=new BIG(1);
-
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr(1);
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity()==0)
- {
- v.shr(1);
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (comp(u,v)>=0)
- {
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0) copy(x1);
- else copy(x2);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/DBIG.java
----------------------------------------------------------------------
diff --git a/java/DBIG.java b/java/DBIG.java
deleted file mode 100755
index ee4c993..0000000
--- a/java/DBIG.java
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-public class DBIG {
- protected int[] w=new int[ROM.DNLEN];
-
-/* Constructors */
- public DBIG(int x)
- {
- w[0]=x;
- for (int i=1;i<ROM.DNLEN;i++)
- w[i]=0;
- }
-
- public DBIG(DBIG x)
- {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]=x.w[i];
- }
-
- public DBIG(BIG x)
- {
- for (int i=0;i<ROM.NLEN-1;i++)
- w[i]=x.get(i);
-
- w[ROM.NLEN-1]=x.get(ROM.NLEN-1)&ROM.MASK; /* top word normalized */
- w[ROM.NLEN]=x.get(ROM.NLEN-1)>>ROM.BASEBITS;
-
- for (int i=ROM.NLEN+1;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* get and set digits of this */
- public int get(int i)
- {
- return w[i];
- }
-
- public void set(int i,int x)
- {
- w[i]=x;
- }
-
-/* test this=0? */
- public boolean iszilch() {
- for (int i=0;i<ROM.DNLEN;i++)
- if (w[i]!=0) return false;
- return true;
- }
-
-/* normalise this */
- public void norm() {
- int d,carry=0;
- for (int i=0;i<ROM.DNLEN-1;i++)
- {
- d=w[i]+carry;
- w[i]=d&ROM.MASK;
- carry=d>>ROM.BASEBITS;
- }
- w[ROM.DNLEN-1]=(w[ROM.DNLEN-1]+carry);
- }
-
-/* shift this right by k bits */
- public void shr(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
- for (int i=0;i<ROM.DNLEN-m-1;i++)
- w[i]=(w[m+i]>>n)|((w[m+i+1]<<(ROM.BASEBITS-n))&ROM.MASK);
- w[ROM.DNLEN-m-1]=w[ROM.DNLEN-1]>>n;
- for (int i=ROM.DNLEN-m;i<ROM.DNLEN;i++) w[i]=0;
- }
-
-/* shift this left by k bits */
- public void shl(int k) {
- int n=k%ROM.BASEBITS;
- int m=k/ROM.BASEBITS;
-
- w[ROM.DNLEN-1]=((w[ROM.DNLEN-1-m]<<n))|(w[ROM.DNLEN-m-2]>>(ROM.BASEBITS-n));
- for (int i=ROM.DNLEN-2;i>m;i--)
- w[i]=((w[i-m]<<n)&ROM.MASK)|(w[i-m-1]>>(ROM.BASEBITS-n));
- w[m]=(w[0]<<n)&ROM.MASK;
- for (int i=0;i<m;i++) w[i]=0;
- }
-
-/* return number of bits in this */
- public int nbits() {
- int bts,k=ROM.DNLEN-1;
- int c;
- norm();
- while (w[k]==0 && k>=0) k--;
- if (k<0) return 0;
- bts=ROM.BASEBITS*k;
- c=w[k];
- while (c!=0) {c/=2; bts++;}
- return bts;
- }
-
-/* convert this to string */
- public String toString() {
- DBIG b;
- String s="";
- int len=nbits();
- if (len%4==0) len>>=2; //len/=4;
- else {len>>=2; len++;}
-
- for (int i=len-1;i>=0;i--)
- {
- b=new DBIG(this);
- b.shr(i*4);
- s+=Integer.toHexString(b.w[0]&15);
- }
- return s;
- }
-
-/* return this+x */
-/*
- public DBIG plus(DBIG x) {
- DBIG s=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-*/
-/* return this-x */
-/*
- public DBIG minus(DBIG x) {
- DBIG d=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-*/
-/* this+=x */
- public void add(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]+=x.w[i];
- }
-
-/* this-=x */
- public void sub(DBIG x) {
- for (int i=0;i<ROM.DNLEN;i++)
- w[i]-=x.w[i];
- }
-
-/* set this[i]+=x*y+c, and return high part */
- public int muladd(int x,int y,int c,int i)
- {
- long prod=(long)x*y+c+w[i];
- w[i]=(int)prod&ROM.MASK;
- return (int)(prod>>ROM.BASEBITS);
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(DBIG a,DBIG b)
- {
- for (int i=ROM.DNLEN-1;i>=0;i--)
- {
- if (a.w[i]==b.w[i]) continue;
- if (a.w[i]>b.w[i]) return 1;
- else return -1;
- }
- return 0;
- }
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- public BIG mod(BIG c)
- {
- int k=0;
- norm();
- DBIG m=new DBIG(c);
-
- if (comp(this,m)<0) return new BIG(this);
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return new BIG(this);
- }
-
-/* reduces this DBIG mod a DBIG in place */
-/* public void mod(DBIG m)
- {
- int k=0;
- if (comp(this,m)<0) return;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return;
-
- }*/
-
-/* return this/c */
- public BIG div(BIG c)
- {
- int k=0;
- DBIG m=new DBIG(c);
- BIG a=new BIG(0);
- BIG e=new BIG(1);
- norm();
-
- while (comp(this,m)>=0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k>0)
- {
- m.shr(1);
- e.shr(1);
- if (comp(this,m)>0)
- {
- a.add(e);
- a.norm();
- sub(m);
- norm();
- }
- k--;
- }
- return a;
- }
-
-/* split DBIG at position n, return higher half, keep lower half */
- public BIG split(int n)
- {
- BIG t=new BIG(0);
- int nw,m=n%ROM.BASEBITS;
- int carry=w[ROM.DNLEN-1]<<(ROM.BASEBITS-m);
-
- for (int i=ROM.DNLEN-2;i>=ROM.NLEN-1;i--)
- {
- nw=(w[i]>>m)|carry;
- carry=(w[i]<<(ROM.BASEBITS-m))&ROM.MASK;
- t.set(i-ROM.NLEN+1,nw);
- }
- w[ROM.NLEN-1]&=(((int)1<<m)-1);
- return t;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/ECDH.java
----------------------------------------------------------------------
diff --git a/java/ECDH.java b/java/ECDH.java
deleted file mode 100755
index 88c48ba..0000000
--- a/java/ECDH.java
+++ /dev/null
@@ -1,531 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve API high-level functions */
-
-public final class ECDH {
- public static final int INVALID_PUBLIC_KEY=-2;
- public static final int ERROR=-3;
- public static final int INVALID=-4;
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int EAS=AES.KS;
- public static final int EBS=AES.BS;
-
-/* Convert Integer to n-byte array */
- private static byte[] inttoBytes(int n,int len)
- {
- int i;
- byte[] b=new byte[len];
-
- for (i=0;i<len;i++) b[i]=0;
- i=len;
- while (n>0 && i>0)
- {
- i--;
- b[i]=(byte)(n&0xff);
- n/=256;
- }
- return b;
- }
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
- public static byte[] KDF1(byte[] Z,int olen)
- {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] K=new byte[olen];
-
- byte[] B;
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); if (counter>0) H.process_num(counter);
- B=H.hash();
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- }
-
- public static byte[] KDF2(byte[] Z,byte[] P,int olen)
- {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] K=new byte[olen];
-
- byte[] B=new byte[hlen];
- int counter,cthreshold,k=0;
-
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
-
- for (counter=1;counter<=cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter); H.process_array(P);
- B=H.hash();
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- return K;
- }
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
- public static byte[] PBKDF2(byte[] Pass,byte[] Salt,int rep,int olen)
- {
- int i,j,k,len,d,opt;
- d=olen/32; if (olen%32!=0) d++;
- byte[] F=new byte[EFS];
- byte[] U=new byte[EFS];
- byte[] S=new byte[Salt.length+4];
-
- byte[] K=new byte[d*EFS];
- opt=0;
-
- for (i=1;i<=d;i++)
- {
- for (j=0;j<Salt.length;j++) S[j]=Salt[j];
- byte[] N=inttoBytes(i,4);
- for (j=0;j<4;j++) S[Salt.length+j]=N[j];
-
- HMAC(S,Pass,F);
-
- for (j=0;j<EFS;j++) U[j]=F[j];
- for (j=2;j<=rep;j++)
- {
- HMAC(U,Pass,U);
- for (k=0;k<EFS;k++) F[k]^=U[k];
- }
- for (j=0;j<EFS;j++) K[opt++]=F[j];
- }
- byte[] key=new byte[olen];
- for (i=0;i<olen;i++) key[i]=K[i];
- return key;
- }
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
- public static int HMAC(byte[] M,byte[] K,byte[] tag)
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int b;
- byte[] B;
- byte[] K0=new byte[64];
- int olen=tag.length;
-
- b=K0.length;
- if (olen<4 || olen>HASH.len) return 0;
-
- for (int i=0;i<b;i++) K0[i]=0;
-
- HASH H=new HASH();
-
- if (K.length > b)
- {
- H.process_array(K); B=H.hash();
- for (int i=0;i<32;i++) K0[i]=B[i];
- }
- else
- for (int i=0;i<K.length;i++ ) K0[i]=K[i];
-
- for (int i=0;i<b;i++) K0[i]^=0x36;
- H.process_array(K0); H.process_array(M); B=H.hash();
-
- for (int i=0;i<b;i++) K0[i]^=0x6a;
- H.process_array(K0); H.process_array(B); B=H.hash();
-
- for (int i=0;i<olen;i++) tag[i]=B[i];
-
- return 1;
- }
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
- public static byte[] AES_CBC_IV0_ENCRYPT(byte[] K,byte[] M)
- { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- AES a=new AES();
- boolean fin;
- int i,j,ipt,opt;
- byte[] buff=new byte[16];
- int clen=16+(M.length/16)*16;
-
- byte[] C=new byte[clen];
- int padlen;
-
- a.init(AES.CBC,K,null);
-
- ipt=opt=0;
- fin=false;
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- if (ipt<M.length) buff[i]=M[ipt++];
- else {fin=true; break;}
- }
- if (fin) break;
- a.encrypt(buff);
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- }
-
-/* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i;j<16;j++) buff[j]=(byte)padlen;
-
- a.encrypt(buff);
-
- for (i=0;i<16;i++)
- C[opt++]=buff[i];
- a.end();
- return C;
- }
-
-/* returns plaintext if all consistent, else returns null string */
- public static byte[] AES_CBC_IV0_DECRYPT(byte[] K,byte[] C)
- { /* padding is removed */
- AES a=new AES();
- int i,ipt,opt,ch;
- byte[] buff=new byte[16];
- byte[] MM=new byte[C.length];
- boolean fin,bad;
- int padlen;
- ipt=opt=0;
-
- a.init(AES.CBC,K,null);
-
- if (C.length==0) return new byte[0];
- ch=C[ipt++];
-
- fin=false;
-
- for(;;)
- {
- for (i=0;i<16;i++)
- {
- buff[i]=(byte)ch;
- if (ipt>=C.length) {fin=true; break;}
- else ch=C[ipt++];
- }
- a.decrypt(buff);
- if (fin) break;
- for (i=0;i<16;i++)
- MM[opt++]=buff[i];
- }
-
- a.end();
- bad=false;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=true;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen;i<16;i++) if (buff[i]!=padlen) bad=true;
-
- if (!bad) for (i=0;i<16-padlen;i++)
- MM[opt++]=buff[i];
-
- if (bad) return new byte[0];
-
- byte[] M=new byte[opt];
- for (i=0;i<opt;i++) M[i]=MM[i];
-
- return M;
- }
-
-/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
- public static int KEY_PAIR_GENERATE(RAND RNG,byte[] S,byte[] W)
- {
- BIG r,gx,gy,s,wx,wy;
- ECP G,WP;
- int res=0;
- byte[] T=new byte[EFS];
-
- gx=new BIG(ROM.CURVE_Gx);
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- gy=new BIG(ROM.CURVE_Gy);
- G=new ECP(gx,gy);
- }
- else
- G=new ECP(gx);
-
- r=new BIG(ROM.CURVE_Order);
-
- if (RNG==null)
- {
- s=BIG.fromBytes(S);
- }
- else
- {
- s=BIG.randomnum(r,RNG);
-
- s.toBytes(T);
- for (int i=0;i<EGS;i++) S[i]=T[i];
- }
-
- WP=G.mul(s);
- WP.toBytes(W);
-
- return res;
- }
-
-/* validate public key. Set full=true for fuller check */
- public static int PUBLIC_KEY_VALIDATE(boolean full,byte[] W)
- {
- BIG r;
- ECP WP=ECP.fromBytes(W);
- int res=0;
-
- r=new BIG(ROM.CURVE_Order);
-
- if (WP.is_infinity()) res=INVALID_PUBLIC_KEY;
-
- if (res==0 && full)
- {
- WP=WP.mul(r);
- if (!WP.is_infinity()) res=INVALID_PUBLIC_KEY;
- }
- return res;
- }
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
- public static int ECPSVDP_DH(byte[] S,byte[] WD,byte[] Z)
- {
- BIG r,s,wx,wy,z;
- int valid;
- ECP W;
- int res=0;
- byte[] T=new byte[EFS];
-
- s=BIG.fromBytes(S);
-
- W=ECP.fromBytes(WD);
- if (W.is_infinity()) res=ERROR;
-
- if (res==0)
- {
- r=new BIG(ROM.CURVE_Order);
- s.mod(r);
-
- W=W.mul(s);
- if (W.is_infinity()) res=ERROR;
- else
- {
- W.getX().toBytes(T);
- for (int i=0;i<EFS;i++) Z[i]=T[i];
- }
- }
- return res;
- }
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
- public static int ECPSP_DSA(RAND RNG,byte[] S,byte[] F,byte[] C,byte[] D)
- {
- byte[] T=new byte[EFS];
- BIG gx,gy,r,s,f,c,d,u,vx;
- ECP G,V;
-
- HASH H=new HASH();
- H.process_array(F);
- byte[] B=H.hash();
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- s=BIG.fromBytes(S);
- f=BIG.fromBytes(B);
-
- c=new BIG(0);
- d=new BIG(0);
- V=new ECP();
-
- do {
- u=BIG.randomnum(r,RNG);
-
- V.copy(G);
- V=V.mul(u);
- vx=V.getX();
- c.copy(vx);
- c.mod(r);
- if (c.iszilch()) continue;
- u.invmodp(r);
- d.copy(BIG.modmul(s,c,r));
- d.add(f);
- d.copy(BIG.modmul(u,d,r));
- } while (d.iszilch());
-
- c.toBytes(T);
- for (int i=0;i<EFS;i++) C[i]=T[i];
- d.toBytes(T);
- for (int i=0;i<EFS;i++) D[i]=T[i];
- return 0;
- }
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
- public static int ECPVP_DSA(byte[] W,byte[] F, byte[] C,byte[] D)
- {
- BIG r,gx,gy,f,c,d,h2;
- int res=0;
- ECP G,WP,P;
- int valid;
-
- HASH H=new HASH();
- H.process_array(F);
- byte[] B=H.hash();
-
- gx=new BIG(ROM.CURVE_Gx);
- gy=new BIG(ROM.CURVE_Gy);
-
- G=new ECP(gx,gy);
- r=new BIG(ROM.CURVE_Order);
-
- c=BIG.fromBytes(C);
- d=BIG.fromBytes(D);
- f=BIG.fromBytes(B);
-
- if (c.iszilch() || BIG.comp(c,r)>=0 || d.iszilch() || BIG.comp(d,r)>=0)
- res=INVALID;
-
- if (res==0)
- {
- d.invmodp(r);
- f.copy(BIG.modmul(f,d,r));
- h2=BIG.modmul(c,d,r);
-
- WP=ECP.fromBytes(W);
- if (WP.is_infinity()) res=ERROR;
- else
- {
- P=new ECP();
- P.copy(WP);
- P=P.mul2(h2,G,f);
- if (P.is_infinity()) res=INVALID;
- else
- {
- d=P.getX();
- d.mod(r);
- if (BIG.comp(d,c)!=0) res=INVALID;
- }
- }
- }
-
- return res;
- }
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
- public static byte[] ECIES_ENCRYPT(byte[] P1,byte[] P2,RAND RNG,byte[] W,byte[] M,byte[] V,byte[] T)
- {
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] U=new byte[EGS];
-
- if (KEY_PAIR_GENERATE(RNG,U,V)!=0) return new byte[0];
- if (ECPSVDP_DH(U,W,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
-
- byte[] K=KDF2(VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] C=AES_CBC_IV0_ENCRYPT(K1,M);
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(AC,K2,T);
-
- return C;
- }
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
- public static byte[] ECIES_DECRYPT(byte[] P1,byte[] P2,byte[] V,byte[] C,byte[] T,byte[] U)
- {
-
- int i,len;
-
- byte[] Z=new byte[EFS];
- byte[] VZ=new byte[3*EFS+1];
- byte[] K1=new byte[EAS];
- byte[] K2=new byte[EAS];
- byte[] TAG=new byte[T.length];
-
- if (ECPSVDP_DH(U,V,Z)!=0) return new byte[0];
-
- for (i=0;i<2*EFS+1;i++) VZ[i]=V[i];
- for (i=0;i<EFS;i++) VZ[2*EFS+1+i]=Z[i];
-
- byte[] K=KDF2(VZ,P1,EFS);
-
- for (i=0;i<EAS;i++) {K1[i]=K[i]; K2[i]=K[EAS+i];}
-
- byte[] M=AES_CBC_IV0_DECRYPT(K1,C);
-
- if (M.length==0) return M;
-
- byte[] L2=inttoBytes(P2.length,8);
-
- byte[] AC=new byte[C.length+P2.length+8];
-
- for (i=0;i<C.length;i++) AC[i]=C[i];
- for (i=0;i<P2.length;i++) AC[C.length+i]=P2[i];
- for (i=0;i<8;i++) AC[C.length+P2.length+i]=L2[i];
-
- HMAC(AC,K2,TAG);
-
- boolean same=true;
- for (i=0;i<T.length;i++) if (T[i]!=TAG[i]) same=false;
- if (!same) return new byte[0];
-
- return M;
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java/ECP.java
----------------------------------------------------------------------
diff --git a/java/ECP.java b/java/ECP.java
deleted file mode 100755
index af7fa76..0000000
--- a/java/ECP.java
+++ /dev/null
@@ -1,920 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve Point class */
-
-public final class ECP {
- private FP x;
- private FP y;
- private FP z;
- private boolean INF;
-
-/* Constructor - set to O */
- public ECP() {
- INF=true;
- x=new FP(0);
- y=new FP(1);
- z=new FP(1);
- }
-/* test for O point-at-infinity */
- public boolean is_infinity() {
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.reduce(); y.reduce(); z.reduce();
- return (x.iszilch() && y.equals(z));
- }
- else return INF;
- }
-/* Conditional swap of P and Q dependant on d */
- private void cswap(ECP Q,int d)
- {
- x.cswap(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cswap(Q.y,d);
- z.cswap(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- bd=bd&(INF^Q.INF);
- INF^=bd;
- Q.INF^=bd;
- }
- }
-
-/* Conditional move of Q to P dependant on d */
- private void cmove(ECP Q,int d)
- {
- x.cmove(Q.x,d);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.cmove(Q.y,d);
- z.cmove(Q.z,d);
- if (ROM.CURVETYPE!=ROM.EDWARDS)
- {
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- INF^=(INF^Q.INF)&bd;
- }
- }
-
-/* return 1 if b==c, no branching */
- private static int teq(int b,int c)
- {
- int x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
- }
-
-/* Constant time select from pre-computed table */
- private void select(ECP W[],int b)
- {
- ECP MP=new ECP();
- int m=b>>31;
- int babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m&1));
- }
-
-/* Test P == Q */
- public boolean equals(ECP Q) {
- if (is_infinity() && Q.is_infinity()) return true;
- if (is_infinity() || Q.is_infinity()) return false;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP zs2=new FP(z); zs2.sqr();
- FP zo2=new FP(Q.z); zo2.sqr();
- FP zs3=new FP(zs2); zs3.mul(z);
- FP zo3=new FP(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.equals(zo3)) return false;
- }
- else
- {
- FP a=new FP(0);
- FP b=new FP(0);
- a.copy(x); a.mul(Q.z); a.reduce();
- b.copy(Q.x); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- a.copy(y); a.mul(Q.z); a.reduce();
- b.copy(Q.y); b.mul(z); b.reduce();
- if (!a.equals(b)) return false;
- }
- }
- return true;
- }
-
-/* this=P */
- public void copy(ECP P)
- {
- x.copy(P.x);
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(P.y);
- z.copy(P.z);
- INF=P.INF;
- }
-/* this=-this */
- public void neg() {
- if (is_infinity()) return;
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- y.neg(); y.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.neg(); x.norm();
- }
- return;
- }
-/* set this=O */
- public void inf() {
- INF=true;
- x.zero();
- y.one();
- z.one();
- // y=new FP(1);
- // z=new FP(1);
- }
-
-/* Calculate RHS of curve equation */
- public static FP RHS(FP x) {
- x.norm();
- FP r=new FP(x);
- r.sqr();
-
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- { // x^3+Ax+B
- FP b=new FP(new BIG(ROM.CURVE_B));
- r.mul(x);
- if (ROM.CURVE_A==-3)
- {
- FP cx=new FP(x);
- cx.imul(3);
- cx.neg(); cx.norm();
- r.add(cx);
- }
- r.add(b);
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- FP b=new FP(new BIG(ROM.CURVE_B));
-
- FP one=new FP(1);
- b.mul(r);
- b.sub(one);
- if (ROM.CURVE_A==-1) r.neg();
- r.sub(one);
-
- b.inverse();
-
- r.mul(b);
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- { // x^3+Ax^2+x
- FP x3=new FP(0);
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
- }
-
-/* set (x,y) from two BIGs */
- public ECP(BIG ix,BIG iy) {
- x=new FP(ix);
- y=new FP(iy);
- z=new FP(1);
- FP rhs=RHS(x);
-
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- if (rhs.jacobi()==1) INF=false;
- else inf();
- }
- else
- {
- FP y2=new FP(y);
- y2.sqr();
- if (y2.equals(rhs)) INF=false;
- else inf();
- }
- }
-/* set (x,y) from BIG and a bit */
- public ECP(BIG ix,int s) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- FP ny=rhs.sqrt();
- if (ny.redc().parity()!=s) ny.neg();
- y.copy(ny);
- INF=false;
- }
- else inf();
- }
-
-/* set from x - calculate y from curve equation */
- public ECP(BIG ix) {
- x=new FP(ix);
- FP rhs=RHS(x);
- y=new FP(0);
- z=new FP(1);
- if (rhs.jacobi()==1)
- {
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) y.copy(rhs.sqrt());
- INF=false;
- }
- else INF=true;
- }
-
-/* set to affine - from (x,y,z) to (x,y) */
- public void affine() {
- if (is_infinity()) return;
- FP one=new FP(1);
- if (z.equals(one)) return;
- z.inverse();
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- FP z2=new FP(z);
- z2.sqr();
- x.mul(z2); x.reduce();
- y.mul(z2);
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- x.mul(z); x.reduce();
- y.mul(z); y.reduce();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- x.mul(z); x.reduce();
- }
- z.copy(one);
- }
-/* extract x as a BIG */
- public BIG getX()
- {
- affine();
- return x.redc();
- }
-/* extract y as a BIG */
- public BIG getY()
- {
- affine();
- return y.redc();
- }
-
-/* get sign of Y */
- public int getS()
- {
- affine();
- BIG y=getY();
- return y.parity();
- }
-/* extract x as an FP */
- public FP getx()
- {
- return x;
- }
-/* extract y as an FP */
- public FP gety()
- {
- return y;
- }
-/* extract z as an FP */
- public FP getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) b[0]=0x04;
- else b[0]=0x02;
-
- affine();
- x.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+1]=t[i];
- if (ROM.CURVETYPE!=ROM.MONTGOMERY)
- {
- y.redc().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) b[i+ROM.MODBYTES+1]=t[i];
- }
- }
-/* convert from byte array to point */
- public static ECP fromBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- BIG p=new BIG(ROM.Modulus);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+1];
- BIG px=BIG.fromBytes(t);
- if (BIG.comp(px,p)>=0) return new ECP();
-
- if (b[0]==0x04)
- {
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES+1];
- BIG py=BIG.fromBytes(t);
- if (BIG.comp(py,p)>=0) return new ECP();
- return new ECP(px,py);
- }
- else return new ECP(px);
- }
-/* convert to hex string */
- public String toString() {
- if (is_infinity()) return "infinity";
- affine();
- if (ROM.CURVETYPE==ROM.MONTGOMERY) return "("+x.redc().toString()+")";
- else return "("+x.redc().toString()+","+y.redc().toString()+")";
- }
-/* this*=2 */
- public void dbl() {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF) return;
- if (y.iszilch())
- {
- inf();
- return;
- }
-
- FP w1=new FP(x);
- FP w6=new FP(z);
- FP w2=new FP(0);
- FP w3=new FP(x);
- FP w8=new FP(x);
-
- if (ROM.CURVE_A==-3)
- {
- w6.sqr();
- w1.copy(w6);
- w1.neg();
- w3.add(w1);
- w8.add(w6);
- w3.mul(w8);
- w8.copy(w3);
- w8.imul(3);
- }
- else
- {
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
- }
-
- w2.copy(y); w2.sqr();
- w3.copy(x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
- w1.norm();
-
- x.copy(w8); x.sqr();
- x.add(w1);
- x.add(w1);
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8); y.mul(w3);
- //w2.norm();
- y.sub(w2);
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP C=new FP(x);
- FP D=new FP(y);
- FP H=new FP(z);
- FP J=new FP(0);
-
- x.mul(y); x.add(x);
- C.sqr();
- D.sqr();
- if (ROM.CURVE_A==-1) C.neg();
- y.copy(C); y.add(D);
- y.norm();
- H.sqr(); H.add(H);
- z.copy(y);
- J.copy(y); J.sub(H);
- x.mul(J);
- C.sub(D);
- y.mul(C);
- z.mul(J);
-
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
- FP A=new FP(x);
- FP B=new FP(x);
- FP AA=new FP(0);
- FP BB=new FP(0);
- FP C=new FP(0);
-
- if (INF) return;
-
- A.add(z);
- AA.copy(A); AA.sqr();
- B.sub(z);
- BB.copy(B); BB.sqr();
- C.copy(AA); C.sub(BB);
- //C.norm();
-
- x.copy(AA); x.mul(BB);
-
- A.copy(C); A.imul((ROM.CURVE_A+2)/4);
-
- BB.add(A);
- z.copy(BB); z.mul(C);
- x.norm();
- z.norm();
- }
- return;
- }
-
-/* this+=Q */
- public void add(ECP Q) {
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- {
- if (INF)
- {
- copy(Q);
- return;
- }
- if (Q.INF) return;
-
- boolean aff=false;
-
- FP one=new FP(1);
- if (Q.z.equals(one)) aff=true;
-
- FP A,C;
- FP B=new FP(z);
- FP D=new FP(z);
- if (!aff)
- {
- A=new FP(Q.z);
- C=new FP(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A=new FP(x);
- C=new FP(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return;
- }
- else
- {
- INF=true;
- return;
- }
- }
-
- if (!aff) z.mul(Q.z);
- z.mul(B);
-
- FP e=new FP(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- x.copy(D); x.sqr(); x.sub(e);
-
- A.sub(x);
- y.copy(A); y.mul(D);
- C.mul(B); y.sub(C);
-
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE==ROM.EDWARDS)
- {
- FP b=new FP(new BIG(ROM.CURVE_B));
- FP A=new FP(z);
- FP B=new FP(0);
- FP C=new FP(x);
- FP D=new FP(y);
- FP E=new FP(0);
- FP F=new FP(0);
- FP G=new FP(0);
- // FP H=new FP(0);
- // FP I=new FP(0);
-
- A.mul(Q.z);
- B.copy(A); B.sqr();
- C.mul(Q.x);
- D.mul(Q.y);
-
- E.copy(C); E.mul(D); E.mul(b);
- F.copy(B); F.sub(E);
- G.copy(B); G.add(E);
- C.add(D);
-
- if (ROM.CURVE_A==1)
- {
- E.copy(D); D.sub(C);
- }
-
- B.copy(x); B.add(y);
- D.copy(Q.x); D.add(Q.y);
- B.mul(D);
- B.sub(C);
- B.mul(F);
- x.copy(A); x.mul(B);
-
- if (ROM.CURVE_A==1)
- {
- C.copy(E); C.mul(G);
- }
- if (ROM.CURVE_A==-1)
- {
- C.mul(G);
- }
- y.copy(A); y.mul(C);
- z.copy(F); z.mul(G);
- x.norm(); y.norm(); z.norm();
- }
- return;
- }
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- public void dadd(ECP Q,ECP W) {
- FP A=new FP(x);
- FP B=new FP(x);
- FP C=new FP(Q.x);
- FP D=new FP(Q.x);
- FP DA=new FP(0);
- FP CB=new FP(0);
-
- A.add(z);
- B.sub(z);
-
- C.add(Q.z);
- D.sub(Q.z);
-
- DA.copy(D); DA.mul(A);
- CB.copy(C); CB.mul(B);
-
- A.copy(DA); A.add(CB); A.sqr();
- B.copy(DA); B.sub(CB); B.sqr();
-
- x.copy(A);
- z.copy(W.x); z.mul(B);
-
- if (z.iszilch()) inf();
- else INF=false;
-
- x.norm();
- }
-/* this-=Q */
- public void sub(ECP Q) {
- Q.neg();
- add(Q);
- Q.neg();
- }
-
- public static void multiaffine(int m,ECP[] P)
- {
- int i;
- FP t1=new FP(0);
- FP t2=new FP(0);
-
- FP[] work=new FP[m];
-
- for (i=0;i<m;i++)
- work[i]=new FP(0);
-
- work[0].one();
- work[1].copy(P[0].z);
-
- for (i=2;i<m;i++)
- {
- work[i].copy(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]);
- t1.mul(P[m-1].z);
- t1.inverse();
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* constant time multiply by small integer of length bts - use ladder */
- public ECP pinmul(int e,int bts) {
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- return this.mul(new BIG(e));
- else
- {
- int nb,i,b;
- ECP P=new ECP();
- ECP R0=new ECP();
- ECP R1=new ECP(); R1.copy(this);
-
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- }
-
-/* return e.this */
-
- public ECP mul(BIG e) {
- if (e.iszilch() || is_infinity()) return new ECP();
-
- ECP P=new ECP();
- if (ROM.CURVETYPE==ROM.MONTGOMERY)
- {
-/* use Ladder */
- int nb,i,b;
- ECP D=new ECP();
- ECP R0=new ECP(); R0.copy(this);
- ECP R1=new ECP(); R1.copy(this);
- R1.dbl();
- D.copy(this); D.affine();
- nb=e.nbits();
- for (i=nb-2;i>=0;i--)
- {
- b=e.bit(i);
- P.copy(R1);
- P.dadd(R0,D);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- }
- else
- {
-// fixed size windows
- int i,b,nb,m,s,ns;
- BIG mt=new BIG();
- BIG t=new BIG();
- ECP Q=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4];
-
- affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+(t.nbits()+3)/4;
-
-// convert exponent to signed 4-bit window
- for (i=0;i<nb;i++)
- {
- w[i]=(byte)(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=(byte)t.lastbits(5);
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C); /* apply correction */
- }
- P.affine();
- return P;
- }
-
-/* Return e.this+f.Q */
-
- public ECP mul2(BIG e,ECP Q,BIG f) {
- BIG te=new BIG();
- BIG tf=new BIG();
- BIG mt=new BIG();
- ECP S=new ECP();
- ECP T=new ECP();
- ECP C=new ECP();
- ECP[] W=new ECP[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+1)/2];
- int i,s,ns,nb;
- byte a,b;
-
- affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
- W[1]=new ECP(); W[1].copy(this); W[1].sub(Q);
- W[2]=new ECP(); W[2].copy(this); W[2].add(Q);
- S.copy(Q); S.dbl();
- W[0]=new ECP(); W[0].copy(W[1]); W[0].sub(S);
- W[3]=new ECP(); W[3].copy(W[2]); W[3].add(S);
- T.copy(this); T.dbl();
- W[5]=new ECP(); W[5].copy(W[1]); W[5].add(T);
- W[6]=new ECP(); W[6].copy(W[2]); W[6].add(T);
- W[4]=new ECP(); W[4].copy(W[5]); W[4].sub(S);
- W[7]=new ECP(); W[7].copy(W[6]); W[7].add(S);
-
-// convert the table to affine
- if (ROM.CURVETYPE==ROM.WEIERSTRASS)
- multiaffine(8,W);
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s=te.parity();
- te.inc(1); te.norm(); ns=te.parity(); mt.copy(te); mt.inc(1); mt.norm();
- te.cmove(mt,s);
- T.cmove(this,ns);
- C.copy(T);
-
- s=tf.parity();
- tf.inc(1); tf.norm(); ns=tf.parity(); mt.copy(tf); mt.inc(1); mt.norm();
- tf.cmove(mt,s);
- S.cmove(Q,ns);
- C.add(S);
-
- mt.copy(te); mt.add(tf); mt.norm();
- nb=1+(mt.nbits()+1)/2;
-
-// convert exponent to signed 2-bit window
- for (i=0;i<nb;i++)
- {
- a=(byte)(te.lastbits(3)-4);
- te.dec(a); te.norm();
- te.fshr(2);
- b=(byte)(tf.lastbits(3)-4);
- tf.dec(b); tf.norm();
- tf.fshr(2);
- w[i]=(byte)(4*a+b);
- }
- w[nb]=(byte)(4*te.lastbits(3)+tf.lastbits(3));
- S.copy(W[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); /* apply correction */
- S.affine();
- return S;
- }
-
-/*
- public static void main(String[] args) {
-
- BIG Gx=new BIG(ROM.CURVE_Gx);
- BIG Gy;
- ECP P;
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) Gy=new BIG(ROM.CURVE_Gy);
- BIG r=new BIG(ROM.CURVE_Order);
-
- //r.dec(7);
-
- System.out.println("Gx= "+Gx.toString());
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) System.out.println("Gy= "+Gy.toString());
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) P=new ECP(Gx,Gy);
- else P=new ECP(Gx);
-
- System.out.println("P= "+P.toString());
-
- ECP R=P.mul(r);
- //for (int i=0;i<10000;i++)
- // R=P.mul(r);
-
- System.out.println("R= "+R.toString());
- } */
-}
-
[51/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
update code
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/commit/70e3a3a3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/tree/70e3a3a3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/diff/70e3a3a3
Branch: refs/heads/master
Commit: 70e3a3a36e5690921a5a757ee8a8f82f9d304df3
Parents: c8ca57b
Author: Brian Spector <br...@gmail.com>
Authored: Wed Nov 7 23:48:43 2018 +0000
Committer: Brian Spector <br...@gmail.com>
Committed: Wed Nov 7 23:48:43 2018 +0000
----------------------------------------------------------------------
AMCL.pdf | Bin 79801 -> 0 bytes
CMakeLists.txt | 184 --
LICENSE | 202 --
LICENSE-2.0.TXT | 202 ++
NOTICE | 5 -
NOTICE.txt | 5 +
README.md | 42 -
bigtobig.cpp | 292 ---
bngen.cpp | 511 -----
bower.json | 47 -
c/CMakeLists.txt | 291 ---
c/DLLDefines.h | 49 -
c/aes.c | 620 ------
c/amcl.h.in | 2511 -----------------------
c/amcl_.h | 2501 -----------------------
c/big.c | 1210 -----------
c/build_ec | 24 -
c/build_ec.bat | 24 -
c/build_pair | 28 -
c/build_pair.bat | 28 -
c/build_pair_ms.bat | 28 -
c/ecdh.c | 576 ------
c/ecdh.h | 204 --
c/ecp.c | 1091 ----------
c/ecp2.c | 666 ------
c/ff.c | 1050 ----------
c/fp.c | 559 -----
c/fp12.c | 688 -------
c/fp2.c | 421 ----
c/fp4.c | 636 ------
c/gcm.c | 368 ----
c/hash.c | 171 --
c/maxstack.c | 62 -
c/mpin.c | 1153 -----------
c/mpin.h | 379 ----
c/oct.c | 388 ----
c/pair.c | 652 ------
c/rand.c | 161 --
c/readme.txt | 62 -
c/rom.c | 852 --------
c/rsa.c | 304 ---
c/rsa.h | 96 -
c/testecdh.c | 175 --
c/testecm.c | 124 --
c/testmpin.c | 290 ---
c/testrsa.c | 79 -
c/tests/CMakeLists.txt | 84 -
c/tests/config.h.in | 2 -
c/tests/test_ecdh.c | 168 --
c/tests/test_ecm.c | 118 --
c/tests/test_mpin.c | 243 ---
c/tests/test_mpin_bad_pin.c | 256 ---
c/tests/test_mpin_bad_token.c | 255 ---
c/tests/test_mpin_expired_tp.c | 255 ---
c/tests/test_mpin_good.c | 259 ---
c/tests/test_mpin_random.c | 298 ---
c/tests/test_mpin_sign.c | 324 ---
c/tests/test_mpin_tp.c | 266 ---
c/tests/test_mpinfull.c | 307 ---
c/tests/test_mpinfullSingle.c | 296 ---
c/tests/test_mpinfull_random.c | 349 ----
c/tests/test_rsa.c | 82 -
c/tests/test_version.c | 35 -
c/tests/test_wcc.c | 208 --
c/tests/test_wcc_gcm.c | 105 -
c/tests/test_wcc_random.c | 469 -----
c/testwcc.c | 340 ----
c/testwcc_dta.c | 438 ----
c/testwcc_tp.c | 357 ----
c/utils.c | 97 -
c/utils.h | 30 -
c/version.c | 32 -
c/version.h | 30 -
c/wcc.c | 823 --------
c/wcc.h | 105 -
cmake_uninstall.cmake.in | 23 -
cs/AES.cs | 531 -----
cs/BIG.cs | 1145 -----------
cs/DBIG.cs | 374 ----
cs/ECDH.cs | 778 -------
cs/ECP.cs | 1216 -----------
cs/ECP2.cs | 771 -------
cs/FF.cs | 1084 ----------
cs/FP.cs | 368 ----
cs/FP12.cs | 769 -------
cs/FP2.cs | 428 ----
cs/FP4.cs | 633 ------
cs/GCM.cs | 500 -----
cs/HASH.cs | 240 ---
cs/MPIN.cs | 916 ---------
cs/PAIR.cs | 586 ------
cs/RAND.cs | 200 --
cs/ROM.cs | 434 ----
cs/RSA.cs | 443 ----
cs/RectangularArrays.cs | 29 -
cs/StringHelperClass.cs | 90 -
cs/TestECDH.cs | 210 --
cs/TestECM.cs | 141 --
cs/TestMPIN.cs | 298 ---
cs/TestRSA.cs | 72 -
cs/readme.txt | 30 -
data/icon.bmp | Bin 129738 -> 0 bytes
data/icon.ico | Bin 133982 -> 0 bytes
docs/AMCL.dox | 266 ---
docs/CMakeLists.txt | 11 -
docs/Doxyfile.in | 1796 ----------------
docs/README.txt | 16 -
docs/latex/README.txt | 3 -
docs/latex/amcl.bib | 156 --
docs/latex/amcl.tex | 416 ----
docs/latex/clint.eps | 682 -------
docs/latex/llncs.cls | 1190 -----------
docs/latex/words.eps | 469 -----
ecgen.cpp | 340 ----
go/amcl-cgo/README.txt | 9 -
go/amcl-cgo/crypto.go | 828 --------
go/amcl-cgo/crypto_test.go | 1175 -----------
go/amcl-go/AES.go | 634 ------
go/amcl-go/BIG.go | 956 ---------
go/amcl-go/DBIG.go | 260 ---
go/amcl-go/ECDH.go | 657 ------
go/amcl-go/ECP.go | 1076 ----------
go/amcl-go/ECP2.go | 672 ------
go/amcl-go/FF.go | 926 ---------
go/amcl-go/FP.go | 288 ---
go/amcl-go/FP12.go | 654 ------
go/amcl-go/FP2.go | 324 ---
go/amcl-go/FP4.go | 522 -----
go/amcl-go/GCM.go | 472 -----
go/amcl-go/HASH.go | 215 --
go/amcl-go/MPIN.go | 807 --------
go/amcl-go/MPIN_test.go | 898 --------
go/amcl-go/PAIR.go | 541 -----
go/amcl-go/RAND.go | 187 --
go/amcl-go/ROM.go | 353 ----
go/amcl-go/RSA.go | 373 ----
go/amcl-go/UTILS.go | 45 -
go/amcl-go/UTILS_test.go | 71 -
go/amcl-go/crypto.go | 222 --
go/amcl-go/crypto_test.go | 1194 -----------
go/examples-cgo/README.txt | 5 -
go/examples-cgo/mpin.go | 221 --
go/examples-cgo/mpinTwoPass.go | 227 ---
go/examples-cgo/mpinfull.go | 293 ---
go/examples-cgo/mpinfullAnon.go | 295 ---
go/examples-cgo/timempin.go | 84 -
go/examples-go/ecdh.go | 180 --
go/examples-go/generateRandom.go | 48 -
go/examples-go/mpin.go | 248 ---
go/examples-go/mpinTwoPass.go | 207 --
go/examples-go/mpinTwoPassWrap.go | 228 ---
go/examples-go/mpinfull.go | 269 ---
go/examples-go/mpinfullWrap.go | 293 ---
go/examples-go/otp.go | 48 -
go/examples-go/pbkdf2.go | 88 -
go/examples-go/rsa.go | 71 -
go/examples-go/timempin.go | 96 -
go/examples-go/timempinWrap.go | 84 -
go/readme.txt | 28 -
java/AES.java | 648 ------
java/BIG.java | 919 ---------
java/DBIG.java | 286 ---
java/ECDH.java | 531 -----
java/ECP.java | 920 ---------
java/ECP2.java | 623 ------
java/FF.java | 974 ---------
java/FP.java | 327 ---
java/FP12.java | 643 ------
java/FP2.java | 389 ----
java/FP4.java | 583 ------
java/GCM.java | 374 ----
java/HASH.java | 215 --
java/MPIN.java | 746 -------
java/PAIR.java | 539 -----
java/RAND.java | 161 --
java/ROM.java | 385 ----
java/RSA.java | 318 ---
java/TestECDH.java | 175 --
java/TestECM.java | 126 --
java/TestMPIN.java | 262 ---
java/TestRSA.java | 66 -
java/readme.txt | 32 -
java64/AES.java | 648 ------
java64/BIG.java | 902 --------
java64/DBIG.java | 307 ---
java64/ECDH.java | 528 -----
java64/ECP.java | 929 ---------
java64/ECP2.java | 626 ------
java64/FF.java | 974 ---------
java64/FP.java | 324 ---
java64/FP12.java | 640 ------
java64/FP2.java | 391 ----
java64/FP4.java | 585 ------
java64/GCM.java | 374 ----
java64/HASH.java | 215 --
java64/MPIN.java | 746 -------
java64/PAIR.java | 537 -----
java64/RAND.java | 161 --
java64/ROM.java | 381 ----
java64/RSA.java | 319 ---
java64/TestECDH.java | 175 --
java64/TestECM.java | 126 --
java64/TestMPIN.java | 263 ---
java64/TestRSA.java | 66 -
java64/readme.txt | 32 -
js/AES.js | 424 ----
js/BIG.js | 953 ---------
js/DBIG.js | 248 ---
js/ECDH.js | 537 -----
js/ECP.js | 898 --------
js/ECP2.js | 604 ------
js/FF.js | 928 ---------
js/FP.js | 329 ---
js/FP12.js | 558 -----
js/FP2.js | 321 ---
js/FP4.js | 501 -----
js/GCM.js | 304 ---
js/HASH.js | 174 --
js/MPIN.js | 800 --------
js/MPINAuth.js | 517 -----
js/PAIR.js | 506 -----
js/RAND.js | 148 --
js/ROM.js | 620 ------
js/RSA.js | 331 ---
js/TestECDH.html | 137 --
js/TestECM.html | 95 -
js/TestMPIN.html | 310 ---
js/TestRSA.html | 78 -
js/readme.txt | 28 -
js/tests/BNCX.json | 1 -
js/tests/BNCXOnePass.json | 1 -
js/tests/README.md | 25 -
js/tests/config.js | 20 -
js/tests/find_duplicates.py | 40 -
js/tests/run_test.sh | 68 -
js/tests/test_add_shares.js | 89 -
js/tests/test_onepass.js | 94 -
js/tests/test_pass1.js | 84 -
js/tests/test_pass2.js | 79 -
js/tests/test_randomX.js | 98 -
js/tests/test_sha256.js | 92 -
js/tests/test_token.js | 72 -
linux.md | 55 -
mac.md | 56 -
pythonCFFI/CMakeLists.txt | 138 --
pythonCFFI/README.md | 15 -
pythonCFFI/TestMPIN.py | 326 ---
pythonCFFI/TestMPINAnon.py | 326 ---
pythonCFFI/TestMPINAnonInstall.py | 703 -------
pythonCFFI/TestMPINInstall.py | 703 -------
pythonCFFI/TimeMPIN.py | 331 ---
pythonCFFI/TimeMPINFull.py | 444 ----
pythonCFFI/mpin.py | 572 ------
pythonCFFI/wcc.py | 478 -----
readme.txt | 41 +
swift/TestECDH.swift | 164 --
swift/TestECM.swift | 112 -
swift/TestMPIN.swift | 253 ---
swift/TestRSA.swift | 78 -
swift/aes.swift | 586 ------
swift/big.swift | 920 ---------
swift/dbig.swift | 222 --
swift/ecdh.swift | 531 -----
swift/ecp.swift | 923 ---------
swift/ecp2.swift | 614 ------
swift/ff.swift | 918 ---------
swift/fp.swift | 290 ---
swift/fp12.swift | 581 ------
swift/fp2.swift | 329 ---
swift/fp4.swift | 513 -----
swift/gcm.swift | 314 ---
swift/hash.swift | 188 --
swift/main.swift | 30 -
swift/mpin.swift | 728 -------
swift/pair.swift | 501 -----
swift/rand.swift | 131 --
swift/readme.txt | 45 -
swift/rom.swift | 296 ---
swift/rsa.swift | 323 ---
testVectors/mpin/BNCX.json | 1 -
testVectors/mpin/BNCXOnePass.json | 1 -
version22/amcl22.pdf | Bin 0 -> 419918 bytes
version22/bigtobig.cpp | 292 +++
version22/blsgen.cpp | 194 ++
version22/bngen.cpp | 251 +++
version22/c/CARSK.pem | 54 +
version22/c/aes.c | 702 +++++++
version22/c/amcl.h | 2935 +++++++++++++++++++++++++++
version22/c/arch.h | 119 ++
version22/c/benchtest_ec.c | 212 ++
version22/c/benchtest_pair.c | 257 +++
version22/c/big.c | 1525 ++++++++++++++
version22/c/build_ec | 22 +
version22/c/build_ec.bat | 22 +
version22/c/build_pair | 27 +
version22/c/build_pair.bat | 27 +
version22/c/ca.crt | 23 +
version22/c/eccert.pem | 17 +
version22/c/ecdh.c | 751 +++++++
version22/c/ecdh.h | 206 ++
version22/c/ecp.c | 1176 +++++++++++
version22/c/ecp2.c | 696 +++++++
version22/c/faster.c | 98 +
version22/c/faster.txt | 25 +
version22/c/ff.c | 1150 +++++++++++
version22/c/fp.c | 608 ++++++
version22/c/fp12.c | 727 +++++++
version22/c/fp2.c | 435 ++++
version22/c/fp4.c | 651 ++++++
version22/c/gcm.c | 411 ++++
version22/c/hash.c | 422 ++++
version22/c/maxstack.c | 62 +
version22/c/mpin.c | 1212 +++++++++++
version22/c/mpin.h | 408 ++++
version22/c/oct.c | 428 ++++
version22/c/pair.c | 828 ++++++++
version22/c/rand.c | 172 ++
version22/c/randapi.c | 15 +
version22/c/randapi.h | 20 +
version22/c/readme.txt | 77 +
version22/c/rom.c | 1206 +++++++++++
version22/c/rsa.c | 394 ++++
version22/c/rsa.h | 99 +
version22/c/testecdh.c | 207 ++
version22/c/testmpin.c | 313 +++
version22/c/testrsa.c | 104 +
version22/c/x509.c | 1079 ++++++++++
version22/c/x509.h | 113 ++
version22/check.cpp | 100 +
version22/cs/readme.txt | 36 +
version22/ecgen.cpp | 125 ++
version22/go/AES.go | 634 ++++++
version22/go/BIG.go | 850 ++++++++
version22/go/BenchtestEC.go | 154 ++
version22/go/BenchtestPAIR.go | 206 ++
version22/go/DBIG.go | 256 +++
version22/go/ECDH.go | 547 +++++
version22/go/ECP.go | 893 ++++++++
version22/go/ECP2.go | 568 ++++++
version22/go/FF.go | 905 +++++++++
version22/go/FP.go | 279 +++
version22/go/FP12.go | 551 +++++
version22/go/FP2.go | 300 +++
version22/go/FP4.go | 479 +++++
version22/go/GCM.go | 337 +++
version22/go/HASH256.go | 192 ++
version22/go/HASH384.go | 204 ++
version22/go/HASH512.go | 204 ++
version22/go/MPIN.go | 769 +++++++
version22/go/PAIR.go | 641 ++++++
version22/go/RAND.go | 153 ++
version22/go/ROM32.go | 825 ++++++++
version22/go/ROM64.go | 826 ++++++++
version22/go/RSA.go | 363 ++++
version22/go/TestECDH.go | 164 ++
version22/go/TestMPIN.go | 241 +++
version22/go/TestRSA.go | 98 +
version22/go/readme.txt | 50 +
version22/java/AES.java | 695 +++++++
version22/java/BIG32.java | 1016 ++++++++++
version22/java/BIG64.java | 1040 ++++++++++
version22/java/BenchtestEC.java | 160 ++
version22/java/BenchtestPAIR.java | 208 ++
version22/java/DBIG32.java | 308 +++
version22/java/DBIG64.java | 306 +++
version22/java/ECDH.java | 581 ++++++
version22/java/ECP.java | 917 +++++++++
version22/java/ECP2.java | 624 ++++++
version22/java/FF.java | 941 +++++++++
version22/java/FP.java | 345 ++++
version22/java/FP12.java | 641 ++++++
version22/java/FP2.java | 393 ++++
version22/java/FP4.java | 584 ++++++
version22/java/GCM.java | 374 ++++
version22/java/HASH256.java | 216 ++
version22/java/HASH384.java | 227 +++
version22/java/HASH512.java | 229 +++
version22/java/MPIN.java | 853 ++++++++
version22/java/PAIR.java | 685 +++++++
version22/java/RAND.java | 161 ++
version22/java/ROM32.java | 714 +++++++
version22/java/ROM64.java | 703 +++++++
version22/java/RSA.java | 362 ++++
version22/java/TestECDH.java | 179 ++
version22/java/TestMPIN.java | 270 +++
version22/java/TestRSA.java | 92 +
version22/java/readme.txt | 61 +
version22/java/rsa_private_key.java | 13 +
version22/java/rsa_public_key.java | 11 +
version22/js/AES.js | 634 ++++++
version22/js/BIG.js | 1037 ++++++++++
version22/js/BenchtestEC.html | 162 ++
version22/js/BenchtestPAIR.html | 226 +++
version22/js/DBIG.js | 284 +++
version22/js/ECDH.js | 585 ++++++
version22/js/ECP.js | 903 ++++++++
version22/js/ECP2.js | 604 ++++++
version22/js/FF.js | 947 +++++++++
version22/js/FP.js | 360 ++++
version22/js/FP12.js | 558 +++++
version22/js/FP2.js | 321 +++
version22/js/FP4.js | 501 +++++
version22/js/GCM.js | 305 +++
version22/js/HASH256.js | 180 ++
version22/js/HASH384.js | 238 +++
version22/js/HASH512.js | 236 +++
version22/js/MPIN.js | 933 +++++++++
version22/js/PAIR.js | 650 ++++++
version22/js/RAND.js | 148 ++
version22/js/ROM.js | 716 +++++++
version22/js/RSA.js | 392 ++++
version22/js/TestECDH.html | 143 ++
version22/js/TestMPIN.html | 330 +++
version22/js/TestRSA.html | 115 ++
version22/js/UInt64.js | 54 +
version22/js/readme.txt | 41 +
version22/rust/.gitignore | 5 +
version22/rust/Cargo.toml | 24 +
version22/rust/readme.txt | 56 +
version22/rust/src/aes.rs | 628 ++++++
version22/rust/src/big.rs | 1227 +++++++++++
version22/rust/src/dbig.rs | 249 +++
version22/rust/src/ecdh.rs | 585 ++++++
version22/rust/src/ecp.rs | 955 +++++++++
version22/rust/src/ecp2.rs | 677 ++++++
version22/rust/src/ff.rs | 944 +++++++++
version22/rust/src/fp.rs | 354 ++++
version22/rust/src/fp12.rs | 628 ++++++
version22/rust/src/fp2.rs | 366 ++++
version22/rust/src/fp4.rs | 563 +++++
version22/rust/src/gcm.rs | 356 ++++
version22/rust/src/hash256.rs | 182 ++
version22/rust/src/hash384.rs | 188 ++
version22/rust/src/hash512.rs | 189 ++
version22/rust/src/lib.rs | 36 +
version22/rust/src/mpin.rs | 768 +++++++
version22/rust/src/pair.rs | 674 ++++++
version22/rust/src/rand.rs | 147 ++
version22/rust/src/rom32.rs | 349 ++++
version22/rust/src/rom64.rs | 348 ++++
version22/rust/src/rsa.rs | 372 ++++
version22/rust/tests/benchtest_ec.rs | 185 ++
version22/rust/tests/benchtest_pair.rs | 245 +++
version22/rust/tests/test_ecdh.rs | 180 ++
version22/rust/tests/test_mpin.rs | 217 ++
version22/rust/tests/test_rsa.rs | 109 +
version22/swift/BenchtestEC.swift | 161 ++
version22/swift/BenchtestPAIR.swift | 206 ++
version22/swift/TestECDH.swift | 167 ++
version22/swift/TestMPIN.swift | 259 +++
version22/swift/TestRSA.swift | 100 +
version22/swift/aes.swift | 639 ++++++
version22/swift/big.swift | 1169 +++++++++++
version22/swift/dbig.swift | 265 +++
version22/swift/ecdh.swift | 587 ++++++
version22/swift/ecp.swift | 923 +++++++++
version22/swift/ecp2.swift | 618 ++++++
version22/swift/ff.swift | 927 +++++++++
version22/swift/fp.swift | 309 +++
version22/swift/fp12.swift | 584 ++++++
version22/swift/fp2.swift | 329 +++
version22/swift/fp4.swift | 517 +++++
version22/swift/gcm.swift | 326 +++
version22/swift/hash256.swift | 188 ++
version22/swift/hash384.swift | 198 ++
version22/swift/hash512.swift | 198 ++
version22/swift/main.swift | 13 +
version22/swift/mpin.swift | 833 ++++++++
version22/swift/pair.swift | 592 ++++++
version22/swift/rand.swift | 131 ++
version22/swift/readme.txt | 135 ++
version22/swift/rom32.swift | 645 ++++++
version22/swift/rom64.swift | 258 +++
version22/swift/rsa.swift | 400 ++++
version3/amcl3.pdf | Bin 0 -> 299401 bytes
version3/bestpair.cpp | 623 ++++++
version3/bigtobig.cpp | 292 +++
version3/c/aes.c | 704 +++++++
version3/c/amcl.h | 590 ++++++
version3/c/arch.h | 129 ++
version3/c/benchtest_all.c | 1019 ++++++++++
version3/c/big.c | 1535 ++++++++++++++
version3/c/big.h | 610 ++++++
version3/c/config16.py | 367 ++++
version3/c/config32.py | 645 ++++++
version3/c/config64.py | 639 ++++++
version3/c/config_big.h | 38 +
version3/c/config_curve.h | 44 +
version3/c/config_ff.h | 38 +
version3/c/config_field.h | 34 +
version3/c/ecdh.c | 424 ++++
version3/c/ecdh.h | 146 ++
version3/c/ecdh_support.c | 352 ++++
version3/c/ecdh_support.h | 114 ++
version3/c/ecp.c | 1468 ++++++++++++++
version3/c/ecp.h | 314 +++
version3/c/ecp2.c | 912 +++++++++
version3/c/ecp2.h | 220 ++
version3/c/ecp4.c | 1068 ++++++++++
version3/c/ecp4.h | 232 +++
version3/c/ecp8.c | 1311 ++++++++++++
version3/c/ecp8.h | 246 +++
version3/c/faster.c | 97 +
version3/c/faster.txt | 29 +
version3/c/fastest.c | 59 +
version3/c/fastest.txt | 28 +
version3/c/ff.c | 1155 +++++++++++
version3/c/ff.h | 296 +++
version3/c/fp.c | 878 ++++++++
version3/c/fp.h | 245 +++
version3/c/fp12.c | 984 +++++++++
version3/c/fp12.h | 216 ++
version3/c/fp16.c | 693 +++++++
version3/c/fp16.h | 260 +++
version3/c/fp2.c | 489 +++++
version3/c/fp2.h | 240 +++
version3/c/fp24.c | 1123 ++++++++++
version3/c/fp24.h | 196 ++
version3/c/fp4.c | 800 ++++++++
version3/c/fp4.h | 305 +++
version3/c/fp48.c | 1385 +++++++++++++
version3/c/fp48.h | 196 ++
version3/c/fp8.c | 795 ++++++++
version3/c/fp8.h | 294 +++
version3/c/gcm.c | 411 ++++
version3/c/hash.c | 607 ++++++
version3/c/mpin.c | 995 +++++++++
version3/c/mpin.h | 345 ++++
version3/c/mpin192.c | 975 +++++++++
version3/c/mpin192.h | 339 ++++
version3/c/mpin256.c | 998 +++++++++
version3/c/mpin256.h | 339 ++++
version3/c/newhope.c | 513 +++++
version3/c/newhope.h | 51 +
version3/c/oct.c | 429 ++++
version3/c/pair.c | 1027 ++++++++++
version3/c/pair.h | 103 +
version3/c/pair192.c | 752 +++++++
version3/c/pair192.h | 77 +
version3/c/pair256.c | 864 ++++++++
version3/c/pair256.h | 77 +
version3/c/pbc_support.c | 180 ++
version3/c/pbc_support.h | 96 +
version3/c/rand.c | 172 ++
version3/c/randapi.c | 15 +
version3/c/randapi.h | 46 +
version3/c/readme.txt | 75 +
version3/c/rom_curve_ANSSI.c | 33 +
version3/c/rom_curve_BLS24.c | 67 +
version3/c/rom_curve_BLS381.c | 62 +
version3/c/rom_curve_BLS383.c | 62 +
version3/c/rom_curve_BLS461.c | 59 +
version3/c/rom_curve_BLS48.c | 88 +
version3/c/rom_curve_BN254.c | 80 +
version3/c/rom_curve_BN254CX.c | 81 +
version3/c/rom_curve_BRAINPOOL.c | 36 +
version3/c/rom_curve_C25519.c | 27 +
version3/c/rom_curve_C41417.c | 35 +
version3/c/rom_curve_ED25519.c | 45 +
version3/c/rom_curve_FP256BN.c | 86 +
version3/c/rom_curve_FP512BN.c | 87 +
version3/c/rom_curve_GOLDILOCKS.c | 37 +
version3/c/rom_curve_HIFIVE.c | 37 +
version3/c/rom_curve_NIST256.c | 37 +
version3/c/rom_curve_NIST384.c | 36 +
version3/c/rom_curve_NIST521.c | 35 +
version3/c/rom_curve_NUMS256E.c | 43 +
version3/c/rom_curve_NUMS256W.c | 34 +
version3/c/rom_curve_NUMS384E.c | 34 +
version3/c/rom_curve_NUMS384W.c | 34 +
version3/c/rom_curve_NUMS512E.c | 33 +
version3/c/rom_curve_NUMS512W.c | 34 +
version3/c/rom_curve_SECP256K1.c | 39 +
version3/c/rom_field_25519.c | 33 +
version3/c/rom_field_256PME.c | 28 +
version3/c/rom_field_256PMW.c | 26 +
version3/c/rom_field_384PM.c | 25 +
version3/c/rom_field_512PM.c | 25 +
version3/c/rom_field_ANSSI.c | 25 +
version3/c/rom_field_BLS24.c | 32 +
version3/c/rom_field_BLS381.c | 30 +
version3/c/rom_field_BLS383.c | 30 +
version3/c/rom_field_BLS461.c | 31 +
version3/c/rom_field_BLS48.c | 32 +
version3/c/rom_field_BN254.c | 37 +
version3/c/rom_field_BN254CX.c | 38 +
version3/c/rom_field_BRAINPOOL.c | 25 +
version3/c/rom_field_C41417.c | 25 +
version3/c/rom_field_FP256BN.c | 36 +
version3/c/rom_field_FP512BN.c | 38 +
version3/c/rom_field_GOLDILOCKS.c | 30 +
version3/c/rom_field_HIFIVE.c | 27 +
version3/c/rom_field_NIST256.c | 27 +
version3/c/rom_field_NIST384.c | 27 +
version3/c/rom_field_NIST521.c | 25 +
version3/c/rom_field_SECP256K1.c | 28 +
version3/c/rsa.c | 162 ++
version3/c/rsa.h | 110 +
version3/c/rsa_support.c | 237 +++
version3/c/rsa_support.h | 62 +
version3/c/testall.c | 1627 +++++++++++++++
version3/c/testnhs.c | 71 +
version3/c/x509.c | 1097 ++++++++++
version3/c/x509.h | 109 +
version3/check.cpp | 108 +
version3/cpp/aes.cpp | 706 +++++++
version3/cpp/amcl.h | 585 ++++++
version3/cpp/arch.h | 98 +
version3/cpp/benchtest_all.cpp | 973 +++++++++
version3/cpp/big.cpp | 1508 ++++++++++++++
version3/cpp/big.h | 595 ++++++
version3/cpp/config16.py | 370 ++++
version3/cpp/config32.py | 641 ++++++
version3/cpp/config64.py | 641 ++++++
version3/cpp/config_big.h | 12 +
version3/cpp/config_curve.h | 47 +
version3/cpp/config_ff.h | 13 +
version3/cpp/config_field.h | 15 +
version3/cpp/ecdh.cpp | 435 ++++
version3/cpp/ecdh.h | 154 ++
version3/cpp/ecdh_support.cpp | 351 ++++
version3/cpp/ecdh_support.h | 84 +
version3/cpp/ecp.cpp | 1467 +++++++++++++
version3/cpp/ecp.h | 293 +++
version3/cpp/ecp2.cpp | 922 +++++++++
version3/cpp/ecp2.h | 203 ++
version3/cpp/ecp4.cpp | 1074 ++++++++++
version3/cpp/ecp4.h | 243 +++
version3/cpp/ecp8.cpp | 1318 ++++++++++++
version3/cpp/ecp8.h | 253 +++
version3/cpp/ff.cpp | 1181 +++++++++++
version3/cpp/ff.h | 276 +++
version3/cpp/fp.cpp | 878 ++++++++
version3/cpp/fp.h | 229 +++
version3/cpp/fp12.cpp | 1005 +++++++++
version3/cpp/fp12.h | 194 ++
version3/cpp/fp16.cpp | 697 +++++++
version3/cpp/fp16.h | 264 +++
version3/cpp/fp2.cpp | 486 +++++
version3/cpp/fp2.h | 219 ++
version3/cpp/fp24.cpp | 1126 ++++++++++
version3/cpp/fp24.h | 200 ++
version3/cpp/fp4.cpp | 808 ++++++++
version3/cpp/fp4.h | 286 +++
version3/cpp/fp48.cpp | 1389 +++++++++++++
version3/cpp/fp48.h | 199 ++
version3/cpp/fp8.cpp | 800 ++++++++
version3/cpp/fp8.h | 301 +++
version3/cpp/gcm.cpp | 413 ++++
version3/cpp/hash.cpp | 599 ++++++
version3/cpp/mpin.cpp | 1012 +++++++++
version3/cpp/mpin.h | 340 ++++
version3/cpp/mpin192.cpp | 985 +++++++++
version3/cpp/mpin192.h | 340 ++++
version3/cpp/mpin256.cpp | 1006 +++++++++
version3/cpp/mpin256.h | 340 ++++
version3/cpp/newhope.cpp | 515 +++++
version3/cpp/newhope.h | 54 +
version3/cpp/oct.cpp | 431 ++++
version3/cpp/pair.cpp | 983 +++++++++
version3/cpp/pair.h | 80 +
version3/cpp/pair192.cpp | 758 +++++++
version3/cpp/pair192.h | 80 +
version3/cpp/pair256.cpp | 878 ++++++++
version3/cpp/pair256.h | 80 +
version3/cpp/pbc_support.cpp | 179 ++
version3/cpp/pbc_support.h | 66 +
version3/cpp/rand.cpp | 174 ++
version3/cpp/randapi.cpp | 17 +
version3/cpp/randapi.h | 24 +
version3/cpp/readme.txt | 61 +
version3/cpp/rom_curve_ANSSI.cpp | 42 +
version3/cpp/rom_curve_BLS24.cpp | 78 +
version3/cpp/rom_curve_BLS381.cpp | 64 +
version3/cpp/rom_curve_BLS383.cpp | 68 +
version3/cpp/rom_curve_BLS461.cpp | 69 +
version3/cpp/rom_curve_BLS48.cpp | 95 +
version3/cpp/rom_curve_BN254.cpp | 89 +
version3/cpp/rom_curve_BN254CX.cpp | 83 +
version3/cpp/rom_curve_BRAINPOOL.cpp | 43 +
version3/cpp/rom_curve_C25519.cpp | 36 +
version3/cpp/rom_curve_C41417.cpp | 42 +
version3/cpp/rom_curve_ED25519.cpp | 54 +
version3/cpp/rom_curve_FP256BN.cpp | 86 +
version3/cpp/rom_curve_FP512BN.cpp | 88 +
version3/cpp/rom_curve_GOLDILOCKS.cpp | 43 +
version3/cpp/rom_curve_HIFIVE.cpp | 43 +
version3/cpp/rom_curve_NIST256.cpp | 44 +
version3/cpp/rom_curve_NIST384.cpp | 42 +
version3/cpp/rom_curve_NIST521.cpp | 42 +
version3/cpp/rom_curve_NUMS256E.cpp | 53 +
version3/cpp/rom_curve_NUMS256W.cpp | 44 +
version3/cpp/rom_curve_NUMS384E.cpp | 42 +
version3/cpp/rom_curve_NUMS384W.cpp | 42 +
version3/cpp/rom_curve_NUMS512E.cpp | 42 +
version3/cpp/rom_curve_NUMS512W.cpp | 42 +
version3/cpp/rom_curve_SECP256K1.cpp | 45 +
version3/cpp/rom_field_ANSSI.cpp | 34 +
version3/cpp/rom_field_BLS24.cpp | 37 +
version3/cpp/rom_field_BLS381.cpp | 39 +
version3/cpp/rom_field_BLS383.cpp | 39 +
version3/cpp/rom_field_BLS461.cpp | 40 +
version3/cpp/rom_field_BLS48.cpp | 38 +
version3/cpp/rom_field_BN254.cpp | 48 +
version3/cpp/rom_field_BN254CX.cpp | 49 +
version3/cpp/rom_field_BRAINPOOL.cpp | 34 +
version3/cpp/rom_field_C41417.cpp | 34 +
version3/cpp/rom_field_F25519.cpp | 43 +
version3/cpp/rom_field_F256PME.cpp | 41 +
version3/cpp/rom_field_F256PMW.cpp | 36 +
version3/cpp/rom_field_F384PM.cpp | 35 +
version3/cpp/rom_field_F512PM.cpp | 35 +
version3/cpp/rom_field_FP256BN.cpp | 45 +
version3/cpp/rom_field_FP512BN.cpp | 47 +
version3/cpp/rom_field_GOLDILOCKS.cpp | 38 +
version3/cpp/rom_field_HIFIVE.cpp | 35 +
version3/cpp/rom_field_NIST256.cpp | 35 +
version3/cpp/rom_field_NIST384.cpp | 35 +
version3/cpp/rom_field_NIST521.cpp | 34 +
version3/cpp/rom_field_SECP256K1.cpp | 38 +
version3/cpp/rsa.cpp | 164 ++
version3/cpp/rsa.h | 106 +
version3/cpp/rsa_support.cpp | 239 +++
version3/cpp/rsa_support.h | 49 +
version3/cpp/testall.cpp | 1643 +++++++++++++++
version3/cpp/testnhs.cpp | 73 +
version3/cpp/x509.cpp | 1097 ++++++++++
version3/cpp/x509.h | 115 ++
version3/curves.txt | 35 +
version3/go/AES.go | 634 ++++++
version3/go/ARCH32.go | 28 +
version3/go/ARCH64.go | 26 +
version3/go/BIG32.go | 961 +++++++++
version3/go/BIG64.go | 963 +++++++++
version3/go/BenchtestALL.go | 881 ++++++++
version3/go/DBIG.go | 274 +++
version3/go/ECDH.go | 565 ++++++
version3/go/ECP.go | 1038 ++++++++++
version3/go/ECP2.go | 701 +++++++
version3/go/ECP4.go | 711 +++++++
version3/go/ECP8.go | 862 ++++++++
version3/go/FF32.go | 943 +++++++++
version3/go/FF64.go | 943 +++++++++
version3/go/FP.go | 556 +++++
version3/go/FP12.go | 765 +++++++
version3/go/FP16.go | 527 +++++
version3/go/FP2.go | 333 +++
version3/go/FP24.go | 885 ++++++++
version3/go/FP4.go | 590 ++++++
version3/go/FP48.go | 998 +++++++++
version3/go/FP8.go | 606 ++++++
version3/go/GCM.go | 337 +++
version3/go/HASH256.go | 193 ++
version3/go/HASH384.go | 206 ++
version3/go/HASH512.go | 206 ++
version3/go/MPIN.go | 755 +++++++
version3/go/MPIN192.go | 760 +++++++
version3/go/MPIN256.go | 728 +++++++
version3/go/NHS.go | 539 +++++
version3/go/PAIR.go | 777 +++++++
version3/go/PAIR192.go | 574 ++++++
version3/go/PAIR256.go | 563 +++++
version3/go/RAND.go | 153 ++
version3/go/ROM_ANSSI_32.go | 36 +
version3/go/ROM_ANSSI_64.go | 36 +
version3/go/ROM_BLS24_32.go | 58 +
version3/go/ROM_BLS24_64.go | 58 +
version3/go/ROM_BLS381_32.go | 56 +
version3/go/ROM_BLS381_64.go | 58 +
version3/go/ROM_BLS383_32.go | 55 +
version3/go/ROM_BLS383_64.go | 55 +
version3/go/ROM_BLS461_32.go | 54 +
version3/go/ROM_BLS461_64.go | 54 +
version3/go/ROM_BLS48_32.go | 66 +
version3/go/ROM_BLS48_64.go | 66 +
version3/go/ROM_BN254CX_32.go | 56 +
version3/go/ROM_BN254CX_64.go | 56 +
version3/go/ROM_BN254_32.go | 56 +
version3/go/ROM_BN254_64.go | 56 +
version3/go/ROM_BRAINPOOL_32.go | 38 +
version3/go/ROM_BRAINPOOL_64.go | 38 +
version3/go/ROM_C25519_32.go | 36 +
version3/go/ROM_C25519_64.go | 36 +
version3/go/ROM_C41417_32.go | 37 +
version3/go/ROM_C41417_64.go | 36 +
version3/go/ROM_ED25519_32.go | 37 +
version3/go/ROM_ED25519_64.go | 38 +
version3/go/ROM_FP256BN_32.go | 56 +
version3/go/ROM_FP256BN_64.go | 54 +
version3/go/ROM_FP512BN_32.go | 57 +
version3/go/ROM_FP512BN_64.go | 55 +
version3/go/ROM_GOLDILOCKS_32.go | 36 +
version3/go/ROM_GOLDILOCKS_64.go | 37 +
version3/go/ROM_HIFIVE_32.go | 36 +
version3/go/ROM_HIFIVE_64.go | 36 +
version3/go/ROM_NIST256_32.go | 36 +
version3/go/ROM_NIST256_64.go | 36 +
version3/go/ROM_NIST384_32.go | 36 +
version3/go/ROM_NIST384_64.go | 36 +
version3/go/ROM_NIST521_32.go | 37 +
version3/go/ROM_NIST521_64.go | 37 +
version3/go/ROM_NUMS256E_32.go | 36 +
version3/go/ROM_NUMS256E_64.go | 36 +
version3/go/ROM_NUMS256W_32.go | 36 +
version3/go/ROM_NUMS256W_64.go | 37 +
version3/go/ROM_NUMS384E_32.go | 36 +
version3/go/ROM_NUMS384E_64.go | 36 +
version3/go/ROM_NUMS384W_32.go | 36 +
version3/go/ROM_NUMS384W_64.go | 36 +
version3/go/ROM_NUMS512E_32.go | 36 +
version3/go/ROM_NUMS512E_64.go | 36 +
version3/go/ROM_NUMS512W_32.go | 37 +
version3/go/ROM_NUMS512W_64.go | 36 +
version3/go/ROM_SEC256K1_64.go | 39 +
version3/go/ROM_SECP256K1_32.go | 39 +
version3/go/RSA.go | 361 ++++
version3/go/SHA3.go | 258 +++
version3/go/TestALL.go | 1315 ++++++++++++
version3/go/TestNHS.go | 64 +
version3/go/config32.py | 357 ++++
version3/go/config64.py | 357 ++++
version3/go/readme.txt | 49 +
version3/java/AES.java | 695 +++++++
version3/java/BIG32.java | 934 +++++++++
version3/java/BIG64.java | 933 +++++++++
version3/java/DBIG32.java | 282 +++
version3/java/DBIG64.java | 280 +++
version3/java/ECDH.java | 608 ++++++
version3/java/ECP.java | 1112 ++++++++++
version3/java/ECP2.java | 798 ++++++++
version3/java/ECP4.java | 770 +++++++
version3/java/ECP8.java | 932 +++++++++
version3/java/FF32.java | 1029 ++++++++++
version3/java/FF64.java | 1028 ++++++++++
version3/java/FP12.java | 910 +++++++++
version3/java/FP16.java | 565 ++++++
version3/java/FP2.java | 425 ++++
version3/java/FP24.java | 854 ++++++++
version3/java/FP32.java | 678 +++++++
version3/java/FP4.java | 724 +++++++
version3/java/FP48.java | 1060 ++++++++++
version3/java/FP64.java | 682 +++++++
version3/java/FP8.java | 658 ++++++
version3/java/GCM.java | 376 ++++
version3/java/HASH256.java | 218 ++
version3/java/HASH384.java | 229 +++
version3/java/HASH512.java | 232 +++
version3/java/MPIN.java | 823 ++++++++
version3/java/MPIN192.java | 806 ++++++++
version3/java/MPIN256.java | 815 ++++++++
version3/java/NHS.java | 577 ++++++
version3/java/OLDECP.java | 1044 ++++++++++
version3/java/OLDECP2.java | 781 +++++++
version3/java/PAIR.java | 817 ++++++++
version3/java/PAIR192.java | 550 +++++
version3/java/PAIR256.java | 628 ++++++
version3/java/RAND.java | 163 ++
version3/java/README.md | 27 +
version3/java/ROM_ANSSI_32.java | 42 +
version3/java/ROM_ANSSI_64.java | 43 +
version3/java/ROM_BLS24_32.java | 60 +
version3/java/ROM_BLS24_64.java | 60 +
version3/java/ROM_BLS381_32.java | 57 +
version3/java/ROM_BLS381_64.java | 57 +
version3/java/ROM_BLS383_32.java | 58 +
version3/java/ROM_BLS383_64.java | 55 +
version3/java/ROM_BLS461_32.java | 56 +
version3/java/ROM_BLS461_64.java | 56 +
version3/java/ROM_BLS48_32.java | 68 +
version3/java/ROM_BLS48_64.java | 68 +
version3/java/ROM_BN254CX_32.java | 57 +
version3/java/ROM_BN254CX_64.java | 58 +
version3/java/ROM_BN254_32.java | 55 +
version3/java/ROM_BN254_64.java | 55 +
version3/java/ROM_BRAINPOOL_32.java | 44 +
version3/java/ROM_BRAINPOOL_64.java | 43 +
version3/java/ROM_C25519_32.java | 41 +
version3/java/ROM_C25519_64.java | 42 +
version3/java/ROM_C41417_32.java | 41 +
version3/java/ROM_C41417_64.java | 44 +
version3/java/ROM_ED25519_32.java | 41 +
version3/java/ROM_ED25519_64.java | 43 +
version3/java/ROM_FP256BN_32.java | 56 +
version3/java/ROM_FP256BN_64.java | 55 +
version3/java/ROM_FP512BN_32.java | 55 +
version3/java/ROM_FP512BN_64.java | 56 +
version3/java/ROM_GOLDILOCKS_32.java | 43 +
version3/java/ROM_GOLDILOCKS_64.java | 44 +
version3/java/ROM_HIFIVE_32.java | 42 +
version3/java/ROM_HIFIVE_64.java | 43 +
version3/java/ROM_NIST256_32.java | 45 +
version3/java/ROM_NIST256_64.java | 43 +
version3/java/ROM_NIST384_32.java | 43 +
version3/java/ROM_NIST384_64.java | 44 +
version3/java/ROM_NIST521_32.java | 43 +
version3/java/ROM_NIST521_64.java | 44 +
version3/java/ROM_NUMS256E_32.java | 39 +
version3/java/ROM_NUMS256E_64.java | 42 +
version3/java/ROM_NUMS256W_32.java | 44 +
version3/java/ROM_NUMS256W_64.java | 45 +
version3/java/ROM_NUMS384E_32.java | 40 +
version3/java/ROM_NUMS384E_64.java | 40 +
version3/java/ROM_NUMS384W_32.java | 43 +
version3/java/ROM_NUMS384W_64.java | 55 +
version3/java/ROM_NUMS512E_32.java | 40 +
version3/java/ROM_NUMS512E_64.java | 40 +
version3/java/ROM_NUMS512W_32.java | 40 +
version3/java/ROM_NUMS512W_64.java | 41 +
version3/java/ROM_SECP256K1_32.java | 45 +
version3/java/ROM_SECP256K1_64.java | 43 +
version3/java/RSA.java | 369 ++++
version3/java/SHA3.java | 255 +++
version3/java/TestECDH.java | 192 ++
version3/java/TestMPIN.java | 297 +++
version3/java/TestMPIN192.java | 297 +++
version3/java/TestMPIN256.java | 297 +++
version3/java/TestNHS.java | 70 +
version3/java/TestRSA.java | 111 +
version3/java/TesttimeECDH.java | 103 +
version3/java/TesttimeMPIN.java | 195 ++
version3/java/TesttimeMPIN192.java | 195 ++
version3/java/TesttimeMPIN256.java | 195 ++
version3/java/TesttimeRSA.java | 99 +
version3/java/config32.py | 387 ++++
version3/java/config64.py | 386 ++++
version3/java/pom.xml | 19 +
version3/java/private_key.java | 16 +
version3/java/public_key.java | 14 +
version3/js/BenchtestALL.html | 1076 ++++++++++
version3/js/TestALL.html | 1527 ++++++++++++++
version3/js/TestNHS.html | 56 +
version3/js/aes.js | 705 +++++++
version3/js/big.js | 1552 ++++++++++++++
version3/js/ctx.js | 611 ++++++
version3/js/ecdh.js | 771 +++++++
version3/js/ecp.js | 1398 +++++++++++++
version3/js/ecp2.js | 921 +++++++++
version3/js/ecp4.js | 885 ++++++++
version3/js/ecp8.js | 1061 ++++++++++
version3/js/ff.js | 1002 +++++++++
version3/js/fp.js | 708 +++++++
version3/js/fp12.js | 893 ++++++++
version3/js/fp16.js | 573 ++++++
version3/js/fp2.js | 405 ++++
version3/js/fp24.js | 963 +++++++++
version3/js/fp4.js | 642 ++++++
version3/js/fp48.js | 1271 ++++++++++++
version3/js/fp8.js | 660 ++++++
version3/js/gcm.js | 428 ++++
version3/js/hash256.js | 198 ++
version3/js/hash384.js | 275 +++
version3/js/hash512.js | 277 +++
version3/js/include.html | 25 +
version3/js/mpin.js | 1059 ++++++++++
version3/js/mpin192.js | 1046 ++++++++++
version3/js/mpin256.js | 1080 ++++++++++
version3/js/nhs.js | 565 ++++++
version3/js/pair.js | 774 +++++++
version3/js/pair192.js | 545 +++++
version3/js/pair256.js | 622 ++++++
version3/js/rand.js | 184 ++
version3/js/readme.txt | 48 +
version3/js/rom_curve.js | 1127 ++++++++++
version3/js/rom_field.js | 425 ++++
version3/js/rsa.js | 515 +++++
version3/js/sha3.js | 264 +++
version3/js/uint64.js | 61 +
version3/python/big.py | 159 ++
version3/python/bls381.py | 40 +
version3/python/bls383.py | 40 +
version3/python/bn254.py | 38 +
version3/python/bn254cx.py | 39 +
version3/python/c25519.py | 19 +
version3/python/config.py | 175 ++
version3/python/constants.py | 17 +
version3/python/ecdh.py | 162 ++
version3/python/ecp.py | 634 ++++++
version3/python/ecp2.py | 290 +++
version3/python/ed25519.py | 19 +
version3/python/fp.py | 97 +
version3/python/fp12.py | 314 +++
version3/python/fp2.py | 153 ++
version3/python/fp4.py | 144 ++
version3/python/goldilocks.py | 19 +
version3/python/mpin.py | 227 +++
version3/python/nist256.py | 19 +
version3/python/nist384.py | 19 +
version3/python/nist521.py | 20 +
version3/python/pair.py | 317 +++
version3/python/readme.txt | 39 +
version3/python/sec256k1.py | 19 +
version3/python/test.py | 122 ++
version3/readme.txt | 17 +
version3/romgen.cpp | 1561 ++++++++++++++
version3/rust/BenchtestALL.rs | 970 +++++++++
version3/rust/TestALL.rs | 1235 +++++++++++
version3/rust/TestNHS.rs | 76 +
version3/rust/aes.rs | 628 ++++++
version3/rust/arch32.rs | 22 +
version3/rust/arch64.rs | 22 +
version3/rust/big.rs | 1078 ++++++++++
version3/rust/config32.py | 400 ++++
version3/rust/config64.py | 399 ++++
version3/rust/dbig.rs | 272 +++
version3/rust/ecdh.rs | 604 ++++++
version3/rust/ecp.rs | 1065 ++++++++++
version3/rust/ecp2.rs | 671 ++++++
version3/rust/ecp4.rs | 702 +++++++
version3/rust/ecp8.rs | 873 ++++++++
version3/rust/ff.rs | 1018 ++++++++++
version3/rust/fp.rs | 625 ++++++
version3/rust/fp12.rs | 798 ++++++++
version3/rust/fp16.rs | 553 +++++
version3/rust/fp2.rs | 353 ++++
version3/rust/fp24.rs | 840 ++++++++
version3/rust/fp4.rs | 624 ++++++
version3/rust/fp48.rs | 1069 ++++++++++
version3/rust/fp8.rs | 635 ++++++
version3/rust/gcm.rs | 356 ++++
version3/rust/hash256.rs | 177 ++
version3/rust/hash384.rs | 189 ++
version3/rust/hash512.rs | 190 ++
version3/rust/lib.rs | 10 +
version3/rust/mod.rs | 11 +
version3/rust/modecc.rs | 8 +
version3/rust/modpf.rs | 11 +
version3/rust/modpf192.rs | 12 +
version3/rust/modpf256.rs | 13 +
version3/rust/modrsa.rs | 6 +
version3/rust/mpin.rs | 800 ++++++++
version3/rust/mpin192.rs | 780 +++++++
version3/rust/mpin256.rs | 791 ++++++++
version3/rust/nhs.rs | 511 +++++
version3/rust/pair.rs | 764 +++++++
version3/rust/pair192.rs | 494 +++++
version3/rust/pair256.rs | 574 ++++++
version3/rust/rand.rs | 147 ++
version3/rust/readme.txt | 40 +
version3/rust/rom_anssi_32.rs | 39 +
version3/rust/rom_anssi_64.rs | 39 +
version3/rust/rom_bls24_32.rs | 59 +
version3/rust/rom_bls24_64.rs | 59 +
version3/rust/rom_bls381_32.rs | 57 +
version3/rust/rom_bls381_64.rs | 56 +
version3/rust/rom_bls383_32.rs | 55 +
version3/rust/rom_bls383_64.rs | 55 +
version3/rust/rom_bls461_32.rs | 55 +
version3/rust/rom_bls461_64.rs | 56 +
version3/rust/rom_bls48_32.rs | 67 +
version3/rust/rom_bls48_64.rs | 67 +
version3/rust/rom_bn254CX_32.rs | 56 +
version3/rust/rom_bn254CX_64.rs | 58 +
version3/rust/rom_bn254_32.rs | 53 +
version3/rust/rom_bn254_64.rs | 53 +
version3/rust/rom_brainpool_32.rs | 40 +
version3/rust/rom_brainpool_64.rs | 40 +
version3/rust/rom_c25519_32.rs | 39 +
version3/rust/rom_c25519_64.rs | 38 +
version3/rust/rom_c41417_32.rs | 38 +
version3/rust/rom_c41417_64.rs | 38 +
version3/rust/rom_ed25519_32.rs | 38 +
version3/rust/rom_ed25519_64.rs | 38 +
version3/rust/rom_fp256bn_32.rs | 54 +
version3/rust/rom_fp256bn_64.rs | 54 +
version3/rust/rom_fp512bn_32.rs | 53 +
version3/rust/rom_fp512bn_64.rs | 53 +
version3/rust/rom_goldilocks_32.rs | 38 +
version3/rust/rom_goldilocks_64.rs | 38 +
version3/rust/rom_hifive_32.rs | 38 +
version3/rust/rom_hifive_64.rs | 38 +
version3/rust/rom_nist256_32.rs | 41 +
version3/rust/rom_nist256_64.rs | 40 +
version3/rust/rom_nist384_32.rs | 38 +
version3/rust/rom_nist384_64.rs | 38 +
version3/rust/rom_nist521_32.rs | 39 +
version3/rust/rom_nist521_64.rs | 38 +
version3/rust/rom_nums256e_32.rs | 40 +
version3/rust/rom_nums256e_64.rs | 42 +
version3/rust/rom_nums256w_32.rs | 38 +
version3/rust/rom_nums256w_64.rs | 40 +
version3/rust/rom_nums384e_32.rs | 40 +
version3/rust/rom_nums384e_64.rs | 39 +
version3/rust/rom_nums384w_32.rs | 39 +
version3/rust/rom_nums384w_64.rs | 38 +
version3/rust/rom_nums512e_32.rs | 37 +
version3/rust/rom_nums512e_64.rs | 38 +
version3/rust/rom_nums512w_32.rs | 39 +
version3/rust/rom_nums512w_64.rs | 38 +
version3/rust/rom_secp256k1_32.rs | 40 +
version3/rust/rom_secp256k1_64.rs | 39 +
version3/rust/rsa.rs | 362 ++++
version3/rust/sha3.rs | 242 +++
version3/swift/BenchtestALL.swift | 888 ++++++++
version3/swift/TestALL.swift | 1425 +++++++++++++
version3/swift/TestNHS.swift | 70 +
version3/swift/aes.swift | 641 ++++++
version3/swift/big.swift | 1150 +++++++++++
version3/swift/config32.py | 354 ++++
version3/swift/config64.py | 352 ++++
version3/swift/dbig.swift | 291 +++
version3/swift/ecdh.swift | 595 ++++++
version3/swift/ecp.swift | 1070 ++++++++++
version3/swift/ecp2.swift | 735 +++++++
version3/swift/ecp4.swift | 739 +++++++
version3/swift/ecp8.swift | 894 ++++++++
version3/swift/ff.swift | 996 +++++++++
version3/swift/fp.swift | 616 ++++++
version3/swift/fp12.swift | 815 ++++++++
version3/swift/fp16.swift | 576 ++++++
version3/swift/fp2.swift | 359 ++++
version3/swift/fp24.swift | 852 ++++++++
version3/swift/fp4.swift | 632 ++++++
version3/swift/fp48.swift | 1071 ++++++++++
version3/swift/fp8.swift | 658 ++++++
version3/swift/gcm.swift | 326 +++
version3/swift/hash256.swift | 188 ++
version3/swift/hash384.swift | 198 ++
version3/swift/hash512.swift | 198 ++
version3/swift/mpin.swift | 822 ++++++++
version3/swift/mpin192.swift | 828 ++++++++
version3/swift/mpin256.swift | 816 ++++++++
version3/swift/nhs.swift | 550 +++++
version3/swift/pair.swift | 724 +++++++
version3/swift/pair192.swift | 512 +++++
version3/swift/pair256.swift | 587 ++++++
version3/swift/rand.swift | 136 ++
version3/swift/readme.txt | 43 +
version3/swift/rom_anssi.swift | 73 +
version3/swift/rom_bls24.swift | 104 +
version3/swift/rom_bls381.swift | 105 +
version3/swift/rom_bls383.swift | 101 +
version3/swift/rom_bls461.swift | 107 +
version3/swift/rom_bls48.swift | 120 ++
version3/swift/rom_bn254.swift | 104 +
version3/swift/rom_bn254CX.swift | 106 +
version3/swift/rom_brainpool.swift | 74 +
version3/swift/rom_c25519.swift | 72 +
version3/swift/rom_c41417.swift | 71 +
version3/swift/rom_ed25519.swift | 72 +
version3/swift/rom_fp256bn.swift | 102 +
version3/swift/rom_fp512bn.swift | 105 +
version3/swift/rom_goldilocks.swift | 70 +
version3/swift/rom_hifive.swift | 72 +
version3/swift/rom_nist256.swift | 70 +
version3/swift/rom_nist384.swift | 70 +
version3/swift/rom_nist521.swift | 71 +
version3/swift/rom_nums256e.swift | 72 +
version3/swift/rom_nums256w.swift | 72 +
version3/swift/rom_nums384e.swift | 72 +
version3/swift/rom_nums384w.swift | 73 +
version3/swift/rom_nums512e.swift | 75 +
version3/swift/rom_nums512w.swift | 72 +
version3/swift/rom_secp256k1.swift | 70 +
version3/swift/rsa.swift | 390 ++++
version3/swift/sha3.swift | 264 +++
version3/wasm/config.py | 669 ++++++
version3/wasm/readme.txt | 72 +
windows.md | 70 -
1158 files changed, 297899 insertions(+), 106873 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/AMCL.pdf
----------------------------------------------------------------------
diff --git a/AMCL.pdf b/AMCL.pdf
deleted file mode 100644
index 9d9ab9a..0000000
Binary files a/AMCL.pdf and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/CMakeLists.txt b/CMakeLists.txt
deleted file mode 100644
index a6fd195..0000000
--- a/CMakeLists.txt
+++ /dev/null
@@ -1,184 +0,0 @@
-cmake_minimum_required (VERSION 2.8)
-project (AMCL)
-enable_testing()
-
-set(AMCL_VERSION_MAJOR "1")
-set(AMCL_VERSION_MINOR "1")
-set(AMCL_VERSION_PATCH "0")
-set(PROJECT_VERSION "${AMCL_VERSION_MAJOR}.${AMCL_VERSION_MINOR}.${AMCL_VERSION_PATCH}")
-message(STATUS "PROJECT_VERSION='${PROJECT_VERSION}'")
-message(STATUS "Generator - ${CMAKE_GENERATOR}")
-
-# Add options for build
-option (BUILD_SHARED_LIBS "Build Shared Libraries" ON)
-option (BUILD_PYTHON "Build Python" ON)
-option (BUILD_MPIN "Build MPIN" ON)
-option (BUILD_WCC "Build WCC" OFF)
-option (BUILD_DOXYGEN "Build Doxygen" ON)
-option (USE_PATENTS "Use alleged patents" ON)
-option (USE_ANONYMOUS "Anonymous authenticaion for M-Pin Full" OFF)
-
-# Allow the developer to select if Dynamic or Static libraries are built
-# Set the default LIB_TYPE variable to STATIC
-SET (LIB_TYPE STATIC)
-IF (BUILD_SHARED_LIBS)
- # User wants to build Dynamic Libraries, so change the LIB_TYPE variable to CMake keyword 'SHARED'
- SET (LIB_TYPE SHARED)
-ENDIF (BUILD_SHARED_LIBS)
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- # Mac OS X specific code
- set(OS "Mac OS X")
- # MACOSX_RPATH
- cmake_policy(SET CMP0042 NEW)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- # Linux specific code
- set(OS "Linux")
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- # Windows specific code
- set(OS "Windows")
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
-# Select word length
-set(WORD_LENGTH "32" CACHE STRING "Word length. See amcl.h.in for explanation")
-set(Word_Length_Values "16;32;64")
-set_property(CACHE WORD_LENGTH PROPERTY STRINGS ${Word_Length_Values})
-message(STATUS "WORD_LENGTH='${WORD_LENGTH}'")
-
-# Select Field
-set(FIELD_CHOICE "BNCX" CACHE STRING "Choice of Field. See amcl.h.in for explanation")
-set(Field_Values "BN;BNCX;BNT;BNT2;NIST;C25519;BRAINPOOL;ANSSI;MF254;MS255;MF256;MS256")
-set_property(CACHE FIELD_CHOICE PROPERTY STRINGS ${Field_Values})
-message(STATUS "FIELD_CHOICE='${FIELD_CHOICE}'")
-
-# Select Curve type
-set(CURVE_TYPE "WEIERSTRASS" CACHE STRING "Choice of Curve. See amcl.h.in for explanation")
-set(Curve_Values "WEIERSTRASS;EDWARDS;MONTGOMERY")
-set_property(CACHE CURVE_TYPE PROPERTY STRINGS ${Curve_Values})
-message(STATUS "CURVE_TYPE='${CURVE_TYPE}'")
-
-# configure amcl header file to pass CMake settings
-# to the source code
-configure_file (
- "${PROJECT_SOURCE_DIR}/c/amcl.h.in"
- "${PROJECT_BINARY_DIR}/c/amcl.h"
- )
-
-if(NOT(FIELD_CHOICE MATCHES "BN"))
- message(STATUS "Field choice prevents MPIN being built")
- set(BUILD_MPIN OFF)
- set(BUILD_WSS OFF)
-endif(NOT(FIELD_CHOICE MATCHES "BN"))
-
-# test configuration
-if(BUILD_MPIN OR BUILD_WCC)
- set(MPIN_TIME_PERMIT_TESTS 10 CACHE STRING "Number of days in the future to test M-PIN time permits")
- set(MPIN_RANDOM_TESTS 10 CACHE STRING "Number of random M-PIN tests")
- message(STATUS "MPIN_TIME_PERMIT_TESTS=${MPIN_TIME_PERMIT_TESTS}")
- message(STATUS "MPIN_RANDOM_TESTS=${MPIN_RANDOM_TESTS}")
- # Configure test variables
- configure_file (
- "${PROJECT_SOURCE_DIR}/c/tests/config.h.in"
- "${PROJECT_BINARY_DIR}/c/tests/config.h"
- )
-endif(BUILD_MPIN OR BUILD_WCC)
-
-# Set a default build type if none was specified
-if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
- message(STATUS "Setting build type to 'Release' as none was specified.")
- set(CMAKE_BUILD_TYPE Release CACHE STRING "Choose the type of build." FORCE)
- # Set the possible values of build type for cmake-gui
- set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo")
-endif()
-
-# Add subdirectories
-add_subdirectory (c)
-
-# Only build Python for shared libs
-if (NOT BUILD_SHARED_LIBS)
- set(BUILD_PYTHON OFF)
-endif (NOT BUILD_SHARED_LIBS)
-
-if (BUILD_PYTHON)
- message(STATUS "Build Python CFFI")
- execute_process (COMMAND python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()" OUTPUT_VARIABLE PYTHON_SITE_PACKAGES OUTPUT_STRIP_TRAILING_WHITESPACE)
- execute_process (COMMAND python -c "from distutils.sysconfig import get_python_lib; from os.path import dirname; print dirname(get_python_lib())" OUTPUT_VARIABLE PYTHON_SITE_LIB OUTPUT_STRIP_TRAILING_WHITESPACE)
-
- if((FIELD_CHOICE STREQUAL "BNCX") AND BUILD_MPIN)
- file(COPY "${PROJECT_SOURCE_DIR}/testVectors/mpin/BNCX.json" DESTINATION "${PROJECT_BINARY_DIR}/pythonCFFI")
- file(RENAME "${PROJECT_BINARY_DIR}/pythonCFFI/BNCX.json" "${PROJECT_BINARY_DIR}/pythonCFFI/MPINTestVectors.json")
- endif((FIELD_CHOICE STREQUAL "BNCX") AND BUILD_MPIN)
- add_subdirectory (pythonCFFI)
-endif (BUILD_PYTHON)
-
-# Build Documentation
-if (BUILD_DOXYGEN)
- find_package(Doxygen QUIET)
- if(DOXYGEN_FOUND)
- add_subdirectory (docs)
- else(DOXYGEN_FOUND)
- message(STATUS "Doxygen not found. Documentation will not be built.")
- endif(DOXYGEN_FOUND)
-endif (BUILD_DOXYGEN)
-
-message(STATUS "Install ${CMAKE_INSTALL_PREFIX}")
-
-# uninstall target
-configure_file(
- "${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
- "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
- IMMEDIATE @ONLY)
-
-add_custom_target(uninstall
- COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
-
-# Build a CPack driven installer package
-include (InstallRequiredSystemLibraries)
-set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE")
-set(CPACK_PACKAGE_VERSION "${AMCL_VERSION_MAJOR}.${AMCL_VERSION_MINOR}.${AMCL_VERSION_PATCH}")
-set(CPACK_PACKAGE_NAME "AMCL")
-set(CPACK_PACKAGE_RELEASE 1)
-set(CPACK_PACKAGE_CONTACT "support@miracl.com")
-set(CPACK_PACKAGE_VENDOR "MIRACL")
-if (BUILD_PYTHON)
- set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.7.0")
-endif (BUILD_PYTHON)
-set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CPACK_PACKAGE_RELEASE}.${CMAKE_SYSTEM_PROCESSOR}")
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- # Linux specific code
- set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
- # Prevents CPack from generating file conflicts
- set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}")
- list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}/bin")
- list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}/include")
- list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${CPACK_PACKAGING_INSTALL_PREFIX}/lib")
- list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${PYTHON_SITE_LIB}")
- list(APPEND CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "${PYTHON_SITE_PACKAGES}")
- set(CPACK_GENERATOR "RPM")
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- # Windows specific code
- set(CPACK_PACKAGE_INSTALL_DIRECTORY "AMCL")
- set(CPACK_NSIS_MODIFY_PATH ON)
- set(CPACK_PACKAGE_ICON "${CMAKE_SOURCE_DIR}/data\\\\icon.bmp")
- set(CPACK_NSIS_MUI_ICON "${CMAKE_SOURCE_DIR}/data\\\\icon.ico")
- set(CPACK_NSIS_MUI_UNIICON "${CMAKE_SOURCE_DIR}/data\\\\icon.ico")
- set(CPACK_NSIS_HELP_LINK "http:\\\\\\\\www.miracl.com")
- set(CPACK_NSIS_URL_INFO_ABOUT "http:\\\\\\\\www.miracl.com")
- set(CPACK_NSIS_CONTACT "support@miracl.com")
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- # Mac OS X specific code
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-
-include (CPack)
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/LICENSE
----------------------------------------------------------------------
diff --git a/LICENSE b/LICENSE
deleted file mode 100644
index 19efef5..0000000
--- a/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright 2016 MIRACL UK Ltd
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
[33/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/BIG.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/BIG.go b/go/amcl-go/BIG.go
deleted file mode 100644
index a1c5184..0000000
--- a/go/amcl-go/BIG.go
+++ /dev/null
@@ -1,956 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-package amcl
-
-import "strconv"
-
-//import "fmt"
-
-type BIG struct {
- w [NLEN]int64
-}
-
-func NewBIG() *BIG {
- b := new(BIG)
- for i := 0; i < NLEN; i++ {
- b.w[i] = 0
- }
- return b
-}
-
-func NewBIGint(x int) *BIG {
- b := new(BIG)
- b.w[0] = int64(x)
- for i := 1; i < NLEN; i++ {
- b.w[i] = 0
- }
- return b
-}
-
-func NewBIGcopy(x *BIG) *BIG {
- b := new(BIG)
- for i := 0; i < NLEN; i++ {
- b.w[i] = x.w[i]
- }
- return b
-}
-
-func NewBIGdcopy(x *DBIG) *BIG {
- b := new(BIG)
- for i := 0; i < NLEN; i++ {
- b.w[i] = x.w[i]
- }
- return b
-}
-
-func NewBIGints(x [NLEN]int64) *BIG {
- b := new(BIG)
- for i := 0; i < NLEN; i++ {
- b.w[i] = x[i]
- }
- return b
-}
-
-func (r *BIG) get(i int) int64 {
- return r.w[i]
-}
-
-func (r *BIG) set(i int, x int64) {
- r.w[i] = x
-}
-
-func (r *BIG) xortop(x int64) {
- r.w[NLEN-1] ^= x
-}
-
-func (r *BIG) ortop(x int64) {
- r.w[NLEN-1] |= x
-}
-
-/* test for zero */
-func (r *BIG) iszilch() bool {
- for i := 0; i < NLEN; i++ {
- if r.w[i] != 0 {
- return false
- }
- }
- return true
-}
-
-/* set to zero */
-func (r *BIG) zero() {
- for i := 0; i < NLEN; i++ {
- r.w[i] = 0
- }
-}
-
-/* Test for equal to one */
-func (r *BIG) isunity() bool {
- for i := 1; i < NLEN; i++ {
- if r.w[i] != 0 {
- return false
- }
- }
- if r.w[0] != 1 {
- return false
- }
- return true
-}
-
-/* set to one */
-func (r *BIG) one() {
- r.w[0] = 1
- for i := 1; i < NLEN; i++ {
- r.w[i] = 0
- }
-}
-
-/* Copy from another BIG */
-func (r *BIG) copy(x *BIG) {
- for i := 0; i < NLEN; i++ {
- r.w[i] = x.w[i]
- }
-}
-
-/* Copy from another DBIG */
-func (r *BIG) dcopy(x *DBIG) {
- for i := 0; i < NLEN; i++ {
- r.w[i] = x.w[i]
- }
-}
-
-/* calculate Field Excess */
-func EXCESS(a *BIG) int64 {
- return ((a.w[NLEN-1] & OMASK) >> (MODBITS % BASEBITS))
-}
-
-/* normalise BIG - force all digits < 2^BASEBITS */
-func (r *BIG) norm() int64 {
- var carry int64 = 0
- for i := 0; i < NLEN-1; i++ {
- d := r.w[i] + carry
- r.w[i] = d & MASK
- carry = d >> BASEBITS
- }
- r.w[NLEN-1] = (r.w[NLEN-1] + carry)
-
- return (r.w[NLEN-1] >> ((8 * MODBYTES) % BASEBITS))
-}
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
-func (r *BIG) cswap(b *BIG, d int32) {
- var c = int64(d)
- c = ^(c - 1)
-
- for i := 0; i < NLEN; i++ {
- t := c & (r.w[i] ^ b.w[i])
- r.w[i] ^= t
- b.w[i] ^= t
- }
-}
-
-func (r *BIG) cmove(g *BIG, d int32) {
- var b = int64(-d)
-
- for i := 0; i < NLEN; i++ {
- r.w[i] ^= (r.w[i] ^ g.w[i]) & b
- }
-}
-
-/* Shift right by less than a word */
-func (r *BIG) fshr(k uint) int64 {
- w := r.w[0] & ((int64(1) << k) - 1) /* shifted out part */
- for i := 0; i < NLEN-1; i++ {
- r.w[i] = (r.w[i] >> k) | ((r.w[i+1] << (BASEBITS - k)) & MASK)
- }
- r.w[NLEN-1] = r.w[NLEN-1] >> k
- return w
-}
-
-/* general shift right */
-func (r *BIG) shr(k uint) {
- n := (k % BASEBITS)
- m := int(k / BASEBITS)
- for i := 0; i < NLEN-m-1; i++ {
- r.w[i] = (r.w[m+i] >> n) | ((r.w[m+i+1] << (BASEBITS - n)) & MASK)
- }
- r.w[NLEN-m-1] = r.w[NLEN-1] >> n
- for i := NLEN - m; i < NLEN; i++ {
- r.w[i] = 0
- }
-}
-
-/* Shift right by less than a word */
-func (r *BIG) fshl(k uint) int64 {
- r.w[NLEN-1] = (r.w[NLEN-1] << k) | (r.w[NLEN-2] >> (BASEBITS - k))
- for i := NLEN - 2; i > 0; i-- {
- r.w[i] = ((r.w[i] << k) & MASK) | (r.w[i-1] >> (BASEBITS - k))
- }
- r.w[0] = (r.w[0] << k) & MASK
- return (r.w[NLEN-1] >> ((8 * MODBYTES) % BASEBITS)) /* return excess - only used in ff.c */
-}
-
-/* general shift left */
-func (r *BIG) shl(k uint) {
- n := k % BASEBITS
- m := int(k / BASEBITS)
-
- r.w[NLEN-1] = (r.w[NLEN-1-m] << n) | (r.w[NLEN-m-2] >> (BASEBITS - n))
- for i := NLEN - 2; i > m; i-- {
- r.w[i] = ((r.w[i-m] << n) & MASK) | (r.w[i-m-1] >> (BASEBITS - n))
- }
- r.w[m] = (r.w[0] << n) & MASK
- for i := 0; i < m; i++ {
- r.w[i] = 0
- }
-}
-
-/* return number of bits */
-func (r *BIG) nbits() int {
- k := NLEN - 1
- r.norm()
- for k >= 0 && r.w[k] == 0 {
- k--
- }
- if k < 0 {
- return 0
- }
- bts := int(BASEBITS) * k
- c := r.w[k]
- for c != 0 {
- c /= 2
- bts++
- }
- return bts
-}
-
-/* Convert to Hex String */
-func (r *BIG) toString() string {
- s := ""
- len := r.nbits()
-
- if len%4 == 0 {
- len /= 4
- } else {
- len /= 4
- len++
-
- }
- MB := int(MODBYTES * 2)
- if len < MB {
- len = MB
- }
-
- for i := len - 1; i >= 0; i-- {
- b := NewBIGcopy(r)
-
- b.shr(uint(i * 4))
- s += strconv.FormatInt(b.w[0]&15, 16)
- }
- return s
-}
-
-func (r *BIG) add(x *BIG) {
- for i := 0; i < NLEN; i++ {
- r.w[i] = r.w[i] + x.w[i]
- }
-}
-
-/* return this+x */
-func (r *BIG) plus(x *BIG) *BIG {
- s := new(BIG)
- for i := 0; i < NLEN; i++ {
- s.w[i] = r.w[i] + x.w[i]
- }
- return s
-}
-
-/* this+=x, where x is int */
-func (r *BIG) inc(x int) {
- r.norm()
- r.w[0] += int64(x)
-}
-
-/* return this-x */
-func (r *BIG) minus(x *BIG) *BIG {
- d := new(BIG)
- for i := 0; i < NLEN; i++ {
- d.w[i] = r.w[i] - x.w[i]
- }
- return d
-}
-
-/* this-=x */
-func (r *BIG) sub(x *BIG) {
- for i := 0; i < NLEN; i++ {
- r.w[i] = r.w[i] - x.w[i]
- }
-}
-
-/* reverse subtract this=x-this */
-func (r *BIG) rsub(x *BIG) {
- for i := 0; i < NLEN; i++ {
- r.w[i] = x.w[i] - r.w[i]
- }
-}
-
-/* this-=x, where x is int */
-func (r *BIG) dec(x int) {
- r.norm()
- r.w[0] -= int64(x)
-}
-
-/* this*=x, where x is small int<NEXCESS */
-func (r *BIG) imul(c int) {
- for i := 0; i < NLEN; i++ {
- r.w[i] *= int64(c)
- }
-}
-
-/* convert this BIG to byte array */
-func (r *BIG) tobytearray(b []byte, n int) {
- r.norm()
- c := NewBIGcopy(r)
-
- for i := int(MODBYTES) - 1; i >= 0; i-- {
- b[i+n] = byte(c.w[0])
- c.fshr(8)
- }
-}
-
-/* convert from byte array to BIG */
-func frombytearray(b []byte, n int) *BIG {
- m := NewBIG()
- for i := 0; i < int(MODBYTES); i++ {
- m.fshl(8)
- m.w[0] += int64(b[i+n] & 0xff)
- }
- return m
-}
-
-func (r *BIG) toBytes(b []byte) {
- r.tobytearray(b, 0)
-}
-
-func fromBytes(b []byte) *BIG {
- return frombytearray(b, 0)
-}
-
-/* set this[i]+=x*y+c, and return high part */
-
-func (r *BIG) muladd(a int64, b int64, c int64, i int) int64 {
- x0 := a & HMASK
- x1 := (a >> HBITS)
- y0 := b & HMASK
- y1 := (b >> HBITS)
- bot := x0 * y0
- top := x1 * y1
- mid := x0*y1 + x1*y0
- x0 = mid & HMASK
- x1 = (mid >> HBITS)
- bot += x0 << HBITS
- bot += c
- bot += r.w[i]
- top += x1
- carry := bot >> BASEBITS
- bot &= MASK
- top += carry
- r.w[i] = bot
- return top
-}
-
-/* this*=x, where x is >NEXCESS */
-func (r *BIG) pmul(c int) int64 {
- var carry int64 = 0
- r.norm()
- for i := 0; i < NLEN; i++ {
- ak := r.w[i]
- r.w[i] = 0
- carry = r.muladd(ak, int64(c), carry, i)
- }
- return carry
-}
-
-/* this*=c and catch overflow in DBIG */
-func (r *BIG) pxmul(c int) *DBIG {
- m := NewDBIG()
- var carry int64 = 0
- for j := 0; j < NLEN; j++ {
- carry = m.muladd(r.w[j], int64(c), carry, j)
- }
- m.w[NLEN] = carry
- return m
-}
-
-/* divide by 3 */
-func (r *BIG) div3() int {
- var carry int64 = 0
- r.norm()
- base := (int64(1) << BASEBITS)
- for i := NLEN - 1; i >= 0; i-- {
- ak := (carry*base + r.w[i])
- r.w[i] = ak / 3
- carry = ak % 3
- }
- return int(carry)
-}
-
-/* return a*b where result fits in a BIG */
-func smul(a *BIG, b *BIG) *BIG {
- var carry int64
- c := NewBIG()
- for i := 0; i < NLEN; i++ {
- carry = 0
- for j := 0; j < NLEN; j++ {
- if i+j < NLEN {
- carry = c.muladd(a.w[i], b.w[j], carry, i+j)
- }
- }
- }
- return c
-}
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-func comp(a *BIG, b *BIG) int {
- for i := NLEN - 1; i >= 0; i-- {
- if a.w[i] == b.w[i] {
- continue
- }
- if a.w[i] > b.w[i] {
- return 1
- } else {
- return -1
- }
- }
- return 0
-}
-
-/* return parity */
-func (r *BIG) parity() int {
- return int(r.w[0] % 2)
-}
-
-/* return n-th bit */
-func (r *BIG) bit(n int) int {
- if (r.w[n/int(BASEBITS)] & (int64(1) << (uint(n) % BASEBITS))) > 0 {
- return 1
- }
- return 0
-}
-
-/* return n last bits */
-func (r *BIG) lastbits(n int) int {
- msk := (1 << uint(n)) - 1
- r.norm()
- return (int(r.w[0])) & msk
-}
-
-/* set x = x mod 2^m */
-func (r *BIG) mod2m(m uint) {
- wd := int(m / BASEBITS)
- bt := m % BASEBITS
- msk := (int64(1) << bt) - 1
- r.w[wd] &= msk
- for i := wd + 1; i < NLEN; i++ {
- r.w[i] = 0
- }
-}
-
-/* Arazi and Qi inversion mod 256 */
-func invmod256(a int) int {
- var t1 int = 0
- c := (a >> 1) & 1
- t1 += c
- t1 &= 1
- t1 = 2 - t1
- t1 <<= 1
- U := t1 + 1
-
- // i=2
- b := a & 3
- t1 = U * b
- t1 >>= 2
- c = (a >> 2) & 3
- t2 := (U * c) & 3
- t1 += t2
- t1 *= U
- t1 &= 3
- t1 = 4 - t1
- t1 <<= 2
- U += t1
-
- // i=4
- b = a & 15
- t1 = U * b
- t1 >>= 4
- c = (a >> 4) & 15
- t2 = (U * c) & 15
- t1 += t2
- t1 *= U
- t1 &= 15
- t1 = 16 - t1
- t1 <<= 4
- U += t1
-
- return U
-}
-
-/* a=1/a mod 2^256. This is very fast! */
-func (r *BIG) invmod2m() {
- U := NewBIG()
- b := NewBIG()
- c := NewBIG()
-
- U.inc(invmod256(r.lastbits(8)))
-
- for i := 8; i < 256; i <<= 1 {
- ui := uint(i)
- b.copy(r)
- b.mod2m(ui)
- t1 := smul(U, b)
- t1.shr(ui)
- c.copy(r)
- c.shr(ui)
- c.mod2m(ui)
-
- t2 := smul(U, c)
- t2.mod2m(ui)
- t1.add(t2)
- b = smul(t1, U)
- t1.copy(b)
- t1.mod2m(ui)
-
- t2.one()
- t2.shl(ui)
- t1.rsub(t2)
- t1.norm()
- t1.shl(ui)
- U.add(t1)
- }
- r.copy(U)
-}
-
-/* reduce this mod m */
-func (r *BIG) mod(m *BIG) {
- r.norm()
- if comp(r, m) < 0 {
- return
- }
-
- m.fshl(1)
- k := 1
-
- for comp(r, m) >= 0 {
- m.fshl(1)
- k++
- }
-
- for k > 0 {
- m.fshr(1)
- if comp(r, m) >= 0 {
- r.sub(m)
- r.norm()
- }
- k--
- }
-}
-
-/* divide this by m */
-func (r *BIG) div(m *BIG) {
- k := 0
- r.norm()
- e := NewBIGint(1)
- b := NewBIGcopy(r)
- r.zero()
-
- for comp(b, m) >= 0 {
- e.fshl(1)
- m.fshl(1)
- k++
- }
-
- for k > 0 {
- m.fshr(1)
- e.fshr(1)
- if comp(b, m) >= 0 {
- r.add(e)
- r.norm()
- b.sub(m)
- b.norm()
- }
- k--
- }
-}
-
-/* get 8*MODBYTES size random number */
-func random(rng *RAND) *BIG {
- m := NewBIG()
- var j int = 0
- var r byte = 0
- /* generate random BIG */
- for i := 0; i < 8*int(MODBYTES); i++ {
- if j == 0 {
- r = rng.GetByte()
- } else {
- r >>= 1
- }
-
- b := int64(r & 1)
- m.shl(1)
- m.w[0] += b // m.inc(b)
- j++
- j &= 7
- }
- return m
-}
-
-/* Create random BIG in portable way, one bit at a time */
-func randomnum(q *BIG, rng *RAND) *BIG {
- d := NewDBIG()
- var j int = 0
- var r byte = 0
- for i := 0; i < 2*int(MODBITS); i++ {
- if j == 0 {
- r = rng.GetByte()
- } else {
- r >>= 1
- }
-
- b := int64(r & 1)
- d.shl(1)
- d.w[0] += b // m.inc(b);
- j++
- j &= 7
- }
- m := d.mod(q)
- return m
-}
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-func nafbits(x *BIG, x3 *BIG, i int) [3]int {
- var n [3]int
- var j int
- nb := x3.bit(i) - x.bit(i)
-
- n[1] = 1
- n[0] = 0
- if nb == 0 {
- n[0] = 0
- return n
- }
- if i == 0 {
- n[0] = nb
- return n
- }
- if nb > 0 {
- n[0] = 1
- } else {
- n[0] = (-1)
- }
-
- for j = i - 1; j > 0; j-- {
- n[1]++
- n[0] *= 2
- nb = x3.bit(j) - x.bit(j)
- if nb > 0 {
- n[0] += 1
- }
- if nb < 0 {
- n[0] -= 1
- }
- if n[0] > 5 || n[0] < -5 {
- break
- }
- }
-
- if n[0]%2 != 0 && j != 0 { /* backtrack */
- if nb > 0 {
- n[0] = (n[0] - 1) / 2
- }
- if nb < 0 {
- n[0] = (n[0] + 1) / 2
- }
- n[1]--
- }
- for n[0]%2 == 0 { /* remove trailing zeros */
- n[0] /= 2
- n[2]++
- n[1]--
- }
- return n
-}
-
-/* return a*b as DBIG */
-func mul(a *BIG, b *BIG) *DBIG {
- c := NewDBIG()
- var carry int64
- a.norm()
- b.norm()
-
- for i := 0; i < NLEN; i++ {
- carry = 0
- for j := 0; j < NLEN; j++ {
- carry = c.muladd(a.w[i], b.w[j], carry, i+j)
- }
- c.w[NLEN+i] = carry
- }
-
- return c
-}
-
-/* return a^2 as DBIG */
-func sqr(a *BIG) *DBIG {
- c := NewDBIG()
- var carry int64
- a.norm()
- for i := 0; i < NLEN; i++ {
- carry = 0
- for j := i + 1; j < NLEN; j++ {
- carry = c.muladd(2*a.w[i], a.w[j], carry, i+j)
- }
- c.w[NLEN+i] = carry
- }
-
- for i := 0; i < NLEN; i++ {
- c.w[2*i+1] += c.muladd(a.w[i], a.w[i], 0, 2*i)
- }
- c.norm()
- return c
-}
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
-func mod(d *DBIG) *BIG {
- var b *BIG
- if MODTYPE == PSEUDO_MERSENNE {
- t := d.split(MODBITS)
- b = NewBIGdcopy(d)
-
- v := t.pmul(int(MConst))
- tw := t.w[NLEN-1]
- t.w[NLEN-1] &= TMASK
- t.w[0] += (MConst * ((tw >> TBITS) + (v << (BASEBITS - TBITS))))
-
- b.add(t)
- }
- if MODTYPE == MONTGOMERY_FRIENDLY {
- for i := 0; i < NLEN; i++ {
- d.w[NLEN+i] += d.muladd(d.w[i], MConst-1, d.w[i], NLEN+i-1)
- }
- b = NewBIG()
-
- for i := 0; i < NLEN; i++ {
- b.w[i] = d.w[NLEN+i]
- }
- }
-
- if MODTYPE == NOT_SPECIAL {
- md := NewBIGints(Modulus)
- var carry, m int64
- for i := 0; i < NLEN; i++ {
- if MConst == -1 {
- m = (-d.w[i]) & MASK
- } else {
- if MConst == 1 {
- m = d.w[i]
- } else {
- m = (MConst * d.w[i]) & MASK
- }
- }
-
- carry = 0
- for j := 0; j < NLEN; j++ {
- carry = d.muladd(m, md.w[j], carry, i+j)
- }
- d.w[NLEN+i] += carry
- }
-
- b = NewBIG()
- for i := 0; i < NLEN; i++ {
- b.w[i] = d.w[NLEN+i]
- }
-
- }
- b.norm()
- return b
-}
-
-/* return a*b mod m */
-func modmul(a, b, m *BIG) *BIG {
- a.mod(m)
- b.mod(m)
- d := mul(a, b)
- return d.mod(m)
-}
-
-/* return a^2 mod m */
-func modsqr(a, m *BIG) *BIG {
- a.mod(m)
- d := sqr(a)
- return d.mod(m)
-}
-
-/* return -a mod m */
-func modneg(a, m *BIG) *BIG {
- a.mod(m)
- return m.minus(a)
-}
-
-/* return this^e mod m */
-func (r *BIG) powmod(e *BIG, m *BIG) *BIG {
- r.norm()
- e.norm()
- a := NewBIGint(1)
- z := NewBIGcopy(e)
- s := NewBIGcopy(r)
- for true {
- bt := z.parity()
- z.fshr(1)
- if bt == 1 {
- a = modmul(a, s, m)
- }
- if z.iszilch() {
- break
- }
- s = modsqr(s, m)
- }
- return a
-}
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
-func (r *BIG) jacobi(p *BIG) int {
- m := 0
- t := NewBIGint(0)
- x := NewBIGint(0)
- n := NewBIGint(0)
- zilch := NewBIGint(0)
- one := NewBIGint(1)
- if p.parity() == 0 || comp(r, zilch) == 0 || comp(p, one) <= 0 {
- return 0
- }
- r.norm()
- x.copy(r)
- n.copy(p)
- x.mod(p)
-
- for comp(n, one) > 0 {
- if comp(x, zilch) == 0 {
- return 0
- }
- n8 := n.lastbits(3)
- k := 0
- for x.parity() == 0 {
- k++
- x.shr(1)
- }
- if k%2 == 1 {
- m += (n8*n8 - 1) / 8
- }
- m += (n8 - 1) * (x.lastbits(2) - 1) / 4
- t.copy(n)
- t.mod(x)
- n.copy(x)
- x.copy(t)
- m %= 2
-
- }
- if m == 0 {
- return 1
- }
- return -1
-}
-
-/* this=1/this mod p. Binary method */
-func (r *BIG) invmodp(p *BIG) {
- r.mod(p)
- u := NewBIGcopy(r)
-
- v := NewBIGcopy(p)
- x1 := NewBIGint(1)
- x2 := NewBIGint(0)
- t := NewBIGint(0)
- one := NewBIGint(1)
- for comp(u, one) != 0 && comp(v, one) != 0 {
- for u.parity() == 0 {
- u.shr(1)
- if x1.parity() != 0 {
- x1.add(p)
- x1.norm()
- }
- x1.shr(1)
- }
- for v.parity() == 0 {
- v.shr(1)
- if x2.parity() != 0 {
- x2.add(p)
- x2.norm()
- }
- x2.shr(1)
- }
- if comp(u, v) >= 0 {
- u.sub(v)
- u.norm()
- if comp(x1, x2) >= 0 {
- x1.sub(x2)
- } else {
- t.copy(p)
- t.sub(x2)
- x1.add(t)
- }
- x1.norm()
- } else {
- v.sub(u)
- v.norm()
- if comp(x2, x1) >= 0 {
- x2.sub(x1)
- } else {
- t.copy(p)
- t.sub(x1)
- x2.add(t)
- }
- x2.norm()
- }
- }
- if comp(u, one) == 0 {
- r.copy(x1)
- } else {
- r.copy(x2)
- }
-}
-
-/*
-func main() {
- a := NewBIGint(3)
- m := NewBIGints(Modulus)
-
- fmt.Printf("Modulus= "+m.toString())
- fmt.Printf("\n")
-
-
- e := NewBIGcopy(m);
- e.dec(7); e.norm();
- fmt.Printf("Exponent= "+e.toString())
- fmt.Printf("\n")
- a=a.powmod(e,m);
- fmt.Printf("Result= "+a.toString())
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/DBIG.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/DBIG.go b/go/amcl-go/DBIG.go
deleted file mode 100644
index 98314b6..0000000
--- a/go/amcl-go/DBIG.go
+++ /dev/null
@@ -1,260 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-package amcl
-
-import "strconv"
-
-type DBIG struct {
- w [2 * NLEN]int64
-}
-
-func NewDBIG() *DBIG {
- b := new(DBIG)
- for i := 0; i < DNLEN; i++ {
- b.w[i] = 0
- }
- return b
-}
-
-func NewDBIGcopy(x *DBIG) *DBIG {
- b := new(DBIG)
- for i := 0; i < DNLEN; i++ {
- b.w[i] = x.w[i]
- }
- return b
-}
-
-func NewDBIGscopy(x *BIG) *DBIG {
- b := new(DBIG)
- for i := 0; i < NLEN-1; i++ {
- b.w[i] = x.w[i]
- }
- b.w[NLEN-1] = x.get(NLEN-1) & MASK /* top word normalized */
- b.w[NLEN] = x.get(NLEN-1) >> BASEBITS
-
- for i := NLEN + 1; i < DNLEN; i++ {
- b.w[i] = 0
- }
- return b
-}
-
-/* set this[i]+=x*y+c, and return high part */
-
-func (r *DBIG) muladd(a int64, b int64, c int64, i int) int64 {
- x0 := a & HMASK
- x1 := (a >> HBITS)
- y0 := b & HMASK
- y1 := (b >> HBITS)
- bot := x0 * y0
- top := x1 * y1
- mid := x0*y1 + x1*y0
- x0 = mid & HMASK
- x1 = (mid >> HBITS)
- bot += x0 << HBITS
- bot += c
- bot += r.w[i]
- top += x1
- carry := bot >> BASEBITS
- bot &= MASK
- top += carry
- r.w[i] = bot
- return top
-}
-
-/* normalise this */
-func (r *DBIG) norm() {
- var carry int64 = 0
- for i := 0; i < DNLEN-1; i++ {
- d := r.w[i] + carry
- r.w[i] = d & MASK
- carry = d >> BASEBITS
- }
- r.w[DNLEN-1] = (r.w[DNLEN-1] + carry)
-}
-
-/* split DBIG at position n, return higher half, keep lower half */
-func (r *DBIG) split(n uint) *BIG {
- t := NewBIG()
- m := n % BASEBITS
- carry := r.w[DNLEN-1] << (BASEBITS - m)
-
- for i := DNLEN - 2; i >= NLEN-1; i-- {
- nw := (r.w[i] >> m) | carry
- carry = (r.w[i] << (BASEBITS - m)) & MASK
- t.set(i-NLEN+1, nw)
- }
- r.w[NLEN-1] &= ((int64(1) << m) - 1)
- return t
-}
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
-func dcomp(a *DBIG, b *DBIG) int {
- for i := DNLEN - 1; i >= 0; i-- {
- if a.w[i] == b.w[i] {
- continue
- }
- if a.w[i] > b.w[i] {
- return 1
- } else {
- return -1
- }
- }
- return 0
-}
-
-func (r *DBIG) add(x *DBIG) {
- for i := 0; i < DNLEN; i++ {
- r.w[i] = r.w[i] + x.w[i]
- }
-}
-
-/* this-=x */
-func (r *DBIG) sub(x *DBIG) {
- for i := 0; i < DNLEN; i++ {
- r.w[i] = r.w[i] - x.w[i]
- }
-}
-
-/* general shift left */
-func (r *DBIG) shl(k uint) {
- n := k % BASEBITS
- m := int(k / BASEBITS)
-
- r.w[DNLEN-1] = (r.w[DNLEN-1-m] << n) | (r.w[DNLEN-m-2] >> (BASEBITS - n))
- for i := DNLEN - 2; i > m; i-- {
- r.w[i] = ((r.w[i-m] << n) & MASK) | (r.w[i-m-1] >> (BASEBITS - n))
- }
- r.w[m] = (r.w[0] << n) & MASK
- for i := 0; i < m; i++ {
- r.w[i] = 0
- }
-}
-
-/* general shift right */
-func (r *DBIG) shr(k uint) {
- n := (k % BASEBITS)
- m := int(k / BASEBITS)
- for i := 0; i < DNLEN-m-1; i++ {
- r.w[i] = (r.w[m+i] >> n) | ((r.w[m+i+1] << (BASEBITS - n)) & MASK)
- }
- r.w[DNLEN-m-1] = r.w[DNLEN-1] >> n
- for i := DNLEN - m; i < DNLEN; i++ {
- r.w[i] = 0
- }
-}
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
-func (r *DBIG) mod(c *BIG) *BIG {
- r.norm()
- m := NewDBIGscopy(c)
-
- if dcomp(r, m) < 0 {
- return NewBIGdcopy(r)
- }
-
- m.shl(1)
- k := 1
-
- for dcomp(r, m) >= 0 {
- m.shl(1)
- k++
- }
-
- for k > 0 {
- m.shr(1)
- if dcomp(r, m) >= 0 {
- r.sub(m)
- r.norm()
- }
- k--
- }
- return NewBIGdcopy(r)
-}
-
-/* return this/c */
-func (r *DBIG) div(c *BIG) *BIG {
- k := 0
- m := NewDBIGscopy(c)
- a := NewBIGint(0)
- e := NewBIGint(1)
- r.norm()
-
- for dcomp(r, m) >= 0 {
- e.fshl(1)
- m.shl(1)
- k++
- }
-
- for k > 0 {
- m.shr(1)
- e.shr(1)
- if dcomp(r, m) > 0 {
- a.add(e)
- a.norm()
- r.sub(m)
- r.norm()
- }
- k--
- }
- return a
-}
-
-/* Convert to Hex String */
-func (r *DBIG) toString() string {
- s := ""
- len := r.nbits()
-
- if len%4 == 0 {
- len /= 4
- } else {
- len /= 4
- len++
-
- }
-
- for i := len - 1; i >= 0; i-- {
- b := NewDBIGcopy(r)
-
- b.shr(uint(i * 4))
- s += strconv.FormatInt(b.w[0]&15, 16)
- }
- return s
-}
-
-/* return number of bits */
-func (r *DBIG) nbits() int {
- k := DNLEN - 1
- r.norm()
- for k >= 0 && r.w[k] == 0 {
- k--
- }
- if k < 0 {
- return 0
- }
- bts := int(BASEBITS) * k
- c := r.w[k]
- for c != 0 {
- c /= 2
- bts++
- }
- return bts
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/ECDH.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/ECDH.go b/go/amcl-go/ECDH.go
deleted file mode 100644
index 20718eb..0000000
--- a/go/amcl-go/ECDH.go
+++ /dev/null
@@ -1,657 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve API high-level functions */
-
-package amcl
-
-import "fmt"
-
-const ECDH_INVALID_PUBLIC_KEY int = -2
-const ECDH_ERROR int = -3
-const ECDH_INVALID int = -4
-const ECDH_EFS int = int(MODBYTES)
-const ECDH_EGS int = int(MODBYTES)
-const ECDH_EAS int = 16
-const ECDH_EBS int = 16
-
-/* Convert Integer to n-byte array */
-func inttoBytes(n int, len int) []byte {
- var b []byte
- var i int
- for i = 0; i < len; i++ {
- b = append(b, 0)
- }
- i = len
- for n > 0 && i > 0 {
- i--
- b[i] = byte(n & 0xff)
- n /= 256
- }
- return b
-}
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
-func KDF1(Z []byte, olen int) []byte {
- /* NOTE: the parameter olen is the length of the output K in bytes */
- H := NewHASH()
- hlen := 32
- var K []byte
- k := 0
-
- for i := 0; i < olen; i++ {
- K = append(K, 0)
- }
-
- cthreshold := olen / hlen
- if olen%hlen != 0 {
- cthreshold++
- }
-
- for counter := 0; counter < cthreshold; counter++ {
- H.Process_array(Z)
- if counter > 0 {
- H.Process_num(int32(counter))
- }
- B := H.Hash()
- if k+hlen > olen {
- for i := 0; i < olen%hlen; i++ {
- K[k] = B[i]
- k++
- }
- } else {
- for i := 0; i < hlen; i++ {
- K[k] = B[i]
- k++
- }
- }
- }
- return K
-}
-
-func KDF2(Z []byte, P []byte, olen int) []byte {
- /* NOTE: the parameter olen is the length of the output k in bytes */
- H := NewHASH()
- hlen := 32
- var K []byte
-
- k := 0
-
- for i := 0; i < olen; i++ {
- K = append(K, 0)
- }
-
- cthreshold := olen / hlen
- if olen%hlen != 0 {
- cthreshold++
- }
-
- for counter := 1; counter <= cthreshold; counter++ {
- H.Process_array(Z)
- H.Process_num(int32(counter))
- H.Process_array(P)
- B := H.Hash()
- if k+hlen > olen {
- for i := 0; i < olen%hlen; i++ {
- K[k] = B[i]
- k++
- }
- } else {
- for i := 0; i < hlen; i++ {
- K[k] = B[i]
- k++
- }
- }
- }
- return K
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-func PBKDF2(Pass []byte, Salt []byte, rep int, olen int) []byte {
- d := olen / 32
- if olen%32 != 0 {
- d++
- }
- var F [ECDH_EFS]byte
- var U [ECDH_EFS]byte
-
- var S []byte
-
- //byte[] S=new byte[Salt.length+4];
-
- var K []byte
- //byte[] K=new byte[d*EFS];
- //opt:=0
-
- for i := 1; i <= d; i++ {
- for j := 0; j < len(Salt); j++ {
- S = append(S, Salt[j])
- }
- N := inttoBytes(i, 4)
- for j := 0; j < 4; j++ {
- S = append(S, N[j])
- }
-
- HMAC(S, Pass, F[:])
-
- for j := 0; j < ECDH_EFS; j++ {
- U[j] = F[j]
- }
- for j := 2; j <= rep; j++ {
- HMAC(U[:], Pass, U[:])
- for k := 0; k < ECDH_EFS; k++ {
- F[k] ^= U[k]
- }
- }
- for j := 0; j < ECDH_EFS; j++ {
- K = append(K, F[j])
- }
- }
- var key []byte
- for i := 0; i < olen; i++ {
- key = append(key, K[i])
- }
- return key
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
-func HMAC(M []byte, K []byte, tag []byte) int {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- var B [32]byte
- var K0 [64]byte
- olen := len(tag)
-
- b := len(K0)
- if olen < 4 || olen > 32 {
- return 0
- }
-
- for i := 0; i < b; i++ {
- K0[i] = 0
- }
-
- H := NewHASH()
-
- if len(K) > b {
- H.Process_array(K)
- B = H.Hash()
- for i := 0; i < 32; i++ {
- K0[i] = B[i]
- }
- } else {
- for i := 0; i < len(K); i++ {
- K0[i] = K[i]
- }
- }
-
- for i := 0; i < b; i++ {
- K0[i] ^= 0x36
- }
- H.Process_array(K0[:])
- H.Process_array(M)
- B = H.Hash()
-
- for i := 0; i < b; i++ {
- K0[i] ^= 0x6a
- }
- H.Process_array(K0[:])
- H.Process_array(B[:])
- B = H.Hash()
-
- for i := 0; i < olen; i++ {
- tag[i] = B[i]
- }
-
- return 1
-}
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
-func AES_CBC_IV0_ENCRYPT(K []byte, M []byte) []byte { /* AES CBC encryption, with Null IV and key K */
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- a := NewAES()
- fin := false
-
- var buff [16]byte
- var C []byte
-
- a.Init(aes_CBC, K, nil)
-
- ipt := 0 //opt:=0
- var i int
- for true {
- for i = 0; i < 16; i++ {
- if ipt < len(M) {
- buff[i] = M[ipt]
- ipt++
- } else {
- fin = true
- break
- }
- }
- if fin {
- break
- }
- a.Encrypt(buff[:])
- for i = 0; i < 16; i++ {
- C = append(C, buff[i])
- }
- }
-
- /* last block, filled up to i-th index */
-
- padlen := 16 - i
- for j := i; j < 16; j++ {
- buff[j] = byte(padlen)
- }
-
- a.Encrypt(buff[:])
-
- for i = 0; i < 16; i++ {
- C = append(C, buff[i])
- }
- a.End()
- return C
-}
-
-/* returns plaintext if all consistent, else returns null string */
-func AES_CBC_IV0_DECRYPT(K []byte, C []byte) []byte { /* padding is removed */
- a := NewAES()
- var buff [16]byte
- var MM []byte
- var M []byte
-
- var i int
- ipt := 0
- opt := 0
-
- a.Init(aes_CBC, K, nil)
-
- if len(C) == 0 {
- return nil
- }
- ch := C[ipt]
- ipt++
-
- fin := false
-
- for true {
- for i = 0; i < 16; i++ {
- buff[i] = ch
- if ipt >= len(C) {
- fin = true
- break
- } else {
- ch = C[ipt]
- ipt++
- }
- }
- a.Decrypt(buff[:])
- if fin {
- break
- }
- for i = 0; i < 16; i++ {
- MM = append(MM, buff[i])
- opt++
- }
- }
-
- a.End()
- bad := false
- padlen := int(buff[15])
- if i != 15 || padlen < 1 || padlen > 16 {
- bad = true
- }
- if padlen >= 2 && padlen <= 16 {
- for i = 16 - padlen; i < 16; i++ {
- if buff[i] != byte(padlen) {
- bad = true
- }
- }
- }
-
- if !bad {
- for i = 0; i < 16-padlen; i++ {
- MM = append(MM, buff[i])
- opt++
- }
- }
-
- if bad {
- return nil
- }
-
- for i = 0; i < opt; i++ {
- M = append(M, MM[i])
- }
-
- return M
-}
-
-/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
-func ECDH_KEY_PAIR_GENERATE(RNG *RAND, S []byte, W []byte) int {
- res := 0
- var T [ECDH_EFS]byte
- var s *BIG
- var G *ECP
-
- gx := NewBIGints(CURVE_Gx)
- if CURVETYPE != MONTGOMERY {
- gy := NewBIGints(CURVE_Gy)
- G = NewECPbigs(gx, gy)
- } else {
- G = NewECPbig(gx)
- }
-
- r := NewBIGints(CURVE_Order)
-
- if RNG == nil {
- s = fromBytes(S)
- } else {
- s = randomnum(r, RNG)
-
- s.toBytes(T[:])
- for i := 0; i < ECDH_EGS; i++ {
- S[i] = T[i]
- }
- }
-
- WP := G.mul(s)
-
- WP.toBytes(W)
-
- return res
-}
-
-/* validate public key. Set full=true for fuller check */
-func ECDH_PUBLIC_KEY_VALIDATE(full bool, W []byte) int {
- WP := ECP_fromBytes(W)
- res := 0
-
- r := NewBIGints(CURVE_Order)
-
- if WP.is_infinity() {
- res = ECDH_INVALID_PUBLIC_KEY
- }
- if res == 0 && full {
- WP = WP.mul(r)
- if !WP.is_infinity() {
- res = ECDH_INVALID_PUBLIC_KEY
- }
- }
- return res
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-func ECPSVDP_DH(S []byte, WD []byte, Z []byte) int {
- res := 0
- var T [ECDH_EFS]byte
-
- s := fromBytes(S)
-
- W := ECP_fromBytes(WD)
- if W.is_infinity() {
- res = ECDH_ERROR
- }
-
- if res == 0 {
- r := NewBIGints(CURVE_Order)
- s.mod(r)
- W = W.mul(s)
- if W.is_infinity() {
- res = ECDH_ERROR
- } else {
- W.getX().toBytes(T[:])
- for i := 0; i < ECDH_EFS; i++ {
- Z[i] = T[i]
- }
- }
- }
- return res
-}
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-func ECPSP_DSA(RNG *RAND, S []byte, F []byte, C []byte, D []byte) int {
- var T [ECDH_EFS]byte
-
- H := NewHASH()
- H.Process_array(F)
- B := H.Hash()
-
- gx := NewBIGints(CURVE_Gx)
- gy := NewBIGints(CURVE_Gy)
-
- G := NewECPbigs(gx, gy)
- r := NewBIGints(CURVE_Order)
-
- s := fromBytes(S)
- f := fromBytes(B[:])
-
- c := NewBIGint(0)
- d := NewBIGint(0)
- V := NewECP()
-
- for d.iszilch() {
- u := randomnum(r, RNG)
-
- V.copy(G)
- V = V.mul(u)
- vx := V.getX()
- c.copy(vx)
- c.mod(r)
- if c.iszilch() {
- continue
- }
- u.invmodp(r)
- d.copy(modmul(s, c, r))
- d.add(f)
- d.copy(modmul(u, d, r))
- }
-
- c.toBytes(T[:])
- for i := 0; i < ECDH_EFS; i++ {
- C[i] = T[i]
- }
- d.toBytes(T[:])
- for i := 0; i < ECDH_EFS; i++ {
- D[i] = T[i]
- }
- return 0
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-func ECPVP_DSA(W []byte, F []byte, C []byte, D []byte) int {
- res := 0
-
- H := NewHASH()
- H.Process_array(F)
- B := H.Hash()
-
- gx := NewBIGints(CURVE_Gx)
- gy := NewBIGints(CURVE_Gy)
-
- G := NewECPbigs(gx, gy)
- r := NewBIGints(CURVE_Order)
-
- c := fromBytes(C)
- d := fromBytes(D)
- f := fromBytes(B[:])
-
- if c.iszilch() || comp(c, r) >= 0 || d.iszilch() || comp(d, r) >= 0 {
- res = ECDH_INVALID
- }
-
- if res == 0 {
- d.invmodp(r)
- f.copy(modmul(f, d, r))
- h2 := modmul(c, d, r)
-
- WP := ECP_fromBytes(W)
- if WP.is_infinity() {
- res = ECDH_ERROR
- } else {
- P := NewECP()
- P.copy(WP)
-
- P = P.mul2(h2, G, f)
-
- if P.is_infinity() {
- res = ECDH_INVALID
- } else {
- d = P.getX()
- d.mod(r)
-
- if comp(d, c) != 0 {
- res = ECDH_INVALID
- }
- }
- }
- }
-
- return res
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-func ECIES_ENCRYPT(P1 []byte, P2 []byte, RNG *RAND, W []byte, M []byte, V []byte, T []byte) []byte {
- var Z [ECDH_EFS]byte
- var VZ [3*ECDH_EFS + 1]byte
- var K1 [ECDH_EAS]byte
- var K2 [ECDH_EAS]byte
- var U [ECDH_EGS]byte
-
- if ECDH_KEY_PAIR_GENERATE(RNG, U[:], V) != 0 {
- return nil
- }
- if ECPSVDP_DH(U[:], W, Z[:]) != 0 {
- return nil
- }
-
- for i := 0; i < 2*ECDH_EFS+1; i++ {
- VZ[i] = V[i]
- }
- for i := 0; i < ECDH_EFS; i++ {
- VZ[2*ECDH_EFS+1+i] = Z[i]
- }
-
- K := KDF2(VZ[:], P1, ECDH_EFS)
-
- for i := 0; i < ECDH_EAS; i++ {
- K1[i] = K[i]
- K2[i] = K[ECDH_EAS+i]
- }
-
- C := AES_CBC_IV0_ENCRYPT(K1[:], M)
-
- L2 := inttoBytes(len(P2), 8)
-
- var AC []byte
-
- for i := 0; i < len(C); i++ {
- AC = append(AC, C[i])
- }
- for i := 0; i < len(P2); i++ {
- AC = append(AC, P2[i])
- }
- for i := 0; i < 8; i++ {
- AC = append(AC, L2[i])
- }
-
- HMAC(AC, K2[:], T)
-
- return C
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-func ECIES_DECRYPT(P1 []byte, P2 []byte, V []byte, C []byte, T []byte, U []byte) []byte {
- var Z [ECDH_EFS]byte
- var VZ [3*ECDH_EFS + 1]byte
- var K1 [ECDH_EAS]byte
- var K2 [ECDH_EAS]byte
-
- var TAG []byte = T[:]
-
- if ECPSVDP_DH(U, V, Z[:]) != 0 {
- return nil
- }
-
- for i := 0; i < 2*ECDH_EFS+1; i++ {
- VZ[i] = V[i]
- }
- for i := 0; i < ECDH_EFS; i++ {
- VZ[2*ECDH_EFS+1+i] = Z[i]
- }
-
- K := KDF2(VZ[:], P1, ECDH_EFS)
-
- for i := 0; i < ECDH_EAS; i++ {
- K1[i] = K[i]
- K2[i] = K[ECDH_EAS+i]
- }
-
- M := AES_CBC_IV0_DECRYPT(K1[:], C)
-
- if M == nil {
- return nil
- }
-
- L2 := inttoBytes(len(P2), 8)
-
- var AC []byte
-
- for i := 0; i < len(C); i++ {
- AC = append(AC, C[i])
- }
- for i := 0; i < len(P2); i++ {
- AC = append(AC, P2[i])
- }
- for i := 0; i < 8; i++ {
- AC = append(AC, L2[i])
- }
-
- HMAC(AC, K2[:], TAG)
-
- same := true
- for i := 0; i < len(T); i++ {
- if T[i] != TAG[i] {
- same = false
- }
- }
- if !same {
- return nil
- }
-
- return M
-}
-
-func ECDH_printBinary(array []byte) {
- for i := 0; i < len(array); i++ {
- fmt.Printf("%02x", array[i])
- }
- fmt.Printf("\n")
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/ECP.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/ECP.go b/go/amcl-go/ECP.go
deleted file mode 100644
index 3ed1d04..0000000
--- a/go/amcl-go/ECP.go
+++ /dev/null
@@ -1,1076 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-//import "fmt"
-
-/* Elliptic Curve Point Structure */
-
-type ECP struct {
- x *FP
- y *FP
- z *FP
- INF bool
-}
-
-/* Constructors */
-func NewECP() *ECP {
- E := new(ECP)
- E.x = NewFPint(0)
- E.y = NewFPint(0)
- E.z = NewFPint(0)
- E.INF = true
- return E
-}
-
-/* set (x,y) from two BIGs */
-func NewECPbigs(ix *BIG, iy *BIG) *ECP {
- E := new(ECP)
- E.x = NewFPbig(ix)
- E.y = NewFPbig(iy)
- E.z = NewFPint(1)
- rhs := RHS(E.x)
-
- if CURVETYPE == MONTGOMERY {
- if rhs.jacobi() == 1 {
- E.INF = false
- } else {
- E.inf()
- }
- } else {
- y2 := NewFPcopy(E.y)
- y2.sqr()
- if y2.equals(rhs) {
- E.INF = false
- } else {
- E.inf()
- }
- }
- return E
-}
-
-/* set (x,y) from BIG and a bit */
-func NewECPbigint(ix *BIG, s int) *ECP {
- E := new(ECP)
- E.x = NewFPbig(ix)
- E.y = NewFPint(0)
- rhs := RHS(E.x)
- E.z = NewFPint(1)
- if rhs.jacobi() == 1 {
- ny := rhs.sqrt()
- if ny.redc().parity() != s {
- ny.neg()
- }
- E.y.copy(ny)
- E.INF = false
- } else {
- E.inf()
- }
- return E
-}
-
-/* set from x - calculate y from curve equation */
-func NewECPbig(ix *BIG) *ECP {
- E := new(ECP)
- E.x = NewFPbig(ix)
- E.y = NewFPint(0)
- rhs := RHS(E.x)
- E.z = NewFPint(1)
- if rhs.jacobi() == 1 {
- if CURVETYPE != MONTGOMERY {
- E.y.copy(rhs.sqrt())
- }
- E.INF = false
- } else {
- E.INF = true
- }
- return E
-}
-
-/* test for O point-at-infinity */
-func (E *ECP) is_infinity() bool {
- if CURVETYPE == EDWARDS {
- E.x.reduce()
- E.y.reduce()
- E.z.reduce()
- return (E.x.iszilch() && E.y.equals(E.z))
- } else {
- return E.INF
- }
-}
-
-/* Conditional swap of P and Q dependant on d */
-func (E *ECP) cswap(Q *ECP, d int32) {
- E.x.cswap(Q.x, d)
- if CURVETYPE != MONTGOMERY {
- E.y.cswap(Q.y, d)
- }
- E.z.cswap(Q.z, d)
- if CURVETYPE != EDWARDS {
- bd := true
- if d == 0 {
- bd = false
- }
- bd = bd && (E.INF != Q.INF)
- E.INF = (bd != E.INF)
- Q.INF = (bd != Q.INF)
- }
-}
-
-/* Conditional move of Q to P dependant on d */
-func (E *ECP) cmove(Q *ECP, d int32) {
- E.x.cmove(Q.x, d)
- if CURVETYPE != MONTGOMERY {
- E.y.cmove(Q.y, d)
- }
- E.z.cmove(Q.z, d)
- if CURVETYPE != EDWARDS {
- bd := true
- if d == 0 {
- bd = false
- }
- E.INF = (E.INF != ((E.INF != Q.INF) && bd))
- }
-}
-
-/* return 1 if b==c, no branching */
-func teq(b int32, c int32) int32 {
- x := b ^ c
- x -= 1 // if x=0, x now -1
- return ((x >> 31) & 1)
-}
-
-/* this=P */
-func (E *ECP) copy(P *ECP) {
- E.x.copy(P.x)
- if CURVETYPE != MONTGOMERY {
- E.y.copy(P.y)
- }
- E.z.copy(P.z)
- E.INF = P.INF
-}
-
-/* this=-this */
-func (E *ECP) neg() {
- if E.is_infinity() {
- return
- }
- if CURVETYPE == WEIERSTRASS {
- E.y.neg()
- E.y.reduce()
- }
- if CURVETYPE == EDWARDS {
- E.x.neg()
- E.x.reduce()
- }
- return
-}
-
-/* Constant time select from pre-computed table */
-func (E *ECP) selector(W []*ECP, b int32) {
- MP := NewECP()
- m := b >> 31
- babs := (b ^ m) - m
-
- babs = (babs - 1) / 2
-
- E.cmove(W[0], teq(babs, 0)) // conditional move
- E.cmove(W[1], teq(babs, 1))
- E.cmove(W[2], teq(babs, 2))
- E.cmove(W[3], teq(babs, 3))
- E.cmove(W[4], teq(babs, 4))
- E.cmove(W[5], teq(babs, 5))
- E.cmove(W[6], teq(babs, 6))
- E.cmove(W[7], teq(babs, 7))
-
- MP.copy(E)
- MP.neg()
- E.cmove(MP, (m & 1))
-}
-
-/* set this=O */
-func (E *ECP) inf() {
- E.INF = true
- E.x.zero()
- E.y.one()
- E.z.one()
-}
-
-/* Test P == Q */
-func (E *ECP) equals(Q *ECP) bool {
- if E.is_infinity() && Q.is_infinity() {
- return true
- }
- if E.is_infinity() || Q.is_infinity() {
- return false
- }
- if CURVETYPE == WEIERSTRASS {
- zs2 := NewFPcopy(E.z)
- zs2.sqr()
- zo2 := NewFPcopy(Q.z)
- zo2.sqr()
- zs3 := NewFPcopy(zs2)
- zs3.mul(E.z)
- zo3 := NewFPcopy(zo2)
- zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(E.x)
- if !zs2.equals(zo2) {
- return false
- }
- zs3.mul(Q.y)
- zo3.mul(E.y)
- if !zs3.equals(zo3) {
- return false
- }
- } else {
- a := NewFPint(0)
- b := NewFPint(0)
- a.copy(E.x)
- a.mul(Q.z)
- a.reduce()
- b.copy(Q.x)
- b.mul(E.z)
- b.reduce()
- if !a.equals(b) {
- return false
- }
- if CURVETYPE == EDWARDS {
- a.copy(E.y)
- a.mul(Q.z)
- a.reduce()
- b.copy(Q.y)
- b.mul(E.z)
- b.reduce()
- if !a.equals(b) {
- return false
- }
- }
- }
- return true
-}
-
-/* Calculate RHS of curve equation */
-func RHS(x *FP) *FP {
- x.norm()
- r := NewFPcopy(x)
- r.sqr()
-
- if CURVETYPE == WEIERSTRASS { // x^3+Ax+B
- b := NewFPbig(NewBIGints(CURVE_B))
- r.mul(x)
- if CURVE_A == -3 {
- cx := NewFPcopy(x)
- cx.imul(3)
- cx.neg()
- cx.norm()
- r.add(cx)
- }
- r.add(b)
- }
- if CURVETYPE == EDWARDS { // (Ax^2-1)/(Bx^2-1)
- b := NewFPbig(NewBIGints(CURVE_B))
-
- one := NewFPint(1)
- b.mul(r)
- b.sub(one)
- if CURVE_A == -1 {
- r.neg()
- }
- r.sub(one)
- b.inverse()
- r.mul(b)
- }
- if CURVETYPE == MONTGOMERY { // x^3+Ax^2+x
- x3 := NewFPint(0)
- x3.copy(r)
- x3.mul(x)
- r.imul(CURVE_A)
- r.add(x3)
- r.add(x)
- }
- r.reduce()
- return r
-}
-
-/* set to affine - from (x,y,z) to (x,y) */
-func (E *ECP) affine() {
- if E.is_infinity() {
- return
- }
- one := NewFPint(1)
- if E.z.equals(one) {
- return
- }
- E.z.inverse()
- if CURVETYPE == WEIERSTRASS {
- z2 := NewFPcopy(E.z)
- z2.sqr()
- E.x.mul(z2)
- E.x.reduce()
- E.y.mul(z2)
- E.y.mul(E.z)
- E.y.reduce()
- }
- if CURVETYPE == EDWARDS {
- E.x.mul(E.z)
- E.x.reduce()
- E.y.mul(E.z)
- E.y.reduce()
- }
- if CURVETYPE == MONTGOMERY {
- E.x.mul(E.z)
- E.x.reduce()
- }
- E.z.one()
-}
-
-/* extract x as a BIG */
-func (E *ECP) getX() *BIG {
- E.affine()
- return E.x.redc()
-}
-
-/* extract y as a BIG */
-func (E *ECP) getY() *BIG {
- E.affine()
- return E.y.redc()
-}
-
-/* get sign of Y */
-func (E *ECP) getS() int {
- E.affine()
- y := E.getY()
- return y.parity()
-}
-
-/* extract x as an FP */
-func (E *ECP) getx() *FP {
- return E.x
-}
-
-/* extract y as an FP */
-func (E *ECP) gety() *FP {
- return E.y
-}
-
-/* extract z as an FP */
-func (E *ECP) getz() *FP {
- return E.z
-}
-
-/* convert to byte array */
-func (E *ECP) toBytes(b []byte) {
- var t [int(MODBYTES)]byte
- MB := int(MODBYTES)
- if CURVETYPE != MONTGOMERY {
- b[0] = 0x04
- } else {
- b[0] = 0x02
- }
-
- E.affine()
- E.x.redc().toBytes(t[:])
- for i := 0; i < MB; i++ {
- b[i+1] = t[i]
- }
- if CURVETYPE != MONTGOMERY {
- E.y.redc().toBytes(t[:])
- for i := 0; i < MB; i++ {
- b[i+MB+1] = t[i]
- }
- }
-}
-
-/* convert from byte array to point */
-func ECP_fromBytes(b []byte) *ECP {
- var t [int(MODBYTES)]byte
- MB := int(MODBYTES)
- p := NewBIGints(Modulus)
-
- for i := 0; i < MB; i++ {
- t[i] = b[i+1]
- }
- px := fromBytes(t[:])
- if comp(px, p) >= 0 {
- return NewECP()
- }
-
- if b[0] == 0x04 {
- for i := 0; i < MB; i++ {
- t[i] = b[i+MB+1]
- }
- py := fromBytes(t[:])
- if comp(py, p) >= 0 {
- return NewECP()
- }
- return NewECPbigs(px, py)
- } else {
- return NewECPbig(px)
- }
-}
-
-/* convert to hex string */
-func (E *ECP) toString() string {
- if E.is_infinity() {
- return "infinity"
- }
- E.affine()
- if CURVETYPE == MONTGOMERY {
- return "(" + E.x.redc().toString() + ")"
- } else {
- return "(" + E.x.redc().toString() + "," + E.y.redc().toString() + ")"
- }
-}
-
-/* this*=2 */
-func (E *ECP) dbl() {
- if CURVETYPE == WEIERSTRASS {
- if E.INF {
- return
- }
- if E.y.iszilch() {
- E.inf()
- return
- }
-
- w1 := NewFPcopy(E.x)
- w6 := NewFPcopy(E.z)
- w2 := NewFPint(0)
- w3 := NewFPcopy(E.x)
- w8 := NewFPcopy(E.x)
-
- if CURVE_A == -3 {
- w6.sqr()
- w1.copy(w6)
- w1.neg()
- w3.add(w1)
-
- w8.add(w6)
-
- w3.mul(w8)
- w8.copy(w3)
- w8.imul(3)
- } else {
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
- }
-
- w2.copy(E.y)
- w2.sqr()
- w3.copy(E.x)
- w3.mul(w2)
- w3.imul(4)
- w1.copy(w3)
- w1.neg()
- // w1.norm();
-
- E.x.copy(w8)
- E.x.sqr()
- E.x.add(w1)
- E.x.add(w1)
- // x.reduce();
- E.x.norm()
-
- E.z.mul(E.y)
- E.z.add(E.z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(E.x)
- E.y.copy(w8)
- E.y.mul(w3)
- // w2.norm();
- E.y.sub(w2)
- // y.reduce();
- // z.reduce();
- E.y.norm()
- E.z.norm()
-
- }
- if CURVETYPE == EDWARDS {
- C := NewFPcopy(E.x)
- D := NewFPcopy(E.y)
- H := NewFPcopy(E.z)
- J := NewFPint(0)
-
- E.x.mul(E.y)
- E.x.add(E.x)
- C.sqr()
- D.sqr()
- if CURVE_A == -1 {
- C.neg()
- }
- E.y.copy(C)
- E.y.add(D)
- // y.norm();
- H.sqr()
- H.add(H)
- E.z.copy(E.y)
- J.copy(E.y)
- J.sub(H)
- E.x.mul(J)
- C.sub(D)
- E.y.mul(C)
- E.z.mul(J)
-
- E.x.norm()
- E.y.norm()
- E.z.norm()
- }
- if CURVETYPE == MONTGOMERY {
- A := NewFPcopy(E.x)
- B := NewFPcopy(E.x)
- AA := NewFPint(0)
- BB := NewFPint(0)
- C := NewFPint(0)
-
- if E.INF {
- return
- }
-
- A.add(E.z)
- AA.copy(A)
- AA.sqr()
- B.sub(E.z)
- BB.copy(B)
- BB.sqr()
- C.copy(AA)
- C.sub(BB)
- // C.norm();
-
- E.x.copy(AA)
- E.x.mul(BB)
-
- A.copy(C)
- A.imul((CURVE_A + 2) / 4)
-
- BB.add(A)
- E.z.copy(BB)
- E.z.mul(C)
- // x.reduce();
- // z.reduce();
- E.x.norm()
- E.z.norm()
- }
- return
-}
-
-/* this+=Q */
-func (E *ECP) add(Q *ECP) {
- if CURVETYPE == WEIERSTRASS {
- if E.INF {
- E.copy(Q)
- return
- }
- if Q.INF {
- return
- }
-
- aff := false
-
- one := NewFPint(1)
- if Q.z.equals(one) {
- aff = true
- }
-
- var A, C *FP
- B := NewFPcopy(E.z)
- D := NewFPcopy(E.z)
- if !aff {
- A = NewFPcopy(Q.z)
- C = NewFPcopy(Q.z)
-
- A.sqr()
- B.sqr()
- C.mul(A)
- D.mul(B)
-
- A.mul(E.x)
- C.mul(E.y)
- } else {
- A = NewFPcopy(E.x)
- C = NewFPcopy(E.y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x)
- B.sub(A)
- D.mul(Q.y)
- D.sub(C)
-
- if B.iszilch() {
- if D.iszilch() {
- E.dbl()
- return
- } else {
- E.INF = true
- return
- }
- }
-
- if !aff {
- E.z.mul(Q.z)
- }
- E.z.mul(B)
-
- e := NewFPcopy(B)
- e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A)
- e.add(B)
- E.x.copy(D)
- E.x.sqr()
- E.x.sub(e)
-
- A.sub(E.x)
- E.y.copy(A)
- E.y.mul(D)
- C.mul(B)
- E.y.sub(C)
-
- // x.reduce();
- // y.reduce();
- // z.reduce();
- E.x.norm()
- E.y.norm()
- E.z.norm()
- }
- if CURVETYPE == EDWARDS {
- b := NewFPbig(NewBIGints(CURVE_B))
- A := NewFPcopy(E.z)
- B := NewFPint(0)
- C := NewFPcopy(E.x)
- D := NewFPcopy(E.y)
- EE := NewFPint(0)
- F := NewFPint(0)
- G := NewFPint(0)
- //H:=NewFPint(0)
- //I:=NewFPint(0)
-
- A.mul(Q.z)
- B.copy(A)
- B.sqr()
- C.mul(Q.x)
- D.mul(Q.y)
-
- EE.copy(C)
- EE.mul(D)
- EE.mul(b)
- F.copy(B)
- F.sub(EE)
- G.copy(B)
- G.add(EE)
- C.add(D)
-
- if CURVE_A == 1 {
- EE.copy(D)
- D.sub(C)
- }
-
- B.copy(E.x)
- B.add(E.y)
- D.copy(Q.x)
- D.add(Q.y)
- B.mul(D)
- B.sub(C)
- B.mul(F)
- E.x.copy(A)
- E.x.mul(B)
-
- if CURVE_A == 1 {
- C.copy(EE)
- C.mul(G)
- }
- if CURVE_A == -1 {
- C.mul(G)
- }
- E.y.copy(A)
- E.y.mul(C)
- E.z.copy(F)
- E.z.mul(G)
- // x.reduce(); y.reduce(); z.reduce();
- E.x.norm()
- E.y.norm()
- E.z.norm()
- }
- return
-}
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
-func (E *ECP) dadd(Q *ECP, W *ECP) {
- A := NewFPcopy(E.x)
- B := NewFPcopy(E.x)
- C := NewFPcopy(Q.x)
- D := NewFPcopy(Q.x)
- DA := NewFPint(0)
- CB := NewFPint(0)
-
- A.add(E.z)
- B.sub(E.z)
-
- C.add(Q.z)
- D.sub(Q.z)
-
- DA.copy(D)
- DA.mul(A)
- CB.copy(C)
- CB.mul(B)
-
- A.copy(DA)
- A.add(CB)
- A.sqr()
- B.copy(DA)
- B.sub(CB)
- B.sqr()
-
- E.x.copy(A)
- E.z.copy(W.x)
- E.z.mul(B)
-
- if E.z.iszilch() {
- E.inf()
- } else {
- E.INF = false
- }
-
- // x.reduce();
- E.x.norm()
-}
-
-/* this-=Q */
-func (E *ECP) sub(Q *ECP) {
- Q.neg()
- E.add(Q)
- Q.neg()
-}
-
-func multiaffine(m int, P []*ECP) {
- t1 := NewFPint(0)
- t2 := NewFPint(0)
-
- var work []*FP
-
- for i := 0; i < m; i++ {
- work = append(work, NewFPint(0))
- }
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for i := 2; i < m; i++ {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1])
- t1.mul(P[m-1].z)
- t1.inverse()
- t2.copy(P[m-1].z)
- work[m-1].mul(t1)
-
- for i := m - 2; ; i-- {
- if i == 0 {
- work[0].copy(t1)
- work[0].mul(t2)
- break
- }
- work[i].mul(t2)
- work[i].mul(t1)
- t2.mul(P[i].z)
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for i := 0; i < m; i++ {
- P[i].z.one()
- t1.copy(work[i])
- t1.sqr()
- P[i].x.mul(t1)
- t1.mul(work[i])
- P[i].y.mul(t1)
- }
-}
-
-/* constant time multiply by small integer of length bts - use ladder */
-func (E *ECP) pinmul(e int32, bts int32) *ECP {
- if CURVETYPE == MONTGOMERY {
- return E.mul(NewBIGint(int(e)))
- } else {
- P := NewECP()
- R0 := NewECP()
- R1 := NewECP()
- R1.copy(E)
-
- for i := bts - 1; i >= 0; i-- {
- b := (e >> uint32(i)) & 1
- P.copy(R1)
- P.add(R0)
- R0.cswap(R1, b)
- R1.copy(P)
- R0.dbl()
- R0.cswap(R1, b)
- }
- P.copy(R0)
- P.affine()
- return P
- }
-}
-
-/* return e.this */
-
-func (E *ECP) mul(e *BIG) *ECP {
- if e.iszilch() || E.is_infinity() {
- return NewECP()
- }
- P := NewECP()
- if CURVETYPE == MONTGOMERY {
- /* use Ladder */
- D := NewECP()
- R0 := NewECP()
- R0.copy(E)
- R1 := NewECP()
- R1.copy(E)
- R1.dbl()
- D.copy(E)
- D.affine()
- nb := e.nbits()
- for i := nb - 2; i >= 0; i-- {
- b := int32(e.bit(i))
- P.copy(R1)
- P.dadd(R0, D)
- R0.cswap(R1, b)
- R1.copy(P)
- R0.dbl()
- R0.cswap(R1, b)
- }
- P.copy(R0)
- } else {
- // fixed size windows
- mt := NewBIG()
- t := NewBIG()
- Q := NewECP()
- C := NewECP()
-
- var W []*ECP
- var w [1 + (NLEN*int(BASEBITS)+3)/4]int8
-
- E.affine()
-
- Q.copy(E)
- Q.dbl()
-
- W = append(W, NewECP())
- W[0].copy(E)
-
- for i := 1; i < 8; i++ {
- W = append(W, NewECP())
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
- // convert the table to affine
- if CURVETYPE == WEIERSTRASS {
- multiaffine(8, W[:])
- }
-
- // make exponent odd - add 2P if even, P if odd
- t.copy(e)
- s := int32(t.parity())
- t.inc(1)
- t.norm()
- ns := int32(t.parity())
- mt.copy(t)
- mt.inc(1)
- mt.norm()
- t.cmove(mt, s)
- Q.cmove(E, ns)
- C.copy(Q)
-
- nb := 1 + (t.nbits()+3)/4
-
- // convert exponent to signed 4-bit window
- for i := 0; i < nb; i++ {
- w[i] = int8(t.lastbits(5) - 16)
- t.dec(int(w[i]))
- t.norm()
- t.fshr(4)
- }
- w[nb] = int8(t.lastbits(5))
-
- P.copy(W[(int(w[nb])-1)/2])
- for i := nb - 1; i >= 0; i-- {
- Q.selector(W, int32(w[i]))
- P.dbl()
- P.dbl()
- P.dbl()
- P.dbl()
- P.add(Q)
- }
- P.sub(C) /* apply correction */
- }
- P.affine()
- return P
-}
-
-/* Return e.this+f.Q */
-
-func (E *ECP) mul2(e *BIG, Q *ECP, f *BIG) *ECP {
- te := NewBIG()
- tf := NewBIG()
- mt := NewBIG()
- S := NewECP()
- T := NewECP()
- C := NewECP()
- var W []*ECP
- //ECP[] W=new ECP[8];
- var w [1 + (NLEN*int(BASEBITS)+1)/2]int8
-
- E.affine()
- Q.affine()
-
- te.copy(e)
- tf.copy(f)
-
- // precompute table
- for i := 0; i < 8; i++ {
- W = append(W, NewECP())
- }
- W[1].copy(E)
- W[1].sub(Q)
- W[2].copy(E)
- W[2].add(Q)
- S.copy(Q)
- S.dbl()
- W[0].copy(W[1])
- W[0].sub(S)
- W[3].copy(W[2])
- W[3].add(S)
- T.copy(E)
- T.dbl()
- W[5].copy(W[1])
- W[5].add(T)
- W[6].copy(W[2])
- W[6].add(T)
- W[4].copy(W[5])
- W[4].sub(S)
- W[7].copy(W[6])
- W[7].add(S)
-
- // convert the table to affine
- if CURVETYPE == WEIERSTRASS {
- multiaffine(8, W)
- }
-
- // if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s := int32(te.parity())
- te.inc(1)
- te.norm()
- ns := int32(te.parity())
- mt.copy(te)
- mt.inc(1)
- mt.norm()
- te.cmove(mt, s)
- T.cmove(E, ns)
- C.copy(T)
-
- s = int32(tf.parity())
- tf.inc(1)
- tf.norm()
- ns = int32(tf.parity())
- mt.copy(tf)
- mt.inc(1)
- mt.norm()
- tf.cmove(mt, s)
- S.cmove(Q, ns)
- C.add(S)
-
- mt.copy(te)
- mt.add(tf)
- mt.norm()
- nb := 1 + (mt.nbits()+1)/2
-
- // convert exponent to signed 2-bit window
- for i := 0; i < nb; i++ {
- a := (te.lastbits(3) - 4)
- te.dec(int(a))
- te.norm()
- te.fshr(2)
- b := (tf.lastbits(3) - 4)
- tf.dec(int(b))
- tf.norm()
- tf.fshr(2)
- w[i] = int8(4*a + b)
- }
- w[nb] = int8(4*te.lastbits(3) + tf.lastbits(3))
- S.copy(W[(w[nb]-1)/2])
-
- for i := nb - 1; i >= 0; i-- {
- T.selector(W, int32(w[i]))
- S.dbl()
- S.dbl()
- S.add(T)
- }
- S.sub(C) /* apply correction */
- S.affine()
- return S
-}
-
-/*
-func main() {
- Gx:=NewBIGints(CURVE_Gx);
- var Gy *BIG
- var P *ECP
-
- if CURVETYPE!=MONTGOMERY {Gy=NewBIGints(CURVE_Gy)}
- r:=NewBIGints(CURVE_Order)
-
- //r.dec(7);
-
- fmt.Printf("Gx= "+Gx.toString())
- fmt.Printf("\n")
-
- if CURVETYPE!=MONTGOMERY {
- fmt.Printf("Gy= "+Gy.toString())
- fmt.Printf("\n")
- }
-
- if CURVETYPE!=MONTGOMERY {
- P=NewECPbigs(Gx,Gy)
- } else {P=NewECPbig(Gx)}
-
- fmt.Printf("P= "+P.toString());
- fmt.Printf("\n")
-
- R:=P.mul(r);
- //for (int i=0;i<10000;i++)
- // R=P.mul(r);
-
- fmt.Printf("R= "+R.toString())
- fmt.Printf("\n")
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/ECP2.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/ECP2.go b/go/amcl-go/ECP2.go
deleted file mode 100644
index 6770378..0000000
--- a/go/amcl-go/ECP2.go
+++ /dev/null
@@ -1,672 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-package amcl
-
-//import "fmt"
-
-type ECP2 struct {
- x *FP2
- y *FP2
- z *FP2
- INF bool
-}
-
-func NewECP2() *ECP2 {
- E := new(ECP2)
- E.x = NewFP2int(0)
- E.y = NewFP2int(1)
- E.z = NewFP2int(1)
- E.INF = true
- return E
-}
-
-/* Test this=O? */
-func (E *ECP2) is_infinity() bool {
- return E.INF
-}
-
-/* copy this=P */
-func (E *ECP2) copy(P *ECP2) {
- E.x.copy(P.x)
- E.y.copy(P.y)
- E.z.copy(P.z)
- E.INF = P.INF
-}
-
-/* set this=O */
-func (E *ECP2) inf() {
- E.INF = true
- E.x.zero()
- E.y.zero()
- E.z.zero()
-}
-
-/* set this=-this */
-func (E *ECP2) neg() {
- if E.is_infinity() {
- return
- }
- E.y.neg()
- E.y.reduce()
-}
-
-/* Conditional move of Q to P dependant on d */
-func (E *ECP2) cmove(Q *ECP2, d int32) {
- E.x.cmove(Q.x, d)
- E.y.cmove(Q.y, d)
- E.z.cmove(Q.z, d)
-
- var bd bool
- if d == 0 {
- bd = false
- } else {
- bd = true
- }
- E.INF = (E.INF != (E.INF != Q.INF) && bd)
-}
-
-/* Constant time select from pre-computed table */
-func (E *ECP2) selector(W []*ECP2, b int32) {
- MP := NewECP2()
- m := b >> 31
- babs := (b ^ m) - m
-
- babs = (babs - 1) / 2
-
- E.cmove(W[0], teq(babs, 0)) // conditional move
- E.cmove(W[1], teq(babs, 1))
- E.cmove(W[2], teq(babs, 2))
- E.cmove(W[3], teq(babs, 3))
- E.cmove(W[4], teq(babs, 4))
- E.cmove(W[5], teq(babs, 5))
- E.cmove(W[6], teq(babs, 6))
- E.cmove(W[7], teq(babs, 7))
-
- MP.copy(E)
- MP.neg()
- E.cmove(MP, (m & 1))
-}
-
-/* Test if P == Q */
-func (E *ECP2) equals(Q *ECP2) bool {
- if E.is_infinity() && Q.is_infinity() {
- return true
- }
- if E.is_infinity() || Q.is_infinity() {
- return false
- }
-
- zs2 := NewFP2copy(E.z)
- zs2.sqr()
- zo2 := NewFP2copy(Q.z)
- zo2.sqr()
- zs3 := NewFP2copy(zs2)
- zs3.mul(E.z)
- zo3 := NewFP2copy(zo2)
- zo3.mul(Q.z)
- zs2.mul(Q.x)
- zo2.mul(E.x)
- if !zs2.equals(zo2) {
- return false
- }
- zs3.mul(Q.y)
- zo3.mul(E.y)
- if !zs3.equals(zo3) {
- return false
- }
-
- return true
-}
-
-/* set to Affine - (x,y,z) to (x,y) */
-func (E *ECP2) affine() {
- if E.is_infinity() {
- return
- }
- one := NewFP2int(1)
- if E.z.equals(one) {
- return
- }
- E.z.inverse()
-
- z2 := NewFP2copy(E.z)
- z2.sqr()
- E.x.mul(z2)
- E.x.reduce()
- E.y.mul(z2)
- E.y.mul(E.z)
- E.y.reduce()
- E.z.copy(one)
-}
-
-/* extract affine x as FP2 */
-func (E *ECP2) getX() *FP2 {
- E.affine()
- return E.x
-}
-
-/* extract affine y as FP2 */
-func (E *ECP2) getY() *FP2 {
- E.affine()
- return E.y
-}
-
-/* extract projective x */
-func (E *ECP2) getx() *FP2 {
- return E.x
-}
-
-/* extract projective y */
-func (E *ECP2) gety() *FP2 {
- return E.y
-}
-
-/* extract projective z */
-func (E *ECP2) getz() *FP2 {
- return E.z
-}
-
-/* convert to byte array */
-func (E *ECP2) toBytes(b []byte) {
- var t [int(MODBYTES)]byte
- MB := int(MODBYTES)
-
- E.affine()
- E.x.getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- b[i] = t[i]
- }
- E.x.getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- b[i+MB] = t[i]
- }
-
- E.y.getA().toBytes(t[:])
- for i := 0; i < MB; i++ {
- b[i+2*MB] = t[i]
- }
- E.y.getB().toBytes(t[:])
- for i := 0; i < MB; i++ {
- b[i+3*MB] = t[i]
- }
-}
-
-/* convert from byte array to point */
-func ECP2_fromBytes(b []byte) *ECP2 {
- var t [int(MODBYTES)]byte
- MB := int(MODBYTES)
-
- for i := 0; i < MB; i++ {
- t[i] = b[i]
- }
- ra := fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = b[i+MB]
- }
- rb := fromBytes(t[:])
- rx := NewFP2bigs(ra, rb)
-
- for i := 0; i < MB; i++ {
- t[i] = b[i+2*MB]
- }
- ra = fromBytes(t[:])
- for i := 0; i < MB; i++ {
- t[i] = b[i+3*MB]
- }
- rb = fromBytes(t[:])
- ry := NewFP2bigs(ra, rb)
-
- return NewECP2fp2s(rx, ry)
-}
-
-/* convert this to hex string */
-func (E *ECP2) toString() string {
- if E.is_infinity() {
- return "infinity"
- }
- E.affine()
- return "(" + E.x.toString() + "," + E.y.toString() + ")"
-}
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
-func RHS2(x *FP2) *FP2 {
- x.norm()
- r := NewFP2copy(x)
- r.sqr()
- b := NewFP2big(NewBIGints(CURVE_B))
- b.div_ip()
- r.mul(x)
- r.add(b)
-
- r.reduce()
- return r
-}
-
-/* construct this from (x,y) - but set to O if not on curve */
-func NewECP2fp2s(ix *FP2, iy *FP2) *ECP2 {
- E := new(ECP2)
- E.x = NewFP2copy(ix)
- E.y = NewFP2copy(iy)
- E.z = NewFP2int(1)
- rhs := RHS2(E.x)
- y2 := NewFP2copy(E.y)
- y2.sqr()
- if y2.equals(rhs) {
- E.INF = false
- } else {
- E.x.zero()
- E.INF = true
- }
- return E
-}
-
-/* construct this from x - but set to O if not on curve */
-func NewECP2fp2(ix *FP2) *ECP2 {
- E := new(ECP2)
- E.x = NewFP2copy(ix)
- E.y = NewFP2int(1)
- E.z = NewFP2int(1)
- rhs := RHS2(E.x)
- if rhs.sqrt() {
- E.y.copy(rhs)
- E.INF = false
- } else {
- E.x.zero()
- E.INF = true
- }
- return E
-}
-
-/* this+=this */
-func (E *ECP2) dbl() int {
- if E.INF {
- return -1
- }
- if E.y.iszilch() {
- E.inf()
- return -1
- }
-
- w1 := NewFP2copy(E.x)
- w2 := NewFP2int(0)
- w3 := NewFP2copy(E.x)
- w8 := NewFP2copy(E.x)
-
- w1.sqr()
- w8.copy(w1)
- w8.imul(3)
-
- w2.copy(E.y)
- w2.sqr()
- w3.copy(E.x)
- w3.mul(w2)
- w3.imul(4)
- w1.copy(w3)
- w1.neg()
- // w1.norm();
-
- E.x.copy(w8)
- E.x.sqr()
- E.x.add(w1)
- E.x.add(w1)
- E.x.norm()
-
- E.z.mul(E.y)
- E.z.add(E.z)
-
- w2.add(w2)
- w2.sqr()
- w2.add(w2)
- w3.sub(E.x)
- E.y.copy(w8)
- E.y.mul(w3)
- // w2.norm();
- E.y.sub(w2)
-
- E.y.norm()
- E.z.norm()
-
- return 1
-}
-
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
-func (E *ECP2) add(Q *ECP2) int {
- if E.INF {
- E.copy(Q)
- return -1
- }
- if Q.INF {
- return -1
- }
-
- aff := false
-
- if Q.z.isunity() {
- aff = true
- }
-
- var A, C *FP2
- B := NewFP2copy(E.z)
- D := NewFP2copy(E.z)
- if !aff {
- A = NewFP2copy(Q.z)
- C = NewFP2copy(Q.z)
-
- A.sqr()
- B.sqr()
- C.mul(A)
- D.mul(B)
-
- A.mul(E.x)
- C.mul(E.y)
- } else {
- A = NewFP2copy(E.x)
- C = NewFP2copy(E.y)
-
- B.sqr()
- D.mul(B)
- }
-
- B.mul(Q.x)
- B.sub(A)
- D.mul(Q.y)
- D.sub(C)
-
- if B.iszilch() {
- if D.iszilch() {
- E.dbl()
- return 1
- } else {
- E.INF = true
- return -1
- }
- }
-
- if !aff {
- E.z.mul(Q.z)
- }
- E.z.mul(B)
-
- e := NewFP2copy(B)
- e.sqr()
- B.mul(e)
- A.mul(e)
-
- e.copy(A)
- e.add(A)
- e.add(B)
- E.x.copy(D)
- E.x.sqr()
- E.x.sub(e)
-
- A.sub(E.x)
- E.y.copy(A)
- E.y.mul(D)
- C.mul(B)
- E.y.sub(C)
-
- E.x.norm()
- E.y.norm()
- E.z.norm()
-
- return 0
-}
-
-/* set this-=Q */
-func (E *ECP2) sub(Q *ECP2) int {
- Q.neg()
- D := E.add(Q)
- Q.neg()
- return D
-}
-
-/* set this*=q, where q is Modulus, using Frobenius */
-func (E *ECP2) frob(X *FP2) {
- if E.INF {
- return
- }
- X2 := NewFP2copy(X)
- X2.sqr()
- E.x.conj()
- E.y.conj()
- E.z.conj()
- E.z.reduce()
- E.x.mul(X2)
- E.y.mul(X2)
- E.y.mul(X)
-}
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
-func multiaffine2(m int, P []*ECP2) {
- t1 := NewFP2int(0)
- t2 := NewFP2int(0)
-
- var work []*FP2
-
- for i := 0; i < m; i++ {
- work = append(work, NewFP2int(0))
- }
-
- work[0].one()
- work[1].copy(P[0].z)
-
- for i := 2; i < m; i++ {
- work[i].copy(work[i-1])
- work[i].mul(P[i-1].z)
- }
-
- t1.copy(work[m-1])
- t1.mul(P[m-1].z)
-
- t1.inverse()
-
- t2.copy(P[m-1].z)
- work[m-1].mul(t1)
-
- for i := m - 2; ; i-- {
- if i == 0 {
- work[0].copy(t1)
- work[0].mul(t2)
- break
- }
- work[i].mul(t2)
- work[i].mul(t1)
- t2.mul(P[i].z)
- }
- /* now work[] contains inverses of all Z coordinates */
-
- for i := 0; i < m; i++ {
- P[i].z.one()
- t1.copy(work[i])
- t1.sqr()
- P[i].x.mul(t1)
- t1.mul(work[i])
- P[i].y.mul(t1)
- }
-}
-
-/* P*=e */
-func (E *ECP2) mul(e *BIG) *ECP2 {
- /* fixed size windows */
- mt := NewBIG()
- t := NewBIG()
- P := NewECP2()
- Q := NewECP2()
- C := NewECP2()
-
- if E.is_infinity() {
- return NewECP2()
- }
-
- var W []*ECP2
- var w [1 + (NLEN*int(BASEBITS)+3)/4]int8
-
- E.affine()
-
- /* precompute table */
- Q.copy(E)
- Q.dbl()
-
- W = append(W, NewECP2())
- W[0].copy(E)
-
- for i := 1; i < 8; i++ {
- W = append(W, NewECP2())
- W[i].copy(W[i-1])
- W[i].add(Q)
- }
-
- /* convert the table to affine */
-
- multiaffine2(8, W[:])
-
- /* make exponent odd - add 2P if even, P if odd */
- t.copy(e)
- s := int32(t.parity())
- t.inc(1)
- t.norm()
- ns := int32(t.parity())
- mt.copy(t)
- mt.inc(1)
- mt.norm()
- t.cmove(mt, s)
- Q.cmove(E, ns)
- C.copy(Q)
-
- nb := 1 + (t.nbits()+3)/4
- /* convert exponent to signed 4-bit window */
- for i := 0; i < nb; i++ {
- w[i] = int8(t.lastbits(5) - 16)
- t.dec(int(w[i]))
- t.norm()
- t.fshr(4)
- }
- w[nb] = int8(t.lastbits(5))
-
- P.copy(W[(w[nb]-1)/2])
- for i := nb - 1; i >= 0; i-- {
- Q.selector(W, int32(w[i]))
- P.dbl()
- P.dbl()
- P.dbl()
- P.dbl()
- P.add(Q)
- }
- P.sub(C)
- P.affine()
- return P
-}
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
-func mul4(Q []*ECP2, u []*BIG) *ECP2 {
- var a [4]int8
- T := NewECP2()
- C := NewECP2()
- P := NewECP2()
-
- var W []*ECP2
-
- mt := NewBIG()
- var t []*BIG
-
- var w [NLEN*int(BASEBITS) + 1]int8
-
- for i := 0; i < 4; i++ {
- t = append(t, NewBIGcopy(u[i]))
- Q[i].affine()
- }
-
- /* precompute table */
-
- W = append(W, NewECP2())
- W[0].copy(Q[0])
- W[0].sub(Q[1])
- W = append(W, NewECP2())
- W[1].copy(W[0])
- W = append(W, NewECP2())
- W[2].copy(W[0])
- W = append(W, NewECP2())
- W[3].copy(W[0])
- W = append(W, NewECP2())
- W[4].copy(Q[0])
- W[4].add(Q[1])
- W = append(W, NewECP2())
- W[5].copy(W[4])
- W = append(W, NewECP2())
- W[6].copy(W[4])
- W = append(W, NewECP2())
- W[7].copy(W[4])
-
- T.copy(Q[2])
- T.sub(Q[3])
- W[1].sub(T)
- W[2].add(T)
- W[5].sub(T)
- W[6].add(T)
- T.copy(Q[2])
- T.add(Q[3])
- W[0].sub(T)
- W[3].add(T)
- W[4].sub(T)
- W[7].add(T)
-
- multiaffine2(8, W[:])
-
- /* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero()
- C.inf()
- for i := 0; i < 4; i++ {
- if t[i].parity() == 0 {
- t[i].inc(1)
- t[i].norm()
- C.add(Q[i])
- }
- mt.add(t[i])
- mt.norm()
- }
-
- nb := 1 + mt.nbits()
-
- /* convert exponent to signed 1-bit window */
- for j := 0; j < nb; j++ {
- for i := 0; i < 4; i++ {
- a[i] = int8(t[i].lastbits(2) - 2)
- t[i].dec(int(a[i]))
- t[i].norm()
- t[i].fshr(1)
- }
- w[j] = (8*a[0] + 4*a[1] + 2*a[2] + a[3])
- }
- w[nb] = int8(8*t[0].lastbits(2) + 4*t[1].lastbits(2) + 2*t[2].lastbits(2) + t[3].lastbits(2))
-
- P.copy(W[(w[nb]-1)/2])
- for i := nb - 1; i >= 0; i-- {
- T.selector(W, int32(w[i]))
- P.dbl()
- P.add(T)
- }
- P.sub(C) /* apply correction */
-
- P.affine()
- return P
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/FF.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/FF.go b/go/amcl-go/FF.go
deleted file mode 100644
index 9e6e68c..0000000
--- a/go/amcl-go/FF.go
+++ /dev/null
@@ -1,926 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-package amcl
-
-//import "fmt"
-
-const P_MBITS uint = MODBYTES * 8
-const P_MB uint = (P_MBITS % BASEBITS)
-const P_OMASK int64 = (int64(-1) << (P_MBITS % BASEBITS))
-const P_FEXCESS int64 = (int64(1) << (BASEBITS*uint(NLEN) - P_MBITS))
-const P_TBITS uint = (P_MBITS % BASEBITS)
-
-type FF struct {
- length int
- v []*BIG
-}
-
-func (F *FF) P_EXCESS() int64 {
- return ((F.v[F.length-1].get(NLEN-1) & P_OMASK) >> (P_MB))
-}
-
-/* Constructors */
-func NewFFint(n int) *FF {
- F := new(FF)
- for i := 0; i < n; i++ {
- F.v = append(F.v, NewBIG())
- }
- F.length = n
- return F
-}
-
-func NewFFints(x [][5]int64, n int) *FF {
- F := new(FF)
- for i := 0; i < n; i++ {
- F.v = append(F.v, NewBIGints(x[i]))
- }
- F.length = n
- return F
-}
-
-/* set to zero */
-func (F *FF) zero() {
- for i := 0; i < F.length; i++ {
- F.v[i].zero()
- }
-}
-
-func (F *FF) getlen() int {
- return F.length
-}
-
-/* set to integer */
-func (F *FF) set(m int) {
- F.zero()
- F.v[0].set(0, int64(m))
-}
-
-/* copy from FF b */
-func (F *FF) copy(b *FF) {
- for i := 0; i < F.length; i++ {
- F.v[i].copy(b.v[i])
- }
-}
-
-/* x=y<<n */
-func (F *FF) dsucopy(b *FF) {
- for i := 0; i < b.length; i++ {
- F.v[b.length+i].copy(b.v[i])
- F.v[i].zero()
- }
-}
-
-/* x=y */
-func (F *FF) dscopy(b *FF) {
- for i := 0; i < b.length; i++ {
- F.v[i].copy(b.v[i])
- F.v[b.length+i].zero()
- }
-}
-
-/* x=y>>n */
-func (F *FF) sducopy(b *FF) {
- for i := 0; i < F.length; i++ {
- F.v[i].copy(b.v[F.length+i])
- }
-}
-
-func (F *FF) one() {
- F.v[0].one()
- for i := 1; i < F.length; i++ {
- F.v[i].zero()
- }
-}
-
-/* test equals 0 */
-func (F *FF) iszilch() bool {
- for i := 0; i < F.length; i++ {
- if !F.v[i].iszilch() {
- return false
- }
- }
- return true
-}
-
-/* shift right by 256-bit words */
-func (F *FF) shrw(n int) {
- for i := 0; i < n; i++ {
- F.v[i].copy(F.v[i+n])
- F.v[i+n].zero()
- }
-}
-
-/* shift left by 256-bit words */
-func (F *FF) shlw(n int) {
- for i := 0; i < n; i++ {
- F.v[n+i].copy(F.v[i])
- F.v[i].zero()
- }
-}
-
-/* extract last bit */
-func (F *FF) parity() int {
- return F.v[0].parity()
-}
-
-func (F *FF) lastbits(m int) int {
- return F.v[0].lastbits(m)
-}
-
-/* compare x and y - must be normalised, and of same length */
-func ff_comp(a *FF, b *FF) int {
- for i := a.length - 1; i >= 0; i-- {
- j := comp(a.v[i], b.v[i])
- if j != 0 {
- return j
- }
- }
- return 0
-}
-
-/* recursive add */
-func (F *FF) radd(vp int, x *FF, xp int, y *FF, yp int, n int) {
- for i := 0; i < n; i++ {
- F.v[vp+i].copy(x.v[xp+i])
- F.v[vp+i].add(y.v[yp+i])
- }
-}
-
-/* recursive inc */
-func (F *FF) rinc(vp int, y *FF, yp int, n int) {
- for i := 0; i < n; i++ {
- F.v[vp+i].add(y.v[yp+i])
- }
-}
-
-/* recursive sub */
-func (F *FF) rsub(vp int, x *FF, xp int, y *FF, yp int, n int) {
- for i := 0; i < n; i++ {
- F.v[vp+i].copy(x.v[xp+i])
- F.v[vp+i].sub(y.v[yp+i])
- }
-}
-
-/* recursive dec */
-func (F *FF) rdec(vp int, y *FF, yp int, n int) {
- for i := 0; i < n; i++ {
- F.v[vp+i].sub(y.v[yp+i])
- }
-}
-
-/* simple add */
-func (F *FF) add(b *FF) {
- for i := 0; i < F.length; i++ {
- F.v[i].add(b.v[i])
- }
-}
-
-/* simple sub */
-func (F *FF) sub(b *FF) {
- for i := 0; i < F.length; i++ {
- F.v[i].sub(b.v[i])
- }
-}
-
-/* reverse sub */
-func (F *FF) revsub(b *FF) {
- for i := 0; i < F.length; i++ {
- F.v[i].rsub(b.v[i])
- }
-}
-
-/* normalise - but hold any overflow in top part unless n<0 */
-func (F *FF) rnorm(vp int, n int) {
- trunc := false
- var carry int64
- if n < 0 { /* -v n signals to do truncation */
- n = -n
- trunc = true
- }
- for i := 0; i < n-1; i++ {
- carry = F.v[vp+i].norm()
- F.v[vp+i].xortop(carry << P_TBITS)
- F.v[vp+i+1].inc(int(carry))
- }
- carry = F.v[vp+n-1].norm()
- if trunc {
- F.v[vp+n-1].xortop(carry << P_TBITS)
- }
-
-}
-
-func (F *FF) norm() {
- F.rnorm(0, F.length)
-}
-
-/* increment/decrement by a small integer */
-func (F *FF) inc(m int) {
- F.v[0].inc(m)
- F.norm()
-}
-
-func (F *FF) dec(m int) {
- F.v[0].dec(m)
- F.norm()
-}
-
-/* shift left by one bit */
-func (F *FF) shl() {
- var delay_carry int = 0
- for i := 0; i < F.length-1; i++ {
- carry := F.v[i].fshl(1)
- F.v[i].inc(delay_carry)
- F.v[i].xortop(carry << P_TBITS)
- delay_carry = int(carry)
- }
- F.v[F.length-1].fshl(1)
- F.v[F.length-1].inc(delay_carry)
-}
-
-/* shift right by one bit */
-
-func (F *FF) shr() {
- for i := F.length - 1; i > 0; i-- {
- carry := F.v[i].fshr(1)
- F.v[i-1].ortop(carry << P_TBITS)
- }
- F.v[0].fshr(1)
-}
-
-/* Convert to Hex String */
-func (F *FF) toString() string {
- F.norm()
- s := ""
- for i := F.length - 1; i >= 0; i-- {
- s += F.v[i].toString()
- }
- return s
-}
-
-/* Convert FFs to/from byte arrays */
-func (F *FF) toBytes(b []byte) {
- for i := 0; i < F.length; i++ {
- F.v[i].tobytearray(b, (F.length-i-1)*int(MODBYTES))
- }
-}
-
-func ff_fromBytes(x *FF, b []byte) {
- for i := 0; i < x.length; i++ {
- x.v[i] = frombytearray(b, (x.length-i-1)*int(MODBYTES))
- }
-}
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
-func ff_cswap(a *FF, b *FF, d int32) {
- for i := 0; i < a.length; i++ {
- a.v[i].cswap(b.v[i], d)
- }
-}
-
-/* z=x*y, t is workspace */
-func (F *FF) karmul(vp int, x *FF, xp int, y *FF, yp int, t *FF, tp int, n int) {
- if n == 1 {
- d := mul(x.v[xp], y.v[yp])
- F.v[vp+1] = d.split(8 * MODBYTES)
- F.v[vp].dcopy(d)
- return
- }
- nd2 := n / 2
- F.radd(vp, x, xp, x, xp+nd2, nd2)
- F.radd(vp+nd2, y, yp, y, yp+nd2, nd2)
- t.karmul(tp, F, vp, F, vp+nd2, t, tp+n, nd2)
- F.karmul(vp, x, xp, y, yp, t, tp+n, nd2)
- F.karmul(vp+n, x, xp+nd2, y, yp+nd2, t, tp+n, nd2)
- t.rdec(tp, F, vp, n)
- t.rdec(tp, F, vp+n, n)
- F.rinc(vp+nd2, t, tp, n)
- F.rnorm(vp, 2*n)
-}
-
-func (F *FF) karsqr(vp int, x *FF, xp int, t *FF, tp int, n int) {
- if n == 1 {
- d := sqr(x.v[xp])
- F.v[vp+1].copy(d.split(8 * MODBYTES))
- F.v[vp].dcopy(d)
- return
- }
-
- nd2 := n / 2
- F.karsqr(vp, x, xp, t, tp+n, nd2)
- F.karsqr(vp+n, x, xp+nd2, t, tp+n, nd2)
- t.karmul(tp, x, xp, x, xp+nd2, t, tp+n, nd2)
- F.rinc(vp+nd2, t, tp, n)
- F.rinc(vp+nd2, t, tp, n)
- F.rnorm(vp+nd2, n)
-}
-
-/* Calculates Least Significant bottom half of x*y */
-func (F *FF) karmul_lower(vp int, x *FF, xp int, y *FF, yp int, t *FF, tp int, n int) {
- if n == 1 { /* only calculate bottom half of product */
- F.v[vp].copy(smul(x.v[xp], y.v[yp]))
- return
- }
- nd2 := n / 2
-
- F.karmul(vp, x, xp, y, yp, t, tp+n, nd2)
- t.karmul_lower(tp, x, xp+nd2, y, yp, t, tp+n, nd2)
- F.rinc(vp+nd2, t, tp, nd2)
- t.karmul_lower(tp, x, xp, y, yp+nd2, t, tp+n, nd2)
- F.rinc(vp+nd2, t, tp, nd2)
- F.rnorm(vp+nd2, -nd2) /* truncate it */
-}
-
-/* Calculates Most Significant upper half of x*y, given lower part */
-func (F *FF) karmul_upper(x *FF, y *FF, t *FF, n int) {
- nd2 := n / 2
- F.radd(n, x, 0, x, nd2, nd2)
- F.radd(n+nd2, y, 0, y, nd2, nd2)
-
- t.karmul(0, F, n+nd2, F, n, t, n, nd2) /* t = (a0+a1)(b0+b1) */
- F.karmul(n, x, nd2, y, nd2, t, n, nd2) /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0, F, n, n) /* t=t-a1b1 */
- F.rinc(nd2, F, 0, nd2) /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- F.rdec(nd2, t, 0, nd2) /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- F.rnorm(0, -n) /* a0b0 now in z - truncate it */
- t.rdec(0, F, 0, n) /* (a0+a1)(b0+b1) - a0b0 */
- F.rinc(nd2, t, 0, n)
-
- F.rnorm(nd2, n)
-}
-
-/* z=x*y. Assumes x and y are of same length. */
-func ff_mul(x *FF, y *FF) *FF {
- n := x.length
- z := NewFFint(2 * n)
- t := NewFFint(2 * n)
- z.karmul(0, x, 0, y, 0, t, 0, n)
- return z
-}
-
-/* return low part of product this*y */
-func (F *FF) lmul(y *FF) {
- n := F.length
- t := NewFFint(2 * n)
- x := NewFFint(n)
- x.copy(F)
- F.karmul_lower(0, x, 0, y, 0, t, 0, n)
-}
-
-/* Set b=b mod c */
-func (F *FF) mod(c *FF) {
- var k int = 1
-
- F.norm()
- if ff_comp(F, c) < 0 {
- return
- }
-
- c.shl()
- for ff_comp(F, c) >= 0 {
- c.shl()
- k++
- }
-
- for k > 0 {
- c.shr()
- if ff_comp(F, c) >= 0 {
- F.sub(c)
- F.norm()
- }
- k--
- }
-}
-
-/* z=x^2 */
-func ff_sqr(x *FF) *FF {
- n := x.length
- z := NewFFint(2 * n)
- t := NewFFint(2 * n)
- z.karsqr(0, x, 0, t, 0, n)
- return z
-}
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
-func (F *FF) reduce(N *FF, ND *FF) *FF { /* fast karatsuba Montgomery reduction */
- n := N.length
- t := NewFFint(2 * n)
- r := NewFFint(n)
- m := NewFFint(n)
-
- r.sducopy(F)
- m.karmul_lower(0, F, 0, ND, 0, t, 0, n)
- F.karmul_upper(N, m, t, n)
- m.sducopy(F)
-
- r.add(N)
- r.sub(m)
- r.norm()
-
- return r
-
-}
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
-func (F *FF) dmod(b *FF) *FF {
- n := b.length
- m := NewFFint(2 * n)
- x := NewFFint(2 * n)
- r := NewFFint(n)
-
- x.copy(F)
- x.norm()
- m.dsucopy(b)
- k := 256 * n
-
- for k > 0 {
- m.shr()
-
- if ff_comp(x, m) >= 0 {
- x.sub(m)
- x.norm()
- }
- k--
- }
-
- r.copy(x)
- r.mod(b)
- return r
-}
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
-
-func (F *FF) invmodp(p *FF) {
- n := p.length
-
- u := NewFFint(n)
- v := NewFFint(n)
- x1 := NewFFint(n)
- x2 := NewFFint(n)
- t := NewFFint(n)
- one := NewFFint(n)
-
- one.one()
- u.copy(F)
- v.copy(p)
- x1.copy(one)
- x2.zero()
-
- // reduce n in here as well!
- for ff_comp(u, one) != 0 && ff_comp(v, one) != 0 {
- for u.parity() == 0 {
- u.shr()
- if x1.parity() != 0 {
- x1.add(p)
- x1.norm()
- }
- x1.shr()
- }
- for v.parity() == 0 {
- v.shr()
- if x2.parity() != 0 {
- x2.add(p)
- x2.norm()
- }
- x2.shr()
- }
- if ff_comp(u, v) >= 0 {
- u.sub(v)
- u.norm()
- if ff_comp(x1, x2) >= 0 {
- x1.sub(x2)
- } else {
- t.copy(p)
- t.sub(x2)
- x1.add(t)
- }
- x1.norm()
- } else {
- v.sub(u)
- v.norm()
- if ff_comp(x2, x1) >= 0 {
- x2.sub(x1)
- } else {
- t.copy(p)
- t.sub(x1)
- x2.add(t)
- }
- x2.norm()
- }
- }
- if ff_comp(u, one) == 0 {
- F.copy(x1)
- } else {
- F.copy(x2)
- }
-}
-
-/* nresidue mod m */
-func (F *FF) nres(m *FF) {
- n := m.length
- d := NewFFint(2 * n)
- d.dsucopy(F)
- F.copy(d.dmod(m))
-}
-
-func (F *FF) redc(m *FF, ND *FF) {
- n := m.length
- d := NewFFint(2 * n)
- F.mod(m)
- d.dscopy(F)
- F.copy(d.reduce(m, ND))
- F.mod(m)
-}
-
-func (F *FF) mod2m(m int) {
- for i := m; i < F.length; i++ {
- F.v[i].zero()
- }
-}
-
-/* U=1/a mod 2^m - Arazi & Qi */
-func (F *FF) invmod2m() *FF {
- n := F.length
-
- b := NewFFint(n)
- c := NewFFint(n)
- U := NewFFint(n)
-
- U.zero()
- U.v[0].copy(F.v[0])
- U.v[0].invmod2m()
-
- for i := 1; i < n; i <<= 1 {
- b.copy(F)
- b.mod2m(i)
- t := ff_mul(U, b)
- t.shrw(i)
- b.copy(t)
- c.copy(F)
- c.shrw(i)
- c.mod2m(i)
- c.lmul(U)
- c.mod2m(i)
-
- b.add(c)
- b.norm()
- b.lmul(U)
- b.mod2m(i)
-
- c.one()
- c.shlw(i)
- b.revsub(c)
- b.norm()
- b.shlw(i)
- U.add(b)
- }
- U.norm()
- return U
-}
-
-func (F *FF) random(rng *RAND) {
- n := F.length
- for i := 0; i < n; i++ {
- F.v[i].copy(random(rng))
- }
- /* make sure top bit is 1 */
- for F.v[n-1].nbits() < int(MODBYTES*8) {
- F.v[n-1].copy(random(rng))
- }
-}
-
-/* generate random x less than p */
-func (F *FF) randomnum(p *FF, rng *RAND) {
- n := F.length
- d := NewFFint(2 * n)
-
- for i := 0; i < 2*n; i++ {
- d.v[i].copy(random(rng))
- }
- F.copy(d.dmod(p))
-}
-
-/* this*=y mod p */
-func (F *FF) modmul(y *FF, p *FF, nd *FF) {
- ex := F.P_EXCESS()
- ey := y.P_EXCESS()
- if (ex+1)*(ey+1)+1 >= P_FEXCESS {
- F.mod(p)
- }
- d := ff_mul(F, y)
- F.copy(d.reduce(p, nd))
-}
-
-/* this*=y mod p */
-func (F *FF) modsqr(p *FF, nd *FF) {
- ex := F.P_EXCESS()
- if (ex+1)*(ex+1)+1 >= P_FEXCESS {
- F.mod(p)
- }
- d := ff_sqr(F)
- F.copy(d.reduce(p, nd))
-}
-
-/* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
-func (F *FF) skpow(e *FF, p *FF) {
- n := p.length
- R0 := NewFFint(n)
- R1 := NewFFint(n)
- ND := p.invmod2m()
-
- F.mod(p)
- R0.one()
- R1.copy(F)
- R0.nres(p)
- R1.nres(p)
-
- for i := int(8*MODBYTES)*n - 1; i >= 0; i-- {
- b := int32(e.v[i/256].bit(i % 256))
- F.copy(R0)
- F.modmul(R1, p, ND)
-
- ff_cswap(R0, R1, b)
- R0.modsqr(p, ND)
-
- R1.copy(F)
- ff_cswap(R0, R1, b)
- }
- F.copy(R0)
- F.redc(p, ND)
-}
-
-/* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
-func (F *FF) skpows(e *BIG, p *FF) {
- n := p.length
- R0 := NewFFint(n)
- R1 := NewFFint(n)
- ND := p.invmod2m()
-
- F.mod(p)
- R0.one()
- R1.copy(F)
- R0.nres(p)
- R1.nres(p)
-
- for i := int(8*MODBYTES) - 1; i >= 0; i-- {
- b := int32(e.bit(i))
- F.copy(R0)
- F.modmul(R1, p, ND)
-
- ff_cswap(R0, R1, b)
- R0.modsqr(p, ND)
-
- R1.copy(F)
- ff_cswap(R0, R1, b)
- }
- F.copy(R0)
- F.redc(p, ND)
-}
-
-/* raise to an integer power - right-to-left method */
-func (F *FF) power(e int, p *FF) {
- n := p.length
- w := NewFFint(n)
- ND := p.invmod2m()
- f := true
-
- w.copy(F)
- w.nres(p)
-
- if e == 2 {
- F.copy(w)
- F.modsqr(p, ND)
- } else {
- for true {
- if e%2 == 1 {
- if f {
- F.copy(w)
- } else {
- F.modmul(w, p, ND)
- }
- f = false
- }
- e >>= 1
- if e == 0 {
- break
- }
- w.modsqr(p, ND)
- }
- }
- F.redc(p, ND)
-}
-
-/* this=this^e mod p, faster but not side channel resistant */
-func (F *FF) pow(e *FF, p *FF) {
- n := p.length
- w := NewFFint(n)
- ND := p.invmod2m()
-
- w.copy(F)
- F.one()
- F.nres(p)
- w.nres(p)
- for i := int(8*MODBYTES)*n - 1; i >= 0; i-- {
- F.modsqr(p, ND)
- b := e.v[i/256].bit(i % 256)
- if b == 1 {
- F.modmul(w, p, ND)
- }
- }
- F.redc(p, ND)
-}
-
-/* double exponentiation r=x^e.y^f mod p */
-func (F *FF) pow2(e *BIG, y *FF, f *BIG, p *FF) {
- n := p.length
- xn := NewFFint(n)
- yn := NewFFint(n)
- xy := NewFFint(n)
- ND := p.invmod2m()
-
- xn.copy(F)
- yn.copy(y)
- xn.nres(p)
- yn.nres(p)
- xy.copy(xn)
- xy.modmul(yn, p, ND)
- F.one()
- F.nres(p)
-
- for i := int(8*MODBYTES) - 1; i >= 0; i-- {
- eb := e.bit(i)
- fb := f.bit(i)
- F.modsqr(p, ND)
- if eb == 1 {
- if fb == 1 {
- F.modmul(xy, p, ND)
- } else {
- F.modmul(xn, p, ND)
- }
- } else {
- if fb == 1 {
- F.modmul(yn, p, ND)
- }
- }
- }
- F.redc(p, ND)
-}
-
-func igcd(x int, y int) int { /* integer GCD, returns GCD of x and y */
- var r int
- if y == 0 {
- return x
- }
- for true {
- r = x % y
- if r == 0 {
- break
- }
- x = y
- y = r
- }
- return y
-}
-
-/* quick and dirty check for common factor with n */
-func (F *FF) cfactor(s int) bool {
- n := F.length
-
- x := NewFFint(n)
- y := NewFFint(n)
-
- y.set(s)
- x.copy(F)
- x.norm()
-
- x.sub(y)
- x.norm()
-
- for !x.iszilch() && x.parity() == 0 {
- x.shr()
- }
-
- for ff_comp(x, y) > 0 {
- x.sub(y)
- x.norm()
- for !x.iszilch() && x.parity() == 0 {
- x.shr()
- }
- }
-
- g := int(x.v[0].get(0))
- r := igcd(s, g)
- if r > 1 {
- return true
- }
- return false
-}
-
-/* Miller-Rabin test for primality. Slow. */
-func prime(p *FF, rng *RAND) bool {
- s := 0
- n := p.length
- d := NewFFint(n)
- x := NewFFint(n)
- unity := NewFFint(n)
- nm1 := NewFFint(n)
-
- sf := 4849845 /* 3*5*.. *19 */
- p.norm()
-
- if p.cfactor(sf) {
- return false
- }
- unity.one()
- nm1.copy(p)
- nm1.sub(unity)
- nm1.norm()
- d.copy(nm1)
-
- for d.parity() == 0 {
- d.shr()
- s++
- }
- if s == 0 {
- return false
- }
- for i := 0; i < 10; i++ {
- x.randomnum(p, rng)
- x.pow(d, p)
- if ff_comp(x, unity) == 0 || ff_comp(x, nm1) == 0 {
- continue
- }
- loop := false
- for j := 1; j < s; j++ {
- x.power(2, p)
- if ff_comp(x, unity) == 0 {
- return false
- }
- if ff_comp(x, nm1) == 0 {
- loop = true
- break
- }
- }
- if loop {
- continue
- }
- return false
- }
- return true
-}
-
-/*
-func main() {
-
- var P = [4][5]int64 {{0xAD19A781670957,0x76A79C00965796,0xDEFCC5FC9A9717,0xF02F2940E20E9,0xBF59E34F},{0x6894F31844C908,0x8DADA70E82C79F,0xFD29F3836046F6,0x8C1D874D314DD0,0x46D077B},{0x3C515217813331,0x56680FD1CE935B,0xE55C53EEA8838E,0x92C2F7E14A4A95,0xD945E5B1},{0xACF673E919F5EF,0x6723E7E7DAB446,0x6B6FA69B36EB1B,0xF7D13920ECA300,0xB5FC2165}}
-
- fmt.Printf("Testing FF\n")
- var raw [100]byte
- rng:=NewRAND()
-
- rng.Clean()
- for i:=0;i<100;i++ {
- raw[i]=byte(i)
- }
-
- rng.Seed(100,raw[:])
-
- n:=4
-
- x:=NewFFint(n)
- x.set(3)
-
- p:=NewFFints(P[:],n)
-
- if prime(p,rng) {fmt.Printf("p is a prime\n"); fmt.Printf("\n")}
-
- e:=NewFFint(n)
- e.copy(p)
- e.dec(1); e.norm()
-
- fmt.Printf("e= "+e.toString())
- fmt.Printf("\n")
- x.skpow(e,p)
- fmt.Printf("x= "+x.toString())
- fmt.Printf("\n")
-}
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/go/amcl-go/FP.go
----------------------------------------------------------------------
diff --git a/go/amcl-go/FP.go b/go/amcl-go/FP.go
deleted file mode 100644
index c8a4d62..0000000
--- a/go/amcl-go/FP.go
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic */
-/* CLINT mod p functions */
-
-package amcl
-
-//import "fmt"
-
-var p BIG = BIG{w: [NLEN]int64(Modulus)}
-
-type FP struct {
- x *BIG
-}
-
-/* Constructors */
-func NewFPint(a int) *FP {
- F := new(FP)
- F.x = NewBIGint(a)
- F.nres()
- return F
-}
-
-func NewFPbig(a *BIG) *FP {
- F := new(FP)
- F.x = NewBIGcopy(a)
- F.nres()
- return F
-}
-
-func NewFPcopy(a *FP) *FP {
- F := new(FP)
- F.x = NewBIGcopy(a.x)
- return F
-}
-
-func (F *FP) toString() string {
- return F.redc().toString()
-}
-
-/* convert to Montgomery n-residue form */
-func (F *FP) nres() {
- if MODTYPE != PSEUDO_MERSENNE {
- d := NewDBIGscopy(F.x)
- d.shl(uint(NLEN) * BASEBITS)
- F.x.copy(d.mod(&p))
- }
-}
-
-/* convert back to regular form */
-func (F *FP) redc() *BIG {
- if MODTYPE != PSEUDO_MERSENNE {
- d := NewDBIGscopy(F.x)
- return mod(d)
- } else {
- r := NewBIGcopy(F.x)
- return r
- }
-}
-
-/* reduce this mod Modulus */
-func (F *FP) reduce() {
- F.x.mod(&p)
-}
-
-/* test this=0? */
-func (F *FP) iszilch() bool {
- F.reduce()
- return F.x.iszilch()
-}
-
-/* copy from FP b */
-func (F *FP) copy(b *FP) {
- F.x.copy(b.x)
-}
-
-/* set this=0 */
-func (F *FP) zero() {
- F.x.zero()
-}
-
-/* set this=1 */
-func (F *FP) one() {
- F.x.one()
- F.nres()
-}
-
-/* normalise this */
-func (F *FP) norm() {
- F.x.norm()
-}
-
-/* swap FPs depending on d */
-func (F *FP) cswap(b *FP, d int32) {
- F.x.cswap(b.x, d)
-}
-
-/* copy FPs depending on d */
-func (F *FP) cmove(b *FP, d int32) {
- F.x.cmove(b.x, d)
-}
-
-/* this*=b mod Modulus */
-func (F *FP) mul(b *FP) {
- ea := EXCESS(F.x)
- eb := EXCESS(b.x)
-
- if (ea+1)*(eb+1)+1 >= FEXCESS {
- F.reduce()
- }
-
- d := mul(F.x, b.x)
- F.x.copy(mod(d))
-}
-
-/* this = -this mod Modulus */
-func (F *FP) neg() {
- m := NewBIGcopy(&p)
-
- F.norm()
-
- ov := EXCESS(F.x)
- sb := uint(1)
- for ov != 0 {
- sb++
- ov >>= 1
- }
-
- m.fshl(sb)
- F.x.rsub(m)
-
- if EXCESS(F.x) >= FEXCESS {
- F.reduce()
- }
-}
-
-/* this*=c mod Modulus, where c is a small int */
-func (F *FP) imul(c int) {
- F.norm()
- s := false
- if c < 0 {
- c = -c
- s = true
- }
- afx := (EXCESS(F.x)+1)*(int64(c)+1) + 1
- if c < NEXCESS && afx < FEXCESS {
- F.x.imul(c)
- } else {
- if afx < FEXCESS {
- F.x.pmul(c)
- } else {
- d := F.x.pxmul(c)
- F.x.copy(d.mod(&p))
- }
- }
- if s {
- F.neg()
- }
- F.norm()
-}
-
-/* this*=this mod Modulus */
-func (F *FP) sqr() {
- ea := EXCESS(F.x)
- if (ea+1)*(ea+1)+1 >= FEXCESS {
- F.reduce()
- }
-
- d := sqr(F.x)
-
- F.x.copy(mod(d))
-}
-
-/* this+=b */
-func (F *FP) add(b *FP) {
- F.x.add(b.x)
- if EXCESS(F.x)+2 >= FEXCESS {
- F.reduce()
- }
-}
-
-/* this-=b */
-func (F *FP) sub(b *FP) {
- n := NewFPcopy(b)
- n.neg()
- F.add(n)
-}
-
-/* this/=2 mod Modulus */
-func (F *FP) div2() {
- F.x.norm()
- if F.x.parity() == 0 {
- F.x.fshr(1)
- } else {
- F.x.add(&p)
- F.x.norm()
- F.x.fshr(1)
- }
-}
-
-/* this=1/this mod Modulus */
-func (F *FP) inverse() {
- r := F.redc()
- r.invmodp(&p)
- F.x.copy(r)
- F.nres()
-}
-
-/* return TRUE if this==a */
-func (F *FP) equals(a *FP) bool {
- a.reduce()
- F.reduce()
- if comp(a.x, F.x) == 0 {
- return true
- }
- return false
-}
-
-/* return this^e mod Modulus */
-func (F *FP) pow(e *BIG) *FP {
- r := NewFPint(1)
- e.norm()
- F.x.norm()
- m := NewFPcopy(F)
- for true {
- bt := e.parity()
- e.fshr(1)
- if bt == 1 {
- r.mul(m)
- }
- if e.iszilch() {
- break
- }
- m.sqr()
- }
- r.x.mod(&p)
- return r
-}
-
-/* return sqrt(this) mod Modulus */
-func (F *FP) sqrt() *FP {
- F.reduce()
- b := NewBIGcopy(&p)
- if MOD8 == 5 {
- b.dec(5)
- b.norm()
- b.shr(3)
- i := NewFPcopy(F)
- i.x.shl(1)
- v := i.pow(b)
- i.mul(v)
- i.mul(v)
- i.x.dec(1)
- r := NewFPcopy(F)
- r.mul(v)
- r.mul(i)
- r.reduce()
- return r
- } else {
- b.inc(1)
- b.norm()
- b.shr(2)
- return F.pow(b)
- }
-}
-
-/* return jacobi symbol (this/Modulus) */
-func (F *FP) jacobi() int {
- w := F.redc()
- return w.jacobi(&p)
-}
[50/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/LICENSE-2.0.TXT
----------------------------------------------------------------------
diff --git a/LICENSE-2.0.TXT b/LICENSE-2.0.TXT
new file mode 100644
index 0000000..9b5e401
--- /dev/null
+++ b/LICENSE-2.0.TXT
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/NOTICE
----------------------------------------------------------------------
diff --git a/NOTICE b/NOTICE
deleted file mode 100644
index 434d2bb..0000000
--- a/NOTICE
+++ /dev/null
@@ -1,5 +0,0 @@
-Apache Milagro Crypto Libraries
-Copyright 2016 The Apache Software Foundation
-
-This product includes software developed at
-The Apache Software Foundation (http://www.apache.org/).
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
new file mode 100644
index 0000000..2e6c028
--- /dev/null
+++ b/NOTICE.txt
@@ -0,0 +1,5 @@
+Apache Milagro Crypto Libraries
+Copyright 2016 The Apache Software Foundation
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
deleted file mode 100644
index 7282e43..0000000
--- a/README.md
+++ /dev/null
@@ -1,42 +0,0 @@
-<h2>AMCL</h2>
-
-<p>This directory contains the source code for the AMCL Library.</p>
-
-<p>The directory structure is as follows</p>
-
-<dl>
- <dt>./c</dt>
- <dd>- C Source code</dd>
- <dt>./js</dt>
- <dd>- JavaScript code</dd>
- <dt>./java</dt>
- <dd>- JAVA code</dd>
- <dt>./java64</dt>
- <dd>- JAVA code optimal for a 64-bit Virtual Machine</dd>
- <dt>./go</dt>
- <dd>- GO code</dd>
- <dt>./swift</dt>
- <dd>- swift code</dd>
- <dt>./cs</dt>
- <dd>- C# code</dd>
- <dt>./pythonCFFI</dt>
- <dd>- Python code that accesses the C library via the CFFI module</dd>
- <dt>./testVectors</dt>
- <dd>- Test Vectors</dd>
- <dt>./docs</dt>
- <dd>- Documentation</dd>
-</dl>
-
-<h2>Build Instructions</h2>
-
-<p>AMCL is a standards compliant C library with no external dependencies. It
-can be built using the <a href="http://www.cmake.org">CMake</a> build system.
-In order to use the Python wrappers <a href="https://cffi.readthedocs.org/en/release-0.8/">CFFI</a> is also
-required. There are instructions provided for both Linux and Windows based systems.</p>
-
-<p>Instructions for the Linux build are in ./linux.md</p>
-
-<p>Instructions for the Mac OS build are in ./mac.md</p>
-
-<p>Instructions for the Windows build are in ./windows.md</p>
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/bigtobig.cpp
----------------------------------------------------------------------
diff --git a/bigtobig.cpp b/bigtobig.cpp
deleted file mode 100755
index 730b790..0000000
--- a/bigtobig.cpp
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//
-// Program to convert from Big to AMCL BIG format
-// cl /O2 bigtobig.cpp big.cpp miracl.lib
-// gcc -O2 bigtobig.cpp big.cpp miracl.a -o bigtobig
-//
-//
-
-#include <iostream>
-#include "zzn.h"
-
-using namespace std;
-
-Miracl precision=100;
-
-// Code to parse formula in command line
-// This code isn't mine, but its public domain
-// Shamefully I forget the source
-//
-// NOTE: It may be necessary on some platforms to change the operators * and #
-//
-
-#if defined(unix)
-#define TIMES '.'
-#define RAISE '^'
-#else
-#define TIMES '*'
-#define RAISE '#'
-#endif
-
-Big tt;
-static char *ss;
-
-void eval_power (Big& oldn,Big& n,char op)
-{
- if (op) n=pow(oldn,toint(n)); // power(oldn,size(n),n,n);
-}
-
-void eval_product (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case TIMES:
- n*=oldn;
- break;
- case '/':
- n=oldn/n;
- break;
- case '%':
- n=oldn%n;
- }
-}
-
-void eval_sum (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case '+':
- n+=oldn;
- break;
- case '-':
- n=oldn-n;
- }
-}
-
-void eval (void)
-{
- Big oldn[3];
- Big n;
- int i;
- char oldop[3];
- char op;
- char minus;
- for (i=0;i<3;i++)
- {
- oldop[i]=0;
- }
-LOOP:
- while (*ss==' ')
- ss++;
- if (*ss=='-') /* Unary minus */
- {
- ss++;
- minus=1;
- }
- else
- minus=0;
- while (*ss==' ')
- ss++;
- if (*ss=='(' || *ss=='[' || *ss=='{') /* Number is subexpression */
- {
- ss++;
- eval ();
- n=tt;
- }
- else /* Number is decimal value */
- {
- for (i=0;ss[i]>='0' && ss[i]<='9';i++)
- ;
- if (!i) /* No digits found */
- {
- cout << "Error - invalid number" << endl;
- exit (20);
- }
- op=ss[i];
- ss[i]=0;
- n=atoi(ss);
- ss+=i;
- *ss=op;
- }
- if (minus) n=-n;
- do
- op=*ss++;
- while (op==' ');
- if (op==0 || op==')' || op==']' || op=='}')
- {
- eval_power (oldn[2],n,oldop[2]);
- eval_product (oldn[1],n,oldop[1]);
- eval_sum (oldn[0],n,oldop[0]);
- tt=n;
- return;
- }
- else
- {
- if (op==RAISE)
- {
- eval_power (oldn[2],n,oldop[2]);
- oldn[2]=n;
- oldop[2]=RAISE;
- }
- else
- {
- if (op==TIMES || op=='/' || op=='%')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldn[1]=n;
- oldop[1]=op;
- }
- else
- {
- if (op=='+' || op=='-')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldop[1]=0;
- eval_sum (oldn[0],n,oldop[0]);
- oldn[0]=n;
- oldop[0]=op;
- }
- else /* Error - invalid operator */
- {
- cout << "Error - invalid operator" << endl;
- exit (20);
- }
- }
- }
- }
- goto LOOP;
-}
-
-void output(int w,Big t,Big m)
-{
- Big y=t;
-
- for (int i=0;i<w;i++)
- {
- cout << "0x" << y%m ;
- if (i<w-1) cout << ",";
- y/=m;
- }
- cout << endl;
-}
-
-int main(int argc, char **argv)
-{
- int i,ip,chunk,basebits;
- Big n,m;
- BOOL gotP,gotA,gotB;
- int Base;
- miracl *mip=&precision;
- argv++; argc--;
- if (argc<1)
- {
- cout << "Program converts from Big to BIG" << endl;
- cout << "bigtobig <big number> <chunk>> <basebits>" << endl;
- cout << "OR" << endl;
- cout << "bigtobig <formula for big number> <chunk>> <basebits>" << endl;
-#if defined(unix)
- cout << "e.g. bigtobig -f 2^255-19 32 29" << endl;
-#else
- cout << "e.g. bigtobig -f 2#255-19 32 29" << endl;
-#endif
- cout << "To input Big number in Hex, precede with -h" << endl;
- return 0;
- }
-
- ip=0;
- gprime(1000);
- gotP=gotA=gotB=FALSE;
- n=0;
- Base=10;
- while (ip<argc)
- {
- if (!gotP && strcmp(argv[ip],"-f")==0)
- {
- ip++;
- if (!gotP && ip<argc)
- {
-
- ss=argv[ip++];
- tt=0;
- eval();
- n=tt;
- gotP=TRUE;
- continue;
- }
- else
- {
- cout << "Error in command line" << endl;
- return 0;
- }
- }
-
-
- if (strcmp(argv[ip],"-h")==0)
- {
- ip++;
- Base=16;
- continue;
- }
-
- if (!gotP)
- {
- mip->IOBASE=Base;
- n=argv[ip++];
- mip->IOBASE=10;
- gotP=TRUE;
- continue;
- }
- if (!gotA)
- {
- mip->IOBASE=Base;
- chunk=atoi(argv[ip++]);
- gotA=TRUE;
- continue;
- }
- if (!gotB)
- {
- mip->IOBASE=Base;
- basebits=atoi(argv[ip++]);
- gotB=TRUE;
- continue;
- }
- cout << "Error in command line" << endl;
- return 0;
- }
- if (!gotP || !gotA || !gotB)
- {
- cout << "Error in command line" << endl;
- return 0;
- }
-
- mip->IOBASE=16;
-
- m=pow((Big)2,basebits);
-
- output(1+bits(n)/basebits,n,m);
-
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/bngen.cpp
----------------------------------------------------------------------
diff --git a/bngen.cpp b/bngen.cpp
deleted file mode 100755
index f59d6f8..0000000
--- a/bngen.cpp
+++ /dev/null
@@ -1,511 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* BNGEN - Helper MIRACL program to generate constants for BN curve
-
-(MINGW build)
-
-g++ -O3 bngen.cpp big.cpp zzn.cpp zzn2.cpp ecn2.cpp miracl.a -o bngen.exe
-
-This ONLY works for D-type curves of the form y^2=x^3+2, with a negative x parameter, and x=3 mod 4
-
-*/
-
-#include <iostream>
-#include "big.h"
-#include "zzn2.h"
-#include "ecn2.h"
-
-using namespace std;
-
-Miracl precision(20,0);
-
-
-/* set d=0 for c, d=1 to include leading zeros, d=2 for JS-type square brackets, d=3 for L (for long) appended */
-void output(int d,int w,Big t,Big m)
-{
- Big y=t;
-
- if (d!=2) cout << "{";
- else cout << "[";
- for (int i=0;i<w;i++)
- {
- cout << "0x" << y%m;
- y/=m;
- if ((y==0 && (d==0 || d==2)) || i==w-1) break;
- if (d==3) cout << "L,";
- else cout << ",";
- }
- if (d!=2)
- {
- if (d==3) cout << "L}";
- else cout << "}";
- }
- else cout << "]";
-}
-
-
-void q_power_frobenius(ECn2 &A,ZZn2 &F)
-{
-// Fast multiplication of A by q (for Trace-Zero group members only)
- ZZn2 x,y,z,w,r;
-
- A.get(x,y);
-
- w=F*F;
- r=F;
-
- if (get_mip()->TWIST==MR_SEXTIC_M) r=inverse(F); // could be precalculated
- if (get_mip()->TWIST==MR_SEXTIC_D) r=F;
-
- w=r*r;
- x=w*conj(x);
- y=r*w*conj(y);
-
- A.set(x,y);
-}
-
-//
-// Faster Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez
-//
-
-void cofactor(ECn2& S,ZZn2 &F,Big& x)
-{
- ECn2 T,K;
- T=S;
- T*=-x;
- T.norm();
- K=(T+T)+T;
- K.norm();
- q_power_frobenius(K,F);
- q_power_frobenius(S,F); q_power_frobenius(S,F); q_power_frobenius(S,F);
- S+=T; S+=K;
- q_power_frobenius(T,F); q_power_frobenius(T,F);
- S+=T;
- S.norm();
-}
-
-
-void set_frobenius_constant(ZZn2 &X)
-{
- Big p=get_modulus();
- switch (get_mip()->pmod8)
- {
- case 5:
- X.set((Big)0,(Big)1); // = (sqrt(-2)^(p-1)/2
- break;
- case 3: // = (1+sqrt(-1))^(p-1)/2
- X.set((Big)1,(Big)1);
- break;
- case 7:
- X.set((Big)2,(Big)1); // = (2+sqrt(-1))^(p-1)/2
- default: break;
- }
- X=pow(X,(p-1)/6);
-}
-
-int main()
-{
- miracl *mip=&precision;
- Big p,q,R,cru;
- Big m,x,y,w,t,c,n,r,a,b,gx,gy,D,xa,xb,ya,yb;
- ZZn2 X;
- ECn2 Q;
- ZZn2 Xa,Ya;
- int i;
- int CHUNK[4]={16,32,64,32};
- int WORDS[4]={20,9,5,11};//{20,9,5};
- int BITS[4]={13,29,56,24};//{13,29,56};
-
- mip->IOBASE=16;
-
-/* Set BN value x which determines curve - note that x is assumed to be negative */
-
-// x=(char *)"6000000000101041"; // for full 256-bit GT_STRONG parameter
-// x=(char *)"4080000000000001"; // Fast but not not GT_STRONG parameter
-
- x=(char *)"4000020100608205"; // G2 and GT-Strong parameter
- x=(char *)"4000000003C012B1"; // MIRACL's GT_STRONG parameter
- x=(char *)"4080000000000001"; // Nogami's fast parameter
- x=(char *)"4000806000004081"; // Best GT_STRONG parameter
-
- p=36*pow(x,4)-36*pow(x,3)+24*x*x-6*x+1;
- ecurve((Big)0,(Big)2,p,MR_AFFINE);
- mip->TWIST=MR_SEXTIC_D;
-
- cout << "/* AMCL - ROM C file for BN curve - Weierstrass Only */" << endl << endl;
-
- cout << "#define MBITS " << bits(p) << endl;
- cout << "#define MOD8 " << p%8 << endl;
- cout << endl;
- cout << "const int CURVE_A=0;" << endl;
- for (i=0;i<3;i++)
- {
- cout << "#if CHUNK==" << CHUNK[i] << endl << endl;
- m=pow((Big)2,BITS[i]);
-
-
- cout << "const chunk MConst=0x" << inverse(m-p%m,m) << ";" << endl;
-
- cout << "const BIG Modulus="; output(0,WORDS[i],p,m); cout << ";" << endl;
- t=6*x*x+1;
- q=p+1-t;
- cout << "const BIG CURVE_Order="; output(0,WORDS[i],q,m); cout << ";" << endl;
- cout << "const BIG CURVE_B={0x2};" << endl;
-
- R=pow((Big)2,WORDS[i]*BITS[i]);
- // cout << "const BIG Monty=";output(0,WORDS[i],inverse(R,p),m); cout << ";" << endl;
-
- cout << "const BIG CURVE_Bnx="; output(0,WORDS[i],x,m); cout << ";" << endl;
-
- cru=(18*pow(x,3)-18*x*x+9*x-2);
- cout << "const BIG CURVE_Cru="; output(0,WORDS[i],cru,m); cout << ";" << endl;
-
- set_frobenius_constant(X);
-
- X.get(a,b);
- cout << "const BIG CURVE_Fra="; output(0,WORDS[i],a,m); cout << ";" << endl;
- cout << "const BIG CURVE_Frb="; output(0,WORDS[i],b,m); cout << ";" << endl;
-
- Xa.set((ZZn)0,(ZZn)-1);
- Ya.set((ZZn)1,ZZn(0));
- Q.set(Xa,Ya);
-
- cofactor(Q,X,x);
-
- Q.get(Xa,Ya);
- Xa.get(a,b);
- cout << "const BIG CURVE_Pxa="; output(0,WORDS[i],a,m); cout << ";" << endl;
- cout << "const BIG CURVE_Pxb="; output(0,WORDS[i],b,m); cout << ";" << endl;
- Ya.get(a,b);
- cout << "const BIG CURVE_Pya="; output(0,WORDS[i],a,m); cout << ";" << endl;
- cout << "const BIG CURVE_Pyb="; output(0,WORDS[i],b,m); cout << ";" << endl;
-
-// Q*=q;
-// cout << "Q= " << Q << endl;
-
- cout << "const BIG CURVE_Gx="; output(0,WORDS[i],p-1,m); cout << ";" << endl;
- cout << "const BIG CURVE_Gy="; output(0,WORDS[i],(Big)1,m); cout << ";" << endl;
-
- cout << "const BIG CURVE_W[2]={"; output(0,WORDS[i],6*x*x-4*x+1,m);cout << ","; output(0,WORDS[i],(2*x-1),m); cout << "};" << endl;
- cout << "const BIG CURVE_SB[2][2]={"; cout << "{"; output(0,WORDS[i],6*x*x-2*x,m); cout << ","; output(0,WORDS[i],(2*x-1),m); cout << "}";cout << ","; cout << "{"; output(0,WORDS[i],(2*x-1),m); cout << ","; output(0,WORDS[i],q-(6*x*x-4*x+1),m); cout << "}"; cout << "};" << endl;
-
- cout << "const BIG CURVE_WB[4]={"; output(0,WORDS[i],2*x*x-3*x+1,m); cout << ","; output(0,WORDS[i],12*x*x*x-8*x*x+x,m);
- cout << ","; output(0,WORDS[i],6*x*x*x-4*x*x+x,m); cout << ","; output(0,WORDS[i],2*x*x-x,m); cout << "};" << endl;
-
- cout << "const BIG CURVE_BB[4][4]={";
- cout << "{";
- output(0,WORDS[i],q-x+1,m);
- cout << ","; output(0,WORDS[i],q-x,m);
- cout << ","; output(0,WORDS[i],q-x,m);
- cout << ","; output(0,WORDS[i],2*x,m);
- cout << "}";
-
- cout << ","; cout << "{";output(0,WORDS[i],2*x-1,m);
- cout << ","; output(0,WORDS[i],q-x,m);
- cout << ","; output(0,WORDS[i],q-x+1,m);
- cout << ","; output(0,WORDS[i],q-x,m);
- cout << "}";
- cout << ","; cout << "{"; output(0,WORDS[i],2*x,m);
- cout << ","; output(0,WORDS[i],2*x-1,m);
- cout << ","; output(0,WORDS[i],2*x-1,m);
- cout << ","; output(0,WORDS[i],2*x-1,m);
- cout << "}";
-
- cout << ","; cout << "{"; output(0,WORDS[i],x+1,m);
- cout << ","; output(0,WORDS[i],4*x-2,m);
- cout << ","; output(0,WORDS[i],q-2*x-1,m);
- cout << ","; output(0,WORDS[i],x+1,m);
- cout << "}";
- cout << "};" << endl;
-
- cout << "#endif" << endl << endl;
-
- }
-
- cout << endl;
- cout << "Cut here -----------------------------------------------------------" << endl;
- cout << "/* AMCL - ROM Java file for 32-bit VM and BN curve - Weierstrass Only */" << endl << endl;
-
- cout << "public static final int MODBITS= " << bits(p) << ";" << endl;
- cout << "public static final int MOD8= " << p%8 << ";" << endl;
- cout << endl;
- cout << "public static final int MODTYPE=NOT_SPECIAL;" << endl;
- m=pow((Big)2,BITS[1]);
-
-
- cout << "public static final int[] Modulus= "; output(1,WORDS[1],p,m); cout << ";" << endl;
- R=pow((Big)2,WORDS[1]*BITS[1]);
-// cout << "public static final int[] Monty=";output(1,WORDS[1],inverse(R,p),m); cout << ";" << endl;
- cout << "public static final int MConst=0x" << inverse(m-p%m,m) << ";" << endl;
- cout << endl;
- cout << "public static final int CURVETYPE=WEIERSTRASS;" << endl;
-
-
- cout << "public static final int CURVE_A = 0;" << endl;
- cout << "public static final int[] CURVE_B = {0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0};" << endl;
- t=6*x*x+1;
- q=p+1-t;
- cout << "public static final int[] CURVE_Order="; output(1,WORDS[1],q,m); cout << ";" << endl;
-
-
- cout << "public static final int[] CURVE_Bnx="; output(1,WORDS[1],x,m); cout << ";" << endl;
-
- cru=(18*pow(x,3)-18*x*x+9*x-2);
- cout << "public static final int[] CURVE_Cru="; output(1,WORDS[1],cru,m); cout << ";" << endl;
-
- set_frobenius_constant(X);
-
- X.get(a,b);
- cout << "public static final int[] CURVE_Fra="; output(1,WORDS[1],a,m); cout << ";" << endl;
- cout << "public static final int[] CURVE_Frb="; output(1,WORDS[1],b,m); cout << ";" << endl;
-
- Xa.set((ZZn)0,(ZZn)-1);
- Ya.set((ZZn)1,ZZn(0));
- Q.set(Xa,Ya);
-
- cofactor(Q,X,x);
-
- Q.get(Xa,Ya);
- Xa.get(a,b);
- cout << "public static final int[] CURVE_Pxa="; output(1,WORDS[1],a,m); cout << ";" << endl;
- cout << "public static final int[] CURVE_Pxb="; output(1,WORDS[1],b,m); cout << ";" << endl;
- Ya.get(a,b);
- cout << "public static final int[] CURVE_Pya="; output(1,WORDS[1],a,m); cout << ";" << endl;
- cout << "public static final int[] CURVE_Pyb="; output(1,WORDS[1],b,m); cout << ";" << endl;
-
-// Q*=q;
-// cout << "Q= " << Q << endl;
-
- cout << "public static final int[] CURVE_Gx ="; output(1,WORDS[1],p-1,m); cout << ";" << endl;
- cout << "public static final int[] CURVE_Gy ="; output(1,WORDS[1],(Big)1,m); cout << ";" << endl;
-
- cout << "public static final int[][] CURVE_W={"; output(1,WORDS[1],6*x*x-4*x+1,m);cout << ","; output(1,WORDS[1],(2*x-1),m); cout << "};" << endl;
- cout << "public static final int[][][] CURVE_SB={"; cout << "{"; output(1,WORDS[1],6*x*x-2*x,m); cout << ","; output(1,WORDS[1],(2*x-1),m); cout << "}";cout << ","; cout << "{"; output(1,WORDS[1],(2*x-1),m); cout << ","; output(1,WORDS[1],q-(6*x*x-4*x+1),m); cout << "}"; cout << "};" << endl;
-
- cout << "public static final int[][] CURVE_WB={"; output(1,WORDS[1],2*x*x-3*x+1,m); cout << ","; output(1,WORDS[1],12*x*x*x-8*x*x+x,m);
- cout << ","; output(1,WORDS[1],6*x*x*x-4*x*x+x,m); cout << ","; output(1,WORDS[1],2*x*x-x,m); cout << "};" << endl;
-
- cout << "public static final int[][][] CURVE_BB={";
- cout << "{";
- output(1,WORDS[1],q-x+1,m);
- cout << ","; output(1,WORDS[1],q-x,m);
- cout << ","; output(1,WORDS[1],q-x,m);
- cout << ","; output(1,WORDS[1],2*x,m);
- cout << "}";
-
- cout << ","; cout << "{";output(1,WORDS[1],2*x-1,m);
- cout << ","; output(1,WORDS[1],q-x,m);
- cout << ","; output(1,WORDS[1],q-x+1,m);
- cout << ","; output(1,WORDS[1],q-x,m);
- cout << "}";
- cout << ","; cout << "{"; output(1,WORDS[1],2*x,m);
- cout << ","; output(1,WORDS[1],2*x-1,m);
- cout << ","; output(1,WORDS[1],2*x-1,m);
- cout << ","; output(1,WORDS[1],2*x-1,m);
- cout << "}";
-
- cout << ","; cout << "{"; output(1,WORDS[1],x+1,m);
- cout << ","; output(1,WORDS[1],4*x-2,m);
- cout << ","; output(1,WORDS[1],q-2*x-1,m);
- cout << ","; output(1,WORDS[1],x+1,m);
- cout << "}";
- cout << "};" << endl;
-
-
- cout << endl;
- cout << "Cut here -----------------------------------------------------------" << endl;
- cout << "/* AMCL - ROM Java file for 64-bit VM and BN curve - Weierstrass Only */" << endl << endl;
-
- cout << "public static final int MODBITS= " << bits(p) << ";" << endl;
- cout << "public static final int MOD8= " << p%8 << ";" << endl;
- cout << endl;
- cout << "public static final int MODTYPE=NOT_SPECIAL;" << endl;
- m=pow((Big)2,BITS[2]);
-
-
- cout << "public static final long[] Modulus= "; output(3,WORDS[2],p,m); cout << ";" << endl;
- R=pow((Big)2,WORDS[2]*BITS[2]);
-// cout << "public static final long[] Monty=";output(3,WORDS[2],inverse(R,p),m); cout << ";" << endl;
- cout << "public static final long MConst=0x" << inverse(m-p%m,m) << "L;" << endl;
- cout << endl;
- cout << "public static final int CURVETYPE=WEIERSTRASS;" << endl;
-
-
- cout << "public static final int CURVE_A = 0;" << endl;
- cout << "public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};" << endl;
- t=6*x*x+1;
- q=p+1-t;
- cout << "public static final long[] CURVE_Order="; output(3,WORDS[2],q,m); cout << ";" << endl;
-
-
- cout << "public static final long[] CURVE_Bnx="; output(3,WORDS[2],x,m); cout << ";" << endl;
-
- cru=(18*pow(x,3)-18*x*x+9*x-2);
- cout << "public static final long[] CURVE_Cru="; output(3,WORDS[2],cru,m); cout << ";" << endl;
-
- set_frobenius_constant(X);
-
- X.get(a,b);
- cout << "public static final long[] CURVE_Fra="; output(3,WORDS[2],a,m); cout << ";" << endl;
- cout << "public static final long[] CURVE_Frb="; output(3,WORDS[2],b,m); cout << ";" << endl;
-
- Xa.set((ZZn)0,(ZZn)-1);
- Ya.set((ZZn)1,ZZn(0));
- Q.set(Xa,Ya);
-
- cofactor(Q,X,x);
-
- Q.get(Xa,Ya);
- Xa.get(a,b);
- cout << "public static final long[] CURVE_Pxa="; output(3,WORDS[2],a,m); cout << ";" << endl;
- cout << "public static final long[] CURVE_Pxb="; output(3,WORDS[2],b,m); cout << ";" << endl;
- Ya.get(a,b);
- cout << "public static final long[] CURVE_Pya="; output(3,WORDS[2],a,m); cout << ";" << endl;
- cout << "public static final long[] CURVE_Pyb="; output(3,WORDS[2],b,m); cout << ";" << endl;
-
-// Q*=q;
-// cout << "Q= " << Q << endl;
-
- cout << "public static final long[] CURVE_Gx ="; output(3,WORDS[2],p-1,m); cout << ";" << endl;
- cout << "public static final long[] CURVE_Gy ="; output(3,WORDS[2],(Big)1,m); cout << ";" << endl;
-
- cout << "public static final long[][] CURVE_W={"; output(3,WORDS[2],6*x*x-4*x+1,m);cout << ","; output(3,WORDS[2],(2*x-1),m); cout << "};" << endl;
- cout << "public static final long[][][] CURVE_SB={"; cout << "{"; output(3,WORDS[2],6*x*x-2*x,m); cout << ","; output(3,WORDS[2],(2*x-1),m); cout << "}";cout << ","; cout << "{"; output(3,WORDS[2],(2*x-1),m); cout << ","; output(3,WORDS[2],q-(6*x*x-4*x+1),m); cout << "}"; cout << "};" << endl;
-
- cout << "public static final long[][] CURVE_WB={"; output(3,WORDS[2],2*x*x-3*x+1,m); cout << ","; output(3,WORDS[2],12*x*x*x-8*x*x+x,m);
- cout << ","; output(3,WORDS[2],6*x*x*x-4*x*x+x,m); cout << ","; output(3,WORDS[2],2*x*x-x,m); cout << "};" << endl;
-
- cout << "public static final long[][][] CURVE_BB={";
- cout << "{";
- output(3,WORDS[2],q-x+1,m);
- cout << ","; output(3,WORDS[2],q-x,m);
- cout << ","; output(3,WORDS[2],q-x,m);
- cout << ","; output(3,WORDS[2],2*x,m);
- cout << "}";
-
- cout << ","; cout << "{";output(3,WORDS[2],2*x-1,m);
- cout << ","; output(3,WORDS[2],q-x,m);
- cout << ","; output(3,WORDS[2],q-x+1,m);
- cout << ","; output(3,WORDS[2],q-x,m);
- cout << "}";
- cout << ","; cout << "{"; output(3,WORDS[2],2*x,m);
- cout << ","; output(3,WORDS[2],2*x-1,m);
- cout << ","; output(3,WORDS[2],2*x-1,m);
- cout << ","; output(3,WORDS[2],2*x-1,m);
- cout << "}";
-
- cout << ","; cout << "{"; output(3,WORDS[2],x+1,m);
- cout << ","; output(3,WORDS[2],4*x-2,m);
- cout << ","; output(3,WORDS[2],q-2*x-1,m);
- cout << ","; output(3,WORDS[2],x+1,m);
- cout << "}";
- cout << "};" << endl;
-
-
-
- cout << endl;
- cout << "Cut here -----------------------------------------------------------" << endl;
- cout << "/* AMCL - ROM Javascript file for BN curve - Weierstrass Only */" << endl << endl;
-
- cout << "MODBITS: " << bits(p) << "," << endl;
- cout << "MOD8: " << p%8 << "," << endl;
- cout << endl;
- cout << "MODTYPE:0," << endl;
- m=pow((Big)2,BITS[3]);
-
-
- cout << "Modulus: "; output(2,WORDS[3],p,m); cout << "," << endl;
- R=pow((Big)2,WORDS[3]*BITS[3]);
-// cout << "Monty:";output(2,WORDS[3],inverse(R,p),m); cout << "," << endl;
- cout << "MConst:0x" << inverse(m-p%m,m) << "," << endl;
- cout << endl;
- cout << "CURVETYPE:0," << endl;
-
-
- cout << "CURVE_A : 0," << endl;
- cout << "CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]," << endl;
- t=6*x*x+1;
- q=p+1-t;
- cout << "CURVE_Order:"; output(2,WORDS[3],q,m); cout << "," << endl;
-
-
- cout << "CURVE_Bnx:"; output(2,WORDS[3],x,m); cout << "," << endl;
-
- cru=(18*pow(x,3)-18*x*x+9*x-2);
- cout << "CURVE_Cru:"; output(2,WORDS[3],cru,m); cout << "," << endl;
-
- set_frobenius_constant(X);
-
- X.get(a,b);
- cout << "CURVE_Fra:"; output(2,WORDS[3],a,m); cout << "," << endl;
- cout << "CURVE_Frb:"; output(2,WORDS[3],b,m); cout << "," << endl;
-
- Xa.set((ZZn)0,(ZZn)-1);
- Ya.set((ZZn)1,ZZn(0));
- Q.set(Xa,Ya);
-
- cofactor(Q,X,x);
-
- Q.get(Xa,Ya);
- Xa.get(a,b);
- cout << "CURVE_Pxa:"; output(2,WORDS[3],a,m); cout << "," << endl;
- cout << "CURVE_Pxb:"; output(2,WORDS[3],b,m); cout << "," << endl;
- Ya.get(a,b);
- cout << "CURVE_Pya:"; output(2,WORDS[3],a,m); cout << "," << endl;
- cout << "CURVE_Pyb:"; output(2,WORDS[3],b,m); cout << "," << endl;
-
-// Q*=q;
-// cout << "Q= " << Q << endl;
-
- cout << "CURVE_Gx :"; output(2,WORDS[3],p-1,m); cout << "," << endl;
- cout << "CURVE_Gy :"; output(2,WORDS[3],(Big)1,m); cout << "," << endl;
-
- cout << "CURVE_W:["; output(2,WORDS[3],6*x*x-4*x+1,m);cout << ","; output(2,WORDS[3],(2*x-1),m); cout << "]," << endl;
- cout << "CURVE_SB:["; cout << "["; output(2,WORDS[3],6*x*x-2*x,m); cout << ","; output(2,WORDS[3],(2*x-1),m); cout << "]";cout << ","; cout << "["; output(2,WORDS[3],(2*x-1),m); cout << ","; output(2,WORDS[3],q-(6*x*x-4*x+1),m); cout << "]"; cout << "]," << endl;
-
- cout << "CURVE_WB:["; output(2,WORDS[3],2*x*x-3*x+1,m); cout << ","; output(2,WORDS[3],12*x*x*x-8*x*x+x,m);
- cout << ","; output(2,WORDS[3],6*x*x*x-4*x*x+x,m); cout << ","; output(2,WORDS[3],2*x*x-x,m); cout << "]," << endl;
-
- cout << "CURVE_BB:[";
- cout << "[";
- output(2,WORDS[3],q-x+1,m);
- cout << ","; output(2,WORDS[3],q-x,m);
- cout << ","; output(2,WORDS[3],q-x,m);
- cout << ","; output(2,WORDS[3],2*x,m);
- cout << "]";
-
- cout << ","; cout << "[";output(2,WORDS[3],2*x-1,m);
- cout << ","; output(2,WORDS[3],q-x,m);
- cout << ","; output(2,WORDS[3],q-x+1,m);
- cout << ","; output(2,WORDS[3],q-x,m);
- cout << "]";
- cout << ","; cout << "["; output(2,WORDS[3],2*x,m);
- cout << ","; output(2,WORDS[3],2*x-1,m);
- cout << ","; output(2,WORDS[3],2*x-1,m);
- cout << ","; output(2,WORDS[3],2*x-1,m);
- cout << "]";
-
- cout << ","; cout << "["; output(2,WORDS[3],x+1,m);
- cout << ","; output(2,WORDS[3],4*x-2,m);
- cout << ","; output(2,WORDS[3],q-2*x-1,m);
- cout << ","; output(2,WORDS[3],x+1,m);
- cout << "]";
- cout << "]," << endl;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/bower.json
----------------------------------------------------------------------
diff --git a/bower.json b/bower.json
deleted file mode 100644
index 9a388dc..0000000
--- a/bower.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
- "name": "clint",
- "description": "AMCL cryptography js library",
- "authors": [
- "MIRACL Crypto Labs."
- ],
- "main": [
- "js/DBIG.js",
- "js/BIG.js",
- "js/FP.js",
- "js/ROM.js",
- "js/HASH.js",
- "js/RAND.js",
- "js/AES.js",
- "js/GPM.js",
- "js/ECP.js",
- "js/FP2.js",
- "js/ECP2.js",
- "js/FP4.js",
- "js/FP12.js",
- "js/PAIR.js",
- "js/MPIN.js",
- "js/MPINAuth.js"
- ],
- "ignore": [
- "**/.*",
- "c",
- "data",
- "docs",
- "java",
- "java64",
- "pythonCFFI",
- "swift",
- "testVectors",
- "*.*",
- "!*.json",
- "js/tests",
- "js/*.html",
- "js/*.txt"
- ],
- "keywords": [
- "JS",
- "front-end",
- "AMCL"
- ],
- "homepage": "http://miracl.com"
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/c/CMakeLists.txt b/c/CMakeLists.txt
deleted file mode 100644
index 663adbd..0000000
--- a/c/CMakeLists.txt
+++ /dev/null
@@ -1,291 +0,0 @@
-# Create AMCL library and examples
-
-# add the binary tree directory to the search path for include files and linking
-include_directories( ${CMAKE_CURRENT_BINARY_DIR} )
-link_directories( ${CMAKE_CURRENT_BINARY_DIR} )
-
-# post build: mv amcl_.h amcl.h
-if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/amcl.h")
- file(RENAME amcl.h amcl_.h)
-endif()
-file(COPY DLLDefines.h DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
-
-set(SOURCES_AMCL
-big.c
-fp.c
-ecp.c
-hash.c
-rand.c
-aes.c
-gcm.c
-oct.c
-rom.c
-fp2.c
-ecp2.c
-fp4.c
-fp12.c
-ff.c)
-
-# Build AMCL
-add_library(amcl ${LIB_TYPE} ${SOURCES_AMCL} version.c)
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- if(BUILD_SHARED_LIBS)
- message(STATUS "Build shared libs")
- target_link_libraries (amcl libm.so)
- else()
- message(STATUS "Build static libs")
- target_link_libraries (amcl libm.a)
- endif(BUILD_SHARED_LIBS)
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
-# Build libmpin
-if(BUILD_MPIN)
- add_library(mpin ${LIB_TYPE} pair.c mpin.c utils.c)
- target_link_libraries (mpin amcl)
- add_executable (testmpin testmpin.c)
- target_link_libraries (testmpin mpin)
-endif(BUILD_MPIN)
-
-# Build libwcc
-if(BUILD_WCC)
- message(STATUS "Build WCC")
- add_library(wcc ${LIB_TYPE} pair.c wcc.c utils.c)
- target_link_libraries (wcc amcl)
- add_executable (testwcc testwcc.c)
- add_executable (testwcc_tp testwcc_tp.c)
- add_executable (testwcc_dta testwcc_dta.c)
- target_link_libraries (testwcc wcc)
- target_link_libraries (testwcc_tp wcc)
- target_link_libraries (testwcc_dta wcc)
-endif(BUILD_WCC)
-
-# Copy built libs to c/tests which allows testing without
-# having to install the libs.
-if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- message(STATUS "Copy libamcl.dll to c/tests for testing")
- add_custom_command(
- TARGET amcl
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libamcl.dll" "${PROJECT_BINARY_DIR}/c/tests/")
-
- if(BUILD_MPIN)
- message(STATUS "Copy libmpin.dll to c/tests for testing")
- add_custom_command(
- TARGET mpin
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libmpin.dll" "${PROJECT_BINARY_DIR}/c/tests/")
- endif(BUILD_MPIN)
-
- if(BUILD_WCC)
- message(STATUS "Copy libwcc.dll to c/tests for testing")
- add_custom_command(
- TARGET wcc
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libwcc.dll" "${PROJECT_BINARY_DIR}/c/tests/")
- endif(BUILD_WCC)
-
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
-# Copy built libs to pythonCFFI which allows testing without
-# having to install the libs.
-if (BUILD_PYTHON AND BUILD_SHARED_LIBS)
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
- if(BUILD_MPIN)
- message(STATUS "Copy libmpin.so to pythonCFFI for testing")
- add_custom_command(
- TARGET mpin
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libmpin.so" "${PROJECT_BINARY_DIR}/pythonCFFI/")
- endif(BUILD_MPIN)
-
- if(BUILD_WCC)
- message(STATUS "Copy libwcc.so to pythonCFFI for testing")
- add_custom_command(
- TARGET wcc
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libwcc.so" "${PROJECT_BINARY_DIR}/pythonCFFI/")
- endif(BUILD_WCC)
-
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- message(STATUS "Copy libamcl.dll to pythonCFFI for testing")
- add_custom_command(
- TARGET amcl
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libamcl.dll" "${PROJECT_BINARY_DIR}/pythonCFFI/")
-
- if(BUILD_MPIN)
- message(STATUS "Copy libmpin.dll to pythonCFFI for testing")
- add_custom_command(
- TARGET mpin
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libmpin.dll" "${PROJECT_BINARY_DIR}/pythonCFFI/")
- endif(BUILD_MPIN)
-
- if(BUILD_WCC)
- message(STATUS "Copy libwcc.dll to pythonCFFI for testing")
- add_custom_command(
- TARGET wcc
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libwcc.dll" "${PROJECT_BINARY_DIR}/pythonCFFI/")
- endif(BUILD_WCC)
-
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
- if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-
- message(STATUS "Copy libamcl.dylib to pythonCFFI for testing")
- add_custom_command(
- TARGET amcl
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libamcl.dylib" "${PROJECT_BINARY_DIR}/pythonCFFI/")
-
- if(BUILD_MPIN)
- message(STATUS "Copy libmpin.dylib to pythonCFFI for testing")
- add_custom_command(
- TARGET mpin
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libmpin.dylib" "${PROJECT_BINARY_DIR}/pythonCFFI/")
- endif(BUILD_MPIN)
-
- if(BUILD_WCC)
- message(STATUS "Copy libwcc.dylib to pythonCFFI for testing")
- add_custom_command(
- TARGET wcc
- POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_BINARY_DIR}/libwcc.dylib" "${PROJECT_BINARY_DIR}/pythonCFFI/")
- endif(BUILD_WCC)
-
-
- endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-
-
-endif (BUILD_PYTHON AND BUILD_SHARED_LIBS)
-
-# Example programs
-add_executable (testecm testecm.c ecdh.c)
-add_executable (testecdh testecdh.c ecdh.c)
-add_executable (testrsa testrsa.c rsa.c)
-target_link_libraries (testecm amcl)
-target_link_libraries (testecdh amcl)
-target_link_libraries (testrsa amcl)
-
-add_subdirectory (tests)
-
-# Install libs and headers
-if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
- install(DIRECTORY DESTINATION include DIRECTORY_PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_WRITE GROUP_READ
- WORLD_WRITE WORLD_READ WORLD_EXECUTE)
- install (TARGETS amcl DESTINATION lib PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_BINARY_DIR}/amcl.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/utils.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/DLLDefines.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
-
- if(BUILD_MPIN)
- install (TARGETS mpin DESTINATION lib PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/mpin.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(BUILD_MPIN)
-
- if(BUILD_WCC)
- install (TARGETS wcc DESTINATION lib PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/wcc.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(BUILD_WCC)
-
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
- # Windows specific code
- install (TARGETS amcl DESTINATION lib)
- install (FILES ${CMAKE_CURRENT_BINARY_DIR}/amcl.h DESTINATION lib)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/utils.h DESTINATION lib)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/DLLDefines.h DESTINATION lib)
-
- if(BUILD_MPIN)
- install (TARGETS mpin DESTINATION lib)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/mpin.h DESTINATION lib)
- endif(BUILD_MPIN)
-
- if(BUILD_WCC)
- install (TARGETS wcc DESTINATION lib)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/wcc.h DESTINATION lib)
- endif(BUILD_WCC)
-
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- # Mac OS X specific code
- install(DIRECTORY DESTINATION include DIRECTORY_PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_WRITE GROUP_READ
- WORLD_WRITE WORLD_READ WORLD_EXECUTE)
- install (TARGETS amcl DESTINATION lib PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_BINARY_DIR}/amcl.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/utils.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/DLLDefines.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
-
- if(BUILD_MPIN)
- install (TARGETS mpin DESTINATION lib PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/mpin.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(BUILD_MPIN)
-
- if(BUILD_WCC)
- install (TARGETS wcc DESTINATION lib PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- install (FILES ${CMAKE_CURRENT_SOURCE_DIR}/wcc.h DESTINATION include PERMISSIONS
- OWNER_WRITE OWNER_READ OWNER_EXECUTE
- GROUP_READ GROUP_EXECUTE
- WORLD_READ WORLD_EXECUTE)
- endif(BUILD_WCC)
-
-
-endif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/DLLDefines.h
----------------------------------------------------------------------
diff --git a/c/DLLDefines.h b/c/DLLDefines.h
deleted file mode 100755
index 57655f3..0000000
--- a/c/DLLDefines.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Use with Visual Studio Compiler for building Shared libraries */
-#ifndef _DLLDEFINES_H_
-#define _DLLDEFINES_H_
-
-/* Cmake will define sok_EXPORTS and mpin_EXPORTS on Windows when it
-configures to build a shared library. If you are going to use
-another build system on windows or create the visual studio
-projects by hand you need to define sok_EXPORTS and mpin_EXPORTS when
-building a DLL on windows. */
-/* #define sok_EXPORTS */
-/* #define mpin_EXPORTS */
-
-
-#if defined (_MSC_VER)
-
- #define DLL_EXPORT extern
-/* This code does not work with cl */
-/* #if defined(sok_EXPORTS) || defined(mpin_EXPORTS) */
-/* #define DLL_EXPORT __declspec(dllexport) */
-/* #else */
-/* #define DLL_EXPORT __declspec(dllimport) */
-/* #endif /\* sok_EXPORTS || mpin_EXPORTS *\/ */
-
-#else /* defined (_WIN32) */
-
- #define DLL_EXPORT extern
-
-#endif
-
-#endif /* _DLLDEFINES_H_ */
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/aes.c
----------------------------------------------------------------------
diff --git a/c/aes.c b/c/aes.c
deleted file mode 100755
index d9360e9..0000000
--- a/c/aes.c
+++ /dev/null
@@ -1,620 +0,0 @@
-/*
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/*
- * Implementation of the NIST Advanced Ecryption Standard
- *
- * SU=m, SU is Stack Usage
- */
-
-#include <stdlib.h>
-#include "amcl.h"
-
-/* this is fixed */
-#define NB 4
-#define ROUNDS 10
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
-#define ROTL8(x) (((x)<<8)|((x)>>24))
-#define ROTL16(x) (((x)<<16)|((x)>>16))
-#define ROTL24(x) (((x)<<24)|((x)>>8))
-
-static const uchar InCo[4]={0xB,0xD,0x9,0xE}; /* Inverse Coefficients */
-
-static const uchar ptab[]=
-{1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
-95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
-229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
-83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
-76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
-131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
-181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
-254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
-251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
-195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
-159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
-155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
-252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
-69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
-18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
-57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1};
-
-static const uchar ltab[]=
-{0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
-100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
-125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
-101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
-150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
-102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
-126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
-43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
-175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
-44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
-127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
-204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
-151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
-83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
-68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
-103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7};
-
-static const uchar fbsub[]=
-{99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
-202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
-183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
-4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
-9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
-83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
-208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
-81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
-205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
-96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
-224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
-231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
-186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
-112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
-225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
-140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22};
-
-static const uchar rbsub[]=
-{82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
-124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
-84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
-8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
-114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
-108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
-144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
-208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
-58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
-150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
-71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
-252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
-31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
-96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
-160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
-23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125};
-
-static const unsign32 rco[]=
-{1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47};
-
-static const unsign32 ftable[]=
-{0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
-0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
-0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
-0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
-0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
-0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
-0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
-0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
-0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
-0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
-0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
-0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
-0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
-0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
-0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
-0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
-0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
-0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
-0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
-0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
-0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
-0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
-0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
-0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
-0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
-0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
-0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
-0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
-0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
-0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
-0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
-0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
-0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
-0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
-0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
-0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
-0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
-0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
-0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
-0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
-0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
-0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
-0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c};
-
-static const unsign32 rtable[]=
-{0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
-0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
-0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
-0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
-0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
-0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
-0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
-0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
-0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
-0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
-0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
-0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
-0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
-0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
-0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
-0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
-0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
-0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
-0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
-0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
-0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
-0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
-0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
-0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
-0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
-0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
-0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
-0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
-0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
-0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
-0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
-0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
-0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
-0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
-0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
-0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
-0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
-0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
-0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
-0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
-0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
-0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
-0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0};
-
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{ /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{ /* unpack bytes from a word */
- b[0]=MR_TOBYTE(a);
- b[1]=MR_TOBYTE(a>>8);
- b[2]=MR_TOBYTE(a>>16);
- b[3]=MR_TOBYTE(a>>24);
-}
-
-/* SU= 8 */
-static uchar bmul(uchar x,uchar y)
-{ /* x.y= AntiLog(Log(x) + Log(y)) */
- if (x && y) return ptab[(ltab[x]+ltab[y])%255];
- else return 0;
-}
-
-static unsign32 SubByte(unsign32 a)
-{
- uchar b[4];
- unpack(a,b);
- b[0]=fbsub[b[0]];
- b[1]=fbsub[b[1]];
- b[2]=fbsub[b[2]];
- b[3]=fbsub[b[3]];
- return pack(b);
-}
-
-/* SU= 16 */
-static uchar product(unsign32 x,unsign32 y)
-{ /* dot product of two 4-byte arrays */
- uchar xb[4],yb[4];
- unpack(x,xb);
- unpack(y,yb);
- return bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]);
-}
-
-static unsign32 InvMixCol(unsign32 x)
-{ /* matrix Multiplication */
- unsign32 y,m;
- uchar b[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
-}
-
-/* SU= 8 */
-/* reset cipher */
-void AES_reset(aes *a,int mode,char *iv)
-{ /* reset mode, or reset iv */
- int i;
- a->mode=mode;
- for (i=0;i<4*NB;i++)
- a->f[i]=0;
- if (mode!=ECB && iv!=NULL)
- {
- for (i=0;i<4*NB;i++)
- a->f[i]=iv[i];
- }
-}
-
-void AES_getreg(aes *a,char *ir)
-{
- int i;
- for (i=0;i<4*NB;i++) ir[i]=a->f[i];
-}
-
-/* SU= 72 */
-/* Initialise cipher */
-void AES_init(aes* a,int mode,char *key,char *iv)
-{ /* Key=16 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nk;
- unsign32 CipherKey[4];
-
- nk=4;
-
- AES_reset(a,mode,iv);
-
- N=NB*(ROUNDS+1);
-
- for (i=j=0;i<nk;i++,j+=4)
- {
- CipherKey[i]=pack((uchar *)&key[j]);
- }
- for (i=0;i<nk;i++) a->fkey[i]=CipherKey[i];
- for (j=nk,k=0;j<N;j+=nk,k++)
- {
- a->fkey[j]=a->fkey[j-nk]^SubByte(ROTL24(a->fkey[j-1]))^rco[k];
-
- for (i=1;i<nk && (i+j)<N;i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
-
- }
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0;j<NB;j++) a->rkey[j+N-NB]=a->fkey[j];
- for (i=NB;i<N-NB;i+=NB)
- {
- k=N-NB-i;
- for (j=0;j<NB;j++) a->rkey[k+j]=InvMixCol(a->fkey[i+j]);
- }
- for (j=N-NB;j<N;j++) a->rkey[j-N+NB]=a->fkey[j];
-
-}
-
-/* SU= 80 */
-/* Encrypt a single block */
-void AES_ecb_encrypt(aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0;i<NB;i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->fkey[i];
- }
-
- k=NB;
- x=p; y=q;
-
-/* State alternates between x and y */
- for (i=1;i<ROUNDS;i++)
- {
-
- y[0]=a->fkey[k]^ftable[MR_TOBYTE(x[0])]^
- ROTL8(ftable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(ftable[x[3]>>24]);
- y[1]=a->fkey[k+1]^ftable[MR_TOBYTE(x[1])]^
- ROTL8(ftable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(ftable[x[0]>>24]);
- y[2]=a->fkey[k+2]^ftable[MR_TOBYTE(x[2])]^
- ROTL8(ftable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(ftable[x[1]>>24]);
- y[3]=a->fkey[k+3]^ftable[MR_TOBYTE(x[3])]^
- ROTL8(ftable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(ftable[x[2]>>24]);
-
- k+=4;
- t=x; x=y; y=t; /* swap pointers */
- }
-
-/* Last Round */
-
- y[0]=a->fkey[k]^(unsign32)fbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)fbsub[x[3]>>24]);
- y[1]=a->fkey[k+1]^(unsign32)fbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)fbsub[x[0]>>24]);
- y[2]=a->fkey[k+2]^(unsign32)fbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)fbsub[x[1]>>24]);
- y[3]=a->fkey[k+3]^(unsign32)fbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)fbsub[x[2]>>24]);
-
- for (i=j=0;i<NB;i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-}
-
-/* SU= 80 */
-/* Decrypt a single block */
-void AES_ecb_decrypt(aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0;i<NB;i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->rkey[i];
- }
-
- k=NB;
- x=p; y=q;
-
-/* State alternates between x and y */
- for (i=1;i<ROUNDS;i++)
- { /* Nr is number of rounds. May be odd. */
-
- y[0]=a->rkey[k]^rtable[MR_TOBYTE(x[0])]^
- ROTL8(rtable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(rtable[x[1]>>24]);
- y[1]=a->rkey[k+1]^rtable[MR_TOBYTE(x[1])]^
- ROTL8(rtable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(rtable[x[2]>>24]);
- y[2]=a->rkey[k+2]^rtable[MR_TOBYTE(x[2])]^
- ROTL8(rtable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(rtable[x[3]>>24]);
- y[3]=a->rkey[k+3]^rtable[MR_TOBYTE(x[3])]^
- ROTL8(rtable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(rtable[x[0]>>24]);
-
- k+=4;
- t=x; x=y; y=t; /* swap pointers */
- }
-
-
-/* Last Round */
- y[0]=a->rkey[k]^(unsign32)rbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)rbsub[x[1]>>24]);
- y[1]=a->rkey[k+1]^(unsign32)rbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)rbsub[x[2]>>24]);
- y[2]=a->rkey[k+2]^(unsign32)rbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)rbsub[x[3]>>24]);
- y[3]=a->rkey[k+3]^(unsign32)rbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)rbsub[x[0]>>24]);
-
- for (i=j=0;i<NB;i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-
-}
-
-/* SU= 40 */
-/* Encrypt using selected mode of operation */
-unsign32 AES_encrypt(aes* a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
-/* Supported Modes of Operation */
-
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_encrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0;j<4*NB;j++) buff[j]^=a->f[j];
- AES_ecb_encrypt(a,(uchar *)buff);
- for (j=0;j<4*NB;j++) a->f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0;j<4*NB;j++) st[j]=a->f[j];
- for (j=bytes;j<4*NB;j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0;j<bytes;j++)
- {
- buff[j]^=st[j];
- a->f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0;j<bytes;j++) buff[j]^=a->f[j];
- return 0;
-
- default:
- return 0;
- }
-}
-
-/* SU= 40 */
-/* Decrypt using selected mode of operation */
-unsign32 AES_decrypt(aes *a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported modes of operation */
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_decrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0;j<4*NB;j++)
- {
- st[j]=a->f[j];
- a->f[j]=buff[j];
- }
- AES_ecb_decrypt(a,(uchar *)buff);
- for (j=0;j<4*NB;j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0;j<bytes;j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0;j<4*NB;j++) st[j]=a->f[j];
- for (j=bytes;j<4*NB;j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0;j<bytes;j++)
- {
- a->f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0;j<bytes;j++) buff[j]^=a->f[j];
- return 0;
-
-
- default:
- return 0;
- }
-}
-
-/* Clean up and delete left-overs */
-void AES_end(aes *a)
-{ /* clean up */
- int i;
- for (i=0;i<NB*(ROUNDS+1);i++)
- a->fkey[i]=a->rkey[i]=0;
- for (i=0;i<4*NB;i++)
- a->f[i]=0;
-}
-
-/*
-int main()
-{
- int i;
- aes a;
- unsign32 t;
- uchar x,y;
-
- char key[16];
- char block[16];
- char iv[16];
- for (i=0;i<16;i++) key[i]=0;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=i;
- for (i=0;i<16;i++) block[i]=i;
-
- AES_init(&a,CBC,key,iv);
-
- printf("Plain= ");
- for (i=0;i<16;i++) printf("%02x",block[i]);
- printf("\n");
- AES_encrypt(&a,block);
- printf("Encrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
- AES_reset(&a,CBC,iv);
- AES_decrypt(&a,block);
- printf("Decrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
-
- AES_end(&a);
-
- return 0;
-}
-
-*/
-
[06/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/ecp.c
----------------------------------------------------------------------
diff --git a/version22/c/ecp.c b/version22/c/ecp.c
new file mode 100644
index 0000000..a6dcfad
--- /dev/null
+++ b/version22/c/ecp.c
@@ -0,0 +1,1176 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL Elliptic Curve Functions */
+/* SU=m, SU is Stack Usage (Weierstrass Curves) */
+
+//#define HAS_MAIN
+
+#include "amcl.h"
+
+/* test for P=O point-at-infinity */
+int ECP_isinf(ECP *P)
+{
+#if CURVETYPE==EDWARDS
+ FP_reduce(P->x);
+ FP_reduce(P->y);
+ FP_reduce(P->z);
+ return (BIG_iszilch(P->x) && BIG_comp(P->y,P->z)==0);
+#else
+ return P->inf;
+#endif
+}
+
+/* Conditional swap of P and Q dependant on d */
+static void ECP_cswap(ECP *P,ECP *Q,int d)
+{
+ BIG_cswap(P->x,Q->x,d);
+#if CURVETYPE!=MONTGOMERY
+ BIG_cswap(P->y,Q->y,d);
+#endif
+ BIG_cswap(P->z,Q->z,d);
+#if CURVETYPE!=EDWARDS
+ d=~(d-1);
+ d=d&(P->inf^Q->inf);
+ P->inf^=d;
+ Q->inf^=d;
+#endif
+}
+
+#if CURVETYPE!=MONTGOMERY
+/* Conditional move Q to P dependant on d */
+static void ECP_cmove(ECP *P,ECP *Q,int d)
+{
+ BIG_cmove(P->x,Q->x,d);
+#if CURVETYPE!=MONTGOMERY
+ BIG_cmove(P->y,Q->y,d);
+#endif
+ BIG_cmove(P->z,Q->z,d);
+#if CURVETYPE!=EDWARDS
+ d=~(d-1);
+ P->inf^=(P->inf^Q->inf)&d;
+#endif
+}
+
+/* return 1 if b==c, no branching */
+static int teq(sign32 b,sign32 c)
+{
+ sign32 x=b^c;
+ x-=1; // if x=0, x now -1
+ return (int)((x>>31)&1);
+}
+#endif // CURVETYPE!=MONTGOMERY
+
+#if CURVETYPE!=MONTGOMERY
+/* Constant time select from pre-computed table */
+static void ECP_select(ECP *P,ECP W[],sign32 b)
+{
+ ECP MP;
+ sign32 m=b>>31;
+ sign32 babs=(b^m)-m;
+
+ babs=(babs-1)/2;
+
+ ECP_cmove(P,&W[0],teq(babs,0)); // conditional move
+ ECP_cmove(P,&W[1],teq(babs,1));
+ ECP_cmove(P,&W[2],teq(babs,2));
+ ECP_cmove(P,&W[3],teq(babs,3));
+ ECP_cmove(P,&W[4],teq(babs,4));
+ ECP_cmove(P,&W[5],teq(babs,5));
+ ECP_cmove(P,&W[6],teq(babs,6));
+ ECP_cmove(P,&W[7],teq(babs,7));
+
+ ECP_copy(&MP,P);
+ ECP_neg(&MP); // minus P
+ ECP_cmove(P,&MP,(int)(m&1));
+}
+#endif
+
+/* Test P == Q */
+/* SU=168 */
+int ECP_equals(ECP *P,ECP *Q)
+{
+#if CURVETYPE==WEIERSTRASS
+ BIG pz2,qz2,a,b;
+ if (ECP_isinf(P) && ECP_isinf(Q)) return 1;
+ if (ECP_isinf(P) || ECP_isinf(Q)) return 0;
+
+ FP_sqr(pz2,P->z);
+ FP_sqr(qz2,Q->z);
+
+ FP_mul(a,P->x,qz2);
+ FP_mul(b,Q->x,pz2);
+ FP_reduce(a);
+ FP_reduce(b);
+ if (BIG_comp(a,b)!=0) return 0;
+
+ FP_mul(a,P->y,qz2);
+ FP_mul(a,a,Q->z);
+ FP_mul(b,Q->y,pz2);
+ FP_mul(b,b,P->z);
+ FP_reduce(a);
+ FP_reduce(b);
+ if (BIG_comp(a,b)!=0) return 0;
+ return 1;
+#else
+ BIG a,b;
+ if (ECP_isinf(P) && ECP_isinf(Q)) return 1;
+ if (ECP_isinf(P) || ECP_isinf(Q)) return 0;
+
+ FP_mul(a,P->x,Q->z);
+ FP_mul(b,Q->x,P->z);
+ FP_reduce(a);
+ FP_reduce(b);
+ if (BIG_comp(a,b)!=0) return 0;
+
+#if CURVETYPE==EDWARDS
+ FP_mul(a,P->y,Q->z);
+ FP_mul(b,Q->y,P->z);
+ FP_reduce(a);
+ FP_reduce(b);
+ if (BIG_comp(a,b)!=0) return 0;
+#endif
+
+ return 1;
+#endif
+}
+
+/* Set P=Q */
+/* SU=16 */
+void ECP_copy(ECP *P,ECP *Q)
+{
+#if CURVETYPE!=EDWARDS
+ P->inf=Q->inf;
+#endif
+ BIG_copy(P->x,Q->x);
+#if CURVETYPE!=MONTGOMERY
+ BIG_copy(P->y,Q->y);
+#endif
+ BIG_copy(P->z,Q->z);
+}
+
+/* Set P=-Q */
+#if CURVETYPE!=MONTGOMERY
+/* SU=8 */
+void ECP_neg(ECP *P)
+{
+ if (ECP_isinf(P)) return;
+#if CURVETYPE==WEIERSTRASS
+ FP_neg(P->y,P->y);
+ BIG_norm(P->y);
+#else
+ FP_neg(P->x,P->x);
+ BIG_norm(P->x);
+#endif
+
+}
+#endif
+
+/* Set P=O */
+void ECP_inf(ECP *P)
+{
+#if CURVETYPE==EDWARDS
+ BIG_zero(P->x);
+ FP_one(P->y);
+ FP_one(P->z);
+#else
+ P->inf=1;
+#endif
+}
+
+/* Calculate right Hand Side of curve equation y^2=RHS */
+/* SU=56 */
+void ECP_rhs(BIG v,BIG x)
+{
+#if CURVETYPE==WEIERSTRASS
+ /* x^3+Ax+B */
+ BIG t;
+ FP_sqr(t,x);
+ FP_mul(t,t,x);
+
+ if (CURVE_A==-3)
+ {
+ FP_neg(v,x);
+ BIG_norm(v);
+ BIG_imul(v,v,-CURVE_A);
+ BIG_norm(v);
+ FP_add(v,t,v);
+ }
+ else BIG_copy(v,t);
+
+ BIG_rcopy(t,CURVE_B);
+ FP_nres(t);
+ FP_add(v,t,v);
+ FP_reduce(v);
+#endif
+
+#if CURVETYPE==EDWARDS
+ /* (Ax^2-1)/(Bx^2-1) */
+ BIG t,m,one;
+ BIG_rcopy(m,Modulus);
+ FP_sqr(v,x);
+ FP_one(one);
+ BIG_rcopy(t,CURVE_B);
+ FP_nres(t);
+ FP_mul(t,v,t);
+ FP_sub(t,t,one);
+ if (CURVE_A==1) FP_sub(v,v,one);
+
+ if (CURVE_A==-1)
+ {
+ FP_add(v,v,one);
+ FP_neg(v,v);
+ }
+ FP_redc(v);
+ FP_redc(t);
+ BIG_moddiv(v,v,t,m);
+ FP_nres(v);
+#endif
+
+#if CURVETYPE==MONTGOMERY
+ /* x^3+Ax^2+x */
+ BIG x2,x3;
+ FP_sqr(x2,x);
+ FP_mul(x3,x2,x);
+ BIG_copy(v,x);
+ FP_imul(x2,x2,CURVE_A);
+ FP_add(v,v,x2);
+ FP_add(v,v,x3);
+ FP_reduce(v);
+#endif
+}
+
+/* Set P=(x,y) */
+
+#if CURVETYPE==MONTGOMERY
+
+/* Set P=(x,{y}) */
+
+int ECP_set(ECP *P,BIG x)
+{
+ BIG m,rhs;
+ BIG_rcopy(m,Modulus);
+ BIG_copy(rhs,x);
+ FP_nres(rhs);
+ ECP_rhs(rhs,rhs);
+ FP_redc(rhs);
+
+ if (BIG_jacobi(rhs,m)!=1)
+ {
+ ECP_inf(P);
+ return 0;
+ }
+ P->inf=0;
+ BIG_copy(P->x,x);
+ FP_nres(P->x);
+ FP_one(P->z);
+ return 1;
+}
+
+/* Extract x coordinate as BIG */
+int ECP_get(BIG x,ECP *P)
+{
+ if (ECP_isinf(P)) return -1;
+ ECP_affine(P);
+ BIG_copy(x,P->x);
+ FP_redc(x);
+ return 0;
+}
+
+
+#else
+/* Extract (x,y) and return sign of y. If x and y are the same return only x */
+/* SU=16 */
+int ECP_get(BIG x,BIG y,ECP *P)
+{
+ int s;
+#if CURVETYPE!=EDWARDS
+ if (ECP_isinf(P)) return -1;
+#endif
+ ECP_affine(P);
+
+ BIG_copy(y,P->y);
+ FP_redc(y);
+
+ s=BIG_parity(y);
+
+ BIG_copy(x,P->x);
+ FP_redc(x);
+
+ return s;
+}
+
+/* Set P=(x,{y}) */
+/* SU=96 */
+int ECP_set(ECP *P,BIG x,BIG y)
+{
+ BIG rhs,y2;
+ BIG_copy(y2,y);
+
+ FP_nres(y2);
+ FP_sqr(y2,y2);
+ FP_reduce(y2);
+
+
+
+ BIG_copy(rhs,x);
+ FP_nres(rhs);
+
+ ECP_rhs(rhs,rhs);
+
+ if (BIG_comp(y2,rhs)!=0)
+ {
+ ECP_inf(P);
+ return 0;
+ }
+#if CURVETYPE==WEIERSTRASS
+ P->inf=0;
+#endif
+ BIG_copy(P->x,x);
+ FP_nres(P->x);
+ BIG_copy(P->y,y);
+ FP_nres(P->y);
+ FP_one(P->z);
+ return 1;
+}
+
+/* Set P=(x,y), where y is calculated from x with sign s */
+/* SU=136 */
+int ECP_setx(ECP *P,BIG x,int s)
+{
+ BIG t,rhs,m;
+ BIG_rcopy(m,Modulus);
+
+ BIG_copy(rhs,x);
+ FP_nres(rhs);
+ ECP_rhs(rhs,rhs);
+ BIG_copy(t,rhs);
+ FP_redc(t);
+ if (BIG_jacobi(t,m)!=1)
+ {
+ ECP_inf(P);
+ return 0;
+ }
+#if CURVETYPE==WEIERSTRASS
+ P->inf=0;
+#endif
+ BIG_copy(P->x,x);
+ FP_nres(P->x);
+
+ FP_sqrt(P->y,rhs);
+ BIG_copy(rhs,P->y);
+ FP_redc(rhs);
+ if (BIG_parity(rhs)!=s)
+ FP_neg(P->y,P->y);
+ FP_reduce(P->y);
+ FP_one(P->z);
+ return 1;
+}
+
+#endif
+
+/* Convert P to Affine, from (x,y,z) to (x,y) */
+/* SU=160 */
+void ECP_affine(ECP *P)
+{
+ BIG one,iz,m;
+#if CURVETYPE==WEIERSTRASS
+ BIG izn;
+ if (ECP_isinf(P)) return;
+ FP_one(one);
+ if (BIG_comp(P->z,one)==0) return;
+ BIG_rcopy(m,Modulus);
+
+ FP_redc(P->z);
+ BIG_invmodp(iz,P->z,m);
+ FP_nres(iz);
+
+ FP_sqr(izn,iz);
+ FP_mul(P->x,P->x,izn);
+ FP_mul(izn,izn,iz);
+ FP_mul(P->y,P->y,izn);
+ FP_reduce(P->y);
+
+#endif
+#if CURVETYPE==EDWARDS
+ FP_one(one);
+ if (BIG_comp(P->z,one)==0) return;
+ BIG_rcopy(m,Modulus);
+
+ FP_redc(P->z);
+ BIG_invmodp(iz,P->z,m);
+ FP_nres(iz);
+
+ FP_mul(P->x,P->x,iz);
+ FP_mul(P->y,P->y,iz);
+ FP_reduce(P->y);
+
+#endif
+#if CURVETYPE==MONTGOMERY
+ if (ECP_isinf(P)) return;
+ FP_one(one);
+ if (BIG_comp(P->z,one)==0) return;
+
+ BIG_rcopy(m,Modulus);
+
+ FP_redc(P->z);
+ BIG_invmodp(iz,P->z,m);
+ FP_nres(iz);
+
+ FP_mul(P->x,P->x,iz);
+
+#endif
+ FP_reduce(P->x);
+ BIG_copy(P->z,one);
+}
+
+/* SU=120 */
+void ECP_outputxyz(ECP *P)
+{
+ BIG x,z;
+ if (ECP_isinf(P))
+ {
+ printf("Infinity\n");
+ return;
+ }
+ BIG_copy(x,P->x);
+ FP_reduce(x);
+ FP_redc(x);
+ BIG_copy(z,P->z);
+ FP_reduce(z);
+ FP_redc(z);
+
+#if CURVETYPE!=MONTGOMERY
+ BIG y;
+ BIG_copy(y,P->y);
+ FP_reduce(y);
+ FP_redc(y);
+ printf("(");
+ BIG_output(x);
+ printf(",");
+ BIG_output(y);
+ printf(",");
+ BIG_output(z);
+ printf(")\n");
+
+#else
+ printf("(");
+ BIG_output(x);
+ printf(",");
+ BIG_output(z);
+ printf(")\n");
+#endif
+}
+
+/* SU=16 */
+/* Output point P */
+void ECP_output(ECP *P)
+{
+ if (ECP_isinf(P))
+ {
+ printf("Infinity\n");
+ return;
+ }
+ ECP_affine(P);
+#if CURVETYPE!=MONTGOMERY
+ FP_redc(P->x);
+ FP_redc(P->y);
+ printf("(");
+ BIG_output(P->x);
+ printf(",");
+ BIG_output(P->y);
+ printf(")\n");
+ FP_nres(P->x);
+ FP_nres(P->y);
+#else
+ FP_redc(P->x);
+ printf("(");
+ BIG_output(P->x);
+ printf(")\n");
+ FP_nres(P->x);
+#endif
+}
+
+
+/* SU=88 */
+/* Convert P to octet string */
+void ECP_toOctet(octet *W,ECP *P)
+{
+#if CURVETYPE==MONTGOMERY
+ BIG x;
+ ECP_get(x,P);
+ W->len=MODBYTES+1;
+ W->val[0]=6;
+ BIG_toBytes(&(W->val[1]),x);
+#else
+ BIG x,y;
+ ECP_get(x,y,P);
+ W->len=2*MODBYTES+1;
+ W->val[0]=4;
+ BIG_toBytes(&(W->val[1]),x);
+ BIG_toBytes(&(W->val[MODBYTES+1]),y);
+#endif
+}
+
+/* SU=88 */
+/* Restore P from octet string */
+int ECP_fromOctet(ECP *P,octet *W)
+{
+#if CURVETYPE==MONTGOMERY
+ BIG x;
+ BIG_fromBytes(x,&(W->val[1]));
+ if (ECP_set(P,x)) return 1;
+ return 0;
+#else
+ BIG x,y;
+ BIG_fromBytes(x,&(W->val[1]));
+ BIG_fromBytes(y,&(W->val[MODBYTES+1]));
+ if (ECP_set(P,x,y)) return 1;
+ return 0;
+#endif
+}
+
+
+/* Set P=2P */
+/* SU=272 */
+void ECP_dbl(ECP *P)
+{
+#if CURVETYPE==WEIERSTRASS
+ BIG one;
+ BIG w1,w7,w8,w2,w3,w6;
+ if (ECP_isinf(P)) return;
+
+ if (BIG_iszilch(P->y))
+ {
+ P->inf=1;
+ return;
+ }
+ FP_one(one);
+ BIG_zero(w6);
+
+ if (CURVE_A==-3)
+ {
+ if (BIG_comp(P->z,one)==0) BIG_copy(w6,one);
+ else FP_sqr(w6,P->z);
+ FP_neg(w1,w6);
+ FP_add(w3,P->x,w1);
+ FP_add(w8,P->x,w6);
+ FP_mul(w3,w3,w8);
+ BIG_imul(w8,w3,3);
+ }
+ else
+ {
+ /* assuming A=0 */
+ FP_sqr(w1,P->x);
+ BIG_imul(w8,w1,3);
+ }
+
+ FP_sqr(w2,P->y);
+ FP_mul(w3,P->x,w2);
+
+ BIG_imul(w3,w3,4);
+ FP_neg(w1,w3);
+
+ BIG_norm(w1);
+
+ FP_sqr(P->x,w8);
+ FP_add(P->x,P->x,w1);
+ FP_add(P->x,P->x,w1);
+
+ BIG_norm(P->x);
+
+ if (BIG_comp(P->z,one)==0) BIG_copy(P->z,P->y);
+ else FP_mul(P->z,P->z,P->y);
+ FP_add(P->z,P->z,P->z);
+
+
+ FP_add(w7,w2,w2);
+ FP_sqr(w2,w7);
+
+ FP_add(w2,w2,w2);
+ FP_sub(w3,w3,P->x);
+ FP_mul(P->y,w8,w3);
+
+ FP_sub(P->y,P->y,w2);
+
+ BIG_norm(P->y);
+ BIG_norm(P->z);
+
+#endif
+
+#if CURVETYPE==EDWARDS
+ /* Not using square for multiplication swap, as (1) it needs more adds, and (2) it triggers more reductions */
+ BIG B,C,D,E,F,H,J;
+
+ FP_mul(B,P->x,P->y);
+ FP_add(B,B,B);
+ FP_sqr(C,P->x);
+ FP_sqr(D,P->y);
+ if (CURVE_A==1) BIG_copy(E,C);
+ if (CURVE_A==-1) FP_neg(E,C);
+ FP_add(F,E,D);
+
+ BIG_norm(F);
+
+ FP_sqr(H,P->z);
+ FP_add(H,H,H);
+ FP_sub(J,F,H);
+ FP_mul(P->x,B,J);
+ FP_sub(E,E,D);
+ FP_mul(P->y,F,E);
+ FP_mul(P->z,F,J);
+
+ BIG_norm(P->x);
+ BIG_norm(P->y);
+ BIG_norm(P->z);
+
+#endif
+
+#if CURVETYPE==MONTGOMERY
+ BIG A,B,AA,BB,C;
+ if (ECP_isinf(P)) return;
+
+ FP_add(A,P->x,P->z);
+ FP_sqr(AA,A);
+ FP_sub(B,P->x,P->z);
+ FP_sqr(BB,B);
+ FP_sub(C,AA,BB);
+
+ FP_mul(P->x,AA,BB);
+ FP_imul(A,C,(CURVE_A+2)/4);
+ FP_add(BB,BB,A);
+ FP_mul(P->z,BB,C);
+
+ BIG_norm(P->x);
+ BIG_norm(P->z);
+#endif
+}
+
+#if CURVETYPE==MONTGOMERY
+
+/* Set P+=Q. W is difference between P and Q and is affine */
+void ECP_add(ECP *P,ECP *Q,ECP *W)
+{
+ BIG A,B,C,D,DA,CB;
+
+ FP_add(A,P->x,P->z);
+ FP_sub(B,P->x,P->z);
+
+ FP_add(C,Q->x,Q->z);
+ FP_sub(D,Q->x,Q->z);
+
+ FP_mul(DA,D,A);
+ FP_mul(CB,C,B);
+
+ FP_add(A,DA,CB);
+ FP_sqr(A,A);
+ FP_sub(B,DA,CB);
+ FP_sqr(B,B);
+
+ BIG_copy(P->x,A);
+ FP_mul(P->z,W->x,B);
+
+ FP_reduce(P->z);
+ if (BIG_iszilch(P->z)) P->inf=1;
+ else P->inf=0;
+
+ BIG_norm(P->x);
+}
+
+
+#else
+
+/* Set P+=Q */
+/* SU=248 */
+void ECP_add(ECP *P,ECP *Q)
+{
+#if CURVETYPE==WEIERSTRASS
+ int aff;
+ BIG one,B,D,E,C,A;
+ if (ECP_isinf(Q)) return;
+ if (ECP_isinf(P))
+ {
+ ECP_copy(P,Q);
+ return;
+ }
+
+ FP_one(one);
+ aff=1;
+ if (BIG_comp(Q->z,one)!=0) aff=0;
+
+ if (!aff)
+ {
+ FP_sqr(A,Q->z);
+ FP_mul(C,A,Q->z);
+
+ FP_sqr(B,P->z);
+ FP_mul(D,B,P->z);
+
+ FP_mul(A,P->x,A);
+ FP_mul(C,P->y,C);
+ }
+ else
+ {
+ BIG_copy(A,P->x);
+ BIG_copy(C,P->y);
+
+ FP_sqr(B,P->z);
+ FP_mul(D,B,P->z);
+ }
+
+ FP_mul(B,Q->x,B);
+ FP_sub(B,B,A); /* B=Qx.z^2-x.Qz^2 */
+ FP_mul(D,Q->y,D);
+ FP_sub(D,D,C); /* D=Qy.z^3-y.Qz^3 */
+
+ FP_reduce(B);
+ if (BIG_iszilch(B))
+ {
+ FP_reduce(D);
+ if (BIG_iszilch(D))
+ {
+ ECP_dbl(P);
+ return;
+ }
+ else
+ {
+ ECP_inf(P);
+ return;
+ }
+ }
+ if (!aff) FP_mul(P->z,P->z,Q->z);
+ FP_mul(P->z,P->z,B);
+
+ FP_sqr(E,B);
+ FP_mul(B,B,E);
+ FP_mul(A,A,E);
+
+ FP_add(E,A,A);
+ FP_add(E,E,B);
+
+ FP_sqr(P->x,D);
+ FP_sub(P->x,P->x,E);
+
+ FP_sub(A,A,P->x);
+ FP_mul(P->y,A,D);
+ FP_mul(C,C,B);
+ FP_sub(P->y,P->y,C);
+
+ BIG_norm(P->x);
+ BIG_norm(P->y);
+ BIG_norm(P->z);
+
+#else
+ BIG b,A,B,C,D,E,F,G;
+
+ BIG_rcopy(b,CURVE_B);
+ FP_nres(b);
+ FP_mul(A,P->z,Q->z);
+
+ FP_sqr(B,A);
+ FP_mul(C,P->x,Q->x);
+ FP_mul(D,P->y,Q->y);
+ FP_mul(E,C,D);
+ FP_mul(E,E,b);
+
+ FP_sub(F,B,E);
+ FP_add(G,B,E);
+
+ if (CURVE_A==1) FP_sub(E,D,C);
+ FP_add(C,C,D);
+
+ FP_add(B,P->x,P->y);
+ FP_add(D,Q->x,Q->y);
+ FP_mul(B,B,D);
+ FP_sub(B,B,C);
+ FP_mul(B,B,F);
+ FP_mul(P->x,A,B);
+
+
+ if (CURVE_A==1) FP_mul(C,E,G);
+ if (CURVE_A==-1)FP_mul(C,C,G);
+
+ FP_mul(P->y,A,C);
+ FP_mul(P->z,F,G);
+
+ BIG_norm(P->x);
+ BIG_norm(P->y);
+ BIG_norm(P->z);
+
+#endif
+}
+
+/* Set P-=Q */
+/* SU=16 */
+void ECP_sub(ECP *P,ECP *Q)
+{
+ ECP_neg(Q);
+ ECP_add(P,Q);
+ ECP_neg(Q);
+}
+
+#endif
+
+
+#if CURVETYPE==WEIERSTRASS
+/* normalises array of points. Assumes P[0] is normalised already */
+
+static void ECP_multiaffine(int m,ECP P[],BIG work[])
+{
+ int i;
+ BIG t1,t2;
+
+ FP_one(work[0]);
+ BIG_copy(work[1],P[0].z);
+ for (i=2; i<m; i++)
+ FP_mul(work[i],work[i-1],P[i-1].z);
+
+ FP_mul(t1,work[m-1],P[m-1].z);
+ FP_inv(t1,t1);
+
+ BIG_copy(t2,P[m-1].z);
+ FP_mul(work[m-1],work[m-1],t1);
+
+ for (i=m-2;; i--)
+ {
+ if (i==0)
+ {
+ FP_mul(work[0],t1,t2);
+ break;
+ }
+ FP_mul(work[i],work[i],t2);
+ FP_mul(work[i],work[i],t1);
+ FP_mul(t2,P[i].z,t2);
+ }
+ /* now work[] contains inverses of all Z coordinates */
+
+ for (i=0; i<m; i++)
+ {
+ FP_one(P[i].z);
+ FP_sqr(t1,work[i]);
+ FP_mul(P[i].x,P[i].x,t1);
+ FP_mul(t1,work[i],t1);
+ FP_mul(P[i].y,P[i].y,t1);
+ }
+}
+
+#endif
+
+#if CURVETYPE!=MONTGOMERY
+/* constant time multiply by small integer of length bts - use ladder */
+void ECP_pinmul(ECP *P,int e,int bts)
+{
+ int i,b;
+ ECP R0,R1;
+
+ ECP_affine(P);
+ ECP_inf(&R0);
+ ECP_copy(&R1,P);
+
+ for (i=bts-1; i>=0; i--)
+ {
+ b=(e>>i)&1;
+ ECP_copy(P,&R1);
+ ECP_add(P,&R0);
+ ECP_cswap(&R0,&R1,b);
+ ECP_copy(&R1,P);
+ ECP_dbl(&R0);
+ ECP_cswap(&R0,&R1,b);
+ }
+ ECP_copy(P,&R0);
+ ECP_affine(P);
+}
+#endif
+
+/* Set P=r*P */
+/* SU=424 */
+void ECP_mul(ECP *P,BIG e)
+{
+#if CURVETYPE==MONTGOMERY
+ /* Montgomery ladder */
+ int nb,i,b;
+ ECP R0,R1,D;
+ if (ECP_isinf(P)) return;
+ if (BIG_iszilch(e))
+ {
+ ECP_inf(P);
+ return;
+ }
+ ECP_affine(P);
+
+ ECP_copy(&R0,P);
+ ECP_copy(&R1,P);
+ ECP_dbl(&R1);
+ ECP_copy(&D,P);
+
+ nb=BIG_nbits(e);
+ for (i=nb-2; i>=0; i--)
+ {
+ b=BIG_bit(e,i);
+ ECP_copy(P,&R1);
+ ECP_add(P,&R0,&D);
+ ECP_cswap(&R0,&R1,b);
+ ECP_copy(&R1,P);
+ ECP_dbl(&R0);
+ ECP_cswap(&R0,&R1,b);
+ }
+ ECP_copy(P,&R0);
+
+#else
+ /* fixed size windows */
+ int i,nb,s,ns;
+ BIG mt,t;
+ ECP Q,W[8],C;
+ sign8 w[1+(NLEN*BASEBITS+3)/4];
+#if CURVETYPE==WEIERSTRASS
+ BIG work[8];
+#endif
+ if (ECP_isinf(P)) return;
+ if (BIG_iszilch(e))
+ {
+ ECP_inf(P);
+ return;
+ }
+
+ ECP_affine(P);
+
+ /* precompute table */
+
+ ECP_copy(&Q,P);
+ ECP_dbl(&Q);
+
+//printf("Q= ");ECP_output(&Q); printf("\n");
+
+ ECP_copy(&W[0],P);
+
+ for (i=1; i<8; i++)
+ {
+ ECP_copy(&W[i],&W[i-1]);
+ ECP_add(&W[i],&Q);
+ }
+
+//printf("W[1]= ");ECP_output(&W[1]); printf("\n");
+
+ /* convert the table to affine */
+#if CURVETYPE==WEIERSTRASS
+ ECP_multiaffine(8,W,work);
+#endif
+
+ /* make exponent odd - add 2P if even, P if odd */
+ BIG_copy(t,e);
+ s=BIG_parity(t);
+ BIG_inc(t,1);
+ BIG_norm(t);
+ ns=BIG_parity(t);
+ BIG_copy(mt,t);
+ BIG_inc(mt,1);
+ BIG_norm(mt);
+ BIG_cmove(t,mt,s);
+ ECP_cmove(&Q,P,ns);
+ ECP_copy(&C,&Q);
+
+ nb=1+(BIG_nbits(t)+3)/4;
+
+ /* convert exponent to signed 4-bit window */
+ for (i=0; i<nb; i++)
+ {
+ w[i]=BIG_lastbits(t,5)-16;
+ BIG_dec(t,w[i]);
+ BIG_norm(t);
+ BIG_fshr(t,4);
+ }
+ w[nb]=BIG_lastbits(t,5);
+
+ ECP_copy(P,&W[(w[nb]-1)/2]);
+ for (i=nb-1; i>=0; i--)
+ {
+ ECP_select(&Q,W,w[i]);
+ ECP_dbl(P);
+ ECP_dbl(P);
+ ECP_dbl(P);
+ ECP_dbl(P);
+ ECP_add(P,&Q);
+ }
+ ECP_sub(P,&C); /* apply correction */
+#endif
+ ECP_affine(P);
+}
+
+#if CURVETYPE!=MONTGOMERY
+/* Set P=eP+fQ double multiplication */
+/* constant time - as useful for GLV method in pairings */
+/* SU=456 */
+
+void ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f)
+{
+ BIG te,tf,mt;
+ ECP S,T,W[8],C;
+ sign8 w[1+(NLEN*BASEBITS+1)/2];
+ int i,a,b,s,ns,nb;
+#if CURVETYPE==WEIERSTRASS
+ BIG work[8];
+#endif
+
+ ECP_affine(P);
+ ECP_affine(Q);
+
+ BIG_copy(te,e);
+ BIG_copy(tf,f);
+
+ /* precompute table */
+ ECP_copy(&W[1],P);
+ ECP_sub(&W[1],Q); /* P+Q */
+ ECP_copy(&W[2],P);
+ ECP_add(&W[2],Q); /* P-Q */
+ ECP_copy(&S,Q);
+ ECP_dbl(&S); /* S=2Q */
+ ECP_copy(&W[0],&W[1]);
+ ECP_sub(&W[0],&S);
+ ECP_copy(&W[3],&W[2]);
+ ECP_add(&W[3],&S);
+ ECP_copy(&T,P);
+ ECP_dbl(&T); /* T=2P */
+ ECP_copy(&W[5],&W[1]);
+ ECP_add(&W[5],&T);
+ ECP_copy(&W[6],&W[2]);
+ ECP_add(&W[6],&T);
+ ECP_copy(&W[4],&W[5]);
+ ECP_sub(&W[4],&S);
+ ECP_copy(&W[7],&W[6]);
+ ECP_add(&W[7],&S);
+
+#if CURVETYPE==WEIERSTRASS
+ ECP_multiaffine(8,W,work);
+#endif
+
+ /* if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction */
+
+ s=BIG_parity(te);
+ BIG_inc(te,1);
+ BIG_norm(te);
+ ns=BIG_parity(te);
+ BIG_copy(mt,te);
+ BIG_inc(mt,1);
+ BIG_norm(mt);
+ BIG_cmove(te,mt,s);
+ ECP_cmove(&T,P,ns);
+ ECP_copy(&C,&T);
+
+ s=BIG_parity(tf);
+ BIG_inc(tf,1);
+ BIG_norm(tf);
+ ns=BIG_parity(tf);
+ BIG_copy(mt,tf);
+ BIG_inc(mt,1);
+ BIG_norm(mt);
+ BIG_cmove(tf,mt,s);
+ ECP_cmove(&S,Q,ns);
+ ECP_add(&C,&S);
+
+ BIG_add(mt,te,tf);
+ BIG_norm(mt);
+ nb=1+(BIG_nbits(mt)+1)/2;
+
+ /* convert exponent to signed 2-bit window */
+ for (i=0; i<nb; i++)
+ {
+ a=BIG_lastbits(te,3)-4;
+ BIG_dec(te,a);
+ BIG_norm(te);
+ BIG_fshr(te,2);
+ b=BIG_lastbits(tf,3)-4;
+ BIG_dec(tf,b);
+ BIG_norm(tf);
+ BIG_fshr(tf,2);
+ w[i]=4*a+b;
+ }
+ w[nb]=(4*BIG_lastbits(te,3)+BIG_lastbits(tf,3));
+
+ ECP_copy(P,&W[(w[nb]-1)/2]);
+ for (i=nb-1; i>=0; i--)
+ {
+ ECP_select(&T,W,w[i]);
+ ECP_dbl(P);
+ ECP_dbl(P);
+ ECP_add(P,&T);
+ }
+ ECP_sub(P,&C); /* apply correction */
+ ECP_affine(P);
+}
+
+#endif
+
+
+#ifdef HAS_MAIN
+
+int main()
+{
+ int i;
+ ECP G,P;
+ csprng RNG;
+ BIG r,s,x,y,b,m,w,q;
+ BIG_rcopy(x,CURVE_Gx);
+#if CURVETYPE!=MONTGOMERY
+ BIG_rcopy(y,CURVE_Gy);
+#endif
+ BIG_rcopy(m,Modulus);
+
+ printf("x= ");
+ BIG_output(x);
+ printf("\n");
+#if CURVETYPE!=MONTGOMERY
+ printf("y= ");
+ BIG_output(y);
+ printf("\n");
+#endif
+ RNG_seed(&RNG,3,"abc");
+
+#if CURVETYPE!=MONTGOMERY
+ ECP_set(&G,x,y);
+#else
+ ECP_set(&G,x);
+#endif
+ if (ECP_isinf(&G)) printf("Failed to set - point not on curve\n");
+ else printf("set success\n");
+
+ ECP_output(&G);
+
+ BIG_rcopy(r,CURVE_Order); //BIG_dec(r,7);
+ printf("r= ");
+ BIG_output(r);
+ printf("\n");
+
+ ECP_copy(&P,&G);
+
+ ECP_mul(&P,r);
+
+ ECP_output(&P);
+//exit(0);
+ BIG_randomnum(w,&RNG);
+ BIG_mod(w,r);
+
+ ECP_copy(&P,&G);
+ ECP_mul(&P,w);
+
+ ECP_output(&P);
+
+ return 0;
+}
+
+#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/ecp2.c
----------------------------------------------------------------------
diff --git a/version22/c/ecp2.c b/version22/c/ecp2.c
new file mode 100644
index 0000000..4808569
--- /dev/null
+++ b/version22/c/ecp2.c
@@ -0,0 +1,696 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL Weierstrass elliptic curve functions over FP2 */
+/* SU=m, m is Stack Usage */
+
+#include "amcl.h"
+
+int ECP2_isinf(ECP2 *P)
+{
+ return P->inf;
+}
+
+/* Set P=Q */
+/* SU= 16 */
+void ECP2_copy(ECP2 *P,ECP2 *Q)
+{
+ P->inf=Q->inf;
+ FP2_copy(&(P->x),&(Q->x));
+ FP2_copy(&(P->y),&(Q->y));
+ FP2_copy(&(P->z),&(Q->z));
+}
+
+/* set P to Infinity */
+/* SU= 8 */
+void ECP2_inf(ECP2 *P)
+{
+ P->inf=1;
+ FP2_zero(&(P->x));
+ FP2_zero(&(P->y));
+ FP2_zero(&(P->z));
+}
+
+/* Conditional move Q to P dependant on d */
+static void ECP2_cmove(ECP2 *P,ECP2 *Q,int d)
+{
+ FP2_cmove(&(P->x),&(Q->x),d);
+ FP2_cmove(&(P->y),&(Q->y),d);
+ FP2_cmove(&(P->z),&(Q->z),d);
+ d=~(d-1);
+ P->inf^=(P->inf^Q->inf)&d;
+}
+
+/* return 1 if b==c, no branching */
+static int teq(sign32 b,sign32 c)
+{
+ sign32 x=b^c;
+ x-=1; // if x=0, x now -1
+ return (int)((x>>31)&1);
+}
+
+/* Constant time select from pre-computed table */
+static void ECP2_select(ECP2 *P,ECP2 W[],sign32 b)
+{
+ ECP2 MP;
+ sign32 m=b>>31;
+ sign32 babs=(b^m)-m;
+
+ babs=(babs-1)/2;
+
+ ECP2_cmove(P,&W[0],teq(babs,0)); // conditional move
+ ECP2_cmove(P,&W[1],teq(babs,1));
+ ECP2_cmove(P,&W[2],teq(babs,2));
+ ECP2_cmove(P,&W[3],teq(babs,3));
+ ECP2_cmove(P,&W[4],teq(babs,4));
+ ECP2_cmove(P,&W[5],teq(babs,5));
+ ECP2_cmove(P,&W[6],teq(babs,6));
+ ECP2_cmove(P,&W[7],teq(babs,7));
+
+ ECP2_copy(&MP,P);
+ ECP2_neg(&MP); // minus P
+ ECP2_cmove(P,&MP,(int)(m&1));
+}
+
+/* return 1 if P==Q, else 0 */
+/* SU= 312 */
+int ECP2_equals(ECP2 *P,ECP2 *Q)
+{
+ FP2 pz2,qz2,a,b;
+ if (P->inf && Q->inf) return 1;
+ if (P->inf || Q->inf) return 0;
+
+ FP2_sqr(&pz2,&(P->z));
+ FP2_sqr(&qz2,&(Q->z));
+
+ FP2_mul(&a,&(P->x),&qz2);
+ FP2_mul(&b,&(Q->x),&pz2);
+ if (!FP2_equals(&a,&b)) return 0;
+
+ FP2_mul(&a,&(P->y),&qz2);
+ FP2_mul(&a,&a,&(Q->z));
+ FP2_mul(&b,&(Q->y),&pz2);
+ FP2_mul(&b,&b,&(P->z));
+ if (!FP2_equals(&a,&b)) return 0;
+ return 1;
+}
+
+/* Make P affine (so z=1) */
+/* SU= 232 */
+void ECP2_affine(ECP2 *P)
+{
+ FP2 one,iz,izn;
+ if (P->inf) return;
+
+ FP2_one(&one);
+ if (FP2_isunity(&(P->z)))
+ {
+ FP2_reduce(&(P->x));
+ FP2_reduce(&(P->y));
+ return;
+ }
+
+ FP2_inv(&iz,&(P->z));
+ FP2_sqr(&izn,&iz);
+ FP2_mul(&(P->x),&(P->x),&izn);
+ FP2_mul(&izn,&izn,&iz);
+ FP2_mul(&(P->y),&(P->y),&izn);
+
+ FP2_reduce(&(P->x));
+ FP2_reduce(&(P->y));
+ FP2_copy(&(P->z),&one);
+}
+
+/* extract x, y from point P */
+/* SU= 16 */
+int ECP2_get(FP2 *x,FP2 *y,ECP2 *P)
+{
+ if (P->inf) return -1;
+ ECP2_affine(P);
+ FP2_copy(y,&(P->y));
+ FP2_copy(x,&(P->x));
+ return 0;
+}
+
+/* SU= 152 */
+/* Output point P */
+void ECP2_output(ECP2 *P)
+{
+ FP2 x,y;
+ if (P->inf)
+ {
+ printf("Infinity\n");
+ return;
+ }
+ ECP2_get(&x,&y,P);
+ printf("(");
+ FP2_output(&x);
+ printf(",");
+ FP2_output(&y);
+ printf(")\n");
+}
+
+/* SU= 232 */
+void ECP2_outputxyz(ECP2 *P)
+{
+ ECP2 Q;
+ if (P->inf)
+ {
+ printf("Infinity\n");
+ return;
+ }
+ ECP2_copy(&Q,P);
+ printf("(");
+ FP2_output(&(Q.x));
+ printf(",");
+ FP2_output(&(Q.y));
+ printf(",");
+ FP2_output(&(Q.z));
+ printf(")\n");
+}
+
+/* SU= 168 */
+/* Convert Q to octet string */
+void ECP2_toOctet(octet *W,ECP2 *Q)
+{
+ FP2 qx,qy;
+ ECP2_get(&qx,&qy,Q);
+ FP_redc(qx.a);
+ FP_redc(qx.b);
+ FP_redc(qy.a);
+ FP_redc(qy.b);
+ W->len=4*MODBYTES;
+
+ BIG_toBytes(&(W->val[0]),qx.a);
+ BIG_toBytes(&(W->val[MODBYTES]),qx.b);
+ BIG_toBytes(&(W->val[2*MODBYTES]),qy.a);
+ BIG_toBytes(&(W->val[3*MODBYTES]),qy.b);
+}
+
+/* SU= 176 */
+/* restore Q from octet string */
+int ECP2_fromOctet(ECP2 *Q,octet *W)
+{
+ FP2 qx,qy;
+ BIG_fromBytes(qx.a,&(W->val[0]));
+ BIG_fromBytes(qx.b,&(W->val[MODBYTES]));
+ BIG_fromBytes(qy.a,&(W->val[2*MODBYTES]));
+ BIG_fromBytes(qy.b,&(W->val[3*MODBYTES]));
+ FP_nres(qx.a);
+ FP_nres(qx.b);
+ FP_nres(qy.a);
+ FP_nres(qy.b);
+
+ if (ECP2_set(Q,&qx,&qy)) return 1;
+ return 0;
+}
+
+/* SU= 128 */
+/* Calculate RHS of twisted curve equation x^3+B/i */
+void ECP2_rhs(FP2 *rhs,FP2 *x)
+{
+ /* calculate RHS of elliptic curve equation */
+ FP2 t;
+ BIG b;
+ FP2_sqr(&t,x);
+
+ FP2_mul(rhs,&t,x);
+
+ /* Assuming CURVE_A=0 */
+
+ BIG_rcopy(b,CURVE_B);
+
+ FP2_from_BIG(&t,b);
+
+ FP2_div_ip(&t); /* IMPORTANT - here we use the SEXTIC twist of the curve */
+
+ FP2_add(rhs,&t,rhs);
+ FP2_reduce(rhs);
+}
+
+
+/* Set P=(x,y). Return 1 if (x,y) is on the curve, else return 0*/
+/* SU= 232 */
+int ECP2_set(ECP2 *P,FP2 *x,FP2 *y)
+{
+ FP2 one,rhs,y2;
+ FP2_copy(&y2,y);
+
+ FP2_sqr(&y2,&y2);
+ ECP2_rhs(&rhs,x);
+
+ if (!FP2_equals(&y2,&rhs))
+ {
+
+ P->inf=1;
+ return 0;
+ }
+
+ P->inf=0;
+ FP2_copy(&(P->x),x);
+ FP2_copy(&(P->y),y);
+
+ FP2_one(&one);
+ FP2_copy(&(P->z),&one);
+ return 1;
+}
+
+/* Set P=(x,y). Return 1 if (x,.) is on the curve, else return 0 */
+/* SU= 232 */
+int ECP2_setx(ECP2 *P,FP2 *x)
+{
+ FP2 y;
+ ECP2_rhs(&y,x);
+
+ if (!FP2_sqrt(&y,&y))
+ {
+ P->inf=1;
+ return 0;
+ }
+
+ P->inf=0;
+ FP2_copy(&(P->x),x);
+ FP2_copy(&(P->y),&y);
+ FP2_one(&(P->z));
+ return 1;
+}
+
+/* Set P=-P */
+/* SU= 8 */
+void ECP2_neg(ECP2 *P)
+{
+ FP2_neg(&(P->y),&(P->y));
+ FP2_norm(&(P->y));
+}
+
+/* R+=R */
+/* return -1 for Infinity, 0 for addition, 1 for doubling */
+/* SU= 448 */
+int ECP2_dbl(ECP2 *P)
+{
+ FP2 w1,w7,w8,w2,w3;
+ if (P->inf) return -1;
+
+ if (FP2_iszilch(&(P->y)))
+ {
+ P->inf=1;
+ return -1;
+ }
+
+ /* Assuming A=0 */
+ FP2_sqr(&w1,&(P->x));
+ FP2_imul(&w8,&w1,3);
+
+ FP2_sqr(&w2,&(P->y));
+ FP2_mul(&w3,&(P->x),&w2);
+ FP2_imul(&w3,&w3,4);
+
+ FP2_neg(&w1,&w3);
+
+ FP2_norm(&w1);
+
+ FP2_sqr(&(P->x),&w8);
+ FP2_add(&(P->x),&(P->x),&w1);
+ FP2_add(&(P->x),&(P->x),&w1);
+
+ FP2_norm(&(P->x));
+
+ if (FP2_isunity(&(P->z))) FP2_copy(&(P->z),&(P->y));
+ else FP2_mul(&(P->z),&(P->z),&(P->y));
+ FP2_add(&(P->z),&(P->z),&(P->z));
+
+ FP2_add(&w7,&w2,&w2);
+ FP2_sqr(&w2,&w7);
+
+ FP2_add(&w2,&w2,&w2);
+ FP2_sub(&w3,&w3,&(P->x));
+ FP2_mul(&(P->y),&w8,&w3);
+ FP2_sub(&(P->y),&(P->y),&w2);
+
+
+ FP2_norm(&(P->y));
+ FP2_norm(&(P->z));
+
+ return 1;
+}
+
+/* Set P+=Q */
+/* SU= 400 */
+int ECP2_add(ECP2 *P,ECP2 *Q)
+{
+ int aff;
+ FP2 B,D,E,C,A;
+ if (Q->inf) return 0;
+ if (P->inf)
+ {
+ ECP2_copy(P,Q);
+ return 0;
+ }
+
+ aff=1;
+ if (!FP2_isunity(&(Q->z))) aff=0;
+
+ if (!aff)
+ {
+ FP2_sqr(&A,&(Q->z));
+ FP2_mul(&C,&A,&(Q->z));
+
+ FP2_sqr(&B,&(P->z));
+ FP2_mul(&D,&B,&(P->z));
+
+ FP2_mul(&A,&(P->x),&A);
+ FP2_mul(&C,&(P->y),&C);
+ }
+ else
+ {
+ FP2_copy(&A,&(P->x));
+ FP2_copy(&C,&(P->y));
+
+ FP2_sqr(&B,&(P->z));
+ FP2_mul(&D,&B,&(P->z));
+ }
+
+ FP2_mul(&B,&(Q->x),&B);
+ FP2_sub(&B,&B,&A); /* B=Qx.z^2-x.Qz^2 */
+ FP2_mul(&D,&(Q->y),&D);
+ FP2_sub(&D,&D,&C); /* D=Qy.z^3-y.Qz^3 */
+
+ if (FP2_iszilch(&B))
+ {
+ if (FP2_iszilch(&D))
+ {
+ ECP2_dbl(P);
+ return 1;
+ }
+ else
+ {
+ ECP2_inf(P);
+ return -1;
+ }
+ }
+ if (!aff) FP2_mul(&(P->z),&(P->z),&(Q->z));
+ FP2_mul(&(P->z),&(P->z),&B);
+
+ FP2_sqr(&E,&B);
+ FP2_mul(&B,&B,&E);
+ FP2_mul(&A,&A,&E);
+
+ FP2_add(&E,&A,&A);
+ FP2_add(&E,&E,&B);
+
+ FP2_sqr(&(P->x),&D);
+ FP2_sub(&(P->x),&(P->x),&E);
+
+ FP2_sub(&A,&A,&(P->x));
+ FP2_mul(&(P->y),&A,&D);
+ FP2_mul(&C,&C,&B);
+ FP2_sub(&(P->y),&(P->y),&C);
+
+ FP2_norm(&(P->x));
+ FP2_norm(&(P->y));
+ FP2_norm(&(P->z));
+
+ return 0;
+}
+
+/* Set P-=Q */
+/* SU= 16 */
+void ECP2_sub(ECP2 *P,ECP2 *Q)
+{
+ ECP2_neg(Q);
+ ECP2_add(P,Q);
+ ECP2_neg(Q);
+}
+
+/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
+/* SU= 200 */
+static void ECP2_multiaffine(int m,ECP2 *P,FP2 *work)
+{
+ int i;
+ FP2 t1,t2;
+
+ FP2_one(&work[0]);
+ FP2_copy(&work[1],&(P[0].z));
+ for (i=2; i<m; i++)
+ FP2_mul(&work[i],&work[i-1],&(P[i-1].z));
+ FP2_mul(&t1,&work[m-1],&(P[m-1].z));
+
+ FP2_inv(&t1,&t1);
+
+ FP2_copy(&t2,&(P[m-1].z));
+ FP2_mul(&work[m-1],&work[m-1],&t1);
+
+ for (i=m-2;; i--)
+ {
+ if (i==0)
+ {
+ FP2_mul(&work[0],&t1,&t2);
+ break;
+ }
+ FP2_mul(&work[i],&work[i],&t2);
+ FP2_mul(&work[i],&work[i],&t1);
+ FP2_mul(&t2,&(P[i].z),&t2);
+ }
+ /* now work[] contains inverses of all Z coordinates */
+
+ for (i=0; i<m; i++)
+ {
+ FP2_one(&(P[i].z));
+ FP2_sqr(&t1,&work[i]);
+ FP2_mul(&(P[i].x),&(P[i].x),&t1);
+ FP2_mul(&t1,&work[i],&t1);
+ FP2_mul(&(P[i].y),&(P[i].y),&t1);
+ }
+}
+
+/* P*=e */
+/* SU= 280 */
+void ECP2_mul(ECP2 *P,BIG e)
+{
+ /* fixed size windows */
+ int i,nb,s,ns;
+ BIG mt,t;
+ ECP2 Q,W[8],C;
+ sign8 w[1+(NLEN*BASEBITS+3)/4];
+ FP2 work[8];
+
+ if (ECP2_isinf(P)) return;
+ ECP2_affine(P);
+
+
+ /* precompute table */
+
+ ECP2_copy(&Q,P);
+ ECP2_dbl(&Q);
+ ECP2_copy(&W[0],P);
+
+ for (i=1; i<8; i++)
+ {
+ ECP2_copy(&W[i],&W[i-1]);
+ ECP2_add(&W[i],&Q);
+ }
+
+ /* convert the table to affine */
+
+ ECP2_multiaffine(8,W,work);
+
+ /* make exponent odd - add 2P if even, P if odd */
+ BIG_copy(t,e);
+ s=BIG_parity(t);
+ BIG_inc(t,1);
+ BIG_norm(t);
+ ns=BIG_parity(t);
+ BIG_copy(mt,t);
+ BIG_inc(mt,1);
+ BIG_norm(mt);
+ BIG_cmove(t,mt,s);
+ ECP2_cmove(&Q,P,ns);
+ ECP2_copy(&C,&Q);
+
+ nb=1+(BIG_nbits(t)+3)/4;
+
+ /* convert exponent to signed 4-bit window */
+ for (i=0; i<nb; i++)
+ {
+ w[i]=BIG_lastbits(t,5)-16;
+ BIG_dec(t,w[i]);
+ BIG_norm(t);
+ BIG_fshr(t,4);
+ }
+ w[nb]=BIG_lastbits(t,5);
+
+ ECP2_copy(P,&W[(w[nb]-1)/2]);
+ for (i=nb-1; i>=0; i--)
+ {
+ ECP2_select(&Q,W,w[i]);
+ ECP2_dbl(P);
+ ECP2_dbl(P);
+ ECP2_dbl(P);
+ ECP2_dbl(P);
+ ECP2_add(P,&Q);
+ }
+ ECP2_sub(P,&C); /* apply correction */
+ ECP2_affine(P);
+}
+
+/* Calculates q.P using Frobenius constant X */
+/* SU= 96 */
+void ECP2_frob(ECP2 *P,FP2 *X)
+{
+ FP2 X2;
+ if (P->inf) return;
+ FP2_sqr(&X2,X);
+ FP2_conj(&(P->x),&(P->x));
+ FP2_conj(&(P->y),&(P->y));
+ FP2_conj(&(P->z),&(P->z));
+ FP2_reduce(&(P->z));
+
+ FP2_mul(&(P->x),&X2,&(P->x));
+ FP2_mul(&(P->y),&X2,&(P->y));
+ FP2_mul(&(P->y),X,&(P->y));
+}
+
+void ECP2_mul4(ECP2 *P,ECP2 Q[4],BIG u[4])
+{
+ int i,j,a[4],nb;
+ ECP2 W[8],T,C;
+ BIG mt,t[4];
+ FP2 work[8];
+ sign8 w[NLEN*BASEBITS+1];
+
+ for (i=0; i<4; i++)
+ {
+ BIG_copy(t[i],u[i]);
+ ECP2_affine(&Q[i]);
+ }
+
+ /* precompute table */
+
+ ECP2_copy(&W[0],&Q[0]);
+ ECP2_sub(&W[0],&Q[1]); /* P-Q */
+ ECP2_copy(&W[1],&W[0]);
+ ECP2_copy(&W[2],&W[0]);
+ ECP2_copy(&W[3],&W[0]);
+ ECP2_copy(&W[4],&Q[0]);
+ ECP2_add(&W[4],&Q[1]); /* P+Q */
+ ECP2_copy(&W[5],&W[4]);
+ ECP2_copy(&W[6],&W[4]);
+ ECP2_copy(&W[7],&W[4]);
+
+ ECP2_copy(&T,&Q[2]);
+ ECP2_sub(&T,&Q[3]); /* R-S */
+ ECP2_sub(&W[1],&T);
+ ECP2_add(&W[2],&T);
+ ECP2_sub(&W[5],&T);
+ ECP2_add(&W[6],&T);
+ ECP2_copy(&T,&Q[2]);
+ ECP2_add(&T,&Q[3]); /* R+S */
+ ECP2_sub(&W[0],&T);
+ ECP2_add(&W[3],&T);
+ ECP2_sub(&W[4],&T);
+ ECP2_add(&W[7],&T);
+
+ ECP2_multiaffine(8,W,work);
+
+ /* if multiplier is even add 1 to multiplier, and add P to correction */
+ ECP2_inf(&C);
+
+ BIG_zero(mt);
+ for (i=0; i<4; i++)
+ {
+ if (BIG_parity(t[i])==0)
+ {
+ BIG_inc(t[i],1);
+ BIG_norm(t[i]);
+ ECP2_add(&C,&Q[i]);
+ }
+ BIG_add(mt,mt,t[i]);
+ BIG_norm(mt);
+ }
+
+ nb=1+BIG_nbits(mt);
+
+ /* convert exponent to signed 1-bit window */
+ for (j=0; j<nb; j++)
+ {
+ for (i=0; i<4; i++)
+ {
+ a[i]=BIG_lastbits(t[i],2)-2;
+ BIG_dec(t[i],a[i]);
+ BIG_norm(t[i]);
+ BIG_fshr(t[i],1);
+ }
+ w[j]=8*a[0]+4*a[1]+2*a[2]+a[3];
+ }
+ w[nb]=8*BIG_lastbits(t[0],2)+4*BIG_lastbits(t[1],2)+2*BIG_lastbits(t[2],2)+BIG_lastbits(t[3],2);
+
+ ECP2_copy(P,&W[(w[nb]-1)/2]);
+ for (i=nb-1; i>=0; i--)
+ {
+ ECP2_select(&T,W,w[i]);
+ ECP2_dbl(P);
+ ECP2_add(P,&T);
+ }
+ ECP2_sub(P,&C); /* apply correction */
+
+ ECP2_affine(P);
+}
+
+/*
+
+int main()
+{
+ int i;
+ ECP2 G,P;
+ ECP2 *W;
+ FP2 x,y,w,z,f;
+ BIG r,xa,xb,ya,yb;
+
+ BIG_rcopy(xa,CURVE_Pxa);
+ BIG_rcopy(xb,CURVE_Pxb);
+ BIG_rcopy(ya,CURVE_Pya);
+ BIG_rcopy(yb,CURVE_Pyb);
+
+ FP2_from_BIGs(&x,xa,xb);
+ FP2_from_BIGs(&y,ya,yb);
+ ECP2_set(&G,&x,&y);
+ if (G.inf) printf("Failed to set - point not on curve\n");
+ else printf("set success\n");
+
+ ECP2_output(&G);
+
+// BIG_copy(r,CURVE_Order);
+ BIG_rcopy(r,Modulus);
+
+ ECP2_copy(&P,&G);
+
+ ECP2_mul(&P,r);
+
+ ECP2_output(&P);
+
+ FP2_gfc(&f,12);
+
+ ECP2_frob(&G,&f);
+
+ ECP2_output(&G);
+
+ return 0;
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/faster.c
----------------------------------------------------------------------
diff --git a/version22/c/faster.c b/version22/c/faster.c
new file mode 100644
index 0000000..7786880
--- /dev/null
+++ b/version22/c/faster.c
@@ -0,0 +1,98 @@
+
+#include <stdio.h>
+#include "amcl.h"
+
+#ifdef COMBA
+
+int main()
+{
+ int i,j,k,N;
+
+ N=NLEN;
+
+
+ printf("Insert this code in BIG_mul() in file big.c between #define UNWOUND and #else \n\n");
+
+ for (i=0;i<N;i++)
+ printf("\td[%d]=(dchunk)a[%d]*b[%d];\n",i,i,i);
+
+ printf("\n\ts=d[0];\n\tt = s; c[0]=(chunk)t&BMASK; co=t>>BASEBITS;\n");
+
+ for (k=1;k<N;k++)
+ {
+ printf("\ts+=d[%d]; t=co+s ",k);
+ for (i=k;i>=1+k/2;i--)
+ printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
+ printf("; c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n",k);
+ }
+ printf("\n");
+ for (k=N;k<2*N-1;k++)
+ {
+ printf("\ts-=d[%d]; t=co+s ",k-N);
+ for (i=N-1;i>=1+k/2;i--)
+ printf("+(dchunk)(a[%d]-a[%d])*(b[%d]-b[%d])",i,k-i,k-i,i);
+ printf("; c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n",k);
+ }
+ printf("\tc[%d]=(chunk)co;\n",2*N-1);
+
+
+
+ printf("\nInsert this code in BIG_sqr() in file big.c between #define UNWOUND and #else \n\n");
+
+ printf("\n\tt=(dchunk)a[0]*a[0]; c[0]=(chunk)t&BMASK; co=t>>BASEBITS;\n");
+
+ for (k=1;k<N;k++)
+ {
+ printf("\tt= ",k);
+ for (i=k;i>=1+k/2;i--)
+ printf("+(dchunk)a[%d]*a[%d]",i,k-i);
+ printf("; t+=t; t+=co;");
+ if (k%2==0) printf(" t+=(dchunk)a[%d]*a[%d];",k/2,k/2);
+ printf(" c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n", k);
+ }
+ printf("\n");
+
+ for (k=N;k<2*N-2;k++)
+ {
+ printf("\tt= ",k-N);
+ for (i=N-1;i>=1+k/2;i--)
+ printf("+(dchunk)a[%d]*a[%d]",i,k-i);
+ printf("; t+=t; t+=co;");
+ if (k%2==0) printf(" t+=(dchunk)a[%d]*a[%d];",k/2,k/2);
+ printf(" c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n", k);
+ }
+ printf("\tt=co; t+=(dchunk)a[%d]*a[%d]; c[%d]=(chunk)t&BMASK; co=t>>BASEBITS; \n ",N-1,N-1,2*N-2);
+
+ printf("\tc[%d]=(chunk)co;\n",2*N-1);
+
+
+#if MODTYPE == NOT_SPECIAL
+
+ printf("\nInsert this code in BIG_monty() in file big.c between #define UNWOUND and #else \n\n");
+
+ printf("\tt=d[0]; v[0]=((chunk)t*MC)&BMASK; t+=(dchunk)v[0]*md[0]; s=0; c=(t>>BASEBITS);\n\n");
+
+ for (k=1;k<N;k++)
+ {
+ printf("\tt=d[%d]+c+s+(dchunk)v[0]*md[%d]",k,k);
+ for (i=k-1;i>k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
+ printf("; v[%d]=((chunk)t*MC)&BMASK; t+=(dchunk)v[%d]*md[0]; ",k,k);
+ printf(" dd[%d]=(dchunk)v[%d]*md[%d]; s+=dd[%d]; c=(t>>BASEBITS); \n",k,k,k,k);
+ }
+ printf("\n");
+ for (k=N;k<2*N-1;k++)
+ {
+ printf("\tt=d[%d]+c+s",k);
+ for (i=N-1;i>=1+k/2;i--) printf("+(dchunk)(v[%d]-v[%d])*(md[%d]-md[%d])",k-i,i,i,k-i);
+ printf("; a[%d]=(chunk)t&BMASK; s-=dd[%d]; c=(t>>BASEBITS); \n",k-N,k-N+1);
+ }
+ printf("\ta[%d]=d[%d]+(chunk)c&BMASK;\n",N-1,2*N-1);
+
+
+#endif
+
+}
+
+#endif
+
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/faster.txt
----------------------------------------------------------------------
diff --git a/version22/c/faster.txt b/version22/c/faster.txt
new file mode 100644
index 0000000..6995eab
--- /dev/null
+++ b/version22/c/faster.txt
@@ -0,0 +1,25 @@
+We assume than optimizing compilers will unwind loops at every opportunity.
+
+But sometimes they don't. So time-critical code will run faster if we step
+in and unwind complex loops for the compiler.
+
+Once the architecture and ECC/RSA support is decided upon (that is amcl.h
+and arch.h are settled), then compile and execute the program faster.c like
+this (using MinGW port of GCC as an example), in the same directory as
+arch.h and amcl.h
+
+gcc -O2 -std=c99 faster.c -o faster.exe
+faster > t.txt
+
+Now extract the code fragments from t.txt and insert them where indicated
+into big.c
+
+Finally make sure that
+
+#define UNWOUND
+
+appears somewhere in amcl.h
+
+Finally build the library as normal, and maybe get a 50% speed-up!
+If there is no significant improvement, don't use this method!
+
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/ff.c
----------------------------------------------------------------------
diff --git a/version22/c/ff.c b/version22/c/ff.c
new file mode 100644
index 0000000..3ae7029
--- /dev/null
+++ b/version22/c/ff.c
@@ -0,0 +1,1150 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL basic functions for Large Finite Field support */
+
+#include "amcl.h"
+
+/* Arazi and Qi inversion mod 256 */
+static int invmod256(int a)
+{
+ int U,t1,t2,b,c;
+ t1=0;
+ c=(a>>1)&1;
+ t1+=c;
+ t1&=1;
+ t1=2-t1;
+ t1<<=1;
+ U=t1+1;
+
+// i=2
+ b=a&3;
+ t1=U*b;
+ t1>>=2;
+ c=(a>>2)&3;
+ t2=(U*c)&3;
+ t1+=t2;
+ t1*=U;
+ t1&=3;
+ t1=4-t1;
+ t1<<=2;
+ U+=t1;
+
+// i=4
+ b=a&15;
+ t1=U*b;
+ t1>>=4;
+ c=(a>>4)&15;
+ t2=(U*c)&15;
+ t1+=t2;
+ t1*=U;
+ t1&=15;
+ t1=16-t1;
+ t1<<=4;
+ U+=t1;
+
+ return U;
+}
+
+/* a=1/a mod 2^BIGBITS. This is very fast! */
+void BIG_invmod2m(BIG a)
+{
+ int i;
+ BIG U,t1,b,c;
+ BIG_zero(U);
+ BIG_inc(U,invmod256(BIG_lastbits(a,8)));
+ for (i=8; i<BIGBITS; i<<=1)
+ {
+ BIG_copy(b,a);
+ BIG_mod2m(b,i); // bottom i bits of a
+
+ BIG_smul(t1,U,b);
+ BIG_shr(t1,i); // top i bits of U*b
+
+ BIG_copy(c,a);
+ BIG_shr(c,i);
+ BIG_mod2m(c,i); // top i bits of a
+
+ BIG_smul(b,U,c);
+ BIG_mod2m(b,i); // bottom i bits of U*c
+
+ BIG_add(t1,t1,b);
+ BIG_smul(b,t1,U);
+ BIG_copy(t1,b); // (t1+b)*U
+ BIG_mod2m(t1,i); // bottom i bits of (t1+b)*U
+
+ BIG_one(b);
+ BIG_shl(b,i);
+ BIG_sub(t1,b,t1);
+ BIG_norm(t1);
+
+ BIG_shl(t1,i);
+
+ BIG_add(U,U,t1);
+ }
+ BIG_copy(a,U);
+ BIG_norm(a);
+ BIG_mod2m(a,BIGBITS);
+}
+
+/*
+void FF_rcopy(BIG x[],const BIG y[],int n)
+{
+ int i;
+ for (i=0;i<n;i++)
+ BIG_rcopy(x[i],y[i]);
+}
+*/
+
+/* x=y */
+void FF_copy(BIG x[],BIG y[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_copy(x[i],y[i]);
+}
+
+/* x=y<<n */
+static void FF_dsucopy(BIG x[],BIG y[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ {
+ BIG_copy(x[n+i],y[i]);
+ BIG_zero(x[i]);
+ }
+}
+
+/* x=y */
+static void FF_dscopy(BIG x[],BIG y[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ {
+ BIG_copy(x[i],y[i]);
+ BIG_zero(x[n+i]);
+ }
+}
+
+/* x=y>>n */
+static void FF_sducopy(BIG x[],BIG y[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_copy(x[i],y[n+i]);
+}
+
+/* set to zero */
+void FF_zero(BIG x[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_zero(x[i]);
+}
+
+/* test equals 0 */
+int FF_iszilch(BIG x[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ if (!BIG_iszilch(x[i])) return 0;
+ return 1;
+}
+
+/* shift right by BIGBITS-bit words */
+static void FF_shrw(BIG a[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ {
+ BIG_copy(a[i],a[i+n]);
+ BIG_zero(a[i+n]);
+ }
+}
+
+/* shift left by BIGBITS-bit words */
+static void FF_shlw(BIG a[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ {
+ BIG_copy(a[i+n],a[i]);
+ BIG_zero(a[i]);
+ }
+}
+
+/* extract last bit */
+int FF_parity(BIG x[])
+{
+ return BIG_parity(x[0]);
+}
+
+/* extract last m bits */
+int FF_lastbits(BIG x[],int m)
+{
+ return BIG_lastbits(x[0],m);
+}
+
+/* x=1 */
+void FF_one(BIG x[],int n)
+{
+ int i;
+ BIG_one(x[0]);
+ for (i=1; i<n; i++)
+ BIG_zero(x[i]);
+}
+
+/* x=m, where m is 32-bit int */
+void FF_init(BIG x[],sign32 m,int n)
+{
+ int i;
+ BIG_zero(x[0]);
+#if CHUNK<64
+ x[0][0]=(chunk)(m&BMASK);
+ x[0][1]=(chunk)(m>>BASEBITS);
+#else
+ x[0][0]=(chunk)m;
+#endif
+ for (i=1; i<n; i++)
+ BIG_zero(x[i]);
+}
+
+/* compare x and y - must be normalised */
+int FF_comp(BIG x[],BIG y[],int n)
+{
+ int i,j;
+ for (i=n-1; i>=0; i--)
+ {
+ j=BIG_comp(x[i],y[i]);
+ if (j!=0) return j;
+ }
+ return 0;
+}
+
+/* recursive add */
+static void FF_radd(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_add(z[zp+i],x[xp+i],y[yp+i]);
+}
+
+/* recursive inc */
+static void FF_rinc(BIG z[],int zp,BIG y[],int yp,int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_add(z[zp+i],z[zp+i],y[yp+i]);
+}
+
+/* recursive sub */
+/*
+static void FF_rsub(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,int n)
+{
+ int i;
+ for (i=0;i<n;i++)
+ BIG_sub(z[zp+i],x[xp+i],y[yp+i]);
+}
+*/
+
+/* recursive dec */
+static void FF_rdec(BIG z[],int zp,BIG y[],int yp,int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_sub(z[zp+i],z[zp+i],y[yp+i]);
+}
+
+/* simple add */
+void FF_add(BIG z[],BIG x[],BIG y[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_add(z[i],x[i],y[i]);
+}
+
+/* simple sub */
+void FF_sub(BIG z[],BIG x[],BIG y[],int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_sub(z[i],x[i],y[i]);
+}
+
+/* increment/decrement by a small integer */
+void FF_inc(BIG x[],int m,int n)
+{
+ BIG_inc(x[0],m);
+ FF_norm(x,n);
+}
+
+void FF_dec(BIG x[],int m,int n)
+{
+ BIG_dec(x[0],m);
+ FF_norm(x,n);
+}
+
+/* normalise - but hold any overflow in top part unless n<0 */
+static void FF_rnorm(BIG z[],int zp,int n)
+{
+ int i,trunc=0;
+ chunk carry;
+ if (n<0)
+ {
+ /* -v n signals to do truncation */
+ n=-n;
+ trunc=1;
+ }
+ for (i=0; i<n-1; i++)
+ {
+ carry=BIG_norm(z[zp+i]);
+
+ z[zp+i][NLEN-1]^=carry<<P_TBITS; /* remove it */
+ z[zp+i+1][0]+=carry;
+ }
+ carry=BIG_norm(z[zp+n-1]);
+ if (trunc) z[zp+n-1][NLEN-1]^=carry<<P_TBITS;
+}
+
+void FF_norm(BIG z[],int n)
+{
+ FF_rnorm(z,0,n);
+}
+
+/* shift left by one bit */
+void FF_shl(BIG x[],int n)
+{
+ int i;
+ int carry,delay_carry=0;
+ for (i=0; i<n-1; i++)
+ {
+ carry=BIG_fshl(x[i],1);
+ x[i][0]|=delay_carry;
+ x[i][NLEN-1]^=(chunk)carry<<P_TBITS;
+ delay_carry=carry;
+ }
+ BIG_fshl(x[n-1],1);
+ x[n-1][0]|=delay_carry;
+}
+
+/* shift right by one bit */
+void FF_shr(BIG x[],int n)
+{
+ int i;
+ int carry;
+ for (i=n-1; i>0; i--)
+ {
+ carry=BIG_fshr(x[i],1);
+ x[i-1][NLEN-1]|=(chunk)carry<<P_TBITS;
+ }
+ BIG_fshr(x[0],1);
+}
+
+void FF_output(BIG x[],int n)
+{
+ int i;
+ FF_norm(x,n);
+ for (i=n-1; i>=0; i--)
+ {
+ BIG_output(x[i]);
+ printf(" ");
+ }
+}
+
+void FF_rawoutput(BIG x[],int n)
+{
+ int i;
+ for (i=n-1; i>=0; i--)
+ {
+ BIG_rawoutput(x[i]);
+ printf(" ");
+ }
+}
+
+/* Convert FFs to/from octet strings */
+void FF_toOctet(octet *w,BIG x[],int n)
+{
+ int i;
+ w->len=n*MODBYTES;
+ for (i=0; i<n; i++)
+ {
+ BIG_toBytes(&(w->val[(n-i-1)*MODBYTES]),x[i]);
+ }
+}
+
+void FF_fromOctet(BIG x[],octet *w,int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ {
+ BIG_fromBytes(x[i],&(w->val[(n-i-1)*MODBYTES]));
+ }
+}
+
+/* in-place swapping using xor - side channel resistant */
+static void FF_cswap(BIG a[],BIG b[],int d,int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ BIG_cswap(a[i],b[i],d);
+ return;
+}
+
+/* z=x*y, t is workspace */
+static void FF_karmul(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
+{
+ int nd2;
+ if (n==1)
+ {
+ BIG_mul(t[tp],x[xp],y[yp]);
+ BIG_split(z[zp+1],z[zp],t[tp],BIGBITS);
+ return;
+ }
+
+ nd2=n/2;
+ FF_radd(z,zp,x,xp,x,xp+nd2,nd2);
+ FF_rnorm(z,zp,nd2); /* needs this if recursion level too deep */
+
+ FF_radd(z,zp+nd2,y,yp,y,yp+nd2,nd2);
+ FF_rnorm(z,zp+nd2,nd2);
+ FF_karmul(t,tp,z,zp,z,zp+nd2,t,tp+n,nd2);
+ FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
+ FF_karmul(z,zp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
+ FF_rdec(t,tp,z,zp,n);
+ FF_rdec(t,tp,z,zp+n,n);
+ FF_rinc(z,zp+nd2,t,tp,n);
+ FF_rnorm(z,zp,2*n);
+}
+
+static void FF_karsqr(BIG z[],int zp,BIG x[],int xp,BIG t[],int tp,int n)
+{
+ int nd2;
+ if (n==1)
+ {
+ BIG_sqr(t[tp],x[xp]);
+ BIG_split(z[zp+1],z[zp],t[tp],BIGBITS);
+ return;
+ }
+ nd2=n/2;
+ FF_karsqr(z,zp,x,xp,t,tp+n,nd2);
+ FF_karsqr(z,zp+n,x,xp+nd2,t,tp+n,nd2);
+ FF_karmul(t,tp,x,xp,x,xp+nd2,t,tp+n,nd2);
+ FF_rinc(z,zp+nd2,t,tp,n);
+ FF_rinc(z,zp+nd2,t,tp,n);
+
+ FF_rnorm(z,zp+nd2,n); /* was FF_rnorm(z,zp,2*n) */
+}
+
+static void FF_karmul_lower(BIG z[],int zp,BIG x[],int xp,BIG y[],int yp,BIG t[],int tp,int n)
+{
+ /* Calculates Least Significant bottom half of x*y */
+ int nd2;
+ if (n==1)
+ {
+ /* only calculate bottom half of product */
+ BIG_smul(z[zp],x[xp],y[yp]);
+ return;
+ }
+ nd2=n/2;
+ FF_karmul(z,zp,x,xp,y,yp,t,tp+n,nd2);
+ FF_karmul_lower(t,tp,x,xp+nd2,y,yp,t,tp+n,nd2);
+ FF_rinc(z,zp+nd2,t,tp,nd2);
+ FF_karmul_lower(t,tp,x,xp,y,yp+nd2,t,tp+n,nd2);
+ FF_rinc(z,zp+nd2,t,tp,nd2);
+ FF_rnorm(z,zp+nd2,-nd2); /* truncate it */
+}
+
+static void FF_karmul_upper(BIG z[],BIG x[],BIG y[],BIG t[],int n)
+{
+ /* Calculates Most Significant upper half of x*y, given lower part */
+ int nd2;
+
+ nd2=n/2;
+ FF_radd(z,n,x,0,x,nd2,nd2);
+ FF_radd(z,n+nd2,y,0,y,nd2,nd2);
+ FF_rnorm(z,n,nd2);
+ FF_rnorm(z,n+nd2,nd2);
+
+ FF_karmul(t,0,z,n+nd2,z,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
+ FF_karmul(z,n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
+ /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
+ FF_rdec(t,0,z,n,n); /* t=t-a1b1 */
+ FF_rinc(z,nd2,z,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
+ FF_rdec(z,nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
+ FF_rnorm(z,0,-n); /* a0b0 now in z - truncate it */
+ FF_rdec(t,0,z,0,n); /* (a0+a1)(b0+b1) - a0b0 */
+ FF_rinc(z,nd2,t,0,n);
+
+ FF_rnorm(z,nd2,n);
+}
+
+/* z=x*y */
+void FF_mul(BIG z[],BIG x[],BIG y[],int n)
+{
+#ifndef C99
+ BIG t[2*FFLEN];
+#else
+ BIG t[2*n];
+#endif
+// FF_norm(x,n); /* change here */
+// FF_norm(y,n); /* change here */
+ FF_karmul(z,0,x,0,y,0,t,0,n);
+}
+
+/* return low part of product */
+static void FF_lmul(BIG z[],BIG x[],BIG y[],int n)
+{
+#ifndef C99
+ BIG t[2*FFLEN];
+#else
+ BIG t[2*n];
+#endif
+// FF_norm(x,n); /* change here */
+// FF_norm(y,n); /* change here */
+ FF_karmul_lower(z,0,x,0,y,0,t,0,n);
+}
+
+/* Set b=b mod c */
+void FF_mod(BIG b[],BIG c[],int n)
+{
+ int k=0;
+
+ FF_norm(b,n);
+ if (FF_comp(b,c,n)<0)
+ return;
+ do
+ {
+ FF_shl(c,n);
+ k++;
+ }
+ while (FF_comp(b,c,n)>=0);
+
+ while (k>0)
+ {
+ FF_shr(c,n);
+ if (FF_comp(b,c,n)>=0)
+ {
+ FF_sub(b,b,c,n);
+ FF_norm(b,n);
+ }
+ k--;
+ }
+}
+
+/* z=x^2 */
+void FF_sqr(BIG z[],BIG x[],int n)
+{
+#ifndef C99
+ BIG t[2*FFLEN];
+#else
+ BIG t[2*n];
+#endif
+// FF_norm(x,n); /* change here */
+ FF_karsqr(z,0,x,0,t,0,n);
+}
+
+/* r=t mod modulus, N is modulus, ND is Montgomery Constant */
+static void FF_reduce(BIG r[],BIG T[],BIG N[],BIG ND[],int n)
+{
+ /* fast karatsuba Montgomery reduction */
+#ifndef C99
+ BIG t[2*FFLEN];
+ BIG m[FFLEN];
+#else
+ BIG t[2*n];
+ BIG m[n];
+#endif
+ FF_sducopy(r,T,n); /* keep top half of T */
+ //FF_norm(T,n); /* change here */
+ FF_karmul_lower(m,0,T,0,ND,0,t,0,n); /* m=T.(1/N) mod R */
+
+ //FF_norm(N,n); /* change here */
+ FF_karmul_upper(T,N,m,t,n); /* T=mN */
+ FF_sducopy(m,T,n);
+
+ FF_add(r,r,N,n);
+ FF_sub(r,r,m,n);
+ FF_norm(r,n);
+}
+
+
+/* Set r=a mod b */
+/* a is of length - 2*n */
+/* r,b is of length - n */
+void FF_dmod(BIG r[],BIG a[],BIG b[],int n)
+{
+ int k;
+#ifndef C99
+ BIG m[2*FFLEN];
+ BIG x[2*FFLEN];
+#else
+ BIG m[2*n];
+ BIG x[2*n];
+#endif
+ FF_copy(x,a,2*n);
+ FF_norm(x,2*n);
+ FF_dsucopy(m,b,n);
+ k=BIGBITS*n;
+
+ while (FF_comp(x,m,2*n)>=0)
+ {
+ FF_sub(x,x,m,2*n);
+ FF_norm(x,2*n);
+ }
+
+ while (k>0)
+ {
+ FF_shr(m,2*n);
+
+ if (FF_comp(x,m,2*n)>=0)
+ {
+ FF_sub(x,x,m,2*n);
+ FF_norm(x,2*n);
+ }
+
+ k--;
+ }
+ FF_copy(r,x,n);
+ FF_mod(r,b,n);
+}
+
+/* Set r=1/a mod p. Binary method - a<p on entry */
+
+void FF_invmodp(BIG r[],BIG a[],BIG p[],int n)
+{
+#ifndef C99
+ BIG u[FFLEN],v[FFLEN],x1[FFLEN],x2[FFLEN],t[FFLEN],one[FFLEN];
+#else
+ BIG u[n],v[n],x1[n],x2[n],t[n],one[n];
+#endif
+ FF_copy(u,a,n);
+ FF_copy(v,p,n);
+ FF_one(one,n);
+ FF_copy(x1,one,n);
+ FF_zero(x2,n);
+
+// reduce n in here as well!
+ while (FF_comp(u,one,n)!=0 && FF_comp(v,one,n)!=0)
+ {
+ while (FF_parity(u)==0)
+ {
+ FF_shr(u,n);
+ if (FF_parity(x1)!=0)
+ {
+ FF_add(x1,p,x1,n);
+ FF_norm(x1,n);
+ }
+ FF_shr(x1,n);
+ }
+ while (FF_parity(v)==0)
+ {
+ FF_shr(v,n);
+ if (FF_parity(x2)!=0)
+ {
+ FF_add(x2,p,x2,n);
+ FF_norm(x2,n);
+ }
+ FF_shr(x2,n);
+ }
+ if (FF_comp(u,v,n)>=0)
+ {
+
+ FF_sub(u,u,v,n);
+ FF_norm(u,n);
+ if (FF_comp(x1,x2,n)>=0) FF_sub(x1,x1,x2,n);
+ else
+ {
+ FF_sub(t,p,x2,n);
+ FF_add(x1,x1,t,n);
+ }
+ FF_norm(x1,n);
+ }
+ else
+ {
+ FF_sub(v,v,u,n);
+ FF_norm(v,n);
+ if (FF_comp(x2,x1,n)>=0) FF_sub(x2,x2,x1,n);
+ else
+ {
+ FF_sub(t,p,x1,n);
+ FF_add(x2,x2,t,n);
+ }
+ FF_norm(x2,n);
+ }
+ }
+ if (FF_comp(u,one,n)==0)
+ FF_copy(r,x1,n);
+ else
+ FF_copy(r,x2,n);
+}
+
+/* nesidue mod m */
+static void FF_nres(BIG a[],BIG m[],int n)
+{
+#ifndef C99
+ BIG d[2*FFLEN];
+#else
+ BIG d[2*n];
+#endif
+
+ if (n==1)
+ {
+ BIG_dscopy(d[0],a[0]);
+ BIG_dshl(d[0],NLEN*BASEBITS);
+ BIG_dmod(a[0],d[0],m[0]);
+ }
+ else
+ {
+ FF_dsucopy(d,a,n);
+ FF_dmod(a,d,m,n);
+ }
+}
+
+static void FF_redc(BIG a[],BIG m[],BIG ND[],int n)
+{
+#ifndef C99
+ BIG d[2*FFLEN];
+#else
+ BIG d[2*n];
+#endif
+ if (n==1)
+ {
+ BIG_dzero(d[0]);
+ BIG_dscopy(d[0],a[0]);
+ BIG_monty(a[0],m[0],((chunk)1<<BASEBITS)-ND[0][0],d[0]);
+ }
+ else
+ {
+ FF_mod(a,m,n);
+ FF_dscopy(d,a,n);
+ FF_reduce(a,d,m,ND,n);
+ FF_mod(a,m,n);
+ }
+}
+
+/* U=1/a mod 2^m - Arazi & Qi */
+static void FF_invmod2m(BIG U[],BIG a[],int n)
+{
+ int i;
+#ifndef C99
+ BIG t1[FFLEN],b[FFLEN],c[FFLEN];
+#else
+ BIG t1[2*n],b[n],c[n];
+#endif
+
+ FF_zero(U,n);
+ FF_zero(b,n);
+ FF_zero(c,n);
+ FF_zero(t1,2*n);
+
+ BIG_copy(U[0],a[0]);
+ BIG_invmod2m(U[0]);
+ for (i=1; i<n; i<<=1)
+ {
+ FF_copy(b,a,i);
+ FF_mul(t1,U,b,i);
+ FF_shrw(t1,i); // top half to bottom half, top half=0
+
+ FF_copy(c,a,2*i);
+ FF_shrw(c,i); // top half of c
+ FF_lmul(b,U,c,i); // should set top half of b=0
+ FF_add(t1,t1,b,i);
+ FF_norm(t1,2*i);
+ FF_lmul(b,t1,U,i);
+ FF_copy(t1,b,i);
+ FF_one(b,i);
+ FF_shlw(b,i);
+ FF_sub(t1,b,t1,2*i);
+ FF_norm(t1,2*i);
+ FF_shlw(t1,i);
+ FF_add(U,U,t1,2*i);
+ }
+
+ FF_norm(U,n);
+}
+
+void FF_random(BIG x[],csprng *rng,int n)
+{
+ int i;
+ for (i=0; i<n; i++)
+ {
+ BIG_random(x[i],rng);
+ }
+ /* make sure top bit is 1 */
+ while (BIG_nbits(x[n-1])<MODBYTES*8) BIG_random(x[n-1],rng);
+}
+
+/* generate random x mod p */
+void FF_randomnum(BIG x[],BIG p[],csprng *rng,int n)
+{
+ int i;
+#ifndef C99
+ BIG d[2*FFLEN];
+#else
+ BIG d[2*n];
+#endif
+ for (i=0; i<2*n; i++)
+ {
+ BIG_random(d[i],rng);
+ }
+ FF_dmod(x,d,p,n);
+}
+
+static void FF_modmul(BIG z[],BIG x[],BIG y[],BIG p[],BIG ND[],int n)
+{
+#ifndef C99
+ BIG d[2*FFLEN];
+#else
+ BIG d[2*n];
+#endif
+ chunk ex=P_EXCESS(x[n-1]);
+ chunk ey=P_EXCESS(y[n-1]);
+#ifdef dchunk
+ if ((dchunk)(ex+1)*(ey+1)>(dchunk)P_FEXCESS)
+#else
+ if ((ex+1)>P_FEXCESS/(ey+1))
+#endif
+ {
+#ifdef DEBUG_REDUCE
+ printf("Product too large - reducing it %d %d\n",ex,ey);
+#endif
+ FF_mod(x,p,n);
+ }
+
+ if (n==1)
+ {
+ BIG_mul(d[0],x[0],y[0]);
+ BIG_monty(z[0],p[0],((chunk)1<<BASEBITS)-ND[0][0],d[0]);
+ }
+ else
+ {
+ FF_mul(d,x,y,n);
+ FF_reduce(z,d,p,ND,n);
+ }
+}
+
+static void FF_modsqr(BIG z[],BIG x[],BIG p[],BIG ND[],int n)
+{
+#ifndef C99
+ BIG d[2*FFLEN];
+#else
+ BIG d[2*n];
+#endif
+ chunk ex=P_EXCESS(x[n-1]);
+#ifdef dchunk
+ if ((dchunk)(ex+1)*(ex+1)>(dchunk)P_FEXCESS)
+#else
+ if ((ex+1)>P_FEXCESS/(ex+1))
+#endif
+ {
+#ifdef DEBUG_REDUCE
+ printf("Product too large - reducing it %d\n",ex);
+#endif
+ FF_mod(x,p,n);
+ }
+
+ if (n==1)
+ {
+ BIG_sqr(d[0],x[0]);
+ BIG_monty(z[0],p[0],((chunk)1<<BASEBITS)-ND[0][0],d[0]);
+ }
+ else
+ {
+ FF_sqr(d,x,n);
+ FF_reduce(z,d,p,ND,n);
+ }
+}
+
+/* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */
+void FF_skpow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
+{
+ int i,b;
+#ifndef C99
+ BIG R0[FFLEN],R1[FFLEN],ND[FFLEN];
+#else
+ BIG R0[n],R1[n],ND[n];
+#endif
+ FF_invmod2m(ND,p,n);
+
+ FF_one(R0,n);
+ FF_copy(R1,x,n);
+ FF_nres(R0,p,n);
+ FF_nres(R1,p,n);
+
+ for (i=8*MODBYTES*n-1; i>=0; i--)
+ {
+ b=BIG_bit(e[i/BIGBITS],i%BIGBITS);
+ FF_modmul(r,R0,R1,p,ND,n);
+
+ FF_cswap(R0,R1,b,n);
+ FF_modsqr(R0,R0,p,ND,n);
+
+ FF_copy(R1,r,n);
+ FF_cswap(R0,R1,b,n);
+ }
+ FF_copy(r,R0,n);
+ FF_redc(r,p,ND,n);
+}
+
+/* r=x^e mod p using side-channel resistant Montgomery Ladder, for short e */
+void FF_skspow(BIG r[],BIG x[],BIG e,BIG p[],int n)
+{
+ int i,b;
+#ifndef C99
+ BIG R0[FFLEN],R1[FFLEN],ND[FFLEN];
+#else
+ BIG R0[n],R1[n],ND[n];
+#endif
+ FF_invmod2m(ND,p,n);
+ FF_one(R0,n);
+ FF_copy(R1,x,n);
+ FF_nres(R0,p,n);
+ FF_nres(R1,p,n);
+ for (i=8*MODBYTES-1; i>=0; i--)
+ {
+ b=BIG_bit(e,i);
+ FF_modmul(r,R0,R1,p,ND,n);
+ FF_cswap(R0,R1,b,n);
+ FF_modsqr(R0,R0,p,ND,n);
+ FF_copy(R1,r,n);
+ FF_cswap(R0,R1,b,n);
+ }
+ FF_copy(r,R0,n);
+ FF_redc(r,p,ND,n);
+}
+
+/* raise to an integer power - right-to-left method */
+void FF_power(BIG r[],BIG x[],int e,BIG p[],int n)
+{
+ int f=1;
+#ifndef C99
+ BIG w[FFLEN],ND[FFLEN];
+#else
+ BIG w[n],ND[n];
+#endif
+ FF_invmod2m(ND,p,n);
+
+ FF_copy(w,x,n);
+ FF_nres(w,p,n);
+
+ if (e==2)
+ {
+ FF_modsqr(r,w,p,ND,n);
+ }
+ else for (;;)
+ {
+ if (e%2==1)
+ {
+ if (f) FF_copy(r,w,n);
+ else FF_modmul(r,r,w,p,ND,n);
+ f=0;
+ }
+ e>>=1;
+ if (e==0) break;
+ FF_modsqr(w,w,p,ND,n);
+ }
+
+ FF_redc(r,p,ND,n);
+}
+
+/* r=x^e mod p, faster but not side channel resistant */
+void FF_pow(BIG r[],BIG x[],BIG e[],BIG p[],int n)
+{
+ int i,b;
+#ifndef C99
+ BIG w[FFLEN],ND[FFLEN];
+#else
+ BIG w[n],ND[n];
+#endif
+ FF_invmod2m(ND,p,n);
+
+ FF_copy(w,x,n);
+ FF_one(r,n);
+ FF_nres(r,p,n);
+ FF_nres(w,p,n);
+
+ for (i=8*MODBYTES*n-1; i>=0; i--)
+ {
+ FF_modsqr(r,r,p,ND,n);
+ b=BIG_bit(e[i/BIGBITS],i%BIGBITS);
+ if (b==1) FF_modmul(r,r,w,p,ND,n);
+ }
+ FF_redc(r,p,ND,n);
+}
+
+/* double exponentiation r=x^e.y^f mod p */
+void FF_pow2(BIG r[],BIG x[],BIG e,BIG y[],BIG f,BIG p[],int n)
+{
+ int i,eb,fb;
+#ifndef C99
+ BIG xn[FFLEN],yn[FFLEN],xy[FFLEN],ND[FFLEN];
+#else
+ BIG xn[n],yn[n],xy[n],ND[n];
+#endif
+
+ FF_invmod2m(ND,p,n);
+
+ FF_copy(xn,x,n);
+ FF_copy(yn,y,n);
+ FF_nres(xn,p,n);
+ FF_nres(yn,p,n);
+ FF_modmul(xy,xn,yn,p,ND,n);
+ FF_one(r,n);
+ FF_nres(r,p,n);
+
+ for (i=8*MODBYTES-1; i>=0; i--)
+ {
+ eb=BIG_bit(e,i);
+ fb=BIG_bit(f,i);
+ FF_modsqr(r,r,p,ND,n);
+ if (eb==1)
+ {
+ if (fb==1) FF_modmul(r,r,xy,p,ND,n);
+ else FF_modmul(r,r,xn,p,ND,n);
+ }
+ else
+ {
+ if (fb==1) FF_modmul(r,r,yn,p,ND,n);
+ }
+ }
+ FF_redc(r,p,ND,n);
+}
+
+static sign32 igcd(sign32 x,sign32 y)
+{
+ /* integer GCD, returns GCD of x and y */
+ sign32 r;
+ if (y==0) return x;
+ while ((r=x%y)!=0)
+ x=y,y=r;
+ return y;
+}
+
+/* quick and dirty check for common factor with s */
+int FF_cfactor(BIG w[],sign32 s,int n)
+{
+ int r;
+ sign32 g;
+#ifndef C99
+ BIG x[FFLEN],y[FFLEN];
+#else
+ BIG x[n],y[n];
+#endif
+ FF_init(y,s,n);
+ FF_copy(x,w,n);
+ FF_norm(x,n);
+
+// if (FF_parity(x)==0) return 1;
+ do
+ {
+ FF_sub(x,x,y,n);
+ FF_norm(x,n);
+ while (!FF_iszilch(x,n) && FF_parity(x)==0) FF_shr(x,n);
+ }
+ while (FF_comp(x,y,n)>0);
+#if CHUNK<32
+ g=x[0][0]+((sign32)(x[0][1])<<BASEBITS);
+#else
+ g=(sign32)x[0][0];
+#endif
+ r=igcd(s,g);
+ if (r>1) return 1;
+ return 0;
+}
+
+/* Miller-Rabin test for primality. Slow. */
+int FF_prime(BIG p[],csprng *rng,int n)
+{
+ int i,j,loop,s=0;
+#ifndef C99
+ BIG d[FFLEN],x[FFLEN],unity[FFLEN],nm1[FFLEN];
+#else
+ BIG d[n],x[n],unity[n],nm1[n];
+#endif
+ sign32 sf=4849845;/* 3*5*.. *19 */
+
+ FF_norm(p,n);
+
+ if (FF_cfactor(p,sf,n)) return 0;
+
+ FF_one(unity,n);
+ FF_sub(nm1,p,unity,n);
+ FF_norm(nm1,n);
+ FF_copy(d,nm1,n);
+ while (FF_parity(d)==0)
+ {
+ FF_shr(d,n);
+ s++;
+ }
+ if (s==0) return 0;
+
+ for (i=0; i<10; i++)
+ {
+ FF_randomnum(x,p,rng,n);
+ FF_pow(x,x,d,p,n);
+ if (FF_comp(x,unity,n)==0 || FF_comp(x,nm1,n)==0) continue;
+ loop=0;
+ for (j=1; j<s; j++)
+ {
+ FF_power(x,x,2,p,n);
+ if (FF_comp(x,unity,n)==0) return 0;
+ if (FF_comp(x,nm1,n)==0 )
+ {
+ loop=1;
+ break;
+ }
+ }
+ if (loop) continue;
+ return 0;
+ }
+
+ return 1;
+}
+
+/*
+BIG P[4]= {{0x1670957,0x1568CD3C,0x2595E5,0xEED4F38,0x1FC9A971,0x14EF7E62,0xA503883,0x9E1E05E,0xBF59E3},{0x1844C908,0x1B44A798,0x3A0B1E7,0xD1B5B4E,0x1836046F,0x87E94F9,0x1D34C537,0xF7183B0,0x46D07},{0x17813331,0x19E28A90,0x1473A4D6,0x1CACD01F,0x1EEA8838,0xAF2AE29,0x1F85292A,0x1632585E,0xD945E5},{0x919F5EF,0x1567B39F,0x19F6AD11,0x16CE47CF,0x9B36EB1,0x35B7D3,0x483B28C,0xCBEFA27,0xB5FC21}};
+
+int main()
+{
+ int i;
+ BIG p[4],e[4],x[4],r[4];
+ csprng rng;
+ char raw[100];
+ for (i=0;i<100;i++) raw[i]=i;
+ RAND_seed(&rng,100,raw);
+
+
+ FF_init(x,3,4);
+
+ FF_copy(p,P,4);
+ FF_copy(e,p,4);
+ FF_dec(e,1,4);
+ FF_norm(e,4);
+
+
+
+ printf("p= ");FF_output(p,4); printf("\n");
+ if (FF_prime(p,&rng,4)) printf("p is a prime\n");
+ printf("e= ");FF_output(e,4); printf("\n");
+
+ FF_skpow(r,x,e,p,4);
+ printf("r= ");FF_output(r,4); printf("\n");
+}
+
+*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/version22/c/fp.c
----------------------------------------------------------------------
diff --git a/version22/c/fp.c b/version22/c/fp.c
new file mode 100644
index 0000000..5d48f1c
--- /dev/null
+++ b/version22/c/fp.c
@@ -0,0 +1,608 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+/* AMCL mod p functions */
+/* Small Finite Field arithmetic */
+/* SU=m, SU is Stack Usage (NOT_SPECIAL Modulus) */
+
+#include "amcl.h"
+
+/* Fast Modular Reduction Methods */
+
+/* r=d mod m */
+/* d MUST be normalised */
+/* Products must be less than pR in all cases !!! */
+/* So when multiplying two numbers, their product *must* be less than MODBITS+BASEBITS*NLEN */
+/* Results *may* be one bit bigger than MODBITS */
+
+#if MODTYPE == PSEUDO_MERSENNE
+/* r=d mod m */
+
+/* Converts from BIG integer to n-residue form mod Modulus */
+void FP_nres(BIG a)
+{
+ BIG tmp;
+ BIG_rcopy(tmp,a);
+}
+
+/* Converts from n-residue form back to BIG integer form */
+void FP_redc(BIG a)
+{
+ BIG tmp;
+ BIG_rcopy(tmp,a);
+}
+
+/* reduce a DBIG to a BIG exploiting the special form of the modulus */
+void FP_mod(BIG r,DBIG d)
+{
+ BIG t,b;
+ chunk v,tw;
+ BIG_split(t,b,d,MODBITS);
+
+ /* Note that all of the excess gets pushed into t. So if squaring a value with a 4-bit excess, this results in
+ t getting all 8 bits of the excess product! So products must be less than pR which is Montgomery compatible */
+
+ if (MConst < NEXCESS)
+ {
+ BIG_imul(t,t,MConst);
+
+ BIG_norm(t);
+ tw=t[NLEN-1];
+ t[NLEN-1]&=TMASK;
+ t[0]+=MConst*((tw>>TBITS));
+ }
+ else
+ {
+ v=BIG_pmul(t,t,MConst);
+ tw=t[NLEN-1];
+ t[NLEN-1]&=TMASK;
+#if CHUNK == 16
+ t[1]+=muladd(MConst,((tw>>TBITS)+(v<<(BASEBITS-TBITS))),0,&t[0]);
+#else
+ t[0]+=MConst*((tw>>TBITS)+(v<<(BASEBITS-TBITS)));
+#endif
+ }
+ BIG_add(r,t,b);
+ BIG_norm(r);
+}
+#endif
+
+/* This only applies to Curve C448, so specialised (for now) */
+#if MODTYPE == GENERALISED_MERSENNE
+
+/* Converts from BIG integer to n-residue form mod Modulus */
+void FP_nres(BIG a)
+{
+ BIG tmp;
+ BIG_rcopy(tmp,a);
+}
+
+/* Converts from n-residue form back to BIG integer form */
+void FP_redc(BIG a)
+{
+ BIG tmp;
+ BIG_rcopy(tmp,a);
+}
+
+/* reduce a DBIG to a BIG exploiting the special form of the modulus */
+void FP_mod(BIG r,DBIG d)
+{
+ BIG t,b;
+ chunk carry;
+ BIG_split(t,b,d,MBITS);
+
+ BIG_add(r,t,b);
+
+ BIG_dscopy(d,t);
+ BIG_dshl(d,MBITS/2);
+
+ BIG_split(t,b,d,MBITS);
+
+ BIG_add(r,r,t);
+ BIG_add(r,r,b);
+ BIG_norm(r);
+ BIG_shl(t,MBITS/2);
+
+ BIG_add(r,r,t);
+
+ carry=r[NLEN-1]>>TBITS;
+
+ r[NLEN-1]&=TMASK;
+ r[0]+=carry;
+
+ r[224/BASEBITS]+=carry<<(224%BASEBITS); /* need to check that this falls mid-word */
+ BIG_norm(r);
+
+}
+
+#endif
+
+#if MODTYPE == MONTGOMERY_FRIENDLY
+
+/* convert to Montgomery n-residue form */
+void FP_nres(BIG a)
+{
+ DBIG d;
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ BIG_dscopy(d,a);
+ BIG_dshl(d,NLEN*BASEBITS);
+ BIG_dmod(a,d,m);
+}
+
+/* convert back to regular form */
+void FP_redc(BIG a)
+{
+ DBIG d;
+ BIG_dzero(d);
+ BIG_dscopy(d,a);
+ FP_mod(a,d);
+}
+
+/* fast modular reduction from DBIG to BIG exploiting special form of the modulus */
+void FP_mod(BIG a,DBIG d)
+{
+ int i;
+
+ for (i=0; i<NLEN; i++)
+ d[NLEN+i]+=muladd(d[i],MConst-1,d[i],&d[NLEN+i-1]);
+
+ BIG_sducopy(a,d);
+ BIG_norm(a);
+}
+
+#endif
+
+#if MODTYPE == NOT_SPECIAL
+
+/* convert BIG a to Montgomery n-residue form */
+/* SU= 120 */
+void FP_nres(BIG a)
+{
+ DBIG d;
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ BIG_dscopy(d,a);
+ BIG_dshl(d,NLEN*BASEBITS);
+ BIG_dmod(a,d,m);
+}
+
+/* SU= 80 */
+/* convert back to regular form */
+void FP_redc(BIG a)
+{
+ DBIG d;
+ BIG_dzero(d);
+ BIG_dscopy(d,a);
+ FP_mod(a,d);
+}
+
+/* reduce a DBIG to a BIG using Montgomery's no trial division method */
+/* d is expected to be dnormed before entry */
+/* SU= 112 */
+void FP_mod(BIG a,DBIG d)
+{
+ BIG mdls;
+ BIG_rcopy(mdls,Modulus);
+ BIG_monty(a,mdls,MConst,d);
+}
+
+#endif
+
+/* test x==0 ? */
+/* SU= 48 */
+int FP_iszilch(BIG x)
+{
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ BIG_mod(x,m);
+ return BIG_iszilch(x);
+}
+
+/* output FP */
+/* SU= 48 */
+void FP_output(BIG r)
+{
+ BIG c;
+ BIG_copy(c,r);
+ FP_redc(c);
+ BIG_output(c);
+}
+
+void FP_rawoutput(BIG r)
+{
+ BIG_rawoutput(r);
+}
+
+#ifdef GET_STATS
+int tsqr=0,rsqr=0,tmul=0,rmul=0;
+int tadd=0,radd=0,tneg=0,rneg=0;
+int tdadd=0,rdadd=0,tdneg=0,rdneg=0;
+#endif
+
+/* r=a*b mod Modulus */
+/* product must be less that p.R - and we need to know this in advance! */
+/* SU= 88 */
+void FP_mul(BIG r,BIG a,BIG b)
+{
+ DBIG d;
+ chunk ea,eb;
+ BIG_norm(a);
+ BIG_norm(b);
+ ea=EXCESS(a);
+ eb=EXCESS(b);
+
+#ifdef dchunk
+ if ((dchunk)(ea+1)*(eb+1)>(dchunk)FEXCESS)
+#else
+ if ((ea+1)>FEXCESS/(eb+1))
+#endif
+ {
+#ifdef DEBUG_REDUCE
+ printf("Product too large - reducing it %d %d %d\n",ea,eb,FEXCESS);
+#endif
+ FP_reduce(a); /* it is sufficient to fully reduce just one of them < p */
+#ifdef GET_STATS
+ rmul++;
+ }
+
+ tmul++;
+#else
+ }
+#endif
+
+ BIG_mul(d,a,b);
+ FP_mod(r,d);
+}
+
+/* multiplication by an integer, r=a*c */
+/* SU= 136 */
+void FP_imul(BIG r,BIG a,int c)
+{
+ DBIG d;
+ BIG m;
+ int s=0;
+ chunk afx;
+ BIG_norm(a);
+ if (c<0)
+ {
+ c=-c;
+ s=1;
+ }
+ afx=(EXCESS(a)+1)*(c+1)+1;
+ if (c<NEXCESS && afx<FEXCESS)
+ BIG_imul(r,a,c);
+ else
+ {
+ if (afx<FEXCESS)
+ {
+ BIG_pmul(r,a,c);
+ }
+ else
+ {
+ BIG_rcopy(m,Modulus);
+ BIG_pxmul(d,a,c);
+ BIG_dmod(r,d,m);
+ }
+ }
+ if (s) FP_neg(r,r);
+ BIG_norm(r);
+}
+
+/* Set r=a^2 mod m */
+/* SU= 88 */
+void FP_sqr(BIG r,BIG a)
+{
+ DBIG d;
+ chunk ea;
+ BIG_norm(a);
+ ea=EXCESS(a);
+#ifdef dchunk
+ if ((dchunk)(ea+1)*(ea+1)>(dchunk)FEXCESS)
+#else
+ if ((ea+1)>FEXCESS/(ea+1))
+#endif
+ {
+#ifdef DEBUG_REDUCE
+ printf("Product too large - reducing it %d\n",ea);
+#endif
+ FP_reduce(a);
+#ifdef GET_STATS
+ rsqr++;
+ }
+ tsqr++;
+#else
+ }
+#endif
+
+ BIG_sqr(d,a);
+ FP_mod(r,d);
+}
+
+/* SU= 16 */
+/* Set r=a+b */
+void FP_add(BIG r,BIG a,BIG b)
+{
+ BIG_add(r,a,b);
+ if (EXCESS(r)+2>=FEXCESS) /* +2 because a and b not normalised */
+ {
+#ifdef DEBUG_REDUCE
+ printf("Sum too large - reducing it %d\n",EXCESS(r));
+#endif
+ FP_reduce(r);
+#ifdef GET_STATS
+ radd++;
+ }
+ tadd++;
+#else
+ }
+#endif
+}
+
+/* Set r=a-b mod m */
+/* SU= 56 */
+void FP_sub(BIG r,BIG a,BIG b)
+{
+ BIG n;
+ FP_neg(n,b);
+ FP_add(r,a,n);
+}
+
+/* SU= 48 */
+/* Fully reduce a mod Modulus */
+void FP_reduce(BIG a)
+{
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ BIG_mod(a,m);
+}
+
+// https://graphics.stanford.edu/~seander/bithacks.html
+// constant time log to base 2 (or number of bits in)
+
+static int logb2(unsign32 v)
+{
+ int r;
+ v |= v >> 1;
+ v |= v >> 2;
+ v |= v >> 4;
+ v |= v >> 8;
+ v |= v >> 16;
+
+ v = v - ((v >> 1) & 0x55555555);
+ v = (v & 0x33333333) + ((v >> 2) & 0x33333333);
+ r = (((v + (v >> 4)) & 0xF0F0F0F) * 0x1010101) >> 24;
+ return r+1;
+}
+
+/* Set r=-a mod Modulus */
+/* SU= 64 */
+void FP_neg(BIG r,BIG a)
+{
+ int sb;
+// chunk ov;
+ BIG m;
+
+ BIG_rcopy(m,Modulus);
+ BIG_norm(a);
+
+ sb=logb2((unsign32)EXCESS(a));
+ /*
+ ov=EXCESS(a);
+ sb=1;
+ while(ov!=0)
+ {
+ sb++; // only unpredictable branch
+ ov>>=1;
+ }
+ */
+ BIG_fshl(m,sb);
+ BIG_sub(r,m,a);
+
+ if (EXCESS(r)>=FEXCESS)
+ {
+#ifdef DEBUG_REDUCE
+ printf("Negation too large - reducing it %d\n",EXCESS(r));
+#endif
+ FP_reduce(r);
+#ifdef GET_STATS
+ rneg++;
+ }
+ tneg++;
+#else
+ }
+#endif
+
+}
+
+/* Set r=a/2. */
+/* SU= 56 */
+void FP_div2(BIG r,BIG a)
+{
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ BIG_norm(a);
+ if (BIG_parity(a)==0)
+ {
+ BIG_copy(r,a);
+ BIG_fshr(r,1);
+ }
+ else
+ {
+ BIG_add(r,a,m);
+ BIG_norm(r);
+ BIG_fshr(r,1);
+ }
+}
+
+/* set w=1/x */
+void FP_inv(BIG w,BIG x)
+{
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ BIG_copy(w,x);
+ FP_redc(w);
+
+ BIG_invmodp(w,w,m);
+ FP_nres(w);
+}
+
+/* SU=8 */
+/* set n=1 */
+void FP_one(BIG n)
+{
+ BIG_one(n);
+ FP_nres(n);
+}
+
+/* Set r=a^b mod Modulus */
+/* SU= 136 */
+void FP_pow(BIG r,BIG a,BIG b)
+{
+ BIG w,z,zilch;
+ int bt;
+ BIG_zero(zilch);
+
+ BIG_norm(b);
+ BIG_copy(z,b);
+ BIG_copy(w,a);
+ FP_one(r);
+ while(1)
+ {
+ bt=BIG_parity(z);
+ BIG_fshr(z,1);
+ if (bt) FP_mul(r,r,w);
+ if (BIG_comp(z,zilch)==0) break;
+ FP_sqr(w,w);
+ }
+ FP_reduce(r);
+}
+
+/* is r a QR? */
+int FP_qr(BIG r)
+{
+ int j;
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ FP_redc(r);
+ j=BIG_jacobi(r,m);
+ FP_nres(r);
+ if (j==1) return 1;
+ return 0;
+
+}
+
+/* Set a=sqrt(b) mod Modulus */
+/* SU= 160 */
+void FP_sqrt(BIG r,BIG a)
+{
+ BIG v,i,b;
+ BIG m;
+ BIG_rcopy(m,Modulus);
+ BIG_mod(a,m);
+ BIG_copy(b,m);
+ if (MOD8==5)
+ {
+ BIG_dec(b,5);
+ BIG_norm(b);
+ BIG_fshr(b,3); /* (p-5)/8 */
+ BIG_copy(i,a);
+ BIG_fshl(i,1);
+ FP_pow(v,i,b);
+ FP_mul(i,i,v);
+ FP_mul(i,i,v);
+ BIG_dec(i,1);
+ FP_mul(r,a,v);
+ FP_mul(r,r,i);
+ BIG_mod(r,m);
+ }
+ if (MOD8==3 || MOD8==7)
+ {
+ BIG_inc(b,1);
+ BIG_norm(b);
+ BIG_fshr(b,2); /* (p+1)/4 */
+ FP_pow(r,a,b);
+ }
+}
+
+/*
+int main()
+{
+
+ BIG r;
+
+ FP_one(r);
+ FP_sqr(r,r);
+
+ BIG_output(r);
+
+ int i,carry;
+ DBIG c={0,0,0,0,0,0,0,0};
+ BIG a={1,2,3,4};
+ BIG b={3,4,5,6};
+ BIG r={11,12,13,14};
+ BIG s={23,24,25,15};
+ BIG w;
+
+// printf("NEXCESS= %d\n",NEXCESS);
+// printf("MConst= %d\n",MConst);
+
+ BIG_copy(b,Modulus);
+ BIG_dec(b,1);
+ BIG_norm(b);
+
+ BIG_randomnum(r); BIG_norm(r); BIG_mod(r,Modulus);
+// BIG_randomnum(s); norm(s); BIG_mod(s,Modulus);
+
+// BIG_output(r);
+// BIG_output(s);
+
+ BIG_output(r);
+ FP_nres(r);
+ BIG_output(r);
+ BIG_copy(a,r);
+ FP_redc(r);
+ BIG_output(r);
+ BIG_dscopy(c,a);
+ FP_mod(r,c);
+ BIG_output(r);
+
+
+// exit(0);
+
+// copy(r,a);
+ printf("r= "); BIG_output(r);
+ BIG_modsqr(r,r,Modulus);
+ printf("r^2= "); BIG_output(r);
+
+ FP_nres(r);
+ FP_sqrt(r,r);
+ FP_redc(r);
+ printf("r= "); BIG_output(r);
+ BIG_modsqr(r,r,Modulus);
+ printf("r^2= "); BIG_output(r);
+
+
+// for (i=0;i<100000;i++) FP_sqr(r,r);
+// for (i=0;i<100000;i++)
+ FP_sqrt(r,r);
+
+ BIG_output(r);
+}
+*/
[41/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/wcc.c
----------------------------------------------------------------------
diff --git a/c/wcc.c b/c/wcc.c
deleted file mode 100755
index c1c8a75..0000000
--- a/c/wcc.c
+++ /dev/null
@@ -1,823 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file wcc.c
- * @author Mike Scott and Kealan McCusker
- * @date 28th April 2016
- * @brief Wang / Chow Choo (WCC) definitions
- *
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "wcc.h"
-
-// #define DEBUG
-
-/* general purpose hashing functions */
-static void start_hash(hash *sha)
-{
- HASH_init(sha);
-}
-
-static void add_to_hash(hash *sha,octet *x)
-{
- int i;
- for (i=0;i<x->len;i++)
- {
- /*printf("%d,",(unsigned char)x->val[i]);*/
- HASH_process(sha,x->val[i]);
- }
-}
-
-static void finish_hash(hash *sha,octet *w)
-{
- int i;
- char hh[HASH_BYTES];
- HASH_hash(sha,hh);
-
- OCT_empty(w);
- OCT_jbytes(w,hh,HASH_BYTES);
- for (i=0;i<HASH_BYTES;i++) hh[i]=0;
-}
-
-/* map octet string to point on curve */
-static void mapit(octet *h,ECP *P)
-{
- BIG q,px;
- BIG_fromBytes(px,h->val);
- BIG_rcopy(q,Modulus);
- BIG_mod(px,q);
-
- while (!ECP_setx(P,px,0))
- BIG_inc(px,1);
-}
-
-/* maps to hash value to point on G2 */
-static void mapit2(octet *h,ECP2 *Q)
-{
- BIG q,one,Fx,Fy,x,hv;
- FP2 X;
- ECP2 T,K;
- BIG_fromBytes(hv,h->val);
- BIG_rcopy(q,Modulus);
- BIG_one(one);
- BIG_mod(hv,q);
-
- for (;;)
- {
- FP2_from_BIGs(&X,one,hv);
- if (ECP2_setx(Q,&X)) break;
- BIG_inc(hv,1);
- }
-
- /* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG_rcopy(Fx,CURVE_Fra);
- BIG_rcopy(Fy,CURVE_Frb);
- FP2_from_BIGs(&X,Fx,Fy);
- BIG_rcopy(x,CURVE_Bnx);
-
- ECP2_copy(&T,Q);
- ECP2_mul(&T,x);
- ECP2_neg(&T); /* our x is negative */
- ECP2_copy(&K,&T);
- ECP2_dbl(&K);
- ECP2_add(&K,&T);
- ECP2_affine(&K);
-
- ECP2_frob(&K,&X);
- ECP2_frob(Q,&X); ECP2_frob(Q,&X); ECP2_frob(Q,&X);
- ECP2_add(Q,&T);
- ECP2_add(Q,&K);
- ECP2_frob(&T,&X); ECP2_frob(&T,&X);
- ECP2_add(Q,&T);
- ECP2_affine(Q);
-}
-
-/* Hash number (optional) and octet to octet */
-static void hashit(int n,octet *x,octet *h)
-{
- int i,c[4];
- hash sha;
- char hh[HASH_BYTES];
- BIG px;
-
- HASH_init(&sha);
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0;i<4;i++) HASH_process(&sha,c[i]);
- }
- for (i=0;i<x->len;i++) HASH_process(&sha,x->val[i]);
- HASH_hash(&sha,hh);
- OCT_empty(h);
- OCT_jbytes(h,hh,HASH_BYTES);
- for (i=0;i<HASH_BYTES;i++) hh[i]=0;
-}
-
-
-/*! \brief Hash EC Points and Id to an integer
- *
- * Perform sha256 of EC Points and Id. Map to an integer modulus the
- * curve order
- *
- * <ol>
- * <li> x = toInteger(sha256(A,B,C,D))
- * <li> h = x % q where q is the curve order
- * </ol>
- *
- * @param A EC Point
- * @param B EC Point
- * @param C EC Point
- * @param D Identity
- * @return h Integer
- */
-void WCC_Hq(octet *A,octet *B,octet *C,octet *D,octet *h)
-{
- int i;
- hash sha;
- char hh[HASH_BYTES];
- BIG q,hs;
-
- BIG_rcopy(q,CURVE_Order);
-
-#ifdef DEBUG
- printf("WCC_Hq: A: ");
- OCT_output(A);
- printf("\n");
- printf("WCC_Hq: B: ");
- OCT_output(B);
- printf("\n");
- printf("WCC_Hq: C: ");
- OCT_output(C);
- printf("\n");
- printf("WCC_Hq: D: ");
- OCT_output(D);
- printf("\n");
-#endif
-
- HASH_init(&sha);
- for (i=0;i<A->len;i++) {
- HASH_process(&sha,A->val[i]);
- }
-
- for (i=0;i<B->len;i++) {
- HASH_process(&sha,B->val[i]);
- }
-
- for (i=0;i<C->len;i++) {
- HASH_process(&sha,C->val[i]);
- }
-
- for (i=0;i<D->len;i++) {
- HASH_process(&sha,D->val[i]);
- }
-
- HASH_hash(&sha,hh);
-
- BIG_fromBytes(hs,hh);
- BIG_mod(hs,q);
- for (i=0;i<HASH_BYTES;i++) {
- hh[i]=0;
- }
- BIG_toBytes(h->val,hs);
- h->len=PGS;
-}
-
-/*! \brief Calculate value in G1 multiplied by an integer
- *
- * Calculate a value in G1. VG1 = s*H1(ID) where ID is the identity.
- *
- * <ol>
- * <li> VG1 = s*H1(ID)
- * </ol>
- *
- * @param hashDone ID value is already hashed if set to 1
- * @param S integer modulus curve order
- * @param ID ID value or sha256(ID)
- * @param VG1 EC point VG1 = s*H1(ID)
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G1_MULTIPLE(int hashDone, octet *S,octet *ID,octet *VG1)
-{
- BIG s;
- ECP P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- if (hashDone) {
- mapit(ID,&P);
- } else {
- hashit(0,ID,&H);
- mapit(&H,&P);
- }
-
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(VG1,&P);
- return 0;
-}
-
-/*! \brief Calculate a value in G1 used for when time permits are enabled
- *
- * Calculate a value in G1 used for when time permits are enabled
- *
- * <ol>
- * <li> VG1 = s*H1(ID) + s*H1(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S integer modulus curve order
- * @param ID ID value or sha256(ID)
- * @param VG1 EC point in G1
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G1_TPMULT(int date, octet *S,octet *ID,octet *VG1)
-{
- BIG s;
- ECP P,Q;
- char h1[HASH_BYTES];
- octet H1={0,sizeof(h1),h1};
- char h2[HASH_BYTES];
- octet H2={0,sizeof(h2),h2};
-
- // H1(ID)
- hashit(0,ID,&H1);
- mapit(&H1,&P);
-
- // H1(date|sha256(ID))
- hashit(date,&H1,&H2);
- mapit(&H2,&Q);
-
- // P = P + Q
- ECP_add(&P,&Q);
-
- // P = s(P+Q)
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(VG1,&P);
- return 0;
-}
-
-/*! \brief Calculate a value in G2 used for when time permits are enabled
- *
- * Calculate a value in G2 used for when time permits are enabled
- *
- * <ol>
- * <li> VG2 = s*H1(ID) + s*H1(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S integer modulus curve order
- * @param ID ID value or sha256(ID)
- * @param VG2 EC point in G2
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G2_TPMULT(int date, octet *S,octet *ID,octet *VG2)
-{
- BIG s;
- ECP2 P,Q;
- char h1[HASH_BYTES];
- octet H1={0,sizeof(h1),h1};
- char h2[HASH_BYTES];
- octet H2={0,sizeof(h2),h2};
-
- // H1(ID)
- hashit(0,ID,&H1);
- mapit2(&H1,&P);
-
- // H1(date|sha256(ID))
- hashit(date,&H1,&H2);
- mapit2(&H2,&Q);
-
- // P = P + Q
- ECP2_add(&P,&Q);
-
- // P = s(P+Q)
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&P,s);
-
- ECP2_toOctet(VG2,&P);
- return 0;
-}
-
-/*! \brief Calculate value in G2 multiplied by an integer
- *
- * Calculate a value in G2. VG2 = s*H2(ID) where ID is the identity.
- *
- * <ol>
- * <li> VG2 = s*H2(ID)
- * </ol>
- *
- * @param hashDone ID is value is already hashed if set to 1
- * @param S integer modulus curve order
- * @param ID ID Value or sha256(ID)
- * @param VG2 EC Point VG2 = s*H2(ID)
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G2_MULTIPLE(int hashDone, octet *S,octet *ID,octet *VG2)
-{
- BIG s;
- ECP2 P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- if (hashDone) {
- mapit2(ID,&P);
- } else {
- hashit(0,ID,&H);
- mapit2(&H,&P);
- }
-
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&P,s);
-
- ECP2_toOctet(VG2,&P);
- return 0;
-}
-
-/*! \brief Calculate time permit in G2
- *
- * Calculate time permit in G2.
- *
- * <ol>
- * <li> TPG2=s*H2(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S Master secret
- * @param HID sha256(ID)
- * @param TPG2 Time Permit in G2
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G2_PERMIT(int date,octet *S,octet *HID,octet *TPG2)
-{
- BIG s;
- ECP2 P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- hashit(date,HID,&H);
- mapit2(&H,&P);
- BIG_fromBytes(s,S->val);
- PAIR_G2mul(&P,s);
-
- ECP2_toOctet(TPG2,&P);
- return 0;
-}
-
-/*! \brief Calculate the sender AES key
- *
- * Calculate the sender AES Key
- *
- * <ol>
- * <li> j=e((x+pia).AKeyG1,pib.BG2+PbG2)
- * <li> K=H(j,x.PgG1)
- * </ol>
- *
- * @param date Epoch days
- * @param xOct Random x < q where q is the curve order
- * @param piaOct Hq(PaG1,PbG2,PgG1)
- * @param pibOct Hq(PbG2,PaG1,PgG1)
- * @param PbG2Oct y.BG2 where y < q
- * @param PgG1Oct w.AG1 where w < q
- * @param AKeyG1Oct Sender key
- * @param ATPG1Oct Sender time permit
- * @param IdBOct Receiver identity
- * @return AESKeyOct AES key
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_SENDER_KEY(int date, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *ATPG1Oct, octet *IdBOct, octet *AESKeyOct)
-{
- ECP sAG1,ATPG1,PgG1;
- ECP2 BG2,dateBG2,PbG2;
- char hv1[HASH_BYTES],hv2[HASH_BYTES];
- octet HV1={0,sizeof(hv1),hv1};
- octet HV2={0,sizeof(hv2),hv2};
-
- // Pairing outputs
- FP12 g;
- char pair[12*PFS];
- octet PAIR={0,sizeof(pair),pair};
-
- FP4 c;
- BIG t,x,z,pia,pib;
- char ht[HASH_BYTES];
- octet HT={0,sizeof(ht),ht};
- hash sha;
- char xpgg1[2*PFS+1];
- octet xPgG1Oct={0,sizeof(xpgg1), xpgg1};
-
- BIG_fromBytes(x,xOct->val);
- BIG_fromBytes(pia,piaOct->val);
- BIG_fromBytes(pib,pibOct->val);
-
- if (!ECP2_fromOctet(&PbG2,PbG2Oct)) {
-#ifdef DEBUG
- printf("PbG2Oct Invalid Point: ");
- OCT_output(PbG2Oct);
- printf("\n");
-#endif
- return WCC_INVALID_POINT;
- }
-
- if (!ECP_fromOctet(&PgG1,PgG1Oct)) {
-#ifdef DEBUG
- printf("PgG1Oct Invalid Point: ");
- OCT_output(PgG1Oct);
- printf("\n");
-#endif
- return WCC_INVALID_POINT;
- }
-
- hashit(0,IdBOct,&HV1);
- mapit2(&HV1,&BG2);
-
- if (!ECP_fromOctet(&sAG1,AKeyG1Oct)) {
-#ifdef DEBUG
- printf("AKeyG1Oct Invalid Point: ");
- OCT_output(AKeyG1Oct);
- printf("\n");
-#endif
- return WCC_INVALID_POINT;
- }
-
- // Use time permits
- if (date)
- {
- // calculate e( (s*A+s*H(date|H(AID))) , (B+H(date|H(BID))) )
- if (!ECP_fromOctet(&ATPG1,ATPG1Oct)) {
-#ifdef DEBUG
- printf("ATPG1Oct Invalid Point: ");
- OCT_output(ATPG1Oct);
- printf("\n");
- return WCC_INVALID_POINT;
-#endif
- }
-
- // H2(date|sha256(IdB))
- hashit(date,&HV1,&HV2);
- mapit2(&HV2,&dateBG2);
-
- // sAG1 = sAG1 + ATPG1
- ECP_add(&sAG1, &ATPG1);
- // BG2 = BG2 + H(date|H(IdB))
- ECP2_add(&BG2, &dateBG2);
- }
- // z = x + pia
- BIG_add(z,x,pia);
-
- // (x+pia).AKeyG1
- PAIR_G1mul(&sAG1,z);
-
- // pib.BG2
- PAIR_G2mul(&BG2,pib);
-
- // pib.BG2+PbG2
- ECP2_add(&BG2, &PbG2);
-
- PAIR_ate(&g,&BG2,&sAG1);
- PAIR_fexp(&g);
- // printf("WCC_SENDER_KEY e(sAG1,BG2) = ");FP12_output(&g); printf("\n");
-
- // x.PgG1
- PAIR_G1mul(&PgG1,x);
- ECP_toOctet(&xPgG1Oct,&PgG1);
-
- // Generate AES Key : K=H(k,x.PgG1)
- FP12_trace(&c,&g);
- HT.len=HASH_BYTES;
- start_hash(&sha);
- BIG_copy(t,c.a.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.a.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- add_to_hash(&sha,&xPgG1Oct);
- finish_hash(&sha,&HT);
- OCT_empty(AESKeyOct);
- OCT_jbytes(AESKeyOct,HT.val,PAS);
-
- return 0;
-}
-
-/*! \brief Calculate the receiver AES key
- *
- * Calculate time permit in G2.
- *
- * <ol>
- * <li> j=e(pia.AG1+PaG1,(y+pib).BKeyG2)
- * <li> K=H(j,w.PaG1)
- * </ol>
- *
- * @param date Epoch days
- * @param yOct Random y < q where q is the curve order
- * @param wOct Random w < q where q is the curve order
- * @param piaOct Hq(PaG1,PbG2,PgG1)
- * @param pibOct Hq(PbG2,PaG1,PgG1)
- * @param PaG1Oct x.AG1 where x < q
- * @param PgG1Oct w.AG1 where w < q
- * @param BKeyG2Oct Receiver key
- * @param BTPG2Oct Receiver time permit
- * @param IdAOct Sender identity
- * @return AESKeyOct AES key
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_RECEIVER_KEY(int date, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct,octet *BTPG2Oct, octet *IdAOct, octet *AESKeyOct)
-{
- ECP AG1,dateAG1,PgG1,PaG1;
- ECP2 sBG2,BTPG2;
- char hv1[HASH_BYTES],hv2[HASH_BYTES];
- octet HV1={0,sizeof(hv1),hv1};
- octet HV2={0,sizeof(hv2),hv2};
-
- // Pairing outputs
- FP12 g;
- char pair[12*PFS];
- octet PAIR={0,sizeof(pair),pair};
-
- FP4 c;
- BIG t,w,y,pia,pib;;
- char ht[HASH_BYTES];
- octet HT={0,sizeof(ht),ht};
- hash sha;
- char wpag1[2*PFS+1];
- octet wPaG1Oct={0,sizeof(wpag1), wpag1};
- BIG_fromBytes(y,yOct->val);
- BIG_fromBytes(w,wOct->val);
- BIG_fromBytes(pia,piaOct->val);
- BIG_fromBytes(pib,pibOct->val);
-
- if (!ECP_fromOctet(&PaG1,PaG1Oct))
- return WCC_INVALID_POINT;
-
- if (!ECP_fromOctet(&PgG1,PgG1Oct))
- return WCC_INVALID_POINT;
-
- hashit(0,IdAOct,&HV1);
- mapit(&HV1,&AG1);
-
- if (!ECP2_fromOctet(&sBG2,BKeyG2Oct))
- return WCC_INVALID_POINT;
-
- if (date) {
- // Calculate e( (A+H(date|H(AID))) , (s*B+s*H(date|H(IdB))) )
- if (!ECP2_fromOctet(&BTPG2,BTPG2Oct))
- return WCC_INVALID_POINT;
-
- // H1(date|sha256(AID))
- hashit(date,&HV1,&HV2);
- mapit(&HV2,&dateAG1);
-
- // sBG2 = sBG2 + TPG2
- ECP2_add(&sBG2, &BTPG2);
- // AG1 = AG1 + H(date|H(AID))
- ECP_add(&AG1, &dateAG1);
- }
- // y = y + pib
- BIG_add(y,y,pib);
-
- // (y+pib).BKeyG2
- PAIR_G2mul(&sBG2,y);
-
- // pia.AG1
- PAIR_G1mul(&AG1,pia);
-
- // pia.AG1+PaG1
- ECP_add(&AG1, &PaG1);
-
- PAIR_ate(&g,&sBG2,&AG1);
- PAIR_fexp(&g);
- // printf("WCC_RECEIVER_KEY e(AG1,sBG2) = ");FP12_output(&g); printf("\n");
-
- // w.PaG1
- PAIR_G1mul(&PaG1,w);
- ECP_toOctet(&wPaG1Oct,&PaG1);
-
- // Generate AES Key: K=H(k,w.PaG1)
- FP12_trace(&c,&g);
- HT.len=HASH_BYTES;
- start_hash(&sha);
- BIG_copy(t,c.a.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.a.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.a); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- BIG_copy(t,c.b.b); FP_redc(t); BIG_toBytes(&(HT.val[0]),t);
- add_to_hash(&sha,&HT);
- add_to_hash(&sha,&wPaG1Oct);
- finish_hash(&sha,&HT);
- OCT_empty(AESKeyOct);
- OCT_jbytes(AESKeyOct,HT.val,PAS);
-
- return 0;
-
-}
-
-/*! \brief Encrypt data using AES GCM
- *
- * AES is run as a block cypher in the GCM mode of operation. The key size is 128 bits.
- * This function will encrypt any data length.
- *
- * @param K 128 bit secret key
- * @param IV 96 bit initialization vector
- * @param H Additional authenticated data (AAD). This data is authenticated, but not encrypted.
- * @param P Plaintext
- * @return C Ciphertext. It is the same length as the plaintext.
- * @return T 128 bit authentication tag.
- */
-void WCC_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T)
-{
- gcm g;
- GCM_init(&g,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_plain(&g,C->val,P->val,P->len);
- C->len=P->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/*! \brief Decrypt data using AES GCM
- *
- * AES is run as a block cypher in the GCM mode of operation. The key size is 128 bits.
- * This function will decrypt any data length.
- *
- * @param K 128 bit secret key
- * @param IV 96 bit initialization vector
- * @param H Additional authenticated data (AAD). This data is authenticated, but not encrypted.
- * @param C Ciphertext.
- * @return P Decrypted data. It is the same length as the ciphertext.Plaintext
- * @return T 128 bit authentication tag.
- */
-void WCC_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T)
-{
- gcm g;
- GCM_init(&g,K->val,IV->len,IV->val);
- GCM_add_header(&g,H->val,H->len);
- GCM_add_cipher(&g,P->val,C->val,C->len);
- P->len=C->len;
- GCM_finish(&g,T->val);
- T->len=16;
-}
-
-/*! \brief Get today's date as days from the epoch
- *
- * @return today's date, as number of days elapsed since the epoch
- */
-unsign32 WCC_today(void)
-{
- unsign32 ti=(unsign32)time(NULL);
- return (long)(ti/(60*TIME_SLOT_MINUTES));
-}
-
-/*! \brief Initialise a random number generator
- *
- * @param RNG cryptographically secure random number generator
- * @param SEED random seed value
- */
-void WCC_CREATE_CSPRNG(csprng *RNG,octet *SEED)
-{
- RAND_seed(RNG,SEED->len,SEED->val);
-}
-
-/*! \brief Kill a random number generator
- *
- * Deletes all internal state
- *
- * @param RNG cryptographically secure random number generator
- */
-void WCC_KILL_CSPRNG(csprng *RNG)
-{
- RAND_clean(RNG);
-}
-
-/*! \brief Perform sha256
- *
- * Hash ID
- *
- * @param ID Value to hash
- * @return HID sha256 hashed value
- */
-void WCC_HASH_ID(octet *ID,octet *HID)
-{
- hashit(0,ID,HID);
-}
-
-/*! \brief Generate a random integer
- *
- * Generate a random number modulus the group order
- *
- * @param RNG cryptographically secure random number generator
- * @return S Random integer modulus the group order
- */
-int WCC_RANDOM_GENERATE(csprng *RNG,octet* S)
-{
- BIG r,s;
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,RNG);
- BIG_toBytes(S->val,s);
- S->len=PGS;
- return 0;
-}
-
-
-/*! \brief Calculate time permit in G2
- *
- * Calculate time permit in G2.
- *
- * <ol>
- * <li> TPG1=s*H1(date|sha256(ID))
- * </ol>
- *
- * @param date Epoch days
- * @param S Master secret
- * @param HID sha256(ID)
- * @param TPG1 Time Permit in G1
- * @return rtn Returns 0 if successful or else an error code
- */
-int WCC_GET_G1_PERMIT(int date,octet *S,octet *HID,octet *TPG1)
-{
- BIG s;
- ECP P;
- char h[HASH_BYTES];
- octet H={0,sizeof(h),h};
-
- hashit(date,HID,&H);
- mapit(&H,&P);
- BIG_fromBytes(s,S->val);
- PAIR_G1mul(&P,s);
-
- ECP_toOctet(TPG1,&P);
- return 0;
-}
-
-/*! \brief Add two members from the group G1
- *
- * @param R1 member of G1
- * @param R2 member of G1
- * @return R member of G1 = R1+R2
- * @return Returns 0 if successful or else an error code
- */
-int WCC_RECOMBINE_G1(octet *R1,octet *R2,octet *R)
-{
- ECP P,T;
- int res=0;
- if (!ECP_fromOctet(&P,R1)) res=WCC_INVALID_POINT;
- if (!ECP_fromOctet(&T,R2)) res=WCC_INVALID_POINT;
- if (res==0)
- {
- ECP_add(&P,&T);
- ECP_toOctet(R,&P);
- }
- return res;
-}
-
-/*! \brief Add two members from the group G2
- *
- * @param W1 member of G2
- * @param W2 member of G2
- * @return W member of G2 = W1+W2
- * @return Weturns 0 if successful or else an error code
- */
-int WCC_RECOMBINE_G2(octet *W1,octet *W2,octet *W)
-{
- ECP2 Q,T;
- int res=0;
- if (!ECP2_fromOctet(&Q,W1)) res=WCC_INVALID_POINT;
- if (!ECP2_fromOctet(&T,W2)) res=WCC_INVALID_POINT;
- if (res==0)
- {
- ECP2_add(&Q,&T);
- ECP2_toOctet(W,&Q);
- }
- return res;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/wcc.h
----------------------------------------------------------------------
diff --git a/c/wcc.h b/c/wcc.h
deleted file mode 100755
index 893fe5d..0000000
--- a/c/wcc.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file wcc.h
- * @author Mike Scott and Kealan McCusker
- * @date 28th April 2016
- * @brief Wang / Chow Choo (WCC) header file
- *
- * defines structures
- * declares functions
- *
- */
-
-#ifndef WCC_H
-#define WCC_H
-
-#include "amcl.h"
-
-/* Field size is assumed to be greater than or equal to group size */
-
-#define PGS 32 /* WCC Group Size */
-#define PFS 32 /* WCC Field Size */
-#define PAS 16 /* AES Symmetric Key Size */
-
-#define WCC_OK 0
-#define WCC_INVALID_POINT -51
-
-
-
-#define TIME_SLOT_MINUTES 1440 /* Time Slot = 1 day */
-#define HASH_BYTES 32
-
-/*! \brief Generate a random integer */
-DLL_EXPORT int WCC_RANDOM_GENERATE(csprng *RNG,octet* S);
-
-/*! \brief Hash EC Points and Id to an integer */
-DLL_EXPORT void WCC_Hq(octet *A,octet *B,octet *C,octet *D,octet *h);
-
-/*! \brief Calculate value in G2 multiplied by an integer */
-DLL_EXPORT int WCC_GET_G2_MULTIPLE(int hashDone,octet *S,octet *ID,octet *VG2);
-
-/*! \brief Calculate value in G1 multiplied by an integer */
-DLL_EXPORT int WCC_GET_G1_MULTIPLE(int hashDone,octet *S,octet *ID,octet *VG1);
-
-/*! \brief Calculate a value in G1 used for when time permits are enabled */
-DLL_EXPORT int WCC_GET_G1_TPMULT(int date, octet *S,octet *ID,octet *VG1);
-
-/*! \brief Calculate a value in G2 used for when time permits are enabled */
-DLL_EXPORT int WCC_GET_G2_TPMULT(int date, octet *S,octet *ID,octet *VG2);
-
-/*! \brief Calculate time permit in G2 */
-DLL_EXPORT int WCC_GET_G1_PERMIT(int date,octet *S,octet *HID,octet *G1TP);
-
-/*! \brief Calculate time permit in G2 */
-DLL_EXPORT int WCC_GET_G2_PERMIT(int date,octet *S,octet *HID,octet *G2TP);
-
-/*! \brief Calculate the sender AES key */
-DLL_EXPORT int WCC_SENDER_KEY(int date, octet *xOct, octet *piaOct, octet *pibOct, octet *PbG2Oct, octet *PgG1Oct, octet *AKeyG1Oct, octet *ATPG1Oct, octet *IdBOct, octet *AESKeyOct);
-
-/*! \brief Calculate the receiver AES key */
-DLL_EXPORT int WCC_RECEIVER_KEY(int date, octet *yOct, octet *wOct, octet *piaOct, octet *pibOct, octet *PaG1Oct, octet *PgG1Oct, octet *BKeyG2Oct,octet *BTPG2Oct, octet *IdAOct, octet *AESKeyOct);
-
-/*! \brief Encrypt data using AES GCM */
-DLL_EXPORT void WCC_AES_GCM_ENCRYPT(octet *K,octet *IV,octet *H,octet *P,octet *C,octet *T);
-
-/*! \brief Decrypt data using AES GCM */
-DLL_EXPORT void WCC_AES_GCM_DECRYPT(octet *K,octet *IV,octet *H,octet *C,octet *P,octet *T);
-
-/*! \brief Perform sha256 */
-DLL_EXPORT void WCC_HASH_ID(octet *,octet *);
-
-/*! \brief Add two members from the group G1 */
-DLL_EXPORT int WCC_RECOMBINE_G1(octet *,octet *,octet *);
-
-/*! \brief Add two members from the group G2 */
-DLL_EXPORT int WCC_RECOMBINE_G2(octet *,octet *,octet *);
-
-/*! \brief Get today's date as days from the epoch */
-DLL_EXPORT unsign32 WCC_today(void);
-
-/*! \brief Initialise a random number generator */
-DLL_EXPORT void WCC_CREATE_CSPRNG(csprng *,octet *);
-
-/*! \brief Kill a random number generator */
-DLL_EXPORT void WCC_KILL_CSPRNG(csprng *RNG);
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cmake_uninstall.cmake.in
----------------------------------------------------------------------
diff --git a/cmake_uninstall.cmake.in b/cmake_uninstall.cmake.in
deleted file mode 100644
index f633ef3..0000000
--- a/cmake_uninstall.cmake.in
+++ /dev/null
@@ -1,23 +0,0 @@
-cmake_policy(SET CMP0007 OLD)
-if (NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
- message(FATAL_ERROR "Cannot find install manifest: \"@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt\"")
-endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
-
-file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
-string(REGEX REPLACE "\n" ";" files "${files}")
-list(REVERSE files)
-foreach (file ${files})
- message(STATUS "Uninstalling \"$ENV{DESTDIR}${file}\"")
- if (EXISTS "$ENV{DESTDIR}${file}")
- execute_process(
- COMMAND @CMAKE_COMMAND@ -E remove "$ENV{DESTDIR}${file}"
- OUTPUT_VARIABLE rm_out
- RESULT_VARIABLE rm_retval
- )
- if(NOT ${rm_retval} EQUAL 0)
- message(FATAL_ERROR "Problem when removing \"$ENV{DESTDIR}${file}\"")
- endif (NOT ${rm_retval} EQUAL 0)
- else (EXISTS "$ENV{DESTDIR}${file}")
- message(STATUS "File \"$ENV{DESTDIR}${file}\" does not exist.")
- endif (EXISTS "$ENV{DESTDIR}${file}")
-endforeach(file)
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/AES.cs
----------------------------------------------------------------------
diff --git a/cs/AES.cs b/cs/AES.cs
deleted file mode 100644
index 1b0d595..0000000
--- a/cs/AES.cs
+++ /dev/null
@@ -1,531 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AES Encryption */
-
-
-public class AES
-{
- internal int mode;
- private int[] fkey = new int[44];
- private int[] rkey = new int[44];
- public sbyte[] f = new sbyte[16];
-
-
- public const int ECB = 0;
- public const int CBC = 1;
- public const int CFB1 = 2;
- public const int CFB2 = 3;
- public const int CFB4 = 5;
- public const int OFB1 = 14;
- public const int OFB2 = 15;
- public const int OFB4 = 17;
- public const int OFB8 = 21;
- public const int OFB16 = 29;
-
- private static readonly sbyte[] InCo = new sbyte[] {(sbyte)0xB,(sbyte)0xD,(sbyte)0x9,(sbyte)0xE}; // Inverse Coefficients
-
- public const int KS = 16; // Key Size in bytes
- public const int BS = 16; // Block Size
-
- private static readonly sbyte[] ptab = new sbyte[] {(sbyte)1,(sbyte)3,(sbyte)5,(sbyte)15,(sbyte)17,(sbyte)51,(sbyte)85,unchecked((sbyte)255),(sbyte)26,(sbyte)46,(sbyte)114,unchecked((sbyte)150),unchecked((sbyte)161),unchecked((sbyte)248),(sbyte)19,(sbyte)53, (sbyte)95,unchecked((sbyte)225),(sbyte)56,(sbyte)72,unchecked((sbyte)216),(sbyte)115,unchecked((sbyte)149),unchecked((sbyte)164),unchecked((sbyte)247),(sbyte)2,(sbyte)6,(sbyte)10,(sbyte)30,(sbyte)34,(sbyte)102,unchecked((sbyte)170), unchecked((sbyte)229),(sbyte)52,(sbyte)92,unchecked((sbyte)228),(sbyte)55,(sbyte)89,unchecked((sbyte)235),(sbyte)38,(sbyte)106,unchecked((sbyte)190),unchecked((sbyte)217),(sbyte)112,unchecked((sbyte)144),unchecked((sbyte)171),unchecked((sbyte)230),(sbyte)49, (sbyte)83,unchecked((sbyte)245),(sbyte)4,(sbyte)12,(sbyte)20,(sbyte)60,(sbyte)68,unchecked((sbyte)204),(sbyte)79,unchecked((sbyte)209),(sbyte)104,unchecked((sbyte)184),unchecked((sbyte)211),(sbyte)110,unchecked((sbyte)178),unchecked((sbyte)205),
(sbyte)76,unchecked((sbyte)212),(sbyte)103,unchecked((sbyte)169),unchecked((sbyte)224),(sbyte)59,(sbyte)77,unchecked((sbyte)215),(sbyte)98,unchecked((sbyte)166),unchecked((sbyte)241),(sbyte)8,(sbyte)24,(sbyte)40,(sbyte)120,unchecked((sbyte)136), unchecked((sbyte)131),unchecked((sbyte)158),unchecked((sbyte)185),unchecked((sbyte)208),(sbyte)107,unchecked((sbyte)189),unchecked((sbyte)220),(sbyte)127,unchecked((sbyte)129),unchecked((sbyte)152),unchecked((sbyte)179),unchecked((sbyte)206),(sbyte)73,unchecked((sbyte)219),(sbyte)118,unchecked((sbyte)154), unchecked((sbyte)181),unchecked((sbyte)196),(sbyte)87,unchecked((sbyte)249),(sbyte)16,(sbyte)48,(sbyte)80,unchecked((sbyte)240),(sbyte)11,(sbyte)29,(sbyte)39,(sbyte)105,unchecked((sbyte)187),unchecked((sbyte)214),(sbyte)97,unchecked((sbyte)163), unchecked((sbyte)254),(sbyte)25,(sbyte)43,(sbyte)125,unchecked((sbyte)135),unchecked((sbyte)146),unchecked((sbyte)173),unchecked((sbyte)236),(sbyte)47,(sbyte)113,unchecked((sbyte)147),unchecked((s
byte)174),unchecked((sbyte)233),(sbyte)32,(sbyte)96,unchecked((sbyte)160), unchecked((sbyte)251),(sbyte)22,(sbyte)58,(sbyte)78,unchecked((sbyte)210),(sbyte)109,unchecked((sbyte)183),unchecked((sbyte)194),(sbyte)93,unchecked((sbyte)231),(sbyte)50,(sbyte)86,unchecked((sbyte)250),(sbyte)21,(sbyte)63,(sbyte)65, unchecked((sbyte)195),(sbyte)94,unchecked((sbyte)226),(sbyte)61,(sbyte)71,unchecked((sbyte)201),(sbyte)64,unchecked((sbyte)192),(sbyte)91,unchecked((sbyte)237),(sbyte)44,(sbyte)116,unchecked((sbyte)156),unchecked((sbyte)191),unchecked((sbyte)218),(sbyte)117, unchecked((sbyte)159),unchecked((sbyte)186),unchecked((sbyte)213),(sbyte)100,unchecked((sbyte)172),unchecked((sbyte)239),(sbyte)42,(sbyte)126,unchecked((sbyte)130),unchecked((sbyte)157),unchecked((sbyte)188),unchecked((sbyte)223),(sbyte)122,unchecked((sbyte)142),unchecked((sbyte)137),unchecked((sbyte)128), unchecked((sbyte)155),unchecked((sbyte)182),unchecked((sbyte)193),(sbyte)88,unchecked((sbyte)232),(sbyte)35,(sbyte)101,un
checked((sbyte)175),unchecked((sbyte)234),(sbyte)37,(sbyte)111,unchecked((sbyte)177),unchecked((sbyte)200),(sbyte)67,unchecked((sbyte)197),(sbyte)84, unchecked((sbyte)252),(sbyte)31,(sbyte)33,(sbyte)99,unchecked((sbyte)165),unchecked((sbyte)244),(sbyte)7,(sbyte)9,(sbyte)27,(sbyte)45,(sbyte)119,unchecked((sbyte)153),unchecked((sbyte)176),unchecked((sbyte)203),(sbyte)70,unchecked((sbyte)202), (sbyte)69,unchecked((sbyte)207),(sbyte)74,unchecked((sbyte)222),(sbyte)121,unchecked((sbyte)139),unchecked((sbyte)134),unchecked((sbyte)145),unchecked((sbyte)168),unchecked((sbyte)227),(sbyte)62,(sbyte)66,unchecked((sbyte)198),(sbyte)81,unchecked((sbyte)243),(sbyte)14, (sbyte)18,(sbyte)54,(sbyte)90,unchecked((sbyte)238),(sbyte)41,(sbyte)123,unchecked((sbyte)141),unchecked((sbyte)140),unchecked((sbyte)143),unchecked((sbyte)138),unchecked((sbyte)133),unchecked((sbyte)148),unchecked((sbyte)167),unchecked((sbyte)242),(sbyte)13,(sbyte)23, (sbyte)57,(sbyte)75,unchecked((sbyte)221),(sbyte)124,unchecked(
(sbyte)132),unchecked((sbyte)151),unchecked((sbyte)162),unchecked((sbyte)253),(sbyte)28,(sbyte)36,(sbyte)108,unchecked((sbyte)180),unchecked((sbyte)199),(sbyte)82,unchecked((sbyte)246),(sbyte)1};
-
- private static readonly sbyte[] ltab = new sbyte[] {(sbyte)0,unchecked((sbyte)255),(sbyte)25,(sbyte)1,(sbyte)50,(sbyte)2,(sbyte)26,unchecked((sbyte)198),(sbyte)75,unchecked((sbyte)199),(sbyte)27,(sbyte)104,(sbyte)51,unchecked((sbyte)238),unchecked((sbyte)223),(sbyte)3, (sbyte)100,(sbyte)4,unchecked((sbyte)224),(sbyte)14,(sbyte)52,unchecked((sbyte)141),unchecked((sbyte)129),unchecked((sbyte)239),(sbyte)76,(sbyte)113,(sbyte)8,unchecked((sbyte)200),unchecked((sbyte)248),(sbyte)105,(sbyte)28,unchecked((sbyte)193), (sbyte)125,unchecked((sbyte)194),(sbyte)29,unchecked((sbyte)181),unchecked((sbyte)249),unchecked((sbyte)185),(sbyte)39,(sbyte)106,(sbyte)77,unchecked((sbyte)228),unchecked((sbyte)166),(sbyte)114,unchecked((sbyte)154),unchecked((sbyte)201),(sbyte)9,(sbyte)120, (sbyte)101,(sbyte)47,unchecked((sbyte)138),(sbyte)5,(sbyte)33,(sbyte)15,unchecked((sbyte)225),(sbyte)36,(sbyte)18,unchecked((sbyte)240),unchecked((sbyte)130),(sbyte)69,(sbyte)53,unchecked((sbyte)147),unchecked((sbyte)218
),unchecked((sbyte)142), unchecked((sbyte)150),unchecked((sbyte)143),unchecked((sbyte)219),unchecked((sbyte)189),(sbyte)54,unchecked((sbyte)208),unchecked((sbyte)206),unchecked((sbyte)148),(sbyte)19,(sbyte)92,unchecked((sbyte)210),unchecked((sbyte)241),(sbyte)64,(sbyte)70,unchecked((sbyte)131),(sbyte)56, (sbyte)102,unchecked((sbyte)221),unchecked((sbyte)253),(sbyte)48,unchecked((sbyte)191),(sbyte)6,unchecked((sbyte)139),(sbyte)98,unchecked((sbyte)179),(sbyte)37,unchecked((sbyte)226),unchecked((sbyte)152),(sbyte)34,unchecked((sbyte)136),unchecked((sbyte)145),(sbyte)16, (sbyte)126,(sbyte)110,(sbyte)72,unchecked((sbyte)195),unchecked((sbyte)163),unchecked((sbyte)182),(sbyte)30,(sbyte)66,(sbyte)58,(sbyte)107,(sbyte)40,(sbyte)84,unchecked((sbyte)250),unchecked((sbyte)133),(sbyte)61,unchecked((sbyte)186), (sbyte)43,(sbyte)121,(sbyte)10,(sbyte)21,unchecked((sbyte)155),unchecked((sbyte)159),(sbyte)94,unchecked((sbyte)202),(sbyte)78,unchecked((sbyte)212),unchecked((sbyte)172),unchecked((sbyt
e)229),unchecked((sbyte)243),(sbyte)115,unchecked((sbyte)167),(sbyte)87, unchecked((sbyte)175),(sbyte)88,unchecked((sbyte)168),(sbyte)80,unchecked((sbyte)244),unchecked((sbyte)234),unchecked((sbyte)214),(sbyte)116,(sbyte)79,unchecked((sbyte)174),unchecked((sbyte)233),unchecked((sbyte)213),unchecked((sbyte)231),unchecked((sbyte)230),unchecked((sbyte)173),unchecked((sbyte)232), (sbyte)44,unchecked((sbyte)215),(sbyte)117,(sbyte)122,unchecked((sbyte)235),(sbyte)22,(sbyte)11,unchecked((sbyte)245),(sbyte)89,unchecked((sbyte)203),(sbyte)95,unchecked((sbyte)176),unchecked((sbyte)156),unchecked((sbyte)169),(sbyte)81,unchecked((sbyte)160), (sbyte)127,(sbyte)12,unchecked((sbyte)246),(sbyte)111,(sbyte)23,unchecked((sbyte)196),(sbyte)73,unchecked((sbyte)236),unchecked((sbyte)216),(sbyte)67,(sbyte)31,(sbyte)45,unchecked((sbyte)164),(sbyte)118,(sbyte)123,unchecked((sbyte)183), unchecked((sbyte)204),unchecked((sbyte)187),(sbyte)62,(sbyte)90,unchecked((sbyte)251),(sbyte)96,unchecked((sbyte)177),unch
ecked((sbyte)134),(sbyte)59,(sbyte)82,unchecked((sbyte)161),(sbyte)108,unchecked((sbyte)170),(sbyte)85,(sbyte)41,unchecked((sbyte)157), unchecked((sbyte)151),unchecked((sbyte)178),unchecked((sbyte)135),unchecked((sbyte)144),(sbyte)97,unchecked((sbyte)190),unchecked((sbyte)220),unchecked((sbyte)252),unchecked((sbyte)188),unchecked((sbyte)149),unchecked((sbyte)207),unchecked((sbyte)205),(sbyte)55,(sbyte)63,(sbyte)91,unchecked((sbyte)209), (sbyte)83,(sbyte)57,unchecked((sbyte)132),(sbyte)60,(sbyte)65,unchecked((sbyte)162),(sbyte)109,(sbyte)71,(sbyte)20,(sbyte)42,unchecked((sbyte)158),(sbyte)93,(sbyte)86,unchecked((sbyte)242),unchecked((sbyte)211),unchecked((sbyte)171), (sbyte)68,(sbyte)17,unchecked((sbyte)146),unchecked((sbyte)217),(sbyte)35,(sbyte)32,(sbyte)46,unchecked((sbyte)137),unchecked((sbyte)180),(sbyte)124,unchecked((sbyte)184),(sbyte)38,(sbyte)119,unchecked((sbyte)153),unchecked((sbyte)227),unchecked((sbyte)165), (sbyte)103,(sbyte)74,unchecked((sbyte)237),unchecked((sbyte)222
),unchecked((sbyte)197),(sbyte)49,unchecked((sbyte)254),(sbyte)24,(sbyte)13,(sbyte)99,unchecked((sbyte)140),unchecked((sbyte)128),unchecked((sbyte)192),unchecked((sbyte)247),(sbyte)112,(sbyte)7};
-
- private static readonly sbyte[] fbsub = new sbyte[] {(sbyte)99,(sbyte)124,(sbyte)119,(sbyte)123,unchecked((sbyte)242),(sbyte)107,(sbyte)111,unchecked((sbyte)197),(sbyte)48,(sbyte)1,(sbyte)103,(sbyte)43,unchecked((sbyte)254),unchecked((sbyte)215),unchecked((sbyte)171),(sbyte)118, unchecked((sbyte)202),unchecked((sbyte)130),unchecked((sbyte)201),(sbyte)125,unchecked((sbyte)250),(sbyte)89,(sbyte)71,unchecked((sbyte)240),unchecked((sbyte)173),unchecked((sbyte)212),unchecked((sbyte)162),unchecked((sbyte)175),unchecked((sbyte)156),unchecked((sbyte)164),(sbyte)114,unchecked((sbyte)192), unchecked((sbyte)183),unchecked((sbyte)253),unchecked((sbyte)147),(sbyte)38,(sbyte)54,(sbyte)63,unchecked((sbyte)247),unchecked((sbyte)204),(sbyte)52,unchecked((sbyte)165),unchecked((sbyte)229),unchecked((sbyte)241),(sbyte)113,unchecked((sbyte)216),(sbyte)49,(sbyte)21, (sbyte)4,unchecked((sbyte)199),(sbyte)35,unchecked((sbyte)195),(sbyte)24,unchecked((sbyte)150),(sbyte)5,unchecked((sbyte)154),(sbyte)7,(sby
te)18,unchecked((sbyte)128),unchecked((sbyte)226),unchecked((sbyte)235),(sbyte)39,unchecked((sbyte)178),(sbyte)117, (sbyte)9,unchecked((sbyte)131),(sbyte)44,(sbyte)26,(sbyte)27,(sbyte)110,(sbyte)90,unchecked((sbyte)160),(sbyte)82,(sbyte)59,unchecked((sbyte)214),unchecked((sbyte)179),(sbyte)41,unchecked((sbyte)227),(sbyte)47,unchecked((sbyte)132), (sbyte)83,unchecked((sbyte)209),(sbyte)0,unchecked((sbyte)237),(sbyte)32,unchecked((sbyte)252),unchecked((sbyte)177),(sbyte)91,(sbyte)106,unchecked((sbyte)203),unchecked((sbyte)190),(sbyte)57,(sbyte)74,(sbyte)76,(sbyte)88,unchecked((sbyte)207), unchecked((sbyte)208),unchecked((sbyte)239),unchecked((sbyte)170),unchecked((sbyte)251),(sbyte)67,(sbyte)77,(sbyte)51,unchecked((sbyte)133),(sbyte)69,unchecked((sbyte)249),(sbyte)2,(sbyte)127,(sbyte)80,(sbyte)60,unchecked((sbyte)159),unchecked((sbyte)168), (sbyte)81,unchecked((sbyte)163),(sbyte)64,unchecked((sbyte)143),unchecked((sbyte)146),unchecked((sbyte)157),(sbyte)56,unchecked((sbyte)245),unchec
ked((sbyte)188),unchecked((sbyte)182),unchecked((sbyte)218),(sbyte)33,(sbyte)16,unchecked((sbyte)255),unchecked((sbyte)243),unchecked((sbyte)210), unchecked((sbyte)205),(sbyte)12,(sbyte)19,unchecked((sbyte)236),(sbyte)95,unchecked((sbyte)151),(sbyte)68,(sbyte)23,unchecked((sbyte)196),unchecked((sbyte)167),(sbyte)126,(sbyte)61,(sbyte)100,(sbyte)93,(sbyte)25,(sbyte)115, (sbyte)96,unchecked((sbyte)129),(sbyte)79,unchecked((sbyte)220),(sbyte)34,(sbyte)42,unchecked((sbyte)144),unchecked((sbyte)136),(sbyte)70,unchecked((sbyte)238),unchecked((sbyte)184),(sbyte)20,unchecked((sbyte)222),(sbyte)94,(sbyte)11,unchecked((sbyte)219), unchecked((sbyte)224),(sbyte)50,(sbyte)58,(sbyte)10,(sbyte)73,(sbyte)6,(sbyte)36,(sbyte)92,unchecked((sbyte)194),unchecked((sbyte)211),unchecked((sbyte)172),(sbyte)98,unchecked((sbyte)145),unchecked((sbyte)149),unchecked((sbyte)228),(sbyte)121, unchecked((sbyte)231),unchecked((sbyte)200),(sbyte)55,(sbyte)109,unchecked((sbyte)141),unchecked((sbyte)213),(sbyte)78,unche
cked((sbyte)169),(sbyte)108,(sbyte)86,unchecked((sbyte)244),unchecked((sbyte)234),(sbyte)101,(sbyte)122,unchecked((sbyte)174),(sbyte)8, unchecked((sbyte)186),(sbyte)120,(sbyte)37,(sbyte)46,(sbyte)28,unchecked((sbyte)166),unchecked((sbyte)180),unchecked((sbyte)198),unchecked((sbyte)232),unchecked((sbyte)221),(sbyte)116,(sbyte)31,(sbyte)75,unchecked((sbyte)189),unchecked((sbyte)139),unchecked((sbyte)138), (sbyte)112,(sbyte)62,unchecked((sbyte)181),(sbyte)102,(sbyte)72,(sbyte)3,unchecked((sbyte)246),(sbyte)14,(sbyte)97,(sbyte)53,(sbyte)87,unchecked((sbyte)185),unchecked((sbyte)134),unchecked((sbyte)193),(sbyte)29,unchecked((sbyte)158), unchecked((sbyte)225),unchecked((sbyte)248),unchecked((sbyte)152),(sbyte)17,(sbyte)105,unchecked((sbyte)217),unchecked((sbyte)142),unchecked((sbyte)148),unchecked((sbyte)155),(sbyte)30,unchecked((sbyte)135),unchecked((sbyte)233),unchecked((sbyte)206),(sbyte)85,(sbyte)40,unchecked((sbyte)223), unchecked((sbyte)140),unchecked((sbyte)161),unchecked((sbyte)1
37),(sbyte)13,unchecked((sbyte)191),unchecked((sbyte)230),(sbyte)66,(sbyte)104,(sbyte)65,unchecked((sbyte)153),(sbyte)45,(sbyte)15,unchecked((sbyte)176),(sbyte)84,unchecked((sbyte)187),(sbyte)22};
-
- private static readonly sbyte[] rbsub = new sbyte[] {(sbyte)82,(sbyte)9,(sbyte)106,unchecked((sbyte)213),(sbyte)48,(sbyte)54,unchecked((sbyte)165),(sbyte)56,unchecked((sbyte)191),(sbyte)64,unchecked((sbyte)163),unchecked((sbyte)158),unchecked((sbyte)129),unchecked((sbyte)243),unchecked((sbyte)215),unchecked((sbyte)251), (sbyte)124,unchecked((sbyte)227),(sbyte)57,unchecked((sbyte)130),unchecked((sbyte)155),(sbyte)47,unchecked((sbyte)255),unchecked((sbyte)135),(sbyte)52,unchecked((sbyte)142),(sbyte)67,(sbyte)68,unchecked((sbyte)196),unchecked((sbyte)222),unchecked((sbyte)233),unchecked((sbyte)203), (sbyte)84,(sbyte)123,unchecked((sbyte)148),(sbyte)50,unchecked((sbyte)166),unchecked((sbyte)194),(sbyte)35,(sbyte)61,unchecked((sbyte)238),(sbyte)76,unchecked((sbyte)149),(sbyte)11,(sbyte)66,unchecked((sbyte)250),unchecked((sbyte)195),(sbyte)78, (sbyte)8,(sbyte)46,unchecked((sbyte)161),(sbyte)102,(sbyte)40,unchecked((sbyte)217),(sbyte)36,unchecked((sbyte)178),(sbyte)118,(sbyte)91,unchecked
((sbyte)162),(sbyte)73,(sbyte)109,unchecked((sbyte)139),unchecked((sbyte)209),(sbyte)37, (sbyte)114,unchecked((sbyte)248),unchecked((sbyte)246),(sbyte)100,unchecked((sbyte)134),(sbyte)104,unchecked((sbyte)152),(sbyte)22,unchecked((sbyte)212),unchecked((sbyte)164),(sbyte)92,unchecked((sbyte)204),(sbyte)93,(sbyte)101,unchecked((sbyte)182),unchecked((sbyte)146), (sbyte)108,(sbyte)112,(sbyte)72,(sbyte)80,unchecked((sbyte)253),unchecked((sbyte)237),unchecked((sbyte)185),unchecked((sbyte)218),(sbyte)94,(sbyte)21,(sbyte)70,(sbyte)87,unchecked((sbyte)167),unchecked((sbyte)141),unchecked((sbyte)157),unchecked((sbyte)132), unchecked((sbyte)144),unchecked((sbyte)216),unchecked((sbyte)171),(sbyte)0,unchecked((sbyte)140),unchecked((sbyte)188),unchecked((sbyte)211),(sbyte)10,unchecked((sbyte)247),unchecked((sbyte)228),(sbyte)88,(sbyte)5,unchecked((sbyte)184),unchecked((sbyte)179),(sbyte)69,(sbyte)6, unchecked((sbyte)208),(sbyte)44,(sbyte)30,unchecked((sbyte)143),unchecked((sbyte)202),(sbyte)63,(s
byte)15,(sbyte)2,unchecked((sbyte)193),unchecked((sbyte)175),unchecked((sbyte)189),(sbyte)3,(sbyte)1,(sbyte)19,unchecked((sbyte)138),(sbyte)107, (sbyte)58,unchecked((sbyte)145),(sbyte)17,(sbyte)65,(sbyte)79,(sbyte)103,unchecked((sbyte)220),unchecked((sbyte)234),unchecked((sbyte)151),unchecked((sbyte)242),unchecked((sbyte)207),unchecked((sbyte)206),unchecked((sbyte)240),unchecked((sbyte)180),unchecked((sbyte)230),(sbyte)115, unchecked((sbyte)150),unchecked((sbyte)172),(sbyte)116,(sbyte)34,unchecked((sbyte)231),unchecked((sbyte)173),(sbyte)53,unchecked((sbyte)133),unchecked((sbyte)226),unchecked((sbyte)249),(sbyte)55,unchecked((sbyte)232),(sbyte)28,(sbyte)117,unchecked((sbyte)223),(sbyte)110, (sbyte)71,unchecked((sbyte)241),(sbyte)26,(sbyte)113,(sbyte)29,(sbyte)41,unchecked((sbyte)197),unchecked((sbyte)137),(sbyte)111,unchecked((sbyte)183),(sbyte)98,(sbyte)14,unchecked((sbyte)170),(sbyte)24,unchecked((sbyte)190),(sbyte)27, unchecked((sbyte)252),(sbyte)86,(sbyte)62,(sbyte)75,unchecked(
(sbyte)198),unchecked((sbyte)210),(sbyte)121,(sbyte)32,unchecked((sbyte)154),unchecked((sbyte)219),unchecked((sbyte)192),unchecked((sbyte)254),(sbyte)120,unchecked((sbyte)205),(sbyte)90,unchecked((sbyte)244), (sbyte)31,unchecked((sbyte)221),unchecked((sbyte)168),(sbyte)51,unchecked((sbyte)136),(sbyte)7,unchecked((sbyte)199),(sbyte)49,unchecked((sbyte)177),(sbyte)18,(sbyte)16,(sbyte)89,(sbyte)39,unchecked((sbyte)128),unchecked((sbyte)236),(sbyte)95, (sbyte)96,(sbyte)81,(sbyte)127,unchecked((sbyte)169),(sbyte)25,unchecked((sbyte)181),(sbyte)74,(sbyte)13,(sbyte)45,unchecked((sbyte)229),(sbyte)122,unchecked((sbyte)159),unchecked((sbyte)147),unchecked((sbyte)201),unchecked((sbyte)156),unchecked((sbyte)239), unchecked((sbyte)160),unchecked((sbyte)224),(sbyte)59,(sbyte)77,unchecked((sbyte)174),(sbyte)42,unchecked((sbyte)245),unchecked((sbyte)176),unchecked((sbyte)200),unchecked((sbyte)235),unchecked((sbyte)187),(sbyte)60,unchecked((sbyte)131),(sbyte)83,unchecked((sbyte)153),(sbyte)97, (sby
te)23,(sbyte)43,(sbyte)4,(sbyte)126,unchecked((sbyte)186),(sbyte)119,unchecked((sbyte)214),(sbyte)38,unchecked((sbyte)225),(sbyte)105,(sbyte)20,(sbyte)99,(sbyte)85,(sbyte)33,(sbyte)12,(sbyte)125};
-
- private static readonly sbyte[] rco = new sbyte[] {(sbyte)1,(sbyte)2,(sbyte)4,(sbyte)8,(sbyte)16,(sbyte)32,(sbyte)64,unchecked((sbyte)128),(sbyte)27,(sbyte)54,(sbyte)108,unchecked((sbyte)216),unchecked((sbyte)171),(sbyte)77,unchecked((sbyte)154),(sbyte)47};
-
- private static readonly int[] ftable = new int[] {unchecked((int)0xa56363c6), unchecked((int)0x847c7cf8), unchecked((int)0x997777ee), unchecked((int)0x8d7b7bf6), 0xdf2f2ff, unchecked((int)0xbd6b6bd6), unchecked((int)0xb16f6fde), 0x54c5c591, 0x50303060, 0x3010102, unchecked((int)0xa96767ce), 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, unchecked((int)0xe6abab4d), unchecked((int)0x9a7676ec), 0x45caca8f, unchecked((int)0x9d82821f), 0x40c9c989, unchecked((int)0x877d7dfa), 0x15fafaef, unchecked((int)0xeb5959b2), unchecked((int)0xc947478e), 0xbf0f0fb, unchecked((int)0xecadad41), 0x67d4d4b3, unchecked((int)0xfda2a25f), unchecked((int)0xeaafaf45), unchecked((int)0xbf9c9c23), unchecked((int)0xf7a4a453), unchecked((int)0x967272e4), 0x5bc0c09b, unchecked((int)0xc2b7b775), 0x1cfdfde1, unchecked((int)0xae93933d), 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x2f7f7f5, 0x4fcccc83, 0x5c343468, unchecked((int)0xf4a5a551), 0x34e5e5d1, 0x8f1f1f9, unchecked((int)0x937171e2), 0x73d8d8ab, 0x53313162, 0x3f15152a, 0xc0404
08, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, unchecked((int)0xa1969637), 0xf05050a, unchecked((int)0xb59a9a2f), 0x907070e, 0x36121224, unchecked((int)0x9b80801b), 0x3de2e2df, 0x26ebebcd, 0x6927274e, unchecked((int)0xcdb2b27f), unchecked((int)0x9f7575ea), 0x1b090912, unchecked((int)0x9e83831d), 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, unchecked((int)0xb26e6edc), unchecked((int)0xee5a5ab4), unchecked((int)0xfba0a05b), unchecked((int)0xf65252a4), 0x4d3b3b76, 0x61d6d6b7, unchecked((int)0xceb3b37d), 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, unchecked((int)0x97848413), unchecked((int)0xf55353a6), 0x68d1d1b9, 0x0, 0x2cededc1, 0x60202040, 0x1ffcfce3, unchecked((int)0xc8b1b179), unchecked((int)0xed5b5bb6), unchecked((int)0xbe6a6ad4), 0x46cbcb8d, unchecked((int)0xd9bebe67), 0x4b393972, unchecked((int)0xde4a4a94), unchecked((int)0xd44c4c98), unchecked((int)0xe85858b0), 0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, unchecked((int)0xe5aaaa4f), 0x16fbfbed, unchecked((int)0xc5434386), unchecked((int)0xd74d4d9a)
, 0x55333366, unchecked((int)0x94858511), unchecked((int)0xcf45458a), 0x10f9f9e9, 0x6020204, unchecked((int)0x817f7ffe), unchecked((int)0xf05050a0), 0x443c3c78, unchecked((int)0xba9f9f25), unchecked((int)0xe3a8a84b), unchecked((int)0xf35151a2), unchecked((int)0xfea3a35d), unchecked((int)0xc0404080), unchecked((int)0x8a8f8f05), unchecked((int)0xad92923f), unchecked((int)0xbc9d9d21), 0x48383870, 0x4f5f5f1, unchecked((int)0xdfbcbc63), unchecked((int)0xc1b6b677), 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, 0xef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, unchecked((int)0xe15f5fbe), unchecked((int)0xa2979735), unchecked((int)0xcc444488), 0x3917172e, 0x57c4c493, unchecked((int)0xf2a7a755), unchecked((int)0x827e7efc), 0x473d3d7a, unchecked((int)0xac6464c8), unchecked((int)0xe75d5dba), 0x2b191932, unchecked((int)0x957373e6), unchecked((int)0xa06060c0), unchecked((int)0x98818119), unchecked((int)0xd14f4f9e), 0x7fdcdca3, 0x66222244, 0x7e2a2a54, unchecked((int)0xab909
03b), unchecked((int)0x8388880b), unchecked((int)0xca46468c), 0x29eeeec7, unchecked((int)0xd3b8b86b), 0x3c141428, 0x79dedea7, unchecked((int)0xe25e5ebc), 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, unchecked((int)0xdb494992), 0xa06060c, 0x6c242448, unchecked((int)0xe45c5cb8), 0x5dc2c29f, 0x6ed3d3bd, unchecked((int)0xefacac43), unchecked((int)0xa66262c4), unchecked((int)0xa8919139), unchecked((int)0xa4959531), 0x37e4e4d3, unchecked((int)0x8b7979f2), 0x32e7e7d5, 0x43c8c88b, 0x5937376e, unchecked((int)0xb76d6dda), unchecked((int)0x8c8d8d01), 0x64d5d5b1, unchecked((int)0xd24e4e9c), unchecked((int)0xe0a9a949), unchecked((int)0xb46c6cd8), unchecked((int)0xfa5656ac), 0x7f4f4f3, 0x25eaeacf, unchecked((int)0xaf6565ca), unchecked((int)0x8e7a7af4), unchecked((int)0xe9aeae47), 0x18080810, unchecked((int)0xd5baba6f), unchecked((int)0x887878f0), 0x6f25254a, 0x722e2e5c, 0x241c1c38, unchecked((int)0xf1a6a657), unchecked((int)0xc7b4b473), 0x51c6c697, 0x23e8e8cb, 0x7cdddda
1, unchecked((int)0x9c7474e8), 0x211f1f3e, unchecked((int)0xdd4b4b96), unchecked((int)0xdcbdbd61), unchecked((int)0x868b8b0d), unchecked((int)0x858a8a0f), unchecked((int)0x907070e0), 0x423e3e7c, unchecked((int)0xc4b5b571), unchecked((int)0xaa6666cc), unchecked((int)0xd8484890), 0x5030306, 0x1f6f6f7, 0x120e0e1c, unchecked((int)0xa36161c2), 0x5f35356a, unchecked((int)0xf95757ae), unchecked((int)0xd0b9b969), unchecked((int)0x91868617), 0x58c1c199, 0x271d1d3a, unchecked((int)0xb99e9e27), 0x38e1e1d9, 0x13f8f8eb, unchecked((int)0xb398982b), 0x33111122, unchecked((int)0xbb6969d2), 0x70d9d9a9, unchecked((int)0x898e8e07), unchecked((int)0xa7949433), unchecked((int)0xb69b9b2d), 0x221e1e3c, unchecked((int)0x92878715), 0x20e9e9c9, 0x49cece87, unchecked((int)0xff5555aa), 0x78282850, 0x7adfdfa5, unchecked((int)0x8f8c8c03), unchecked((int)0xf8a1a159), unchecked((int)0x80898909), 0x170d0d1a, unchecked((int)0xdabfbf65), 0x31e6e6d7, unchecked((int)0xc6424284), unchecked((int)0xb86868d0), unchecked((i
nt)0xc3414182), unchecked((int)0xb0999929), 0x772d2d5a, 0x110f0f1e, unchecked((int)0xcbb0b07b), unchecked((int)0xfc5454a8), unchecked((int)0xd6bbbb6d), 0x3a16162c};
-
- private static readonly int[] rtable = new int[] {0x50a7f451, 0x5365417e, unchecked((int)0xc3a4171a), unchecked((int)0x965e273a), unchecked((int)0xcb6bab3b), unchecked((int)0xf1459d1f), unchecked((int)0xab58faac), unchecked((int)0x9303e34b), 0x55fa3020, unchecked((int)0xf66d76ad), unchecked((int)0x9176cc88), 0x254c02f5, unchecked((int)0xfcd7e54f), unchecked((int)0xd7cb2ac5), unchecked((int)0x80443526), unchecked((int)0x8fa362b5), 0x495ab1de, 0x671bba25, unchecked((int)0x980eea45), unchecked((int)0xe1c0fe5d), 0x2752fc3, 0x12f04c81, unchecked((int)0xa397468d), unchecked((int)0xc6f9d36b), unchecked((int)0xe75f8f03), unchecked((int)0x959c9215), unchecked((int)0xeb7a6dbf), unchecked((int)0xda595295), 0x2d83bed4, unchecked((int)0xd3217458), 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, unchecked((int)0xdd71b927), unchecked((int)0xb64fe1be), 0x17ad88f0, 0x66ac20c9, unchecked((int)0xb43ace7d), 0x184adf63, unchecked((int)0x82311ae5), 0x60335197, 0x457f5362, unchecked((int)0xe0
7764b1), unchecked((int)0x84ae6bbb), 0x1ca081fe, unchecked((int)0x942b08f9), 0x58684870, 0x19fd458f, unchecked((int)0x876cde94), unchecked((int)0xb7f87b52), 0x23d373ab, unchecked((int)0xe2024b72), 0x578f1fe3, 0x2aab5566, 0x728ebb2, 0x3c2b52f, unchecked((int)0x9a7bc586), unchecked((int)0xa50837d3), unchecked((int)0xf2872830), unchecked((int)0xb2a5bf23), unchecked((int)0xba6a0302), 0x5c8216ed, 0x2b1ccf8a, unchecked((int)0x92b479a7), unchecked((int)0xf0f207f3), unchecked((int)0xa1e2694e), unchecked((int)0xcdf4da65), unchecked((int)0xd5be0506), 0x1f6234d1, unchecked((int)0x8afea6c4), unchecked((int)0x9d532e34), unchecked((int)0xa055f3a2), 0x32e18a05, 0x75ebf6a4, 0x39ec830b, unchecked((int)0xaaef6040), 0x69f715e, 0x51106ebd, unchecked((int)0xf98a213e), 0x3d06dd96, unchecked((int)0xae053edd), 0x46bde64d, unchecked((int)0xb58d5491), 0x55dc471, 0x6fd40604, unchecked((int)0xff155060), 0x24fb9819, unchecked((int)0x97e9bdd6), unchecked((int)0xcc434089), 0x779ed967, unchecked((int)0xbd42e8b0),
unchecked((int)0x888b8907), 0x385b19e7, unchecked((int)0xdbeec879), 0x470a7ca1, unchecked((int)0xe90f427c), unchecked((int)0xc91e84f8), 0x0, unchecked((int)0x83868009), 0x48ed2b32, unchecked((int)0xac70111e), 0x4e725a6c, unchecked((int)0xfbff0efd), 0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, unchecked((int)0xd1545b9b), 0x3a2e3624, unchecked((int)0xb1670a0c), 0xfe75793, unchecked((int)0xd296eeb4), unchecked((int)0x9e919b1b), 0x4fc5c080, unchecked((int)0xa220dc61), 0x694b775a, 0x161a121c, 0xaba93e2, unchecked((int)0xe52aa0c0), 0x43e0223c, 0x1d171b12, 0xb0d090e, unchecked((int)0xadc78bf2), unchecked((int)0xb9a8b62d), unchecked((int)0xc8a91e14), unchecked((int)0x8519f157), 0x4c0775af, unchecked((int)0xbbdd99ee), unchecked((int)0xfd607fa3), unchecked((int)0x9f2601f7), unchecked((int)0xbcf5725c), unchecked((int)0xc53b6644), 0x347efb5b, 0x7629438b, unchecked((int)0xdcc623cb), 0x68fcedb6, 0x63f1e4b8, unchecked((int)0xcadc31d7), 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85,
unchecked((int)0xf83dbbd2), 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, unchecked((int)0xf330b2dc), unchecked((int)0xec52860d), unchecked((int)0xd0e3c177), 0x6c16b32b, unchecked((int)0x99b970a9), unchecked((int)0xfa489411), 0x2264e947, unchecked((int)0xc48cfca8), 0x1a3ff0a0, unchecked((int)0xd82c7d56), unchecked((int)0xef903322), unchecked((int)0xc74e4987), unchecked((int)0xc1d138d9), unchecked((int)0xfea2ca8c), 0x360bd498, unchecked((int)0xcf81f5a6), 0x28de7aa5, 0x268eb7da, unchecked((int)0xa4bfad3f), unchecked((int)0xe49d3a2c), 0xd927850, unchecked((int)0x9bcc5f6a), 0x62467e54, unchecked((int)0xc2138df6), unchecked((int)0xe8b8d890), 0x5ef7392e, unchecked((int)0xf5afc382), unchecked((int)0xbe805d9f), 0x7c93d069, unchecked((int)0xa92dd56f), unchecked((int)0xb31225cf), 0x3b99acc8, unchecked((int)0xa77d1810), 0x6e639ce8, 0x7bbb3bdb, 0x97826cd, unchecked((int)0xf418596e), 0x1b79aec, unchecked((int)0xa89a4f83), 0x656e95e6, 0x7ee6ffaa, 0x8cfbc21, unchecked((int)0xe6e815ef), unchecked((int)0xd99
be7ba), unchecked((int)0xce366f4a), unchecked((int)0xd4099fea), unchecked((int)0xd67cb029), unchecked((int)0xafb2a431), 0x31233f2a, 0x3094a5c6, unchecked((int)0xc066a235), 0x37bc4e74, unchecked((int)0xa6ca82fc), unchecked((int)0xb0d090e0), 0x15d8a733, 0x4a9804f1, unchecked((int)0xf7daec41), 0xe50cd7f, 0x2ff69117, unchecked((int)0x8dd64d76), 0x4db0ef43, 0x544daacc, unchecked((int)0xdf0496e4), unchecked((int)0xe3b5d19e), 0x1b886a4c, unchecked((int)0xb81f2cc1), 0x7f516546, 0x4ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, unchecked((int)0x8c61d79a), 0x7a0ca137, unchecked((int)0x8e14f859), unchecked((int)0x893c13eb), unchecked((int)0xee27a9ce), 0x35c961b7, unchecked((int)0xede51ce1), 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, unchecked((int)0xbf37c773), unchecked((int)0xeacdf753), 0x5baafd5f, 0x146f3ddf, unchecked((int)0x86db4478), unchecked((int)0x81f3afca), 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0xc25e2bc, unchecked((int)0x8b4
93c28), 0x41950dff, 0x7101a839, unchecked((int)0xdeb30c08), unchecked((int)0x9ce4b4d8), unchecked((int)0x90c15664), 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0};
-
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
- private static int ROTL8(int x)
- {
- return (((x) << 8) | ((int)((uint)(x)>>24)));
- }
-
- private static int ROTL16(int x)
- {
- return (((x) << 16) | ((int)((uint)(x)>>16)));
- }
-
- private static int ROTL24(int x)
- {
- return (((x) << 24) | ((int)((uint)(x)>>8)));
- }
-
- private static int pack(sbyte[] b)
- { // pack bytes into a 32-bit Word
- return ((((int)b[3]) & 0xff) << 24) | (((int)b[2] & 0xff) << 16) | (((int)b[1] & 0xff) << 8) | ((int)b[0] & 0xff);
- }
-
- private static sbyte[] unpack(int a)
- { // unpack bytes from a word
- sbyte[] b = new sbyte[4];
- b[0] = (sbyte)(a);
- b[1] = (sbyte)((int)((uint)a >> 8));
- b[2] = (sbyte)((int)((uint)a >> 16));
- b[3] = (sbyte)((int)((uint)a >> 24));
- return b;
- }
-
- private static sbyte bmul(sbyte x, sbyte y)
- { // x.y= AntiLog(Log(x) + Log(y))
-
- int ix = ((int)x) & 0xff;
- int iy = ((int)y) & 0xff;
- int lx = ((int)ltab[ix]) & 0xff;
- int ly = ((int)ltab[iy]) & 0xff;
- if (x != 0 && y != 0)
- {
- return ptab[(lx + ly) % 255];
- }
- else
- {
- return (sbyte)0;
- }
- }
-
- // if (x && y)
-
- private static int SubByte(int a)
- {
- sbyte[] b = unpack(a);
- b[0] = fbsub[(int)b[0] & 0xff];
- b[1] = fbsub[(int)b[1] & 0xff];
- b[2] = fbsub[(int)b[2] & 0xff];
- b[3] = fbsub[(int)b[3] & 0xff];
- return pack(b);
- }
-
- private static sbyte product(int x, int y)
- { // dot product of two 4-byte arrays
- sbyte[] xb; //=new byte[4];
- sbyte[] yb; //=new byte[4];
- xb = unpack(x);
- yb = unpack(y);
-
- return (sbyte)(bmul(xb[0],yb[0]) ^ bmul(xb[1],yb[1]) ^ bmul(xb[2],yb[2]) ^ bmul(xb[3],yb[3]));
- }
-
- private static int InvMixCol(int x)
- { // matrix Multiplication
- int y, m;
- sbyte[] b = new sbyte[4];
-
- m = pack(InCo);
- b[3] = product(m,x);
- m = ROTL24(m);
- b[2] = product(m,x);
- m = ROTL24(m);
- b[1] = product(m,x);
- m = ROTL24(m);
- b[0] = product(m,x);
- y = pack(b);
- return y;
- }
-
-/* reset cipher */
- public virtual void reset(int m, sbyte[] iv)
- { // reset mode, or reset iv
- mode = m;
- for (int i = 0;i < 16;i++)
- {
- f[i] = 0;
- }
- if (mode != ECB && iv != null)
- {
- for (int i = 0;i < 16;i++)
- {
- f[i] = iv[i];
- }
- }
- }
-
- public virtual sbyte[] getreg()
- {
- sbyte[] ir = new sbyte[16];
- for (int i = 0;i < 16;i++)
- {
- ir[i] = f[i];
- }
- return ir;
- }
-
-/* Initialise cipher */
- public virtual void init(int m, sbyte[] key, sbyte[] iv)
- { // Key=16 bytes
- /* Key Scheduler. Create expanded encryption key */
- int i, j, k, N, nk;
- int[] CipherKey = new int[4];
- sbyte[] b = new sbyte[4];
- nk = 4;
- reset(m,iv);
- N = 44;
-
- for (i = j = 0;i < nk;i++,j += 4)
- {
- for (k = 0;k < 4;k++)
- {
- b[k] = key[j + k];
- }
- CipherKey[i] = pack(b);
- }
- for (i = 0;i < nk;i++)
- {
- fkey[i] = CipherKey[i];
- }
- for (j = nk,k = 0;j < N;j += nk,k++)
- {
- fkey[j] = fkey[j - nk] ^ SubByte(ROTL24(fkey[j - 1])) ^ ((int)rco[k]) & 0xff;
- for (i = 1;i < nk && (i + j) < N;i++)
- {
- fkey[i + j] = fkey[i + j - nk] ^ fkey[i + j - 1];
- }
- }
-
- /* now for the expanded decrypt key in reverse order */
-
- for (j = 0;j < 4;j++)
- {
- rkey[j + N - 4] = fkey[j];
- }
- for (i = 4;i < N - 4;i += 4)
- {
- k = N - 4 - i;
- for (j = 0;j < 4;j++)
- {
- rkey[k + j] = InvMixCol(fkey[i + j]);
- }
- }
- for (j = N - 4;j < N;j++)
- {
- rkey[j - N + 4] = fkey[j];
- }
- }
-
-/* Encrypt a single block */
- public virtual void ecb_encrypt(sbyte[] buff)
- {
- int i, j, k;
- int t;
- sbyte[] b = new sbyte[4];
- int[] p = new int[4];
- int[] q = new int[4];
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- for (k = 0;k < 4;k++)
- {
- b[k] = buff[j + k];
- }
- p[i] = pack(b);
- p[i] ^= fkey[i];
- }
-
- k = 4;
-
-/* State alternates between p and q */
- for (i = 1;i < 10;i++)
- {
- q[0] = fkey[k] ^ ftable[p[0] & 0xff] ^ ROTL8(ftable[((int)((uint)p[1] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[2] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[3] >> 24)) & 0xff]);
- q[1] = fkey[k + 1] ^ ftable[p[1] & 0xff] ^ ROTL8(ftable[((int)((uint)p[2] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[3] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[0] >> 24)) & 0xff]);
- q[2] = fkey[k + 2] ^ ftable[p[2] & 0xff] ^ ROTL8(ftable[((int)((uint)p[3] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[0] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[1] >> 24)) & 0xff]);
- q[3] = fkey[k + 3] ^ ftable[p[3] & 0xff] ^ ROTL8(ftable[((int)((uint)p[0] >> 8)) & 0xff]) ^ ROTL16(ftable[((int)((uint)p[1] >> 16)) & 0xff]) ^ ROTL24(ftable[((int)((uint)p[2] >> 24)) & 0xff]);
-
- k += 4;
- for (j = 0;j < 4;j++)
- {
- t = p[j];
- p[j] = q[j];
- q[j] = t;
- }
- }
-
-/* Last Round */
-
- q[0] = fkey[k] ^ ((int)fbsub[p[0] & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[1] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[2] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[3] >> 24)) & 0xff] & 0xff);
-
- q[1] = fkey[k + 1] ^ ((int)fbsub[p[1] & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[2] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[3] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[0] >> 24)) & 0xff] & 0xff);
-
- q[2] = fkey[k + 2] ^ ((int)fbsub[p[2] & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[3] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[0] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[1] >> 24)) & 0xff] & 0xff);
-
- q[3] = fkey[k + 3] ^ ((int)fbsub[(p[3]) & 0xff] & 0xff) ^ ROTL8((int)fbsub[((int)((uint)p[0] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)fbsub[((int)((uint)p[1] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)fbsub[((int)((uint)p[2] >> 24)) & 0xff] & 0xff);
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- b = unpack(q[i]);
- for (k = 0;k < 4;k++)
- {
- buff[j + k] = b[k];
- }
- }
- }
-
-/* Decrypt a single block */
- public virtual void ecb_decrypt(sbyte[] buff)
- {
- int i, j, k;
- int t;
- sbyte[] b = new sbyte[4];
- int[] p = new int[4];
- int[] q = new int[4];
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- for (k = 0;k < 4;k++)
- {
- b[k] = buff[j + k];
- }
- p[i] = pack(b);
- p[i] ^= rkey[i];
- }
-
- k = 4;
-
-/* State alternates between p and q */
- for (i = 1;i < 10;i++)
- {
- q[0] = rkey[k] ^ rtable[p[0] & 0xff] ^ ROTL8(rtable[((int)((uint)p[3] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[2] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[1] >> 24)) & 0xff]);
- q[1] = rkey[k + 1] ^ rtable[p[1] & 0xff] ^ ROTL8(rtable[((int)((uint)p[0] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[3] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[2] >> 24)) & 0xff]);
- q[2] = rkey[k + 2] ^ rtable[p[2] & 0xff] ^ ROTL8(rtable[((int)((uint)p[1] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[0] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[3] >> 24)) & 0xff]);
- q[3] = rkey[k + 3] ^ rtable[p[3] & 0xff] ^ ROTL8(rtable[((int)((uint)p[2] >> 8)) & 0xff]) ^ ROTL16(rtable[((int)((uint)p[1] >> 16)) & 0xff]) ^ ROTL24(rtable[((int)((uint)p[0] >> 24)) & 0xff]);
-
- k += 4;
- for (j = 0;j < 4;j++)
- {
- t = p[j];
- p[j] = q[j];
- q[j] = t;
- }
- }
-
-/* Last Round */
-
- q[0] = rkey[k] ^ ((int)rbsub[p[0] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[3] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[2] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[1] >> 24)) & 0xff] & 0xff);
- q[1] = rkey[k + 1] ^ ((int)rbsub[p[1] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[0] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[3] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[2] >> 24)) & 0xff] & 0xff);
- q[2] = rkey[k + 2] ^ ((int)rbsub[p[2] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[1] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[0] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[3] >> 24)) & 0xff] & 0xff);
- q[3] = rkey[k + 3] ^ ((int)rbsub[p[3] & 0xff] & 0xff) ^ ROTL8((int)rbsub[((int)((uint)p[2] >> 8)) & 0xff] & 0xff) ^ ROTL16((int)rbsub[((int)((uint)p[1] >> 16)) & 0xff] & 0xff) ^ ROTL24((int)rbsub[((int)((uint)p[0] >> 24)) & 0xff] & 0xff);
-
- for (i = j = 0;i < 4;i++,j += 4)
- {
- b = unpack(q[i]);
- for (k = 0;k < 4;k++)
- {
- buff[j + k] = b[k];
- }
- }
-
- }
-
-/* Encrypt using selected mode of operation */
- public virtual int encrypt(sbyte[] buff)
- {
- int j, bytes;
- sbyte[] st = new sbyte[16];
- int fell_off;
-
-// Supported Modes of Operation
-
- fell_off = 0;
- switch (mode)
- {
- case ECB:
- ecb_encrypt(buff);
- return 0;
- case CBC:
- for (j = 0;j < 16;j++)
- {
- buff[j] ^= f[j];
- }
- ecb_encrypt(buff);
- for (j = 0;j < 16;j++)
- {
- f[j] = buff[j];
- }
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes = mode - CFB1 + 1;
- for (j = 0;j < bytes;j++)
- {
- fell_off = (fell_off << 8) | f[j];
- }
- for (j = 0;j < 16;j++)
- {
- st[j] = f[j];
- }
- for (j = bytes;j < 16;j++)
- {
- f[j - bytes] = f[j];
- }
- ecb_encrypt(st);
- for (j = 0;j < bytes;j++)
- {
- buff[j] ^= st[j];
- f[16 - bytes + j] = buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes = mode - OFB1 + 1;
- ecb_encrypt(f);
- for (j = 0;j < bytes;j++)
- {
- buff[j] ^= f[j];
- }
- return 0;
-
- default:
- return 0;
- }
- }
-
-/* Decrypt using selected mode of operation */
- public virtual int decrypt(sbyte[] buff)
- {
- int j, bytes;
- sbyte[] st = new sbyte[16];
- int fell_off;
-
- // Supported modes of operation
- fell_off = 0;
- switch (mode)
- {
- case ECB:
- ecb_decrypt(buff);
- return 0;
- case CBC:
- for (j = 0;j < 16;j++)
- {
- st[j] = f[j];
- f[j] = buff[j];
- }
- ecb_decrypt(buff);
- for (j = 0;j < 16;j++)
- {
- buff[j] ^= st[j];
- st[j] = 0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes = mode - CFB1 + 1;
- for (j = 0;j < bytes;j++)
- {
- fell_off = (fell_off << 8) | f[j];
- }
- for (j = 0;j < 16;j++)
- {
- st[j] = f[j];
- }
- for (j = bytes;j < 16;j++)
- {
- f[j - bytes] = f[j];
- }
- ecb_encrypt(st);
- for (j = 0;j < bytes;j++)
- {
- f[16 - bytes + j] = buff[j];
- buff[j] ^= st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes = mode - OFB1 + 1;
- ecb_encrypt(f);
- for (j = 0;j < bytes;j++)
- {
- buff[j] ^= f[j];
- }
- return 0;
-
-
- default:
- return 0;
- }
- }
-
-/* Clean up and delete left-overs */
- public virtual void end()
- { // clean up
- int i;
- for (i = 0;i < 44;i++)
- {
- fkey[i] = rkey[i] = 0;
- }
- for (i = 0;i < 16;i++)
- {
- f[i] = 0;
- }
- }
-/*
- public static void main(String[] args) {
- int i;
-
- byte[] key=new byte[16];
- byte[] block=new byte[16];
- byte[] iv=new byte[16];
-
- for (i=0;i<16;i++) key[i]=0;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=(byte)i;
- for (i=0;i<16;i++) block[i]=(byte)i;
-
- AES a=new AES();
-
- a.init(CBC,key,iv);
- System.out.println("Plain= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.encrypt(block);
-
- System.out.println("Encrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.reset(CBC,iv);
- a.decrypt(block);
-
- System.out.println("Decrypt= ");
- for (i=0;i<16;i++) System.out.format("%02X ", block[i]&0xff);
- System.out.println("");
-
- a.end();
-
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/BIG.cs
----------------------------------------------------------------------
diff --git a/cs/BIG.cs b/cs/BIG.cs
deleted file mode 100644
index 40e2e6a..0000000
--- a/cs/BIG.cs
+++ /dev/null
@@ -1,1145 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BIG number class */
-
-public class BIG
-{
- private long[] w = new long[ROM.NLEN];
-/* Constructors */
- public BIG()
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
- public BIG(int x)
- {
- w[0] = x;
- for (int i = 1;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
- public BIG(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
- public BIG(DBIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
- public BIG(long[] x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x[i];
- }
- }
-
- public virtual long get(int i)
- {
- return w[i];
- }
-
- public virtual void set(int i, long x)
- {
- w[i] = x;
- }
-
- public virtual void xortop(long x)
- {
- w[ROM.NLEN - 1] ^= x;
- }
-
- public virtual void ortop(long x)
- {
- w[ROM.NLEN - 1] |= x;
- }
-
-/* calculate Field Excess */
- public static long EXCESS(BIG a)
- {
- return ((a.w[ROM.NLEN - 1] & ROM.OMASK) >> (ROM.MODBITS % ROM.BASEBITS));
- }
-
-/* test for zero */
- public virtual bool iszilch()
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- if (w[i] != 0)
- {
- return false;
- }
- }
- return true;
- }
-
-/* set to zero */
- public virtual void zero()
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* set to one */
- public virtual void one()
- {
- w[0] = 1;
- for (int i = 1;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* Test for equal to one */
- public virtual bool isunity()
- {
- for (int i = 1;i < ROM.NLEN;i++)
- {
- if (w[i] != 0)
- {
- return false;
- }
- }
- if (w[0] != 1)
- {
- return false;
- }
- return true;
- }
-
-/* Copy from another BIG */
- public virtual void copy(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
- public virtual void copy(DBIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
-/* Conditional swap of two bigs depending on d using XOR - no branches */
- public virtual void cswap(BIG b, int d)
- {
- int i;
- long t , c = (long)d;
- c = ~(c - 1);
-
- for (i = 0;i < ROM.NLEN;i++)
- {
- t = c & (w[i] ^ b.w[i]);
- w[i] ^= t;
- b.w[i] ^= t;
- }
- }
-
- public virtual void cmove(BIG g, int d)
- {
- int i;
- long b = -d;
-
- for (i = 0;i < ROM.NLEN;i++)
- {
- w[i] ^= (w[i] ^ g.w[i]) & b;
- }
- }
-
-
-/* normalise BIG - force all digits < 2^BASEBITS */
- public virtual long norm()
- {
- long d , carry = 0;
- for (int i = 0;i < ROM.NLEN - 1;i++)
- {
- d = w[i] + carry;
- w[i] = d & ROM.MASK;
- carry = d >> ROM.BASEBITS;
- }
- w[ROM.NLEN - 1] = (w[ROM.NLEN - 1] + carry);
- return (w[ROM.NLEN - 1] >> ((8 * ROM.MODBYTES) % ROM.BASEBITS));
- }
-
-/* Shift right by less than a word */
- public virtual long fshr(int k)
- {
- long r = w[0] & (((long)1 << k) - 1); // shifted out part
- for (int i = 0;i < ROM.NLEN - 1;i++)
- {
- w[i] = (w[i] >> k) | ((w[i + 1] << (ROM.BASEBITS - k)) & ROM.MASK);
- }
- w[ROM.NLEN - 1] = w[ROM.NLEN - 1] >> k;
- return r;
- }
-
-/* general shift right */
- public virtual void shr(int k)
- {
- int n = k % ROM.BASEBITS;
- int m = k / ROM.BASEBITS;
- for (int i = 0;i < ROM.NLEN - m - 1;i++)
- {
- w[i] = (w[m + i] >> n) | ((w[m + i + 1] << (ROM.BASEBITS - n)) & ROM.MASK);
- }
- w[ROM.NLEN - m - 1] = w[ROM.NLEN - 1] >> n;
- for (int i = ROM.NLEN - m;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* Shift right by less than a word */
- public virtual long fshl(int k)
- {
- w[ROM.NLEN - 1] = ((w[ROM.NLEN - 1] << k)) | (w[ROM.NLEN - 2]>>(ROM.BASEBITS - k));
- for (int i = ROM.NLEN - 2;i > 0;i--)
- {
- w[i] = ((w[i] << k) & ROM.MASK) | (w[i - 1]>>(ROM.BASEBITS - k));
- }
- w[0] = (w[0] << k) & ROM.MASK;
- return (w[ROM.NLEN - 1] >> ((8 * ROM.MODBYTES) % ROM.BASEBITS)); // return excess - only used in ff.c
- }
-
-/* general shift left */
- public virtual void shl(int k)
- {
- int n = k % ROM.BASEBITS;
- int m = k / ROM.BASEBITS;
-
- w[ROM.NLEN - 1] = ((w[ROM.NLEN - 1 - m] << n)) | (w[ROM.NLEN - m - 2]>>(ROM.BASEBITS - n));
- for (int i = ROM.NLEN - 2;i > m;i--)
- {
- w[i] = ((w[i - m] << n) & ROM.MASK) | (w[i - m - 1]>>(ROM.BASEBITS - n));
- }
- w[m] = (w[0] << n) & ROM.MASK;
- for (int i = 0;i < m;i++)
- {
- w[i] = 0;
- }
- }
-
-/* return number of bits */
- public virtual int nbits()
- {
- int bts , k = ROM.NLEN - 1;
- long c;
- norm();
- while (k >= 0 && w[k] == 0)
- {
- k--;
- }
- if (k < 0)
- {
- return 0;
- }
- bts = ROM.BASEBITS * k;
- c = w[k];
- while (c != 0)
- {
- c /= 2;
- bts++;
- }
- return bts;
- }
-
- public virtual string toRawString()
- {
- BIG b = new BIG(this);
- string s = "(";
- for (int i = 0;i < ROM.NLEN - 1;i++)
- {
- s += b.w[i].ToString("x");
- s += ",";
- }
- s += b.w[ROM.NLEN - 1].ToString("x");
- s += ")";
- return s;
- }
-
-/* Convert to Hex String */
- public override string ToString()
- {
- BIG b;
- string s = "";
- int len = nbits();
-
- if (len % 4 == 0)
- {
- len /= 4;
- }
- else
- {
- len /= 4;
- len++;
- }
- if (len < ROM.MODBYTES * 2)
- {
- len = ROM.MODBYTES * 2;
- }
-
- for (int i = len - 1;i >= 0;i--)
- {
- b = new BIG(this);
- b.shr(i * 4);
- s += (b.w[0] & 15).ToString("x");
- }
- return s;
- }
-
-/* return this+x */
- public virtual BIG plus(BIG x)
- {
- BIG s = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- s.w[i] = w[i] + x.w[i];
- }
- return s;
- }
-
-/* this+=x */
- public virtual void add(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] += x.w[i];
- }
- }
-
-/* this+=x, where x is int */
- public virtual void inc(int x)
- {
- norm();
- w[0] += x;
- }
-
-/* return this.x */
- public virtual BIG minus(BIG x)
- {
- BIG d = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- d.w[i] = w[i] - x.w[i];
- }
- return d;
- }
-
-/* this-=x */
- public virtual void sub(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] -= x.w[i];
- }
- }
-
-/* reverse subtract this=x-this */
- public virtual void rsub(BIG x)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] = x.w[i] - w[i];
- }
- }
-
-/* this-=x where x is int */
- public virtual void dec(int x)
- {
- norm();
- w[0] -= (long)x;
- }
-
-/* this*=x, where x is small int<NEXCESS */
- public virtual void imul(int c)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- w[i] *= c;
- }
- }
-
-/* convert this BIG to byte array */
- public virtual void tobytearray(sbyte[] b, int n)
- {
- norm();
- BIG c = new BIG(this);
-
- for (int i = ROM.MODBYTES - 1;i >= 0;i--)
- {
- b[i + n] = (sbyte)c.w[0];
- c.fshr(8);
- }
- }
-
-/* convert from byte array to BIG */
- public static BIG frombytearray(sbyte[] b, int n)
- {
- BIG m = new BIG(0);
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- m.fshl(8);
- m.w[0] += (int)b[i + n] & 0xff;
- //m.inc((int)b[i]&0xff);
- }
- return m;
- }
-
- public virtual void toBytes(sbyte[] b)
- {
- tobytearray(b,0);
- }
-
- public static BIG fromBytes(sbyte[] b)
- {
- return frombytearray(b,0);
- }
-
-
-/* set this[i]+=x*y+c, and return high part */
-
- public virtual long muladd(long a, long b, long c, int i)
- {
- long x0, x1, y0, y1;
- x0 = a & ROM.HMASK;
- x1 = (a >> ROM.HBITS);
- y0 = b & ROM.HMASK;
- y1 = (b >> ROM.HBITS);
- long bot = x0 * y0;
- long top = x1 * y1;
- long mid = x0 * y1 + x1 * y0;
- x0 = mid & ROM.HMASK;
- x1 = (mid >> ROM.HBITS);
- bot += x0 << ROM.HBITS;
- bot += c;
- bot += w[i];
- top += x1;
- long carry = bot >> ROM.BASEBITS;
- bot &= ROM.MASK;
- top += carry;
- w[i] = bot;
- return top;
- }
-
-/* this*=x, where x is >NEXCESS */
- public virtual long pmul(int c)
- {
- long ak , carry = 0;
- norm();
- for (int i = 0;i < ROM.NLEN;i++)
- {
- ak = w[i];
- w[i] = 0;
- carry = muladd(ak,(long)c,carry,i);
- }
- return carry;
- }
-
-/* this*=c and catch overflow in DBIG */
- public virtual DBIG pxmul(int c)
- {
- DBIG m = new DBIG(0);
- long carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- carry = m.muladd(w[j],(long)c,carry,j);
- }
- m.w[ROM.NLEN] = carry;
- return m;
- }
-
-/* divide by 3 */
- public virtual int div3()
- {
- long ak , @base , carry = 0;
- norm();
- @base = ((long)1 << ROM.BASEBITS);
- for (int i = ROM.NLEN - 1;i >= 0;i--)
- {
- ak = (carry * @base + w[i]);
- w[i] = ak / 3;
- carry = ak % 3;
- }
- return (int)carry;
- }
-
-/* return a*b where result fits in a BIG */
- public static BIG smul(BIG a, BIG b)
- {
- long carry;
- BIG c = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- if (i + j < ROM.NLEN)
- {
- carry = c.muladd(a.w[i],b.w[j],carry,i + j);
- }
- }
- }
- return c;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(BIG a, BIG b)
- {
- for (int i = ROM.NLEN - 1;i >= 0;i--)
- {
- if (a.w[i] == b.w[i])
- {
- continue;
- }
- if (a.w[i] > b.w[i])
- {
- return 1;
- }
- else
- {
- return -1;
- }
- }
- return 0;
- }
-
-/* set x = x mod 2^m */
- public virtual void mod2m(int m)
- {
- int i, wd, bt;
- long msk;
-
- wd = m / ROM.BASEBITS;
- bt = m % ROM.BASEBITS;
- msk = ((long)1 << bt) - 1;
- w[wd] &= msk;
- for (i = wd + 1;i < ROM.NLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* Arazi and Qi inversion mod 256 */
- public static int invmod256(int a)
- {
- int U, t1, t2, b, c;
- t1 = 0;
- c = (a >> 1) & 1;
- t1 += c;
- t1 &= 1;
- t1 = 2 - t1;
- t1 <<= 1;
- U = t1 + 1;
-
-// i=2
- b = a & 3;
- t1 = U * b;
- t1 >>= 2;
- c = (a >> 2) & 3;
- t2 = (U * c) & 3;
- t1 += t2;
- t1 *= U;
- t1 &= 3;
- t1 = 4 - t1;
- t1 <<= 2;
- U += t1;
-
-// i=4
- b = a & 15;
- t1 = U * b;
- t1 >>= 4;
- c = (a >> 4) & 15;
- t2 = (U * c) & 15;
- t1 += t2;
- t1 *= U;
- t1 &= 15;
- t1 = 16 - t1;
- t1 <<= 4;
- U += t1;
-
- return U;
- }
-
-/* a=1/a mod 2^256. This is very fast! */
- public virtual void invmod2m()
- {
- int i;
- BIG U = new BIG(0);
- BIG b = new BIG(0);
- BIG c = new BIG(0);
-
- U.inc(invmod256(lastbits(8)));
-
- for (i = 8;i < 256;i <<= 1)
- {
- b.copy(this);
- b.mod2m(i);
- BIG t1 = BIG.smul(U,b);
- t1.shr(i);
- c.copy(this);
- c.shr(i);
- c.mod2m(i);
-
- BIG t2 = BIG.smul(U,c);
- t2.mod2m(i);
- t1.add(t2);
- b = BIG.smul(t1,U);
- t1.copy(b);
- t1.mod2m(i);
-
- t2.one();
- t2.shl(i);
- t1.rsub(t2);
- t1.norm();
- t1.shl(i);
- U.add(t1);
- }
- this.copy(U);
- }
-
-/* reduce this mod m */
- public virtual void mod(BIG m)
- {
- int k = 0;
-
- norm();
- if (comp(this,m) < 0)
- {
- return;
- }
- do
- {
- m.fshl(1);
- k++;
- } while (comp(this,m) >= 0);
-
- while (k > 0)
- {
- m.fshr(1);
- if (comp(this,m) >= 0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- }
-
-/* divide this by m */
- public virtual void div(BIG m)
- {
- int k = 0;
- norm();
- BIG e = new BIG(1);
- BIG b = new BIG(this);
- zero();
-
- while (comp(b,m) >= 0)
- {
- e.fshl(1);
- m.fshl(1);
- k++;
- }
-
- while (k > 0)
- {
- m.fshr(1);
- e.fshr(1);
- if (comp(b,m) >= 0)
- {
- add(e);
- norm();
- b.sub(m);
- b.norm();
- }
- k--;
- }
- }
-
-/* return parity */
- public virtual int parity()
- {
- return (int)(w[0] % 2);
- }
-
-/* return n-th bit */
- public virtual int bit(int n)
- {
- if ((w[n / ROM.BASEBITS] & ((long)1 << (n % ROM.BASEBITS)))>0)
- {
- return 1;
- }
- else
- {
- return 0;
- }
- }
-
-/* return n last bits */
- public virtual int lastbits(int n)
- {
- int msk = (1 << n) - 1;
- norm();
- return ((int)w[0]) & msk;
- }
-
-/* get 8*MODBYTES size random number */
- public static BIG random(RAND rng)
- {
- BIG m = new BIG(0);
- int i , b , j = 0, r = 0;
-
-/* generate random BIG */
- for (i = 0;i < 8 * ROM.MODBYTES;i++)
- {
- if (j == 0)
- {
- r = rng.Byte;
- }
- else
- {
- r >>= 1;
- }
-
- b = r & 1;
- m.shl(1);
- m.w[0] += b; // m.inc(b);
- j++;
- j &= 7;
- }
- return m;
- }
-
-/* Create random BIG in portable way, one bit at a time */
- public static BIG randomnum(BIG q, RAND rng)
- {
- DBIG d = new DBIG(0);
- int i , b , j = 0, r = 0;
- for (i = 0;i < 2 * ROM.MODBITS;i++)
- {
- if (j == 0)
- {
- r = rng.Byte;
- }
- else
- {
- r >>= 1;
- }
-
- b = r & 1;
- d.shl(1);
- d.w[0] += b; // m.inc(b);
- j++;
- j &= 7;
- }
- BIG m = d.mod(q);
- return m;
- }
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
- public static int[] nafbits(BIG x, BIG x3, int i)
- {
- int[] n = new int[3];
- int nb = x3.bit(i) - x.bit(i);
- int j;
- n[1] = 1;
- n[0] = 0;
- if (nb == 0)
- {
- n[0] = 0;
- return n;
- }
- if (i == 0)
- {
- n[0] = nb;
- return n;
- }
- if (nb > 0)
- {
- n[0] = 1;
- }
- else
- {
- n[0] = (-1);
- }
-
- for (j = i - 1;j > 0;j--)
- {
- n[1]++;
- n[0] *= 2;
- nb = x3.bit(j) - x.bit(j);
- if (nb > 0)
- {
- n[0] += 1;
- }
- if (nb < 0)
- {
- n[0] -= 1;
- }
- if (n[0] > 5 || n[0] < -5)
- {
- break;
- }
- }
-
- if (n[0] % 2 != 0 && j != 0)
- { // backtrack
- if (nb > 0)
- {
- n[0] = (n[0] - 1) / 2;
- }
- if (nb < 0)
- {
- n[0] = (n[0] + 1) / 2;
- }
- n[1]--;
- }
- while (n[0] % 2 == 0)
- { // remove trailing zeros
- n[0] /= 2;
- n[2]++;
- n[1]--;
- }
- return n;
- }
-
-/* return a*b as DBIG */
- public static DBIG mul(BIG a, BIG b)
- {
- DBIG c = new DBIG(0);
- long carry;
- a.norm();
- b.norm();
-
- for (int i = 0;i < ROM.NLEN;i++)
- {
- carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- carry = c.muladd(a.w[i],b.w[j],carry,i + j);
- }
- c.w[ROM.NLEN + i] = carry;
- }
-
- return c;
- }
-
-/* return a^2 as DBIG */
- public static DBIG sqr(BIG a)
- {
- DBIG c = new DBIG(0);
- long carry;
- a.norm();
- for (int i = 0;i < ROM.NLEN;i++)
- {
- carry = 0;
- for (int j = i + 1;j < ROM.NLEN;j++)
- {
- carry = c.muladd(2 * a.w[i],a.w[j],carry,i + j);
- }
- c.w[ROM.NLEN + i] = carry;
- }
-
- for (int i = 0;i < ROM.NLEN;i++)
- {
- c.w[2 * i + 1] += c.muladd(a.w[i],a.w[i],0,2 * i);
- }
-
- c.norm();
- return c;
- }
-
-/* reduce a DBIG to a BIG using the appropriate form of the modulus */
- public static BIG mod(DBIG d)
- {
- BIG b;
- if (ROM.MODTYPE == ROM.PSEUDO_MERSENNE)
- {
- long v, tw;
- BIG t = d.Split(ROM.MODBITS);
- b = new BIG(d);
- unchecked
- {
- v = t.pmul((int)ROM.MConst);
- }
- tw = t.w[ROM.NLEN - 1];
- t.w[ROM.NLEN - 1] &= ROM.TMASK;
- t.w[0] += (ROM.MConst * ((tw >> ROM.TBITS) + (v << (ROM.BASEBITS - ROM.TBITS))));
-
- b.add(t);
- b.norm();
- }
- if (ROM.MODTYPE == ROM.MONTGOMERY_FRIENDLY)
- {
- for (int i = 0;i < ROM.NLEN;i++)
- {
- d.w[ROM.NLEN + i] += d.muladd(d.w[i],ROM.MConst - 1,d.w[i],ROM.NLEN + i - 1);
- }
-
- b = new BIG(0);
-
- for (int i = 0;i < ROM.NLEN;i++)
- {
- b.w[i] = d.w[ROM.NLEN + i];
- }
- b.norm();
- }
-
- if (ROM.MODTYPE == ROM.NOT_SPECIAL)
- {
- BIG md = new BIG(ROM.Modulus);
- long m, carry;
- for (int i = 0;i < ROM.NLEN;i++)
- {
- if (ROM.MConst == -1)
- {
- m = (-d.w[i]) & ROM.MASK;
- }
- else
- {
- if (ROM.MConst == 1)
- {
- m = d.w[i];
- }
- else
- {
- m = (ROM.MConst * d.w[i]) & ROM.MASK;
- }
- }
-
- carry = 0;
- for (int j = 0;j < ROM.NLEN;j++)
- {
- carry = d.muladd(m,md.w[j],carry,i + j);
- }
- d.w[ROM.NLEN + i] += carry;
- }
-
- b = new BIG(0);
- for (int i = 0;i < ROM.NLEN;i++)
- {
- b.w[i] = d.w[ROM.NLEN + i];
- }
- b.norm();
- }
-
- return b;
- }
-
-/* return a*b mod m */
- public static BIG modmul(BIG a, BIG b, BIG m)
- {
- a.mod(m);
- b.mod(m);
- DBIG d = mul(a,b);
- return d.mod(m);
- }
-
-/* return a^2 mod m */
- public static BIG modsqr(BIG a, BIG m)
- {
- a.mod(m);
- DBIG d = sqr(a);
- return d.mod(m);
- }
-
-/* return -a mod m */
- public static BIG modneg(BIG a, BIG m)
- {
- a.mod(m);
- return m.minus(a);
- }
-
-/* return this^e mod m */
- public virtual BIG powmod(BIG e, BIG m)
- {
- int bt;
- norm();
- e.norm();
- BIG a = new BIG(1);
- BIG z = new BIG(e);
- BIG s = new BIG(this);
- while (true)
- {
- bt = z.parity();
- z.fshr(1);
- if (bt == 1)
- {
- a = modmul(a,s,m);
- }
- if (z.iszilch())
- {
- break;
- }
- s = modsqr(s,m);
- }
- return a;
- }
-
-/* Jacobi Symbol (this/p). Returns 0, 1 or -1 */
- public virtual int jacobi(BIG p)
- {
- int n8 , k , m = 0;
- BIG t = new BIG(0);
- BIG x = new BIG(0);
- BIG n = new BIG(0);
- BIG zilch = new BIG(0);
- BIG one = new BIG(1);
- if (p.parity() == 0 || comp(this,zilch) == 0 || comp(p,one) <= 0)
- {
- return 0;
- }
- norm();
- x.copy(this);
- n.copy(p);
- x.mod(p);
-
- while (comp(n,one) > 0)
- {
- if (comp(x,zilch) == 0)
- {
- return 0;
- }
- n8 = n.lastbits(3);
- k = 0;
- while (x.parity() == 0)
- {
- k++;
- x.shr(1);
- }
- if (k % 2 == 1)
- {
- m += (n8 * n8 - 1) / 8;
- }
- m += (n8 - 1) * (x.lastbits(2) - 1) / 4;
- t.copy(n);
- t.mod(x);
- n.copy(x);
- x.copy(t);
- m %= 2;
-
- }
- if (m == 0)
- {
- return 1;
- }
- else
- {
- return -1;
- }
- }
-
-/* this=1/this mod p. Binary method */
- public virtual void invmodp(BIG p)
- {
- mod(p);
- BIG u = new BIG(this);
-
- BIG v = new BIG(p);
- BIG x1 = new BIG(1);
- BIG x2 = new BIG(0);
- BIG t = new BIG(0);
- BIG one = new BIG(1);
- while (comp(u,one) != 0 && comp(v,one) != 0)
- {
- while (u.parity() == 0)
- {
- u.shr(1);
- if (x1.parity() != 0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr(1);
- }
- while (v.parity() == 0)
- {
- v.shr(1);
- if (x2.parity() != 0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr(1);
- }
- if (comp(u,v) >= 0)
- {
- u.sub(v);
- u.norm();
- if (comp(x1,x2) >= 0)
- {
- x1.sub(x2);
- }
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1) >= 0)
- {
- x2.sub(x1);
- }
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one) == 0)
- {
- copy(x1);
- }
- else
- {
- copy(x2);
- }
- }
-}
[49/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/amcl.h.in
----------------------------------------------------------------------
diff --git a/c/amcl.h.in b/c/amcl.h.in
deleted file mode 100755
index 3bbec0e..0000000
--- a/c/amcl.h.in
+++ /dev/null
@@ -1,2511 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL header file */
-/* Designed for AES-128 security, 254-256 bit elliptic curves and BN curves for pairings */
-/* Each "limb" of a big number occupies at most (n-3) bits of an n-bit computer word. The most significant word must have at least 4 extra unused bits */
-/* For n=64, use 5 words, use 56 bits per limb, leaving at least 24 unused MSBs 5*56-256 */
-/* For n=32, use 9 words, use 29 bits per limb, leaving at least 5 unused MSBs 9*29-256 */
-/* For n=16, use 20 words, use 13 bits per limb, leaving at least 4 unused MSBs 20*13-256 */
-
-/**
- * @file amcl.h.in
- * @author Mike Scott and kealan McCusker
- * @date 19th May 2015
- * @brief Main Header File
- *
- * Allows some user configuration
- * defines structures
- * declares functions
- *
- */
-
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef AMCL_H
-#define AMCL_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "DLLDefines.h"
-
-#define AMCL_VERSION_MAJOR @AMCL_VERSION_MAJOR@
-#define AMCL_VERSION_MINOR @AMCL_VERSION_MINOR@
-#define AMCL_VERSION_PATCH @AMCL_VERSION_PATCH@
-#define OS "@OS@"
-#cmakedefine USE_PATENTS
-#cmakedefine USE_ANONYMOUS
-
-/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
-
-#if __STDC_VERSION__ >= 199901L
-/* C99 code */
-#define C99
-#else
-/* Not C99 code */
-#endif
-
-#ifndef C99 /* You are on your own! These are for Microsoft C */
-#define sign32 __int32 /**< 32-bit signed integer */
-#define sign8 signed char /**< 8-bit signed integer */
-#define unsign32 unsigned __int32 /**< 32-bit unsigned integer */
-#else
-#include <stdint.h>
-#define sign8 int8_t /**< 8-bit signed integer */
-#define sign32 int32_t /**< 32-bit signed integer */
-#define unsign32 uint32_t /**< 32-bit unsigned integer */
-#endif
-
-/* modulus types */
-
-#define NOT_SPECIAL 0 /**< Modulus of no exploitable form */
-#define PSEUDO_MERSENNE 1 /**< Pseudo-mersenne modulus of form $2^n-c$ */
-#define MONTGOMERY_FRIENDLY 3 /**< Montgomery Friendly modulus of form $2^a(2^b-c)-1$ */
-
-/* curve types */
-
-#define WEIERSTRASS 0 /**< Short Weierstrass form curve */
-#define EDWARDS 1 /**< Edwards or Twisted Edwards curve */
-#define MONTGOMERY 2 /**< Montgomery form curve */
-
-/* Elliptic curves are defined over prime fields */
-/* Here are some popular EC prime fields for which I have prepared curves. Feel free to specify your own. */
-
-#define NIST 0 /**< For the NIST 256-bit standard curve - WEIERSTRASS only */
-#define C25519 1 /**< Bernstein's Modulus 2^255-19 - EDWARDS or MONTGOMERY only */
-#define BRAINPOOL 2 /**< For Brainpool 256-bit curve - WEIERSTRASS only */
-#define ANSSI 3 /**< For French 256-bit standard curve - WEIERSTRASS only */
-#define MF254 4 /**< For NUMS curves from Bos et al - 254-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MS255 5 /**< For NUMS curve - 255-bit pseudo-mersenne modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MF256 6 /**< For NUMS curve - 256-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MS256 7 /**< For NUMS curve - 256-bit pseudo-merseene modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-
-#define BN 100 /**< Standard Nogami BN curve - fastest. Modulus built from t=-0x4080000000000001 - WEIERSTRASS only */
-#define BNCX 101 /**< Our MIRACL BN curve. Modulus built from t=-0x4000000003C012B1 - WEIERSTRASS only */
-#define BNT 102 /**< GT_Strong BN curve. Modulus built from t=-0x4000806000004081 - WEIERSTRASS only */
-#define BNT2 103 /**< G2 and GT-Strong BN curve. Modulus built from t=-0x4000020100608205 - WEIERSTRASS only */
-
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture and choose modulus and curve ***/
-
-#define CHUNK @WORD_LENGTH@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#define CHOICE @FIELD_CHOICE@ /**< Current choice of Field */
-#define FIELD_CHOICE "@FIELD_CHOICE@"
-/* For some moduli only WEIERSTRASS curves are supported. For others there is a choice of WEIERSTRASS, EDWARDS or MONTGOMERY curves. See above. */
-#define CURVETYPE @CURVE_TYPE@ /**< Note that not all curve types are supported - see above */
-
-/* Actual curve parameters associated with these choices can be found in rom.c */
-#define CURVE_TYPE "@CURVE_TYPE@"
-
-/* These next options only apply for pairings */
-#ifdef USE_PATENTS
- #define USE_GLV /**< Note this method is patented (GLV), so maybe you want to comment this out */
- #define USE_GS_G2 /**< Well we didn't patent it :) But may be covered by GLV patent :( */
-#endif
-#define USE_GS_GT /**< Not patented, so probably always use this */
-
-/* Finite field support - for RSA, DH etc. */
-#define FF_BITS 2048 /**< Finite Field Size in bits - must be 256.2^n */
-
-/* For debugging Only.
-#define DEBUG_REDUCE
-#define DEBUG_NORM
-#define GET_STATS
-*/
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-
-#if CHOICE>=BN /* Its a BN curve */
-#define MBITS 254 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-#if CHOICE>BN
-#define GT_STRONG /**< Using a GT-Strong BN curve */
-#endif
-
-#if CHOICE==NIST
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-#if CHOICE==C25519
-#define MBITS 255 /**< Number of bits in Modulus */
-#define MOD8 5 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#endif
-
-#if CHOICE==BRAINPOOL
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-#if CHOICE==ANSSI
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-/**< NUMS curve from Bos et al. paper */
-
-#if CHOICE==MF254
-#define MBITS 254 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
-#endif
-
-#if CHOICE==MF256
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
-#endif
-
-#if CHOICE==MS255
-#define MBITS 255 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#endif
-
-#if CHOICE==MS256
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#endif
-
-
-#define FFLEN (FF_BITS/256) /**< RSA public key bytes */
-#define HFLEN (FFLEN/2) /**< Useful for half-size RSA private key operations */
-
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-#if CHUNK==16
-#define NLEN 20 /**< Number of words in BIG. */
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#ifndef C99
-#define chunk __int16 /**< C type corresponding to word length */
-#define dchunk __int32 /**< Always define double length chunk type if available */
-#else
-#define chunk int16_t /**< C type corresponding to word length */
-#define dchunk int32_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 32
-#define NLEN 9 /**< Number of words in BIG. */
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#ifndef C99
-#define chunk __int32 /**< C type corresponding to word length */
-#define dchunk __int64 /**< Always define double length chunk type if available */
-#else
-#define chunk int32_t /**< C type corresponding to word length */
-#define dchunk int64_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 64
-#define NLEN 5 /**< Number of words in BIG. */
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#ifndef C99
-#define chunk __int64 /**< C type corresponding to word length */
- /**< Note - no 128-bit type available */
-#else
-#define chunk int64_t /**< C type corresponding to word length */
-#ifdef __GNUC__
-#define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
-#endif
-#endif
-#endif
-
-/* Don't mess with anything below this line */
-
-#ifdef GET_STATS
-extern int tsqr,rsqr,tmul,rmul;
-extern int tadd,radd,tneg,rneg;
-extern int tdadd,rdadd,tdneg,rdneg;
-#endif
-
-#define DCHUNK 2*CHUNK /**< Number of bits in double-length type */
-#define DNLEN 2*NLEN /**< double length required for products of BIGs */
-
-#ifdef dchunk
-#define COMBA /**< Use COMBA method for faster BN muls, sqrs and reductions */
-#endif
-
-#define CHUNK_BITS 8*sizeof(chunk) /**< Number of bits in a chunk */
-
-#ifdef DEBUG_NORM /* Add an extra location to track chunk extension */
-typedef chunk BIG[NLEN+1]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN+1]; /**< Define type DBIG as array of chunks */
-#else
-typedef chunk BIG[NLEN]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN]; /**< Define type DBIG as array of chunks */
-#endif
-
-#define HBITS (BASEBITS/2) /**< Number of bits in number base divided by 2 */
-#define HBITS1 ((BASEBITS+1)/2) /**< Number of bits in number base plus 1 divided by 2 */
-#define HDIFF (HBITS1-HBITS) /**< Will be either 0 or 1, depending if number of bits in number base is even or odd */
-
-#define MASK (((chunk)1<<BASEBITS)-1) /**< Mask = 2^BASEBITS-1 */
-#define HMASK (((chunk)1<<HBITS)-1) /**< Mask = 2^HBITS-1 */
-#define HMASK1 (((chunk)1<<HBITS1)-1) /**< Mask = 2^HBITS1-1 */
-
-#define MODBITS MBITS /**< Number of bits in Modulus for selected curve */
-#define MODBYTES 32 /**< Number of bytes in Modulus */
-#define MB (MBITS%BASEBITS) /**< Number of bits in modulus mod number of bits in number base */
-#define TBITS (MBITS%BASEBITS) /**< Number of active bits in top word */
-#define TMASK (((chunk)1<<(MBITS%BASEBITS))-1) /**< Mask for active bits in top word */
-#define NEXCESS (1<<(CHUNK-BASEBITS-1)) /**< 2^(CHUNK-BASEBITS-1) - digit cannot be multiplied by more than this before normalisation */
-#define FEXCESS ((chunk)1<<(BASEBITS*NLEN-MBITS)) /**< 2^(BASEBITS*NLEN-MODBITS) - normalised BIG can be multiplied by more than this before reduction */
-#define OMASK ((chunk)(-1)<<(MBITS%BASEBITS)) /**< for masking out overflow bits */
-
-/* catch field excesses */
-#define EXCESS(a) ((a[NLEN-1]&OMASK)>>(MB)) /**< Field Excess */
-
-/* Field Params - see rom.c */
-extern const BIG Modulus; /**< Actual Modulus set in rom.c */
-extern const chunk MConst; /**< Montgomery only - 1/p mod 2^BASEBITS */
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A; /**< Elliptic curve A parameter */
-extern const BIG CURVE_B; /**< Elliptic curve B parameter */
-extern const BIG CURVE_Order; /**< Elliptic curve group order */
-
-/* Generator point on G1 */
-extern const BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const BIG CURVE_Pxa; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pxb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pya; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pyb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-extern const BIG CURVE_Bnx; /**< BN curve x parameter */
-
-extern const BIG CURVE_Cru; /**< BN curve Cube Root of Unity */
-
-extern const BIG CURVE_Fra; /**< real part of BN curve Frobenius Constant */
-extern const BIG CURVE_Frb; /**< imaginary part of BN curve Frobenius Constant */
-
-
-extern const BIG CURVE_W[2]; /**< BN curve constant for GLV decomposition */
-extern const BIG CURVE_SB[2][2]; /**< BN curve constant for GLV decomposition */
-extern const BIG CURVE_WB[4]; /**< BN curve constant for GS decomposition */
-extern const BIG CURVE_BB[4][4]; /**< BN curve constant for GS decomposition */
-
-/* Structures */
-
-/**
- @brief ECP structure - Elliptic Curve Point over base field
-*/
-
-typedef struct {
-#if CURVETYPE!=EDWARDS
-int inf; /**< Infinity Flag - not needed for Edwards representation */
-#endif
-BIG x; /**< x-coordinate of point */
-#if CURVETYPE!=MONTGOMERY
-BIG y; /**< y-coordinate of point. Not needed for Montgomery representation */
-#endif
-BIG z; /**< z-coordinate of point */
-} ECP;
-
-/**
- @brief FP2 Structure - quadratic extension field
-*/
-
-typedef struct {
-BIG a; /**< real part of FP2 */
-BIG b; /**< imaginary part of FP2 */
-} FP2;
-
-/**
- @brief FP4 Structure - towered over two FP2
-*/
-
-typedef struct {
-FP2 a; /**< real part of FP4 */
-FP2 b; /**< imaginary part of FP4 */
-} FP4;
-
-/**
- @brief FP12 Structure - towered over three FP4
-*/
-
-typedef struct {
-FP4 a; /**< first part of FP12 */
-FP4 b; /**< second part of FP12 */
-FP4 c; /**< third part of FP12 */
-} FP12;
-
-/**
- @brief ECP2 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct {
-int inf; /**< Infinity Flag */
-FP2 x; /**< x-coordinate of point */
-FP2 y; /**< y-coordinate of point */
-FP2 z; /**< z-coordinate of point */
-} ECP2;
-
-/**
- @brief SHA256 hash function instance
-*/
-
-typedef struct {
-unsign32 length[2]; /**< 64-bit input length */
-unsign32 h[8]; /**< Internal state */
-unsign32 w[64]; /**< Internal state */
-} hash;
-
-/* Symmetric Encryption AES structure */
-
-#define ECB 0 /**< Electronic Code Book */
-#define CBC 1 /**< Cipher Block Chaining */
-#define CFB1 2 /**< Cipher Feedback - 1 byte */
-#define CFB2 3 /**< Cipher Feedback - 2 bytes */
-#define CFB4 5 /**< Cipher Feedback - 4 bytes */
-#define OFB1 14 /**< Output Feedback - 1 byte */
-#define OFB2 15 /**< Output Feedback - 2 bytes */
-#define OFB4 17 /**< Output Feedback - 4 bytes */
-#define OFB8 21 /**< Output Feedback - 8 bytes */
-#define OFB16 29 /**< Output Feedback - 16 bytes */
-
-#define uchar unsigned char /**< Unsigned char */
-
-/**
- @brief AES instance
-*/
-
-
-typedef struct {
-int mode; /**< AES mode of operation */
-unsign32 fkey[44]; /**< subkeys for encrypton */
-unsign32 rkey[44]; /**< subkeys for decrypton */
-char f[16]; /**< buffer for chaining vector */
-} aes;
-
-/* AES-GCM suppport. */
-
-#define GCM_ACCEPTING_HEADER 0 /**< GCM status */
-#define GCM_ACCEPTING_CIPHER 1 /**< GCM status */
-#define GCM_NOT_ACCEPTING_MORE 2 /**< GCM status */
-#define GCM_FINISHED 3 /**< GCM status */
-#define GCM_ENCRYPTING 0 /**< GCM mode */
-#define GCM_DECRYPTING 1 /**< GCM mode */
-
-
-/**
- @brief GCM mode instance, using AES internally
-*/
-
-typedef struct {
-unsign32 table[128][4]; /**< 2k byte table */
-uchar stateX[16]; /**< GCM Internal State */
-uchar Y_0[16]; /**< GCM Internal State */
-unsign32 lenA[2]; /**< GCM 64-bit length of header */
-unsign32 lenC[2]; /**< GCM 64-bit length of ciphertext */
-int status; /**< GCM Status */
-aes a; /**< Internal Instance of AES cipher */
-} gcm;
-
-/* Marsaglia & Zaman Random number generator constants */
-
-#define NK 21 /**< PRNG constant */
-#define NJ 6 /**< PRNG constant */
-#define NV 8 /**< PRNG constant */
-
-
-/**
- @brief Cryptographically secure pseudo-random number generator instance
-*/
-
-typedef struct {
-unsign32 ira[NK]; /**< random number array */
-int rndptr; /**< pointer into array */
-unsign32 borrow; /**< borrow as a result of subtraction */
-int pool_ptr; /**< pointer into random pool */
-char pool[32]; /**< random pool */
-} csprng;
-
-
-/**
- @brief Portable representation of a big positive number
-*/
-
-typedef struct
-{
- int len; /**< length in bytes */
- int max; /**< max length allowed - enforce truncation */
- char *val; /**< byte array */
-} octet;
-
-/**
- @brief Integer Factorisation Public Key
-*/
-
-typedef struct
-{
- sign32 e; /**< RSA exponent (typically 65537) */
- BIG n[FFLEN]; /**< An array of BIGs to store public key */
-} rsa_public_key;
-
-/**
- @brief Integer Factorisation Private Key
-*/
-
-typedef struct
-{
- BIG p[FFLEN/2]; /**< secret prime p */
- BIG q[FFLEN/2]; /**< secret prime q */
- BIG dp[FFLEN/2]; /**< decrypting exponent mod (p-1) */
- BIG dq[FFLEN/2]; /**< decrypting exponent mod (q-1) */
- BIG c[FFLEN/2]; /**< 1/p mod q */
-} rsa_private_key;
-
-/*
-
-Note that a normalised BIG consists of digits mod 2^BASEBITS
-However BIG digits may be "extended" up to 2^(WORDLENGTH-1).
-
-BIGs in extended form may need to be normalised before certain
-operations.
-
-A BIG may be "reduced" to be less that the Modulus, or it
-may be "unreduced" and allowed to grow greater than the
-Modulus.
-
-Normalisation is quite fast. Reduction involves conditional branches,
-which can be regarded as significant "speed bumps". We try to
-delay reductions as much as possible. Reductions may also involve
-side channel leakage, so delaying and batching them
-hopefully disguises internal operations.
-
-*/
-
-/* BIG number prototypes */
-
-/** @brief Calculates a*b+c+*d
- *
- Calculate partial product of a.b, add in carry c, and add total to d
- @param a multiplier
- @param b multiplicand
- @param c carry
- @param d pointer to accumulated bottom half of result
- @return top half of result
- */
-extern chunk muladd(chunk a,chunk b,chunk c,chunk *d);
-/** @brief Tests for BIG equal to zero
- *
- @param x a BIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_iszilch(BIG x);
-/** @brief Tests for DBIG equal to zero
- *
- @param x a DBIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_diszilch(DBIG x);
-/** @brief Outputs a BIG number to the console
- *
- @param x a BIG number
- */
-extern void BIG_output(BIG x);
-/** @brief Outputs a BIG number to the console in raw form (for debugging)
- *
- @param x a BIG number
- */
-extern void BIG_rawoutput(BIG x);
-/** @brief Conditional constant time swap of two BIG numbers
- *
- Conditionally swaps parameters in constant time (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s swap takes place if not equal to 0
- */
-extern void BIG_cswap(BIG x,BIG y,int s);
-/** @brief Conditional copy of BIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_cmove(BIG x,BIG y,int s);
-/** @brief Convert from BIG number to byte array
- *
- @param a byte array
- @param x BIG number
- */
-extern void BIG_toBytes(char *a,BIG x);
-/** @brief Convert to BIG number from byte array
- *
- @param x BIG number
- @param a byte array
- */
-extern void BIG_fromBytes(BIG x,char *a);
-/** @brief Outputs a DBIG number to the console
- *
- @param x a DBIG number
- */
-extern void BIG_doutput(DBIG x);
-/** @brief Copy BIG from Read-Only Memory to a BIG
- *
- @param x BIG number
- @param y BIG number in ROM
- */
-extern void BIG_rcopy(BIG x,const BIG y);
-/** @brief Copy BIG to another BIG
- *
- @param x BIG number
- @param y BIG number to be copied
- */
-extern void BIG_copy(BIG x,BIG y);
-/** @brief Copy DBIG to another DBIG
- *
- @param x DBIG number
- @param y DBIG number to be copied
- */
-extern void BIG_dcopy(DBIG x,DBIG y);
-/** @brief Copy BIG to upper half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dsucopy(DBIG x,BIG y);
-/** @brief Copy BIG to lower half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dscopy(DBIG x,BIG y);
-/** @brief Copy lower half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sdcopy(BIG x,DBIG y);
-/** @brief Copy upper half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sducopy(BIG x,DBIG y);
-/** @brief Set BIG to zero
- *
- @param x BIG number to be set to zero
- */
-extern void BIG_zero(BIG x);
-/** @brief Set DBIG to zero
- *
- @param x DBIG number to be set to zero
- */
-extern void BIG_dzero(DBIG x);
-/** @brief Set BIG to one (unity)
- *
- @param x BIG number to be set to one.
- */
-extern void BIG_one(BIG x);
-/** @brief Set BIG to inverse mod 2^256
- *
- @param x BIG number to be inverted
- */
-extern void BIG_invmod2m(BIG x);
-/** @brief Set BIG to sum of two BIGs - output not normalised
- *
- @param x BIG number, sum of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_add(BIG x,BIG y,BIG z);
-/** @brief Increment BIG by a small integer - output not normalised
- *
- @param x BIG number to be incremented
- @param i integer
- */
-extern void BIG_inc(BIG x,int i);
-/** @brief Set BIG to difference of two BIGs
- *
- @param x BIG number, difference of other two - output not normalised
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_sub(BIG x,BIG y,BIG z);
-/** @brief Decrement BIG by a small integer - output not normalised
- *
- @param x BIG number to be decremented
- @param i integer
- */
-extern void BIG_dec(BIG x,int i);
-/** @brief Set DBIG to difference of two DBIGs
- *
- @param x DBIG number, difference of other two - output not normalised
- @param y DBIG number
- @param z DBIG number
- */
-extern void BIG_dsub(DBIG x,DBIG y,DBIG z);
-/** @brief Multiply BIG by a small integer - output not normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_imul(BIG x,BIG y,int i);
-/** @brief Multiply BIG by not-so-small small integer - output normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- @return Overflowing bits
- */
-extern chunk BIG_pmul(BIG x,BIG y,int i);
-/** @brief Divide BIG by 3 - output normalised
- *
- @param x BIG number
- @return Remainder
- */
-extern int BIG_div3(BIG x);
-/** @brief Multiply BIG by even bigger small integer resulting in a DBIG - output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_pxmul(DBIG x,BIG y,int i);
-/** @brief Multiply BIG by another BIG resulting in DBIG - inputs normalised and output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_mul(DBIG x,BIG y,BIG z);
-/** @brief Multiply BIG by another BIG resulting in another BIG - inputs normalised and output normalised
- *
- Note that the product must fit into a BIG, and x must be distinct from y and z
- @param x BIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_smul(BIG x,BIG y,BIG z);
-/** @brief Square BIG resulting in a DBIG - input normalised and output normalised
- *
- @param x DBIG number, square of a BIG
- @param y BIG number to be squared
- */
-extern void BIG_sqr(DBIG x,BIG y);
-/** @brief Shifts a BIG left by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shl(BIG x,int s);
-/** @brief Fast shifts a BIG left by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Overflow bits
- */
-extern chunk BIG_fshl(BIG x,int s);
-/** @brief Shifts a DBIG left by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshl(DBIG x,int s);
-/** @brief Shifts a BIG right by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shr(BIG x,int s);
-/** @brief Fast shifts a BIG right by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Shifted out bits
- */
-extern chunk BIG_fshr(BIG x,int s);
-/** @brief Shifts a DBIG right by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshr(DBIG x,int s);
-/** @brief Splits a DBIG into two BIGs - input must be normalised, outputs normalised
- *
- Internal function. The value of s must be approximately in the middle of the DBIG.
- Typically used to extract z mod 2^MODBITS and z/2^MODBITS
- @param x BIG number, top half of z
- @param y BIG number, bottom half of z
- @param z DBIG number to be split in two.
- @param s Bit position at which to split
- */
-extern void BIG_split(BIG x,BIG y,DBIG z,int s);
-/** @brief Normalizes a BIG number - output normalised
- *
- All digits of the input BIG are reduced mod 2^BASEBITS
- @param x BIG number to be normalised
- */
-extern chunk BIG_norm(BIG x);
-/** @brief Normalizes a DBIG number - output normalised
- *
- All digits of the input DBIG are reduced mod 2^BASEBITS
- @param x DBIG number to be normalised
- */
-extern void BIG_dnorm(DBIG x);
-/** @brief Compares two BIG numbers. Inputs must be normalised externally
- *
- @param x first BIG number to be compared
- @param y second BIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_comp(BIG x,BIG y);
-/** @brief Compares two DBIG numbers. Inputs must be normalised externally
- *
- @param x first DBIG number to be compared
- @param y second DBIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_dcomp(DBIG x,DBIG y);
-/** @brief Calculate number of bits in a BIG - output normalised
- *
- @param x BIG number
- @return Number of bits in x
- */
-extern int BIG_nbits(BIG x);
-/** @brief Calculate number of bits in a DBIG - output normalised
- *
- @param x DBIG number
- @return Number of bits in x
- */
-extern int BIG_dnbits(DBIG x);
-/** @brief Reduce x mod n - input and output normalised
- *
- Slow but rarely used
- @param x BIG number to be reduced mod n
- @param n The modulus
- */
-extern void BIG_mod(BIG x,BIG n);
-/** @brief Divide x by n - output normalised
- *
- Slow but rarely used
- @param x BIG number to be divided by n
- @param n The Divisor
- */
-extern void BIG_sdiv(BIG x,BIG n);
-/** @brief x=y mod n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y mod n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_dmod(BIG x,DBIG y,BIG n);
-/** @brief x=y/n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y/n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_ddiv(BIG x,DBIG y,BIG n);
-/** @brief return parity of BIG, that is the least significant bit
- *
- @param x BIG number
- @return 0 or 1
- */
-extern int BIG_parity(BIG x);
-/** @brief return i-th of BIG
- *
- @param x BIG number
- @param i the bit of x to be returned
- @return 0 or 1
- */
-extern int BIG_bit(BIG x,int i);
-/** @brief return least significant bits of a BIG
- *
- @param x BIG number
- @param n number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int BIG_lastbits(BIG x,int n);
-/** @brief Create a random BIG from a random number generator
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_random(BIG x,csprng *r);
-/** @brief Create an unbiased random BIG from a random number generator, reduced with respect to a modulus
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param n The modulus
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_randomnum(BIG x,BIG n,csprng *r);
-/** @brief return NAF (Non-Adjacent-Form) value as +/- 1, 3 or 5, inputs must be normalised
- *
- Given x and 3*x extracts NAF value from given bit position, and returns number of bits processed, and number of trailing zeros detected if any
- @param x BIG number
- @param x3 BIG number, three times x
- @param i bit position
- @param nbs pointer to integer returning number of bits processed
- @param nzs pointer to integer returning number of trailing 0s
- @return + or - 1, 3 or 5
- */
-extern int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs);
-/** @brief Calculate x=y*z mod n
- *
- Slow method for modular multiplication
- @param x BIG number, on exit = y*z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modmul(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y/z mod n
- *
- Slow method for modular division
- @param x BIG number, on exit = y/z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_moddiv(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y^2 mod n
- *
- Slow method for modular squaring
- @param x BIG number, on exit = y^2 mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modsqr(BIG x,BIG y,BIG n);
-/** @brief Calculate x=-y mod n
- *
- Modular negation
- @param x BIG number, on exit = -y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modneg(BIG x,BIG y,BIG n);
-/** @brief Calculate jacobi Symbol (x/y)
- *
- @param x BIG number
- @param y BIG number
- @return Jacobi symbol, -1,0 or 1
- */
-extern int BIG_jacobi(BIG x,BIG y);
-/** @brief Calculate x=1/y mod n
- *
- Modular Inversion - This is slow. Uses binary method.
- @param x BIG number, on exit = 1/y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_invmodp(BIG x,BIG y,BIG n);
-
-
-
-/* FP prototypes */
-
-/** @brief Tests for BIG equal to zero mod Modulus
- *
- @param x BIG number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP_iszilch(BIG x);
-/** @brief Converts from BIG integer to n-residue form mod Modulus
- *
- @param x BIG number to be converted
- */
-extern void FP_nres(BIG x);
-/** @brief Converts from n-residue form back to BIG integer form
- *
- @param x BIG number to be converted
- */
-extern void FP_redc(BIG x);
-/** @brief Sets BIG to representation of unity in n-residue form
- *
- @param x BIG number to be set equal to unity.
- */
-extern void FP_one(BIG x);
-/** @brief Reduces DBIG to BIG exploiting special form of the modulus
- *
- This function comes in different flavours depending on the form of Modulus that is currently in use.
- @param x BIG number, on exit = y mod Modulus
- @param y DBIG number to be reduced
- */
-extern void FP_mod(BIG x,DBIG y);
-/** @brief Fast Modular multiplication of two BIGs in n-residue form, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x BIG number, on exit the modular product = y*z mod Modulus
- @param y BIG number, the multiplicand
- @param z BIG number, the multiplier
- */
-extern void FP_mul(BIG x,BIG y,BIG z);
-/** @brief Fast Modular multiplication of a BIG in n-residue form, by a small integer, mod Modulus
- *
- @param x BIG number, on exit the modular product = y*i mod Modulus
- @param y BIG number, the multiplicand
- @param i a small number, the multiplier
- */
-extern void FP_imul(BIG x,BIG y,int i);
-/** @brief Fast Modular squaring of a BIG in n-residue form, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x BIG number, on exit the modular product = y^2 mod Modulus
- @param y BIG number, the number to be squared
-
- */
-extern void FP_sqr(BIG x,BIG y);
-/** @brief Modular addition of two BIGs in n-residue form, mod Modulus
- *
- @param x BIG number, on exit the modular sum = y+z mod Modulus
- @param y BIG number
- @param z BIG number
- */
-extern void FP_add(BIG x,BIG y,BIG z);
-/** @brief Modular subtraction of two BIGs in n-residue form, mod Modulus
- *
- @param x BIG number, on exit the modular difference = y-z mod Modulus
- @param y BIG number
- @param z BIG number
- */
-extern void FP_sub(BIG x,BIG y,BIG z);
-/** @brief Modular division by 2 of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit =y/2 mod Modulus
- @param y BIG number
- */
-extern void FP_div2(BIG x,BIG y);
-/** @brief Fast Modular exponentiation of a BIG in n-residue form, to the power of a BIG, mod Modulus
- *
- @param x BIG number, on exit = y^z mod Modulus
- @param y BIG number
- @param z Big number exponent
- */
-extern void FP_pow(BIG x,BIG y,BIG z);
-/** @brief Fast Modular square root of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = sqrt(y) mod Modulus
- @param y BIG number, the number whose square root is calculated
-
- */
-extern void FP_sqrt(BIG x,BIG y);
-/** @brief Modular negation of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = -y mod Modulus
- @param y BIG number
- */
-extern void FP_neg(BIG x,BIG y);
-/** @brief Outputs a BIG number that is in n-residue form to the console
- *
- Converts from n-residue form before output
- @param x a BIG number
- */
-extern void FP_output(BIG x);
-/** @brief Outputs a BIG number that is in n-residue form to the console, in raw form
- *
- Converts from n-residue form before output
- @param x a BIG number
- */
-extern void FP_rawoutput(BIG x);
-/** @brief Reduces possibly unreduced BIG mod Modulus
- *
- @param x BIG number, on exit reduced mod Modulus
- */
-extern void FP_reduce(BIG x);
-/** @brief Tests for BIG a quadratic residue mod Modulus
- *
- @param x BIG number to be tested
- @return 1 if quadratic residue, else returns 0 if quadratic non-residue
- */
-extern int FP_qr(BIG x);
-/** @brief Modular inverse of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = 1/y mod Modulus
- @param y BIG number
- */
-extern void FP_inv(BIG x,BIG y);
-
-
-/* FP2 prototypes */
-
-/** @brief Tests for FP2 equal to zero
- *
- @param x FP2 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP2_iszilch(FP2 *x);
-/** @brief Conditional copy of FP2 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP2 instance, set to y if s!=0
- @param y another FP2 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP2_cmove(FP2 *x,FP2 *y,int s);
-/** @brief Tests for FP2 equal to one
- *
- @param x FP2 instance to be tested
- @return 1 if x=1, else returns 0
- */
-extern int FP2_isunity(FP2 *x);
-/** @brief Tests for equality of two FP2s
- *
- @param x FP2 instance to be compared
- @param y FP2 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP2_equals(FP2 *x,FP2 *y);
-/** @brief Initialise FP2 from two BIGs in n-residue form
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_from_FPs(FP2 *x,BIG a,BIG b);
-/** @brief Initialise FP2 from two BIG integers
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_from_BIGs(FP2 *x,BIG a,BIG b);
-/** @brief Initialise FP2 from single BIG in n-residue form
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_from_FP(FP2 *x,BIG a);
-/** @brief Initialise FP2 from single BIG
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_from_BIG(FP2 *x,BIG a);
-/** @brief Copy FP2 to another FP2
- *
- @param x FP2 instance, on exit = y
- @param y FP2 instance to be copied
- */
-extern void FP2_copy(FP2 *x,FP2 *y);
-/** @brief Set FP2 to zero
- *
- @param x FP2 instance to be set to zero
- */
-extern void FP2_zero(FP2 *x);
-/** @brief Set FP2 to unity
- *
- @param x FP2 instance to be set to one
- */
-extern void FP2_one(FP2 *x);
-/** @brief Negation of FP2
- *
- @param x FP2 instance, on exit = -y
- @param y FP2 instance
- */
-extern void FP2_neg(FP2 *x,FP2 *y);
-/** @brief Conjugation of FP2
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP2 instance, on exit = conj(y)
- @param y FP2 instance
- */
-extern void FP2_conj(FP2 *x,FP2 *y);
-/** @brief addition of two FP2s
- *
- @param x FP2 instance, on exit = y+z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_add(FP2 *x,FP2 *y,FP2 *z);
-/** @brief subtraction of two FP2s
- *
- @param x FP2 instance, on exit = y-z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_sub(FP2 *x,FP2 *y,FP2 *z);
-/** @brief Multiplication of an FP2 by an n-residue
- *
- @param x FP2 instance, on exit = y*b
- @param y FP2 instance
- @param b BIG n-residue
- */
-extern void FP2_pmul(FP2 *x,FP2 *y,BIG b);
-/** @brief Multiplication of an FP2 by a small integer
- *
- @param x FP2 instance, on exit = y*i
- @param y FP2 instance
- @param i an integer
- */
-extern void FP2_imul(FP2 *x,FP2 *y,int i);
-/** @brief Squaring an FP2
- *
- @param x FP2 instance, on exit = y^2
- @param y FP2 instance
- */
-extern void FP2_sqr(FP2 *x,FP2 *y);
-/** @brief Multiplication of two FP2s
- *
- @param x FP2 instance, on exit = y*z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_mul(FP2 *x,FP2 *y,FP2 *z);
-/** @brief Formats and outputs an FP2 to the console
- *
- @param x FP2 instance
- */
-extern void FP2_output(FP2 *x);
-/** @brief Formats and outputs an FP2 to the console in raw form (for debugging)
- *
- @param x FP2 instance
- */
-extern void FP2_rawoutput(FP2 *x);
-/** @brief Inverting an FP2
- *
- @param x FP2 instance, on exit = 1/y
- @param y FP2 instance
- */
-extern void FP2_inv(FP2 *x,FP2 *y);
-/** @brief Divide an FP2 by 2
- *
- @param x FP2 instance, on exit = y/2
- @param y FP2 instance
- */
-extern void FP2_div2(FP2 *x,FP2 *y);
-/** @brief Multiply an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x*(1+sqrt(-1))
- */
-extern void FP2_mul_ip(FP2 *x);
-/** @brief Divide an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x/(1+sqrt(-1))
- */
-extern void FP2_div_ip(FP2 *x);
-/** @brief Normalises the components of an FP2
- *
- @param x FP2 instance to be normalised
- */
-extern void FP2_norm(FP2 *x);
-/** @brief Reduces all components of possibly unreduced FP2 mod Modulus
- *
- @param x FP2 instance, on exit reduced mod Modulus
- */
-extern void FP2_reduce(FP2 *x);
-/** @brief Raises an FP2 to the power of a BIG
- *
- @param x FP2 instance, on exit = y^b
- @param y FP2 instance
- @param b BIG number
- */
-extern void FP2_pow(FP2 *x,FP2 *y,BIG b);
-/** @brief Square root of an FP2
- *
- @param x FP2 instance, on exit = sqrt(y)
- @param y FP2 instance
- */
-extern int FP2_sqrt(FP2 *x,FP2 *y);
-
-
-
-/* ECP E(Fp) prototypes */
-/** @brief Tests for ECP point equal to infinity
- *
- @param P ECP point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP_isinf(ECP *P);
-/** @brief Tests for equality of two ECPs
- *
- @param P ECP instance to be compared
- @param Q ECP instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP_equals(ECP *P,ECP *Q);
-/** @brief Copy ECP point to another ECP point
- *
- @param P ECP instance, on exit = Q
- @param Q ECP instance to be copied
- */
-extern void ECP_copy(ECP *P,ECP *Q);
-/** @brief Negation of an ECP point
- *
- @param P ECP instance, on exit = -P
- */
-extern void ECP_neg(ECP *P);
-/** @brief Set ECP to point-at-infinity
- *
- @param P ECP instance to be set to infinity
- */
-extern void ECP_inf(ECP *P);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x) depends on form of elliptic curve, Weierstrass, Edwards or Montgomery.
- Used internally.
- @param r BIG n-residue value of f(x)
- @param x BIG n-residue x
- */
-extern void ECP_rhs(BIG r,BIG x);
-/** @brief Set ECP to point(x,y) given just x and sign of y
- *
- Point P set to infinity if no such point on the curve. If x is on the curve then y is calculated from the curve equation.
- The correct y value (plus or minus) is selected given its sign s.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @param s an integer representing the "sign" of y, in fact its least significant bit.
- */
-extern int ECP_setx(ECP *P,BIG x,int s);
-
-#if CURVETYPE==MONTGOMERY
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Note that y coordinate is not needed.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,BIG x);
-/** @brief Extract x coordinate of an ECP point P
- *
- @param x BIG on exit = x coordinate of point
- @param P ECP instance (x,[y])
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP_get(BIG x,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P, given difference D=P-Q
- *
- Differential addition of points on a Montgomery curve
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- @param D Difference between P and Q
- */
-extern void ECP_add(ECP *P,ECP *Q,ECP *D);
-#else
-/** @brief Set ECP to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP instance to be set (x,y)
- @param x BIG x coordinate of point
- @param y BIG y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,BIG x,BIG y);
-/** @brief Extract x and y coordinates of an ECP point P
- *
- If x=y, returns only x
- @param x BIG on exit = x coordinate of point
- @param y BIG on exit = y coordinate of point (unless x=y)
- @param P ECP instance (x,y)
- @return sign of y, or -1 if P is point-at-infinity
- */
-extern int ECP_get(BIG x,BIG y,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P
- *
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- */
-extern void ECP_add(ECP *P,ECP *Q);
-/** @brief Subtracts ECP instance Q from ECP instance P
- *
- @param P ECP instance, on exit =P-Q
- @param Q ECP instance to be subtracted from P
- */
-extern void ECP_sub(ECP *P,ECP *Q);
-#endif
-/** @brief Converts an ECP point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP instance to be converted to affine form
- */
-extern void ECP_affine(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, in projective coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_outputxyz(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, converted to affine coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_output(ECP * P);
-/** @brief Formats and outputs an ECP point to an octet string
- *
- The octet string is created in the standard form 04|x|y, except for Montgomery curve in which case it is 06|x
- Here x (and y) are the x and y coordinates in big-endian base 256 form.
- @param S output octet string
- @param P ECP instance to be converted to an octet string
- */
-extern void ECP_toOctet(octet *S,ECP *P);
-/** @brief Creates an ECP point from an octet string
- *
- The octet string is in the standard form 0x04|x|y, except for Montgomery curve in which case it is 0x06|x
- Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
- @param P ECP instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP_fromOctet(ECP *P,octet *S);
-/** @brief Doubles an ECP instance P
- *
- @param P ECP instance, on exit =2*P
- */
-extern void ECP_dbl(ECP *P);
-/** @brief Multiplies an ECP instance P by a small integer, side-channel resistant
- *
- @param P ECP instance, on exit =i*P
- @param i small integer multiplier
- @param b maximum number of bits in multiplier
- */
-extern void ECP_pinmul(ECP *P,int i,int b);
-/** @brief Multiplies an ECP instance P by a BIG, side-channel resistant
- *
- Uses Montgomery ladder for Montgomery curves, otherwise fixed sized windows.
- @param P ECP instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP_mul(ECP *P,BIG b);
-/** @brief Calculates double multiplication P=e*P+f*Q, side-channel resistant
- *
- @param P ECP instance, on exit =e*P+f*Q
- @param Q ECP instance
- @param e BIG number multiplier
- @param f BIG number multiplier
- */
-extern void ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f);
-
-
-
-/* ECP2 E(Fp2) prototypes */
-/** @brief Tests for ECP2 point equal to infinity
- *
- @param P ECP2 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP2_isinf(ECP2 *P);
-/** @brief Copy ECP2 point to another ECP2 point
- *
- @param P ECP2 instance, on exit = Q
- @param Q ECP2 instance to be copied
- */
-extern void ECP2_copy(ECP2 *P,ECP2 *Q);
-/** @brief Set ECP2 to point-at-infinity
- *
- @param P ECP2 instance to be set to infinity
- */
-extern void ECP2_inf(ECP2 *P);
-/** @brief Tests for equality of two ECP2s
- *
- @param P ECP2 instance to be compared
- @param Q ECP2 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP2_equals(ECP2 *P,ECP2 *Q);
-/** @brief Converts an ECP2 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP2 instance to be converted to affine form
- */
-extern void ECP2_affine(ECP2 *P);
-/** @brief Extract x and y coordinates of an ECP2 point P
- *
- If x=y, returns only x
- @param x FP2 on exit = x coordinate of point
- @param y FP2 on exit = y coordinate of point (unless x=y)
- @param P ECP2 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP2_get(FP2 *x,FP2 *y,ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, converted to affine coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_output(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, in projective coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_outputxyz(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP2 instance to be converted to an octet string
- */
-extern void ECP2_toOctet(octet *S,ECP2 *P);
-/** @brief Creates an ECP2 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP2 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP2_fromOctet(ECP2 *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP2 value of f(x)
- @param x FP2 instance
- */
-extern void ECP2_rhs(FP2 *r,FP2 *x);
-/** @brief Set ECP2 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP2 instance to be set (x,y)
- @param x FP2 x coordinate of point
- @param y FP2 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_set(ECP2 *P,FP2 *x,FP2 *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_setx(ECP2 *P,FP2 *x);
-/** @brief Negation of an ECP2 point
- *
- @param P ECP2 instance, on exit = -P
- */
-extern void ECP2_neg(ECP2 *P);
-/** @brief Doubles an ECP2 instance P
- *
- @param P ECP2 instance, on exit =2*P
- */
-extern int ECP2_dbl(ECP2 *P);
-/** @brief Adds ECP2 instance Q to ECP2 instance P
- *
- @param P ECP2 instance, on exit =P+Q
- @param Q ECP2 instance to be added to P
- */
-extern int ECP2_add(ECP2 *P,ECP2 *Q);
-/** @brief Subtracts ECP instance Q from ECP2 instance P
- *
- @param P ECP2 instance, on exit =P-Q
- @param Q ECP2 instance to be subtracted from P
- */
-extern void ECP2_sub(ECP2 *P,ECP2 *Q);
-/** @brief Multiplies an ECP2 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP2 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP2_mul(ECP2 *P,BIG b);
-/** @brief Multiplies an ECP2 instance P by the internal modulus p, using precalculated Frobenius constant f
- *
- Fast point multiplication using Frobenius
- @param P ECP2 instance, on exit = p*P
- @param f FP2 precalculated Frobenius constant
-
- */
-extern void ECP2_frob(ECP2 *P,FP2 *f);
-/** @brief Calculates P=b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- *
- @param P ECP2 instance, on exit = b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- @param Q ECP2 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP2_mul4(ECP2 *P,ECP2 *Q,BIG *b);
-
-
-
-/* FP4 prototypes */
-/** @brief Tests for FP4 equal to zero
- *
- @param x FP4 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP4_iszilch(FP4 *x);
-/** @brief Tests for FP4 equal to unity
- *
- @param x FP4 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP4_isunity(FP4 *x);
-/** @brief Tests for equality of two FP4s
- *
- @param x FP4 instance to be compared
- @param y FP4 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP4_equals(FP4 *x,FP4 *y);
-/** @brief Tests for FP4 having only a real part and no imaginary part
- *
- @param x FP4 number to be tested
- @return 1 if real, else returns 0
- */
-extern int FP4_isreal(FP4 *x);
-/** @brief Initialise FP4 from two FP2s
- *
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- @param b FP2 to form imaginary part of FP4
- */
-extern void FP4_from_FP2s(FP4 *x,FP2 *a,FP2 *b);
-/** @brief Initialise FP4 from single FP2
- *
- Imaginary part is set to zero
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- */
-extern void FP4_from_FP2(FP4 *x,FP2 *a);
-/** @brief Copy FP4 to another FP4
- *
- @param x FP4 instance, on exit = y
- @param y FP4 instance to be copied
- */
-extern void FP4_copy(FP4 *x,FP4 *y);
-/** @brief Set FP4 to zero
- *
- @param x FP4 instance to be set to zero
- */
-extern void FP4_zero(FP4 *x);
-/** @brief Set FP4 to unity
- *
- @param x FP4 instance to be set to one
- */
-extern void FP4_one(FP4 *x);
-/** @brief Negation of FP4
- *
- @param x FP4 instance, on exit = -y
- @param y FP4 instance
- */
-extern void FP4_neg(FP4 *x,FP4 *y);
-/** @brief Conjugation of FP4
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP4 instance, on exit = conj(y)
- @param y FP4 instance
- */
-extern void FP4_conj(FP4 *x,FP4 *y);
-/** @brief Negative conjugation of FP4
- *
- If y=(a,b) on exit x=(-a,b)
- @param x FP4 instance, on exit = -conj(y)
- @param y FP4 instance
- */
-extern void FP4_nconj(FP4 *x,FP4 *y);
-/** @brief addition of two FP4s
- *
- @param x FP4 instance, on exit = y+z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_add(FP4 *x,FP4 *y,FP4 *z);
-/** @brief subtraction of two FP4s
- *
- @param x FP4 instance, on exit = y-z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_sub(FP4 *x,FP4 *y,FP4 *z);
-/** @brief Multiplication of an FP4 by an FP2
- *
- @param x FP4 instance, on exit = y*a
- @param y FP4 instance
- @param a FP2 multiplier
- */
-extern void FP4_pmul(FP4 *x,FP4 *y,FP2 *a);
-/** @brief Multiplication of an FP4 by a small integer
- *
- @param x FP4 instance, on exit = y*i
- @param y FP4 instance
- @param i an integer
- */
-extern void FP4_imul(FP4 *x,FP4 *y,int i);
-/** @brief Squaring an FP4
- *
- @param x FP4 instance, on exit = y^2
- @param y FP4 instance
- */
-extern void FP4_sqr(FP4 *x,FP4 *y);
-/** @brief Multiplication of two FP4s
- *
- @param x FP4 instance, on exit = y*z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_mul(FP4 *x,FP4 *y,FP4 *z);
-/** @brief Inverting an FP4
- *
- @param x FP4 instance, on exit = 1/y
- @param y FP4 instance
- */
-extern void FP4_inv(FP4 *x,FP4 *y);
-/** @brief Formats and outputs an FP4 to the console
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_output(FP4 *x);
-/** @brief Formats and outputs an FP4 to the console in raw form (for debugging)
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_rawoutput(FP4 *x);
-/** @brief multiplies an FP4 instance by irreducible polynomial sqrt(1+sqrt(-1))
- *
- @param x FP4 instance, on exit = sqrt(1+sqrt(-1)*x
- */
-extern void FP4_times_i(FP4 *x);
-/** @brief Normalises the components of an FP4
- *
- @param x FP4 instance to be normalised
- */
-extern void FP4_norm(FP4 *x);
-/** @brief Reduces all components of possibly unreduced FP4 mod Modulus
- *
- @param x FP4 instance, on exit reduced mod Modulus
- */
-extern void FP4_reduce(FP4 *x);
-/** @brief Raises an FP4 to the power of a BIG
- *
- @param x FP4 instance, on exit = y^b
- @param y FP4 instance
- @param b BIG number
- */
-extern void FP4_pow(FP4 *x,FP4 *y,BIG b);
-/** @brief Raises an FP4 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP4 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP4_frob(FP4 *x,FP2 *f);
-/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
- *
- @param r FP4 instance, on exit = w*x-conj(x)*y+z
- @param w FP4 instance
- @param x FP4 instance
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_xtr_A(FP4 *r,FP4 *w,FP4 *x,FP4 *y,FP4 *z);
-/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
- *
- @param r FP4 instance, on exit = x^2-2*conj(x)
- @param x FP4 instance
- */
-extern void FP4_xtr_D(FP4 *r,FP4 *x);
-/** @brief Calculates FP4 trace of an FP12 raised to the power of a BIG number
- *
- XTR single exponentiation
- @param r FP4 instance, on exit = trace(w^b)
- @param x FP4 instance, trace of an FP12 w
- @param b BIG number
- */
-extern void FP4_xtr_pow(FP4 *r,FP4 *x,BIG b);
-/** @brief Calculates FP4 trace of c^a.d^b, where c and d are derived from FP4 traces of FP12s
- *
- XTR double exponentiation
- Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
- @param r FP4 instance, on exit = trace(c^a.d^b)
- @param c FP4 instance, trace of an FP12
- @param d FP4 instance, trace of an FP12
- @param e FP4 instance, trace of an FP12
- @param f FP4 instance, trace of an FP12
- @param a BIG number
- @param b BIG number
- */
-extern void FP4_xtr_pow2(FP4 *r,FP4 *c,FP4 *d,FP4 *e,FP4 *f,BIG a,BIG b);
-
-
-
-/* FP12 prototypes */
-/** @brief Tests for FP12 equal to zero
- *
- @param x FP12 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP12_iszilch(FP12 *x);
-/** @brief Tests for FP12 equal to unity
- *
- @param x FP12 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP12_isunity(FP12 *x);
-/** @brief Copy FP12 to another FP12
- *
- @param x FP12 instance, on exit = y
- @param y FP12 instance to be copied
- */
-extern void FP12_copy(FP12 *x,FP12 *y);
-/** @brief Set FP12 to unity
- *
- @param x FP12 instance to be set to one
- */
-extern void FP12_one(FP12 *x);
-/** @brief Tests for equality of two FP12s
- *
- @param x FP12 instance to be compared
- @param y FP12 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP12_equals(FP12 *x,FP12 *y);
-/** @brief Conjugation of FP12
- *
- If y=(a,b,c) (where a,b,c are its three FP4 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP12 instance, on exit = conj(y)
- @param y FP12 instance
- */
-extern void FP12_conj(FP12 *x,FP12 *y);
-/** @brief Initialise FP12 from single FP4
- *
- Sets first FP4 component of an FP12, other components set to zero
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP4
- */
-extern void FP12_from_FP4(FP12 *x,FP4 *a);
-/** @brief Initialise FP12 from three FP4s
- *
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP12
- @param b FP4 to form second part of FP12
- @param c FP4 to form third part of FP12
- */
-extern void FP12_from_FP4s(FP12 *x,FP4 *a,FP4* b,FP4 *c);
-/** @brief Fast Squaring of an FP12 in "unitary" form
- *
- @param x FP12 instance, on exit = y^2
- @param y FP4 instance, must be unitary
- */
-extern void FP12_usqr(FP12 *x,FP12 *y);
-/** @brief Squaring an FP12
- *
- @param x FP12 instance, on exit = y^2
- @param y FP12 instance
- */
-extern void FP12_sqr(FP12 *x,FP12 *y);
-/** @brief Fast multiplication of an FP12 by an FP12 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, of special form
- */
-extern void FP12_smul(FP12 *x,FP12 *y);
-/** @brief Multiplication of two FP12s
- *
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, the multiplier
- */
-extern void FP12_mul(FP12 *x,FP12 *y);
-/** @brief Inverting an FP12
- *
- @param x FP12 instance, on exit = 1/y
- @param y FP12 instance
- */
-extern void FP12_inv(FP12 *x,FP12 *y);
-/** @brief Raises an FP12 to the power of a BIG
- *
- @param r FP12 instance, on exit = y^b
- @param x FP12 instance
- @param b BIG number
- */
-extern void FP12_pow(FP12 *r,FP12 *x,BIG b);
-/** @brief Raises an FP12 instance x to a small integer power, side-channel resistant
- *
- @param x ECP instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP12_pinpow(FP12 *x,int i,int b);
-/** @brief Calculate x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3], side-channel resistant
- *
- @param r ECP instance, on exit = x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3]
- @param x FP12 array with 4 FP12s
- @param b BIG array of 4 exponents
- */
-extern void FP12_pow4(FP12 *r,FP12 *x,BIG *b);
-/** @brief Raises an FP12 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP12 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP12_frob(FP12 *x,FP2 *f);
-/** @brief Reduces all components of possibly unreduced FP12 mod Modulus
- *
- @param x FP12 instance, on exit reduced mod Modulus
- */
-extern void FP12_reduce(FP12 *x);
-/** @brief Normalises the components of an FP12
- *
- @param x FP12 instance to be normalised
- */
-extern void FP12_norm(FP12 *x);
-/** @brief Formats and outputs an FP12 to the console
- *
- @param x FP12 instance to be printed
- */
-extern void FP12_output(FP12 *x);
-/** @brief Formats and outputs an FP12 instance to an octet string
- *
- Serializes the components of an FP12 to big-endian base 256 form.
- @param S output octet string
- @param x FP12 instance to be converted to an octet string
- */
-extern void FP12_toOctet(octet *S,FP12 *x);
-/** @brief Creates an FP12 instance from an octet string
- *
- De-serializes the components of an FP12 to create an FP12 from big-endian base 256 components.
- @param x FP12 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP12_fromOctet(FP12 *x,octet *S);
-/** @brief Calculate the trace of an FP12
- *
- @param t FP4 trace of x, on exit = tr(x)
- @param x FP12 instance
-
- */
-extern void FP12_trace(FP4 *t,FP12 *x);
-
-
-
-/* Pairing function prototypes */
-/** @brief Calculate Miller loop for Optimal ATE pairing e(P,Q)
- *
- @param r FP12 result of the pairing calculation e(P,Q)
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
-
- */
-extern void PAIR_ate(FP12 *r,ECP2 *P,ECP *Q);
-/** @brief Calculate Miller loop for Optimal ATE double-pairing e(P,Q).e(R,S)
- *
- Faster than calculating two separate pairings
- @param r FP12 result of the pairing calculation e(P,Q).e(R,S), an element of GT
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
- @param R ECP2 instance, an element of G2
- @param S ECP instance, an element of G1
- */
-extern void PAIR_double_ate(FP12 *r,ECP2 *P,ECP *Q,ECP2 *R,ECP *S);
-/** @brief Final exponentiation of pairing, converts output of Miller loop to element in GT
- *
- Here p is the internal modulus, and r is the group order
- @param x FP12, on exit = x^((p^12-1)/r)
- */
-extern void PAIR_fexp(FP12 *x);
-/** @brief Fast point multiplication of a member of the group G1 by a BIG number
- *
- May exploit endomorphism for speed.
- @param Q ECP member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_G1mul(ECP *Q,BIG b);
-/** @brief Fast point multiplication of a member of the group G2 by a BIG number
- *
- May exploit endomorphism for speed.
- @param P ECP2 member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_G2mul(ECP2 *P,BIG b);
-/** @brief Fast raising of a member of GT to a BIG power
- *
- May exploit endomorphism for speed.
- @param x FP12 member of GT.
- @param b BIG exponent
-
- */
-extern void PAIR_GTpow(FP12 *x,BIG b);
-/** @brief Tests FP12 for membership of GT
- *
- @param x FP12 instance
- @return 1 if x is in GT, else return 0
-
- */
-extern int PAIR_GTmember(FP12 *x);
-
-
-
-/* Finite Field Prototypes */
-/** @brief Copy one FF element of given length to another
- *
- @param x FF instance to be copied to, on exit = y
- @param y FF instance to be copied from
- @param n size of FF in BIGs
-
- */
-extern void FF_copy(BIG *x,BIG *y,int n);
-/** @brief Initialize an FF element of given length from a 32-bit integer m
- *
- @param x FF instance to be copied to, on exit = m
- @param m integer
- @param n size of FF in BIGs
- */
-extern void FF_init(BIG *x,sign32 m,int n);
-/** @brief Set FF element of given size to zero
- *
- @param x FF instance to be set to zero
- @param n size of FF in BIGs
- */
-extern void FF_zero(BIG *x,int n);
-/** @brief Tests for FF element equal to zero
- *
- @param x FF number to be tested
- @param n size of FF in BIGs
- @return 1 if zero, else returns 0
- */
-extern int FF_iszilch(BIG *x,int n);
-/** @brief return parity of an FF, that is the least significant bit
- *
- @param x FF number
- @return 0 or 1
- */
-extern int FF_parity(BIG *x);
-/** @brief return least significant m bits of an FF
- *
- @param x FF number
- @param m number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int FF_lastbits(BIG *x,int m);
-/** @brief Set FF element of given size to unity
- *
- @param x FF instance to be set to unity
- @param n size of FF in BIGs
- */
-extern void FF_one(BIG *x,int n);
-/** @brief Compares two FF numbers. Inputs must be normalised externally
- *
- @param x first FF number to be compared
- @param y second FF number to be compared
- @param n size of FF in BIGs
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int FF_comp(BIG *x,BIG *y,int n);
-/** @brief addition of two FFs
- *
- @param x FF instance, on exit = y+z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_add(BIG *x,BIG *y,BIG *z,int n);
-/** @brief subtraction of two FFs
- *
- @param x FF instance, on exit = y-z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_sub(BIG *x,BIG *y,BIG *z,int n);
-/** @brief increment an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x+m
- @param m an integer to be added to x
- @param n size of FF in BIGs
- */
-extern void FF_inc(BIG *x,int m,int n);
-/** @brief Decrement an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x-m
- @param m an integer to be subtracted from x
- @param n size of FF in BIGs
- */
-extern void FF_dec(BIG *x,int m,int n);
-/** @brief Normalises the components of an FF
- *
- @param x FF instance to be normalised
- @param n size of FF in BIGs
- */
-extern void FF_norm(BIG *x,int n);
-/** @brief Shift left an FF by 1 bit
- *
- @param x FF instance to be shifted left
- @param n size of FF in BIGs
- */
-extern void FF_shl(BIG *x,int n);
-/** @brief Shift right an FF by 1 bit
- *
- @param x FF instance to be shifted right
- @param n size of FF in BIGs
- */
-extern void FF_shr(BIG *x,int n);
-/** @brief Formats and outputs an FF to the console
- *
- @param x FF instance to be printed
- @param n size of FF in BIGs
- */
-extern void FF_output(BIG *x,int n);
-/** @brief Formats and outputs an FF instance to an octet string
- *
- Converts an FF to big-endian base 256 form.
- @param S output octet string
- @param x FF instance to be converted to an octet string
- @param n size of FF in BIGs
- */
-extern void FF_toOctet(octet *S,BIG *x,int n);
-/** @brief Populates an FF instance from an octet string
- *
- Creates FF from big-endian base 256 form.
- @param x FF instance to be created from an octet string
- @param S input octet string
- @param n size of FF in BIGs
- */
-extern void FF_fromOctet(BIG *x,octet *S,int n);
-/** @brief Multiplication of two FFs
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y*z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_mul(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Reduce FF mod a modulus
- *
- This is slow
- @param x FF instance to be reduced mod m - on exit = x mod m
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_mod(BIG *x,BIG *m,int n);
-/** @brief Square an FF
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y^2
- @param y FF instance to be squared
- @param n size of FF in BIGs
- */
-extern void FF_sqr(BIG *x,BIG *y,int n);
-/** @brief Reduces a double-length FF with respect to a given modulus
- *
- This is slow
- @param x FF instance, on exit = y mod z
- @param y FF instance, of double length 2*n
- @param z FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_dmod(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Invert an FF mod a prime modulus
- *
- @param x FF instance, on exit = 1/y mod z
- @param y FF instance
- @param z FF prime modulus
- @param n size of FF in BIGs
- */
-extern void FF_invmodp(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Create an FF from a random number generator
- *
- @param x FF instance, on exit x is a random number of length n BIGs with most significant bit a 1
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_random(BIG *x,csprng *R,int n);
-/** @brief Create a random FF less than a given modulus from a random number generator
- *
- @param x FF instance, on exit x is a random number < y
- @param y FF instance, the modulus
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_randomnum(BIG *x,BIG *y,csprng *R,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_skpow(BIG *r,BIG *x,BIG * e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- For short BIG exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_skspow(BIG *r,BIG *x,BIG e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- For very short integer exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e integer exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_power(BIG *r,BIG *x,int e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_pow(BIG *r,BIG *x,BIG *e,BIG *m,int n);
-/** @brief Test if an FF has factor in common with integer s
- *
- @param x FF instance to be tested
- @param s the supplied integer
- @param n size of FF in BIGs
- @return 1 if gcd(x,s)!=1, else return 0
- */
-extern int FF_cfactor(BIG *x,sign32 s,int n);
-/** @brief Test if an FF is prime
- *
- Uses Miller-Rabin Method
- @param x FF instance to be tested
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- @return 1 if x is (almost certainly) prime, else return 0
- */
-extern int FF_prime(BIG *x,csprng *R,int n);
-/** @brief Calculate r=x^e.y^f mod m
- *
- @param r FF instance, on exit = x^e.y^f mod p
- @param x FF instance
- @param e BIG exponent
- @param y FF instance
- @param f BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_pow2(BIG *r,BIG *x,BIG e,BIG *y,BIG f,BIG *m,int n);
-
-
-/* Octet string handlers */
-/** @brief Formats and outputs an octet to the console in hex
- *
- @param O Octet to be output
- */
-extern void OCT_output(octet *O);
-/** @brief Formats and outputs an octet to the console as a character string
- *
- @param O Octet to be output
- */
-extern void OCT_output_string(octet *O);
-/** @brief Wipe clean an octet
- *
- @param O Octet to be cleaned
- */
-extern void OCT_clear(octet *O);
-/** @brief Compare two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @return 1 if equal, else 0
- */
-extern int OCT_comp(octet *O,octet *P);
-/** @brief Compare first n bytes of two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @param n number of bytes to compare
- @return 1 if equal, else 0
- */
-extern int OCT_ncomp(octet *O,octet *P,int n);
-/** @brief Join from a C string to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s zero terminated string to be joined to octet
- */
-extern void OCT_jstring(octet *O,char *s);
-/** @brief Join bytes to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s bytes to be joined to end of octet
- @param n number of bytes to join
- */
-extern void OCT_jbytes(octet *O,char *s,int n);
-/** @brief Join single byte to end of an octet, repeated n times
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param b byte to be joined to end of octet
- @param n number of times b is to be joined
- */
-extern void OCT_jbyte(octet *O,int b,int n);
-/** @brief Join one octet to the end of another
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param P Octet to be joined to the end of O
- */
-extern void OCT_joctet(octet *O,octet *P);
-/** @brief XOR common bytes of a pair of Octets
- *
- @param O Octet - on exit = O xor P
- @param P Octet to be xored into O
- */
-extern void OCT_xor(octet *O,octet *P);
-/** @brief reset Octet to zero length
- *
- @param O Octet to be emptied
- */
-extern void OCT_empty(octet *O);
-/** @brief Pad out an Octet to the given length
- *
- Padding is done by inserting leading zeros, so abcd becomes 00abcd
- @param O Octet to be padded
- @param n new length of Octet
- */
-extern int OCT_pad(octet *O,int n);
-/** @brief Convert an Octet to printable base64 number
- *
- @param b zero terminated byte array to take base64 conversion
- @param O Octet to be converted
- */
-extern void OCT_tobase64(char *b,octet *O);
-/** @brief Populate an Octet from base64 number
- *
- @param O Octet to be populated
- @param b zero terminated base64 string
-
- */
-extern void OCT_frombase64(octet *O,char *b);
-/** @brief Copy one Octet into another
- *
- @param O Octet to be copied to
- @param P Octet to be copied from
-
- */
-extern void OCT_copy(octet *O,octet *P);
-/** @brief XOR every byte of an octet with input m
- *
- @param O Octet
- @param m byte to be XORed with every byte of O
-
- */
-extern void OCT_xorbyte(octet *O,int m);
-/** @brief Chops Octet into two, leaving first n bytes in O, moving the rest to P
- *
- @param O Octet to be chopped
- @param P new Octet to be created
- @param n number of bytes to chop off O
-
- */
-extern void OCT_chop(octet *O,octet *P,int n);
-/** @brief Join n bytes of integer m to end of Octet O (big endian)
- *
- Typically n is 4 for a 32-bit integer
- @param O Octet to be appended to
- @param m integer to be appended to O
- @param n number of bytes in m
-
- */
-extern void OCT_jint(octet *O,int m,int n);
-/** @brief Create an Octet from bytes taken from a random number generator
- *
- Truncates if there is no room
- @param O Octet to be populated
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n number of bytes to extracted from R
-
- */
-extern void OCT_rand(octet *O,csprng *R,int n);
-/** @brief Shifts Octet left by n bytes
- *
- Leftmost bytes disappear
- @param O Octet to be shifted
- @param n number of bytes to shift
-
- */
-extern void OCT_shl(octet *O,int n);
-/** @brief Convert an Octet to printable hex number
- *
- @param dst hex value
- @param src Octet to be converted
- */
-extern void OCT_toHex(octet *src,char *dst);
-/** @brief Convert an Octet to string
- *
- @param dst string value
- @param src Octet to be converted
- */
-extern void OCT_toStr(octet *src,char *dst);
-
-
-/* Hash function */
-/** @brief Initialise an instance of SHA256
- *
- @param H an instance SHA256
- */
-extern void HASH_init(hash *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA256
- @param b byte to be included in hash
- */
-extern void HASH_process(hash *H,int b);
-/** @brief Generate 32-byte hash
- *
- @param H an instance SHA256
- @param h is the output 32-byte hash
- */
-extern void HASH_hash(hash *H,char *h);
-
-
-
-/* AES functions */
-/** @brief Reset AES mode or IV
- *
- @param A an instance of the AES
- @param m is the new active mode of operation (ECB, CBC, OFB, CFB etc)
- @param iv the new Initialisation Vector
- */
-extern void AES_reset(aes *A,int m,char *iv);
-/** @brief Extract chaining vector from AES instance
- *
- @param A an instance of the AES
- @param f the extracted chaining vector
- */
-extern void AES_getreg(aes *A,char * f);
-/** @brief Initialise an instance of AES and its mode of operation
- *
- @param A an instance AES
- @param m is the active mode of operation (ECB, CBC, OFB, CFB etc)
- @param k the AES key as an array of 16 bytes
- @param iv the Initialisation Vector
- */
-extern void AES_init(aes *A,int m,char *k,char *iv);
-/** @brief Encrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- */
-extern void AES_ecb_encrypt(aes *A,uchar * b);
-/** @brief Decrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AES
- @param b is an array of 16 cipherext bytes, on exit becomes plaintext
- */
-extern void AES_ecb_decrypt(aes *A,uchar * b);
-/** @brief Encrypt a single 16 byte block in active mode
- *
- @param A an instance of the AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_encrypt(aes *A,char *b );
-/** @brief Decrypt a single 16 byte block in active mode
- *
- @param A an instance of the AES
- @param b is an array of 16 ciphertext bytes, on exit becomes plaintext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_decrypt(aes *A,char *b);
-/** @brief Clean up after application of AES
- *
- @param A an instance of the AES
- */
-extern void AES_end(aes *A);
-
-
-/* AES-GCM functions */
-/** @brief Initialise an instance of AES-GCM mode
- *
- @param G an instance AES-GCM
- @param k the AES key as an array of 16 bytes
- @param n the number of bytes in the Initialisation Vector (IV)
- @param iv the IV
- */
-extern void GCM_init(gcm *G,char *k,int n,char *iv);
-/** @brief Add header (material to be authenticated but not encrypted)
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param b is the header material to be added
- @param n the number of bytes in the header
- */
-extern int GCM_add_header(gcm *G,char *b,int n);
-/** @brief Add plaintext and extract ciphertext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param c is the ciphertext generated
- @param p is the plaintext material to be added
- @param n the number of bytes in the plaintext
- */
-extern int GCM_add_plain(gcm *G,char *c,char *p,int n);
-/** @brief Add ciphertext and extract plaintext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param p is the plaintext generated
- @param c is the ciphertext material to be added
- @param n the number of bytes in the ciphertext
- */
-extern int GCM_add_cipher(gcm *G,char *p,char *c,int n);
-/** @brief Finish off and extract authentication tag (HMAC)
- *
- @param G is an active instance AES-GCM
- @param t is the output 16 byte authentication tag
- */
-extern void GCM_finish(gcm *G,char *t);
-
-
-
-/* random numbers */
-/** @brief Seed a random number generator from an array of bytes
- *
- The provided seed should be truly random
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n the number of seed bytes provided
- @param b an array of seed bytes
-
- */
-extern void RAND_seed(csprng *R,int n,char *b);
-/** @brief Delete all internal state of a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- */
-extern void RAND_clean(csprng *R);
-/** @brief Return a random byte from a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- @return a random byte
- */
-extern int RAND_byte(csprng *R);
-
-#endif
[48/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/c/amcl_.h
----------------------------------------------------------------------
diff --git a/c/amcl_.h b/c/amcl_.h
deleted file mode 100755
index cb9cd58..0000000
--- a/c/amcl_.h
+++ /dev/null
@@ -1,2501 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL header file */
-/* Designed for AES-128 security, 254-256 bit elliptic curves and BN curves for pairings */
-/* Each "limb" of a big number occupies at most (n-3) bits of an n-bit computer word. The most significant word must have at least 4 extra unused bits */
-/* For n=64, use 5 words, use 56 bits per limb, leaving at least 24 unused MSBs 5*56-256 */
-/* For n=32, use 9 words, use 29 bits per limb, leaving at least 5 unused MSBs 9*29-256 */
-/* For n=16, use 20 words, use 13 bits per limb, leaving at least 4 unused MSBs 20*13-256 */
-
-/**
- * @file amcl_.h
- * @author Mike Scott and Kealan McCusker
- * @date 19th May 2015
- * @brief Main Header File
- *
- * Allows some user configuration
- * defines structures
- * declares functions
- *
- */
-
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef AMCL_H
-#define AMCL_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "DLLDefines.h"
-
-/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
-
-#if __STDC_VERSION__ >= 199901L
-/* C99 code */
-#define C99
-#else
-/* Not C99 code */
-#endif
-
-#ifndef C99 /* You are on your own! These are for Microsoft C */
-#define sign32 __int32 /**< 32-bit signed integer */
-#define sign8 signed char /**< 8-bit signed integer */
-#define unsign32 unsigned __int32 /**< 32-bit unsigned integer */
-#else
-#include <stdint.h>
-#define sign8 int8_t /**< 8-bit signed integer */
-#define sign32 int32_t /**< 32-bit signed integer */
-#define unsign32 uint32_t /**< 32-bit unsigned integer */
-#endif
-
-/* modulus types */
-
-#define NOT_SPECIAL 0 /**< Modulus of no exploitable form */
-#define PSEUDO_MERSENNE 1 /**< Pseudo-mersenne modulus of form $2^n-c$ */
-#define MONTGOMERY_FRIENDLY 3 /**< Montgomery Friendly modulus of form $2^a(2^b-c)-1$ */
-
-/* curve types */
-
-#define WEIERSTRASS 0 /**< Short Weierstrass form curve */
-#define EDWARDS 1 /**< Edwards or Twisted Edwards curve */
-#define MONTGOMERY 2 /**< Montgomery form curve */
-
-/* Elliptic curves are defined over prime fields */
-/* Here are some popular EC prime fields for which I have prepared curves. Feel free to specify your own. */
-
-#define NIST 0 /**< For the NIST 256-bit standard curve - WEIERSTRASS only */
-#define C25519 1 /**< Bernstein's Modulus 2^255-19 - EDWARDS or MONTGOMERY only */
-#define BRAINPOOL 2 /**< For Brainpool 256-bit curve - WEIERSTRASS only */
-#define ANSSI 3 /**< For French 256-bit standard curve - WEIERSTRASS only */
-#define MF254 4 /**< For NUMS curves from Bos et al - 254-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MS255 5 /**< For NUMS curve - 255-bit pseudo-mersenne modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MF256 6 /**< For NUMS curve - 256-bit Montgomery friendly modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-#define MS256 7 /**< For NUMS curve - 256-bit pseudo-merseene modulus - WEIERSTRASS or EDWARDS or MONTGOMERY */
-
-#define BN 100 /**< Standard Nogami BN curve - fastest. Modulus built from t=-0x4080000000000001 - WEIERSTRASS only */
-#define BNCX 101 /**< Our MIRACL BN curve. Modulus built from t=-0x4000000003C012B1 - WEIERSTRASS only */
-#define BNT 102 /**< GT_Strong BN curve. Modulus built from t=-0x4000806000004081 - WEIERSTRASS only */
-#define BNT2 103 /**< G2 and GT-Strong BN curve. Modulus built from t=-0x4000020100608205 - WEIERSTRASS only */
-
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture and choose modulus and curve ***/
-
-#define CHUNK 32 /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#define CHOICE BNCX /**< Current choice of Field */
-/* For some moduli only WEIERSTRASS curves are supported. For others there is a choice of WEIERSTRASS, EDWARDS or MONTGOMERY curves. See above. */
-#define CURVETYPE WEIERSTRASS /**< Note that not all curve types are supported - see above */
-
-/* Actual curve parameters associated with these choices can be found in rom.c */
-
-/* These next options only apply for pairings */
-#define USE_GLV /**< Note this method is patented (GLV), so maybe you want to comment this out */
-#define USE_GS_G2 /**< Well we didn't patent it :) But may be covered by GLV patent :( */
-#define USE_GS_GT /**< Not patented, so probably always use this */
-
-/* Finite field support - for RSA, DH etc. */
-#define FF_BITS 2048 /**< Finite Field Size in bits - must be 256.2^n */
-
-/* For debugging Only.
-#define DEBUG_REDUCE
-#define DEBUG_NORM
-#define GET_STATS
-*/
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-
-#if CHOICE>=BN /* Its a BN curve */
-#define MBITS 254 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-#if CHOICE>BN
-#define GT_STRONG /**< Using a GT-Strong BN curve */
-#endif
-
-#if CHOICE==NIST
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-#if CHOICE==C25519
-#define MBITS 255 /**< Number of bits in Modulus */
-#define MOD8 5 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#endif
-
-#if CHOICE==BRAINPOOL
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-#if CHOICE==ANSSI
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE NOT_SPECIAL /**< Modulus type */
-#endif
-
-/**< NUMS curve from Bos et al. paper */
-
-#if CHOICE==MF254
-#define MBITS 254 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
-#endif
-
-#if CHOICE==MF256
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 7 /**< Modulus mod 8 */
-#define MODTYPE MONTGOMERY_FRIENDLY /**< Modulus type */
-#endif
-
-#if CHOICE==MS255
-#define MBITS 255 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#endif
-
-#if CHOICE==MS256
-#define MBITS 256 /**< Number of bits in Modulus */
-#define MOD8 3 /**< Modulus mod 8 */
-#define MODTYPE PSEUDO_MERSENNE /**< Modulus type */
-#endif
-
-
-#define FFLEN (FF_BITS/256) /**< RSA public key bytes */
-#define HFLEN (FFLEN/2) /**< Useful for half-size RSA private key operations */
-
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-#if CHUNK==16
-#define NLEN 20 /**< Number of words in BIG. */
-#define BASEBITS 13 /**< Numbers represented to base 2*BASEBITS */
-#ifndef C99
-#define chunk __int16 /**< C type corresponding to word length */
-#define dchunk __int32 /**< Always define double length chunk type if available */
-#else
-#define chunk int16_t /**< C type corresponding to word length */
-#define dchunk int32_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 32
-#define NLEN 9 /**< Number of words in BIG. */
-#define BASEBITS 29 /**< Numbers represented to base 2*BASEBITS */
-#ifndef C99
-#define chunk __int32 /**< C type corresponding to word length */
-#define dchunk __int64 /**< Always define double length chunk type if available */
-#else
-#define chunk int32_t /**< C type corresponding to word length */
-#define dchunk int64_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 64
-#define NLEN 5 /**< Number of words in BIG. */
-#define BASEBITS 56 /**< Numbers represented to base 2*BASEBITS */
-#ifndef C99
-#define chunk __int64 /**< C type corresponding to word length */
- /**< Note - no 128-bit type available */
-#else
-#define chunk int64_t /**< C type corresponding to word length */
-#ifdef __GNUC__
-#define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
-#endif
-#endif
-#endif
-
-/* Don't mess with anything below this line */
-
-#ifdef GET_STATS
-extern int tsqr,rsqr,tmul,rmul;
-extern int tadd,radd,tneg,rneg;
-extern int tdadd,rdadd,tdneg,rdneg;
-#endif
-
-#define DCHUNK 2*CHUNK /**< Number of bits in double-length type */
-#define DNLEN 2*NLEN /**< double length required for products of BIGs */
-
-#ifdef dchunk
-#define COMBA /**< Use COMBA method for faster BN muls, sqrs and reductions */
-#endif
-
-#define CHUNK_BITS 8*sizeof(chunk) /**< Number of bits in a chunk */
-
-#ifdef DEBUG_NORM /* Add an extra location to track chunk extension */
-typedef chunk BIG[NLEN+1]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN+1]; /**< Define type DBIG as array of chunks */
-#else
-typedef chunk BIG[NLEN]; /**< Define type BIG as array of chunks */
-typedef chunk DBIG[DNLEN]; /**< Define type DBIG as array of chunks */
-#endif
-
-#define HBITS (BASEBITS/2) /**< Number of bits in number base divided by 2 */
-#define HBITS1 ((BASEBITS+1)/2) /**< Number of bits in number base plus 1 divided by 2 */
-#define HDIFF (HBITS1-HBITS) /**< Will be either 0 or 1, depending if number of bits in number base is even or odd */
-
-#define MASK (((chunk)1<<BASEBITS)-1) /**< Mask = 2^BASEBITS-1 */
-#define HMASK (((chunk)1<<HBITS)-1) /**< Mask = 2^HBITS-1 */
-#define HMASK1 (((chunk)1<<HBITS1)-1) /**< Mask = 2^HBITS1-1 */
-
-#define MODBITS MBITS /**< Number of bits in Modulus for selected curve */
-#define MODBYTES 32 /**< Number of bytes in Modulus */
-#define MB (MBITS%BASEBITS) /**< Number of bits in modulus mod number of bits in number base */
-#define TBITS (MBITS%BASEBITS) /**< Number of active bits in top word */
-#define TMASK (((chunk)1<<(MBITS%BASEBITS))-1) /**< Mask for active bits in top word */
-#define NEXCESS (1<<(CHUNK-BASEBITS-1)) /**< 2^(CHUNK-BASEBITS-1) - digit cannot be multiplied by more than this before normalisation */
-#define FEXCESS ((chunk)1<<(BASEBITS*NLEN-MBITS)) /**< 2^(BASEBITS*NLEN-MODBITS) - normalised BIG can be multiplied by more than this before reduction */
-#define OMASK ((chunk)(-1)<<(MBITS%BASEBITS)) /**< for masking out overflow bits */
-
-/* catch field excesses */
-#define EXCESS(a) ((a[NLEN-1]&OMASK)>>(MB)) /**< Field Excess */
-
-/* Field Params - see rom.c */
-extern const BIG Modulus; /**< Actual Modulus set in rom.c */
-extern const chunk MConst; /**< Montgomery only - 1/p mod 2^BASEBITS */
-
-/* Curve Params - see rom.c */
-extern const int CURVE_A; /**< Elliptic curve A parameter */
-extern const BIG CURVE_B; /**< Elliptic curve B parameter */
-extern const BIG CURVE_Order; /**< Elliptic curve group order */
-
-/* Generator point on G1 */
-extern const BIG CURVE_Gx; /**< x-coordinate of generator point in group G1 */
-extern const BIG CURVE_Gy; /**< y-coordinate of generator point in group G1 */
-
-/* For Pairings only */
-
-/* Generator point on G2 */
-extern const BIG CURVE_Pxa; /**< real part of x-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pxb; /**< imaginary part of x-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pya; /**< real part of y-coordinate of generator point in group G2 */
-extern const BIG CURVE_Pyb; /**< imaginary part of y-coordinate of generator point in group G2 */
-
-extern const BIG CURVE_Bnx; /**< BN curve x parameter */
-
-extern const BIG CURVE_Cru; /**< BN curve Cube Root of Unity */
-
-extern const BIG CURVE_Fra; /**< real part of BN curve Frobenius Constant */
-extern const BIG CURVE_Frb; /**< imaginary part of BN curve Frobenius Constant */
-
-
-extern const BIG CURVE_W[2]; /**< BN curve constant for GLV decomposition */
-extern const BIG CURVE_SB[2][2]; /**< BN curve constant for GLV decomposition */
-extern const BIG CURVE_WB[4]; /**< BN curve constant for GS decomposition */
-extern const BIG CURVE_BB[4][4]; /**< BN curve constant for GS decomposition */
-
-/* Structures */
-
-/**
- @brief ECP structure - Elliptic Curve Point over base field
-*/
-
-typedef struct {
-#if CURVETYPE!=EDWARDS
-int inf; /**< Infinity Flag - not needed for Edwards representation */
-#endif
-BIG x; /**< x-coordinate of point */
-#if CURVETYPE!=MONTGOMERY
-BIG y; /**< y-coordinate of point. Not needed for Montgomery representation */
-#endif
-BIG z; /**< z-coordinate of point */
-} ECP;
-
-/**
- @brief FP2 Structure - quadratic extension field
-*/
-
-typedef struct {
-BIG a; /**< real part of FP2 */
-BIG b; /**< imaginary part of FP2 */
-} FP2;
-
-/**
- @brief FP4 Structure - towered over two FP2
-*/
-
-typedef struct {
-FP2 a; /**< real part of FP4 */
-FP2 b; /**< imaginary part of FP4 */
-} FP4;
-
-/**
- @brief FP12 Structure - towered over three FP4
-*/
-
-typedef struct {
-FP4 a; /**< first part of FP12 */
-FP4 b; /**< second part of FP12 */
-FP4 c; /**< third part of FP12 */
-} FP12;
-
-/**
- @brief ECP2 Structure - Elliptic Curve Point over quadratic extension field
-*/
-
-typedef struct {
-int inf; /**< Infinity Flag */
-FP2 x; /**< x-coordinate of point */
-FP2 y; /**< y-coordinate of point */
-FP2 z; /**< z-coordinate of point */
-} ECP2;
-
-/**
- @brief SHA256 hash function instance
-*/
-
-typedef struct {
-unsign32 length[2]; /**< 64-bit input length */
-unsign32 h[8]; /**< Internal state */
-unsign32 w[64]; /**< Internal state */
-} hash;
-
-/* Symmetric Encryption AES structure */
-
-#define ECB 0 /**< Electronic Code Book */
-#define CBC 1 /**< Cipher Block Chaining */
-#define CFB1 2 /**< Cipher Feedback - 1 byte */
-#define CFB2 3 /**< Cipher Feedback - 2 bytes */
-#define CFB4 5 /**< Cipher Feedback - 4 bytes */
-#define OFB1 14 /**< Output Feedback - 1 byte */
-#define OFB2 15 /**< Output Feedback - 2 bytes */
-#define OFB4 17 /**< Output Feedback - 4 bytes */
-#define OFB8 21 /**< Output Feedback - 8 bytes */
-#define OFB16 29 /**< Output Feedback - 16 bytes */
-
-#define uchar unsigned char /**< Unsigned char */
-
-/**
- @brief AES instance
-*/
-
-
-typedef struct {
-int mode; /**< AES mode of operation */
-unsign32 fkey[44]; /**< subkeys for encrypton */
-unsign32 rkey[44]; /**< subkeys for decrypton */
-char f[16]; /**< buffer for chaining vector */
-} aes;
-
-/* AES-GCM suppport. */
-
-#define GCM_ACCEPTING_HEADER 0 /**< GCM status */
-#define GCM_ACCEPTING_CIPHER 1 /**< GCM status */
-#define GCM_NOT_ACCEPTING_MORE 2 /**< GCM status */
-#define GCM_FINISHED 3 /**< GCM status */
-#define GCM_ENCRYPTING 0 /**< GCM mode */
-#define GCM_DECRYPTING 1 /**< GCM mode */
-
-
-/**
- @brief GCM mode instance, using AES internally
-*/
-
-typedef struct {
-unsign32 table[128][4]; /**< 2k byte table */
-uchar stateX[16]; /**< GCM Internal State */
-uchar Y_0[16]; /**< GCM Internal State */
-unsign32 lenA[2]; /**< GCM 64-bit length of header */
-unsign32 lenC[2]; /**< GCM 64-bit length of ciphertext */
-int status; /**< GCM Status */
-aes a; /**< Internal Instance of AES cipher */
-} gcm;
-
-/* Marsaglia & Zaman Random number generator constants */
-
-#define NK 21 /**< PRNG constant */
-#define NJ 6 /**< PRNG constant */
-#define NV 8 /**< PRNG constant */
-
-
-/**
- @brief Cryptographically secure pseudo-random number generator instance
-*/
-
-typedef struct {
-unsign32 ira[NK]; /**< random number array */
-int rndptr; /**< pointer into array */
-unsign32 borrow; /**< borrow as a result of subtraction */
-int pool_ptr; /**< pointer into random pool */
-char pool[32]; /**< random pool */
-} csprng;
-
-
-/**
- @brief Portable representation of a big positive number
-*/
-
-typedef struct
-{
- int len; /**< length in bytes */
- int max; /**< max length allowed - enforce truncation */
- char *val; /**< byte array */
-} octet;
-
-/**
- @brief Integer Factorisation Public Key
-*/
-
-typedef struct
-{
- sign32 e; /**< RSA exponent (typically 65537) */
- BIG n[FFLEN]; /**< An array of BIGs to store public key */
-} rsa_public_key;
-
-/**
- @brief Integer Factorisation Private Key
-*/
-
-typedef struct
-{
- BIG p[FFLEN/2]; /**< secret prime p */
- BIG q[FFLEN/2]; /**< secret prime q */
- BIG dp[FFLEN/2]; /**< decrypting exponent mod (p-1) */
- BIG dq[FFLEN/2]; /**< decrypting exponent mod (q-1) */
- BIG c[FFLEN/2]; /**< 1/p mod q */
-} rsa_private_key;
-
-/*
-
-Note that a normalised BIG consists of digits mod 2^BASEBITS
-However BIG digits may be "extended" up to 2^(WORDLENGTH-1).
-
-BIGs in extended form may need to be normalised before certain
-operations.
-
-A BIG may be "reduced" to be less that the Modulus, or it
-may be "unreduced" and allowed to grow greater than the
-Modulus.
-
-Normalisation is quite fast. Reduction involves conditional branches,
-which can be regarded as significant "speed bumps". We try to
-delay reductions as much as possible. Reductions may also involve
-side channel leakage, so delaying and batching them
-hopefully disguises internal operations.
-
-*/
-
-/* BIG number prototypes */
-
-/** @brief Calculates a*b+c+*d
- *
- Calculate partial product of a.b, add in carry c, and add total to d
- @param a multiplier
- @param b multiplicand
- @param c carry
- @param d pointer to accumulated bottom half of result
- @return top half of result
- */
-extern chunk muladd(chunk a,chunk b,chunk c,chunk *d);
-/** @brief Tests for BIG equal to zero
- *
- @param x a BIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_iszilch(BIG x);
-/** @brief Tests for DBIG equal to zero
- *
- @param x a DBIG number
- @return 1 if zero, else returns 0
- */
-extern int BIG_diszilch(DBIG x);
-/** @brief Outputs a BIG number to the console
- *
- @param x a BIG number
- */
-extern void BIG_output(BIG x);
-/** @brief Outputs a BIG number to the console in raw form (for debugging)
- *
- @param x a BIG number
- */
-extern void BIG_rawoutput(BIG x);
-/** @brief Conditional constant time swap of two BIG numbers
- *
- Conditionally swaps parameters in constant time (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s swap takes place if not equal to 0
- */
-extern void BIG_cswap(BIG x,BIG y,int s);
-/** @brief Conditional copy of BIG number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x a BIG number
- @param y another BIG number
- @param s copy takes place if not equal to 0
- */
-extern void BIG_cmove(BIG x,BIG y,int s);
-/** @brief Convert from BIG number to byte array
- *
- @param a byte array
- @param x BIG number
- */
-extern void BIG_toBytes(char *a,BIG x);
-/** @brief Convert to BIG number from byte array
- *
- @param x BIG number
- @param a byte array
- */
-extern void BIG_fromBytes(BIG x,char *a);
-/** @brief Outputs a DBIG number to the console
- *
- @param x a DBIG number
- */
-extern void BIG_doutput(DBIG x);
-/** @brief Copy BIG from Read-Only Memory to a BIG
- *
- @param x BIG number
- @param y BIG number in ROM
- */
-extern void BIG_rcopy(BIG x,const BIG y);
-/** @brief Copy BIG to another BIG
- *
- @param x BIG number
- @param y BIG number to be copied
- */
-extern void BIG_copy(BIG x,BIG y);
-/** @brief Copy DBIG to another DBIG
- *
- @param x DBIG number
- @param y DBIG number to be copied
- */
-extern void BIG_dcopy(DBIG x,DBIG y);
-/** @brief Copy BIG to upper half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dsucopy(DBIG x,BIG y);
-/** @brief Copy BIG to lower half of DBIG
- *
- @param x DBIG number
- @param y BIG number to be copied
- */
-extern void BIG_dscopy(DBIG x,BIG y);
-/** @brief Copy lower half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sdcopy(BIG x,DBIG y);
-/** @brief Copy upper half of DBIG to a BIG
- *
- @param x BIG number
- @param y DBIG number to be copied
- */
-extern void BIG_sducopy(BIG x,DBIG y);
-/** @brief Set BIG to zero
- *
- @param x BIG number to be set to zero
- */
-extern void BIG_zero(BIG x);
-/** @brief Set DBIG to zero
- *
- @param x DBIG number to be set to zero
- */
-extern void BIG_dzero(DBIG x);
-/** @brief Set BIG to one (unity)
- *
- @param x BIG number to be set to one.
- */
-extern void BIG_one(BIG x);
-/** @brief Set BIG to inverse mod 2^256
- *
- @param x BIG number to be inverted
- */
-extern void BIG_invmod2m(BIG x);
-/** @brief Set BIG to sum of two BIGs - output not normalised
- *
- @param x BIG number, sum of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_add(BIG x,BIG y,BIG z);
-/** @brief Increment BIG by a small integer - output not normalised
- *
- @param x BIG number to be incremented
- @param i integer
- */
-extern void BIG_inc(BIG x,int i);
-/** @brief Set BIG to difference of two BIGs
- *
- @param x BIG number, difference of other two - output not normalised
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_sub(BIG x,BIG y,BIG z);
-/** @brief Decrement BIG by a small integer - output not normalised
- *
- @param x BIG number to be decremented
- @param i integer
- */
-extern void BIG_dec(BIG x,int i);
-/** @brief Set DBIG to difference of two DBIGs
- *
- @param x DBIG number, difference of other two - output not normalised
- @param y DBIG number
- @param z DBIG number
- */
-extern void BIG_dsub(DBIG x,DBIG y,DBIG z);
-/** @brief Multiply BIG by a small integer - output not normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_imul(BIG x,BIG y,int i);
-/** @brief Multiply BIG by not-so-small small integer - output normalised
- *
- @param x BIG number, product of other two
- @param y BIG number
- @param i small integer
- @return Overflowing bits
- */
-extern chunk BIG_pmul(BIG x,BIG y,int i);
-/** @brief Divide BIG by 3 - output normalised
- *
- @param x BIG number
- @return Remainder
- */
-extern int BIG_div3(BIG x);
-/** @brief Multiply BIG by even bigger small integer resulting in a DBIG - output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param i small integer
- */
-extern void BIG_pxmul(DBIG x,BIG y,int i);
-/** @brief Multiply BIG by another BIG resulting in DBIG - inputs normalised and output normalised
- *
- @param x DBIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_mul(DBIG x,BIG y,BIG z);
-/** @brief Multiply BIG by another BIG resulting in another BIG - inputs normalised and output normalised
- *
- Note that the product must fit into a BIG, and x must be distinct from y and z
- @param x BIG number, product of other two
- @param y BIG number
- @param z BIG number
- */
-extern void BIG_smul(BIG x,BIG y,BIG z);
-/** @brief Square BIG resulting in a DBIG - input normalised and output normalised
- *
- @param x DBIG number, square of a BIG
- @param y BIG number to be squared
- */
-extern void BIG_sqr(DBIG x,BIG y);
-/** @brief Shifts a BIG left by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shl(BIG x,int s);
-/** @brief Fast shifts a BIG left by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Overflow bits
- */
-extern chunk BIG_fshl(BIG x,int s);
-/** @brief Shifts a DBIG left by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshl(DBIG x,int s);
-/** @brief Shifts a BIG right by any number of bits - input must be normalised, output normalised
- *
- @param x BIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_shr(BIG x,int s);
-/** @brief Fast shifts a BIG right by a small number of bits - input must be normalised, output will be normalised
- *
- The number of bits to be shifted must be less than BASEBITS
- @param x BIG number to be shifted
- @param s Number of bits to shift
- @return Shifted out bits
- */
-extern chunk BIG_fshr(BIG x,int s);
-/** @brief Shifts a DBIG right by any number of bits - input must be normalised, output normalised
- *
- @param x DBIG number to be shifted
- @param s Number of bits to shift
- */
-extern void BIG_dshr(DBIG x,int s);
-/** @brief Splits a DBIG into two BIGs - input must be normalised, outputs normalised
- *
- Internal function. The value of s must be approximately in the middle of the DBIG.
- Typically used to extract z mod 2^MODBITS and z/2^MODBITS
- @param x BIG number, top half of z
- @param y BIG number, bottom half of z
- @param z DBIG number to be split in two.
- @param s Bit position at which to split
- */
-extern void BIG_split(BIG x,BIG y,DBIG z,int s);
-/** @brief Normalizes a BIG number - output normalised
- *
- All digits of the input BIG are reduced mod 2^BASEBITS
- @param x BIG number to be normalised
- */
-extern chunk BIG_norm(BIG x);
-/** @brief Normalizes a DBIG number - output normalised
- *
- All digits of the input DBIG are reduced mod 2^BASEBITS
- @param x DBIG number to be normalised
- */
-extern void BIG_dnorm(DBIG x);
-/** @brief Compares two BIG numbers. Inputs must be normalised externally
- *
- @param x first BIG number to be compared
- @param y second BIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_comp(BIG x,BIG y);
-/** @brief Compares two DBIG numbers. Inputs must be normalised externally
- *
- @param x first DBIG number to be compared
- @param y second DBIG number to be compared
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int BIG_dcomp(DBIG x,DBIG y);
-/** @brief Calculate number of bits in a BIG - output normalised
- *
- @param x BIG number
- @return Number of bits in x
- */
-extern int BIG_nbits(BIG x);
-/** @brief Calculate number of bits in a DBIG - output normalised
- *
- @param x DBIG number
- @return Number of bits in x
- */
-extern int BIG_dnbits(DBIG x);
-/** @brief Reduce x mod n - input and output normalised
- *
- Slow but rarely used
- @param x BIG number to be reduced mod n
- @param n The modulus
- */
-extern void BIG_mod(BIG x,BIG n);
-/** @brief Divide x by n - output normalised
- *
- Slow but rarely used
- @param x BIG number to be divided by n
- @param n The Divisor
- */
-extern void BIG_sdiv(BIG x,BIG n);
-/** @brief x=y mod n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y mod n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_dmod(BIG x,DBIG y,BIG n);
-/** @brief x=y/n - output normalised
- *
- Slow but rarely used. y is destroyed.
- @param x BIG number, on exit = y/n
- @param y DBIG number
- @param n Modulus
- */
-extern void BIG_ddiv(BIG x,DBIG y,BIG n);
-/** @brief return parity of BIG, that is the least significant bit
- *
- @param x BIG number
- @return 0 or 1
- */
-extern int BIG_parity(BIG x);
-/** @brief return i-th of BIG
- *
- @param x BIG number
- @param i the bit of x to be returned
- @return 0 or 1
- */
-extern int BIG_bit(BIG x,int i);
-/** @brief return least significant bits of a BIG
- *
- @param x BIG number
- @param n number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int BIG_lastbits(BIG x,int n);
-/** @brief Create a random BIG from a random number generator
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_random(BIG x,csprng *r);
-/** @brief Create an unbiased random BIG from a random number generator, reduced with respect to a modulus
- *
- Assumes that the random number generator has been suitably initialised
- @param x BIG number, on exit a random number
- @param n The modulus
- @param r A pointer to a Cryptographically Secure Random Number Generator
- */
-extern void BIG_randomnum(BIG x,BIG n,csprng *r);
-/** @brief return NAF (Non-Adjacent-Form) value as +/- 1, 3 or 5, inputs must be normalised
- *
- Given x and 3*x extracts NAF value from given bit position, and returns number of bits processed, and number of trailing zeros detected if any
- @param x BIG number
- @param x3 BIG number, three times x
- @param i bit position
- @param nbs pointer to integer returning number of bits processed
- @param nzs pointer to integer returning number of trailing 0s
- @return + or - 1, 3 or 5
- */
-extern int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs);
-/** @brief Calculate x=y*z mod n
- *
- Slow method for modular multiplication
- @param x BIG number, on exit = y*z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modmul(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y/z mod n
- *
- Slow method for modular division
- @param x BIG number, on exit = y/z mod n
- @param y BIG number
- @param z BIG number
- @param n The BIG Modulus
- */
-extern void BIG_moddiv(BIG x,BIG y,BIG z,BIG n);
-/** @brief Calculate x=y^2 mod n
- *
- Slow method for modular squaring
- @param x BIG number, on exit = y^2 mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modsqr(BIG x,BIG y,BIG n);
-/** @brief Calculate x=-y mod n
- *
- Modular negation
- @param x BIG number, on exit = -y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_modneg(BIG x,BIG y,BIG n);
-/** @brief Calculate jacobi Symbol (x/y)
- *
- @param x BIG number
- @param y BIG number
- @return Jacobi symbol, -1,0 or 1
- */
-extern int BIG_jacobi(BIG x,BIG y);
-/** @brief Calculate x=1/y mod n
- *
- Modular Inversion - This is slow. Uses binary method.
- @param x BIG number, on exit = 1/y mod n
- @param y BIG number
- @param n The BIG Modulus
- */
-extern void BIG_invmodp(BIG x,BIG y,BIG n);
-
-
-
-/* FP prototypes */
-
-/** @brief Tests for BIG equal to zero mod Modulus
- *
- @param x BIG number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP_iszilch(BIG x);
-/** @brief Converts from BIG integer to n-residue form mod Modulus
- *
- @param x BIG number to be converted
- */
-extern void FP_nres(BIG x);
-/** @brief Converts from n-residue form back to BIG integer form
- *
- @param x BIG number to be converted
- */
-extern void FP_redc(BIG x);
-/** @brief Sets BIG to representation of unity in n-residue form
- *
- @param x BIG number to be set equal to unity.
- */
-extern void FP_one(BIG x);
-/** @brief Reduces DBIG to BIG exploiting special form of the modulus
- *
- This function comes in different flavours depending on the form of Modulus that is currently in use.
- @param x BIG number, on exit = y mod Modulus
- @param y DBIG number to be reduced
- */
-extern void FP_mod(BIG x,DBIG y);
-/** @brief Fast Modular multiplication of two BIGs in n-residue form, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x BIG number, on exit the modular product = y*z mod Modulus
- @param y BIG number, the multiplicand
- @param z BIG number, the multiplier
- */
-extern void FP_mul(BIG x,BIG y,BIG z);
-/** @brief Fast Modular multiplication of a BIG in n-residue form, by a small integer, mod Modulus
- *
- @param x BIG number, on exit the modular product = y*i mod Modulus
- @param y BIG number, the multiplicand
- @param i a small number, the multiplier
- */
-extern void FP_imul(BIG x,BIG y,int i);
-/** @brief Fast Modular squaring of a BIG in n-residue form, mod Modulus
- *
- Uses appropriate fast modular reduction method
- @param x BIG number, on exit the modular product = y^2 mod Modulus
- @param y BIG number, the number to be squared
-
- */
-extern void FP_sqr(BIG x,BIG y);
-/** @brief Modular addition of two BIGs in n-residue form, mod Modulus
- *
- @param x BIG number, on exit the modular sum = y+z mod Modulus
- @param y BIG number
- @param z BIG number
- */
-extern void FP_add(BIG x,BIG y,BIG z);
-/** @brief Modular subtraction of two BIGs in n-residue form, mod Modulus
- *
- @param x BIG number, on exit the modular difference = y-z mod Modulus
- @param y BIG number
- @param z BIG number
- */
-extern void FP_sub(BIG x,BIG y,BIG z);
-/** @brief Modular division by 2 of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit =y/2 mod Modulus
- @param y BIG number
- */
-extern void FP_div2(BIG x,BIG y);
-/** @brief Fast Modular exponentiation of a BIG in n-residue form, to the power of a BIG, mod Modulus
- *
- @param x BIG number, on exit = y^z mod Modulus
- @param y BIG number
- @param z Big number exponent
- */
-extern void FP_pow(BIG x,BIG y,BIG z);
-/** @brief Fast Modular square root of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = sqrt(y) mod Modulus
- @param y BIG number, the number whose square root is calculated
-
- */
-extern void FP_sqrt(BIG x,BIG y);
-/** @brief Modular negation of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = -y mod Modulus
- @param y BIG number
- */
-extern void FP_neg(BIG x,BIG y);
-/** @brief Outputs a BIG number that is in n-residue form to the console
- *
- Converts from n-residue form before output
- @param x a BIG number
- */
-extern void FP_output(BIG x);
-/** @brief Outputs a BIG number that is in n-residue form to the console, in raw form
- *
- Converts from n-residue form before output
- @param x a BIG number
- */
-extern void FP_rawoutput(BIG x);
-/** @brief Reduces possibly unreduced BIG mod Modulus
- *
- @param x BIG number, on exit reduced mod Modulus
- */
-extern void FP_reduce(BIG x);
-/** @brief Tests for BIG a quadratic residue mod Modulus
- *
- @param x BIG number to be tested
- @return 1 if quadratic residue, else returns 0 if quadratic non-residue
- */
-extern int FP_qr(BIG x);
-/** @brief Modular inverse of a BIG in n-residue form, mod Modulus
- *
- @param x BIG number, on exit = 1/y mod Modulus
- @param y BIG number
- */
-extern void FP_inv(BIG x,BIG y);
-
-
-/* FP2 prototypes */
-
-/** @brief Tests for FP2 equal to zero
- *
- @param x FP2 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP2_iszilch(FP2 *x);
-/** @brief Conditional copy of FP2 number
- *
- Conditionally copies second parameter to the first (without branching)
- @param x FP2 instance, set to y if s!=0
- @param y another FP2 instance
- @param s copy only takes place if not equal to 0
- */
-extern void FP2_cmove(FP2 *x,FP2 *y,int s);
-/** @brief Tests for FP2 equal to one
- *
- @param x FP2 instance to be tested
- @return 1 if x=1, else returns 0
- */
-extern int FP2_isunity(FP2 *x);
-/** @brief Tests for equality of two FP2s
- *
- @param x FP2 instance to be compared
- @param y FP2 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP2_equals(FP2 *x,FP2 *y);
-/** @brief Initialise FP2 from two BIGs in n-residue form
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_from_FPs(FP2 *x,BIG a,BIG b);
-/** @brief Initialise FP2 from two BIG integers
- *
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- @param b BIG to form imaginary part of FP2
- */
-extern void FP2_from_BIGs(FP2 *x,BIG a,BIG b);
-/** @brief Initialise FP2 from single BIG in n-residue form
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_from_FP(FP2 *x,BIG a);
-/** @brief Initialise FP2 from single BIG
- *
- Imaginary part is set to zero
- @param x FP2 instance to be initialised
- @param a BIG to form real part of FP2
- */
-extern void FP2_from_BIG(FP2 *x,BIG a);
-/** @brief Copy FP2 to another FP2
- *
- @param x FP2 instance, on exit = y
- @param y FP2 instance to be copied
- */
-extern void FP2_copy(FP2 *x,FP2 *y);
-/** @brief Set FP2 to zero
- *
- @param x FP2 instance to be set to zero
- */
-extern void FP2_zero(FP2 *x);
-/** @brief Set FP2 to unity
- *
- @param x FP2 instance to be set to one
- */
-extern void FP2_one(FP2 *x);
-/** @brief Negation of FP2
- *
- @param x FP2 instance, on exit = -y
- @param y FP2 instance
- */
-extern void FP2_neg(FP2 *x,FP2 *y);
-/** @brief Conjugation of FP2
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP2 instance, on exit = conj(y)
- @param y FP2 instance
- */
-extern void FP2_conj(FP2 *x,FP2 *y);
-/** @brief addition of two FP2s
- *
- @param x FP2 instance, on exit = y+z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_add(FP2 *x,FP2 *y,FP2 *z);
-/** @brief subtraction of two FP2s
- *
- @param x FP2 instance, on exit = y-z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_sub(FP2 *x,FP2 *y,FP2 *z);
-/** @brief Multiplication of an FP2 by an n-residue
- *
- @param x FP2 instance, on exit = y*b
- @param y FP2 instance
- @param b BIG n-residue
- */
-extern void FP2_pmul(FP2 *x,FP2 *y,BIG b);
-/** @brief Multiplication of an FP2 by a small integer
- *
- @param x FP2 instance, on exit = y*i
- @param y FP2 instance
- @param i an integer
- */
-extern void FP2_imul(FP2 *x,FP2 *y,int i);
-/** @brief Squaring an FP2
- *
- @param x FP2 instance, on exit = y^2
- @param y FP2 instance
- */
-extern void FP2_sqr(FP2 *x,FP2 *y);
-/** @brief Multiplication of two FP2s
- *
- @param x FP2 instance, on exit = y*z
- @param y FP2 instance
- @param z FP2 instance
- */
-extern void FP2_mul(FP2 *x,FP2 *y,FP2 *z);
-/** @brief Formats and outputs an FP2 to the console
- *
- @param x FP2 instance
- */
-extern void FP2_output(FP2 *x);
-/** @brief Formats and outputs an FP2 to the console in raw form (for debugging)
- *
- @param x FP2 instance
- */
-extern void FP2_rawoutput(FP2 *x);
-/** @brief Inverting an FP2
- *
- @param x FP2 instance, on exit = 1/y
- @param y FP2 instance
- */
-extern void FP2_inv(FP2 *x,FP2 *y);
-/** @brief Divide an FP2 by 2
- *
- @param x FP2 instance, on exit = y/2
- @param y FP2 instance
- */
-extern void FP2_div2(FP2 *x,FP2 *y);
-/** @brief Multiply an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x*(1+sqrt(-1))
- */
-extern void FP2_mul_ip(FP2 *x);
-/** @brief Divide an FP2 by (1+sqrt(-1))
- *
- Note that (1+sqrt(-1)) is irreducible for FP4
- @param x FP2 instance, on exit = x/(1+sqrt(-1))
- */
-extern void FP2_div_ip(FP2 *x);
-/** @brief Normalises the components of an FP2
- *
- @param x FP2 instance to be normalised
- */
-extern void FP2_norm(FP2 *x);
-/** @brief Reduces all components of possibly unreduced FP2 mod Modulus
- *
- @param x FP2 instance, on exit reduced mod Modulus
- */
-extern void FP2_reduce(FP2 *x);
-/** @brief Raises an FP2 to the power of a BIG
- *
- @param x FP2 instance, on exit = y^b
- @param y FP2 instance
- @param b BIG number
- */
-extern void FP2_pow(FP2 *x,FP2 *y,BIG b);
-/** @brief Square root of an FP2
- *
- @param x FP2 instance, on exit = sqrt(y)
- @param y FP2 instance
- */
-extern int FP2_sqrt(FP2 *x,FP2 *y);
-
-
-
-/* ECP E(Fp) prototypes */
-/** @brief Tests for ECP point equal to infinity
- *
- @param P ECP point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP_isinf(ECP *P);
-/** @brief Tests for equality of two ECPs
- *
- @param P ECP instance to be compared
- @param Q ECP instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP_equals(ECP *P,ECP *Q);
-/** @brief Copy ECP point to another ECP point
- *
- @param P ECP instance, on exit = Q
- @param Q ECP instance to be copied
- */
-extern void ECP_copy(ECP *P,ECP *Q);
-/** @brief Negation of an ECP point
- *
- @param P ECP instance, on exit = -P
- */
-extern void ECP_neg(ECP *P);
-/** @brief Set ECP to point-at-infinity
- *
- @param P ECP instance to be set to infinity
- */
-extern void ECP_inf(ECP *P);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x) depends on form of elliptic curve, Weierstrass, Edwards or Montgomery.
- Used internally.
- @param r BIG n-residue value of f(x)
- @param x BIG n-residue x
- */
-extern void ECP_rhs(BIG r,BIG x);
-/** @brief Set ECP to point(x,y) given just x and sign of y
- *
- Point P set to infinity if no such point on the curve. If x is on the curve then y is calculated from the curve equation.
- The correct y value (plus or minus) is selected given its sign s.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @param s an integer representing the "sign" of y, in fact its least significant bit.
- */
-extern int ECP_setx(ECP *P,BIG x,int s);
-
-#if CURVETYPE==MONTGOMERY
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Note that y coordinate is not needed.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,BIG x);
-/** @brief Extract x coordinate of an ECP point P
- *
- @param x BIG on exit = x coordinate of point
- @param P ECP instance (x,[y])
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP_get(BIG x,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P, given difference D=P-Q
- *
- Differential addition of points on a Montgomery curve
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- @param D Difference between P and Q
- */
-extern void ECP_add(ECP *P,ECP *Q,ECP *D);
-#else
-/** @brief Set ECP to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP instance to be set (x,y)
- @param x BIG x coordinate of point
- @param y BIG y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP_set(ECP *P,BIG x,BIG y);
-/** @brief Extract x and y coordinates of an ECP point P
- *
- If x=y, returns only x
- @param x BIG on exit = x coordinate of point
- @param y BIG on exit = y coordinate of point (unless x=y)
- @param P ECP instance (x,y)
- @return sign of y, or -1 if P is point-at-infinity
- */
-extern int ECP_get(BIG x,BIG y,ECP *P);
-/** @brief Adds ECP instance Q to ECP instance P
- *
- @param P ECP instance, on exit =P+Q
- @param Q ECP instance to be added to P
- */
-extern void ECP_add(ECP *P,ECP *Q);
-/** @brief Subtracts ECP instance Q from ECP instance P
- *
- @param P ECP instance, on exit =P-Q
- @param Q ECP instance to be subtracted from P
- */
-extern void ECP_sub(ECP *P,ECP *Q);
-#endif
-/** @brief Converts an ECP point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP instance to be converted to affine form
- */
-extern void ECP_affine(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, in projective coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_outputxyz(ECP *P);
-/** @brief Formats and outputs an ECP point to the console, converted to affine coordinates
- *
- @param P ECP instance to be printed
- */
-extern void ECP_output(ECP * P);
-/** @brief Formats and outputs an ECP point to an octet string
- *
- The octet string is created in the standard form 04|x|y, except for Montgomery curve in which case it is 06|x
- Here x (and y) are the x and y coordinates in big-endian base 256 form.
- @param S output octet string
- @param P ECP instance to be converted to an octet string
- */
-extern void ECP_toOctet(octet *S,ECP *P);
-/** @brief Creates an ECP point from an octet string
- *
- The octet string is in the standard form 0x04|x|y, except for Montgomery curve in which case it is 0x06|x
- Here x (and y) are the x and y coordinates in left justified big-endian base 256 form.
- @param P ECP instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP_fromOctet(ECP *P,octet *S);
-/** @brief Doubles an ECP instance P
- *
- @param P ECP instance, on exit =2*P
- */
-extern void ECP_dbl(ECP *P);
-/** @brief Multiplies an ECP instance P by a small integer, side-channel resistant
- *
- @param P ECP instance, on exit =i*P
- @param i small integer multiplier
- @param b maximum number of bits in multiplier
- */
-extern void ECP_pinmul(ECP *P,int i,int b);
-/** @brief Multiplies an ECP instance P by a BIG, side-channel resistant
- *
- Uses Montgomery ladder for Montgomery curves, otherwise fixed sized windows.
- @param P ECP instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP_mul(ECP *P,BIG b);
-/** @brief Calculates double multiplication P=e*P+f*Q, side-channel resistant
- *
- @param P ECP instance, on exit =e*P+f*Q
- @param Q ECP instance
- @param e BIG number multiplier
- @param f BIG number multiplier
- */
-extern void ECP_mul2(ECP *P,ECP *Q,BIG e,BIG f);
-
-
-
-/* ECP2 E(Fp2) prototypes */
-/** @brief Tests for ECP2 point equal to infinity
- *
- @param P ECP2 point to be tested
- @return 1 if infinity, else returns 0
- */
-extern int ECP2_isinf(ECP2 *P);
-/** @brief Copy ECP2 point to another ECP2 point
- *
- @param P ECP2 instance, on exit = Q
- @param Q ECP2 instance to be copied
- */
-extern void ECP2_copy(ECP2 *P,ECP2 *Q);
-/** @brief Set ECP2 to point-at-infinity
- *
- @param P ECP2 instance to be set to infinity
- */
-extern void ECP2_inf(ECP2 *P);
-/** @brief Tests for equality of two ECP2s
- *
- @param P ECP2 instance to be compared
- @param Q ECP2 instance to be compared
- @return 1 if P=Q, else returns 0
- */
-extern int ECP2_equals(ECP2 *P,ECP2 *Q);
-/** @brief Converts an ECP2 point from Projective (x,y,z) coordinates to affine (x,y) coordinates
- *
- @param P ECP2 instance to be converted to affine form
- */
-extern void ECP2_affine(ECP2 *P);
-/** @brief Extract x and y coordinates of an ECP2 point P
- *
- If x=y, returns only x
- @param x FP2 on exit = x coordinate of point
- @param y FP2 on exit = y coordinate of point (unless x=y)
- @param P ECP2 instance (x,y)
- @return -1 if P is point-at-infinity, else 0
- */
-extern int ECP2_get(FP2 *x,FP2 *y,ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, converted to affine coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_output(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to the console, in projective coordinates
- *
- @param P ECP2 instance to be printed
- */
-extern void ECP2_outputxyz(ECP2 *P);
-/** @brief Formats and outputs an ECP2 point to an octet string
- *
- The octet string is created in the form x|y.
- Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form.
- @param S output octet string
- @param P ECP2 instance to be converted to an octet string
- */
-extern void ECP2_toOctet(octet *S,ECP2 *P);
-/** @brief Creates an ECP2 point from an octet string
- *
- The octet string is in the form x|y
- The real and imaginary parts of the x and y coordinates are in big-endian base 256 form.
- @param P ECP2 instance to be created from the octet string
- @param S input octet string
- return 1 if octet string corresponds to a point on the curve, else 0
- */
-extern int ECP2_fromOctet(ECP2 *P,octet *S);
-/** @brief Calculate Right Hand Side of curve equation y^2=f(x)
- *
- Function f(x)=x^3+Ax+B
- Used internally.
- @param r FP2 value of f(x)
- @param x FP2 instance
- */
-extern void ECP2_rhs(FP2 *r,FP2 *x);
-/** @brief Set ECP2 to point(x,y) given x and y
- *
- Point P set to infinity if no such point on the curve.
- @param P ECP2 instance to be set (x,y)
- @param x FP2 x coordinate of point
- @param y FP2 y coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_set(ECP2 *P,FP2 *x,FP2 *y);
-/** @brief Set ECP to point(x,[y]) given x
- *
- Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x.
- @param P ECP instance to be set (x,[y])
- @param x BIG x coordinate of point
- @return 1 if point exists, else 0
- */
-extern int ECP2_setx(ECP2 *P,FP2 *x);
-/** @brief Negation of an ECP2 point
- *
- @param P ECP2 instance, on exit = -P
- */
-extern void ECP2_neg(ECP2 *P);
-/** @brief Doubles an ECP2 instance P
- *
- @param P ECP2 instance, on exit =2*P
- */
-extern int ECP2_dbl(ECP2 *P);
-/** @brief Adds ECP2 instance Q to ECP2 instance P
- *
- @param P ECP2 instance, on exit =P+Q
- @param Q ECP2 instance to be added to P
- */
-extern int ECP2_add(ECP2 *P,ECP2 *Q);
-/** @brief Subtracts ECP instance Q from ECP2 instance P
- *
- @param P ECP2 instance, on exit =P-Q
- @param Q ECP2 instance to be subtracted from P
- */
-extern void ECP2_sub(ECP2 *P,ECP2 *Q);
-/** @brief Multiplies an ECP2 instance P by a BIG, side-channel resistant
- *
- Uses fixed sized windows.
- @param P ECP2 instance, on exit =b*P
- @param b BIG number multiplier
-
- */
-extern void ECP2_mul(ECP2 *P,BIG b);
-/** @brief Multiplies an ECP2 instance P by the internal modulus p, using precalculated Frobenius constant f
- *
- Fast point multiplication using Frobenius
- @param P ECP2 instance, on exit = p*P
- @param f FP2 precalculated Frobenius constant
-
- */
-extern void ECP2_frob(ECP2 *P,FP2 *f);
-/** @brief Calculates P=b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- *
- @param P ECP2 instance, on exit = b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3]
- @param Q ECP2 array of 4 points
- @param b BIG array of 4 multipliers
- */
-extern void ECP2_mul4(ECP2 *P,ECP2 *Q,BIG *b);
-
-
-
-/* FP4 prototypes */
-/** @brief Tests for FP4 equal to zero
- *
- @param x FP4 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP4_iszilch(FP4 *x);
-/** @brief Tests for FP4 equal to unity
- *
- @param x FP4 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP4_isunity(FP4 *x);
-/** @brief Tests for equality of two FP4s
- *
- @param x FP4 instance to be compared
- @param y FP4 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP4_equals(FP4 *x,FP4 *y);
-/** @brief Tests for FP4 having only a real part and no imaginary part
- *
- @param x FP4 number to be tested
- @return 1 if real, else returns 0
- */
-extern int FP4_isreal(FP4 *x);
-/** @brief Initialise FP4 from two FP2s
- *
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- @param b FP2 to form imaginary part of FP4
- */
-extern void FP4_from_FP2s(FP4 *x,FP2 *a,FP2 *b);
-/** @brief Initialise FP4 from single FP2
- *
- Imaginary part is set to zero
- @param x FP4 instance to be initialised
- @param a FP2 to form real part of FP4
- */
-extern void FP4_from_FP2(FP4 *x,FP2 *a);
-/** @brief Copy FP4 to another FP4
- *
- @param x FP4 instance, on exit = y
- @param y FP4 instance to be copied
- */
-extern void FP4_copy(FP4 *x,FP4 *y);
-/** @brief Set FP4 to zero
- *
- @param x FP4 instance to be set to zero
- */
-extern void FP4_zero(FP4 *x);
-/** @brief Set FP4 to unity
- *
- @param x FP4 instance to be set to one
- */
-extern void FP4_one(FP4 *x);
-/** @brief Negation of FP4
- *
- @param x FP4 instance, on exit = -y
- @param y FP4 instance
- */
-extern void FP4_neg(FP4 *x,FP4 *y);
-/** @brief Conjugation of FP4
- *
- If y=(a,b) on exit x=(a,-b)
- @param x FP4 instance, on exit = conj(y)
- @param y FP4 instance
- */
-extern void FP4_conj(FP4 *x,FP4 *y);
-/** @brief Negative conjugation of FP4
- *
- If y=(a,b) on exit x=(-a,b)
- @param x FP4 instance, on exit = -conj(y)
- @param y FP4 instance
- */
-extern void FP4_nconj(FP4 *x,FP4 *y);
-/** @brief addition of two FP4s
- *
- @param x FP4 instance, on exit = y+z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_add(FP4 *x,FP4 *y,FP4 *z);
-/** @brief subtraction of two FP4s
- *
- @param x FP4 instance, on exit = y-z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_sub(FP4 *x,FP4 *y,FP4 *z);
-/** @brief Multiplication of an FP4 by an FP2
- *
- @param x FP4 instance, on exit = y*a
- @param y FP4 instance
- @param a FP2 multiplier
- */
-extern void FP4_pmul(FP4 *x,FP4 *y,FP2 *a);
-/** @brief Multiplication of an FP4 by a small integer
- *
- @param x FP4 instance, on exit = y*i
- @param y FP4 instance
- @param i an integer
- */
-extern void FP4_imul(FP4 *x,FP4 *y,int i);
-/** @brief Squaring an FP4
- *
- @param x FP4 instance, on exit = y^2
- @param y FP4 instance
- */
-extern void FP4_sqr(FP4 *x,FP4 *y);
-/** @brief Multiplication of two FP4s
- *
- @param x FP4 instance, on exit = y*z
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_mul(FP4 *x,FP4 *y,FP4 *z);
-/** @brief Inverting an FP4
- *
- @param x FP4 instance, on exit = 1/y
- @param y FP4 instance
- */
-extern void FP4_inv(FP4 *x,FP4 *y);
-/** @brief Formats and outputs an FP4 to the console
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_output(FP4 *x);
-/** @brief Formats and outputs an FP4 to the console in raw form (for debugging)
- *
- @param x FP4 instance to be printed
- */
-extern void FP4_rawoutput(FP4 *x);
-/** @brief multiplies an FP4 instance by irreducible polynomial sqrt(1+sqrt(-1))
- *
- @param x FP4 instance, on exit = sqrt(1+sqrt(-1)*x
- */
-extern void FP4_times_i(FP4 *x);
-/** @brief Normalises the components of an FP4
- *
- @param x FP4 instance to be normalised
- */
-extern void FP4_norm(FP4 *x);
-/** @brief Reduces all components of possibly unreduced FP4 mod Modulus
- *
- @param x FP4 instance, on exit reduced mod Modulus
- */
-extern void FP4_reduce(FP4 *x);
-/** @brief Raises an FP4 to the power of a BIG
- *
- @param x FP4 instance, on exit = y^b
- @param y FP4 instance
- @param b BIG number
- */
-extern void FP4_pow(FP4 *x,FP4 *y,BIG b);
-/** @brief Raises an FP4 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP4 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP4_frob(FP4 *x,FP2 *f);
-/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z
- *
- @param r FP4 instance, on exit = w*x-conj(x)*y+z
- @param w FP4 instance
- @param x FP4 instance
- @param y FP4 instance
- @param z FP4 instance
- */
-extern void FP4_xtr_A(FP4 *r,FP4 *w,FP4 *x,FP4 *y,FP4 *z);
-/** @brief Calculates the XTR doubling function r=x^2-2*conj(x)
- *
- @param r FP4 instance, on exit = x^2-2*conj(x)
- @param x FP4 instance
- */
-extern void FP4_xtr_D(FP4 *r,FP4 *x);
-/** @brief Calculates FP4 trace of an FP12 raised to the power of a BIG number
- *
- XTR single exponentiation
- @param r FP4 instance, on exit = trace(w^b)
- @param x FP4 instance, trace of an FP12 w
- @param b BIG number
- */
-extern void FP4_xtr_pow(FP4 *r,FP4 *x,BIG b);
-/** @brief Calculates FP4 trace of c^a.d^b, where c and d are derived from FP4 traces of FP12s
- *
- XTR double exponentiation
- Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n))
- @param r FP4 instance, on exit = trace(c^a.d^b)
- @param c FP4 instance, trace of an FP12
- @param d FP4 instance, trace of an FP12
- @param e FP4 instance, trace of an FP12
- @param f FP4 instance, trace of an FP12
- @param a BIG number
- @param b BIG number
- */
-extern void FP4_xtr_pow2(FP4 *r,FP4 *c,FP4 *d,FP4 *e,FP4 *f,BIG a,BIG b);
-
-
-
-/* FP12 prototypes */
-/** @brief Tests for FP12 equal to zero
- *
- @param x FP12 number to be tested
- @return 1 if zero, else returns 0
- */
-extern int FP12_iszilch(FP12 *x);
-/** @brief Tests for FP12 equal to unity
- *
- @param x FP12 number to be tested
- @return 1 if unity, else returns 0
- */
-extern int FP12_isunity(FP12 *x);
-/** @brief Copy FP12 to another FP12
- *
- @param x FP12 instance, on exit = y
- @param y FP12 instance to be copied
- */
-extern void FP12_copy(FP12 *x,FP12 *y);
-/** @brief Set FP12 to unity
- *
- @param x FP12 instance to be set to one
- */
-extern void FP12_one(FP12 *x);
-/** @brief Tests for equality of two FP12s
- *
- @param x FP12 instance to be compared
- @param y FP12 instance to be compared
- @return 1 if x=y, else returns 0
- */
-extern int FP12_equals(FP12 *x,FP12 *y);
-/** @brief Conjugation of FP12
- *
- If y=(a,b,c) (where a,b,c are its three FP4 components) on exit x=(conj(a),-conj(b),conj(c))
- @param x FP12 instance, on exit = conj(y)
- @param y FP12 instance
- */
-extern void FP12_conj(FP12 *x,FP12 *y);
-/** @brief Initialise FP12 from single FP4
- *
- Sets first FP4 component of an FP12, other components set to zero
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP4
- */
-extern void FP12_from_FP4(FP12 *x,FP4 *a);
-/** @brief Initialise FP12 from three FP4s
- *
- @param x FP12 instance to be initialised
- @param a FP4 to form first part of FP12
- @param b FP4 to form second part of FP12
- @param c FP4 to form third part of FP12
- */
-extern void FP12_from_FP4s(FP12 *x,FP4 *a,FP4* b,FP4 *c);
-/** @brief Fast Squaring of an FP12 in "unitary" form
- *
- @param x FP12 instance, on exit = y^2
- @param y FP4 instance, must be unitary
- */
-extern void FP12_usqr(FP12 *x,FP12 *y);
-/** @brief Squaring an FP12
- *
- @param x FP12 instance, on exit = y^2
- @param y FP12 instance
- */
-extern void FP12_sqr(FP12 *x,FP12 *y);
-/** @brief Fast multiplication of an FP12 by an FP12 that arises from an ATE pairing line function
- *
- Here the multiplier has a special form that can be exploited
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, of special form
- */
-extern void FP12_smul(FP12 *x,FP12 *y);
-/** @brief Multiplication of two FP12s
- *
- @param x FP12 instance, on exit = x*y
- @param y FP12 instance, the multiplier
- */
-extern void FP12_mul(FP12 *x,FP12 *y);
-/** @brief Inverting an FP12
- *
- @param x FP12 instance, on exit = 1/y
- @param y FP12 instance
- */
-extern void FP12_inv(FP12 *x,FP12 *y);
-/** @brief Raises an FP12 to the power of a BIG
- *
- @param r FP12 instance, on exit = y^b
- @param x FP12 instance
- @param b BIG number
- */
-extern void FP12_pow(FP12 *r,FP12 *x,BIG b);
-/** @brief Raises an FP12 instance x to a small integer power, side-channel resistant
- *
- @param x ECP instance, on exit = x^i
- @param i small integer exponent
- @param b maximum number of bits in exponent
- */
-extern void FP12_pinpow(FP12 *x,int i,int b);
-/** @brief Calculate x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3], side-channel resistant
- *
- @param r ECP instance, on exit = x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3]
- @param x FP12 array with 4 FP12s
- @param b BIG array of 4 exponents
- */
-extern void FP12_pow4(FP12 *r,FP12 *x,BIG *b);
-/** @brief Raises an FP12 to the power of the internal modulus p, using the Frobenius
- *
- @param x FP12 instance, on exit = x^p
- @param f FP2 precalculated Frobenius constant
- */
-extern void FP12_frob(FP12 *x,FP2 *f);
-/** @brief Reduces all components of possibly unreduced FP12 mod Modulus
- *
- @param x FP12 instance, on exit reduced mod Modulus
- */
-extern void FP12_reduce(FP12 *x);
-/** @brief Normalises the components of an FP12
- *
- @param x FP12 instance to be normalised
- */
-extern void FP12_norm(FP12 *x);
-/** @brief Formats and outputs an FP12 to the console
- *
- @param x FP12 instance to be printed
- */
-extern void FP12_output(FP12 *x);
-/** @brief Formats and outputs an FP12 instance to an octet string
- *
- Serializes the components of an FP12 to big-endian base 256 form.
- @param S output octet string
- @param x FP12 instance to be converted to an octet string
- */
-extern void FP12_toOctet(octet *S,FP12 *x);
-/** @brief Creates an FP12 instance from an octet string
- *
- De-serializes the components of an FP12 to create an FP12 from big-endian base 256 components.
- @param x FP12 instance to be created from an octet string
- @param S input octet string
-
- */
-extern void FP12_fromOctet(FP12 *x,octet *S);
-/** @brief Calculate the trace of an FP12
- *
- @param t FP4 trace of x, on exit = tr(x)
- @param x FP12 instance
-
- */
-extern void FP12_trace(FP4 *t,FP12 *x);
-
-
-
-/* Pairing function prototypes */
-/** @brief Calculate Miller loop for Optimal ATE pairing e(P,Q)
- *
- @param r FP12 result of the pairing calculation e(P,Q)
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
-
- */
-extern void PAIR_ate(FP12 *r,ECP2 *P,ECP *Q);
-/** @brief Calculate Miller loop for Optimal ATE double-pairing e(P,Q).e(R,S)
- *
- Faster than calculating two separate pairings
- @param r FP12 result of the pairing calculation e(P,Q).e(R,S), an element of GT
- @param P ECP2 instance, an element of G2
- @param Q ECP instance, an element of G1
- @param R ECP2 instance, an element of G2
- @param S ECP instance, an element of G1
- */
-extern void PAIR_double_ate(FP12 *r,ECP2 *P,ECP *Q,ECP2 *R,ECP *S);
-/** @brief Final exponentiation of pairing, converts output of Miller loop to element in GT
- *
- Here p is the internal modulus, and r is the group order
- @param x FP12, on exit = x^((p^12-1)/r)
- */
-extern void PAIR_fexp(FP12 *x);
-/** @brief Fast point multiplication of a member of the group G1 by a BIG number
- *
- May exploit endomorphism for speed.
- @param Q ECP member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_G1mul(ECP *Q,BIG b);
-/** @brief Fast point multiplication of a member of the group G2 by a BIG number
- *
- May exploit endomorphism for speed.
- @param P ECP2 member of G1.
- @param b BIG multiplier
-
- */
-extern void PAIR_G2mul(ECP2 *P,BIG b);
-/** @brief Fast raising of a member of GT to a BIG power
- *
- May exploit endomorphism for speed.
- @param x FP12 member of GT.
- @param b BIG exponent
-
- */
-extern void PAIR_GTpow(FP12 *x,BIG b);
-/** @brief Tests FP12 for membership of GT
- *
- @param x FP12 instance
- @return 1 if x is in GT, else return 0
-
- */
-extern int PAIR_GTmember(FP12 *x);
-
-
-
-/* Finite Field Prototypes */
-/** @brief Copy one FF element of given length to another
- *
- @param x FF instance to be copied to, on exit = y
- @param y FF instance to be copied from
- @param n size of FF in BIGs
-
- */
-extern void FF_copy(BIG *x,BIG *y,int n);
-/** @brief Initialize an FF element of given length from a 32-bit integer m
- *
- @param x FF instance to be copied to, on exit = m
- @param m integer
- @param n size of FF in BIGs
- */
-extern void FF_init(BIG *x,sign32 m,int n);
-/** @brief Set FF element of given size to zero
- *
- @param x FF instance to be set to zero
- @param n size of FF in BIGs
- */
-extern void FF_zero(BIG *x,int n);
-/** @brief Tests for FF element equal to zero
- *
- @param x FF number to be tested
- @param n size of FF in BIGs
- @return 1 if zero, else returns 0
- */
-extern int FF_iszilch(BIG *x,int n);
-/** @brief return parity of an FF, that is the least significant bit
- *
- @param x FF number
- @return 0 or 1
- */
-extern int FF_parity(BIG *x);
-/** @brief return least significant m bits of an FF
- *
- @param x FF number
- @param m number of bits to return. Assumed to be less than BASEBITS.
- @return least significant n bits as an integer
- */
-extern int FF_lastbits(BIG *x,int m);
-/** @brief Set FF element of given size to unity
- *
- @param x FF instance to be set to unity
- @param n size of FF in BIGs
- */
-extern void FF_one(BIG *x,int n);
-/** @brief Compares two FF numbers. Inputs must be normalised externally
- *
- @param x first FF number to be compared
- @param y second FF number to be compared
- @param n size of FF in BIGs
- @return -1 is x<y, 0 if x=y, 1 if x>y
- */
-extern int FF_comp(BIG *x,BIG *y,int n);
-/** @brief addition of two FFs
- *
- @param x FF instance, on exit = y+z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_add(BIG *x,BIG *y,BIG *z,int n);
-/** @brief subtraction of two FFs
- *
- @param x FF instance, on exit = y-z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_sub(BIG *x,BIG *y,BIG *z,int n);
-/** @brief increment an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x+m
- @param m an integer to be added to x
- @param n size of FF in BIGs
- */
-extern void FF_inc(BIG *x,int m,int n);
-/** @brief Decrement an FF by an integer,and normalise
- *
- @param x FF instance, on exit = x-m
- @param m an integer to be subtracted from x
- @param n size of FF in BIGs
- */
-extern void FF_dec(BIG *x,int m,int n);
-/** @brief Normalises the components of an FF
- *
- @param x FF instance to be normalised
- @param n size of FF in BIGs
- */
-extern void FF_norm(BIG *x,int n);
-/** @brief Shift left an FF by 1 bit
- *
- @param x FF instance to be shifted left
- @param n size of FF in BIGs
- */
-extern void FF_shl(BIG *x,int n);
-/** @brief Shift right an FF by 1 bit
- *
- @param x FF instance to be shifted right
- @param n size of FF in BIGs
- */
-extern void FF_shr(BIG *x,int n);
-/** @brief Formats and outputs an FF to the console
- *
- @param x FF instance to be printed
- @param n size of FF in BIGs
- */
-extern void FF_output(BIG *x,int n);
-/** @brief Formats and outputs an FF instance to an octet string
- *
- Converts an FF to big-endian base 256 form.
- @param S output octet string
- @param x FF instance to be converted to an octet string
- @param n size of FF in BIGs
- */
-extern void FF_toOctet(octet *S,BIG *x,int n);
-/** @brief Populates an FF instance from an octet string
- *
- Creates FF from big-endian base 256 form.
- @param x FF instance to be created from an octet string
- @param S input octet string
- @param n size of FF in BIGs
- */
-extern void FF_fromOctet(BIG *x,octet *S,int n);
-/** @brief Multiplication of two FFs
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y*z
- @param y FF instance
- @param z FF instance
- @param n size of FF in BIGs
- */
-extern void FF_mul(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Reduce FF mod a modulus
- *
- This is slow
- @param x FF instance to be reduced mod m - on exit = x mod m
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_mod(BIG *x,BIG *m,int n);
-/** @brief Square an FF
- *
- Uses Karatsuba method internally
- @param x FF instance, on exit = y^2
- @param y FF instance to be squared
- @param n size of FF in BIGs
- */
-extern void FF_sqr(BIG *x,BIG *y,int n);
-/** @brief Reduces a double-length FF with respect to a given modulus
- *
- This is slow
- @param x FF instance, on exit = y mod z
- @param y FF instance, of double length 2*n
- @param z FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_dmod(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Invert an FF mod a prime modulus
- *
- @param x FF instance, on exit = 1/y mod z
- @param y FF instance
- @param z FF prime modulus
- @param n size of FF in BIGs
- */
-extern void FF_invmodp(BIG *x,BIG *y,BIG *z,int n);
-/** @brief Create an FF from a random number generator
- *
- @param x FF instance, on exit x is a random number of length n BIGs with most significant bit a 1
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_random(BIG *x,csprng *R,int n);
-/** @brief Create a random FF less than a given modulus from a random number generator
- *
- @param x FF instance, on exit x is a random number < y
- @param y FF instance, the modulus
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- */
-extern void FF_randomnum(BIG *x,BIG *y,csprng *R,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_skpow(BIG *r,BIG *x,BIG * e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m, side channel resistant
- *
- For short BIG exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_skspow(BIG *r,BIG *x,BIG e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- For very short integer exponent
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e integer exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_power(BIG *r,BIG *x,int e,BIG *m,int n);
-/** @brief Calculate r=x^e mod m
- *
- @param r FF instance, on exit = x^e mod p
- @param x FF instance
- @param e FF exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_pow(BIG *r,BIG *x,BIG *e,BIG *m,int n);
-/** @brief Test if an FF has factor in common with integer s
- *
- @param x FF instance to be tested
- @param s the supplied integer
- @param n size of FF in BIGs
- @return 1 if gcd(x,s)!=1, else return 0
- */
-extern int FF_cfactor(BIG *x,sign32 s,int n);
-/** @brief Test if an FF is prime
- *
- Uses Miller-Rabin Method
- @param x FF instance to be tested
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n size of FF in BIGs
- @return 1 if x is (almost certainly) prime, else return 0
- */
-extern int FF_prime(BIG *x,csprng *R,int n);
-/** @brief Calculate r=x^e.y^f mod m
- *
- @param r FF instance, on exit = x^e.y^f mod p
- @param x FF instance
- @param e BIG exponent
- @param y FF instance
- @param f BIG exponent
- @param m FF modulus
- @param n size of FF in BIGs
- */
-extern void FF_pow2(BIG *r,BIG *x,BIG e,BIG *y,BIG f,BIG *m,int n);
-
-
-/* Octet string handlers */
-/** @brief Formats and outputs an octet to the console in hex
- *
- @param O Octet to be output
- */
-extern void OCT_output(octet *O);
-/** @brief Formats and outputs an octet to the console as a character string
- *
- @param O Octet to be output
- */
-extern void OCT_output_string(octet *O);
-/** @brief Wipe clean an octet
- *
- @param O Octet to be cleaned
- */
-extern void OCT_clear(octet *O);
-/** @brief Compare two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @return 1 if equal, else 0
- */
-extern int OCT_comp(octet *O,octet *P);
-/** @brief Compare first n bytes of two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @param n number of bytes to compare
- @return 1 if equal, else 0
- */
-extern int OCT_ncomp(octet *O,octet *P,int n);
-/** @brief Join from a C string to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s zero terminated string to be joined to octet
- */
-extern void OCT_jstring(octet *O,char *s);
-/** @brief Join bytes to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s bytes to be joined to end of octet
- @param n number of bytes to join
- */
-extern void OCT_jbytes(octet *O,char *s,int n);
-/** @brief Join single byte to end of an octet, repeated n times
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param b byte to be joined to end of octet
- @param n number of times b is to be joined
- */
-extern void OCT_jbyte(octet *O,int b,int n);
-/** @brief Join one octet to the end of another
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param P Octet to be joined to the end of O
- */
-extern void OCT_joctet(octet *O,octet *P);
-/** @brief XOR common bytes of a pair of Octets
- *
- @param O Octet - on exit = O xor P
- @param P Octet to be xored into O
- */
-extern void OCT_xor(octet *O,octet *P);
-/** @brief reset Octet to zero length
- *
- @param O Octet to be emptied
- */
-extern void OCT_empty(octet *O);
-/** @brief Pad out an Octet to the given length
- *
- Padding is done by inserting leading zeros, so abcd becomes 00abcd
- @param O Octet to be padded
- @param n new length of Octet
- */
-extern int OCT_pad(octet *O,int n);
-/** @brief Convert an Octet to printable base64 number
- *
- @param b zero terminated byte array to take base64 conversion
- @param O Octet to be converted
- */
-extern void OCT_tobase64(char *b,octet *O);
-/** @brief Populate an Octet from base64 number
- *
- @param O Octet to be populated
- @param b zero terminated base64 string
-
- */
-extern void OCT_frombase64(octet *O,char *b);
-/** @brief Copy one Octet into another
- *
- @param O Octet to be copied to
- @param P Octet to be copied from
-
- */
-extern void OCT_copy(octet *O,octet *P);
-/** @brief XOR every byte of an octet with input m
- *
- @param O Octet
- @param m byte to be XORed with every byte of O
-
- */
-extern void OCT_xorbyte(octet *O,int m);
-/** @brief Chops Octet into two, leaving first n bytes in O, moving the rest to P
- *
- @param O Octet to be chopped
- @param P new Octet to be created
- @param n number of bytes to chop off O
-
- */
-extern void OCT_chop(octet *O,octet *P,int n);
-/** @brief Join n bytes of integer m to end of Octet O (big endian)
- *
- Typically n is 4 for a 32-bit integer
- @param O Octet to be appended to
- @param m integer to be appended to O
- @param n number of bytes in m
-
- */
-extern void OCT_jint(octet *O,int m,int n);
-/** @brief Create an Octet from bytes taken from a random number generator
- *
- Truncates if there is no room
- @param O Octet to be populated
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n number of bytes to extracted from R
-
- */
-extern void OCT_rand(octet *O,csprng *R,int n);
-/** @brief Shifts Octet left by n bytes
- *
- Leftmost bytes disappear
- @param O Octet to be shifted
- @param n number of bytes to shift
-
- */
-extern void OCT_shl(octet *O,int n);
-/** @brief Convert an Octet to printable hex number
- *
- @param dst hex value
- @param src Octet to be converted
- */
-extern void OCT_toHex(octet *src,char *dst);
-/** @brief Convert an Octet to string
- *
- @param dst string value
- @param src Octet to be converted
- */
-extern void OCT_toStr(octet *src,char *dst);
-
-
-
-/* Hash function */
-/** @brief Initialise an instance of SHA256
- *
- @param H an instance SHA256
- */
-extern void HASH_init(hash *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA256
- @param b byte to be included in hash
- */
-extern void HASH_process(hash *H,int b);
-/** @brief Generate 32-byte hash
- *
- @param H an instance SHA256
- @param h is the output 32-byte hash
- */
-extern void HASH_hash(hash *H,char *h);
-
-
-
-/* AES functions */
-/** @brief Reset AES mode or IV
- *
- @param A an instance of the AES
- @param m is the new active mode of operation (ECB, CBC, OFB, CFB etc)
- @param iv the new Initialisation Vector
- */
-extern void AES_reset(aes *A,int m,char *iv);
-/** @brief Extract chaining vector from AES instance
- *
- @param A an instance of the AES
- @param f the extracted chaining vector
- */
-extern void AES_getreg(aes *A,char * f);
-/** @brief Initialise an instance of AES and its mode of operation
- *
- @param A an instance AES
- @param m is the active mode of operation (ECB, CBC, OFB, CFB etc)
- @param k the AES key as an array of 16 bytes
- @param iv the Initialisation Vector
- */
-extern void AES_init(aes *A,int m,char *k,char *iv);
-/** @brief Encrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- */
-extern void AES_ecb_encrypt(aes *A,uchar * b);
-/** @brief Decrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AES
- @param b is an array of 16 cipherext bytes, on exit becomes plaintext
- */
-extern void AES_ecb_decrypt(aes *A,uchar * b);
-/** @brief Encrypt a single 16 byte block in active mode
- *
- @param A an instance of the AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_encrypt(aes *A,char *b );
-/** @brief Decrypt a single 16 byte block in active mode
- *
- @param A an instance of the AES
- @param b is an array of 16 ciphertext bytes, on exit becomes plaintext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_decrypt(aes *A,char *b);
-/** @brief Clean up after application of AES
- *
- @param A an instance of the AES
- */
-extern void AES_end(aes *A);
-
-
-/* AES-GCM functions */
-/** @brief Initialise an instance of AES-GCM mode
- *
- @param G an instance AES-GCM
- @param k the AES key as an array of 16 bytes
- @param n the number of bytes in the Initialisation Vector (IV)
- @param iv the IV
- */
-extern void GCM_init(gcm *G,char *k,int n,char *iv);
-/** @brief Add header (material to be authenticated but not encrypted)
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param b is the header material to be added
- @param n the number of bytes in the header
- */
-extern int GCM_add_header(gcm *G,char *b,int n);
-/** @brief Add plaintext and extract ciphertext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param c is the ciphertext generated
- @param p is the plaintext material to be added
- @param n the number of bytes in the plaintext
- */
-extern int GCM_add_plain(gcm *G,char *c,char *p,int n);
-/** @brief Add ciphertext and extract plaintext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param p is the plaintext generated
- @param c is the ciphertext material to be added
- @param n the number of bytes in the ciphertext
- */
-extern int GCM_add_cipher(gcm *G,char *p,char *c,int n);
-/** @brief Finish off and extract authentication tag (HMAC)
- *
- @param G is an active instance AES-GCM
- @param t is the output 16 byte authentication tag
- */
-extern void GCM_finish(gcm *G,char *t);
-
-
-
-/* random numbers */
-/** @brief Seed a random number generator from an array of bytes
- *
- The provided seed should be truly random
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n the number of seed bytes provided
- @param b an array of seed bytes
-
- */
-extern void RAND_seed(csprng *R,int n,char *b);
-/** @brief Delete all internal state of a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- */
-extern void RAND_clean(csprng *R);
-/** @brief Return a random byte from a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- @return a random byte
- */
-extern int RAND_byte(csprng *R);
-
-#endif
[25/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ECP2.java
----------------------------------------------------------------------
diff --git a/java64/ECP2.java b/java64/ECP2.java
deleted file mode 100755
index b13c12a..0000000
--- a/java64/ECP2.java
+++ /dev/null
@@ -1,626 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-public final class ECP2 {
- private FP2 x;
- private FP2 y;
- private FP2 z;
- private boolean INF;
-
-/* Constructor - set this=O */
- public ECP2() {
- INF=true;
- x=new FP2(0);
- y=new FP2(1);
- z=new FP2(1);
- }
-
-/* Test this=O? */
- public boolean is_infinity() {
- return INF;
- }
-/* copy this=P */
- public void copy(ECP2 P)
- {
- x.copy(P.x);
- y.copy(P.y);
- z.copy(P.z);
- INF=P.INF;
- }
-/* set this=O */
- public void inf() {
- INF=true;
- x.zero();
- y.zero();
- z.zero();
- }
-
-/* Conditional move of Q to P dependant on d */
- public void cmove(ECP2 Q,int d)
- {
- x.cmove(Q.x,d);
- y.cmove(Q.y,d);
- z.cmove(Q.z,d);
-
- boolean bd;
- if (d==0) bd=false;
- else bd=true;
- INF^=(INF^Q.INF)&bd;
- }
-
-/* return 1 if b==c, no branching */
- public static int teq(int b,int c)
- {
- int x=b^c;
- x-=1; // if x=0, x now -1
- return ((x>>31)&1);
- }
-
-/* Constant time select from pre-computed table */
- public void select(ECP2 W[],int b)
- {
- ECP2 MP=new ECP2();
- int m=b>>31;
- int babs=(b^m)-m;
-
- babs=(babs-1)/2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m&1));
- }
-
-
-/* Test if P == Q */
- public boolean equals(ECP2 Q) {
- if (is_infinity() && Q.is_infinity()) return true;
- if (is_infinity() || Q.is_infinity()) return false;
-
- FP2 zs2=new FP2(z); zs2.sqr();
- FP2 zo2=new FP2(Q.z); zo2.sqr();
- FP2 zs3=new FP2(zs2); zs3.mul(z);
- FP2 zo3=new FP2(zo2); zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.equals(zo2)) return false;
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.equals(zo3)) return false;
-
- return true;
- }
-/* set this=-this */
- public void neg() {
- if (is_infinity()) return;
- y.neg(); y.reduce();
- return;
- }
-/* set to Affine - (x,y,z) to (x,y) */
- public void affine() {
- if (is_infinity()) return;
- FP2 one=new FP2(1);
- if (z.equals(one)) return;
- z.inverse();
-
- FP2 z2=new FP2(z);
- z2.sqr();
- x.mul(z2); x.reduce();
- y.mul(z2);
- y.mul(z); y.reduce();
- z.copy(one);
- }
-/* extract affine x as FP2 */
- public FP2 getX()
- {
- affine();
- return x;
- }
-/* extract affine y as FP2 */
- public FP2 getY()
- {
- affine();
- return y;
- }
-/* extract projective x */
- public FP2 getx()
- {
- return x;
- }
-/* extract projective y */
- public FP2 gety()
- {
- return y;
- }
-/* extract projective z */
- public FP2 getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- affine();
- x.getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i]=t[i];
- x.getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+ROM.MODBYTES]=t[i];
-
- y.getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+2*ROM.MODBYTES]=t[i];
- y.getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++)
- b[i+3*ROM.MODBYTES]=t[i];
- }
-/* convert from byte array to point */
- public static ECP2 fromBytes(byte[] b)
- {
- byte[] t=new byte[ROM.MODBYTES];
- BIG ra;
- BIG rb;
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i];
- ra=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+ROM.MODBYTES];
- rb=BIG.fromBytes(t);
- FP2 rx=new FP2(ra,rb);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+2*ROM.MODBYTES];
- ra=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=b[i+3*ROM.MODBYTES];
- rb=BIG.fromBytes(t);
- FP2 ry=new FP2(ra,rb);
-
- return new ECP2(rx,ry);
- }
-/* convert this to hex string */
- public String toString() {
- if (is_infinity()) return "infinity";
- affine();
- return "("+x.toString()+","+y.toString()+")";
- }
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
- public static FP2 RHS(FP2 x) {
- x.norm();
- FP2 r=new FP2(x);
- r.sqr();
- FP2 b=new FP2(new BIG(ROM.CURVE_B));
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
- }
-/* construct this from (x,y) - but set to O if not on curve */
- public ECP2(FP2 ix,FP2 iy) {
- x=new FP2(ix);
- y=new FP2(iy);
- z=new FP2(1);
- FP2 rhs=RHS(x);
- FP2 y2=new FP2(y);
- y2.sqr();
- if (y2.equals(rhs)) INF=false;
- else {x.zero();INF=true;}
- }
-
-/* construct this from x - but set to O if not on curve */
- public ECP2(FP2 ix) {
- x=new FP2(ix);
- y=new FP2(1);
- z=new FP2(1);
- FP2 rhs=RHS(x);
- if (rhs.sqrt())
- {
- y.copy(rhs);
- INF=false;
- }
- else {x.zero();INF=true;}
- }
-
-/* this+=this */
- public int dbl() {
- if (INF) return -1;
- if (y.iszilch())
- {
- inf();
- return -1;
- }
-
- FP2 w1=new FP2(x);
- FP2 w2=new FP2(0);
- FP2 w3=new FP2(x);
- FP2 w8=new FP2(x);
-
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
-
- w2.copy(y); w2.sqr();
- w3.copy(x); w3.mul(w2);
- w3.imul(4);
- w1.copy(w3); w1.neg();
- // w1.norm();
-
- x.copy(w8); x.sqr();
- x.add(w1);
- x.add(w1);
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8); y.mul(w3);
- // w2.norm();
- y.sub(w2);
-
- y.norm();
- z.norm();
-
- return 1;
- }
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
- public int add(ECP2 Q) {
- if (INF)
- {
- copy(Q);
- return -1;
- }
- if (Q.INF) return -1;
-
- boolean aff=false;
-
- if (Q.z.isunity()) aff=true;
-
- FP2 A,C;
- FP2 B=new FP2(z);
- FP2 D=new FP2(z);
- if (!aff)
- {
- A=new FP2(Q.z);
- C=new FP2(Q.z);
-
- A.sqr(); B.sqr();
- C.mul(A); D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A=new FP2(x);
- C=new FP2(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x); B.sub(A);
- D.mul(Q.y); D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return 1;
- }
- else
- {
- INF=true;
- return -1;
- }
- }
-
- if (!aff) z.mul(Q.z);
- z.mul(B);
-
- FP2 e=new FP2(B); e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A); e.add(B);
- x.copy(D); x.sqr(); x.sub(e);
-
- A.sub(x);
- y.copy(A); y.mul(D);
- C.mul(B); y.sub(C);
-
- x.norm();
- y.norm();
- z.norm();
-
- return 0;
- }
-
-/* set this-=Q */
- public int sub(ECP2 Q) {
- Q.neg();
- int D=add(Q);
- Q.neg();
- return D;
- }
-/* set this*=q, where q is Modulus, using Frobenius */
- public void frob(FP2 X)
- {
- if (INF) return;
- FP2 X2=new FP2(X);
- X2.sqr();
- x.conj();
- y.conj();
- z.conj();
- z.reduce();
- x.mul(X2);
- y.mul(X2);
- y.mul(X);
- }
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
- public static void multiaffine(int m,ECP2[] P)
- {
- int i;
- FP2 t1=new FP2(0);
- FP2 t2=new FP2(0);
-
- FP2[] work=new FP2[m];
- work[0]=new FP2(1);
- work[1]=new FP2(P[0].z);
- for (i=2;i<m;i++)
- {
- work[i]=new FP2(work[i-1]);
- work[i].mul(P[i-1].z);
- }
-
- t1.copy(work[m-1]); t1.mul(P[m-1].z);
-
- t1.inverse();
-
- t2.copy(P[m-1].z);
- work[m-1].mul(t1);
-
- for (i=m-2;;i--)
- {
- if (i==0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i=0;i<m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]); t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* P*=e */
- public ECP2 mul(BIG e)
- {
-/* fixed size windows */
- int i,b,nb,m,s,ns;
- BIG mt=new BIG();
- BIG t=new BIG();
- ECP2 P=new ECP2();
- ECP2 Q=new ECP2();
- ECP2 C=new ECP2();
- ECP2[] W=new ECP2[8];
- byte[] w=new byte[1+(ROM.NLEN*ROM.BASEBITS+3)/4];
-
- if (is_infinity()) return new ECP2();
-
- affine();
-
-/* precompute table */
- Q.copy(this);
- Q.dbl();
- W[0]=new ECP2();
- W[0].copy(this);
-
- for (i=1;i<8;i++)
- {
- W[i]=new ECP2();
- W[i].copy(W[i-1]);
- W[i].add(Q);
- }
-
-/* convert the table to affine */
-
- multiaffine(8,W);
-
-/* make exponent odd - add 2P if even, P if odd */
- t.copy(e);
- s=t.parity();
- t.inc(1); t.norm(); ns=t.parity(); mt.copy(t); mt.inc(1); mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb=1+(t.nbits()+3)/4;
-/* convert exponent to signed 4-bit window */
- for (i=0;i<nb;i++)
- {
- w[i]=(byte)(t.lastbits(5)-16);
- t.dec(w[i]); t.norm();
- t.fshr(4);
- }
- w[nb]=(byte)t.lastbits(5);
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- P.affine();
- return P;
- }
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
- public static ECP2 mul4(ECP2[] Q,BIG[] u)
- {
- int i,j,nb;
- int[] a=new int[4];
- ECP2 T=new ECP2();
- ECP2 C=new ECP2();
- ECP2 P=new ECP2();
- ECP2[] W=new ECP2[8];
-
- BIG mt=new BIG();
- BIG[] t=new BIG[4];
-
- byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1];
-
- for (i=0;i<4;i++)
- {
- t[i]=new BIG(u[i]);
- Q[i].affine();
- }
-
-/* precompute table */
-
- W[0]=new ECP2(); W[0].copy(Q[0]); W[0].sub(Q[1]);
- W[1]=new ECP2(); W[1].copy(W[0]);
- W[2]=new ECP2(); W[2].copy(W[0]);
- W[3]=new ECP2(); W[3].copy(W[0]);
- W[4]=new ECP2(); W[4].copy(Q[0]); W[4].add(Q[1]);
- W[5]=new ECP2(); W[5].copy(W[4]);
- W[6]=new ECP2(); W[6].copy(W[4]);
- W[7]=new ECP2(); W[7].copy(W[4]);
- T.copy(Q[2]); T.sub(Q[3]);
- W[1].sub(T);
- W[2].add(T);
- W[5].sub(T);
- W[6].add(T);
- T.copy(Q[2]); T.add(Q[3]);
- W[0].sub(T);
- W[3].add(T);
- W[4].sub(T);
- W[7].add(T);
-
- multiaffine(8,W);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero(); C.inf();
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- C.add(Q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
-
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(byte)(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
-
- P.copy(W[(w[nb]-1)/2]);
- for (i=nb-1;i>=0;i--)
- {
- T.select(W,w[i]);
- P.dbl();
- P.add(T);
- }
- P.sub(C); /* apply correction */
-
- P.affine();
- return P;
- }
-
-
-/*
- public static void main(String[] args) {
- BIG r=new BIG(ROM.Modulus);
-
- BIG Pxa=new BIG(ROM.CURVE_Pxa);
- BIG Pxb=new BIG(ROM.CURVE_Pxb);
- BIG Pya=new BIG(ROM.CURVE_Pya);
- BIG Pyb=new BIG(ROM.CURVE_Pyb);
-
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(Fra,Frb);
-
- FP2 Px=new FP2(Pxa,Pxb);
- FP2 Py=new FP2(Pya,Pyb);
-
- ECP2 P=new ECP2(Px,Py);
-
- System.out.println("P= "+P.toString());
-
- P=P.mul(r);
- System.out.println("P= "+P.toString());
-
- ECP2 Q=new ECP2(Px,Py);
- Q.frob(f);
- System.out.println("Q= "+Q.toString());
-
-
- } */
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FF.java
----------------------------------------------------------------------
diff --git a/java64/FF.java b/java64/FF.java
deleted file mode 100755
index 2e06a52..0000000
--- a/java64/FF.java
+++ /dev/null
@@ -1,974 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Large Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public final class FF {
- private final BIG[] v;
- private final int length;
-
- private static final int P_MBITS=ROM.MODBYTES*8;
- private static final int P_MB=(P_MBITS%ROM.BASEBITS);
- private static final long P_OMASK=((long)(-1)<<(P_MBITS%ROM.BASEBITS));
- private static final long P_FEXCESS=((long)1<<(ROM.BASEBITS*ROM.NLEN-P_MBITS));
- private static final int P_TBITS=(P_MBITS%ROM.BASEBITS);
-
- public long P_EXCESS()
- {
- return ((v[length-1].get(ROM.NLEN-1)&P_OMASK)>>(P_MB));
- }
-
-/* Constructors */
- public FF(int n)
- {
- v=new BIG[n];
- for (int i=0;i<n;i++)
- v[i]=new BIG(0);
- length=n;
- }
-
- public FF(long [][] x,int n)
- {
- v=new BIG[n];
- for (int i=0;i<n;i++)
- v[i]=new BIG(x[i]);
- length=n;
- }
-
- public int getlen()
- {
- return length;
- }
-
-/* set to integer */
- public void set(int m)
- {
- zero();
- v[0].set(0,(long)m);
- }
-
-/* copy from FF b */
- public void copy(FF b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].copy(b.v[i]);
- }
- }
-
-/* x=y<<n */
- public void dsucopy(FF b)
- {
- for (int i=0;i<b.length;i++)
- {
- v[b.length+i].copy(b.v[i]);
- v[i].zero();
- }
- }
-
-/* x=y */
- public void dscopy(FF b)
- {
- for (int i=0;i<b.length;i++)
- {
- v[i].copy(b.v[i]);
- v[b.length+i].zero();
- }
- }
-
-/* x=y>>n */
- public void sducopy(FF b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].copy(b.v[length+i]);
- }
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i=0;i<length;i++)
- {
- v[i].zero();
- }
- }
-
- public void one()
- {
- v[0].one();
- for (int i=1;i<length;i++)
- {
- v[i].zero();
- }
- }
-
-/* test equals 0 */
- public boolean iszilch()
- {
- for (int i=0;i<length;i++)
- {
- if (!v[i].iszilch()) return false;
- }
- return true;
- }
-
-/* shift right by 256-bit words */
- public void shrw(int n)
- {
- for (int i=0;i<n;i++)
- {
- v[i].copy(v[i+n]);
- v[i+n].zero();
- }
- }
-
-/* shift left by 256-bit words */
- public void shlw(int n)
- {
- for (int i=0;i<n;i++)
- {
- v[n+i].copy(v[i]);
- v[i].zero();
- }
- }
-
-/* extract last bit */
- public int parity()
- {
- return v[0].parity();
- }
-
- public int lastbits(int m)
- {
- return v[0].lastbits(m);
- }
-
-/* compare x and y - must be normalised, and of same length */
- public static int comp(FF a,FF b)
- {
- int i,j;
- for (i=a.length-1;i>=0;i--)
- {
- j=BIG.comp(a.v[i],b.v[i]);
- if (j!=0) return j;
- }
- return 0;
- }
-
-/* recursive add */
- public void radd(int vp,FF x,int xp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].copy(x.v[xp+i]);
- v[vp+i].add(y.v[yp+i]);
- }
- }
-
-/* recursive inc */
- public void rinc(int vp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].add(y.v[yp+i]);
- }
- }
-
-/* recursive sub */
- public void rsub(int vp,FF x,int xp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].copy(x.v[xp+i]);
- v[vp+i].sub(y.v[yp+i]);
- }
- }
-
-/* recursive dec */
- public void rdec(int vp,FF y,int yp,int n)
- {
- for (int i=0;i<n;i++)
- {
- v[vp+i].sub(y.v[yp+i]);
- }
- }
-
-/* simple add */
- public void add(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].add(b.v[i]);
- }
-
-/* simple sub */
- public void sub(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].sub(b.v[i]);
- }
-
-/* reverse sub */
- public void revsub(FF b)
- {
- for (int i=0;i<length;i++)
- v[i].rsub(b.v[i]);
- }
-
-/* increment/decrement by a small integer */
- public void inc(int m)
- {
- v[0].inc(m);
- norm();
- }
-
- public void dec(int m)
- {
- v[0].dec(m);
- norm();
- }
-
- /* normalise - but hold any overflow in top part unless n<0 */
- private void rnorm(int vp,int n)
- {
- boolean trunc=false;
- int i;
- long carry;
- if (n<0)
- { /* -v n signals to do truncation */
- n=-n;
- trunc=true;
- }
- for (i=0;i<n-1;i++)
- {
- carry=v[vp+i].norm();
- v[vp+i].xortop(carry<<P_TBITS);
- v[vp+i+1].inc((int)carry);
- }
- carry=v[vp+n-1].norm();
- if (trunc)
- v[vp+n-1].xortop(carry<<P_TBITS);
-
- }
-
- public void norm()
- {
- rnorm(0,length);
- }
-
-/* shift left by one bit */
- public void shl()
- {
- int i,delay_carry=0;
- long carry;
- for (i=0;i<length-1;i++)
- {
- carry=v[i].fshl(1);
- v[i].inc(delay_carry);
- v[i].xortop(carry<<P_TBITS);
- delay_carry=(int)carry;
- }
- v[length-1].fshl(1);
- v[length-1].inc(delay_carry);
- }
-
-/* shift right by one bit */
-
- public void shr()
- {
- int i;
- long carry;
- for (i=length-1;i>0;i--)
- {
- carry=v[i].fshr(1);
- v[i-1].ortop(carry<<P_TBITS);
- }
- v[0].fshr(1);
- }
-
-/* Convert to Hex String */
- public String toString()
- {
- norm();
- String s="";
- for (int i=length-1;i>=0;i--)
- {
- s+=v[i].toString();
- }
- return s;
- }
-
-/* Convert FFs to/from byte arrays */
- public void toBytes(byte[] b)
- {
- for (int i=0;i<length;i++)
- {
- v[i].tobytearray(b,(length-i-1)*ROM.MODBYTES);
- }
- }
-
- public static void fromBytes(FF x,byte[] b)
- {
- for (int i=0;i<x.length;i++)
- {
- x.v[i]=BIG.frombytearray(b,(x.length-i-1)*ROM.MODBYTES);
- }
- }
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
- private static void cswap(FF a,FF b,int d)
- {
- for (int i=0;i<a.length;i++)
- {
- // BIG.cswap(a.v[i],b.v[i],d);
- a.v[i].cswap(b.v[i],d);
- }
- }
-
-/* z=x*y, t is workspace */
- private void karmul(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n)
- {
- int nd2;
- if (n==1)
- {
- DBIG d=BIG.mul(x.v[xp],y.v[yp]);
- v[vp+1]=d.split(8*ROM.MODBYTES);
- v[vp].copy(d);
- return;
- }
- nd2=n/2;
- radd(vp,x,xp,x,xp+nd2,nd2);
- //rnorm(vp,nd2);
- radd(vp+nd2,y,yp,y,yp+nd2,nd2);
- //rnorm(vp+nd2,nd2);
- t.karmul(tp,this,vp,this,vp+nd2,t,tp+n,nd2);
- karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- karmul(vp+n,x,xp+nd2,y,yp+nd2,t,tp+n,nd2);
- t.rdec(tp,this,vp,n);
- t.rdec(tp,this,vp+n,n);
- rinc(vp+nd2,t,tp,n);
- rnorm(vp,2*n);
- }
-
- private void karsqr(int vp,FF x,int xp,FF t,int tp,int n)
- {
- int nd2;
- if (n==1)
- {
- DBIG d=BIG.sqr(x.v[xp]);
- v[vp+1].copy(d.split(8*ROM.MODBYTES));
- v[vp].copy(d);
- return;
- }
-
- nd2=n/2;
- karsqr(vp,x,xp,t,tp+n,nd2);
- karsqr(vp+n,x,xp+nd2,t,tp+n,nd2);
- t.karmul(tp,x,xp,x,xp+nd2,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,n);
- rinc(vp+nd2,t,tp,n);
- rnorm(vp+nd2,n);
- }
-
-
- private void karmul_lower(int vp,FF x,int xp,FF y,int yp,FF t,int tp,int n)
- { /* Calculates Least Significant bottom half of x*y */
- int nd2;
- if (n==1)
- { /* only calculate bottom half of product */
- v[vp].copy(BIG.smul(x.v[xp],y.v[yp]));
- return;
- }
- nd2=n/2;
-
- karmul(vp,x,xp,y,yp,t,tp+n,nd2);
- t.karmul_lower(tp,x,xp+nd2,y,yp,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp+nd2,t,tp+n,nd2);
- rinc(vp+nd2,t,tp,nd2);
- rnorm(vp+nd2,-nd2); /* truncate it */
- }
-
- private void karmul_upper(FF x,FF y,FF t,int n)
- { /* Calculates Most Significant upper half of x*y, given lower part */
- int nd2;
-
- nd2=n/2;
- radd(n,x,0,x,nd2,nd2);
- radd(n+nd2,y,0,y,nd2,nd2);
-
- t.karmul(0,this,n+nd2,this,n,t,n,nd2); /* t = (a0+a1)(b0+b1) */
- karmul(n,x,nd2,y,nd2,t,n,nd2); /* z[n]= a1*b1 */
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,this,n,n); /* t=t-a1b1 */
- rinc(nd2,this,0,nd2); /* z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1) */
- rdec(nd2,t,0,nd2); /* z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0) */
- rnorm(0,-n); /* a0b0 now in z - truncate it */
- t.rdec(0,this,0,n); /* (a0+a1)(b0+b1) - a0b0 */
- rinc(nd2,t,0,n);
-
- rnorm(nd2,n);
- }
-
- /* z=x*y. Assumes x and y are of same length. */
- public static FF mul(FF x,FF y)
- {
- int n=x.length;
- FF z=new FF(2*n);
- FF t=new FF(2*n);
- z.karmul(0,x,0,y,0,t,0,n);
- return z;
- }
-
-/* return low part of product this*y */
- public void lmul(FF y)
- {
- int n=length;
- FF t=new FF(2*n);
- FF x=new FF(n); x.copy(this);
- karmul_lower(0,x,0,y,0,t,0,n);
- }
-
-/* Set b=b mod c */
- public void mod(FF c)
- {
- int k=0;
-
- norm();
- if (comp(this,c)<0)
- return;
- do
- {
- c.shl();
- k++;
- } while (comp(this,c)>=0);
-
- while (k>0)
- {
- c.shr();
- if (comp(this,c)>=0)
- {
- sub(c);
- norm();
- }
- k--;
- }
- }
-
- /* z=x^2 */
- public static FF sqr(FF x)
- {
- int n=x.length;
- FF z=new FF(2*n);
- FF t=new FF(2*n);
- z.karsqr(0,x,0,t,0,n);
- return z;
- }
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
- public FF reduce(FF N,FF ND)
- { /* fast karatsuba Montgomery reduction */
- int n=N.length;
- FF t=new FF(2*n);
- FF r=new FF(n);
- FF m=new FF(n);
-
- r.sducopy(this);
- m.karmul_lower(0,this,0,ND,0,t,0,n);
- karmul_upper(N,m,t,n);
- m.sducopy(this);
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
-
- }
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
- public FF dmod(FF b)
- {
- int k,n=b.length;
- FF m=new FF(2*n);
- FF x=new FF(2*n);
- FF r=new FF(n);
-
- x.copy(this);
- x.norm();
- m.dsucopy(b); k=256*n;
-
- while (k>0)
- {
- m.shr();
-
- if (comp(x,m)>=0)
- {
- x.sub(m);
- x.norm();
- }
- k--;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- }
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
-
- public void invmodp(FF p)
- {
- int n=p.length;
-
- FF u=new FF(n);
- FF v=new FF(n);
- FF x1=new FF(n);
- FF x2=new FF(n);
- FF t=new FF(n);
- FF one=new FF(n);
-
- one.one();
- u.copy(this);
- v.copy(p);
- x1.copy(one);
- x2.zero();
-
- // reduce n in here as well!
- while (comp(u,one)!=0 && comp(v,one)!=0)
- {
- while (u.parity()==0)
- {
- u.shr();
- if (x1.parity()!=0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr();
- }
- while (v.parity()==0)
- {
- v.shr();
- if (x2.parity()!=0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr();
- }
- if (comp(u,v)>=0)
- {
-
- u.sub(v);
- u.norm();
- if (comp(x1,x2)>=0) x1.sub(x2);
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1)>=0) x2.sub(x1);
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one)==0)
- copy(x1);
- else
- copy(x2);
- }
-
-/* nresidue mod m */
- public void nres(FF m)
- {
- int n=m.length;
- FF d=new FF(2*n);
- d.dsucopy(this);
- copy(d.dmod(m));
- }
-
- public void redc(FF m,FF ND)
- {
- int n=m.length;
- FF d=new FF(2*n);
- mod(m);
- d.dscopy(this);
- copy(d.reduce(m,ND));
- mod(m);
- }
-
- private void mod2m(int m)
- {
- for (int i=m;i<length;i++)
- v[i].zero();
- }
-
- /* U=1/a mod 2^m - Arazi & Qi */
- private FF invmod2m()
- {
- int i,n=length;
-
- FF b=new FF(n);
- FF c=new FF(n);
- FF U=new FF(n);
-
- FF t;
-
- U.zero();
- U.v[0].copy(v[0]);
- U.v[0].invmod2m();
-
- for (i=1;i<n;i<<=1)
- {
- b.copy(this); b.mod2m(i);
- t=mul(U,b); t.shrw(i); b.copy(t);
- c.copy(this); c.shrw(i); c.mod2m(i);
- c.lmul(U); c.mod2m(i);
-
- b.add(c); b.norm();
- b.lmul(U); b.mod2m(i);
-
- c.one(); c.shlw(i); b.revsub(c); b.norm();
- b.shlw(i);
- U.add(b);
- }
- U.norm();
- return U;
- }
-
- public void random(RAND rng)
- {
- int n=length;
- for (int i=0;i<n;i++)
- {
- v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (v[n-1].nbits()<ROM.MODBYTES*8) v[n-1].copy(BIG.random(rng));
- }
-
- /* generate random x */
- public void randomnum(FF p,RAND rng)
- {
- int n=length;
- FF d=new FF(2*n);
-
- for (int i=0;i<2*n;i++)
- {
- d.v[i].copy(BIG.random(rng));
- }
- copy(d.dmod(p));
- }
-
- /* this*=y mod p */
- public void modmul(FF y,FF p,FF nd)
- {
- //FF d=new FF(2*p.length);
- long ex=P_EXCESS();
- long ey=y.P_EXCESS();
- if ((ex+1)*(ey+1)+1>=P_FEXCESS) mod(p);
- FF d=mul(this,y);
- copy(d.reduce(p,nd));
- }
-
- /* this*=y mod p */
- public void modsqr(FF p,FF nd)
- {
- //FF d=new FF(2*p.length);
- long ex=P_EXCESS();
- if ((ex+1)*(ex+1)+1>=P_FEXCESS) mod(p);
- FF d=sqr(this);
- copy(d.reduce(p,nd));
- }
-
- /* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
- public void skpow(FF e,FF p)
- {
- int i,b,n=p.length;
- FF R0=new FF(n);
- FF R1=new FF(n);
- FF ND=p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- b=e.v[i/256].bit(i%256);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
- }
- copy(R0);
- redc(p,ND);
- }
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- public void skpow(BIG e,FF p)
- {
- int i,b,n=p.length;
- FF R0=new FF(n);
- FF R1=new FF(n);
- FF ND=p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- b=e.bit(i);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
- }
- copy(R0);
- redc(p,ND);
- }
-
- /* raise to an integer power - right-to-left method */
- public void power(int e,FF p)
- {
- int n=p.length;
- FF w=new FF(n);
- FF ND=p.invmod2m();
- boolean f=true;
-
- w.copy(this);
- w.nres(p);
-
- if (e==2)
- {
- copy(w);
- modsqr(p,ND);
- }
- else for (; ; )
- {
- if (e%2==1)
- {
- if (f) copy(w);
- else modmul(w,p,ND);
- f=false;
- }
- e>>=1;
- if (e==0) break;
- w.modsqr(p,ND);
- }
- redc(p,ND);
- }
-
- /* this=this^e mod p, faster but not side channel resistant */
- public void pow(FF e,FF p)
- {
- int i,b,n=p.length;
- FF w=new FF(n);
- FF ND=p.invmod2m();
-
- w.copy(this);
- one();
- nres(p);
- w.nres(p);
- for (i=8*ROM.MODBYTES*n-1;i>=0;i--)
- {
- modsqr(p,ND);
- b=e.v[i/256].bit(i%256);
- if (b==1) modmul(w,p,ND);
- }
- redc(p,ND);
- }
-
- /* double exponentiation r=x^e.y^f mod p */
- public void pow2(BIG e,FF y,BIG f,FF p)
- {
- int i,eb,fb,n=p.length;
- FF xn=new FF(n);
- FF yn=new FF(n);
- FF xy=new FF(n);
- FF ND=p.invmod2m();
-
- xn.copy(this);
- yn.copy(y);
- xn.nres(p);
- yn.nres(p);
- xy.copy(xn); xy.modmul(yn,p,ND);
- one();
- nres(p);
-
- for (i=8*ROM.MODBYTES-1;i>=0;i--)
- {
- eb=e.bit(i);
- fb=f.bit(i);
- modsqr(p,ND);
- if (eb==1)
- {
- if (fb==1) modmul(xy,p,ND);
- else modmul(xn,p,ND);
- }
- else
- {
- if (fb==1) modmul(yn,p,ND);
- }
- }
- redc(p,ND);
- }
-
- private static int igcd(int x,int y)
- { /* integer GCD, returns GCD of x and y */
- int r;
- if (y==0) return x;
- while ((r=x%y)!=0)
- {x=y;y=r;}
- return y;
- }
-
- /* quick and dirty check for common factor with n */
- public boolean cfactor(int s)
- {
- int r,n=length;
- int g;
-
- FF x=new FF(n);
- FF y=new FF(n);
-
- y.set(s);
- x.copy(this);
- x.norm();
-
- do
- {
- x.sub(y);
- x.norm();
- while (!x.iszilch() && x.parity()==0) x.shr();
- }
- while (comp(x,y)>0);
-
- g=(int)x.v[0].get(0);
- r=igcd(s,g);
- if (r>1) return true;
- return false;
- }
-
- /* Miller-Rabin test for primality. Slow. */
- public static boolean prime(FF p,RAND rng)
- {
- int i,j,s=0,n=p.length;
- boolean loop;
- FF d=new FF(n);
- FF x=new FF(n);
- FF unity=new FF(n);
- FF nm1=new FF(n);
-
- int sf=4849845; /* 3*5*.. *19 */
- p.norm();
-
- if (p.cfactor(sf)) return false;
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity()==0)
- {
- d.shr();
- s++;
- }
- if (s==0) return false;
- for (i=0;i<10;i++)
- {
- x.randomnum(p,rng);
- x.pow(d,p);
- if (comp(x,unity)==0 || comp(x,nm1)==0) continue;
- loop=false;
- for (j=1;j<s;j++)
- {
- x.power(2,p);
- if (comp(x,unity)==0) return false;
- if (comp(x,nm1)==0) {loop=true; break;}
- }
- if (loop) continue;
- return false;
- }
- return true;
- }
-
-/*
- public static final long[][] P ={{0xAD19A781670957L,0x76A79C00965796L,0xDEFCC5FC9A9717L,0xF02F2940E20E9L,0xBF59E34FL},{0x6894F31844C908L,0x8DADA70E82C79FL,0xFD29F3836046F6L,0x8C1D874D314DD0L,0x46D077BL},{0x3C515217813331L,0x56680FD1CE935BL,0xE55C53EEA8838EL,0x92C2F7E14A4A95L,0xD945E5B1L},{0xACF673E919F5EFL,0x6723E7E7DAB446L,0x6B6FA69B36EB1BL,0xF7D13920ECA300L,0xB5FC2165L}};
-
- public static void main(String[] args) {
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (int i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- int n=4;
-
- FF x=new FF(n);
- x.set(3);
-
- FF p=new FF(P,n);
-
- if (prime(p,rng)) System.out.println("p is a prime");
-
- FF e=new FF(n);
- e.copy(p);
- e.dec(1); e.norm();
-
- System.out.println("e= "+e.toString());
-
- x.skpow(e,p);
- System.out.println("x= "+x.toString());
-
- } */
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP.java
----------------------------------------------------------------------
diff --git a/java64/FP.java b/java64/FP.java
deleted file mode 100755
index ab99c13..0000000
--- a/java64/FP.java
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public final class FP {
- private final BIG x;
- private static BIG p=new BIG(ROM.Modulus);
-
-/* Constructors */
- public FP(int a)
- {
- x=new BIG(a);
- nres();
- }
-
- public FP(BIG a)
- {
- x=new BIG(a);
- nres();
- }
-
- public FP(FP a)
- {
- x=new BIG(a.x);
- }
-
-/* convert to string */
- public String toString()
- {
- String s=redc().toString();
- return s;
- }
-
- public String toRawString()
- {
- String s=x.toRawString();
- return s;
- }
-
-/* convert to Montgomery n-residue form */
- public void nres()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE)
- {
- DBIG d=new DBIG(x);
- d.shl(ROM.NLEN*ROM.BASEBITS);
- x.copy(d.mod(p));
- }
- }
-
-/* convert back to regular form */
- public BIG redc()
- {
- if (ROM.MODTYPE!=ROM.PSEUDO_MERSENNE)
- {
- DBIG d=new DBIG(x);
- return BIG.mod(d);
- }
- else
- {
- BIG r=new BIG(x);
- return r;
- }
- }
-
-/* test this=0? */
- public boolean iszilch() {
- reduce();
- return x.iszilch();
- }
-
-/* copy from FP b */
- public void copy(FP b)
- {
- x.copy(b.x);
- }
-
-/* set this=0 */
- public void zero()
- {
- x.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- x.one(); nres();
- }
-
-/* normalise this */
- public void norm()
- {
- x.norm();
- }
-
-/* swap FPs depending on d */
- public void cswap(FP b,int d)
- {
- x.cswap(b.x,d);
- }
-
-/* copy FPs depending on d */
- public void cmove(FP b,int d)
- {
- x.cmove(b.x,d);
- }
-
-/* this*=b mod Modulus */
- public void mul(FP b)
- {
- long ea=BIG.EXCESS(x);
- long eb=BIG.EXCESS(b.x);
-
- if ((ea+1)*(eb+1)+1>=ROM.FEXCESS) reduce();
-
- DBIG d=BIG.mul(x,b.x);
- x.copy(BIG.mod(d));
- }
-
-/* this*=c mod Modulus, where c is a small int */
- public void imul(int c)
- {
- norm();
- boolean s=false;
- if (c<0)
- {
- c=-c;
- s=true;
- }
- long afx=(BIG.EXCESS(x)+1)*(c+1)+1;
- if (c<ROM.NEXCESS && afx<ROM.FEXCESS)
- {
- x.imul(c);
- }
- else
- {
- if (afx<ROM.FEXCESS) x.pmul(c);
- else
- {
- DBIG d=x.pxmul(c);
- x.copy(d.mod(p));
- }
- }
- if (s) neg();
- norm();
- }
-
-
-/* this*=this mod Modulus */
- public void sqr()
- {
- DBIG d;
- long ea=BIG.EXCESS(x);
- if ((ea+1)*(ea+1)+1>=ROM.FEXCESS)
- reduce();
-
- d=BIG.sqr(x);
- x.copy(BIG.mod(d));
- }
-
-/* this+=b */
- public void add(FP b) {
- x.add(b.x);
- if (BIG.EXCESS(x)+2>=ROM.FEXCESS) reduce();
- }
-
-/* this = -this mod Modulus */
- public void neg()
- {
- int sb;
- long ov;
- BIG m=new BIG(p);
-
- norm();
-
- ov=BIG.EXCESS(x);
- sb=1; while(ov!=0) {sb++;ov>>=1;}
-
- m.fshl(sb);
- x.rsub(m);
-
- if (BIG.EXCESS(x)>=ROM.FEXCESS) reduce();
- }
-
-/* this-=b */
- public void sub(FP b)
- {
- FP n=new FP(b);
- n.neg();
- this.add(n);
- }
-
-/* this/=2 mod Modulus */
- public void div2()
- {
- x.norm();
- if (x.parity()==0)
- x.fshr(1);
- else
- {
- x.add(p);
- x.norm();
- x.fshr(1);
- }
- }
-
-/* this=1/this mod Modulus */
- public void inverse()
- {
- BIG r=redc();
- r.invmodp(p);
- x.copy(r);
- nres();
- }
-
-/* return TRUE if this==a */
- public boolean equals(FP a)
- {
- a.reduce();
- reduce();
- if (BIG.comp(a.x,x)==0) return true;
- return false;
- }
-
-/* reduce this mod Modulus */
- public void reduce()
- {
- x.mod(p);
- }
-
-/* return this^e mod Modulus */
- public FP pow(BIG e)
- {
- int bt;
- FP r=new FP(1);
- e.norm();
- x.norm();
- FP m=new FP(this);
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(m);
- if (e.iszilch()) break;
- m.sqr();
- }
- r.x.mod(p);
- return r;
- }
-
-/* return sqrt(this) mod Modulus */
- public FP sqrt()
- {
- reduce();
- BIG b=new BIG(p);
- if (ROM.MOD8==5)
- {
- b.dec(5); b.norm(); b.shr(3);
- FP i=new FP(this); i.x.shl(1);
- FP v=i.pow(b);
- i.mul(v); i.mul(v);
- i.x.dec(1);
- FP r=new FP(this);
- r.mul(v); r.mul(i);
- r.reduce();
- return r;
- }
- else
- {
- b.inc(1); b.norm(); b.shr(2);
- return pow(b);
- }
- }
-
-/* return jacobi symbol (this/Modulus) */
- public int jacobi()
- {
- BIG w=redc();
- return w.jacobi(p);
- }
-/*
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(m);
- e.dec(1);
-
- System.out.println("m= "+m.nbits());
-
-
- BIG r=x.powmod(e,m);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
- BIG.cswap(m,r,0);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
-// FP y=new FP(3);
-// FP s=y.pow(e);
-// System.out.println("s= "+s.toString());
-
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP12.java
----------------------------------------------------------------------
diff --git a/java64/FP12.java b/java64/FP12.java
deleted file mode 100755
index 1242652..0000000
--- a/java64/FP12.java
+++ /dev/null
@@ -1,640 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Fp^12 functions */
-/* FP12 elements are of the form a+i.b+i^2.c */
-
-public final class FP12 {
- private final FP4 a;
- private final FP4 b;
- private final FP4 c;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- c.reduce();
- }
-/* normalise all components of this */
- public void norm()
- {
- a.norm();
- b.norm();
- c.norm();
- }
-/* test x==0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch() && c.iszilch());
- }
-/* test x==1 ? */
- public boolean isunity() {
- FP4 one=new FP4(1);
- return (a.equals(one) && b.iszilch() && c.iszilch());
- }
-/* return 1 if x==y, else 0 */
- public boolean equals(FP12 x)
- {
- return (a.equals(x.a) && b.equals(x.b) && c.equals(x.c));
- }
-/* extract a from this */
- public FP4 geta()
- {
- return a;
- }
-/* extract b */
- public FP4 getb()
- {
- return b;
- }
-/* extract c */
- public FP4 getc()
- {
- return c;
- }
-/* copy this=x */
- public void copy(FP12 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- c.copy(x.c);
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- c.zero();
- }
-/* this=conj(this) */
- public void conj()
- {
- a.conj();
- b.nconj();
- c.conj();
- }
-/* Constructors */
- public FP12(FP4 d)
- {
- a=new FP4(d);
- b=new FP4(0);
- c=new FP4(0);
- }
-
- public FP12(int d)
- {
- a=new FP4(d);
- b=new FP4(0);
- c=new FP4(0);
- }
-
- public FP12(FP4 d,FP4 e,FP4 f)
- {
- a=new FP4(d);
- b=new FP4(e);
- c=new FP4(f);
- }
-
- public FP12(FP12 x)
- {
- a=new FP4(x.a);
- b=new FP4(x.b);
- c=new FP4(x.c);
- }
-
-/* Granger-Scott Unitary Squaring */
- public void usqr()
- {
- FP4 A=new FP4(a);
- FP4 B=new FP4(c);
- FP4 C=new FP4(b);
- FP4 D=new FP4(0);
-
- a.sqr();
- D.copy(a); D.add(a);
- a.add(D);
-
-// a.norm();
- A.nconj();
-
- A.add(A);
- a.add(A);
- B.sqr();
- B.times_i();
-
- D.copy(B); D.add(B);
- B.add(D);
-// B.norm();
-
- C.sqr();
- D.copy(C); D.add(C);
- C.add(D);
-// C.norm();
-
- b.conj();
- b.add(b);
- c.nconj();
-
- c.add(c);
- b.add(B);
- c.add(C);
- reduce();
-
- }
-
-/* Chung-Hasan SQR2 method from http://cacr.uwaterloo.ca/techreports/2006/cacr2006-24.pdf */
- public void sqr()
- {
- FP4 A=new FP4(a);
- FP4 B=new FP4(b);
- FP4 C=new FP4(c);
- FP4 D=new FP4(a);
-
- A.sqr();
- B.mul(c);
- B.add(B);
- C.sqr();
- D.mul(b);
- D.add(D);
-
- c.add(a);
- c.add(b);
- c.sqr();
-
- a.copy(A);
-
- A.add(B);
-// A.norm();
- A.add(C);
- A.add(D);
-// A.norm();
-
- A.neg();
- B.times_i();
- C.times_i();
-
- a.add(B);
-
- b.copy(C); b.add(D);
- c.add(A);
- norm();
- }
-
-/* FP12 full multiplication this=this*y */
- public void mul(FP12 y)
- {
- FP4 z0=new FP4(a);
- FP4 z1=new FP4(0);
- FP4 z2=new FP4(b);
- FP4 z3=new FP4(0);
- FP4 t0=new FP4(a);
- FP4 t1=new FP4(y.a);
-
- z0.mul(y.a);
- z2.mul(y.b);
-
- t0.add(b);
- t1.add(y.b);
-
- z1.copy(t0); z1.mul(t1);
- t0.copy(b); t0.add(c);
-
- t1.copy(y.b); t1.add(y.c);
- z3.copy(t0); z3.mul(t1);
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- z1.add(t0);
-// z1.norm();
- b.copy(z1); b.add(t1);
-
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a); t0.add(c);
- t1.copy(y.a); t1.add(y.c);
- t0.mul(t1);
- z2.add(t0);
-
- t0.copy(c); t0.mul(y.c);
- t1.copy(t0); t1.neg();
-
-// z2.norm();
-// z3.norm();
-// b.norm();
-
- c.copy(z2); c.add(t1);
- z3.add(t1);
- t0.times_i();
- b.add(t0);
-
- z3.times_i();
- a.copy(z0); a.add(z3);
- norm();
- }
-
-/* Special case of multiplication arises from special form of ATE pairing line function */
- public void smul(FP12 y)
- {
- FP4 z0=new FP4(a);
- FP4 z2=new FP4(b);
- FP4 z3=new FP4(b);
- FP4 t0=new FP4(0);
- FP4 t1=new FP4(y.a);
-
- z0.mul(y.a);
- z2.pmul(y.b.real());
- b.add(a);
- t1.real().add(y.b.real());
-
- b.mul(t1);
- z3.add(c);
- z3.pmul(y.b.real());
-
- t0.copy(z0); t0.neg();
- t1.copy(z2); t1.neg();
-
- b.add(t0);
-// b.norm();
-
- b.add(t1);
- z3.add(t1);
- z2.add(t0);
-
- t0.copy(a); t0.add(c);
- t0.mul(y.a);
- c.copy(z2); c.add(t0);
-
- z3.times_i();
- a.copy(z0); a.add(z3);
-
- norm();
- }
-
-/* this=1/this */
- public void inverse()
- {
- FP4 f0=new FP4(a);
- FP4 f1=new FP4(b);
- FP4 f2=new FP4(a);
- FP4 f3=new FP4(0);
-
- norm();
- f0.sqr();
- f1.mul(c);
- f1.times_i();
- f0.sub(f1);
-
- f1.copy(c); f1.sqr();
- f1.times_i();
- f2.mul(b);
- f1.sub(f2);
-
- f2.copy(b); f2.sqr();
- f3.copy(a); f3.mul(c);
- f2.sub(f3);
-
- f3.copy(b); f3.mul(f2);
- f3.times_i();
- a.mul(f0);
- f3.add(a);
- c.mul(f1);
- c.times_i();
-
- f3.add(c);
- f3.inverse();
- a.copy(f0); a.mul(f3);
- b.copy(f1); b.mul(f3);
- c.copy(f2); c.mul(f3);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- FP2 f2=new FP2(f);
- FP2 f3=new FP2(f);
-
- f2.sqr();
- f3.mul(f2);
-
- a.frob(f3);
- b.frob(f3);
- c.frob(f3);
-
- b.pmul(f);
- c.pmul(f2);
- }
-
-/* trace function */
- public FP4 trace()
- {
- FP4 t=new FP4(0);
- t.copy(a);
- t.imul(3);
- t.reduce();
- return t;
- }
-
-/* convert from byte array to FP12 */
- public static FP12 fromBytes(byte[] w)
- {
- BIG a,b;
- FP2 c,d;
- FP4 e,f,g;
- byte[] t=new byte[ROM.MODBYTES];
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+2*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+3*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- e=new FP4(c,d);
-
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+4*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+5*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+6*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+7*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- f=new FP4(c,d);
-
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+8*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+9*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- c=new FP2(a,b);
-
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+10*ROM.MODBYTES];
- a=BIG.fromBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) t[i]=w[i+11*ROM.MODBYTES];
- b=BIG.fromBytes(t);
- d=new FP2(a,b);
-
- g=new FP4(c,d);
-
- return new FP12(e,f,g);
- }
-
-/* convert this to byte array */
- public void toBytes(byte[] w)
- {
- byte[] t=new byte[ROM.MODBYTES];
- a.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i]=t[i];
- a.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+ROM.MODBYTES]=t[i];
- a.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+2*ROM.MODBYTES]=t[i];
- a.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+3*ROM.MODBYTES]=t[i];
-
- b.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+4*ROM.MODBYTES]=t[i];
- b.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+5*ROM.MODBYTES]=t[i];
- b.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+6*ROM.MODBYTES]=t[i];
- b.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+7*ROM.MODBYTES]=t[i];
-
- c.geta().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+8*ROM.MODBYTES]=t[i];
- c.geta().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+9*ROM.MODBYTES]=t[i];
- c.getb().getA().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+10*ROM.MODBYTES]=t[i];
- c.getb().getB().toBytes(t);
- for (int i=0;i<ROM.MODBYTES;i++) w[i+11*ROM.MODBYTES]=t[i];
- }
-
-/* convert to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+","+c.toString()+"]");
- }
-
-/* this=this^e */
- public FP12 pow(BIG e)
- {
- norm();
- e.norm();
- FP12 w=new FP12(this);
- BIG z=new BIG(e);
- FP12 r=new FP12(1);
-
- while (true)
- {
- int bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.usqr();
- }
- r.reduce();
- return r;
- }
-
-/* constant time powering by small integer of max length bts */
- public void pinpow(int e,int bts)
- {
- int i,b;
- FP12 [] R=new FP12[2];
- R[0]=new FP12(1);
- R[1]=new FP12(this);
- for (i=bts-1;i>=0;i--)
- {
- b=(e>>i)&1;
- R[1-b].mul(R[b]);
- R[b].usqr();
- }
- this.copy(R[0]);
- }
-
-/* p=q0^u0.q1^u1.q2^u2.q3^u3 */
-/* Timing attack secure, but not cache attack secure */
-
- public static FP12 pow4(FP12[] q,BIG[] u)
- {
- int i,j,nb,m;
- int[] a=new int[4];
- FP12 [] g=new FP12[8];
- FP12 [] s=new FP12[2];
- FP12 c=new FP12(1);
- FP12 p=new FP12(0);
- BIG [] t=new BIG[4];
- BIG mt=new BIG(0);
- byte[] w=new byte[ROM.NLEN*ROM.BASEBITS+1];
-
- for (i=0;i<4;i++)
- t[i]=new BIG(u[i]);
-
- s[0]=new FP12(0);
- s[1]=new FP12(0);
-
- g[0]=new FP12(q[0]); s[0].copy(q[1]); s[0].conj(); g[0].mul(s[0]);
- g[1]=new FP12(g[0]);
- g[2]=new FP12(g[0]);
- g[3]=new FP12(g[0]);
- g[4]=new FP12(q[0]); g[4].mul(q[1]);
- g[5]=new FP12(g[4]);
- g[6]=new FP12(g[4]);
- g[7]=new FP12(g[4]);
-
- s[1].copy(q[2]); s[0].copy(q[3]); s[0].conj(); s[1].mul(s[0]);
- s[0].copy(s[1]); s[0].conj(); g[1].mul(s[0]);
- g[2].mul(s[1]);
- g[5].mul(s[0]);
- g[6].mul(s[1]);
- s[1].copy(q[2]); s[1].mul(q[3]);
- s[0].copy(s[1]); s[0].conj(); g[0].mul(s[0]);
- g[3].mul(s[1]);
- g[4].mul(s[0]);
- g[7].mul(s[1]);
-
-/* if power is even add 1 to power, and add q to correction */
-
- for (i=0;i<4;i++)
- {
- if (t[i].parity()==0)
- {
- t[i].inc(1); t[i].norm();
- c.mul(q[i]);
- }
- mt.add(t[i]); mt.norm();
- }
- c.conj();
- nb=1+mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j=0;j<nb;j++)
- {
- for (i=0;i<4;i++)
- {
- a[i]=(t[i].lastbits(2)-2);
- t[i].dec(a[i]); t[i].norm();
- t[i].fshr(1);
- }
- w[j]=(byte)(8*a[0]+4*a[1]+2*a[2]+a[3]);
- }
- w[nb]=(byte)(8*t[0].lastbits(2)+4*t[1].lastbits(2)+2*t[2].lastbits(2)+t[3].lastbits(2));
- p.copy(g[(w[nb]-1)/2]);
-
- for (i=nb-1;i>=0;i--)
- {
- m=w[i]>>7;
- j=(w[i]^m)-m; /* j=abs(w[i]) */
- j=(j-1)/2;
- s[0].copy(g[j]); s[1].copy(g[j]); s[1].conj();
- p.usqr();
- p.mul(s[m&1]);
- }
- p.mul(c); /* apply correction */
- p.reduce();
- return p;
- }
-
-/*
- public static void main(String[] args) {
- BIG p=new BIG(ROM.Modulus);
- FP2 w0,w1;
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.zero(); b.zero(); a.inc(1); b.inc(2);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(3); b.inc(4);
- w1=new FP2(a,b);
- FP4 t0=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(5); b.inc(6);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(7); b.inc(8);
- w1=new FP2(a,b);
- FP4 t1=new FP4(w0,w1);
-
- a.zero(); b.zero(); a.inc(9); b.inc(10);
- w0=new FP2(a,b);
- a.zero(); b.zero(); a.inc(11); b.inc(12);
- w1=new FP2(a,b);
- FP4 t2=new FP4(w0,w1);
-
- FP12 w=new FP12(t0,t1,t2);
- FP12 t=new FP12(w);
-
- System.out.println("w= "+w.toString());
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- w.frob(f);
- System.out.println("w= "+w.toString());
-
- w=t.pow(p);
-
- System.out.println("w= "+w.toString());
-
- w.inverse();
-
- System.out.println("1/w= "+w.toString());
-
- w.inverse();
-
- System.out.println("w= "+w.toString());
-
- t.copy(w);
- w.conj();
- t.inverse();
- w.mul(t);
-
- System.out.println("w^(p^6-1)= "+w.toString());
-
- t.copy(w);
- w.frob(f);
- w.frob(f);
- w.mul(t);
-
- System.out.println("w^(p^6-1)(p^2+1)= "+w.toString());
-
- t.copy(w);
-
- t.inverse();
- w.conj();
-
- System.out.println("w= "+w.toString());
- System.out.println("t= "+t.toString());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP2.java
----------------------------------------------------------------------
diff --git a/java64/FP2.java b/java64/FP2.java
deleted file mode 100755
index 48e2b7e..0000000
--- a/java64/FP2.java
+++ /dev/null
@@ -1,391 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^2 functions */
-
-/* FP2 elements are of the form a+ib, where i is sqrt(-1) */
-
-public final class FP2 {
- private final FP a;
- private final FP b;
-
-/* reduce components mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-
-/* normalise components of w */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-
-/* test this=0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-
- public void cmove(FP2 g,int d)
- {
- a.cmove(g.a,d);
- b.cmove(g.b,d);
- }
-
-/* test this=1 ? */
- public boolean isunity() {
- FP one=new FP(1);
- return (a.equals(one) && b.iszilch());
- }
-
-/* test this=x */
- public boolean equals(FP2 x) {
- return (a.equals(x.a) && b.equals(x.b));
- }
-
-/* Constructors */
- public FP2(int c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
- public FP2(FP2 x)
- {
- a=new FP(x.a);
- b=new FP(x.b);
- }
-
- public FP2(FP c,FP d)
- {
- a=new FP(c);
- b=new FP(d);
- }
-
- public FP2(BIG c,BIG d)
- {
- a=new FP(c);
- b=new FP(d);
- }
-
- public FP2(FP c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
- public FP2(BIG c)
- {
- a=new FP(c);
- b=new FP(0);
- }
-
-/* extract a */
- public BIG getA()
- {
- return a.redc();
- }
-
-/* extract b */
- public BIG getB()
- {
- return b.redc();
- }
-
-/* copy this=x */
- public void copy(FP2 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-
-/* negate this mod Modulus */
- public void neg()
- {
- norm();
- FP m=new FP(a);
- FP t=new FP(0);
-
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m); t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-
-/* set to a-ib */
- public void conj()
- {
- b.neg();
- }
-
-/* this+=a */
- public void add(FP2 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-
-/* this-=a */
- public void sub(FP2 x)
- {
- FP2 m=new FP2(x);
- m.neg();
- add(m);
- }
-
-/* this*=s, where s is an FP */
- public void pmul(FP s)
- {
- a.mul(s);
- b.mul(s);
- }
-
-/* this*=i, where i is an int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-
-/* this*=this */
- public void sqr()
- {
- norm();
- FP w1=new FP(a);
- FP w3=new FP(a);
- FP mb=new FP(b);
-
- w3.mul(b);
- w1.add(b);
- mb.neg();
- a.add(mb);
- a.mul(w1);
- b.copy(w3); b.add(w3);
-// reduce();
- norm();
- }
-
-/* this*=y */
- public void mul(FP2 y)
- {
- norm(); /* This is needed here as {a,b} is not normed before additions */
-
- FP w1=new FP(a);
- FP w2=new FP(b);
- FP w5=new FP(a);
- FP mw=new FP(0);
-
- w1.mul(y.a); // w1=a*y.a - this norms w1 and y.a, NOT a
- w2.mul(y.b); // w2=b*y.b - this norms w2 and y.b, NOT b
- w5.add(b); // w5=a+b
- b.copy(y.a); b.add(y.b); // b=y.a+y.b
-
- b.mul(w5);
- mw.copy(w1); mw.add(w2); mw.neg();
-
- b.add(mw); mw.add(w1);
- a.copy(w1); a.add(mw);
-
-// reduce();
- norm();
- }
-
-
-/* sqrt(a+ib) = sqrt(a+sqrt(a*a-n*b*b)/2)+ib/(2*sqrt(a+sqrt(a*a-n*b*b)/2)) */
-/* returns true if this is QR */
- public boolean sqrt()
- {
- if (iszilch()) return true;
- FP w1=new FP(b);
- FP w2=new FP(a);
- w1.sqr(); w2.sqr(); w1.add(w2);
- if (w1.jacobi()!=1) { zero(); return false; }
- w1=w1.sqrt();
- w2.copy(a); w2.add(w1); w2.div2();
- if (w2.jacobi()!=1)
- {
- w2.copy(a); w2.sub(w1); w2.div2();
- if (w2.jacobi()!=1) { zero(); return false; }
- }
- w2=w2.sqrt();
- a.copy(w2);
- w2.add(w2);
- w2.inverse();
- b.mul(w2);
- return true;
- }
-
-/* output to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+"]");
- }
-
- public String toRawString()
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
- FP w1=new FP(a);
- FP w2=new FP(b);
-
- w1.sqr();
- w2.sqr();
- w1.add(w2);
- w1.inverse();
- a.mul(w1);
- w1.neg();
- b.mul(w1);
- }
-
-/* this/=2 */
- public void div2()
- {
- a.div2();
- b.div2();
- }
-
-/* this*=sqrt(-1) */
- public void times_i()
- {
- // a.norm();
- FP z=new FP(a);
- a.copy(b); a.neg();
- b.copy(z);
- }
-
-/* w*=(1+sqrt(-1)) */
-/* where X*2-(1+sqrt(-1)) is irreducible for FP4, assumes p=3 mod 8 */
- public void mul_ip()
- {
- norm();
- FP2 t=new FP2(this);
- FP z=new FP(a);
- a.copy(b);
- a.neg();
- b.copy(z);
- add(t);
- norm();
- }
-
-/* w/=(1+sqrt(-1)) */
- public void div_ip()
- {
- FP2 t=new FP2(0);
- norm();
- t.a.copy(a); t.a.add(b);
- t.b.copy(b); t.b.sub(a);
- copy(t);
- div2();
- }
-/*
- public FP2 pow(BIG e)
- {
- int bt;
- FP2 r=new FP2(1);
- e.norm();
- norm();
- while (true)
- {
- bt=e.parity();
- e.fshr(1);
- if (bt==1) r.mul(this);
- if (e.iszilch()) break;
- sqr();
- }
-
- r.reduce();
- return r;
- }
-
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(27);
- BIG pp1=new BIG(m);
- BIG pm1=new BIG(m);
- BIG a=new BIG(1);
- BIG b=new BIG(1);
- FP2 w=new FP2(a,b);
- FP2 z=new FP2(w);
-
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
- for (int i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
- // for (int i=0;i<100;i++)
- // {
- a.randomnum(rng);
- b.randomnum(rng);
-
- w=new FP2(a,b);
- System.out.println("w="+w.toString());
-
- z=new FP2(w);
- z.inverse();
- System.out.println("z="+z.toString());
-
- z.inverse();
- if (!z.equals(w)) System.out.println("Error");
- // }
-
-// System.out.println("m="+m.toString());
-// w.sqr();
-// w.mul(z);
-
- System.out.println("w="+w.toString());
-
-
- pp1.inc(1); pp1.norm();
- pm1.dec(1); pm1.norm();
- System.out.println("p+1="+pp1.toString());
- System.out.println("p-1="+pm1.toString());
- w=w.pow(pp1);
- w=w.pow(pm1);
- System.out.println("w="+w.toString());
- }
-*/
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/FP4.java
----------------------------------------------------------------------
diff --git a/java64/FP4.java b/java64/FP4.java
deleted file mode 100755
index 5eaa78d..0000000
--- a/java64/FP4.java
+++ /dev/null
@@ -1,585 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic Fp^4 functions */
-
-/* FP4 elements are of the form a+ib, where i is sqrt(-1+sqrt(-1)) */
-
-public final class FP4 {
- private final FP2 a;
- private final FP2 b;
-/* reduce all components of this mod Modulus */
- public void reduce()
- {
- a.reduce();
- b.reduce();
- }
-/* normalise all components of this mod Modulus */
- public void norm()
- {
- a.norm();
- b.norm();
- }
-/* test this==0 ? */
- public boolean iszilch() {
- reduce();
- return (a.iszilch() && b.iszilch());
- }
-/* test this==1 ? */
- public boolean isunity() {
- FP2 one=new FP2(1);
- return (a.equals(one) && b.iszilch());
- }
-
-/* test is w real? That is in a+ib test b is zero */
- public boolean isreal()
- {
- return b.iszilch();
- }
-/* extract real part a */
- public FP2 real()
- {
- return a;
- }
-
- public FP2 geta()
- {
- return a;
- }
-/* extract imaginary part b */
- public FP2 getb()
- {
- return b;
- }
-/* test this=x? */
- public boolean equals(FP4 x)
- {
- return (a.equals(x.a) && b.equals(x.b));
- }
-/* constructors */
- public FP4(int c)
- {
- a=new FP2(c);
- b=new FP2(0);
- }
-
- public FP4(FP4 x)
- {
- a=new FP2(x.a);
- b=new FP2(x.b);
- }
-
- public FP4(FP2 c,FP2 d)
- {
- a=new FP2(c);
- b=new FP2(d);
- }
-
- public FP4(FP2 c)
- {
- a=new FP2(c);
- b=new FP2(0);
- }
-/* copy this=x */
- public void copy(FP4 x)
- {
- a.copy(x.a);
- b.copy(x.b);
- }
-/* set this=0 */
- public void zero()
- {
- a.zero();
- b.zero();
- }
-/* set this=1 */
- public void one()
- {
- a.one();
- b.zero();
- }
-/* set this=-this */
- public void neg()
- {
- FP2 m=new FP2(a);
- FP2 t=new FP2(0);
- m.add(b);
- m.neg();
- m.norm();
- t.copy(m); t.add(b);
- b.copy(m);
- b.add(a);
- a.copy(t);
- }
-/* this=conjugate(this) */
- public void conj()
- {
- b.neg(); b.norm();
- }
-/* this=-conjugate(this) */
- public void nconj()
- {
- a.neg(); a.norm();
- }
-/* this+=x */
- public void add(FP4 x)
- {
- a.add(x.a);
- b.add(x.b);
- }
-/* this-=x */
- public void sub(FP4 x)
- {
- FP4 m=new FP4(x);
- m.neg();
- add(m);
- }
-
-/* this*=s where s is FP2 */
- public void pmul(FP2 s)
- {
- a.mul(s);
- b.mul(s);
- }
-/* this*=c where c is int */
- public void imul(int c)
- {
- a.imul(c);
- b.imul(c);
- }
-/* this*=this */
- public void sqr()
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
- FP2 t3=new FP2(a);
-
- t3.mul(b);
- t1.add(b);
- t2.mul_ip();
-
- t2.add(a);
- a.copy(t1);
-
- a.mul(t2);
-
- t2.copy(t3);
- t2.mul_ip();
- t2.add(t3);
- t2.neg();
- a.add(t2);
-
- b.copy(t3);
- b.add(t3);
-
- norm();
- }
-/* this*=y */
- public void mul(FP4 y)
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
- FP2 t3=new FP2(0);
- FP2 t4=new FP2(b);
-
- t1.mul(y.a);
- t2.mul(y.b);
- t3.copy(y.b);
- t3.add(y.a);
- t4.add(a);
-
- t4.mul(t3);
- t4.sub(t1);
-// t4.norm();
-
- b.copy(t4);
- b.sub(t2);
- t2.mul_ip();
- a.copy(t2);
- a.add(t1);
-
- norm();
- }
-/* convert this to hex string */
- public String toString()
- {
- return ("["+a.toString()+","+b.toString()+"]");
- }
-
- public String toRawString()
- {
- return ("["+a.toRawString()+","+b.toRawString()+"]");
- }
-
-/* this=1/this */
- public void inverse()
- {
- norm();
-
- FP2 t1=new FP2(a);
- FP2 t2=new FP2(b);
-
- t1.sqr();
- t2.sqr();
- t2.mul_ip();
- t1.sub(t2);
- t1.inverse();
- a.mul(t1);
- t1.neg();
- b.mul(t1);
- }
-
-
-/* this*=i where i = sqrt(-1+sqrt(-1)) */
- public void times_i()
- {
- norm();
- FP2 s=new FP2(b);
- FP2 t=new FP2(b);
- s.times_i();
- t.add(s);
-// t.norm();
- b.copy(a);
- a.copy(t);
- }
-
-/* this=this^p using Frobenius */
- public void frob(FP2 f)
- {
- a.conj();
- b.conj();
- b.mul(f);
- }
-
-/* this=this^e */
- public FP4 pow(BIG e)
- {
- norm();
- e.norm();
- FP4 w=new FP4(this);
- BIG z=new BIG(e);
- FP4 r=new FP4(1);
- while (true)
- {
- int bt=z.parity();
- z.fshr(1);
- if (bt==1) r.mul(w);
- if (z.iszilch()) break;
- w.sqr();
- }
- r.reduce();
- return r;
- }
-/* XTR xtr_a function */
- public void xtr_A(FP4 w,FP4 y,FP4 z)
- {
- FP4 r=new FP4(w);
- FP4 t=new FP4(w);
- r.sub(y);
- r.pmul(a);
- t.add(y);
- t.pmul(b);
- t.times_i();
-
- copy(r);
- add(t);
- add(z);
-
- norm();
- }
-
-/* XTR xtr_d function */
- public void xtr_D() {
- FP4 w=new FP4(this);
- sqr(); w.conj();
- w.add(w);
- sub(w);
- reduce();
- }
-
-/* r=x^n using XTR method on traces of FP12s */
- public FP4 xtr_pow(BIG n) {
- FP4 a=new FP4(3);
- FP4 b=new FP4(this);
- FP4 c=new FP4(b);
- c.xtr_D();
- FP4 t=new FP4(0);
- FP4 r=new FP4(0);
-
- n.norm();
- int par=n.parity();
- BIG v=new BIG(n); v.fshr(1);
- if (par==0) {v.dec(1); v.norm();}
-
- int nb=v.nbits();
- for (int i=nb-1;i>=0;i--)
- {
- if (v.bit(i)!=1)
- {
- t.copy(b);
- conj();
- c.conj();
- b.xtr_A(a,this,c);
- conj();
- c.copy(t);
- c.xtr_D();
- a.xtr_D();
- }
- else
- {
- t.copy(a); t.conj();
- a.copy(b);
- a.xtr_D();
- b.xtr_A(c,this,t);
- c.xtr_D();
- }
- }
- if (par==0) r.copy(c);
- else r.copy(b);
- r.reduce();
- return r;
- }
-
-/* r=ck^a.cl^n using XTR double exponentiation method on traces of FP12s. See Stam thesis. */
- public FP4 xtr_pow2(FP4 ck,FP4 ckml,FP4 ckm2l,BIG a,BIG b)
- {
- a.norm(); b.norm();
- BIG e=new BIG(a);
- BIG d=new BIG(b);
- BIG w=new BIG(0);
-
- FP4 cu=new FP4(ck); // can probably be passed in w/o copying
- FP4 cv=new FP4(this);
- FP4 cumv=new FP4(ckml);
- FP4 cum2v=new FP4(ckm2l);
- FP4 r=new FP4(0);
- FP4 t=new FP4(0);
-
- int f2=0;
- while (d.parity()==0 && e.parity()==0)
- {
- d.fshr(1);
- e.fshr(1);
- f2++;
- }
-
- while (BIG.comp(d,e)!=0)
- {
- if (BIG.comp(d,e)>0)
- {
- w.copy(e); w.imul(4); w.norm();
- if (BIG.comp(d,w)<=0)
- {
- w.copy(d); d.copy(e);
- e.rsub(w); e.norm();
-
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cum2v.conj();
- cumv.copy(cv);
- cv.copy(cu);
- cu.copy(t);
-
- }
- else if (d.parity()==0)
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- else if (e.parity()==1)
- {
- d.sub(e); d.norm();
- d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cu.xtr_D();
- cum2v.copy(cv);
- cum2v.xtr_D();
- cum2v.conj();
- cv.copy(t);
- }
- else
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- }
- if (BIG.comp(d,e)<0)
- {
- w.copy(d); w.imul(4); w.norm();
- if (BIG.comp(e,w)<=0)
- {
- e.sub(d); e.norm();
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cum2v.copy(cumv);
- cumv.copy(cu);
- cu.copy(t);
- }
- else if (e.parity()==0)
- {
- w.copy(d);
- d.copy(e); d.fshr(1);
- e.copy(w);
- t.copy(cumv);
- t.xtr_D();
- cumv.copy(cum2v); cumv.conj();
- cum2v.copy(t); cum2v.conj();
- t.copy(cv);
- t.xtr_D();
- cv.copy(cu);
- cu.copy(t);
- }
- else if (d.parity()==1)
- {
- w.copy(e);
- e.copy(d);
- w.sub(d); w.norm();
- d.copy(w); d.fshr(1);
- t.copy(cv);
- t.xtr_A(cu,cumv,cum2v);
- cumv.conj();
- cum2v.copy(cu);
- cum2v.xtr_D();
- cum2v.conj();
- cu.copy(cv);
- cu.xtr_D();
- cv.copy(t);
- }
- else
- {
- d.fshr(1);
- r.copy(cum2v); r.conj();
- t.copy(cumv);
- t.xtr_A(cu,cv,r);
- cum2v.copy(cumv);
- cum2v.xtr_D();
- cumv.copy(t);
- cu.xtr_D();
- }
- }
- }
- r.copy(cv);
- r.xtr_A(cu,cumv,cum2v);
- for (int i=0;i<f2;i++)
- r.xtr_D();
- r=r.xtr_pow(d);
- return r;
- }
-
-/*
-
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG e=new BIG(12);
- BIG a=new BIG(0);
- BIG b=new BIG(0);
-
- a.inc(27); b.inc(45);
-
- FP2 w0=new FP2(a,b);
-
- a.zero(); b.zero();
- a.inc(33); b.inc(54);
-
- FP2 w1=new FP2(a,b);
-
-
- FP4 w=new FP4(w0,w1);
- FP4 t=new FP4(w);
-
- a=new BIG(ROM.CURVE_Fra);
- b=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(a,b);
-
- System.out.println("w= "+w.toString());
-
- w=w.pow(m);
-
- System.out.println("w^p= "+w.toString());
-
- t.frob(f);
-
-
- System.out.println("w^p= "+t.toString());
-
- w=w.pow(m);
- w=w.pow(m);
- w=w.pow(m);
- System.out.println("w^p4= "+w.toString());
-
-
- System.out.println("Test Inversion");
-
- w=new FP4(w0,w1);
-
- w.inverse();
-
- System.out.println("1/w mod p^4 = "+w.toString());
-
- w.inverse();
-
- System.out.println("1/(1/w) mod p^4 = "+w.toString());
-
- FP4 ww=new FP4(w);
-
- w=w.xtr_pow(e);
- System.out.println("w^e= "+w.toString());
-
-
- a.zero(); b.zero();
- a.inc(37); b.inc(17);
- w0=new FP2(a,b);
- a.zero(); b.zero();
- a.inc(49); b.inc(31);
- w1=new FP2(a,b);
-
- FP4 c1=new FP4(w0,w1);
- FP4 c2=new FP4(w0,w1);
- FP4 c3=new FP4(w0,w1);
-
- BIG e1=new BIG(3331);
- BIG e2=new BIG(3372);
-
- FP4 cr=w.xtr_pow2(c1,c2,c3,e1,e2);
-
- System.out.println("c^e= "+cr.toString());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/GCM.java
----------------------------------------------------------------------
diff --git a/java64/GCM.java b/java64/GCM.java
deleted file mode 100755
index 1422af9..0000000
--- a/java64/GCM.java
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-
-/*
- * Implementation of the AES-GCM Encryption/Authentication
- *
- * Some restrictions..
- * 1. Only for use with AES
- * 2. Returned tag is always 128-bits. Truncate at your own risk.
- * 3. The order of function calls must follow some rules
- *
- * Typical sequence of calls..
- * 1. call GCM_init
- * 2. call GCM_add_header any number of times, as long as length of header is multiple of 16 bytes (block size)
- * 3. call GCM_add_header one last time with any length of header
- * 4. call GCM_add_cipher any number of times, as long as length of cipher/plaintext is multiple of 16 bytes
- * 5. call GCM_add_cipher one last time with any length of cipher/plaintext
- * 6. call GCM_finish to extract the tag.
- *
- * See http://www.mindspring.com/~dmcgrew/gcm-nist-6.pdf
- */
-
-public class GCM {
- public static final int NB=4;
- public static final int GCM_ACCEPTING_HEADER=0;
- public static final int GCM_ACCEPTING_CIPHER=1;
- public static final int GCM_NOT_ACCEPTING_MORE=2;
- public static final int GCM_FINISHED=3;
- public static final int GCM_ENCRYPTING=0;
- public static final int GCM_DECRYPTING=1;
-
- private int[][] table=new int[128][4]; /* 2k bytes */
- private byte[] stateX=new byte[16];
- private byte[]Y_0=new byte[16];
- private int counter;
- private int[] lenA=new int[2];
- private int[] lenC=new int[2];
- private int status;
- private AES a=new AES();
-
- private static int pack(byte[] b)
- { /* pack bytes into a 32-bit Word */
- return ((((int)b[0])&0xff)<<24)|(((int)b[1]&0xff)<<16)|(((int)b[2]&0xff)<<8)|((int)b[3]&0xff);
- }
-
- private static byte[] unpack(int a)
- { /* unpack bytes from a word */
- byte [] b=new byte[4];
- b[3]=(byte)(a);
- b[2]=(byte)(a>>>8);
- b[1]=(byte)(a>>>16);
- b[0]=(byte)(a>>>24);
- return b;
- }
-
- private void precompute(byte[] H)
- {
- int i,j,c;
- byte[] b=new byte[4];
-
- for (i=j=0;i<NB;i++,j+=4)
- {
- b[0]=H[j]; b[1]=H[j+1]; b[2]=H[j+2]; b[3]=H[j+3];
- table[0][i]=pack(b);
- }
- for (i=1;i<128;i++)
- {
- c=0;
- for (j=0;j<NB;j++) {table[i][j]=c|(table[i-1][j])>>>1; c=table[i-1][j]<<31;}
- if (c!=0) table[i][0]^=0xE1000000; /* irreducible polynomial */
- }
- }
-
- private void gf2mul()
- { /* gf2m mul - Z=H*X mod 2^128 */
- int i,j,m,k;
- int[] P=new int[4];
- int c;
- byte[] b;//=new byte[4];
-
- P[0]=P[1]=P[2]=P[3]=0;
- j=8; m=0;
- for (i=0;i<128;i++)
- {
- c=(stateX[m]>>>(--j))&1;
- if (c!=0) for (k=0;k<NB;k++) P[k]^=table[i][k];
- if (j==0)
- {
- j=8; m++;
- if (m==16) break;
- }
- }
- for (i=j=0;i<NB;i++,j+=4)
- {
- b=unpack(P[i]);
- stateX[j]=b[0]; stateX[j+1]=b[1]; stateX[j+2]=b[2]; stateX[j+3]=b[3];
- }
- }
-
- private void wrap()
- { /* Finish off GHASH */
- int i,j;
- int[] F=new int[4];
- byte[] L=new byte[16];
- byte[] b;//=new byte[4];
-
-/* convert lengths from bytes to bits */
- F[0]=(lenA[0]<<3)|(lenA[1]&0xE0000000)>>>29;
- F[1]=lenA[1]<<3;
- F[2]=(lenC[0]<<3)|(lenC[1]&0xE0000000)>>>29;
- F[3]=lenC[1]<<3;
- for (i=j=0;i<NB;i++,j+=4)
- {
- b=unpack(F[i]);
- L[j]=b[0]; L[j+1]=b[1]; L[j+2]=b[2]; L[j+3]=b[3];
- }
- for (i=0;i<16;i++) stateX[i]^=L[i];
- gf2mul();
- }
-
-/* Initialize GCM mode */
- public void init(byte[] key,int niv,byte[] iv)
- { /* iv size niv is usually 12 bytes (96 bits). AES key size nk can be 16,24 or 32 bytes */
- int i;
- byte[] H=new byte[16];
- byte[] b;//=new byte[4];
-
- for (i=0;i<16;i++) {H[i]=0; stateX[i]=0;}
-
- a.init(AES.ECB,key,iv);
- a.ecb_encrypt(H); /* E(K,0) */
- precompute(H);
-
- lenA[0]=lenC[0]=lenA[1]=lenC[1]=0;
- if (niv==12)
- {
- for (i=0;i<12;i++) a.f[i]=iv[i];
- b=unpack((int)1);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* initialise IV */
- for (i=0;i<16;i++) Y_0[i]=a.f[i];
- }
- else
- {
- status=GCM_ACCEPTING_CIPHER;
- ghash(iv,niv); /* GHASH(H,0,IV) */
- wrap();
- for (i=0;i<16;i++) {a.f[i]=stateX[i];Y_0[i]=a.f[i];stateX[i]=0;}
- lenA[0]=lenC[0]=lenA[1]=lenC[1]=0;
- }
- status=GCM_ACCEPTING_HEADER;
- }
-
-/* Add Header data - included but not encrypted */
- public boolean add_header(byte[] header,int len)
- { /* Add some header. Won't be encrypted, but will be authenticated. len is length of header */
- int i,j=0;
- if (status!=GCM_ACCEPTING_HEADER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- stateX[i]^=header[j++];
- lenA[1]++; if (lenA[1]==0) lenA[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_ACCEPTING_CIPHER;
- return true;
- }
-
- private boolean ghash(byte[] plain,int len)
- {
- int i,j=0;
- int counter;
- // byte[] B=new byte[16];
- // byte[] b=new byte[4];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return false;
-
- while (j<len)
- {
- for (i=0;i<16 && j<len;i++)
- {
- stateX[i]^=plain[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return true;
- }
-
-/* Add Plaintext - included and encrypted */
- public byte[] add_plain(byte[] plain,int len)
- {
- int i,j=0;
- int counter;
- byte[] B=new byte[16];
- byte[] b=new byte[4];
- byte[] cipher=new byte[len];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return new byte[0];
-
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=pack(b);
- counter++;
- b=unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=a.f[i];
- a.ecb_encrypt(B); /* encrypt it */
-
- for (i=0;i<16 && j<len;i++)
- {
- cipher[j]=(byte)(plain[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return cipher;
- }
-
-/* Add Ciphertext - decrypts to plaintext */
- public byte[] add_cipher(byte[] cipher,int len)
- {
- int i,j=0;
- int counter;
- byte[] B=new byte[16];
- byte[] b=new byte[4];
- byte[] plain=new byte[len];
-
- if (status==GCM_ACCEPTING_HEADER) status=GCM_ACCEPTING_CIPHER;
- if (status!=GCM_ACCEPTING_CIPHER) return new byte[0];
-
- while (j<len)
- {
-
- b[0]=a.f[12]; b[1]=a.f[13]; b[2]=a.f[14]; b[3]=a.f[15];
- counter=pack(b);
- counter++;
- b=unpack(counter);
- a.f[12]=b[0]; a.f[13]=b[1]; a.f[14]=b[2]; a.f[15]=b[3]; /* increment counter */
- for (i=0;i<16;i++) B[i]=a.f[i];
- a.ecb_encrypt(B); /* encrypt it */
- for (i=0;i<16 && j<len;i++)
- {
- plain[j]=(byte)(cipher[j]^B[i]);
- stateX[i]^=cipher[j++];
- lenC[1]++; if (lenC[1]==0) lenC[0]++;
- }
- gf2mul();
- }
- if (len%16!=0) status=GCM_NOT_ACCEPTING_MORE;
- return plain;
- }
-
-/* Finish and extract Tag */
- public byte[] finish(boolean extract)
- { /* Finish off GHASH and extract tag (MAC) */
- int i;
- byte[] tag=new byte[16];
-
- wrap();
-/* extract tag */
- if (extract)
- {
- a.ecb_encrypt(Y_0); /* E(K,Y0) */
- for (i=0;i<16;i++) Y_0[i]^=stateX[i];
- for (i=0;i<16;i++) {tag[i]=Y_0[i];Y_0[i]=stateX[i]=0;}
- }
- status=GCM_FINISHED;
- a.end();
- return tag;
- }
-
- public static byte[] hex2bytes(String s) {
- int len = s.length();
- byte[] data = new byte[len / 2];
- for (int i = 0; i < len; i += 2) {
- data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
- + Character.digit(s.charAt(i+1), 16));
- }
- return data;
- }
-
-/*
- public static void main(String[] args) {
- int i;
-
- String KT="feffe9928665731c6d6a8f9467308308";
- String MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
- String HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
-// char* NT="cafebabefacedbaddecaf888";
-// Tag should be 5bc94fbc3221a5db94fae95ae7121a47
- String NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
-// Tag should be 619cc5aefffe0bfa462af43c1699d050
-
-
- byte[] T=new byte[16]; // Tag
- byte[] K=new byte[16]; // AES Key
- byte[] H=new byte[64]; // Header - to be included in Authentication, but not encrypted
- byte[] N=new byte[100]; // IV - Initialisation vector
- byte[] M=new byte[100]; // Plaintext to be encrypted/authenticated
- byte[] C=new byte[100]; // Ciphertext
- byte[] P=new byte[100]; // Recovered Plaintext
-
- GCM g=new GCM();
-
- M=hex2bytes(MT);
- H=hex2bytes(HT);
- N=hex2bytes(NT);
- K=hex2bytes(KT);
-
- int len=M.length;
- int lenH=H.length;
- int lenK=K.length;
- int lenIV=N.length;
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",M[i]);
- System.out.format("\n");
-
- g.init(K,lenIV,N);
- g.add_header(H,lenH);
- C=g.add_plain(M,len);
- T=g.finish(true);
-
- System.out.format("Ciphertext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",C[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
-
- g.init(K,lenIV,N);
- g.add_header(H,lenH);
- P=g.add_cipher(C,len);
- T=g.finish(true);
-
- System.out.format("Plaintext=\n");
- for (i=0;i<len;i++) System.out.format("%02x",P[i]);
- System.out.format("\n");
-
- System.out.format("Tag=\n");
- for (i=0;i<16;i++) System.out.format("%02x",T[i]);
- System.out.format("\n");
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/HASH.java
----------------------------------------------------------------------
diff --git a/java64/HASH.java b/java64/HASH.java
deleted file mode 100755
index 8a484c1..0000000
--- a/java64/HASH.java
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Implementation of the Secure Hashing Algorithm (SHA-256)
- *
- * Generates a 256 bit message digest. It should be impossible to come
- * come up with two messages that hash to the same value ("collision free").
- *
- * For use with byte-oriented messages only.
- */
-
-public class HASH {
- private int[] length=new int[2];
- private int[] h=new int[8];
- private int[] w=new int[64];
-
- public static final int H0=0x6A09E667;
- public static final int H1=0xBB67AE85;
- public static final int H2=0x3C6EF372;
- public static final int H3=0xA54FF53A;
- public static final int H4=0x510E527F;
- public static final int H5=0x9B05688C;
- public static final int H6=0x1F83D9AB;
- public static final int H7=0x5BE0CD19;
-
- public static final int len=32;
-
- public static final int[] K={
- 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
- 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
- 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
- 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
- 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
- 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
- 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
- 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2};
-
-
-/* functions */
- private static int S(int n,int x)
- {
- return (((x)>>>n) | ((x)<<(32-n)));
- }
-
- private static int R(int n,int x)
- {
- return ((x)>>>n);
- }
-
- private static int Ch(int x,int y,int z)
- {
- return ((x&y)^(~(x)&z));
- }
-
- private static int Maj(int x,int y,int z)
- {
- return ((x&y)^(x&z)^(y&z));
- }
-
- private static int Sig0(int x)
- {
- return (S(2,x)^S(13,x)^S(22,x));
- }
-
- private static int Sig1(int x)
- {
- return (S(6,x)^S(11,x)^S(25,x));
- }
-
- private static int theta0(int x)
- {
- return (S(7,x)^S(18,x)^R(3,x));
- }
-
- private static int theta1(int x)
- {
- return (S(17,x)^S(19,x)^R(10,x));
- }
-
-
- private void transform()
- { /* basic transformation step */
- int a,b,c,d,e,f,g,hh,t1,t2;
- int j;
- for (j=16;j<64;j++)
- w[j]=theta1(w[j-2])+w[j-7]+theta0(w[j-15])+w[j-16];
- a=h[0]; b=h[1]; c=h[2]; d=h[3];
- e=h[4]; f=h[5]; g=h[6]; hh=h[7];
-
- for (j=0;j<64;j++)
- { /* 64 times - mush it up */
- t1=hh+Sig1(e)+Ch(e,f,g)+K[j]+w[j];
- t2=Sig0(a)+Maj(a,b,c);
- hh=g; g=f; f=e;
- e=d+t1;
- d=c;
- c=b;
- b=a;
- a=t1+t2;
-
- }
- h[0]+=a; h[1]+=b; h[2]+=c; h[3]+=d;
- h[4]+=e; h[5]+=f; h[6]+=g; h[7]+=hh;
- }
-
-/* Initialise Hash function */
- public void init()
- { /* initialise */
- int i;
- for (i=0;i<64;i++) w[i]=0;
- length[0]=length[1]=0;
- h[0]=H0;
- h[1]=H1;
- h[2]=H2;
- h[3]=H3;
- h[4]=H4;
- h[5]=H5;
- h[6]=H6;
- h[7]=H7;
- }
-
-/* Constructor */
- public HASH()
- {
- init();
- }
-
-/* process a single byte */
- public void process(int byt)
- { /* process the next message byte */
- int cnt;
- cnt=(length[0]/32)%16;
-
- w[cnt]<<=8;
- w[cnt]|=(byt&0xFF);
- length[0]+=8;
- if (length[0]==0) { length[1]++; length[0]=0; }
- if ((length[0]%512)==0) transform();
- }
-
-/* process an array of bytes */
- public void process_array(byte[] b)
- {
- for (int i=0;i<b.length;i++) process((int)b[i]);
- }
-
-/* process a 32-bit integer */
- public void process_num(int n)
- {
- process((n>>24)&0xff);
- process((n>>16)&0xff);
- process((n>>8)&0xff);
- process(n&0xff);
- }
-
-/* Generate 32-byte Hash */
- public byte[] hash()
- { /* pad message and finish - supply digest */
- int i;
- byte[] digest=new byte[32];
- int len0,len1;
- len0=length[0];
- len1=length[1];
- process(0x80);
- while ((length[0]%512)!=448) process(0);
- w[14]=len1;
- w[15]=len0;
- transform();
- for (i=0;i<len;i++)
- { /* convert to bytes */
- digest[i]=(byte)((h[i/4]>>(8*(3-i%4))) & 0xff);
- }
- init();
- return digest;
- }
-
-/* test program: should produce digest */
-
-//248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
-/*
- public static void main(String[] args) {
- byte[] test="abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".getBytes();
- byte[] digest;
- int i;
- HASH sh=new HASH();
-
- for (i=0;i<test.length;i++)
- sh.process(test[i]);
-
- digest=sh.hash();
- for (i=0;i<32;i++) System.out.format("%02x",digest[i]);
-
- // for (i=0;i<32;i++) System.out.format("%d ",digest[i]);
-
- System.out.println("");
- } */
-}
-
[21/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/MPINAuth.js
----------------------------------------------------------------------
diff --git a/js/MPINAuth.js b/js/MPINAuth.js
deleted file mode 100755
index 7cacb65..0000000
--- a/js/MPINAuth.js
+++ /dev/null
@@ -1,517 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- MIRACL JavaScript M-Pin Authentication Functions
-
- Provides these functions:
-
- calculateMPinToken Calculates the MPin Token
-
- getLocalEntropy Gets an entropy value from the client machine
-
- initializeRNG Initialize the Random Number Generator
-
- addShares Add two points on the curve that are originally in hex format
-
- pass1Request Form the JSON request for pass one of the M-Pin protocol
-
- pass2Request Form the JSON request for pass two of the M-Pin protocol
-
- passRequest Form the JSON request for one pass M-Pin protocol
-
-*/
-
-/*
-
-Run LINT tool;
-
-jslint MPINAuth.js
-
-expected output;
-
-MPINAuth.js
- #1 Read only.
- MPINAuth = {}; // Line 61, Pos 1
- #2 Unexpected '('.
- if (typeof (window) === 'undefined') { // Line 134, Pos 16
- #3 Unexpected 'typeof'. Use '===' to compare directly with undefined.
- if (typeof (window) === 'undefined') { // Line 134, Pos 9
- #4 Unexpected '('.
- if (typeof (crypto) !== 'undefined') { // Line 139, Pos 16
- #5 Unexpected 'typeof'. Use '===' to compare directly with undefined.
- if (typeof (crypto) !== 'undefined') { // Line 139, Pos 9
-
-*/
-
-
-/*global MPIN */
-/*global MPINAuth */
-/*global RAND */
-/*global Uint32Array */
-/*jslint browser: true*/
-/*jslint plusplus: true */
-
-MPINAuth = {};
-
-// Random Number Generator
-MPINAuth.rng = new RAND();
-
-// Pass 1 values
-MPINAuth.SEC = [];
-MPINAuth.X = [];
-
-// Default value for debug output
-MPINAuth.DEBUG = false;
-
-// Errors
-MPINAuth.BAD_HEX = -20;
-MPINAuth.BAD_BYTES = -21;
-
-/* Calculates the MPin Token
-
- This function convert mpin_id _hex to unicode. It then maps the mpin_id
- to a point on the curve, multiplies this value by PIN and then subtracts
- it from the client_secret curve point to generate the M-Pin token.
-
- Args:
-
- PIN: Four digit PIN
- client_secret_hex: Hex encoded client secret
- mpin_id_hex: Hex encoded M-Pin ID
-
- Returns:
-
- mpin_token_hex: Hex encoded M-Pin Token
-
-*/
-MPINAuth.calculateMPinToken = function (mpin_id_hex, PIN, client_secret_hex) {
- "use strict";
- var client_secret_bytes, mpin_id_bytes, token_hex, error_code;
-
- client_secret_bytes = [];
- mpin_id_bytes = [];
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken client_secret_hex: " + client_secret_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken mpin_id_hex: " + mpin_id_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken PIN: " + PIN); }
-
- client_secret_bytes = MPINAuth.hextobytes(client_secret_hex);
- mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex);
-
- error_code = MPIN.EXTRACT_PIN(mpin_id_bytes, PIN, client_secret_bytes);
- if (error_code !== 0) {
- console.log("MPINAuth.calculateMPinToken error_code: " + error_code);
- return error_code;
- }
- token_hex = MPIN.bytestostring(client_secret_bytes);
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken token_hex: " + token_hex); }
- return token_hex;
-};
-
-/* Get local entropy
-
- This function makes a call to /dev/urandom for a 256 bit value
-
- Args:
-
- NA
-
- Returns:
-
- entropy_val: 256 bit random value or null
-
-*/
-MPINAuth.getLocalEntropy = function () {
- "use strict";
- var crypto, array, entropy_val, i, hex_val;
- if (typeof (window) === 'undefined') {
- if (MPINAuth.DEBUG) {console.log("MPINAuth.getLocalEntropy Test mode without browser"); }
- return "";
- }
- crypto = (window.crypto || window.msCrypto);
- if (typeof (crypto) !== 'undefined') {
- array = new Uint32Array(8);
- crypto.getRandomValues(array);
-
- entropy_val = "";
- for (i = 0; i < array.length; i++) {
- hex_val = array[i].toString(16);
- entropy_val = entropy_val + hex_val;
- }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.getLocalEntropy len(entropy_val): " + entropy_val.length + " entropy_val: " + entropy_val); }
- return entropy_val;
- }
- return "";
-};
-
-/* Initialize the Random Number Generator (RNG)
-
- This function uses an external and, where available, a
- local entropy source to initialize a RNG.
-
- Args:
-
- seed_value: External seed value for RNGTurn on generation of local entropy
-
- Returns:
-
-*/
-MPINAuth.initializeRNG = function (seed_hex) {
- "use strict";
- var local_entropy_hex, entropy_hex, entropy_bytes;
- local_entropy_hex = MPINAuth.getLocalEntropy();
- entropy_hex = local_entropy_hex + seed_hex;
- if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG seed_val_hex: " + seed_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG local_entropy_hex: " + local_entropy_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG entropy_hex: " + entropy_hex); }
-
- entropy_bytes = MPINAuth.hextobytes(entropy_hex);
-
- MPINAuth.rng.clean();
- MPINAuth.rng.seed(entropy_bytes.length, entropy_bytes);
-};
-
-/* Add two points on the curve that are originally in hex format
-
- This function is used to add client secret or time permits shares.
-
- Args:
-
- share1_hex: Hex encoded point on the curve which represents
- a time permit or client secret share
- share2_hex: Hex encoded point on the curve which represents
- a time permit or client secret share
-
- Returns:
-
- sum_hex: Hex encoded sum of the shares
-
-*/
-MPINAuth.addShares = function (share1_hex, share2_hex) {
- "use strict";
- var share1_bytes, share2_bytes, sum_bytes, error_code, sum_hex;
-
- share1_bytes = [];
- share2_bytes = [];
- sum_bytes = [];
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares share1_hex: " + share1_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares share2_hex: " + share2_hex); }
-
- share1_bytes = MPINAuth.hextobytes(share1_hex);
- share2_bytes = MPINAuth.hextobytes(share2_hex);
-
- error_code = MPIN.RECOMBINE_G1(share1_bytes, share2_bytes, sum_bytes);
- if (error_code !== 0) {
- console.log("MPINAuth.addShares error_code: " + error_code);
- return error_code;
- }
- sum_hex = MPIN.bytestostring(sum_bytes);
- if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares sum_hex: " + sum_hex); }
- return sum_hex;
-};
-
-
-/* Form the JSON request for pass one of the M-Pin protocol
-
- This function assigns to the property X a random value. It assigns to
- the property SEC the sum of the client secret and time permit. It also
- calculates the values U and UT which are required for M-Pin authentication,
- where U = X.(map_to_curve(MPIN_ID)) and UT = X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- UT is called the commitment. U is the required for finding the PIN error.
-
- Args:
-
- mpin_id_hex: Hex encoded M-Pin ID
- token_hex: Hex encoded M-Pin Token
- timePermit_hex: Hex encoded Time Permit
- PIN: PIN for authentication
- epoch_days: The number of epoch days.
- X_hex: X value generated externally. This is used for test.
-
- Returns:
-
- {
- mpin_id: mpin_id_hex,
- UT: UT_hex,
- U: U_hex,
- pass: 1
- }
-
- where;
-
- mpin_id: Hex encoded M-Pin ID
- UT: Hex encoded X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- U: Hex encoded X.(map_to_curve(MPIN_ID))
- pass: Protocol first pass
-
-*/
-MPINAuth.pass1Request = function (mpin_id_hex, token_hex, timePermit_hex, PIN, epoch_days, X_hex) {
- "use strict";
- var UT_hex, U_hex, date, error_code, mpin_id_bytes, token_bytes, timePermit_bytes, U, UT, request;
-
- mpin_id_bytes = [];
- token_bytes = [];
- timePermit_bytes = [];
- U = [];
- UT = [];
- request = {};
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request mpin_id_hex: " + mpin_id_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request token_hex: " + token_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request timePermit_hex: " + timePermit_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request PIN: " + PIN); }
- if (MPINAuth.DEBUG) {console.log("mpinAuth.pass1Request epoch_days: " + epoch_days); }
-
- // The following is used for test
- if (X_hex !== null) {
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request X: " + X_hex); }
- MPINAuth.X = MPINAuth.hextobytes(X_hex);
- MPINAuth.rng = null;
- }
-
- mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex);
- token_bytes = MPINAuth.hextobytes(token_hex);
- timePermit_bytes = MPINAuth.hextobytes(timePermit_hex);
-
- error_code = MPIN.CLIENT_1(epoch_days, mpin_id_bytes, MPINAuth.rng, MPINAuth.X, PIN, token_bytes, MPINAuth.SEC, U, UT, timePermit_bytes);
- if (error_code !== 0) {
- console.log("MPINAuth.pass1Request error_code: " + error_code);
- return error_code;
- }
- UT_hex = MPIN.bytestostring(UT);
- U_hex = MPIN.bytestostring(U);
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.rng: " + MPINAuth.rng); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.X: " + MPIN.bytestostring(MPINAuth.X)); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.SEC: " + MPIN.bytestostring(MPINAuth.SEC)); }
-
- // Form request
- request = {
- mpin_id: mpin_id_hex,
- UT: UT_hex,
- U: U_hex,
- pass: 1
- };
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request request: "); }
- if (MPINAuth.DEBUG) {console.dir(request); }
-
- return request;
-};
-
-
-/* Form the JSON request for pass two of the M-Pin protocol
-
- This function uses the random value y from the server, property X
- and the combined client secret and time permit to calculate
- the value V which is sent to the M-Pin server.
-
- Args:
-
- y_hex: Random value supplied by server
-
- Returns:
-
- {
- V: V_hex,
- OTP: requestOTP,
- WID: accessNumber,
- pass: 2
- }
-
- where;
-
- V: Value required by the server to authenticate user
- OTP: Request OTP: 1 = required
- WID: Number required for mobile authentication
- pass: Protocol second pass
-
-*/
-MPINAuth.pass2Request = function (y_hex, requestOTP, accessNumber) {
- "use strict";
-
- var y_bytes, x_hex, SEC_hex, error_code, V_hex, request;
-
- request = {};
-
- y_bytes = MPINAuth.hextobytes(y_hex);
- x_hex = MPIN.bytestostring(MPINAuth.X);
- SEC_hex = MPIN.bytestostring(MPINAuth.SEC);
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request x_hex: " + x_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request y_hex: " + y_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request SEC_hex: " + SEC_hex); }
-
- // Compute V
- error_code = MPIN.CLIENT_2(MPINAuth.X, y_bytes, MPINAuth.SEC);
- if (error_code !== 0) {
- console.log("MPINAuth.pass2Request error_code: " + error_code);
- return error_code;
- }
- V_hex = MPIN.bytestostring(MPINAuth.SEC);
-
- // Form reuest
- request = {
- V: V_hex,
- OTP: requestOTP,
- WID: accessNumber,
- pass: 2
- };
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request request: "); }
- if (MPINAuth.DEBUG) {console.dir(request); }
-
- return request;
-};
-
-
-/* Convert a hex representation of a Point to bytes
-
- This function converts a hex value to a bytes array
-
- Args:
-
- hex_value: Hex encoded byte value
-
- Returns:
-
- byte_value: Input value in bytes
-
-*/
-MPINAuth.hextobytes = function (value_hex) {
- "use strict";
- var len, byte_value, i;
-
- len = value_hex.length;
- byte_value = [];
-
- for (i = 0; i < len; i += 2) {
- byte_value[(i / 2)] = parseInt(value_hex.substr(i, 2), 16);
- }
- return byte_value;
-};
-
-
-/* Form the JSON request for single pass M-Pin protocol
-
- This function performs the client side M-Pin protocol
- It also calculates the values U and UT which are required for M-Pin authentication,
- where U = X.(map_to_curve(MPIN_ID)) and UT = X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- UT is called the commitment. U is the required for finding the PIN error.
-
- Args:
-
- mpin_id_hex: Hex encoded M-Pin ID
- token_hex: Hex encoded M-Pin Token
- timePermit_hex: Hex encoded Time Permit
- PIN: PIN for authentication
- requestOTP: Reqeuest a One Time Password
- accessNumber: Access number for desktop authentication
- timeValue: Epoch time
-
- Returns:
-
- {
- mpin_id: mpin_id_hex,
- U: U_hex,
- UT: UT_hex,
- V: V_hex,
- T: timeValue,
- OTP: requestOTP,
- WID: accessNumber
- }
-
- where;
-
- mpin_id: Hex encoded M-Pin ID
- U: Hex encoded X.(map_to_curve(MPIN_ID))
- UT: Hex encoded X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- V: Value required by the server to authenticate user
- T: Epoch time
- OTP: Request OTP: 1 = required
- WID: Number required for mobile authentication
-
-*/
-MPINAuth.passRequest = function (mpin_id_hex, token_hex, timePermit_hex, PIN, requestOTP, accessNumber, epoch_days, timeValue, X_hex) {
- "use strict";
- var X, Y, SEC, UT_hex, U_hex, date, error_code, mpin_id_bytes, token_bytes, timePermit_bytes, U, UT, V_hex, request;
-
- X = [];
- Y = [];
- SEC = [];
- mpin_id_bytes = [];
- token_bytes = [];
- timePermit_bytes = [];
- U = [];
- UT = [];
- request = {};
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest mpin_id_hex: " + mpin_id_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest token_hex: " + token_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest timePermit_hex: " + timePermit_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest PIN: " + PIN); }
- if (MPINAuth.DEBUG) {console.log("mpinAuth.passRequest timeValue: " + timeValue); }
-
- mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex);
- token_bytes = MPINAuth.hextobytes(token_hex);
-
- if (timePermit_hex === null) {
- date = 0;
- } else {
- timePermit_bytes = MPINAuth.hextobytes(timePermit_hex);
- date = epoch_days;
- }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest date: " + date); }
-
- // The following is used for test
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest X: " + X_hex); }
- if (X_hex !== null) {
- X = MPINAuth.hextobytes(X_hex);
- MPINAuth.rng = null;
- }
-
- error_code = MPIN.CLIENT(date, mpin_id_bytes, MPINAuth.rng, X, PIN, token_bytes, SEC, U, UT, timePermit_bytes, timeValue, Y);
- if (error_code !== 0) {
- console.log("MPINAuth.passRequest error_code: " + error_code);
- return error_code;
- }
- UT_hex = MPIN.bytestostring(UT);
- U_hex = MPIN.bytestostring(U);
- V_hex = MPIN.bytestostring(SEC);
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest MPINAuth.rng: " + MPINAuth.rng); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest X: " + MPIN.bytestostring(X)); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest Y: " + MPIN.bytestostring(Y)); }
-
- // Form request
- request = {
- mpin_id: mpin_id_hex,
- U: U_hex,
- UT: UT_hex,
- V: V_hex,
- T: timeValue,
- OTP: requestOTP,
- WID: accessNumber
- };
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest request: "); }
- if (MPINAuth.DEBUG) {console.dir(request); }
-
- return request;
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/PAIR.js
----------------------------------------------------------------------
diff --git a/js/PAIR.js b/js/PAIR.js
deleted file mode 100755
index e3a0628..0000000
--- a/js/PAIR.js
+++ /dev/null
@@ -1,506 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-var PAIR = {
-/* Line function */
- line: function(A,B,Qx,Qy)
- {
- var P=new ECP2();
- var a,b,c;
- var r=new FP12(1);
- P.copy(A);
-
- var ZZ=new FP2(P.getz()); //ZZ.copy(P.getz());
- ZZ.sqr();
- var D;
- if (A==B) D=A.dbl();
- else D=A.add(B);
- if (D<0) return r;
- var Z3=new FP2(A.getz()); //Z3.copy(A.getz());
- c=new FP4(0);
- var X,Y,T;
- if (D===0)
- { /* Addition */
- X=new FP2(B.getx()); //X.copy(B.getx());
- Y=new FP2(B.gety()); //Y.copy(B.gety());
- T=new FP2(P.getz()); //T.copy(P.getz());
-
- T.mul(Y);
- ZZ.mul(T);
-
- var NY=new FP2(P.gety()); /*NY.copy(P.gety());*/ NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T); //a.set(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- else
- { /* Doubling */
- X=new FP2(P.getx()); //X.copy(P.getx());
- Y=new FP2(P.gety()); //Y.copy(P.gety());
- T=new FP2(P.getx()); //T.copy(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X); //a.set(Z3,X);
- T.neg();
- ZZ.mul(T);
-
- ZZ.pmul(Qx);
-
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- r.set(a,b,c);
- return r;
- },
-
-/* Optimal R-ate pairing */
- ate: function(P,Q)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var A=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
-
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- }
- r.sqr();
- }
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
-
-/* R-ate fixup */
- r.conj();
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
-
- return r;
- },
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- ate2: function(P,Q,R,S)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var Sx=new FP(S.getx()); //Sx.copy(S.getx());
- var Sy=new FP(S.gety()); //Sy.copy(S.gety());
-
- var A=new ECP2();
- var B=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
-
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
-
-
-/* R-ate fixup */
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
-
- return r;
- },
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- fexp: function(m)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var r=new FP12(m); //r.copy(m);
- var x0,x1,x2,x3,x4,x5;
-
-/* Easy part of final exp */
- var lv=new FP12(r); //lv.copy(r);
- lv.inverse();
- r.conj();
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-
-/* Hard part of final exp */
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv); //x0.copy(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r); //x1.copy(r);
- x1.conj();
-
- x4=r.pow(x);
-
- x3=new FP12(x4); //x3.copy(x4);
- x3.frob(f);
- x2=x4.pow(x);
-
- x5=new FP12(x2); /*x5.copy(x2);*/ x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- return r;
- }
-};
-
-/* GLV method */
-PAIR.glv= function(e)
-{
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var u=[];
- var v=[];
- for (i=0;i<2;i++)
- {
- t.rcopy(ROM.CURVE_W[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.rcopy(ROM.CURVE_SB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
-};
-
-/* Galbraith & Scott Method */
-PAIR.gs= function(e)
-{
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var u=[];
- var v=[];
-
- for (i=0;i<4;i++)
- {
- t.rcopy(ROM.CURVE_WB[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
-
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.rcopy(ROM.CURVE_BB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
-};
-
-/* Multiply P by e in group G1 */
-PAIR.G1mul= function(P,e)
-{
- var R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- var np,nn;
- var Q=new ECP();
- Q.copy(P);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var bcru=new BIG(0); bcru.rcopy(ROM.CURVE_Cru);
- var cru=new FP(bcru);
- var t=new BIG(0);
- var u=PAIR.glv(e);
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Multiply P by e in group G2 */
-PAIR.G2mul= function(P,e)
-{
- var R;
- if (ROM.USE_GS_G2)
- {
- var Q=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
-
- var u=PAIR.gs(e);
- var t=new BIG(0);
- var i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
-
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.js */
-PAIR.GTpow= function(d,e)
-{
- var r;
- if (ROM.USE_GS_GT)
- {
- var g=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var t=new BIG(0);
- var i,np,nn;
- var u=PAIR.gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
-};
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-PAIR.GTmember= function(m)
-{
- if (m.isunity()) return false;
- var r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- r.copy(m); r.frob(f); r.frob(f);
- var w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/RAND.js
----------------------------------------------------------------------
diff --git a/js/RAND.js b/js/RAND.js
deleted file mode 100755
index 30b63d9..0000000
--- a/js/RAND.js
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-var RAND=function()
-{
-/* Cryptographically strong pseudo-random number generator */
- this.ira=[]; /* random number... */
- this.rndptr=0; /* ...array & pointer */
- this.borrow=0;
- this.pool_ptr=0;
- this.pool=[]; /* random pool */
- this.clean();
-};
-
-RAND.prototype=
-{
- NK:21,
- NJ:6,
- NV:8,
-
-/* Terminate and clean up */
- clean : function()
- {
- var i;
- for (i=0;i<32;i++) this.pool[i]=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- this.rndptr=0;
- this.borrow=0;
- this.pool_ptr=0;
- },
-
- sbrand: function()
- { /* Marsaglia & Zaman random number generator */
- var i,k;
- var pdiff,t; /* unsigned 32-bit */
-
- this.rndptr++;
- if (this.rndptr<this.NK) return this.ira[this.rndptr];
- this.rndptr=0;
- for (i=0,k=this.NK-this.NJ;i<this.NK;i++,k++)
- { /* calculate next NK values */
- if (k==this.NK) k=0;
- t=this.ira[k]>>>0;
- pdiff=(t - this.ira[i] - this.borrow)|0;
- pdiff>>>=0; /* This is seriously wierd shit. I got to do this to get a proper unsigned comparison... */
- if (pdiff<t) this.borrow=0;
- if (pdiff>t) this.borrow=1;
- this.ira[i]=(pdiff|0);
- }
- return this.ira[0];
- },
-
- sirand: function(seed)
- {
- var i,inn;
- var t,m=1;
- this.borrow=0;
- this.rndptr=0;
- seed>>>=0;
- this.ira[0]^=seed;
-
- for (i=1;i<this.NK;i++)
- { /* fill initialisation vector */
- inn=(this.NV*i)%this.NK;
- this.ira[inn]^=m; /* note XOR */
- t=m;
- m=(seed-m)|0;
- seed=t;
- }
-
- for (i=0;i<10000;i++) this.sbrand(); /* "warm-up" & stir the generator */
- },
-
- fill_pool: function()
- {
- var sh=new HASH();
- for (var i=0;i<128;i++) sh.process(this.sbrand());
- this.pool=sh.hash();
- this.pool_ptr=0;
- },
-
-/* Initialize RNG with some real entropy from some external source */
- seed: function(rawlen,raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- var i;
- var digest=[];
- var b=[];
- var sh=new HASH();
- this.pool_ptr=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- this.sirand(RAND.pack(b));
- }
- }
- this.fill_pool();
- },
-
-/* get random byte */
- getByte: function()
- {
- var r=this.pool[this.pool_ptr++];
- if (this.pool_ptr>=32) this.fill_pool();
- return (r&0xff);
- }
-};
-
-RAND.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff);
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/ROM.js
----------------------------------------------------------------------
diff --git a/js/ROM.js b/js/ROM.js
deleted file mode 100755
index 7a91844..0000000
--- a/js/ROM.js
+++ /dev/null
@@ -1,620 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-var ROM={
- NLEN: 11,
- BASEBITS: 24,
- CHUNK: 32,
- MODBYTES: 32,
- MODINV: 0.000000059604644775390625,
-
-/* Field Type */
- NOT_SPECIAL: 0,
- PSEUDO_MERSENNE: 1,
- MONTGOMERY_FRIENDLY: 3,
-
-/* Curve Type */
- WEIERSTRASS: 0,
- EDWARDS: 1,
- MONTGOMERY: 2,
-
- USE_GLV: false,
- USE_GS_G2: false,
- USE_GS_GT: true,
- GT_STRONG: false,
-
-/* Finite field support - for RSA, DH etc. */
- FF_BITS: 2048, /* Finite Field Size in bits - must be 256.2^n */
-
-/*** Enter Some Field details here ***/
-/* C25519 */
-// MODBITS: 255, /* Number of bits in Modulus */
-// MOD8: 5, /* Modulus mod 8 */
-
-/* NIST Curve */
-/* Brainpool */
-// MODBITS: 256,
-// MOD8: 7,
-
-/* BN */
- MODBITS: 254,
- MOD8: 3,
-
-/* MF254 */
-// MODBITS: 254,
-// MOD8: 7,
-
-/* MS255 */
-//MODBITS: 255,
-//MOD8: 3,
-
-/* MF256 */
-// MODBITS: 256,
-// MOD8: 7,
-
-/* MS256 */
-//MODBITS: 256,
-//MOD8: 3,
-
-/* ANSSI */
-// MODBITS: 256,
-// MOD8: 3,
-
-
-/* Specify Field here */
-
-/* C25519 */
-// MODTYPE: 1,
-// Modulus: [0xFFFFED,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-// MConst: 19,
-
-/* BNCX */
- MODTYPE:0,
- Modulus: [0x1B55B3,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- MConst:0x789E85,
-
-/* BN Curve */
-//MODTYPE:0,
-//Modulus: [0x13,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-//MConst:0x9435E5,
-
-/* BNT Curve */
-//MODTYPE:0,
-//Modulus: [0xB4A713,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-//MConst:0x14C4E5,
-
-/* BNT2 */
-//MODTYPE:0,
-//Modulus: [0x60A48B,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-//MConst:0x505CDD,
-
-/* NIST Modulus */
-// MODTYPE:0,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x1,0xFFFF00,0xFFFF],
-// MConst:0x1,
-
-/* MF254 Modulus */
-// MODTYPE:3,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-// MConst:0x3F81,
-
-/* MS255 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFD03,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//MConst:0x2FD,
-
-/* MS256 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFF43,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//MConst:0xBD,
-
-/* MF256 Modulus */
-//MODTYPE:3,
-//Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//MConst:0xFFA8,
-
-/* Brainpool Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E5377,0x481D1F,0x282013,0xD52620,0x3BF623,0x8D726E,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// MConst:0xFD89B9,
-
-/* ANSSI Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E9C03,0xF353D8,0x6DE8FC,0xABC8CA,0x61ADBC,0x435B39,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// MConst:0x4E1155,
-
-/* Specify Curve here */
-
-/* ED25519 Edwards */
-// CURVETYPE: 1,
-// CURVE_A : -1,
-// CURVE_B : [0x5978A3,0x4DCA13,0xAB75EB,0x4141D8,0x700A4D,0xE89800,0x797779,0x8CC740,0x6FFE73,0x6CEE2B,0x5203],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x25D51A,0x2D608F,0xB2C956,0x9525A7,0x2CC760,0xDC5C69,0x31FDD6,0xC0A4E2,0x6E53FE,0x36D3CD,0x2169],
-// CURVE_Gy: [0x666658,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x6666],
-
-/* Curve25519 */
-// CURVETYPE: 2,
-// CURVE_A : 486662,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* NIST Curve */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xD2604B,0x3C3E27,0xF63BCE,0xCC53B0,0x1D06B0,0x86BC65,0x557698,0xB3EBBD,0x3A93E7,0x35D8AA,0x5AC6],
-// CURVE_Order:[0x632551,0xCAC2FC,0x84F3B9,0xA7179E,0xE6FAAD,0xFFFFBC,0xFFFFFF,0xFFFFFF,0x0,0xFFFF00,0xFFFF],
-// CURVE_Gx :[0x98C296,0x3945D8,0xA0F4A1,0x2DEB33,0x37D81,0x40F277,0xE563A4,0xF8BCE6,0x2C4247,0xD1F2E1,0x6B17],
-// CURVE_Gy :[0xBF51F5,0x406837,0xCECBB6,0x6B315E,0xCE3357,0x9E162B,0x4A7C0F,0x8EE7EB,0x1A7F9B,0x42E2FE,0x4FE3],
-
-/* MF254 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFD08D,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Order:[0x8DF83F,0x19C4AF,0xC06FA4,0xDA375,0x818BEA,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Gx :[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xD4EBC,0xDF37F9,0x31AD65,0xF85119,0xB738E3,0x8AEBDF,0x75BD77,0x4AE15A,0x2E5601,0x3FD33B,0x140E],
-
-/* MF254 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x2701E5,0xD0FDAF,0x187C52,0xE3212,0x329A84,0x3F4E36,0xD50236,0x951D00,0xA4C335,0xE690D6,0x19F0],
-
-
-/* MF254 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -55790,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-// CURVE_Gx: [0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS255 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFAB46,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Order:[0x594AEB,0xAC983C,0xDFAB8F,0x3AD2B3,0x4A3828,0xFFFF86,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xCB44BA,0xFF6769,0xD1733,0xDDFDA6,0xB6C78C,0x7D177D,0xF9B2FF,0x921EBF,0xBA7833,0x6AC0ED,0x6F7A],
-
-/* MS255 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-//CURVE_Gx :[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x8736A0,0x255BD0,0x45BA2A,0xED445A,0x914B8A,0x47E552,0xDD8E0C,0xEC254C,0x7BB545,0x78534A,0x26CB],
-
-/* MS255 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -240222,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-// CURVE_Gx: [0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x51A825,0x202947,0x6020AB,0xEA265C,0x3C8275,0xFFFFE4,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xB56C77,0x6306C2,0xC10BF4,0x75894E,0x2C2F93,0xDD6BD0,0x6CCEEE,0xFC82C9,0xE466D7,0x1853C1,0x696F],
-
-/* MS256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-//CURVE_Gx :[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x1CADBA,0x6FB533,0x3F707F,0x824D30,0x2A6D63,0x46BFBE,0xB39FA0,0xA3D330,0x1276DB,0xB41E2A,0x7D0A],
-
-/* MS256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -61370,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-// CURVE_Gx: [0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MF256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x9857EB,0xC5E1A7,0x4B9D10,0xE6E507,0x517513,0xFFFFFC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x724D2A,0x954C2B,0x661007,0x8D94DC,0x6947EB,0xAE2895,0x26123D,0x7BABBA,0x1808CE,0x7C87BE,0x2088],
-
-/* MF256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xF3C908,0xA722F2,0x8D7DEA,0x8DFEA6,0xC05E64,0x1AACA0,0xF3DB2C,0xEAEBEE,0xCC4D5A,0xD4F8F8,0xDAD8],
-
-/* MF256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -54314,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-// CURVE_Gx: [0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* Brainpool */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xE92B04,0x8101FE,0x256AE5,0xAF2F49,0x93EBC4,0x76B7BF,0x733D0B,0xFE66A7,0xD84EA4,0x61C430,0x662C],
-// CURVE_Order:[0x4856A7,0xE8297,0xF7901E,0xB561A6,0x397AA3,0x8D718C,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// CURVE_Gx :[0x1305F4,0x91562E,0x2B79A1,0x7AAFBC,0xA142C4,0x6149AF,0xB23A65,0x732213,0xCFE7B7,0xEB3CC1,0xA3E8],
-// CURVE_Gy :[0x25C9BE,0xE8F35B,0x1DAB,0x39D027,0xBCB6DE,0x417E69,0xE14644,0x7F7B22,0x39C56D,0x6C8234,0x2D99],
-
-/* ANSSI */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x7BB73F,0xED967B,0x803075,0xE4B1A1,0xEC0C9A,0xC00FDF,0x754A44,0xD4ABA,0x28A930,0x3FCA54,0xEE35],
-// CURVE_Order:[0xD655E1,0xD459C6,0x941FFD,0x40D2BF,0xDC67E1,0x435B53,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// CURVE_Gx :[0x8F5CFF,0x7A2DD9,0x164C9,0xAF98B7,0x27D2DC,0x23958C,0x4749D4,0x31183D,0xC139EB,0xD4C356,0xB6B3],
-// CURVE_Gy :[0x62CFB,0x5A1554,0xE18311,0xE8E4C9,0x1C307,0xEF8C27,0xF0F3EC,0x1F9271,0xB20491,0xE0F7C8,0x6142],
-
-
-/* BNCX Curve */
-
- CURVETYPE:0,
- CURVE_A : 0,
- CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- CURVE_Order:[0xEB1F6D,0xC0A636,0xCEBE11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Bnx:[0xC012B1,0x3,0x4000],
- CURVE_Cru:[0x235C97,0x931794,0x5631E0,0x71EF87,0xBDDF64,0x3F1440,0xCA8,0x480000],
- CURVE_Fra:[0xC80EA3,0x83355,0x215BD9,0xF173F8,0x677326,0x189868,0x8AACA7,0xAFE18B,0x3A0164,0x82FA6,0x1359],
- CURVE_Frb:[0x534710,0x1BBC06,0xC0628D,0x269546,0xD863C7,0x4E3ABB,0xD9CDBC,0xDC53,0x3628A9,0xF7D062,0x10A6],
- CURVE_Pxa:[0xD2EC74,0x1CEEE4,0x26C085,0xA03E27,0x7C85BF,0x4BBB90,0xF5C3,0x358B25,0x53B256,0x2D2C70,0x1968],
- CURVE_Pxb:[0x29CFE1,0x8E8B2E,0xF47A5,0xC209C3,0x1B97B0,0x9743F8,0x37A8E9,0xA011C9,0x19F64A,0xB9EC3E,0x1466],
- CURVE_Pya:[0xBE09F,0xFCEBCF,0xB30CFB,0x847EC1,0x61B33D,0xE20963,0x157DAE,0xD81E22,0x332B8D,0xEDD972,0xA79],
- CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616],
- CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Gy :[0x1],
-
-// Arrays must be padded!
-
- CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]],
- CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0],
- [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0],
- [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]],
- CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]],
- [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-
-/* BNT Curve */
-/*
-CURVETYPE:0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0x30210D,0x777E8D,0x363A75,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Bnx:[0x4081,0x806000,0x4000],
-CURVE_Cru:[0x4FCD87,0x53D5AB,0x1FADEB,0xF2BAB1,0x4C82A5,0x4C976,0x476515,0x4801B1],
-CURVE_Fra:[0xC80022,0xD14EAD,0xE359F5,0xD6FACC,0x6C4904,0x3211BE,0xF190A1,0x4F6509,0xBBC439,0xA292C9,0x1328],
-CURVE_Frb:[0xECA6F1,0xEAB040,0xD764A7,0x3DF997,0x1E0C51,0xA3DEB0,0x450657,0xAAA6A1,0x5B3D15,0x7E489B,0x10D8],
-CURVE_Pxa:[0x8E65BB,0x87E228,0x13BE89,0x1CAA63,0xCC00AD,0x548B7C,0x325041,0xBCC055,0xC1339E,0x3FCD04,0x1448],
-CURVE_Pxb:[0xDBE2C0,0x888808,0x853A67,0xF81E34,0x957FE1,0x51B57B,0xA631A,0xDA3FC5,0x4EC302,0x46B338,0x87F],
-CURVE_Pya:[0x20CA1D,0x2C47E0,0xF36C20,0x7E8399,0x4CB416,0x9F72C9,0xC6E543,0x4A2C69,0x2B0BD7,0xC29C10,0x14E8],
-CURVE_Pyb:[0x6628F2,0x437C71,0xDC6BD8,0x67BCB7,0xA27E1,0x72681D,0xA82C75,0xEDEC18,0x454BD1,0xE2A462,0x17AF],
-CURVE_Gx :[0xB4A712,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x838403,0x430061,0x838426,0x824199,0x18121,0x60],[0x8101,0xC000,0x8001]],
-CURVE_SB:[[[0x840504,0x43C061,0x840427,0x824199,0x18121,0x60],[0x8101,0xC000,0x8001]],[[0x8101,0xC000,0x8001],[0xAC9D0A,0x347E2B,0xB2B64F,0x107131,0x875313,0xD5EFAE,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]]],
-CURVE_WB:[[0x80C080,0x406020,0x80C161,0x80C088,0x8060,0x20],[0x8C4A85,0x390408,0x6C36B5,0xA352DC,0xDEAD2F,0x58868E,0xDA4363,0x300120],[0x464583,0xDCB204,0x363B5A,0xD1A96E,0x6F5697,0xAC4347,0x6D21B1,0x180090],[0x814181,0x412020,0x814162,0x80C088,0x8060,0x20]],
-CURVE_BB:[[[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x8102,0xC000,0x8001]],[[0x8101,0xC000,0x8001],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]],[[0x8102,0xC000,0x8001],[0x8101,0xC000,0x8001],[0x8101,0xC000,0x8001],[0x8101,0xC000,0x8001]],[[0x4082,0x806000,0x4000],[0x10202,0x18000,0x10002],[0x2FA00A,0x76BE8D,0x35BA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x4082,0x806000,0x4000]]],
-
-*/
-
-/* BNT2 Curve */
-/*
-CURVETYPE:0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xAA2BF5,0x71A511,0x33D7FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Bnx:[0x608205,0x20100,0x4000],
-CURVE_Cru:[0x66BD33,0x274448,0xEFB50,0x301647,0x755B77,0xECF236,0xC3617B,0x480006],
-CURVE_Fra:[0xAEF062,0x68C973,0xE492B2,0x33C3BC,0xBCC69B,0x7F195B,0xF67FA3,0xBD0A41,0xE8CAB6,0xB8D29,0x124E],
-CURVE_Frb:[0xB1B429,0x736240,0x6D5600,0xF52D19,0x12CD48,0x50E726,0x18BBE6,0xFA43DE,0x268FF6,0xF8F517,0x11B1],
-CURVE_Pxa:[0x40A3C8,0x92399F,0x784ACC,0xE96611,0x35CDA4,0x61706B,0x7B0569,0x8279D7,0x93C631,0x17CF96,0x16FC],
-CURVE_Pxb:[0x549540,0x7A8AD8,0x61055,0xE6F651,0xDB6F7B,0xA95D17,0x565907,0x9C8188,0x597590,0xB500BD,0x1EB5],
-CURVE_Pya:[0x220513,0xECC514,0x7B147B,0x860E73,0x844A78,0x35F126,0x51B839,0x9D4DFA,0x1422AA,0xE49876,0x1E8E],
-CURVE_Pyb:[0x7CE78E,0x328F57,0x781FB9,0xE26FA5,0x7EB746,0x1FB8E2,0xA93DBC,0xA29D76,0xE33BDB,0xF4CDBA,0x23CE],
-CURVE_Gx :[0x60A48A,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x347083,0x6282A1,0x1D10B7,0x1399E,0x603,0x60],[0xC10409,0x40200,0x8000]],
-CURVE_SB:[[[0xF5748C,0x6684A1,0x1D90B7,0x1399E,0x603,0x60],[0xC10409,0x40200,0x8000]],[[0xC10409,0x40200,0x8000],[0x75BB72,0xF2270,0x16C744,0x267D9A,0xCF87DE,0xCFFFC1,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]]],
-CURVE_WB:[[0x70A224,0x72D48A,0x94592,0x688A,0x201,0x20],[0x30EF19,0x572CF0,0x721D5A,0x763543,0xA39651,0x48A1B9,0x8240FD,0x300004],[0x48B88F,0x2C96F8,0xB92EAD,0xBB1AA1,0xD1CB28,0xA450DC,0x41207E,0x180002],[0x31A62D,0x76D68B,0x9C592,0x688A,0x201,0x20]],
-CURVE_BB:[[[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0xC1040A,0x40200,0x8000]],[[0xC10409,0x40200,0x8000],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]],[[0xC1040A,0x40200,0x8000],[0xC10409,0x40200,0x8000],[0xC10409,0x40200,0x8000],[0xC10409,0x40200,0x8000]],[[0x608206,0x20100,0x4000],[0x820812,0x80401,0x10000],[0xE927EA,0x6DA310,0x3357FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x608206,0x20100,0x4000]]],
-*/
-
-/* BN Curve */
-/*
-CURVETYPE:0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xD,0x0,0x10A100,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Bnx:[0x1,0x0,0x4080],
-CURVE_Cru:[0x7,0x0,0x6CD80,0x0,0x90000,0x249,0x400000,0x49B362],
-CURVE_Fra:[0x2A6DE9,0xE6C06F,0xC2E17D,0x4D3F77,0x97492,0x953F85,0x50A846,0xB6499B,0x2E7C8C,0x761921,0x1B37],
-CURVE_Frb:[0xD5922A,0x193F90,0x50C582,0xB2C088,0x178B6D,0x6AC8DC,0x2F57B9,0x3EAB2,0xD18375,0xEE691E,0x9EB],
-CURVE_Pxa:[0xFD0CB4,0x2C7935,0x7C2BAB,0xE4FCC5,0xA5E319,0x763B05,0x24F6DF,0x335FB7,0x5EA7EA,0x4D4F5,0x95B],
-CURVE_Pxb:[0x962455,0x7D0790,0x5E38A0,0x3D27AA,0x6D86BE,0x47F39D,0x89E057,0x9D42BF,0x8347B4,0xD8A7C0,0x5D4],
-CURVE_Pya:[0x8A46C,0xCE687A,0x91F9AD,0xE98A41,0x82B30,0xB1F169,0x4C3784,0xA16D1C,0xE5313F,0x2ABF25,0xABF],
-CURVE_Pyb:[0xF306EC,0x88D405,0xA0E6DF,0x6ADD13,0x48207,0x9D6A5C,0x1E4781,0xB38627,0x79DABD,0x9A87E6,0x1876],
-CURVE_Gx :[0x12,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x3,0x0,0x20400,0x0,0x818000,0x61],[0x1,0x0,0x8100]],
-CURVE_SB:[[[0x4,0x0,0x28500,0x0,0x818000,0x61],[0x1,0x0,0x8100]],[[0x1,0x0,0x8100],[0xA,0x0,0xE9D00,0x0,0x1E0000,0x79E,0x800000,0xBA344D,0x1,0x648240,0x2523]]],
-CURVE_WB:[[0x0,0x0,0x4080,0x0,0x808000,0x20],[0x5,0x0,0x54A80,0x0,0x70000,0x1C7,0x800000,0x312241],[0x3,0x0,0x2C580,0x0,0x838000,0xE3,0xC00000,0x189120],[0x1,0x0,0xC180,0x0,0x808000,0x20]],
-CURVE_BB:[[[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x8100]],[[0x1,0x0,0x8100],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523]],[[0x2,0x0,0x8100],[0x1,0x0,0x8100],[0x1,0x0,0x8100],[0x1,0x0,0x8100]],[[0x2,0x0,0x4080],[0x2,0x0,0x10200],[0xA,0x0,0x102000,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x4080]]],
-
-*/
-
- debug: false,
-
-// HASH constants
-
- H0:0x6A09E667,
- H1:0xBB67AE85,
- H2:0x3C6EF372,
- H3:0xA54FF53A,
- H4:0x510E527F,
- H5:0x9B05688C,
- H6:0x1F83D9AB,
- H7:0x5BE0CD19,
-
- HK:[0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2],
-
-// AES constants
-
- ECB:0,
- CBC:1,
- CFB1:2,
- CFB2:3,
- CFB4:5,
- OFB1:14,
- OFB2:15,
- OFB4:17,
- OFB8:21,
- OFB16:29,
-
- InCo:[0xB,0xD,0x9,0xE], /* Inverse Coefficients */
- rco:[1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47],
-
- ptab:[
- 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
- 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
- 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
- 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
- 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
- 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
- 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
- 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
- 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
- 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
- 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
- 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
- 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
- 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
- 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
- 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
- ],
- ltab:[
- 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
- 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
- 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
- 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
- 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
- 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
- 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
- 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
- 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
- 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
- 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
- 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
- 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
- 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
- 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
- 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
- ],
- fbsub:[
- 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
- 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
- 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
- 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
- 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
- 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
- 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
- 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
- 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
- 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
- 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
- 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
- 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
- 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
- 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
- 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
- ],
- rbsub:[
- 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
- 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
- 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
- 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
- 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
- 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
- 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
- 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
- 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
- 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
- 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
- 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
- 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
- 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
- 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
- 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
- ],
- ftable:[
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
- ],
- rtable:[
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
- ],
-
-// GCM constants
-
- GCM_ACCEPTING_HEADER:0,
- GCM_ACCEPTING_CIPHER:1,
- GCM_NOT_ACCEPTING_MORE:2,
- GCM_FINISHED:3,
- GCM_ENCRYPTING:0,
- GCM_DECRYPTING:1
-
-};
-
-ROM.DNLEN=2*ROM.NLEN;
-ROM.MASK=(1<<ROM.BASEBITS)-1;
-
-ROM.TBITS=ROM.MODBITS%ROM.BASEBITS;
-ROM.OMASK=(-1)<<ROM.TBITS;
-ROM.TMASK=(1<<ROM.TBITS)-1;
-
-ROM.NEXCESS=(1<<(ROM.CHUNK-ROM.BASEBITS-1)); // 2^(CHUNK-BASEBITS-1)
-ROM.FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-ROM.MODBITS)); // 2^(BASEBITS*NLEN-MODBITS)
-
-ROM.FFLEN=(ROM.FF_BITS/256);
-ROM.HFLEN=(ROM.FFLEN/2); /* Useful for half-size RSA private key operations */
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/RSA.js
----------------------------------------------------------------------
diff --git a/js/RSA.js b/js/RSA.js
deleted file mode 100755
index 5b90770..0000000
--- a/js/RSA.js
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API Functions */
-
-var rsa_private_key=function(n)
-{
- this.p=new FF(n);
- this.q=new FF(n);
- this.dp=new FF(n);
- this.dq=new FF(n);
- this.c=new FF(n);
-};
-
-var rsa_public_key=function(m)
-{
- this.e=0;
- this.n=new FF(m);
-};
-
-
-
-RSA= {
- RFS: ROM.MODBYTES*ROM.FFLEN,
-
- bytestohex: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- bytestostring: function(b)
- {
- var s="";
- for (var i=0;i<b.length;i++)
- {
- s+=String.fromCharCode(b[i]);
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
-
- KEY_PAIR: function(rng,e,PRIV,PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- // var m,r,bytes,hbytes,words,err,res=0;
- var n=PUB.n.length>>1;
- var t = new FF(n);
- var p1=new FF(n);
- var q1=new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng)) PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng)) PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()===0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()===0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- },
-
-/* Mask Generation Function */
- MGF1: function(Z,olen,K)
- {
- var H=new HASH();
- var i,hlen=H.len;
- var B=[];
-
- var counter,cthreshold,k=0;
- for (i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter);
- B=H.hash();
-
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- },
-
- /* OAEP Message Encoding for Encryption */
- OAEP_ENCODE: function(m,rng,p)
- {
- var i,slen,olen=RSA.RFS-1;
- var mlen=m.length;
- var hlen,seedlen;
- var f=[];
-
- var H=new HASH();
- hlen=H.len;
- var SEED=[];
- seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) return null;
-
- var DBMASK=[];
-
- if (p!==null) H.process_array(p);
- var h=H.hash();
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=rng.getByte();
- this.MGF1(SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
- this.MGF1(DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- var d=1;
- for (i=RSA.RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- },
-
- /* OAEP Message Decoding for Decryption */
- OAEP_DECODE: function(p,f)
- {
- var x,t;
- var comp;
- var i,k,olen=RSA.RFS-1;
- var hlen,seedlen;
-
- var H=new HASH();
- hlen=H.len;
- var SEED=[];
- seedlen=hlen;
- var CHASH=[];
- seedlen=hlen=32;
- if (olen<seedlen+hlen+1) return null;
- var DBMASK=[];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RSA.RFS)
- {
- var d=RSA.RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- if (p!==null) H.process_array(p);
- var h=H.hash();
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- this.MGF1(DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- this.MGF1(SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return null;
- if (DBMASK[k]!==0) break;
- }
-
- t=DBMASK[k];
- if (!comp || x!==0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return null;
- }
-
- var r=[];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- },
-
- /* destroy the Private Key structure */
- PRIVATE_KEY_KILL: function(PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- },
-
- /* RSA encryption with the public key */
- ENCRYPT: function(PUB,F,G)
- {
- var n=PUB.n.getlen();
- var f=new FF(n);
-
- FF.fromBytes(f,F);
- f.power(PUB.e,PUB.n);
- f.toBytes(G);
- },
-
- /* RSA decryption with the private key */
- DECRYPT: function(PRIV,G,F)
- {
- var n=PRIV.p.getlen();
- var g=new FF(2*n);
-
- FF.fromBytes(g,G);
- var jp=g.dmod(PRIV.p);
- var jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- var t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestECDH.html
----------------------------------------------------------------------
diff --git a/js/TestECDH.html b/js/TestECDH.html
deleted file mode 100644
index 6c57021..0000000
--- a/js/TestECDH.html
+++ /dev/null
@@ -1,137 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test ECC</title>
-</head>
-<body>
-<h1>JavaScript Test ECC Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="HASH.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="ECDH.js"></script>
-
-<script>
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
- var i,j=0,res;
- var result;
- var pp="M0ng00se";
-
- var EGS=ECDH.EGS;
- var EFS=ECDH.EFS;
- var EAS=16;
-
- var S1=[];
- var W0=[];
- var W1=[];
- var Z0=[];
- var Z1=[];
- var RAW=[];
- var SALT=[];
- var P1=[];
- var P2=[];
- var V=[];
- var M=[];
- var T=new Array(12); // must specify required length
- var CS=[];
- var DS=[];
-
- var rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=i;
-
- rng.seed(100,RAW);
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt
-
- window.document.write("Alice's Passphrase= " + pp + "<br>");
-
- var PW=ECDH.stringtobytes(pp);
-/* private key S0 of size EGS bytes derived from Password and Salt */
- var S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>");
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>");
- window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- var same=true;
- for (i=0;i<ECDH.EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- alert("*** ECPSVDP-DH Failed");
-
- var KEY=ECDH.KDF1(Z0,ECDH.EAS);
-
- window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
- window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
-
- window.document.write("Testing ECIES"+ "<br>");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=i;
-
- var C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T);
-
- window.document.write("Ciphertext= "+ "<br>");
- window.document.write("V= 0x"+ECDH.bytestostring(V)+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(C)+ "<br>");
- window.document.write("T= 0x"+ECDH.bytestostring(T)+ "<br>");
-
-
- M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1);
- if (M.length==0)
- alert("*** ECIES Decryption Failed ");
- else window.document.write("Decryption succeeded"+ "<br>");
-
- window.document.write("Message is 0x"+ECDH.bytestostring(M)+ "<br>");
-
-
- window.document.write("Testing ECDSA"+ "<br>");
-
- if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS)!=0)
- alert("***ECDSA Signature Failed");
-
- window.document.write("Signature= "+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(CS)+ "<br>");
- window.document.write("D= 0x"+ECDH.bytestostring(DS)+ "<br>");
-
- if (ECDH.ECPVP_DSA(W0,M,CS,DS)!=0)
- alert("***ECDSA Verification Failed");
- else window.document.write("ECDSA Signature/Verification succeeded "+ j+ "<br>");
-//}
-//window.document.write("Test Completed Successfully"+ "<br>");
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestECM.html
----------------------------------------------------------------------
diff --git a/js/TestECM.html b/js/TestECM.html
deleted file mode 100644
index 2010378..0000000
--- a/js/TestECM.html
+++ /dev/null
@@ -1,95 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test ECC</title>
-</head>
-<body>
-<h1>JavaScript Test ECC Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="HASH.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="ECDH.js"></script>
-
-<script>
-/* test driver and function exerciser for ECDH API Functions only - for use with Montgpmery curves */
- var i,j=0,res;
- var result;
- var pp="M0ng00se";
-
- var EGS=ECDH.EGS;
- var EFS=ECDH.EFS;
- var EAS=16;
-
- var S1=[];
- var W0=[];
- var W1=[];
- var Z0=[];
- var Z1=[];
- var RAW=[];
- var SALT=[];
-
- var rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=i;
-
- rng.seed(100,RAW);
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt
-
- window.document.write("Alice's Passphrase= " + pp + "<br>");
-
- var PW=ECDH.stringtobytes(pp);
-/* private key S0 of size EGS bytes derived from Password and Salt */
- var S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>");
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- alert("Alice's public Key is invalid!");
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>");
- window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- alert("Server's public Key is invalid!");
-
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- var same=true;
- for (i=0;i<ECDH.EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- alert("*** ECPSVDP-DH Failed");
-
- var KEY=ECDH.KDF1(Z0,ECDH.EAS);
-
- window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
- window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
-
-//}
-//window.document.write("Test Completed Successfully"+ "<br>");
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestMPIN.html
----------------------------------------------------------------------
diff --git a/js/TestMPIN.html b/js/TestMPIN.html
deleted file mode 100644
index 790880d..0000000
--- a/js/TestMPIN.html
+++ /dev/null
@@ -1,310 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test MPIN</title>
-</head>
-<body>
-<h1>JavaScript Test MPIN Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="HASH.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="FP2.js"></script>
-<script type="text/javascript" src="ECP2.js"></script>
-<script type="text/javascript" src="FP4.js"></script>
-<script type="text/javascript" src="FP12.js"></script>
-<script type="text/javascript" src="PAIR.js"></script>
-<script type="text/javascript" src="MPIN.js"></script>
-
-<script>
-/* test driver and function exerciser for MPIN API Functions */
-
- var i,res;
- var result;
-
- var EGS=MPIN.EGS;
- var EFS=MPIN.EFS;
- var EAS=16;
-
- var rng=new RAND();
- rng.clean();
-
- var RAW=[];
- for (i=0;i<100;i++) RAW[i]=i+1;
- rng.seed(100,RAW);
-
- var G1S=2*EFS+1; /* Group 1 Size */
- var G2S=4*EFS; /* Group 2 Size */
-
- var S=[];
- var SST=[];
- var TOKEN = [];
- var PERMIT = [];
- var SEC = [];
- var xID = [];
- var xCID = [];
- var X= [];
- var Y= [];
- var E=[];
- var F=[];
- var HCID=[];
- var HID=[];
- var HTID=[];
-
- var G1=[];
- var G2=[];
- var R=[];
- var Z=[];
- var W=[];
- var T=[];
- var CK=[];
- var SK=[];
-
-/* Set configuration */
- var PERMITS=true;
- var PINERROR=true;
- var FULL=false;
- var ONE_PASS=false;
- var TIME_FUNCTIONS=false;
- var total_time=0;
- var nIter=100
-
-/* Trusted Authority set-up */
- MPIN.RANDOM_GENERATE(rng,S);
- window.document.write("Master Secret s: 0x"+MPIN.bytestostring(S) + "<br>");
-
- /* Create Client Identity */
- var IDstr = "testUser@miracl.com";
- var CLIENT_ID = MPIN.stringtobytes(IDstr);
- HCID=MPIN.HASH_ID(CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- window.document.write("Client ID= "+MPIN.bytestostring(CLIENT_ID) + "<br>");
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- window.document.write("Server Secret SS: 0x"+MPIN.bytestostring(SST) + "<br>");
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- window.document.write("Client Secret CS: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
-/* Client extracts PIN from secret to create Token */
- var pin=1234;
- window.document.write("Client extracts PIN= "+pin + "<br>");
- var rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- window.document.write("Failed to extract PIN " + "<br>");
-
- window.document.write("Client Token TK: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
-
- var date;
- if (PERMITS)
- {
- date=MPIN.today();
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT);
- window.document.write("Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- window.document.write("Encoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- MPIN.DECODING(PERMIT);
- window.document.write("Decoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- }
- else date=0;
-
-
- pin=parseInt(prompt("Enter PIN= "));
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
- var pxID=xID;
- var pxCID=xCID;
- var pHID=HID;
- var pHTID=HTID;
- var pE=E;
- var pF=F;
- var pPERMIT=PERMIT;
- var prHID;
-
- if (date!=0)
- {
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- pHID=null;
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (ONE_PASS)
- {
- window.document.write("MPIN Single Pass " + "<br>");
- timeValue = MPIN.GET_TIME();
- window.document.write("Epoch " + timeValue + "<br>");
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- var end = new Date().getTime();
- var t1 = end - start;
- total_time = total_time + t1;
- var iter_time = t1 / nIter;
- var iter_per_sec = nIter / (t1 / 1000);
- window.document.write("MPIN.CLIENT: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z);
- }
- var end = new Date().getTime();
- var t2 = end - start;
- total_time = total_time + t2;
- var iter_time = t2 / nIter;
- var iter_per_sec = nIter / (t2 / 1000);
- window.document.write("MPIN.GET_G1_MULTIPLE: time " + t2 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
- }
-
- rtn=MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- window.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>");
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- window.document.write("MPIN Multi Pass " + "<br>");
- rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>");
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = NULL */
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- window.document.write("FAILURE: SERVER_1 rtn: " + rtn+ "<br>");
-
- }
-
-
- if (rtn == this.MPIN.BAD_PIN)
- {
- window.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>");
- if (PINERROR)
- {
- var err=MPIN.KANGAROO(E,F);
- if (err!=0) window.document.write("(Client PIN is out by "+err + ")<br>");
- }
- }
- else
- {
- window.document.write("Server says - PIN is good! You really are "+IDstr + "<br>");
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- }
- var end = new Date().getTime();
- var t3 = end - start;
- total_time = total_time + t3;
- var iter_time = t3 / nIter;
- var iter_per_sec = nIter / (t3 / 1000);
- window.document.write("MPIN.CLIENT_KEY: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- }
- window.document.write("Client Key = 0x"+MPIN.bytestostring(CK) + "<br>");
-
- MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK);
- window.document.write("Server Key = 0x"+MPIN.bytestostring(SK) + "<br>");
- }
- }
- // var iter_time = total_time / nIter;
- // var iter_per_sec = nIter / (total_time / 1000);
- // window.document.write("CLIENT: total time " + total_time + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
-
-
-</script>
-</body>
-</html>
[40/51] [partial] incubator-milagro-crypto git commit: update code
Posted by br...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/DBIG.cs
----------------------------------------------------------------------
diff --git a/cs/DBIG.cs b/cs/DBIG.cs
deleted file mode 100644
index 935fc52..0000000
--- a/cs/DBIG.cs
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL double length DBIG number class */
-
-public class DBIG
-{
- protected internal long[] w = new long[ROM.DNLEN];
-
-/* Constructors */
- public DBIG(int x)
- {
- w[0] = x;
- for (int i = 1;i < ROM.DNLEN;i++)
- {
- w[i] = 0;
- }
- }
-
- public DBIG(DBIG x)
- {
- for (int i = 0;i < ROM.DNLEN;i++)
- {
- w[i] = x.w[i];
- }
- }
-
- public DBIG(BIG x)
- {
- for (int i = 0;i < ROM.NLEN - 1;i++)
- {
- w[i] = x.get(i);
- }
-
- w[ROM.NLEN - 1] = x.get(ROM.NLEN - 1) & ROM.MASK; // top word normalized
- w[ROM.NLEN] = x.get(ROM.NLEN - 1) >> ROM.BASEBITS;
-
- for (int i = ROM.NLEN + 1;i < ROM.DNLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* get and set digits of this */
- public virtual long get(int i)
- {
- return w[i];
- }
-
- public virtual void set(int i, long x)
- {
- w[i] = x;
- }
-
- public virtual void inc(int i, long x)
- {
- w[i] += x;
- }
-
-/* test this=0? */
- public virtual bool iszilch()
- {
- for (int i = 0;i < ROM.DNLEN;i++)
- {
- if (w[i] != 0)
- {
- return false;
- }
- }
- return true;
- }
-
-/* normalise this */
- public virtual void norm()
- {
- long d , carry = 0;
- for (int i = 0;i < ROM.DNLEN - 1;i++)
- {
- d = w[i] + carry;
- w[i] = d & ROM.MASK;
- carry = d >> ROM.BASEBITS;
- }
- w[ROM.DNLEN - 1] = (w[ROM.DNLEN - 1] + carry);
- }
-
-/* shift this right by k bits */
- public virtual void shr(int k)
- {
- int n = k % ROM.BASEBITS;
- int m = k / ROM.BASEBITS;
- for (int i = 0;i < ROM.DNLEN - m - 1;i++)
- {
- w[i] = (w[m + i] >> n) | ((w[m + i + 1] << (ROM.BASEBITS - n)) & ROM.MASK);
- }
- w[ROM.DNLEN - m - 1] = w[ROM.DNLEN - 1] >> n;
- for (int i = ROM.DNLEN - m;i < ROM.DNLEN;i++)
- {
- w[i] = 0;
- }
- }
-
-/* shift this left by k bits */
- public virtual void shl(int k)
- {
- int n = k % ROM.BASEBITS;
- int m = k / ROM.BASEBITS;
-
- w[ROM.DNLEN - 1] = ((w[ROM.DNLEN - 1 - m] << n)) | (w[ROM.DNLEN - m - 2]>>(ROM.BASEBITS - n));
- for (int i = ROM.DNLEN - 2;i > m;i--)
- {
- w[i] = ((w[i - m] << n) & ROM.MASK) | (w[i - m - 1]>>(ROM.BASEBITS - n));
- }
- w[m] = (w[0] << n) & ROM.MASK;
- for (int i = 0;i < m;i++)
- {
- w[i] = 0;
- }
- }
-
-/* return number of bits in this */
- public virtual int nbits()
- {
- int bts , k = ROM.DNLEN - 1;
- long c;
- norm();
- while (w[k] == 0 && k >= 0)
- {
- k--;
- }
- if (k < 0)
- {
- return 0;
- }
- bts = ROM.BASEBITS * k;
- c = w[k];
- while (c != 0)
- {
- c /= 2;
- bts++;
- }
- return bts;
- }
-
-/* convert this to string */
- public override string ToString()
- {
- DBIG b;
- string s = "";
- int len = nbits();
- if (len % 4 == 0)
- {
- len >>= 2; //len/=4;
- }
- else
- {
- len >>= 2;
- len++;
- }
-
- for (int i = len - 1;i >= 0;i--)
- {
- b = new DBIG(this);
- b.shr(i * 4);
- s += (b.w[0] & 15).ToString("x");
- }
- return s;
- }
-
-/* return this+x */
-/*
- public DBIG plus(DBIG x) {
- DBIG s=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- s.w[i]=w[i]+x.w[i];
- return s;
- }
-*/
-/* return this-x */
-/*
- public DBIG minus(DBIG x) {
- DBIG d=new DBIG(0);
- for (int i=0;i<ROM.DNLEN;i++)
- d.w[i]=w[i]-x.w[i];
- return d;
- }
-*/
-/* this+=x */
- public virtual void add(DBIG x)
- {
- for (int i = 0;i < ROM.DNLEN;i++)
- {
- w[i] += x.w[i];
- }
- }
-
-/* this-=x */
- public virtual void sub(DBIG x)
- {
- for (int i = 0;i < ROM.DNLEN;i++)
- {
- w[i] -= x.w[i];
- }
- }
-
-/* set this[i]+=x*y+c, and return high part */
-/* This is time critical */
-/* What if you knew the bottom half in advance ?? */
- public virtual long muladd(long a, long b, long c, int i)
- {
- long x0, x1, y0, y1;
- x0 = a & ROM.HMASK;
- x1 = (a >> ROM.HBITS);
- y0 = b & ROM.HMASK;
- y1 = (b >> ROM.HBITS);
- long bot = x0 * y0;
- long top = x1 * y1;
- long mid = x0 * y1 + x1 * y0;
- x0 = mid & ROM.HMASK;
- x1 = (mid >> ROM.HBITS);
- bot += x0 << ROM.HBITS;
- bot += c;
- bot += w[i];
- top += x1;
- long carry = bot >> ROM.BASEBITS;
- bot &= ROM.MASK;
- top += carry;
- w[i] = bot;
- return top;
- }
-
-/* Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised */
- public static int comp(DBIG a, DBIG b)
- {
- for (int i = ROM.DNLEN - 1;i >= 0;i--)
- {
- if (a.w[i] == b.w[i])
- {
- continue;
- }
- if (a.w[i] > b.w[i])
- {
- return 1;
- }
- else
- {
- return -1;
- }
- }
- return 0;
- }
-
-/* reduces this DBIG mod a BIG, and returns the BIG */
- public virtual BIG mod(BIG c)
- {
- int k = 0;
- norm();
- DBIG m = new DBIG(c);
-
- if (comp(this,m) < 0)
- {
- return new BIG(this);
- }
-
- do
- {
- m.shl(1);
- k++;
- } while (comp(this,m) >= 0);
-
- while (k > 0)
- {
- m.shr(1);
- if (comp(this,m) >= 0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return new BIG(this);
- }
-
-/* reduces this DBIG mod a DBIG in place */
-/* public void mod(DBIG m)
- {
- int k=0;
- if (comp(this,m)<0) return;
-
- do
- {
- m.shl(1);
- k++;
- }
- while (comp(this,m)>=0);
-
- while (k>0)
- {
- m.shr(1);
- if (comp(this,m)>=0)
- {
- sub(m);
- norm();
- }
- k--;
- }
- return;
-
- }*/
-
-/* return this/c */
- public virtual BIG div(BIG c)
- {
- int k = 0;
- DBIG m = new DBIG(c);
- BIG a = new BIG(0);
- BIG e = new BIG(1);
- norm();
-
- while (comp(this,m) >= 0)
- {
- e.fshl(1);
- m.shl(1);
- k++;
- }
-
- while (k > 0)
- {
- m.shr(1);
- e.shr(1);
- if (comp(this,m) > 0)
- {
- a.add(e);
- a.norm();
- sub(m);
- norm();
- }
- k--;
- }
- return a;
- }
-
-/* split DBIG at position n, return higher half, keep lower half */
- public virtual BIG Split(int n)
- {
- BIG t = new BIG(0);
- int m = n % ROM.BASEBITS;
- long nw , carry = w[ROM.DNLEN - 1] << (ROM.BASEBITS - m);
-
- for (int i = ROM.DNLEN - 2;i >= ROM.NLEN - 1;i--)
- {
- nw = (w[i] >> m) | carry;
- carry = (w[i] << (ROM.BASEBITS - m)) & ROM.MASK;
- t.set(i - ROM.NLEN + 1,nw);
- }
- w[ROM.NLEN - 1] &= (((long)1 << m) - 1);
- return t;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/ECDH.cs
----------------------------------------------------------------------
diff --git a/cs/ECDH.cs b/cs/ECDH.cs
deleted file mode 100644
index f63dff1..0000000
--- a/cs/ECDH.cs
+++ /dev/null
@@ -1,778 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve API high-level functions */
-
-public sealed class ECDH
-{
- public const int INVALID_PUBLIC_KEY = -2;
- public const int ERROR = -3;
- public const int INVALID = -4;
- public static readonly int EFS = ROM.MODBYTES;
- public static readonly int EGS = ROM.MODBYTES;
- public static readonly int EAS = AES.KS;
- public static readonly int EBS = AES.BS;
-
-/* Convert Integer to n-byte array */
- private static sbyte[] inttoBytes(int n, int len)
- {
- int i;
- sbyte[] b = new sbyte[len];
-
- for (i = 0;i < len;i++)
- {
- b[i] = 0;
- }
- i = len;
- while (n > 0 && i > 0)
- {
- i--;
- b[i] = unchecked((sbyte)(n & 0xff));
- n /= 256;
- }
- return b;
- }
-
-/* Key Derivation Functions */
-/* Input octet Z */
-/* Output key of length olen */
- public static sbyte[] KDF1(sbyte[] Z, int olen)
- {
-/* NOTE: the parameter olen is the length of the output K in bytes */
- HASH H = new HASH();
- int hlen = HASH.len;
- sbyte[] K = new sbyte[olen];
-
- sbyte[] B;
- int counter , cthreshold , k = 0;
-
- for (int i = 0;i < K.Length;i++)
- {
- K[i] = 0;
- }
-
- cthreshold = olen / hlen;
- if (olen % hlen != 0)
- {
- cthreshold++;
- }
-
- for (counter = 0;counter < cthreshold;counter++)
- {
- H.process_array(Z);
- if (counter > 0)
- {
- H.process_num(counter);
- }
- B = H.hash();
- if (k + hlen > olen)
- {
- for (int i = 0;i < olen % hlen;i++)
- {
- K[k++] = B[i];
- }
- }
- else
- {
- for (int i = 0;i < hlen;i++)
- {
- K[k++] = B[i];
- }
- }
- }
- return K;
- }
-
- public static sbyte[] KDF2(sbyte[] Z, sbyte[] P, int olen)
- {
-/* NOTE: the parameter olen is the length of the output k in bytes */
- HASH H = new HASH();
- int hlen = HASH.len;
- sbyte[] K = new sbyte[olen];
-
- sbyte[] B = new sbyte[hlen];
- int counter , cthreshold , k = 0;
-
- for (int i = 0;i < K.Length;i++)
- {
- K[i] = 0;
- }
-
- cthreshold = olen / hlen;
- if (olen % hlen != 0)
- {
- cthreshold++;
- }
-
- for (counter = 1;counter <= cthreshold;counter++)
- {
- H.process_array(Z);
- H.process_num(counter);
- H.process_array(P);
- B = H.hash();
- if (k + hlen > olen)
- {
- for (int i = 0;i < olen % hlen;i++)
- {
- K[k++] = B[i];
- }
- }
- else
- {
- for (int i = 0;i < hlen;i++)
- {
- K[k++] = B[i];
- }
- }
- }
- return K;
- }
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
- public static sbyte[] PBKDF2(sbyte[] Pass, sbyte[] Salt, int rep, int olen)
- {
- int i, j, k, d, opt;
- d = olen / 32;
- if (olen % 32 != 0)
- {
- d++;
- }
- sbyte[] F = new sbyte[EFS];
- sbyte[] U = new sbyte[EFS];
- sbyte[] S = new sbyte[Salt.Length + 4];
-
- sbyte[] K = new sbyte[d * EFS];
- opt = 0;
-
- for (i = 1;i <= d;i++)
- {
- for (j = 0;j < Salt.Length;j++)
- {
- S[j] = Salt[j];
- }
- sbyte[] N = inttoBytes(i,4);
- for (j = 0;j < 4;j++)
- {
- S[Salt.Length + j] = N[j];
- }
-
- HMAC(S,Pass,F);
-
- for (j = 0;j < EFS;j++)
- {
- U[j] = F[j];
- }
- for (j = 2;j <= rep;j++)
- {
- HMAC(U,Pass,U);
- for (k = 0;k < EFS;k++)
- {
- F[k] ^= U[k];
- }
- }
- for (j = 0;j < EFS;j++)
- {
- K[opt++] = F[j];
- }
- }
- sbyte[] key = new sbyte[olen];
- for (i = 0;i < olen;i++)
- {
- key[i] = K[i];
- }
- return key;
- }
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
- public static int HMAC(sbyte[] M, sbyte[] K, sbyte[] tag)
- {
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int b;
- sbyte[] B;
- sbyte[] K0 = new sbyte[64];
- int olen = tag.Length;
-
- b = K0.Length;
- if (olen < 4 || olen> HASH.len)
- {
- return 0;
- }
-
- for (int i = 0;i < b;i++)
- {
- K0[i] = 0;
- }
-
- HASH H = new HASH();
-
- if (K.Length > b)
- {
- H.process_array(K);
- B = H.hash();
- for (int i = 0;i < 32;i++)
- {
- K0[i] = B[i];
- }
- }
- else
- {
- for (int i = 0;i < K.Length;i++)
- {
- K0[i] = K[i];
- }
- }
-
- for (int i = 0;i < b;i++)
- {
- K0[i] ^= 0x36;
- }
- H.process_array(K0);
- H.process_array(M);
- B = H.hash();
-
- for (int i = 0;i < b;i++)
- {
- K0[i] ^= 0x6a;
- }
- H.process_array(K0);
- H.process_array(B);
- B = H.hash();
-
- for (int i = 0;i < olen;i++)
- {
- tag[i] = B[i];
- }
-
- return 1;
- }
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
- public static sbyte[] AES_CBC_IV0_ENCRYPT(sbyte[] K, sbyte[] M)
- { // AES CBC encryption, with Null IV and key K
- /* Input is from an octet string M, output is to an octet string C */
- /* Input is padded as necessary to make up a full final block */
- AES a = new AES();
- bool fin;
- int i, j, ipt, opt;
- sbyte[] buff = new sbyte[16];
- int clen = 16 + (M.Length / 16) * 16;
-
- sbyte[] C = new sbyte[clen];
- int padlen;
-
- a.init(AES.CBC,K,null);
-
- ipt = opt = 0;
- fin = false;
- for (;;)
- {
- for (i = 0;i < 16;i++)
- {
- if (ipt < M.Length)
- {
- buff[i] = M[ipt++];
- }
- else
- {
- fin = true;
- break;
- }
- }
- if (fin)
- {
- break;
- }
- a.encrypt(buff);
- for (i = 0;i < 16;i++)
- {
- C[opt++] = buff[i];
- }
- }
-
-/* last block, filled up to i-th index */
-
- padlen = 16 - i;
- for (j = i;j < 16;j++)
- {
- buff[j] = (sbyte)padlen;
- }
-
- a.encrypt(buff);
-
- for (i = 0;i < 16;i++)
- {
- C[opt++] = buff[i];
- }
- a.end();
- return C;
- }
-
-/* returns plaintext if all consistent, else returns null string */
- public static sbyte[] AES_CBC_IV0_DECRYPT(sbyte[] K, sbyte[] C)
- { // padding is removed
- AES a = new AES();
- int i, ipt, opt, ch;
- sbyte[] buff = new sbyte[16];
- sbyte[] MM = new sbyte[C.Length];
- bool fin, bad;
- int padlen;
- ipt = opt = 0;
-
- a.init(AES.CBC,K,null);
-
- if (C.Length == 0)
- {
- return new sbyte[0];
- }
- ch = C[ipt++];
-
- fin = false;
-
- for (;;)
- {
- for (i = 0;i < 16;i++)
- {
- buff[i] = (sbyte)ch;
- if (ipt >= C.Length)
- {
- fin = true;
- break;
- }
- else
- {
- ch = C[ipt++];
- }
- }
- a.decrypt(buff);
- if (fin)
- {
- break;
- }
- for (i = 0;i < 16;i++)
- {
- MM[opt++] = buff[i];
- }
- }
-
- a.end();
- bad = false;
- padlen = buff[15];
- if (i != 15 || padlen < 1 || padlen>16)
- {
- bad = true;
- }
- if (padlen >= 2 && padlen <= 16)
- {
- for (i = 16 - padlen;i < 16;i++)
- {
- if (buff[i] != padlen)
- {
- bad = true;
- }
- }
- }
-
- if (!bad)
- {
- for (i = 0;i < 16 - padlen;i++)
- {
- MM[opt++] = buff[i];
- }
- }
-
- if (bad)
- {
- return new sbyte[0];
- }
-
- sbyte[] M = new sbyte[opt];
- for (i = 0;i < opt;i++)
- {
- M[i] = MM[i];
- }
-
- return M;
- }
-
-/* Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
- public static int KEY_PAIR_GENERATE(RAND RNG, sbyte[] S, sbyte[] W)
- {
- BIG r, gx, gy, s;
- ECP G, WP;
- int res = 0;
- sbyte[] T = new sbyte[EFS];
-
- gx = new BIG(ROM.CURVE_Gx);
- if (ROM.CURVETYPE != ROM.MONTGOMERY)
- {
- gy = new BIG(ROM.CURVE_Gy);
- G = new ECP(gx,gy);
- }
- else
- {
- G = new ECP(gx);
- }
-
- r = new BIG(ROM.CURVE_Order);
-
- if (RNG == null)
- {
- s = BIG.fromBytes(S);
- }
- else
- {
- s = BIG.randomnum(r,RNG);
-
- s.toBytes(T);
- for (int i = 0;i < EGS;i++)
- {
- S[i] = T[i];
- }
- }
-
- WP = G.mul(s);
- WP.toBytes(W);
-
- return res;
- }
-
-/* validate public key. Set full=true for fuller check */
- public static int PUBLIC_KEY_VALIDATE(bool full, sbyte[] W)
- {
- BIG r;
- ECP WP = ECP.fromBytes(W);
- int res = 0;
-
- r = new BIG(ROM.CURVE_Order);
-
- if (WP.is_infinity())
- {
- res = INVALID_PUBLIC_KEY;
- }
- if (res == 0 && full)
- {
- WP = WP.mul(r);
- if (!WP.is_infinity())
- {
- res = INVALID_PUBLIC_KEY;
- }
- }
- return res;
- }
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
- public static int ECPSVDP_DH(sbyte[] S, sbyte[] WD, sbyte[] Z)
- {
- BIG r, s;
- ECP W;
- int res = 0;
- sbyte[] T = new sbyte[EFS];
-
- s = BIG.fromBytes(S);
-
- W = ECP.fromBytes(WD);
- if (W.is_infinity())
- {
- res = ERROR;
- }
-
- if (res == 0)
- {
- r = new BIG(ROM.CURVE_Order);
- s.mod(r);
- W = W.mul(s);
- if (W.is_infinity())
- {
- res = ERROR;
- }
- else
- {
- W.X.toBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- Z[i] = T[i];
- }
- }
- }
- return res;
- }
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
- public static int ECPSP_DSA(RAND RNG, sbyte[] S, sbyte[] F, sbyte[] C, sbyte[] D)
- {
- sbyte[] T = new sbyte[EFS];
- BIG gx, gy, r, s, f, c, d, u, vx;
- ECP G, V;
-
- HASH H = new HASH();
- H.process_array(F);
- sbyte[] B = H.hash();
-
- gx = new BIG(ROM.CURVE_Gx);
- gy = new BIG(ROM.CURVE_Gy);
-
- G = new ECP(gx,gy);
- r = new BIG(ROM.CURVE_Order);
-
- s = BIG.fromBytes(S);
- f = BIG.fromBytes(B);
-
- c = new BIG(0);
- d = new BIG(0);
- V = new ECP();
-
- do
- {
- u = BIG.randomnum(r,RNG);
-
- V.copy(G);
- V = V.mul(u);
- vx = V.X;
- c.copy(vx);
- c.mod(r);
- if (c.iszilch())
- {
- continue;
- }
- u.invmodp(r);
- d.copy(BIG.modmul(s,c,r));
- d.add(f);
- d.copy(BIG.modmul(u,d,r));
- } while (d.iszilch());
-
- c.toBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- C[i] = T[i];
- }
- d.toBytes(T);
- for (int i = 0;i < EFS;i++)
- {
- D[i] = T[i];
- }
- return 0;
- }
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
- public static int ECPVP_DSA(sbyte[] W, sbyte[] F, sbyte[] C, sbyte[] D)
- {
- BIG r, gx, gy, f, c, d, h2;
- int res = 0;
- ECP G, WP, P;
-
- HASH H = new HASH();
- H.process_array(F);
- sbyte[] B = H.hash();
-
- gx = new BIG(ROM.CURVE_Gx);
- gy = new BIG(ROM.CURVE_Gy);
-
- G = new ECP(gx,gy);
- r = new BIG(ROM.CURVE_Order);
-
- c = BIG.fromBytes(C);
- d = BIG.fromBytes(D);
- f = BIG.fromBytes(B);
-
- if (c.iszilch() || BIG.comp(c,r) >= 0 || d.iszilch() || BIG.comp(d,r) >= 0)
- {
- res = INVALID;
- }
-
- if (res == 0)
- {
- d.invmodp(r);
- f.copy(BIG.modmul(f,d,r));
- h2 = BIG.modmul(c,d,r);
-
- WP = ECP.fromBytes(W);
- if (WP.is_infinity())
- {
- res = ERROR;
- }
- else
- {
- P = new ECP();
- P.copy(WP);
- P = P.mul2(h2,G,f);
- if (P.is_infinity())
- {
- res = INVALID;
- }
- else
- {
- d = P.X;
- d.mod(r);
- if (BIG.comp(d,c) != 0)
- {
- res = INVALID;
- }
- }
- }
- }
-
- return res;
- }
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
- public static sbyte[] ECIES_ENCRYPT(sbyte[] P1, sbyte[] P2, RAND RNG, sbyte[] W, sbyte[] M, sbyte[] V, sbyte[] T)
- {
- int i;
-
- sbyte[] Z = new sbyte[EFS];
- sbyte[] VZ = new sbyte[3 * EFS + 1];
- sbyte[] K1 = new sbyte[EAS];
- sbyte[] K2 = new sbyte[EAS];
- sbyte[] U = new sbyte[EGS];
-
- if (KEY_PAIR_GENERATE(RNG,U,V) != 0)
- {
- return new sbyte[0];
- }
- if (ECPSVDP_DH(U,W,Z) != 0)
- {
- return new sbyte[0];
- }
-
- for (i = 0;i < 2 * EFS + 1;i++)
- {
- VZ[i] = V[i];
- }
- for (i = 0;i < EFS;i++)
- {
- VZ[2 * EFS + 1 + i] = Z[i];
- }
-
-
- sbyte[] K = KDF2(VZ,P1,EFS);
-
- for (i = 0;i < EAS;i++)
- {
- K1[i] = K[i];
- K2[i] = K[EAS + i];
- }
-
- sbyte[] C = AES_CBC_IV0_ENCRYPT(K1,M);
-
- sbyte[] L2 = inttoBytes(P2.Length,8);
-
- sbyte[] AC = new sbyte[C.Length + P2.Length + 8];
- for (i = 0;i < C.Length;i++)
- {
- AC[i] = C[i];
- }
- for (i = 0;i < P2.Length;i++)
- {
- AC[C.Length + i] = P2[i];
- }
- for (i = 0;i < 8;i++)
- {
- AC[C.Length + P2.Length + i] = L2[i];
- }
-
- HMAC(AC,K2,T);
-
- return C;
- }
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
- public static sbyte[] ECIES_DECRYPT(sbyte[] P1, sbyte[] P2, sbyte[] V, sbyte[] C, sbyte[] T, sbyte[] U)
- {
-
- int i;
-
- sbyte[] Z = new sbyte[EFS];
- sbyte[] VZ = new sbyte[3 * EFS + 1];
- sbyte[] K1 = new sbyte[EAS];
- sbyte[] K2 = new sbyte[EAS];
- sbyte[] TAG = new sbyte[T.Length];
-
- if (ECPSVDP_DH(U,V,Z) != 0)
- {
- return new sbyte[0];
- }
-
- for (i = 0;i < 2 * EFS + 1;i++)
- {
- VZ[i] = V[i];
- }
- for (i = 0;i < EFS;i++)
- {
- VZ[2 * EFS + 1 + i] = Z[i];
- }
-
- sbyte[] K = KDF2(VZ,P1,EFS);
-
- for (i = 0;i < EAS;i++)
- {
- K1[i] = K[i];
- K2[i] = K[EAS + i];
- }
-
- sbyte[] M = AES_CBC_IV0_DECRYPT(K1,C);
-
- if (M.Length == 0)
- {
- return M;
- }
-
- sbyte[] L2 = inttoBytes(P2.Length,8);
-
- sbyte[] AC = new sbyte[C.Length + P2.Length + 8];
-
- for (i = 0;i < C.Length;i++)
- {
- AC[i] = C[i];
- }
- for (i = 0;i < P2.Length;i++)
- {
- AC[C.Length + i] = P2[i];
- }
- for (i = 0;i < 8;i++)
- {
- AC[C.Length + P2.Length + i] = L2[i];
- }
-
- HMAC(AC,K2,TAG);
-
- bool same = true;
- for (i = 0;i < T.Length;i++)
- {
- if (T[i] != TAG[i])
- {
- same = false;
- }
- }
- if (!same)
- {
- return new sbyte[0];
- }
-
- return M;
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/ECP.cs
----------------------------------------------------------------------
diff --git a/cs/ECP.cs b/cs/ECP.cs
deleted file mode 100644
index 4ad1a5c..0000000
--- a/cs/ECP.cs
+++ /dev/null
@@ -1,1216 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Elliptic Curve Point class */
-
-public sealed class ECP
-{
- private FP x;
- private FP y;
- private FP z;
- private bool INF;
-
-/* Constructor - set to O */
- public ECP()
- {
- INF = true;
- x = new FP(0);
- y = new FP(1);
- z = new FP(1);
- }
-/* test for O point-at-infinity */
- public bool is_infinity()
- {
- if (ROM.CURVETYPE == ROM.EDWARDS)
- {
- x.reduce();
- y.reduce();
- z.reduce();
- return (x.iszilch() && y.Equals(z));
- }
- else
- {
- return INF;
- }
- }
-/* Conditional swap of P and Q dependant on d */
- private void cswap(ECP Q, int d)
- {
- x.cswap(Q.x,d);
- if (ROM.CURVETYPE != ROM.MONTGOMERY)
- {
- y.cswap(Q.y,d);
- }
- z.cswap(Q.z,d);
- if (ROM.CURVETYPE != ROM.EDWARDS)
- {
- bool bd;
- if (d == 0)
- {
- bd = false;
- }
- else
- {
- bd = true;
- }
- bd = bd & (INF ^ Q.INF);
- INF ^= bd;
- Q.INF ^= bd;
- }
- }
-
-/* Conditional move of Q to P dependant on d */
- private void cmove(ECP Q, int d)
- {
- x.cmove(Q.x,d);
- if (ROM.CURVETYPE != ROM.MONTGOMERY)
- {
- y.cmove(Q.y,d);
- }
- z.cmove(Q.z,d);
- if (ROM.CURVETYPE != ROM.EDWARDS)
- {
- bool bd;
- if (d == 0)
- {
- bd = false;
- }
- else
- {
- bd = true;
- }
- INF ^= (INF ^ Q.INF) & bd;
- }
- }
-
-/* return 1 if b==c, no branching */
- private static int teq(int b, int c)
- {
- int x = b ^ c;
- x -= 1; // if x=0, x now -1
- return ((x >> 31) & 1);
- }
-
-/* Constant time select from pre-computed table */
- private void select(ECP[] W, int b)
- {
- ECP MP = new ECP();
- int m = b >> 31;
- int babs = (b ^ m) - m;
-
- babs = (babs - 1) / 2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m & 1));
- }
-
-
-/* Test P == Q */
- public bool Equals(ECP Q)
- {
- if (is_infinity() && Q.is_infinity())
- {
- return true;
- }
- if (is_infinity() || Q.is_infinity())
- {
- return false;
- }
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- {
- FP zs2 = new FP(z);
- zs2.sqr();
- FP zo2 = new FP(Q.z);
- zo2.sqr();
- FP zs3 = new FP(zs2);
- zs3.mul(z);
- FP zo3 = new FP(zo2);
- zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.Equals(zo2))
- {
- return false;
- }
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.Equals(zo3))
- {
- return false;
- }
- }
- else
- {
- FP a = new FP(0);
- FP b = new FP(0);
- a.copy(x);
- a.mul(Q.z);
- a.reduce();
- b.copy(Q.x);
- b.mul(z);
- b.reduce();
- if (!a.Equals(b))
- {
- return false;
- }
- if (ROM.CURVETYPE == ROM.EDWARDS)
- {
- a.copy(y);
- a.mul(Q.z);
- a.reduce();
- b.copy(Q.y);
- b.mul(z);
- b.reduce();
- if (!a.Equals(b))
- {
- return false;
- }
- }
- }
- return true;
- }
-
-/* this=P */
- public void copy(ECP P)
- {
- x.copy(P.x);
- if (ROM.CURVETYPE != ROM.MONTGOMERY)
- {
- y.copy(P.y);
- }
- z.copy(P.z);
- INF = P.INF;
- }
-/* this=-this */
- public void neg()
- {
- if (is_infinity())
- {
- return;
- }
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- {
- y.neg();
- y.reduce();
- }
- if (ROM.CURVETYPE == ROM.EDWARDS)
- {
- x.neg();
- x.reduce();
- }
- return;
- }
-/* set this=O */
- public void inf()
- {
- INF = true;
- x.zero();
- y.one();
- z.one();
- // y=new FP(1);
- // z=new FP(1);
- }
-
-/* Calculate RHS of curve equation */
- public static FP RHS(FP x)
- {
- x.norm();
- FP r = new FP(x);
- r.sqr();
-
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- { // x^3+Ax+B
- FP b = new FP(new BIG(ROM.CURVE_B));
- r.mul(x);
- if (ROM.CURVE_A == -3)
- {
- FP cx = new FP(x);
- cx.imul(3);
- cx.neg();
- cx.norm();
- r.add(cx);
- }
- r.add(b);
- }
- if (ROM.CURVETYPE == ROM.EDWARDS)
- { // (Ax^2-1)/(Bx^2-1)
- FP b = new FP(new BIG(ROM.CURVE_B));
-
- FP one = new FP(1);
- b.mul(r);
- b.sub(one);
- if (ROM.CURVE_A == -1)
- {
- r.neg();
- }
- r.sub(one);
-
- b.inverse();
-
- r.mul(b);
- }
- if (ROM.CURVETYPE == ROM.MONTGOMERY)
- { // x^3+Ax^2+x
- FP x3 = new FP(0);
- x3.copy(r);
- x3.mul(x);
- r.imul(ROM.CURVE_A);
- r.add(x3);
- r.add(x);
- }
- r.reduce();
- return r;
- }
-
-/* set (x,y) from two BIGs */
- public ECP(BIG ix, BIG iy)
- {
- x = new FP(ix);
- y = new FP(iy);
- z = new FP(1);
- FP rhs = RHS(x);
-
- if (ROM.CURVETYPE == ROM.MONTGOMERY)
- {
- if (rhs.jacobi() == 1)
- {
- INF = false;
- }
- else
- {
- inf();
- }
- }
- else
- {
- FP y2 = new FP(y);
- y2.sqr();
- if (y2.Equals(rhs))
- {
- INF = false;
- }
- else
- {
- inf();
- }
- }
- }
-/* set (x,y) from BIG and a bit */
- public ECP(BIG ix, int s)
- {
- x = new FP(ix);
- FP rhs = RHS(x);
- y = new FP(0);
- z = new FP(1);
- if (rhs.jacobi() == 1)
- {
- FP ny = rhs.sqrt();
- if (ny.redc().parity() != s)
- {
- ny.neg();
- }
- y.copy(ny);
- INF = false;
- }
- else
- {
- inf();
- }
- }
-
-/* set from x - calculate y from curve equation */
- public ECP(BIG ix)
- {
- x = new FP(ix);
- FP rhs = RHS(x);
- y = new FP(0);
- z = new FP(1);
- if (rhs.jacobi() == 1)
- {
- if (ROM.CURVETYPE != ROM.MONTGOMERY)
- {
- y.copy(rhs.sqrt());
- }
- INF = false;
- }
- else
- {
- INF = true;
- }
- }
-
-/* set to affine - from (x,y,z) to (x,y) */
- public void affine()
- {
- if (is_infinity())
- {
- return;
- }
- FP one = new FP(1);
- if (z.Equals(one))
- {
- return;
- }
- z.inverse();
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- {
- FP z2 = new FP(z);
- z2.sqr();
- x.mul(z2);
- x.reduce();
- y.mul(z2);
- y.mul(z);
- y.reduce();
- }
- if (ROM.CURVETYPE == ROM.EDWARDS)
- {
- x.mul(z);
- x.reduce();
- y.mul(z);
- y.reduce();
- }
- if (ROM.CURVETYPE == ROM.MONTGOMERY)
- {
- x.mul(z);
- x.reduce();
- }
- z.copy(one);
- }
-/* extract x as a BIG */
- public BIG X
- {
- get
- {
- affine();
- return x.redc();
- }
- }
-/* extract y as a BIG */
- public BIG Y
- {
- get
- {
- affine();
- return y.redc();
- }
- }
-
-/* get sign of Y */
- public int S
- {
- get
- {
- affine();
- BIG y = Y;
- return y.parity();
- }
- }
-/* extract x as an FP */
- public FP getx()
- {
- return x;
- }
-/* extract y as an FP */
- public FP gety()
- {
- return y;
- }
-/* extract z as an FP */
- public FP getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(sbyte[] b)
- {
- sbyte[] t = new sbyte[ROM.MODBYTES];
- if (ROM.CURVETYPE != ROM.MONTGOMERY)
- {
- b[0] = 0x04;
- }
- else
- {
- b[0] = 0x02;
- }
-
- affine();
- x.redc().toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- b[i + 1] = t[i];
- }
- if (ROM.CURVETYPE != ROM.MONTGOMERY)
- {
- y.redc().toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- b[i + ROM.MODBYTES + 1] = t[i];
- }
- }
- }
-/* convert from byte array to point */
- public static ECP fromBytes(sbyte[] b)
- {
- sbyte[] t = new sbyte[ROM.MODBYTES];
- BIG p = new BIG(ROM.Modulus);
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = b[i + 1];
- }
- BIG px = BIG.fromBytes(t);
- if (BIG.comp(px,p) >= 0)
- {
- return new ECP();
- }
-
- if (b[0] == 0x04)
- {
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = b[i + ROM.MODBYTES + 1];
- }
- BIG py = BIG.fromBytes(t);
- if (BIG.comp(py,p) >= 0)
- {
- return new ECP();
- }
- return new ECP(px,py);
- }
- else
- {
- return new ECP(px);
- }
- }
-/* convert to hex string */
- public override string ToString()
- {
- if (is_infinity())
- {
- return "infinity";
- }
- affine();
- if (ROM.CURVETYPE == ROM.MONTGOMERY)
- {
- return "(" + x.redc().ToString() + ")";
- }
- else
- {
- return "(" + x.redc().ToString() + "," + y.redc().ToString() + ")";
- }
- }
-/* this*=2 */
- public void dbl()
- {
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- {
- if (INF)
- {
- return;
- }
- if (y.iszilch())
- {
- inf();
- return;
- }
-
- FP w1 = new FP(x);
- FP w6 = new FP(z);
- FP w2 = new FP(0);
- FP w3 = new FP(x);
- FP w8 = new FP(x);
-
- if (ROM.CURVE_A == -3)
- {
- w6.sqr();
- w1.copy(w6);
- w1.neg();
- w3.add(w1);
- w8.add(w6);
- w3.mul(w8);
- w8.copy(w3);
- w8.imul(3);
- }
- else
- {
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
- }
-
- w2.copy(y);
- w2.sqr();
- w3.copy(x);
- w3.mul(w2);
- w3.imul(4);
- w1.copy(w3);
- w1.neg();
- // w1.norm();
-
- x.copy(w8);
- x.sqr();
- x.add(w1);
- x.add(w1);
- // x.reduce();
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8);
- y.mul(w3);
- // w2.norm();
- y.sub(w2);
- // y.reduce();
- // z.reduce();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE == ROM.EDWARDS)
- {
- FP C = new FP(x);
- FP D = new FP(y);
- FP H = new FP(z);
- FP J = new FP(0);
-
- x.mul(y);
- x.add(x);
- C.sqr();
- D.sqr();
- if (ROM.CURVE_A == -1)
- {
- C.neg();
- }
- y.copy(C);
- y.add(D);
- // y.norm();
- H.sqr();
- H.add(H);
- z.copy(y);
- J.copy(y);
- J.sub(H);
- x.mul(J);
- C.sub(D);
- y.mul(C);
- z.mul(J);
-
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE == ROM.MONTGOMERY)
- {
- FP A = new FP(x);
- FP B = new FP(x);
- FP AA = new FP(0);
- FP BB = new FP(0);
- FP C = new FP(0);
-
- if (INF)
- {
- return;
- }
-
- A.add(z);
- AA.copy(A);
- AA.sqr();
- B.sub(z);
- BB.copy(B);
- BB.sqr();
- C.copy(AA);
- C.sub(BB);
- // C.norm();
-
- x.copy(AA);
- x.mul(BB);
-
- A.copy(C);
- A.imul((ROM.CURVE_A + 2) / 4);
-
- BB.add(A);
- z.copy(BB);
- z.mul(C);
- // x.reduce();
- // z.reduce();
- x.norm();
- z.norm();
- }
- return;
- }
-
-/* this+=Q */
- public void add(ECP Q)
- {
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- {
- if (INF)
- {
- copy(Q);
- return;
- }
- if (Q.INF)
- {
- return;
- }
-
- bool aff = false;
-
- FP one = new FP(1);
- if (Q.z.Equals(one))
- {
- aff = true;
- }
-
- FP A, C;
- FP B = new FP(z);
- FP D = new FP(z);
- if (!aff)
- {
- A = new FP(Q.z);
- C = new FP(Q.z);
-
- A.sqr();
- B.sqr();
- C.mul(A);
- D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A = new FP(x);
- C = new FP(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x);
- B.sub(A);
- D.mul(Q.y);
- D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return;
- }
- else
- {
- INF = true;
- return;
- }
- }
-
- if (!aff)
- {
- z.mul(Q.z);
- }
- z.mul(B);
-
- FP e = new FP(B);
- e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A);
- e.add(B);
- x.copy(D);
- x.sqr();
- x.sub(e);
-
- A.sub(x);
- y.copy(A);
- y.mul(D);
- C.mul(B);
- y.sub(C);
-
- // x.reduce();
- // y.reduce();
- // z.reduce();
- x.norm();
- y.norm();
- z.norm();
- }
- if (ROM.CURVETYPE == ROM.EDWARDS)
- {
- FP b = new FP(new BIG(ROM.CURVE_B));
- FP A = new FP(z);
- FP B = new FP(0);
- FP C = new FP(x);
- FP D = new FP(y);
- FP E = new FP(0);
- FP F = new FP(0);
- FP G = new FP(0);
- // FP H=new FP(0);
- // FP I=new FP(0);
-
- A.mul(Q.z);
- B.copy(A);
- B.sqr();
- C.mul(Q.x);
- D.mul(Q.y);
-
- E.copy(C);
- E.mul(D);
- E.mul(b);
- F.copy(B);
- F.sub(E);
- G.copy(B);
- G.add(E);
- C.add(D);
-
- if (ROM.CURVE_A == 1)
- {
- E.copy(D);
- D.sub(C);
- }
-
- B.copy(x);
- B.add(y);
- D.copy(Q.x);
- D.add(Q.y);
- B.mul(D);
- B.sub(C);
- B.mul(F);
- x.copy(A);
- x.mul(B);
-
- if (ROM.CURVE_A == 1)
- {
- C.copy(E);
- C.mul(G);
- }
- if (ROM.CURVE_A == -1)
- {
- C.mul(G);
- }
- y.copy(A);
- y.mul(C);
- z.copy(F);
- z.mul(G);
- // x.reduce(); y.reduce(); z.reduce();
- x.norm();
- y.norm();
- z.norm();
- }
- return;
- }
-
-/* Differential Add for Montgomery curves. this+=Q where W is this-Q and is affine. */
- public void dadd(ECP Q, ECP W)
- {
- FP A = new FP(x);
- FP B = new FP(x);
- FP C = new FP(Q.x);
- FP D = new FP(Q.x);
- FP DA = new FP(0);
- FP CB = new FP(0);
-
- A.add(z);
- B.sub(z);
-
- C.add(Q.z);
- D.sub(Q.z);
-
- DA.copy(D);
- DA.mul(A);
- CB.copy(C);
- CB.mul(B);
-
- A.copy(DA);
- A.add(CB);
- A.sqr();
- B.copy(DA);
- B.sub(CB);
- B.sqr();
-
- x.copy(A);
- z.copy(W.x);
- z.mul(B);
-
- if (z.iszilch())
- {
- inf();
- }
- else
- {
- INF = false;
- }
-
- // x.reduce();
- x.norm();
- }
-/* this-=Q */
- public void sub(ECP Q)
- {
- Q.neg();
- add(Q);
- Q.neg();
- }
-
- public static void multiaffine(int m, ECP[] P)
- {
- int i;
- FP t1 = new FP(0);
- FP t2 = new FP(0);
-
- FP[] work = new FP[m];
-
- for (i = 0;i < m;i++)
- {
- work[i] = new FP(0);
- }
-
- work[0].one();
- work[1].copy(P[0].z);
-
- for (i = 2;i < m;i++)
- {
- work[i].copy(work[i - 1]);
- work[i].mul(P[i - 1].z);
- }
-
- t1.copy(work[m - 1]);
- t1.mul(P[m - 1].z);
- t1.inverse();
- t2.copy(P[m - 1].z);
- work[m - 1].mul(t1);
-
- for (i = m - 2;;i--)
- {
- if (i == 0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i = 0;i < m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* constant time multiply by small integer of length bts - use ladder */
- public ECP pinmul(int e, int bts)
- {
- if (ROM.CURVETYPE == ROM.MONTGOMERY)
- {
- return this.mul(new BIG(e));
- }
- else
- {
- int nb, i, b;
- ECP P = new ECP();
- ECP R0 = new ECP();
- ECP R1 = new ECP();
- R1.copy(this);
-
- for (i = bts - 1;i >= 0;i--)
- {
- b = (e >> i) & 1;
- P.copy(R1);
- P.add(R0);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- P.affine();
- return P;
- }
- }
-
-/* return e.this */
-
- public ECP mul(BIG e)
- {
- if (e.iszilch() || is_infinity())
- {
- return new ECP();
- }
- ECP P = new ECP();
- if (ROM.CURVETYPE == ROM.MONTGOMERY)
- {
-/* use Ladder */
- int nb, i, b;
- ECP D = new ECP();
- ECP R0 = new ECP();
- R0.copy(this);
- ECP R1 = new ECP();
- R1.copy(this);
- R1.dbl();
- D.copy(this);
- D.affine();
- nb = e.nbits();
- for (i = nb - 2;i >= 0;i--)
- {
- b = e.bit(i);
- P.copy(R1);
- P.dadd(R0,D);
- R0.cswap(R1,b);
- R1.copy(P);
- R0.dbl();
- R0.cswap(R1,b);
- }
- P.copy(R0);
- }
- else
- {
-// fixed size windows
- int i, b, nb, m, s, ns;
- BIG mt = new BIG();
- BIG t = new BIG();
- ECP Q = new ECP();
- ECP C = new ECP();
- ECP[] W = new ECP[8];
- sbyte[] w = new sbyte[1 + (ROM.NLEN * ROM.BASEBITS + 3) / 4];
-
- affine();
-
-// precompute table
- Q.copy(this);
- Q.dbl();
- W[0] = new ECP();
- W[0].copy(this);
-
- for (i = 1;i < 8;i++)
- {
- W[i] = new ECP();
- W[i].copy(W[i - 1]);
- W[i].add(Q);
- }
-
-// convert the table to affine
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- {
- multiaffine(8,W);
- }
-
-// make exponent odd - add 2P if even, P if odd
- t.copy(e);
- s = t.parity();
- t.inc(1);
- t.norm();
- ns = t.parity();
- mt.copy(t);
- mt.inc(1);
- mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb = 1 + (t.nbits() + 3) / 4;
-
-// convert exponent to signed 4-bit window
- for (i = 0;i < nb;i++)
- {
- w[i] = (sbyte)(t.lastbits(5) - 16);
- t.dec(w[i]);
- t.norm();
- t.fshr(4);
- }
- w[nb] = (sbyte)t.lastbits(5);
-
- P.copy(W[(w[nb] - 1) / 2]);
- for (i = nb - 1;i >= 0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C); // apply correction
- }
- P.affine();
- return P;
- }
-/* Return e.this+f.Q */
-
- public ECP mul2(BIG e, ECP Q, BIG f)
- {
- BIG te = new BIG();
- BIG tf = new BIG();
- BIG mt = new BIG();
- ECP S = new ECP();
- ECP T = new ECP();
- ECP C = new ECP();
- ECP[] W = new ECP[8];
- sbyte[] w = new sbyte[1 + (ROM.NLEN * ROM.BASEBITS + 1) / 2];
- int i, s, ns, nb;
- sbyte a, b;
-
- affine();
- Q.affine();
-
- te.copy(e);
- tf.copy(f);
-
-// precompute table
- W[1] = new ECP();
- W[1].copy(this);
- W[1].sub(Q);
- W[2] = new ECP();
- W[2].copy(this);
- W[2].add(Q);
- S.copy(Q);
- S.dbl();
- W[0] = new ECP();
- W[0].copy(W[1]);
- W[0].sub(S);
- W[3] = new ECP();
- W[3].copy(W[2]);
- W[3].add(S);
- T.copy(this);
- T.dbl();
- W[5] = new ECP();
- W[5].copy(W[1]);
- W[5].add(T);
- W[6] = new ECP();
- W[6].copy(W[2]);
- W[6].add(T);
- W[4] = new ECP();
- W[4].copy(W[5]);
- W[4].sub(S);
- W[7] = new ECP();
- W[7].copy(W[6]);
- W[7].add(S);
-
-// convert the table to affine
- if (ROM.CURVETYPE == ROM.WEIERSTRASS)
- {
- multiaffine(8,W);
- }
-
-// if multiplier is odd, add 2, else add 1 to multiplier, and add 2P or P to correction
-
- s = te.parity();
- te.inc(1);
- te.norm();
- ns = te.parity();
- mt.copy(te);
- mt.inc(1);
- mt.norm();
- te.cmove(mt,s);
- T.cmove(this,ns);
- C.copy(T);
-
- s = tf.parity();
- tf.inc(1);
- tf.norm();
- ns = tf.parity();
- mt.copy(tf);
- mt.inc(1);
- mt.norm();
- tf.cmove(mt,s);
- S.cmove(Q,ns);
- C.add(S);
-
- mt.copy(te);
- mt.add(tf);
- mt.norm();
- nb = 1 + (mt.nbits() + 1) / 2;
-
-// convert exponent to signed 2-bit window
- for (i = 0;i < nb;i++)
- {
- a = (sbyte)(te.lastbits(3) - 4);
- te.dec(a);
- te.norm();
- te.fshr(2);
- b = (sbyte)(tf.lastbits(3) - 4);
- tf.dec(b);
- tf.norm();
- tf.fshr(2);
- w[i] = (sbyte)(4 * a + b);
- }
- w[nb] = (sbyte)(4 * te.lastbits(3) + tf.lastbits(3));
- S.copy(W[(w[nb] - 1) / 2]);
-
- for (i = nb - 1;i >= 0;i--)
- {
- T.select(W,w[i]);
- S.dbl();
- S.dbl();
- S.add(T);
- }
- S.sub(C); // apply correction
- S.affine();
- return S;
- }
-
-/*
- public static void main(String[] args) {
-
- BIG Gx=new BIG(ROM.CURVE_Gx);
- BIG Gy;
- ECP P;
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) Gy=new BIG(ROM.CURVE_Gy);
- BIG r=new BIG(ROM.CURVE_Order);
-
- //r.dec(7);
-
- System.out.println("Gx= "+Gx.toString());
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) System.out.println("Gy= "+Gy.toString());
-
- if (ROM.CURVETYPE!=ROM.MONTGOMERY) P=new ECP(Gx,Gy);
- else P=new ECP(Gx);
-
- System.out.println("P= "+P.toString());
-
- ECP R=P.mul(r);
- //for (int i=0;i<10000;i++)
- // R=P.mul(r);
-
- System.out.println("R= "+R.toString());
- } */
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/ECP2.cs
----------------------------------------------------------------------
diff --git a/cs/ECP2.cs b/cs/ECP2.cs
deleted file mode 100644
index 28f9295..0000000
--- a/cs/ECP2.cs
+++ /dev/null
@@ -1,771 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL Weierstrass elliptic curve functions over FP2 */
-
-public sealed class ECP2
-{
- private FP2 x;
- private FP2 y;
- private FP2 z;
- private bool INF;
-
-/* Constructor - set this=O */
- public ECP2()
- {
- INF = true;
- x = new FP2(0);
- y = new FP2(1);
- z = new FP2(1);
- }
-
-/* Test this=O? */
- public bool is_infinity()
- {
- return INF;
- }
-/* copy this=P */
- public void copy(ECP2 P)
- {
- x.copy(P.x);
- y.copy(P.y);
- z.copy(P.z);
- INF = P.INF;
- }
-/* set this=O */
- public void inf()
- {
- INF = true;
- x.zero();
- y.zero();
- z.zero();
- }
-
-/* Conditional move of Q to P dependant on d */
- public void cmove(ECP2 Q, int d)
- {
- x.cmove(Q.x,d);
- y.cmove(Q.y,d);
- z.cmove(Q.z,d);
-
- bool bd;
- if (d == 0)
- {
- bd = false;
- }
- else
- {
- bd = true;
- }
- INF ^= (INF ^ Q.INF) & bd;
- }
-
-/* return 1 if b==c, no branching */
- public static int teq(int b, int c)
- {
- int x = b ^ c;
- x -= 1; // if x=0, x now -1
- return ((x >> 31) & 1);
- }
-
-/* Constant time select from pre-computed table */
- public void select(ECP2[] W, int b)
- {
- ECP2 MP = new ECP2();
- int m = b >> 31;
- int babs = (b ^ m) - m;
-
- babs = (babs - 1) / 2;
-
- cmove(W[0],teq(babs,0)); // conditional move
- cmove(W[1],teq(babs,1));
- cmove(W[2],teq(babs,2));
- cmove(W[3],teq(babs,3));
- cmove(W[4],teq(babs,4));
- cmove(W[5],teq(babs,5));
- cmove(W[6],teq(babs,6));
- cmove(W[7],teq(babs,7));
-
- MP.copy(this);
- MP.neg();
- cmove(MP,(int)(m & 1));
- }
-
-
-/* Test if P == Q */
- public bool Equals(ECP2 Q)
- {
- if (is_infinity() && Q.is_infinity())
- {
- return true;
- }
- if (is_infinity() || Q.is_infinity())
- {
- return false;
- }
-
- FP2 zs2 = new FP2(z);
- zs2.sqr();
- FP2 zo2 = new FP2(Q.z);
- zo2.sqr();
- FP2 zs3 = new FP2(zs2);
- zs3.mul(z);
- FP2 zo3 = new FP2(zo2);
- zo3.mul(Q.z);
- zs2.mul(Q.x);
- zo2.mul(x);
- if (!zs2.Equals(zo2))
- {
- return false;
- }
- zs3.mul(Q.y);
- zo3.mul(y);
- if (!zs3.Equals(zo3))
- {
- return false;
- }
-
- return true;
- }
-/* set this=-this */
- public void neg()
- {
- if (is_infinity())
- {
- return;
- }
- y.neg();
- y.reduce();
- return;
- }
-/* set to Affine - (x,y,z) to (x,y) */
- public void affine()
- {
- if (is_infinity())
- {
- return;
- }
- FP2 one = new FP2(1);
- if (z.Equals(one))
- {
- return;
- }
- z.inverse();
-
- FP2 z2 = new FP2(z);
- z2.sqr();
- x.mul(z2);
- x.reduce();
- y.mul(z2);
- y.mul(z);
- y.reduce();
- z.copy(one);
- }
-/* extract affine x as FP2 */
- public FP2 X
- {
- get
- {
- affine();
- return x;
- }
- }
-/* extract affine y as FP2 */
- public FP2 Y
- {
- get
- {
- affine();
- return y;
- }
- }
-/* extract projective x */
- public FP2 getx()
- {
- return x;
- }
-/* extract projective y */
- public FP2 gety()
- {
- return y;
- }
-/* extract projective z */
- public FP2 getz()
- {
- return z;
- }
-/* convert to byte array */
- public void toBytes(sbyte[] b)
- {
- sbyte[] t = new sbyte[ROM.MODBYTES];
- affine();
- x.A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- b[i] = t[i];
- }
- x.B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- b[i + ROM.MODBYTES] = t[i];
- }
-
- y.A.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- b[i + 2 * ROM.MODBYTES] = t[i];
- }
- y.B.toBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- b[i + 3 * ROM.MODBYTES] = t[i];
- }
- }
-/* convert from byte array to point */
- public static ECP2 fromBytes(sbyte[] b)
- {
- sbyte[] t = new sbyte[ROM.MODBYTES];
- BIG ra;
- BIG rb;
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = b[i];
- }
- ra = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = b[i + ROM.MODBYTES];
- }
- rb = BIG.fromBytes(t);
- FP2 rx = new FP2(ra,rb);
-
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = b[i + 2 * ROM.MODBYTES];
- }
- ra = BIG.fromBytes(t);
- for (int i = 0;i < ROM.MODBYTES;i++)
- {
- t[i] = b[i + 3 * ROM.MODBYTES];
- }
- rb = BIG.fromBytes(t);
- FP2 ry = new FP2(ra,rb);
-
- return new ECP2(rx,ry);
- }
-/* convert this to hex string */
- public override string ToString()
- {
- if (is_infinity())
- {
- return "infinity";
- }
- affine();
- return "(" + x.ToString() + "," + y.ToString() + ")";
- }
-
-/* Calculate RHS of twisted curve equation x^3+B/i */
- public static FP2 RHS(FP2 x)
- {
- x.norm();
- FP2 r = new FP2(x);
- r.sqr();
- FP2 b = new FP2(new BIG(ROM.CURVE_B));
- b.div_ip();
- r.mul(x);
- r.add(b);
-
- r.reduce();
- return r;
- }
-/* construct this from (x,y) - but set to O if not on curve */
- public ECP2(FP2 ix, FP2 iy)
- {
- x = new FP2(ix);
- y = new FP2(iy);
- z = new FP2(1);
- FP2 rhs = RHS(x);
- FP2 y2 = new FP2(y);
- y2.sqr();
- if (y2.Equals(rhs))
- {
- INF = false;
- }
- else
- {
- x.zero();
- INF = true;
- }
- }
-
-/* construct this from x - but set to O if not on curve */
- public ECP2(FP2 ix)
- {
- x = new FP2(ix);
- y = new FP2(1);
- z = new FP2(1);
- FP2 rhs = RHS(x);
- if (rhs.sqrt())
- {
- y.copy(rhs);
- INF = false;
- }
- else
- {
- x.zero();
- INF = true;
- }
- }
-
-/* this+=this */
- public int dbl()
- {
- if (INF)
- {
- return -1;
- }
- if (y.iszilch())
- {
- inf();
- return -1;
- }
-
- FP2 w1 = new FP2(x);
- FP2 w2 = new FP2(0);
- FP2 w3 = new FP2(x);
- FP2 w8 = new FP2(x);
-
- w1.sqr();
- w8.copy(w1);
- w8.imul(3);
-
- w2.copy(y);
- w2.sqr();
- w3.copy(x);
- w3.mul(w2);
- w3.imul(4);
- w1.copy(w3);
- w1.neg();
- // w1.norm();
-
- x.copy(w8);
- x.sqr();
- x.add(w1);
- x.add(w1);
- x.norm();
-
- z.mul(y);
- z.add(z);
-
- w2.add(w2);
- w2.sqr();
- w2.add(w2);
- w3.sub(x);
- y.copy(w8);
- y.mul(w3);
- // w2.norm();
- y.sub(w2);
-
- y.norm();
- z.norm();
-
- return 1;
- }
-/* this+=Q - return 0 for add, 1 for double, -1 for O */
- public int add(ECP2 Q)
- {
- if (INF)
- {
- copy(Q);
- return -1;
- }
- if (Q.INF)
- {
- return -1;
- }
-
- bool aff = false;
-
- if (Q.z.isunity())
- {
- aff = true;
- }
-
- FP2 A, C;
- FP2 B = new FP2(z);
- FP2 D = new FP2(z);
- if (!aff)
- {
- A = new FP2(Q.z);
- C = new FP2(Q.z);
-
- A.sqr();
- B.sqr();
- C.mul(A);
- D.mul(B);
-
- A.mul(x);
- C.mul(y);
- }
- else
- {
- A = new FP2(x);
- C = new FP2(y);
-
- B.sqr();
- D.mul(B);
- }
-
- B.mul(Q.x);
- B.sub(A);
- D.mul(Q.y);
- D.sub(C);
-
- if (B.iszilch())
- {
- if (D.iszilch())
- {
- dbl();
- return 1;
- }
- else
- {
- INF = true;
- return -1;
- }
- }
-
- if (!aff)
- {
- z.mul(Q.z);
- }
- z.mul(B);
-
- FP2 e = new FP2(B);
- e.sqr();
- B.mul(e);
- A.mul(e);
-
- e.copy(A);
- e.add(A);
- e.add(B);
- x.copy(D);
- x.sqr();
- x.sub(e);
-
- A.sub(x);
- y.copy(A);
- y.mul(D);
- C.mul(B);
- y.sub(C);
-
- x.norm();
- y.norm();
- z.norm();
-
- return 0;
- }
-
-/* set this-=Q */
- public int sub(ECP2 Q)
- {
- Q.neg();
- int D = add(Q);
- Q.neg();
- return D;
- }
-/* set this*=q, where q is Modulus, using Frobenius */
- public void frob(FP2 X)
- {
- if (INF)
- {
- return;
- }
- FP2 X2 = new FP2(X);
- X2.sqr();
- x.conj();
- y.conj();
- z.conj();
- z.reduce();
- x.mul(X2);
- y.mul(X2);
- y.mul(X);
- }
-
-/* normalises m-array of ECP2 points. Requires work vector of m FP2s */
-
- public static void multiaffine(int m, ECP2[] P)
- {
- int i;
- FP2 t1 = new FP2(0);
- FP2 t2 = new FP2(0);
-
- FP2[] work = new FP2[m];
- work[0] = new FP2(1);
- work[1] = new FP2(P[0].z);
- for (i = 2;i < m;i++)
- {
- work[i] = new FP2(work[i - 1]);
- work[i].mul(P[i - 1].z);
- }
-
- t1.copy(work[m - 1]);
- t1.mul(P[m - 1].z);
-
- t1.inverse();
-
- t2.copy(P[m - 1].z);
- work[m - 1].mul(t1);
-
- for (i = m - 2;;i--)
- {
- if (i == 0)
- {
- work[0].copy(t1);
- work[0].mul(t2);
- break;
- }
- work[i].mul(t2);
- work[i].mul(t1);
- t2.mul(P[i].z);
- }
-/* now work[] contains inverses of all Z coordinates */
-
- for (i = 0;i < m;i++)
- {
- P[i].z.one();
- t1.copy(work[i]);
- t1.sqr();
- P[i].x.mul(t1);
- t1.mul(work[i]);
- P[i].y.mul(t1);
- }
- }
-
-/* P*=e */
- public ECP2 mul(BIG e)
- {
-/* fixed size windows */
- int i, b, nb, m, s, ns;
- BIG mt = new BIG();
- BIG t = new BIG();
- ECP2 P = new ECP2();
- ECP2 Q = new ECP2();
- ECP2 C = new ECP2();
- ECP2[] W = new ECP2[8];
- sbyte[] w = new sbyte[1 + (ROM.NLEN * ROM.BASEBITS + 3) / 4];
-
- if (is_infinity())
- {
- return new ECP2();
- }
-
- affine();
-
-/* precompute table */
- Q.copy(this);
- Q.dbl();
- W[0] = new ECP2();
- W[0].copy(this);
-
- for (i = 1;i < 8;i++)
- {
- W[i] = new ECP2();
- W[i].copy(W[i - 1]);
- W[i].add(Q);
- }
-
-/* convert the table to affine */
-
- multiaffine(8,W);
-
-/* make exponent odd - add 2P if even, P if odd */
- t.copy(e);
- s = t.parity();
- t.inc(1);
- t.norm();
- ns = t.parity();
- mt.copy(t);
- mt.inc(1);
- mt.norm();
- t.cmove(mt,s);
- Q.cmove(this,ns);
- C.copy(Q);
-
- nb = 1 + (t.nbits() + 3) / 4;
-/* convert exponent to signed 4-bit window */
- for (i = 0;i < nb;i++)
- {
- w[i] = (sbyte)(t.lastbits(5) - 16);
- t.dec(w[i]);
- t.norm();
- t.fshr(4);
- }
- w[nb] = (sbyte)t.lastbits(5);
-
- P.copy(W[(w[nb] - 1) / 2]);
- for (i = nb - 1;i >= 0;i--)
- {
- Q.select(W,w[i]);
- P.dbl();
- P.dbl();
- P.dbl();
- P.dbl();
- P.add(Q);
- }
- P.sub(C);
- P.affine();
- return P;
- }
-
-/* P=u0.Q0+u1*Q1+u2*Q2+u3*Q3 */
- public static ECP2 mul4(ECP2[] Q, BIG[] u)
- {
- int i, j, nb;
- int[] a = new int[4];
- ECP2 T = new ECP2();
- ECP2 C = new ECP2();
- ECP2 P = new ECP2();
- ECP2[] W = new ECP2[8];
-
- BIG mt = new BIG();
- BIG[] t = new BIG[4];
-
- sbyte[] w = new sbyte[ROM.NLEN * ROM.BASEBITS + 1];
-
- for (i = 0;i < 4;i++)
- {
- t[i] = new BIG(u[i]);
- Q[i].affine();
- }
-
-/* precompute table */
-
- W[0] = new ECP2();
- W[0].copy(Q[0]);
- W[0].sub(Q[1]);
- W[1] = new ECP2();
- W[1].copy(W[0]);
- W[2] = new ECP2();
- W[2].copy(W[0]);
- W[3] = new ECP2();
- W[3].copy(W[0]);
- W[4] = new ECP2();
- W[4].copy(Q[0]);
- W[4].add(Q[1]);
- W[5] = new ECP2();
- W[5].copy(W[4]);
- W[6] = new ECP2();
- W[6].copy(W[4]);
- W[7] = new ECP2();
- W[7].copy(W[4]);
- T.copy(Q[2]);
- T.sub(Q[3]);
- W[1].sub(T);
- W[2].add(T);
- W[5].sub(T);
- W[6].add(T);
- T.copy(Q[2]);
- T.add(Q[3]);
- W[0].sub(T);
- W[3].add(T);
- W[4].sub(T);
- W[7].add(T);
-
- multiaffine(8,W);
-
-/* if multiplier is even add 1 to multiplier, and add P to correction */
- mt.zero();
- C.inf();
- for (i = 0;i < 4;i++)
- {
- if (t[i].parity() == 0)
- {
- t[i].inc(1);
- t[i].norm();
- C.add(Q[i]);
- }
- mt.add(t[i]);
- mt.norm();
- }
-
- nb = 1 + mt.nbits();
-
-/* convert exponent to signed 1-bit window */
- for (j = 0;j < nb;j++)
- {
- for (i = 0;i < 4;i++)
- {
- a[i] = (sbyte)(t[i].lastbits(2) - 2);
- t[i].dec(a[i]);
- t[i].norm();
- t[i].fshr(1);
- }
- w[j] = (sbyte)(8 * a[0] + 4 * a[1] + 2 * a[2] + a[3]);
- }
- w[nb] = (sbyte)(8 * t[0].lastbits(2) + 4 * t[1].lastbits(2) + 2 * t[2].lastbits(2) + t[3].lastbits(2));
-
- P.copy(W[(w[nb] - 1) / 2]);
- for (i = nb - 1;i >= 0;i--)
- {
- T.select(W,w[i]);
- P.dbl();
- P.add(T);
- }
- P.sub(C); // apply correction
-
- P.affine();
- return P;
- }
-
-
-/*
- public static void main(String[] args) {
- BIG r=new BIG(ROM.Modulus);
-
- BIG Pxa=new BIG(ROM.CURVE_Pxa);
- BIG Pxb=new BIG(ROM.CURVE_Pxb);
- BIG Pya=new BIG(ROM.CURVE_Pya);
- BIG Pyb=new BIG(ROM.CURVE_Pyb);
-
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
-
- FP2 f=new FP2(Fra,Frb);
-
- FP2 Px=new FP2(Pxa,Pxb);
- FP2 Py=new FP2(Pya,Pyb);
-
- ECP2 P=new ECP2(Px,Py);
-
- System.out.println("P= "+P.toString());
-
- P=P.mul(r);
- System.out.println("P= "+P.toString());
-
- ECP2 Q=new ECP2(Px,Py);
- Q.frob(f);
- System.out.println("Q= "+Q.toString());
-
-
- } */
-
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/FF.cs
----------------------------------------------------------------------
diff --git a/cs/FF.cs b/cs/FF.cs
deleted file mode 100644
index ed27844..0000000
--- a/cs/FF.cs
+++ /dev/null
@@ -1,1084 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Large Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public sealed class FF
-{
- private readonly BIG[] v;
- private readonly int length;
-
- private static readonly int P_MBITS = ROM.MODBYTES * 8;
- private static readonly int P_MB = (P_MBITS % ROM.BASEBITS);
- private static readonly long P_OMASK = ((long)(-1) << (P_MBITS % ROM.BASEBITS));
- private static readonly long P_FEXCESS = ((long)1 << (ROM.BASEBITS * ROM.NLEN - P_MBITS));
- private static readonly int P_TBITS = (P_MBITS % ROM.BASEBITS);
-
- public long P_EXCESS()
- {
- return ((v[length - 1].get(ROM.NLEN - 1) & P_OMASK) >> (P_MB));
- }
-
-/* Constructors */
- public FF(int n)
- {
- v = new BIG[n];
- for (int i = 0;i < n;i++)
- {
- v[i] = new BIG(0);
- }
- length = n;
- }
-
- public FF(long[][] x, int n)
- {
- v = new BIG[n];
- for (int i = 0;i < n;i++)
- {
- v[i] = new BIG(x[i]);
- }
- length = n;
- }
-
- public int getlen()
- {
- return length;
- }
-
-/* set to integer */
- public void set(int m)
- {
- zero();
- v[0].set(0,(long)m);
- }
-
-/* copy from FF b */
- public void copy(FF b)
- {
- for (int i = 0;i < length;i++)
- {
- v[i].copy(b.v[i]);
- }
- }
-
-/* x=y<<n */
- public void dsucopy(FF b)
- {
- for (int i = 0;i < b.length;i++)
- {
- v[b.length + i].copy(b.v[i]);
- v[i].zero();
- }
- }
-
-/* x=y */
- public void dscopy(FF b)
- {
- for (int i = 0;i < b.length;i++)
- {
- v[i].copy(b.v[i]);
- v[b.length + i].zero();
- }
- }
-
-/* x=y>>n */
- public void sducopy(FF b)
- {
- for (int i = 0;i < length;i++)
- {
- v[i].copy(b.v[length + i]);
- }
- }
-
-/* set to zero */
- public void zero()
- {
- for (int i = 0;i < length;i++)
- {
- v[i].zero();
- }
- }
-
- public void one()
- {
- v[0].one();
- for (int i = 1;i < length;i++)
- {
- v[i].zero();
- }
- }
-
-/* test equals 0 */
- public bool iszilch()
- {
- for (int i = 0;i < length;i++)
- {
- if (!v[i].iszilch())
- {
- return false;
- }
- }
- return true;
- }
-
-/* shift right by 256-bit words */
- public void shrw(int n)
- {
- for (int i = 0;i < n;i++)
- {
- v[i].copy(v[i + n]);
- v[i + n].zero();
- }
- }
-
-/* shift left by 256-bit words */
- public void shlw(int n)
- {
- for (int i = 0;i < n;i++)
- {
- v[n + i].copy(v[i]);
- v[i].zero();
- }
- }
-
-/* extract last bit */
- public int parity()
- {
- return v[0].parity();
- }
-
- public int lastbits(int m)
- {
- return v[0].lastbits(m);
- }
-
-/* compare x and y - must be normalised, and of same length */
- public static int comp(FF a, FF b)
- {
- int i, j;
- for (i = a.length - 1;i >= 0;i--)
- {
- j = BIG.comp(a.v[i],b.v[i]);
- if (j != 0)
- {
- return j;
- }
- }
- return 0;
- }
-
-/* recursive add */
- public void radd(int vp, FF x, int xp, FF y, int yp, int n)
- {
- for (int i = 0;i < n;i++)
- {
- v[vp + i].copy(x.v[xp + i]);
- v[vp + i].add(y.v[yp + i]);
- }
- }
-
-/* recursive inc */
- public void rinc(int vp, FF y, int yp, int n)
- {
- for (int i = 0;i < n;i++)
- {
- v[vp + i].add(y.v[yp + i]);
- }
- }
-
-/* recursive sub */
- public void rsub(int vp, FF x, int xp, FF y, int yp, int n)
- {
- for (int i = 0;i < n;i++)
- {
- v[vp + i].copy(x.v[xp + i]);
- v[vp + i].sub(y.v[yp + i]);
- }
- }
-
-/* recursive dec */
- public void rdec(int vp, FF y, int yp, int n)
- {
- for (int i = 0;i < n;i++)
- {
- v[vp + i].sub(y.v[yp + i]);
- }
- }
-
-/* simple add */
- public void add(FF b)
- {
- for (int i = 0;i < length;i++)
- {
- v[i].add(b.v[i]);
- }
- }
-
-/* simple sub */
- public void sub(FF b)
- {
- for (int i = 0;i < length;i++)
- {
- v[i].sub(b.v[i]);
- }
- }
-
-/* reverse sub */
- public void revsub(FF b)
- {
- for (int i = 0;i < length;i++)
- {
- v[i].rsub(b.v[i]);
- }
- }
-
-/* increment/decrement by a small integer */
- public void inc(int m)
- {
- v[0].inc(m);
- norm();
- }
-
- public void dec(int m)
- {
- v[0].dec(m);
- norm();
- }
-
- /* normalise - but hold any overflow in top part unless n<0 */
- private void rnorm(int vp, int n)
- {
- bool trunc = false;
- int i;
- long carry;
- if (n < 0)
- { // -v n signals to do truncation
- n = -n;
- trunc = true;
- }
- for (i = 0;i < n - 1;i++)
- {
- carry = v[vp + i].norm();
- v[vp + i].xortop(carry << P_TBITS);
- v[vp + i + 1].inc((int)carry);
- }
- carry = v[vp + n - 1].norm();
- if (trunc)
- {
- v[vp + n - 1].xortop(carry << P_TBITS);
- }
-
- }
-
- public void norm()
- {
- rnorm(0,length);
- }
-
-/* shift left by one bit */
- public void shl()
- {
- int i , delay_carry = 0;
- long carry;
- for (i = 0;i < length - 1;i++)
- {
- carry = v[i].fshl(1);
- v[i].inc(delay_carry);
- v[i].xortop(carry << P_TBITS);
- delay_carry = (int)carry;
- }
- v[length - 1].fshl(1);
- v[length - 1].inc(delay_carry);
- }
-
-/* shift right by one bit */
-
- public void shr()
- {
- int i;
- long carry;
- for (i = length - 1;i > 0;i--)
- {
- carry = v[i].fshr(1);
- v[i - 1].ortop(carry << P_TBITS);
- }
- v[0].fshr(1);
- }
-
-/* Convert to Hex String */
- public override string ToString()
- {
- norm();
- string s = "";
- for (int i = length - 1;i >= 0;i--)
- {
- s += v[i].ToString();
- }
- return s;
- }
-
-/* Convert FFs to/from byte arrays */
- public void toBytes(sbyte[] b)
- {
- for (int i = 0;i < length;i++)
- {
- v[i].tobytearray(b,(length - i - 1) * ROM.MODBYTES);
- }
- }
-
- public static void fromBytes(FF x, sbyte[] b)
- {
- for (int i = 0;i < x.length;i++)
- {
- x.v[i] = BIG.frombytearray(b,(x.length - i - 1) * ROM.MODBYTES);
- }
- }
-
-/* in-place swapping using xor - side channel resistant - lengths must be the same */
- private static void cswap(FF a, FF b, int d)
- {
- for (int i = 0;i < a.length;i++)
- {
- // BIG.cswap(a.v[i],b.v[i],d);
- a.v[i].cswap(b.v[i],d);
- }
- }
-
-/* z=x*y, t is workspace */
- private void karmul(int vp, FF x, int xp, FF y, int yp, FF t, int tp, int n)
- {
- int nd2;
- if (n == 1)
- {
- DBIG d = BIG.mul(x.v[xp],y.v[yp]);
- v[vp + 1] = d.Split(8 * ROM.MODBYTES);
- v[vp].copy(d);
- return;
- }
- nd2 = n / 2;
- radd(vp,x,xp,x,xp + nd2,nd2);
- //rnorm(vp,nd2);
- radd(vp + nd2,y,yp,y,yp + nd2,nd2);
- //rnorm(vp+nd2,nd2);
- t.karmul(tp,this,vp,this,vp + nd2,t,tp + n,nd2);
- karmul(vp,x,xp,y,yp,t,tp + n,nd2);
- karmul(vp + n,x,xp + nd2,y,yp + nd2,t,tp + n,nd2);
- t.rdec(tp,this,vp,n);
- t.rdec(tp,this,vp + n,n);
- rinc(vp + nd2,t,tp,n);
- rnorm(vp,2 * n);
- }
-
- private void karsqr(int vp, FF x, int xp, FF t, int tp, int n)
- {
- int nd2;
- if (n == 1)
- {
- DBIG d = BIG.sqr(x.v[xp]);
- v[vp + 1].copy(d.Split(8 * ROM.MODBYTES));
- v[vp].copy(d);
- return;
- }
-
- nd2 = n / 2;
- karsqr(vp,x,xp,t,tp + n,nd2);
- karsqr(vp + n,x,xp + nd2,t,tp + n,nd2);
- t.karmul(tp,x,xp,x,xp + nd2,t,tp + n,nd2);
- rinc(vp + nd2,t,tp,n);
- rinc(vp + nd2,t,tp,n);
- rnorm(vp + nd2,n);
- }
-
-
- private void karmul_lower(int vp, FF x, int xp, FF y, int yp, FF t, int tp, int n)
- { // Calculates Least Significant bottom half of x*y
- int nd2;
- if (n == 1)
- { // only calculate bottom half of product
- v[vp].copy(BIG.smul(x.v[xp],y.v[yp]));
- return;
- }
- nd2 = n / 2;
-
- karmul(vp,x,xp,y,yp,t,tp + n,nd2);
- t.karmul_lower(tp,x,xp + nd2,y,yp,t,tp + n,nd2);
- rinc(vp + nd2,t,tp,nd2);
- t.karmul_lower(tp,x,xp,y,yp + nd2,t,tp + n,nd2);
- rinc(vp + nd2,t,tp,nd2);
- rnorm(vp + nd2,-nd2); // truncate it
- }
-
- private void karmul_upper(FF x, FF y, FF t, int n)
- { // Calculates Most Significant upper half of x*y, given lower part
- int nd2;
-
- nd2 = n / 2;
- radd(n,x,0,x,nd2,nd2);
- radd(n + nd2,y,0,y,nd2,nd2);
-
- t.karmul(0,this,n + nd2,this,n,t,n,nd2); // t = (a0+a1)(b0+b1)
- karmul(n,x,nd2,y,nd2,t,n,nd2); // z[n]= a1*b1
- /* z[0-nd2]=l(a0b0) z[nd2-n]= h(a0b0)+l(t)-l(a0b0)-l(a1b1) */
- t.rdec(0,this,n,n); // t=t-a1b1
- rinc(nd2,this,0,nd2); // z[nd2-n]+=l(a0b0) = h(a0b0)+l(t)-l(a1b1)
- rdec(nd2,t,0,nd2); // z[nd2-n]=h(a0b0)+l(t)-l(a1b1)-l(t-a1b1)=h(a0b0)
- rnorm(0,-n); // a0b0 now in z - truncate it
- t.rdec(0,this,0,n); // (a0+a1)(b0+b1) - a0b0
- rinc(nd2,t,0,n);
-
- rnorm(nd2,n);
- }
-
- /* z=x*y. Assumes x and y are of same length. */
- public static FF mul(FF x, FF y)
- {
- int n = x.length;
- FF z = new FF(2 * n);
- FF t = new FF(2 * n);
- z.karmul(0,x,0,y,0,t,0,n);
- return z;
- }
-
-/* return low part of product this*y */
- public void lmul(FF y)
- {
- int n = length;
- FF t = new FF(2 * n);
- FF x = new FF(n);
- x.copy(this);
- karmul_lower(0,x,0,y,0,t,0,n);
- }
-
-/* Set b=b mod c */
- public void mod(FF c)
- {
- int k = 0;
-
- norm();
- if (comp(this,c) < 0)
- {
- return;
- }
- do
- {
- c.shl();
- k++;
- } while (comp(this,c) >= 0);
-
- while (k > 0)
- {
- c.shr();
- if (comp(this,c) >= 0)
- {
- sub(c);
- norm();
- }
- k--;
- }
- }
-
- /* z=x^2 */
- public static FF sqr(FF x)
- {
- int n = x.length;
- FF z = new FF(2 * n);
- FF t = new FF(2 * n);
- z.karsqr(0,x,0,t,0,n);
- return z;
- }
-
-/* return This mod modulus, N is modulus, ND is Montgomery Constant */
- public FF reduce(FF N, FF ND)
- { // fast karatsuba Montgomery reduction
- int n = N.length;
- FF t = new FF(2 * n);
- FF r = new FF(n);
- FF m = new FF(n);
-
- r.sducopy(this);
- m.karmul_lower(0,this,0,ND,0,t,0,n);
- karmul_upper(N,m,t,n);
- m.sducopy(this);
-
- r.add(N);
- r.sub(m);
- r.norm();
-
- return r;
-
- }
-
-/* Set r=this mod b */
-/* this is of length - 2*n */
-/* r,b is of length - n */
- public FF dmod(FF b)
- {
- int k , n = b.length;
- FF m = new FF(2 * n);
- FF x = new FF(2 * n);
- FF r = new FF(n);
-
- x.copy(this);
- x.norm();
- m.dsucopy(b);
- k = 256 * n;
-
- while (k > 0)
- {
- m.shr();
-
- if (comp(x,m) >= 0)
- {
- x.sub(m);
- x.norm();
- }
- k--;
- }
-
- r.copy(x);
- r.mod(b);
- return r;
- }
-
-/* Set return=1/this mod p. Binary method - a<p on entry */
-
- public void invmodp(FF p)
- {
- int n = p.length;
-
- FF u = new FF(n);
- FF v = new FF(n);
- FF x1 = new FF(n);
- FF x2 = new FF(n);
- FF t = new FF(n);
- FF one = new FF(n);
-
- one.one();
- u.copy(this);
- v.copy(p);
- x1.copy(one);
- x2.zero();
-
- // reduce n in here as well!
- while (comp(u,one) != 0 && comp(v,one) != 0)
- {
- while (u.parity() == 0)
- {
- u.shr();
- if (x1.parity() != 0)
- {
- x1.add(p);
- x1.norm();
- }
- x1.shr();
- }
- while (v.parity() == 0)
- {
- v.shr();
- if (x2.parity() != 0)
- {
- x2.add(p);
- x2.norm();
- }
- x2.shr();
- }
- if (comp(u,v) >= 0)
- {
-
- u.sub(v);
- u.norm();
- if (comp(x1,x2) >= 0)
- {
- x1.sub(x2);
- }
- else
- {
- t.copy(p);
- t.sub(x2);
- x1.add(t);
- }
- x1.norm();
- }
- else
- {
- v.sub(u);
- v.norm();
- if (comp(x2,x1) >= 0)
- {
- x2.sub(x1);
- }
- else
- {
- t.copy(p);
- t.sub(x1);
- x2.add(t);
- }
- x2.norm();
- }
- }
- if (comp(u,one) == 0)
- {
- copy(x1);
- }
- else
- {
- copy(x2);
- }
- }
-
-/* nresidue mod m */
- public void nres(FF m)
- {
- int n = m.length;
- FF d = new FF(2 * n);
- d.dsucopy(this);
- copy(d.dmod(m));
- }
-
- public void redc(FF m, FF ND)
- {
- int n = m.length;
- FF d = new FF(2 * n);
- mod(m);
- d.dscopy(this);
- copy(d.reduce(m,ND));
- mod(m);
- }
-
- private void mod2m(int m)
- {
- for (int i = m;i < length;i++)
- {
- v[i].zero();
- }
- }
-
- /* U=1/a mod 2^m - Arazi & Qi */
- private FF invmod2m()
- {
- int i , n = length;
-
- FF b = new FF(n);
- FF c = new FF(n);
- FF U = new FF(n);
-
- FF t;
-
- U.zero();
- U.v[0].copy(v[0]);
- U.v[0].invmod2m();
-
- for (i = 1;i < n;i <<= 1)
- {
- b.copy(this);
- b.mod2m(i);
- t = mul(U,b);
- t.shrw(i);
- b.copy(t);
- c.copy(this);
- c.shrw(i);
- c.mod2m(i);
- c.lmul(U);
- c.mod2m(i);
-
- b.add(c);
- b.norm();
- b.lmul(U);
- b.mod2m(i);
-
- c.one();
- c.shlw(i);
- b.revsub(c);
- b.norm();
- b.shlw(i);
- U.add(b);
- }
- U.norm();
- return U;
- }
-
- public void random(RAND rng)
- {
- int n = length;
- for (int i = 0;i < n;i++)
- {
- v[i].copy(BIG.random(rng));
- }
- /* make sure top bit is 1 */
- while (v[n - 1].nbits() < ROM.MODBYTES * 8)
- {
- v[n - 1].copy(BIG.random(rng));
- }
- }
-
- /* generate random x */
- public void randomnum(FF p, RAND rng)
- {
- int n = length;
- FF d = new FF(2 * n);
-
- for (int i = 0;i < 2 * n;i++)
- {
- d.v[i].copy(BIG.random(rng));
- }
- copy(d.dmod(p));
- }
-
- /* this*=y mod p */
- public void modmul(FF y, FF p, FF nd)
- {
- //FF d=new FF(2*p.length);
- long ex = P_EXCESS();
- long ey = y.P_EXCESS();
- if ((ex + 1) * (ey + 1) + 1 >= P_FEXCESS)
- {
- mod(p);
- }
- FF d = mul(this,y);
- copy(d.reduce(p,nd));
- }
-
- /* this*=y mod p */
- public void modsqr(FF p, FF nd)
- {
- //FF d=new FF(2*p.length);
- long ex = P_EXCESS();
- if ((ex + 1) * (ex + 1) + 1 >= P_FEXCESS)
- {
- mod(p);
- }
- FF d = sqr(this);
- copy(d.reduce(p,nd));
- }
-
- /* this=this^e mod p using side-channel resistant Montgomery Ladder, for large e */
- public void skpow(FF e, FF p)
- {
- int i , b , n = p.length;
- FF R0 = new FF(n);
- FF R1 = new FF(n);
- FF ND = p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i = 8 * ROM.MODBYTES * n - 1;i >= 0;i--)
- {
- b = e.v[i / 256].bit(i % 256);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
- }
- copy(R0);
- redc(p,ND);
- }
-
- /* this =this^e mod p using side-channel resistant Montgomery Ladder, for short e */
- public void skpow(BIG e, FF p)
- {
- int i , b , n = p.length;
- FF R0 = new FF(n);
- FF R1 = new FF(n);
- FF ND = p.invmod2m();
-
- mod(p);
- R0.one();
- R1.copy(this);
- R0.nres(p);
- R1.nres(p);
-
- for (i = 8 * ROM.MODBYTES - 1;i >= 0;i--)
- {
- b = e.bit(i);
- copy(R0);
- modmul(R1,p,ND);
-
- cswap(R0,R1,b);
- R0.modsqr(p,ND);
-
- R1.copy(this);
- cswap(R0,R1,b);
- }
- copy(R0);
- redc(p,ND);
- }
-
- /* raise to an integer power - right-to-left method */
- public void power(int e, FF p)
- {
- int n = p.length;
- FF w = new FF(n);
- FF ND = p.invmod2m();
- bool f = true;
-
- w.copy(this);
- w.nres(p);
-
- if (e == 2)
- {
- copy(w);
- modsqr(p,ND);
- }
- else
- {
- for (; ;)
- {
- if (e % 2 == 1)
- {
- if (f)
- {
- copy(w);
- }
- else
- {
- modmul(w,p,ND);
- }
- f = false;
- }
- e >>= 1;
- if (e == 0)
- {
- break;
- }
- w.modsqr(p,ND);
- }
- }
- redc(p,ND);
- }
-
- /* this=this^e mod p, faster but not side channel resistant */
- public void pow(FF e, FF p)
- {
- int i , b , n = p.length;
- FF w = new FF(n);
- FF ND = p.invmod2m();
-
- w.copy(this);
- one();
- nres(p);
- w.nres(p);
- for (i = 8 * ROM.MODBYTES * n - 1;i >= 0;i--)
- {
- modsqr(p,ND);
- b = e.v[i / 256].bit(i % 256);
- if (b == 1)
- {
- modmul(w,p,ND);
- }
- }
- redc(p,ND);
- }
-
- /* double exponentiation r=x^e.y^f mod p */
- public void pow2(BIG e, FF y, BIG f, FF p)
- {
- int i , eb , fb , n = p.length;
- FF xn = new FF(n);
- FF yn = new FF(n);
- FF xy = new FF(n);
- FF ND = p.invmod2m();
-
- xn.copy(this);
- yn.copy(y);
- xn.nres(p);
- yn.nres(p);
- xy.copy(xn);
- xy.modmul(yn,p,ND);
- one();
- nres(p);
-
- for (i = 8 * ROM.MODBYTES - 1;i >= 0;i--)
- {
- eb = e.bit(i);
- fb = f.bit(i);
- modsqr(p,ND);
- if (eb == 1)
- {
- if (fb == 1)
- {
- modmul(xy,p,ND);
- }
- else
- {
- modmul(xn,p,ND);
- }
- }
- else
- {
- if (fb == 1)
- {
- modmul(yn,p,ND);
- }
- }
- }
- redc(p,ND);
- }
-
- private static int igcd(int x, int y)
- { // integer GCD, returns GCD of x and y
- int r;
- if (y == 0)
- {
- return x;
- }
- while ((r = x % y) != 0)
- {
- x = y;
- y = r;
- }
- return y;
- }
-
- /* quick and dirty check for common factor with n */
- public bool cfactor(int s)
- {
- int r , n = length;
- int g;
-
- FF x = new FF(n);
- FF y = new FF(n);
-
- y.set(s);
- x.copy(this);
- x.norm();
-
- do
- {
- x.sub(y);
- x.norm();
- while (!x.iszilch() && x.parity() == 0)
- {
- x.shr();
- }
- } while (comp(x,y) > 0);
-
- g = (int)x.v[0].get(0);
- r = igcd(s,g);
- if (r > 1)
- {
- return true;
- }
- return false;
- }
-
- /* Miller-Rabin test for primality. Slow. */
- public static bool prime(FF p, RAND rng)
- {
- int i , j , s = 0, n = p.length;
- bool loop;
- FF d = new FF(n);
- FF x = new FF(n);
- FF unity = new FF(n);
- FF nm1 = new FF(n);
-
- int sf = 4849845; // 3*5*.. *19
- p.norm();
-
- if (p.cfactor(sf))
- {
- return false;
- }
- unity.one();
- nm1.copy(p);
- nm1.sub(unity);
- nm1.norm();
- d.copy(nm1);
-
- while (d.parity() == 0)
- {
- d.shr();
- s++;
- }
- if (s == 0)
- {
- return false;
- }
- for (i = 0;i < 10;i++)
- {
- x.randomnum(p,rng);
- x.pow(d,p);
- if (comp(x,unity) == 0 || comp(x,nm1) == 0)
- {
- continue;
- }
- loop = false;
- for (j = 1;j < s;j++)
- {
- x.power(2,p);
- if (comp(x,unity) == 0)
- {
- return false;
- }
- if (comp(x,nm1) == 0)
- {
- loop = true;
- break;
- }
- }
- if (loop)
- {
- continue;
- }
- return false;
- }
- return true;
- }
-
-/*
- public static final long[][] P ={{0xAD19A781670957L,0x76A79C00965796L,0xDEFCC5FC9A9717L,0xF02F2940E20E9L,0xBF59E34FL},{0x6894F31844C908L,0x8DADA70E82C79FL,0xFD29F3836046F6L,0x8C1D874D314DD0L,0x46D077BL},{0x3C515217813331L,0x56680FD1CE935BL,0xE55C53EEA8838EL,0x92C2F7E14A4A95L,0xD945E5B1L},{0xACF673E919F5EFL,0x6723E7E7DAB446L,0x6B6FA69B36EB1BL,0xF7D13920ECA300L,0xB5FC2165L}};
-
- public static void main(String[] args) {
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (int i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- int n=4;
-
- FF x=new FF(n);
- x.set(3);
-
- FF p=new FF(P,n);
-
- if (prime(p,rng)) System.out.println("p is a prime");
-
- FF e=new FF(n);
- e.copy(p);
- e.dec(1); e.norm();
-
- System.out.println("e= "+e.toString());
-
- x.skpow(e,p);
- System.out.println("x= "+x.toString());
-
- } */
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/cs/FP.cs
----------------------------------------------------------------------
diff --git a/cs/FP.cs b/cs/FP.cs
deleted file mode 100644
index 4e7b74e..0000000
--- a/cs/FP.cs
+++ /dev/null
@@ -1,368 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Finite Field arithmetic */
-/* AMCL mod p functions */
-
-public sealed class FP
-{
- private readonly BIG x;
- private static BIG p = new BIG(ROM.Modulus);
-
-/* Constructors */
- public FP(int a)
- {
- x = new BIG(a);
- nres();
- }
-
- public FP(BIG a)
- {
- x = new BIG(a);
- nres();
- }
-
- public FP(FP a)
- {
- x = new BIG(a.x);
- }
-
-/* convert to string */
- public override string ToString()
- {
- string s = redc().ToString();
- return s;
- }
-
- public string toRawString()
- {
- string s = x.toRawString();
- return s;
- }
-
-/* convert to Montgomery n-residue form */
- public void nres()
- {
- if (ROM.MODTYPE != ROM.PSEUDO_MERSENNE)
- {
- DBIG d = new DBIG(x);
- d.shl(ROM.NLEN * ROM.BASEBITS);
- x.copy(d.mod(p));
- }
- }
-
-/* convert back to regular form */
- public BIG redc()
- {
- if (ROM.MODTYPE != ROM.PSEUDO_MERSENNE)
- {
- DBIG d = new DBIG(x);
- return BIG.mod(d);
- }
- else
- {
- BIG r = new BIG(x);
- return r;
- }
- }
-
-/* test this=0? */
- public bool iszilch()
- {
- reduce();
- return x.iszilch();
- }
-
-/* copy from FP b */
- public void copy(FP b)
- {
- x.copy(b.x);
- }
-
-/* set this=0 */
- public void zero()
- {
- x.zero();
- }
-
-/* set this=1 */
- public void one()
- {
- x.one();
- nres();
- }
-
-/* normalise this */
- public void norm()
- {
- x.norm();
- }
-
-/* swap FPs depending on d */
- public void cswap(FP b, int d)
- {
- x.cswap(b.x,d);
- }
-
-/* copy FPs depending on d */
- public void cmove(FP b, int d)
- {
- x.cmove(b.x,d);
- }
-
-/* this*=b mod Modulus */
- public void mul(FP b)
- {
- long ea = BIG.EXCESS(x);
- long eb = BIG.EXCESS(b.x);
-
- if ((ea + 1) * (eb + 1) + 1 >= ROM.FEXCESS)
- {
- reduce();
- }
-
- DBIG d = BIG.mul(x,b.x);
- x.copy(BIG.mod(d));
- }
-
-/* this*=c mod Modulus, where c is a small int */
- public void imul(int c)
- {
- norm();
- bool s = false;
- if (c < 0)
- {
- c = -c;
- s = true;
- }
- long afx = (BIG.EXCESS(x) + 1) * (c + 1) + 1;
- if (c < ROM.NEXCESS && afx < ROM.FEXCESS)
- {
- x.imul(c);
- }
- else
- {
- if (afx < ROM.FEXCESS)
- {
- x.pmul(c);
- }
- else
- {
- DBIG d = x.pxmul(c);
- x.copy(d.mod(p));
- }
- }
- if (s)
- {
- neg();
- }
- norm();
- }
-
-
-/* this*=this mod Modulus */
- public void sqr()
- {
- DBIG d;
- long ea = BIG.EXCESS(x);
- if ((ea + 1) * (ea + 1) + 1 >= ROM.FEXCESS)
- {
- reduce();
- }
-
- d = BIG.sqr(x);
- x.copy(BIG.mod(d));
- }
-
-/* this+=b */
- public void add(FP b)
- {
- x.add(b.x);
- if (BIG.EXCESS(x) + 2 >= ROM.FEXCESS)
- {
- reduce();
- }
- }
-
-/* this = -this mod Modulus */
- public void neg()
- {
- int sb;
- long ov;
- BIG m = new BIG(p);
-
- norm();
-
- ov = BIG.EXCESS(x);
- sb = 1;
- while (ov != 0)
- {
- sb++;
- ov >>= 1;
- }
-
- m.fshl(sb);
- x.rsub(m);
-
- if (BIG.EXCESS(x) >= ROM.FEXCESS)
- {
- reduce();
- }
- }
-
-/* this-=b */
- public void sub(FP b)
- {
- FP n = new FP(b);
- n.neg();
- this.add(n);
- }
-
-/* this/=2 mod Modulus */
- public void div2()
- {
- x.norm();
- if (x.parity() == 0)
- {
- x.fshr(1);
- }
- else
- {
- x.add(p);
- x.norm();
- x.fshr(1);
- }
- }
-
-/* this=1/this mod Modulus */
- public void inverse()
- {
- BIG r = redc();
- r.invmodp(p);
- x.copy(r);
- nres();
- }
-
-/* return TRUE if this==a */
- public bool Equals(FP a)
- {
- a.reduce();
- reduce();
- if (BIG.comp(a.x,x) == 0)
- {
- return true;
- }
- return false;
- }
-
-/* reduce this mod Modulus */
- public void reduce()
- {
- x.mod(p);
- }
-
-/* return this^e mod Modulus */
- public FP pow(BIG e)
- {
- int bt;
- FP r = new FP(1);
- e.norm();
- x.norm();
- FP m = new FP(this);
- while (true)
- {
- bt = e.parity();
- e.fshr(1);
- if (bt == 1)
- {
- r.mul(m);
- }
- if (e.iszilch())
- {
- break;
- }
- m.sqr();
- }
- r.x.mod(p);
- return r;
- }
-
-/* return sqrt(this) mod Modulus */
- public FP sqrt()
- {
- reduce();
- BIG b = new BIG(p);
- if (ROM.MOD8 == 5)
- {
- b.dec(5);
- b.norm();
- b.shr(3);
- FP i = new FP(this);
- i.x.shl(1);
- FP v = i.pow(b);
- i.mul(v);
- i.mul(v);
- i.x.dec(1);
- FP r = new FP(this);
- r.mul(v);
- r.mul(i);
- r.reduce();
- return r;
- }
- else
- {
- b.inc(1);
- b.norm();
- b.shr(2);
- return pow(b);
- }
- }
-
-/* return jacobi symbol (this/Modulus) */
- public int jacobi()
- {
- BIG w = redc();
- return w.jacobi(p);
- }
-/*
- public static void main(String[] args) {
- BIG m=new BIG(ROM.Modulus);
- BIG x=new BIG(3);
- BIG e=new BIG(m);
- e.dec(1);
-
- System.out.println("m= "+m.nbits());
-
-
- BIG r=x.powmod(e,m);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
- BIG.cswap(m,r,0);
-
- System.out.println("m= "+m.toString());
- System.out.println("r= "+r.toString());
-
-// FP y=new FP(3);
-// FP s=y.pow(e);
-// System.out.println("s= "+s.toString());
-
- } */
-}