You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:50:01 UTC
[24/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/MPIN.java
----------------------------------------------------------------------
diff --git a/java64/MPIN.java b/java64/MPIN.java
deleted file mode 100755
index f8dfef0..0000000
--- a/java64/MPIN.java
+++ /dev/null
@@ -1,746 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* MPIN API Functions */
-
-import java.util.Date;
-
-public class MPIN
-{
- public static final int EFS=ROM.MODBYTES;
- public static final int EGS=ROM.MODBYTES;
- public static final int PAS=16;
- public static final int BAD_PARAMS=-11;
- public static final int INVALID_POINT=-14;
- public static final int WRONG_ORDER=-18;
- public static final int BAD_PIN=-19;
-
-/* Configure your PIN here */
-
- public static final int MAXPIN=10000; /* PIN less than this */
- public static final int PBLEN=14; /* Number of bits in PIN */
- public static final int TS=10; /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- public static final int TRAP=200; /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
-
-/* Hash number (optional) and string to point on curve */
-
- public static byte[] hashit(int n,byte[] ID)
- {
- HASH H=new HASH();
- if (n!=0) H.process_num(n);
- H.process_array(ID);
- byte[] h=H.hash();
- return h;
- }
-
- public static ECP mapit(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- x.mod(q);
- ECP P;
- while (true)
- {
- P=new ECP(x,0);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- }
-
-/* needed for SOK */
- public static ECP2 mapit2(byte[] h)
- {
- BIG q=new BIG(ROM.Modulus);
- BIG x=BIG.fromBytes(h);
- BIG one=new BIG(1);
- FP2 X;
- ECP2 Q,T,K;
- x.mod(q);
- while (true)
- {
- X=new FP2(one,x);
- Q=new ECP2(X);
- if (!Q.is_infinity()) break;
- x.inc(1); x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
- BIG Fra=new BIG(ROM.CURVE_Fra);
- BIG Frb=new BIG(ROM.CURVE_Frb);
- X=new FP2(Fra,Frb);
- x=new BIG(ROM.CURVE_Bnx);
-
- T=new ECP2(); T.copy(Q);
- T.mul(x); T.neg();
- K=new ECP2(); K.copy(T);
- K.dbl(); K.add(T); K.affine();
-
- K.frob(X);
- Q.frob(X); Q.frob(X); Q.frob(X);
- Q.add(T); Q.add(K);
- T.frob(X); T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
- }
-
-/* return time in slots since epoch */
- public static int today() {
- Date date=new Date();
- return (int) (date.getTime()/(1000*60*1440));
- }
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- public static ECP map(BIG u,int cb)
- {
- ECP P;
- BIG x=new BIG(u);
- BIG p=new BIG(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P=new ECP(x,cb);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- }
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- public static int unmap(BIG u,ECP P)
- {
- int s=P.getS();
- ECP R;
- int r=0;
- BIG x=P.getX();
- u.copy(x);
- while (true)
- {
- u.dec(1); u.norm();
- r++;
- R=new ECP(u,s);
- if (!R.is_infinity()) break;
- }
- return r;
- }
-
- public static byte[] HASH_ID(byte[] ID)
- {
- return hashit(0,ID);
- }
-
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- public static int ENCODING(RAND rng,byte[] E)
- {
- int rn,m,su,sv;
- byte[] T=new byte[EFS];
-
- for (int i=0;i<EFS;i++) T[i]=E[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=E[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- ECP P=new ECP(u,v);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG p=new BIG(ROM.Modulus);
- u=BIG.randomnum(p,rng);
-
- su=rng.getByte(); /*if (su<0) su=-su;*/ su%=2;
-
- ECP W=map(u,su);
- P.sub(W);
- sv=P.getS();
- rn=unmap(v,P);
- m=rng.getByte(); /*if (m<0) m=-m;*/ m%=rn;
- v.inc(m+1);
- E[0]=(byte)(su+2*sv);
- u.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) E[i+EFS+1]=T[i];
-
- return 0;
- }
-
- public static int DECODING(byte[] D)
- {
- int su,sv;
- byte[] T=new byte[EFS];
-
- if ((D[0]&0x04)!=0) return INVALID_POINT;
-
- for (int i=0;i<EFS;i++) T[i]=D[i+1];
- BIG u=BIG.fromBytes(T);
- for (int i=0;i<EFS;i++) T[i]=D[i+EFS+1];
- BIG v=BIG.fromBytes(T);
-
- su=D[0]&1;
- sv=(D[0]>>1)&1;
- ECP W=map(u,su);
- ECP P=map(v,sv);
- P.add(W);
- u=P.getX();
- v=P.getY();
- D[0]=0x04;
- u.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+1]=T[i];
- v.toBytes(T);
- for (int i=0;i<EFS;i++) D[i+EFS+1]=T[i];
-
- return 0;
- }
-
-/* R=R1+R2 in group G1 */
- public static int RECOMBINE_G1(byte[] R1,byte[] R2,byte[] R)
- {
- ECP P=ECP.fromBytes(R1);
- ECP Q=ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- }
-
-/* W=W1+W2 in group G2 */
- public static int RECOMBINE_G2(byte[] W1,byte[] W2,byte[] W)
- {
- ECP2 P=ECP2.fromBytes(W1);
- ECP2 Q=ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity()) return INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- }
-
-/* create random secret S */
- public static int RANDOM_GENERATE(RAND rng,byte[] S)
- {
- BIG s;
- BIG r=new BIG(ROM.CURVE_Order);
- s=BIG.randomnum(r,rng);
-
- s.toBytes(S);
- return 0;
- }
-
-/* Extract PIN from TOKEN for identity CID */
- public static int EXTRACT_PIN(byte[] CID,int pin,byte[] TOKEN)
- {
- ECP P=ECP.fromBytes(TOKEN);
- if (P.is_infinity()) return INVALID_POINT;
- byte[] h=hashit(0,CID);
- ECP R=mapit(h);
-
-
- pin%=MAXPIN;
-
- R=R.pinmul(pin,PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- }
-
-/* Implement step 2 on client side of MPin protocol */
- public static int CLIENT_2(byte[] X,byte[] Y,byte[] SEC)
- {
- BIG r=new BIG(ROM.CURVE_Order);
- ECP P=ECP.fromBytes(SEC);
- if (P.is_infinity()) return INVALID_POINT;
-
- BIG px=BIG.fromBytes(X);
- BIG py=BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- px.rsub(r);
-
- PAIR.G1mul(P,px).toBytes(SEC);
- return 0;
- }
-
-/* Implement step 1 on client side of MPin protocol */
- public static int CLIENT_1(int date,byte[] CLIENT_ID,RAND rng,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT)
- {
- BIG r=new BIG(ROM.CURVE_Order);
-// BIG q=new BIG(ROM.Modulus);
- BIG x;
-// BIG m=new BIG(0);
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P,T,W;
- BIG px;
-// byte[] t=new byte[EFS];
-
- byte[] h=hashit(0,CLIENT_ID);
- P=mapit(h);
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- pin%=MAXPIN;
- W=P.pinmul(pin,PBLEN);
- T.add(W);
- if (date!=0)
- {
- W=ECP.fromBytes(PERMIT);
- if (W.is_infinity()) return INVALID_POINT;
- T.add(W);
- h=hashit(date,h);
- W=mapit(h);
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- W=PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if (xCID!=null) P.toBytes(xCID);
- }
- else
- {
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
-
- T.toBytes(SEC);
- return 0;
- }
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- public static int GET_SERVER_SECRET(byte[] S,byte[] SST)
- {
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG s=BIG.fromBytes(S);
- Q=PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- }
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- public static int GET_G1_MULTIPLE(RAND rng, int type,byte[] X,byte[] G,byte[] W)
- {
- BIG x;
- BIG r=new BIG(ROM.CURVE_Order);
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- ECP P;
- if (type==0)
- {
- P=ECP.fromBytes(G);
- if (P.is_infinity()) return INVALID_POINT;
- }
- else
- P=mapit(G);
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- }
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
-/* CID is hashed externally */
- public static int GET_CLIENT_SECRET(byte[] S,byte[] CID,byte[] CST)
- {
- return GET_G1_MULTIPLE(null,1,S,CID,CST);
- }
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- public static int GET_CLIENT_PERMIT(int date,byte[] S,byte[] CID,byte[] CTT)
- {
- byte[] h=hashit(date,CID);
- ECP P=mapit(h);
-
- BIG s=BIG.fromBytes(S);
- PAIR.G1mul(P,s).toBytes(CTT);
- return 0;
- }
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- public static void SERVER_1(int date,byte[] CID,byte[] HID,byte[] HTID)
- {
- byte[] h=hashit(0,CID);
- ECP R,P=mapit(h);
-
- if (date!=0)
- {
- if (HID!=null) P.toBytes(HID);
- h=hashit(date,h);
- R=mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- else P.toBytes(HID);
- }
-
-/* Implement step 2 of MPin protocol on server side */
- public static int SERVER_2(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] mSEC,byte[] E,byte[] F)
- {
- BIG q=new BIG(ROM.Modulus);
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
-
- ECP R;
- if (date!=0)
- R=ECP.fromBytes(xCID);
- else
- {
- if (xID==null) return BAD_PARAMS;
- R=ECP.fromBytes(xID);
- }
- if (R.is_infinity()) return INVALID_POINT;
-
- BIG y=BIG.fromBytes(Y);
- ECP P;
- if (date!=0) P=ECP.fromBytes(HTID);
- else
- {
- if (HID==null) return BAD_PARAMS;
- P=ECP.fromBytes(HID);
- }
-
- if (P.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- R=ECP.fromBytes(mSEC);
- if (R.is_infinity()) return INVALID_POINT;
-
- FP12 g;
-// FP12 g1=new FP12(0);
-
- g=PAIR.ate2(Q,R,sQ,P);
- g=PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID!=null && xID!=null && E!=null && F!=null)
- {
- g.toBytes(E);
- if (date!=0)
- {
- P=ECP.fromBytes(HID);
- if (P.is_infinity()) return INVALID_POINT;
- R=ECP.fromBytes(xID);
- if (R.is_infinity()) return INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(F);
- }
- return BAD_PIN;
- }
-
- return 0;
- }
-
-/* Pollards kangaroos used to return PIN error */
- public static int KANGAROO(byte[] E,byte[] F)
- {
- FP12 ge=FP12.fromBytes(E);
- FP12 gf=FP12.fromBytes(F);
- int[] distance = new int[TS];
- FP12 t=new FP12(gf);
- FP12[] table=new FP12[TS];
- int i,j,m,s,dn,dm,res,steps;
-
- s=1;
- for (m=0;m<TS;m++)
- {
- distance[m]=s;
- table[m]=new FP12(t);
- s*=2;
- t.usqr();
- }
- t.one();
- dn=0;
- for (j=0;j<TRAP;j++)
- {
- i=t.geta().geta().getA().lastbits(8)%TS;
- t.mul(table[i]);
- dn+=distance[i];
- }
- gf.copy(t); gf.conj();
- steps=0; dm=0;
- res=0;
- while (dm-dn<MAXPIN)
- {
- steps++;
- if (steps>4*TRAP) break;
- i=ge.geta().geta().getA().lastbits(8)%TS;
- ge.mul(table[i]);
- dm+=distance[i];
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm;
- break;
- }
-
- }
- if (steps>4*TRAP || dm-dn>=MAXPIN) {res=0; } // Trap Failed - probable invalid token
- return res;
- }
-
-/* Functions to support M-Pin Full */
-
- public static int PRECOMPUTE(byte[] TOKEN,byte[] CID,byte[] G1,byte[] G2)
- {
- ECP P,T;
- FP12 g;
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- P=mapit(CID);
-
- ECP2 Q=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- g=PAIR.ate(Q,T);
- g=PAIR.fexp(g);
- g.toBytes(G1);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- }
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- public static int CLIENT_KEY(byte[] G1,byte[] G2,int pin,byte[] R,byte[] X,byte[] wCID,byte[] CK)
- {
- HASH H=new HASH();
- byte[] t=new byte[EFS];
-
- FP12 g1=FP12.fromBytes(G1);
- FP12 g2=FP12.fromBytes(G2);
- BIG z=BIG.fromBytes(R);
- BIG x=BIG.fromBytes(X);
-
- ECP W=ECP.fromBytes(wCID);
- if (W.is_infinity()) return INVALID_POINT;
-
- W=PAIR.G1mul(W,x);
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG r=new BIG(ROM.CURVE_Order);
- BIG q=new BIG(ROM.Modulus);
-
- BIG m=new BIG(q);
- m.mod(r);
-
- BIG a=new BIG(z);
- a.mod(m);
-
- BIG b=new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,PBLEN);
- g1.mul(g2);
-
- FP4 c=g1.trace();
- g2.copy(g1);
- g2.frob(f);
- FP4 cp=g2.trace();
- g1.conj();
- g2.mul(g1);
- FP4 cpm1=g2.trace();
- g2.mul(g1);
- FP4 cpm2=g2.trace();
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- W.getX().toBytes(t);
- H.process_array(t);
- W.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (int i=0;i<PAS;i++) CK[i]=t[i];
-
- return 0;
- }
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- public static int SERVER_KEY(byte[] Z,byte[] SST,byte[] W,byte[] xID,byte[] xCID,byte[] SK)
- {
- HASH H=new HASH();
- byte[] t=new byte[EFS];
-
- ECP2 sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return INVALID_POINT;
- ECP R=ECP.fromBytes(Z);
- if (R.is_infinity()) return INVALID_POINT;
-
- ECP U;
- if (xCID!=null)
- U=ECP.fromBytes(xCID);
- else
- U=ECP.fromBytes(xID);
- if (U.is_infinity()) return INVALID_POINT;
-
- BIG w=BIG.fromBytes(W);
- U=PAIR.G1mul(U,w);
- FP12 g=PAIR.ate(sQ,R);
- g=PAIR.fexp(g);
-
- FP4 c=g.trace();
- c.geta().getA().toBytes(t);
- H.process_array(t);
- c.geta().getB().toBytes(t);
- H.process_array(t);
- c.getb().getA().toBytes(t);
- H.process_array(t);
- c.getb().getB().toBytes(t);
- H.process_array(t);
-
- U.getX().toBytes(t);
- H.process_array(t);
- U.getY().toBytes(t);
- H.process_array(t);
-
- t=H.hash();
- for (int i=0;i<PAS;i++) SK[i]=t[i];
-
- return 0;
- }
-
-/* return time since epoch */
- public static int GET_TIME() {
- Date date=new Date();
- return (int) (date.getTime()/1000);
- }
-
-/* Generate Y = H(epoch, xCID/xID) */
- public static void GET_Y(int TimeValue,byte[] xCID,byte[] Y)
- {
- byte[] h = hashit(TimeValue,xCID);
- BIG y = BIG.fromBytes(h);
- BIG q=new BIG(ROM.CURVE_Order);
- y.mod(q);
- y.toBytes(Y);
- }
-
-/* One pass MPIN Client */
- public static int CLIENT(int date,byte[] CLIENT_ID,RAND RNG,byte[] X,int pin,byte[] TOKEN,byte[] SEC,byte[] xID,byte[] xCID,byte[] PERMIT, int TimeValue, byte[] Y)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- rtn = CLIENT_1(date,CLIENT_ID,RNG,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- return rtn;
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-/* One pass MPIN Server */
- public static int SERVER(int date,byte[] HID,byte[] HTID,byte[] Y,byte[] SST,byte[] xID,byte[] xCID,byte[] SEC,byte[] E,byte[] F,byte[] CID, int TimeValue)
- {
- int rtn=0;
-
- byte[] pID;
- if (date == 0)
- pID = xID;
- else
- pID = xCID;
-
- SERVER_1(date,CID,HID,HTID);
-
- GET_Y(TimeValue,pID,Y);
-
- rtn = SERVER_2(date,HID,HTID,Y,SST,xID,xCID,SEC,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/PAIR.java
----------------------------------------------------------------------
diff --git a/java64/PAIR.java b/java64/PAIR.java
deleted file mode 100755
index bc815a9..0000000
--- a/java64/PAIR.java
+++ /dev/null
@@ -1,537 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* AMCL BN Curve Pairing functions */
-
-public final class PAIR {
-
-/* Line function */
- public static FP12 line(ECP2 A,ECP2 B,FP Qx,FP Qy)
- {
- ECP2 P=new ECP2();
-
- FP4 a,b,c;
- P.copy(A);
- FP2 ZZ=new FP2(P.getz());
- ZZ.sqr();
- int D;
- if (A==B) D=A.dbl(); /* Check this return value in amcl_ec2.c */
- else D=A.add(B);
- if (D<0)
- return new FP12(1);
- FP2 Z3=new FP2(A.getz());
- c=new FP4(0);
- if (D==0)
- { /* Addition */
- FP2 X=new FP2(B.getx());
- FP2 Y=new FP2(B.gety());
- FP2 T=new FP2(P.getz());
- T.mul(Y);
- ZZ.mul(T);
-
- FP2 NY=new FP2(P.gety()); NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- else
- { /* Doubling */
- FP2 X=new FP2(P.getx());
- FP2 Y=new FP2(P.gety());
- FP2 T=new FP2(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X);
- T.neg();
- ZZ.mul(T);
- ZZ.pmul(Qx);
- b=new FP4(ZZ);
- }
- return new FP12(a,b,c);
- }
-
-/* Optimal R-ate pairing */
- public static FP12 ate(ECP2 P,ECP Q)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
-
- ECP2 A=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
-
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
-/* R-ate fixup */
-
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
-
- return r;
- }
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- public static FP12 ate2(ECP2 P,ECP Q,ECP2 R,ECP S)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- BIG n=new BIG(x);
- ECP2 K=new ECP2();
- FP12 lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- FP Qx=new FP(Q.getx());
- FP Qy=new FP(Q.gety());
- FP Sx=new FP(S.getx());
- FP Sy=new FP(S.gety());
-
- ECP2 A=new ECP2();
- ECP2 B=new ECP2();
- FP12 r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- int nb=n.nbits();
-
- for (int i=nb-2;i>=1;i--)
- {
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- lv=line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=line(A,A,Qx,Qy);
- r.smul(lv);
-
- lv=line(B,B,Sx,Sy);
- r.smul(lv);
-
-/* R-ate fixup */
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=line(B,K,Sx,Sy);
- r.smul(lv);
-
- return r;
- }
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- public static FP12 fexp(FP12 m)
- {
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG x=new BIG(ROM.CURVE_Bnx);
- FP12 r=new FP12(m);
- FP12 x0,x1,x2,x3,x4,x5;
-
-/* Easy part of final exp */
- FP12 lv=new FP12(r);
- lv.inverse();
- r.conj();
-
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-/* Hard part of final exp */
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r);
- x1.conj();
- x4=r.pow(x);
-
- x3=new FP12(x4);
- x3.frob(f);
-
- x2=x4.pow(x);
-
- x5=new FP12(x2); x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- return r;
- }
-
-/* GLV method */
- public static BIG[] glv(BIG e)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=new BIG[2];
- BIG[] v=new BIG[2];
- for (i=0;i<2;i++)
- {
- t.copy(new BIG(ROM.CURVE_W[i])); // why not just t=new BIG(ROM.CURVE_W[i]);
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.copy(new BIG(ROM.CURVE_SB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
- }
-
-/* Galbraith & Scott Method */
- public static BIG[] gs(BIG e)
- {
- int i,j;
- BIG t=new BIG(0);
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=new BIG[4];
- BIG[] v=new BIG[4];
- for (i=0;i<4;i++)
- {
- t.copy(new BIG(ROM.CURVE_WB[i]));
- DBIG d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.copy(new BIG(ROM.CURVE_BB[j][i]));
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
- }
-
-/* Multiply P by e in group G1 */
- public static ECP G1mul(ECP P,BIG e)
- {
- ECP R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- int i,np,nn;
- ECP Q=new ECP();
- Q.copy(P);
- BIG q=new BIG(ROM.CURVE_Order);
- FP cru=new FP(new BIG(ROM.CURVE_Cru));
- BIG t=new BIG(0);
- BIG[] u=glv(e);
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* Multiply P by e in group G2 */
- public static ECP2 G2mul(ECP2 P,BIG e)
- {
- ECP2 R;
- if (ROM.USE_GS_G2)
- {
- ECP2[] Q=new ECP2[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG[] u=gs(e);
-
- BIG t=new BIG(0);
- int i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
- R=ECP2.mul4(Q,u);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
- }
-
-/* f=f^e */
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java */
- public static FP12 GTpow(FP12 d,BIG e)
- {
- FP12 r;
- if (ROM.USE_GS_GT)
- {
- FP12[] g=new FP12[4];
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
- BIG q=new BIG(ROM.CURVE_Order);
- BIG t=new BIG(0);
- int i,np,nn;
- BIG[] u=gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
- }
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
- public static boolean GTmember(FP12 m)
- {
- if (m.isunity()) return false;
- FP12 r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- FP2 f=new FP2(new BIG(ROM.CURVE_Fra),new BIG(ROM.CURVE_Frb));
-
- r.copy(m); r.frob(f); r.frob(f);
- FP12 w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- BIG x=new BIG(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
- }
-
- public static void main(String[] args) {
- ECP Q=new ECP(new BIG(ROM.CURVE_Gx),new BIG(ROM.CURVE_Gy));
- ECP2 P=new ECP2(new FP2(new BIG(ROM.CURVE_Pxa),new BIG(ROM.CURVE_Pxb)),new FP2(new BIG(ROM.CURVE_Pya),new BIG(ROM.CURVE_Pyb)));
-
- BIG r=new BIG(ROM.CURVE_Order);
- BIG xa=new BIG(ROM.CURVE_Pxa);
-
- System.out.println("P= "+P.toString());
- System.out.println("Q= "+Q.toString());
-
- BIG m=new BIG(17);
-
- FP12 e=ate(P,Q);
- System.out.println("\ne= "+e.toString());
-
- e=fexp(e);
- // e=GTpow(e,m);
-
- System.out.println("\ne= "+e.toString());
-
- BIG [] GLV=glv(r);
-
- System.out.println("GLV[0]= "+GLV[0].toString());
- System.out.println("GLV[0]= "+GLV[1].toString());
-
- ECP G=new ECP(); G.copy(Q);
- ECP2 R=new ECP2(); R.copy(P);
-
-
- e=ate(R,Q);
- e=fexp(e);
-
- e=GTpow(e,xa);
- System.out.println("\ne= "+e.toString());
-
-
- R=G2mul(R,xa);
- e=ate(R,G);
- e=fexp(e);
-
- System.out.println("\ne= "+e.toString());
-
- G=G1mul(G,xa);
- e=ate(P,G);
- e=fexp(e);
- System.out.println("\ne= "+e.toString());
- }
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/RAND.java
----------------------------------------------------------------------
diff --git a/java64/RAND.java b/java64/RAND.java
deleted file mode 100755
index 1bf6be2..0000000
--- a/java64/RAND.java
+++ /dev/null
@@ -1,161 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-public class RAND {
-/* Cryptographically strong pseudo-random number generator */
-
- private static final int NK=21;
- private static final int NJ=6;
- private static final int NV=8;
- private int[] ira=new int[NK]; /* random number... */
- private int rndptr; /* ...array & pointer */
- private int borrow;
- private int pool_ptr;
- private byte[] pool=new byte[32]; /* random pool */
-
- public RAND()
- {
- clean();
- }
-
- private int sbrand()
- { /* Marsaglia & Zaman random number generator */
- int i,k;
- long pdiff,t;
-
- rndptr++;
- if (rndptr<NK) return ira[rndptr];
- rndptr=0;
- for (i=0,k=NK-NJ;i<NK;i++,k++)
- { /* calculate next NK values */
- if (k==NK) k=0;
- t=((long)ira[k])&0xffffffffL;
- pdiff=(t - (((long)ira[i])&0xffffffffL) - (long)borrow)&0xffffffffL;
- if (pdiff<t) borrow=0;
- if (pdiff>t) borrow=1;
- ira[i]=(int)(pdiff&0xffffffffL);
- }
-
- return ira[0];
- }
-
- public void sirand(int seed)
- {
- int i,in;
- int t,m=1;
- borrow=0;
- rndptr=0;
- ira[0]^=seed;
- for (i=1;i<NK;i++)
- { /* fill initialisation vector */
- in=(NV*i)%NK;
- ira[in]^=m; /* note XOR */
- t=m;
- m=seed-m;
- seed=t;
- }
- for (i=0;i<10000;i++) sbrand(); /* "warm-up" & stir the generator */
- }
-
- private void fill_pool()
- {
- HASH sh=new HASH();
- for (int i=0;i<128;i++) sh.process(sbrand());
- pool=sh.hash();
- pool_ptr=0;
- }
-
- private static int pack(byte[] b)
- { /* pack 4 bytes into a 32-bit Word */
- return ((((int)b[3])&0xff)<<24)|(((int)b[2]&0xff)<<16)|(((int)b[1]&0xff)<<8)|((int)b[0]&0xff);
- }
-
-/* Initialize RNG with some real entropy from some external source */
- public void seed(int rawlen,byte[] raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- int i;
- byte [] digest;
- byte [] b=new byte[4];
- HASH sh=new HASH();
- pool_ptr=0;
- for (i=0;i<NK;i++) ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
-
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- sirand(pack(b));
- }
- }
- fill_pool();
- }
-
-/* Terminate and clean up */
- public void clean()
- { /* kill internal state */
- int i;
- pool_ptr=rndptr=0;
- for (i=0;i<32;i++) pool[i]=0;
- for (i=0;i<NK;i++) ira[i]=0;
- borrow=0;
- }
-
-/* get random byte */
- public int getByte()
- {
- int r;
- r=pool[pool_ptr++];
- if (pool_ptr>=32) fill_pool();
- return (r&0xff);
- }
-
-/* test main program */
-/*
- public static void main(String[] args) {
- int i;
- byte[] raw=new byte[100];
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) raw[i]=(byte)i;
-
- rng.seed(100,raw);
-
- for (i=0;i<1000;i++)
- System.out.format("%03d ",rng.getByte());
- } */
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/ROM.java
----------------------------------------------------------------------
diff --git a/java64/ROM.java b/java64/ROM.java
deleted file mode 100755
index 4dc4bd4..0000000
--- a/java64/ROM.java
+++ /dev/null
@@ -1,381 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-public class ROM
-{
-/* Don't Modify from here... */
- public static final int NOT_SPECIAL=0;
- public static final int PSEUDO_MERSENNE=1;
- public static final int MONTGOMERY_FRIENDLY=2;
- public static final int WEIERSTRASS=0;
- public static final int EDWARDS=1;
- public static final int MONTGOMERY=2;
-/* ...to here */
-
-/*** Enter Some Field details here ***/
-// BN Curve
- public static final int MODBITS=254; /* Number of bits in Modulus */
- public static final int MOD8=3; /* Modulus mod 8 */
-// Curve 25519
-// public static final int MODBITS=255;
-// public static final int MOD8=5;
-// NIST256 or Brainpool
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MF254
-// public static final int MODBITS=254;
-// public static final int MOD8=7;
-// MS255
-//public static final int MODBITS= 255;
-//public static final int MOD8= 3;
-// MF256
-// public static final int MODBITS=256;
-// public static final int MOD8=7;
-// MS256
-//public static final int MODBITS= 256;
-//public static final int MOD8= 3;
-// ANSSI
-// public static final int MODBITS= 256;
-// public static final int MOD8= 3;
-
-/* Don't Modify from here... */
- public static final int NLEN=5;
- public static final int CHUNK=64;
- public static final int DNLEN=2*NLEN;
- public static final int BASEBITS=56;
- public static final long MASK=(((long)1<<BASEBITS)-1);
- public static final int HBITS=BASEBITS/2;
- public static final long HMASK=(((long)1<<HBITS)-1);
- public static final int MODBYTES=32;
- public static final int NEXCESS =((int)1<<(CHUNK-BASEBITS-1));
- public static final long FEXCESS =((long)1<<(BASEBITS*NLEN-MODBITS));
- public static final long OMASK=(long)(-1)<<(MODBITS%BASEBITS);
- public static final int TBITS=MODBITS%BASEBITS; // Number of active bits in top word
- public static final long TMASK=((long)1<<TBITS)-1;
-/* ...to here */
-
-/* Finite field support - for RSA, DH etc. */
- public static final int FF_BITS=2048; /* Finite Field Size in bits - must be 256.2^n */
- public static final int FFLEN=(FF_BITS/256);
- public static final int HFLEN=(FFLEN/2); /* Useful for half-size RSA private key operations */
-
-
-// START SPECIFY FIELD DETAILS HERE
-//*********************************************************************************
-// Curve25519 Modulus
-// public static final int MODTYPE=PSEUDO_MERSENNE;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFEDL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-// public static final long MConst=0x13L;
-
-
-// NIST-256 Curve
-// public static final int MODTYPE=NOT_SPECIAL;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFL,0x0L,0x1000000L,0xFFFFFFFFL};
-// public static final long MConst=0x1L;
-
-// MF254 Modulus
-// public static final int MODTYPE=MONTGOMERY_FRIENDLY;
-// public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-// public static final long MConst=0x3F810000L;
-
-// MS255 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFD03L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long MConst=0x2FDL;
-
-// MS256 Modulus
-//public static final int MODTYPE= 1;
-//public static final long[] Modulus= {0xFFFFFFFFFFFF43L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long MConst=0xBDL;
-
-// MF256 Modulus
-//public static final int MODTYPE= 2;
-//public static final long[] Modulus= {0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long MConst=0xFFA80000L;
-
-// Brainpool
-// public static final int MODTYPE= NOT_SPECIAL;
-// public static final long[] Modulus= {0x13481D1F6E5377L,0xF623D526202820L,0x909D838D726E3BL,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long MConst=0xA75590CEFD89B9L;
-
-// ANSSI
-// public static final int MODTYPE= 0;
-// public static final long[] Modulus= {0xFCF353D86E9C03L,0xADBCABC8CA6DE8L,0xE8CE42435B3961L,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long MConst=0x97483A164E1155L;
-
-// BNCX Curve Modulus
-public static final int MODTYPE=NOT_SPECIAL;
-public static final long[] Modulus= {0x6623EF5C1B55B3L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
-public static final long MConst=0x4E205BF9789E85L;
-
-// BN Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0x13L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-//public static final long MConst=0x435E50D79435E5L;
-
-// BNT Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0x9DBBFEEEB4A713L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-//public static final long MConst=0xC5A872D914C4E5L;
-
-// BNT2 Curve
-//public static final int MODTYPE=NOT_SPECIAL;
-//public static final long[] Modulus= {0xB2DC2BB460A48BL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
-//public static final long MConst=0xFE6A47A6505CDDL;
-
-// START SPECIFY CURVE DETAILS HERE
-//*********************************************************************************
-
-// Ed25519 Curve
-// public static final int CURVETYPE=EDWARDS;
-// public static final int CURVE_A = -1;
-// public static final long[] CURVE_B = {0xEB4DCA135978A3L,0xA4D4141D8AB75L,0x797779E8980070L,0x2B6FFE738CC740L,0x52036CEEL};
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x562D608F25D51AL,0xC7609525A7B2C9L,0x31FDD6DC5C692CL,0xCD6E53FEC0A4E2L,0x216936D3L};
-// public static final long[] CURVE_Gy ={0x66666666666658L,0x66666666666666L,0x66666666666666L,0x66666666666666L,0x66666666L};
-
-// Original Curve25519
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =486662;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x12631A5CF5D3EDL,0xF9DEA2F79CD658L,0x14DEL,0x0L,0x10000000L};
-// public static final long[] CURVE_Gx ={0x9L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// NIST-256 Curve
-// public static final int CURVETYPE=WEIERSTRASS;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xCE3C3E27D2604BL,0x6B0CC53B0F63BL,0x55769886BC651DL,0xAA3A93E7B3EBBDL,0x5AC635D8L};
-// public static final long[] CURVE_Order={0xB9CAC2FC632551L,0xFAADA7179E84F3L,0xFFFFFFFFFFBCE6L,0xFFFFFFL,0xFFFFFFFFL};
-// public static final long[] CURVE_Gx ={0xA13945D898C296L,0x7D812DEB33A0F4L,0xE563A440F27703L,0xE12C4247F8BCE6L,0x6B17D1F2L};
-// public static final long[] CURVE_Gy ={0xB6406837BF51F5L,0x33576B315ECECBL,0x4A7C0F9E162BCEL,0xFE1A7F9B8EE7EBL,0x4FE342E2L};
-
-// MF254 Modulus, Weierstrass Curve w-254-mont
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFD08DL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Order={0xA419C4AF8DF83FL,0x8BEA0DA375C06FL,0xFFFFFFFFFFEB81L,0xFFFFFFFFFFFFFFL,0x3F80FFFFL};
-//public static final long[] CURVE_Gx ={0x2L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x65DF37F90D4EBCL,0x38E3F8511931ADL,0x75BD778AEBDFB7L,0x3B2E56014AE15AL,0x140E3FD3L};
-
-// MF254 Modulus, Edwards Curve ed-254-mont
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x367BL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x52D0FDAF2701E5L,0x9A840E3212187CL,0xD502363F4E3632L,0xD6A4C335951D00L,0x19F0E690L};
-
-// MF254 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-55790;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xF3D3FEC46E98C7L,0x306C8BD62FB0EAL,0xFFFFFFFFFFEB95L,0xFFFFFFFFFFFFFFL,0xFE03FFFL};
-// public static final long[] CURVE_Gx ={0x3L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS255 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0xFFFFFFFFFFAB46L,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Order={0x8FAC983C594AEBL,0x38283AD2B3DFABL,0xFFFFFFFFFF864AL,0xFFFFFFFFFFFFFFL,0x7FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x33FF6769CB44BAL,0xC78CDDFDA60D17L,0xF9B2FF7D177DB6L,0xEDBA7833921EBFL,0x6F7A6AC0L};
-
-// MS255 Modulus, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0xEA97L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-//public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x2A255BD08736A0L,0x4B8AED445A45BAL,0xDD8E0C47E55291L,0x4A7BB545EC254CL,0x26CB7853L};
-
-// MS255 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-240222;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0x49D1ED0436EB75L,0xA785EDA6832EACL,0xFFFFFFFFFFDCF1L,0xFFFFFFFFFFFFFFL,0x1FFFFFFFL};
-// public static final long[] CURVE_Gx ={0x4L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MS256, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x25581L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xAB20294751A825L,0x8275EA265C6020L,0xFFFFFFFFFFE43CL,0xFFFFFFFFFFFFFFL,0xFFFFFFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xF46306C2B56C77L,0x2F9375894EC10BL,0x6CCEEEDD6BD02CL,0xC1E466D7FC82C9L,0x696F1853L};
-
-// MS256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x3BEEL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-//public static final long[] CURVE_Gx ={0xDL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7F6FB5331CADBAL,0x6D63824D303F70L,0xB39FA046BFBE2AL,0x2A1276DBA3D330L,0x7D0AB41EL};
-
-// MS256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-61370;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xB84E6F1122B4ADL,0xA55AD0A6BC64E5L,0xFFFFFFFFFFBE6AL,0xFFFFFFFFFFFFFFL,0x3FFFFFFFL};
-// public static final long[] CURVE_Gx ={0xbL,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-// MF256 Modulus, Weierstrass Curve
-//public static final int CURVETYPE= 0;
-//public static final int CURVE_A = -3;
-//public static final long[] CURVE_B = {0x14E6AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0x10C5E1A79857EBL,0x7513E6E5074B9DL,0xFFFFFFFFFFFC51L,0xFFFFFFFFFFFFFFL,0xFFA7FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0x7954C2B724D2AL,0x47EB8D94DC6610L,0x26123DAE289569L,0xBE1808CE7BABBAL,0x20887C87L};
-
-// MF256, Edwards Curve
-//public static final int CURVETYPE= 1;
-//public static final int CURVE_A = -1;
-//public static final long[] CURVE_B = {0x350AL,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-//public static final long[] CURVE_Gx ={0x1L,0x0L,0x0L,0x0L,0x0L};
-//public static final long[] CURVE_Gy ={0xEAA722F2F3C908L,0x5E648DFEA68D7DL,0xF3DB2C1AACA0C0L,0xF8CC4D5AEAEBEEL,0xDAD8D4F8L};
-
-// MF256 Modulus, Montgomery Curve
-// public static final int CURVETYPE=MONTGOMERY;
-// public static final int CURVE_A =-54314;
-// public static final long[] CURVE_B = {0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-// public static final long[] CURVE_Order={0xD92EDED8EC7BABL,0xBBAFB86733C966L,0xFFFFFFFFFFB154L,0xFFFFFFFFFFFFFFL,0x3FE9FFFFL};
-// public static final long[] CURVE_Gx ={0x8L,0x0L,0x0L,0x0L,0x0L};
-// public static final long[] CURVE_Gy ={0x0L,0x0L,0x0L,0x0L,0x0L}; // not used
-
-
-
-// Brainpool
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0xE58101FEE92B04L,0xEBC4AF2F49256AL,0x733D0B76B7BF93L,0x30D84EA4FE66A7L,0x662C61C4L};
-// public static final long[] CURVE_Order={0x1E0E82974856A7L,0x7AA3B561A6F790L,0x909D838D718C39L,0xA1EEA9BC3E660AL,0xA9FB57DBL};
-// public static final long[] CURVE_Gx ={0xA191562E1305F4L,0x42C47AAFBC2B79L,0xB23A656149AFA1L,0xC1CFE7B7732213L,0xA3E8EB3CL};
-// public static final long[] CURVE_Gy ={0xABE8F35B25C9BEL,0xB6DE39D027001DL,0xE14644417E69BCL,0x3439C56D7F7B22L,0x2D996C82L};
-
-// ANSSI
-// public static final int CURVETYPE= 0;
-// public static final int CURVE_A = -3;
-// public static final long[] CURVE_B = {0x75ED967B7BB73FL,0xC9AE4B1A18030L,0x754A44C00FDFECL,0x5428A9300D4ABAL,0xEE353FCAL};
-// public static final long[] CURVE_Order={0xFDD459C6D655E1L,0x67E140D2BF941FL,0xE8CE42435B53DCL,0xB3AD58F10126DL,0xF1FD178CL};
-// public static final long[] CURVE_Gx ={0xC97A2DD98F5CFFL,0xD2DCAF98B70164L,0x4749D423958C27L,0x56C139EB31183DL,0xB6B3D4C3L};
-// public static final long[] CURVE_Gy ={0x115A1554062CFBL,0xC307E8E4C9E183L,0xF0F3ECEF8C2701L,0xC8B204911F9271L,0x6142E0F7L};
-
-// BNCX Curve
-
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0x11C0A636EB1F6DL,0xD6EE0CC906CEBEL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L};
- public static final long[] CURVE_Bnx={0x3C012B1L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0xE0931794235C97L,0xDF6471EF875631L,0xCA83F1440BDL,0x480000L,0x0L};
- public static final long[] CURVE_Fra={0xD9083355C80EA3L,0x7326F173F8215BL,0x8AACA718986867L,0xA63A0164AFE18BL,0x1359082FL};
- public static final long[] CURVE_Frb={0x8D1BBC06534710L,0x63C7269546C062L,0xD9CDBC4E3ABBD8L,0x623628A900DC53L,0x10A6F7D0L};
- public static final long[] CURVE_Pxa={0x851CEEE4D2EC74L,0x85BFA03E2726C0L,0xF5C34BBB907CL,0x7053B256358B25L,0x19682D2CL};
- public static final long[] CURVE_Pxb={0xA58E8B2E29CFE1L,0x97B0C209C30F47L,0x37A8E99743F81BL,0x3E19F64AA011C9L,0x1466B9ECL};
- public static final long[] CURVE_Pya={0xFBFCEBCF0BE09FL,0xB33D847EC1B30CL,0x157DAEE2096361L,0x72332B8DD81E22L,0xA79EDD9L};
- public static final long[] CURVE_Pyb={0x904B228898EE9DL,0x4EA569D2EDEBEDL,0x512D8D3461C286L,0xECC4C09035C6E4L,0x6160C39L};
- public static final long[] CURVE_Gx ={0x6623EF5C1B55B2L,0xD6EE18093EE1BEL,0x647A6366D3243FL,0x8702A0DB0BDDFL,0x24000000L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0x546349162FEB83L,0xB40381200L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0x5463491DB010E4L,0xB40381280L,0x6000L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0xBD5D5D20BB33EAL,0xD6EE0188CEBCBDL,0x647A6366D2643FL,0x8702A0DB0BDDFL,0x24000000L}}};
- public static final long[][] CURVE_WB={{0x1C2118567A84B0L,0x3C012B040L,0x2000L,0x0L,0x0L},{0xCDF995BE220475L,0x94EDA8CA7F9A36L,0x8702A0DC07EL,0x300000L,0x0L},{0x66FCCAE0F10B93L,0x4A76D4653FCD3BL,0x4381506E03FL,0x180000L,0x0L},{0x1C21185DFAAA11L,0x3C012B0C0L,0x2000L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x7802562L,0x80L,0x0L,0x0L,0x0L}},{{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBDL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x11C0A6332B0CBCL,0xD6EE0CC906CE7EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L}},{{0x7802562L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L},{0x7802561L,0x80L,0x0L,0x0L,0x0L}},{{0x3C012B2L,0x40L,0x0L,0x0L,0x0L},{0xF004AC2L,0x100L,0x0L,0x0L,0x0L},{0x11C0A62F6AFA0AL,0xD6EE0CC906CE3EL,0x647A6366D2C43FL,0x8702A0DB0BDDFL,0x24000000L},{0x3C012B2L,0x40L,0x0L,0x0L,0x0L}}};
-
- public static final boolean USE_GLV =true;
- public static final boolean USE_GS_G2 =true;
- public static final boolean USE_GS_GT =true;
- public static final boolean GT_STRONG=true;
-
-// BNT Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Order={0x75777E8D30210DL,0xD43492B2CB363AL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Bnx={0x806000004081L,0x40L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cru={0xEB53D5AB4FCD87L,0x82A5F2BAB11FADL,0x47651504C9764CL,0x4801B1L,0x0L};
-public static final long[] CURVE_Fra={0xF5D14EADC80022L,0x4904D6FACCE359L,0xF190A13211BE6CL,0xC9BBC4394F6509L,0x1328A292L};
-public static final long[] CURVE_Frb={0xA7EAB040ECA6F1L,0xC513DF997D764L,0x450657A3DEB01EL,0x9B5B3D15AAA6A1L,0x10D87E48L};
-public static final long[] CURVE_Pxa={0x8987E2288E65BBL,0xAD1CAA6313BEL,0x325041548B7CCCL,0x4C1339EBCC055L,0x14483FCDL};
-public static final long[] CURVE_Pxb={0x67888808DBE2C0L,0x7FE1F81E34853AL,0xA631A51B57B95L,0x384EC302DA3FC5L,0x87F46B3L};
-public static final long[] CURVE_Pya={0x202C47E020CA1DL,0xB4167E8399F36CL,0xC6E5439F72C94CL,0x102B0BD74A2C69L,0x14E8C29CL};
-public static final long[] CURVE_Pyb={0xD8437C716628F2L,0x27E167BCB7DC6BL,0xA82C7572681D0AL,0x62454BD1EDEC18L,0x17AFE2A4L};
-public static final long[] CURVE_Gx ={0x9DBBFEEEB4A712L,0x555614F464BABEL,0x3696F8D5F06E8AL,0x6517014EFA0BABL,0x240120DBL};
-public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[][] CURVE_W={{0x26430061838403L,0x81218241998384L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}};
-public static final long[][][] CURVE_SB={{{0x2743C061840504L,0x81218241998404L,0x6001L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x4F347E2BAC9D0AL,0x5313107131B2B6L,0x3696F8D5EFAE87L,0x6517014EFA0BABL,0x240120DBL}}};
-public static final long[][] CURVE_WB={{0x6140602080C080L,0x806080C08880C1L,0x2000L,0x0L,0x0L},{0xB53904088C4A85L,0xAD2FA352DC6C36L,0xDA436358868EDEL,0x300120L,0x0L},{0x5ADCB204464583L,0x5697D1A96E363BL,0x6D21B1AC43476FL,0x180090L,0x0L},{0x62412020814181L,0x806080C0888141L,0x2000L,0x0L,0x0L}};
-public static final long[][][] CURVE_BB={{{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x100C000008102L,0x80L,0x0L,0x0L,0x0L}},{{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08DL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x74F71E8D2FE08CL,0xD43492B2CB35FAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL}},{{0x100C000008102L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L},{0x100C000008101L,0x80L,0x0L,0x0L,0x0L}},{{0x806000004082L,0x40L,0x0L,0x0L,0x0L},{0x2018000010202L,0x100L,0x0L,0x0L,0x0L},{0x7476BE8D2FA00AL,0xD43492B2CB35BAL,0x3696F8D5F00E88L,0x6517014EFA0BABL,0x240120DBL},{0x806000004082L,0x40L,0x0L
,0x0L,0x0L}}};
-
-*/
-
-// BNT2 Curve
-/*
- public static final int CURVETYPE=WEIERSTRASS;
- public static final int CURVE_A = 0;
- public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Order={0xFB71A511AA2BF5L,0x8DE127B73833D7L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Bnx={0x20100608205L,0x40L,0x0L,0x0L,0x0L};
- public static final long[] CURVE_Cru={0x5027444866BD33L,0x5B773016470EFBL,0xC3617BECF23675L,0x480006L,0x0L};
- public static final long[] CURVE_Fra={0xB268C973AEF062L,0xC69B33C3BCE492L,0xF67FA37F195BBCL,0x29E8CAB6BD0A41L,0x124E0B8DL};
- public static final long[] CURVE_Frb={0x736240B1B429L,0xCD48F52D196D56L,0x18BBE650E72612L,0x17268FF6FA43DEL,0x11B1F8F5L};
- public static final long[] CURVE_Pxa={0xCC92399F40A3C8L,0xCDA4E96611784AL,0x7B056961706B35L,0x9693C6318279D7L,0x16FC17CFL};
- public static final long[] CURVE_Pxb={0x557A8AD8549540L,0x6F7BE6F6510610L,0x565907A95D17DBL,0xBD5975909C8188L,0x1EB5B500L};
- public static final long[] CURVE_Pya={0x7BECC514220513L,0x4A78860E737B14L,0x51B83935F12684L,0x761422AA9D4DFAL,0x1E8EE498L};
- public static final long[] CURVE_Pyb={0xB9328F577CE78EL,0xB746E26FA5781FL,0xA93DBC1FB8E27EL,0xBAE33BDBA29D76L,0x23CEF4CDL};
- public static final long[] CURVE_Gx ={0xB2DC2BB460A48AL,0x93E428F0D651E8L,0xF3B89D00081CFL,0x410F5AADB74E20L,0x24000482L};
- public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
- public static final long[][] CURVE_W={{0xB76282A1347083L,0x60301399E1D10L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}};
- public static final long[][][] CURVE_SB={{{0xB76684A1F5748CL,0x60301399E1D90L,0x6000L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x440F227075BB72L,0x87DE267D9A16C7L,0xF3B89CFFFC1CFL,0x410F5AADB74E20L,0x24000482L}}};
- public static final long[][] CURVE_WB={{0x9272D48A70A224L,0x20100688A0945L,0x2000L,0x0L,0x0L},{0x5A572CF030EF19L,0x9651763543721DL,0x8240FD48A1B9A3L,0x300004L,0x0L},{0xAD2C96F848B88FL,0xCB28BB1AA1B92EL,0x41207EA450DCD1L,0x180002L,0x0L},{0x9276D68B31A62DL,0x20100688A09C5L,0x2000L,0x0L,0x0L}};
- public static final long[][][] CURVE_BB={{{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L}},{{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F1L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0xFB6FA41149A9F0L,0x8DE127B7383397L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L}},{{0x40200C1040AL,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L},{0x40200C10409L,0x80L,0x0L,0x0L,0x0L}},{{0x20100608206L,0x40L,0x0L,0x0L,0x0L},{0x80401820812L,0x100L,0x0L,0x0L,0x0L},{0xFB6DA310E927EAL,0x8DE127B7383357L,0xF3B89D00021CFL,0x410F5AADB74E20L,0x24000482L},{0x20100608206L,0x40L,0x0L,0x0L,0x0L}}};
-*/
-
-// BN Curve
-/*
-public static final int CURVETYPE=WEIERSTRASS;
-public static final int CURVE_A = 0;
-public static final long[] CURVE_B = {0x2L,0x0L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Order={0xDL,0x800000000010A1L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L};
-public static final long[] CURVE_Bnx={0x80000000000001L,0x40L,0x0L,0x0L,0x0L};
-public static final long[] CURVE_Cru={0x80000000000007L,0x6CDL,0x40000000024909L,0x49B362L,0x0L};
-public static final long[] CURVE_Fra={0x7DE6C06F2A6DE9L,0x74924D3F77C2E1L,0x50A846953F8509L,0x212E7C8CB6499BL,0x1B377619L};
-public static final long[] CURVE_Frb={0x82193F90D5922AL,0x8B6DB2C08850C5L,0x2F57B96AC8DC17L,0x1ED1837503EAB2L,0x9EBEE69L};
-public static final long[] CURVE_Pxa={0xAB2C7935FD0CB4L,0xE319E4FCC57C2BL,0x24F6DF763B05A5L,0xF55EA7EA335FB7L,0x95B04D4L};
-public static final long[] CURVE_Pxb={0xA07D0790962455L,0x86BE3D27AA5E38L,0x89E05747F39D6DL,0xC08347B49D42BFL,0x5D4D8A7L};
-public static final long[] CURVE_Pya={0xADCE687A08A46CL,0x2B30E98A4191F9L,0x4C3784B1F16908L,0x25E5313FA16D1CL,0xABF2ABFL};
-public static final long[] CURVE_Pyb={0xDF88D405F306ECL,0x82076ADD13A0E6L,0x1E47819D6A5C04L,0xE679DABDB38627L,0x18769A87L};
-public static final long[] CURVE_Gx ={0x12L,0x13A7L,0x80000000086121L,0x40000001BA344DL,0x25236482L};
-public static final long[] CURVE_Gy ={0x1L,0x0L,0x0L,0x0L,0x0L};
-public static final long[][] CURVE_W={{0x3L,0x80000000000204L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}};
-public static final long[][][] CURVE_SB={{{0x4L,0x80000000000285L,0x6181L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0xAL,0xE9DL,0x80000000079E1EL,0x40000001BA344DL,0x25236482L}}};
-public static final long[][] CURVE_WB={{0x80000000000000L,0x80000000000040L,0x2080L,0x0L,0x0L},{0x80000000000005L,0x54AL,0x8000000001C707L,0x312241L,0x0L},{0x80000000000003L,0x800000000002C5L,0xC000000000E383L,0x189120L,0x0L},{0x80000000000001L,0x800000000000C1L,0x2080L,0x0L,0x0L}};
-public static final long[][][] CURVE_BB={{{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x2L,0x81L,0x0L,0x0L,0x0L}},{{0x1L,0x81L,0x0L,0x0L,0x0L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000DL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x8000000000000CL,0x80000000001060L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L}},{{0x2L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L},{0x1L,0x81L,0x0L,0x0L,0x0L}},{{0x80000000000002L,0x40L,0x0L,0x0L,0x0L},{0x2L,0x102L,0x0L,0x0L,0x0L},{0xAL,0x80000000001020L,0x8000000007FF9FL,0x40000001BA344DL,0x25236482L},{0x80000000000002L,0x40L,0x0L,0x0L,0x0L}}};
-
-*/
-
-// public static boolean debug=false;
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/RSA.java
----------------------------------------------------------------------
diff --git a/java64/RSA.java b/java64/RSA.java
deleted file mode 100755
index 4ce597c..0000000
--- a/java64/RSA.java
+++ /dev/null
@@ -1,319 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API high-level functions */
-
-final class rsa_private_key
-{
- public FF p,q,dp,dq,c;
-
- public rsa_private_key(int n)
- {
- p=new FF(n);
- q=new FF(n);
- dp=new FF(n);
- dq=new FF(n);
- c=new FF(n);
- }
-}
-
-final class rsa_public_key
-{
- public int e;
- public FF n;
-
- public rsa_public_key(int m)
- {
- e=0;
- n=new FF(m);
- }
-}
-
-public final class RSA {
-
- public static final int RFS=ROM.MODBYTES*ROM.FFLEN;
-
-/* generate an RSA key pair */
-
- public static void KEY_PAIR(RAND rng,int e,rsa_private_key PRIV,rsa_public_key PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
- int n=PUB.n.getlen()/2;
- FF t = new FF(n);
- FF p1=new FF(n);
- FF q1=new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng))
- PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng))
- PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
-
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()==0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()==0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
-
-/* Mask Generation Function */
-
- public static void MGF1(byte[] Z,int olen,byte[] K)
- {
- HASH H=new HASH();
- int hlen=HASH.len;
- byte[] B=new byte[hlen];
-
- int counter,cthreshold,k=0;
- for (int i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=olen/hlen; if (olen%hlen!=0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter);
- B=H.hash();
-
- if (k+hlen>olen) for (int i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (int i=0;i<hlen;i++) K[k++]=B[i];
- }
- }
-
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- /* OAEP Message Encoding for Encryption */
- public static byte[] OAEP_ENCODE(byte[] m,RAND rng,byte[] p)
- {
- int i,slen,olen=RFS-1;
- int mlen=m.length;
- int hlen,seedlen;
- byte[] f=new byte[RFS];
-
- HASH H=new HASH();
- hlen=HASH.len;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) return new byte[0];
-
- byte[] DBMASK=new byte[olen-seedlen];
-
- if (p!=null) H.process_array(p);
- byte[] h=H.hash();
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=(byte)rng.getByte();
- MGF1(SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
- MGF1(DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- int d=1;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- public static byte[] OAEP_DECODE(byte[] p,byte[] f)
- {
- int x,t;
- boolean comp;
- int i,k,olen=RFS-1;
- int hlen,seedlen;
-
- HASH H=new HASH();
- hlen=HASH.len;
- byte[] SEED=new byte[hlen];
- seedlen=hlen;
- byte[] CHASH=new byte[hlen];
-
- if (olen<seedlen+hlen+1) return new byte[0];
- byte[] DBMASK=new byte[olen-seedlen];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RFS)
- {
- int d=RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- if (p!=null) H.process_array(p);
- byte[] h=H.hash();
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- MGF1(DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- MGF1(SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return new byte[0];
- if (DBMASK[k]!=0) break;
- }
-
- t=DBMASK[k];
- if (!comp || x!=0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return new byte[0];
- }
-
- byte[] r=new byte[olen-seedlen-hlen-k-1];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- }
-
- /* destroy the Private Key structure */
- public static void PRIVATE_KEY_KILL(rsa_private_key PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
-
- /* RSA encryption with the public key */
- public static void ENCRYPT(rsa_public_key PUB,byte[] F,byte[] G)
- {
- int n=PUB.n.getlen();
- FF f=new FF(n);
-
- FF.fromBytes(f,F);
- f.power(PUB.e,PUB.n);
- f.toBytes(G);
- }
-
- /* RSA decryption with the private key */
- public static void DECRYPT(rsa_private_key PRIV,byte[] G,byte[] F)
- {
- int n=PRIV.p.getlen();
- FF g=new FF(2*n);
-
- FF.fromBytes(g,G);
- FF jp=g.dmod(PRIV.p);
- FF jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- FF t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestECDH.java
----------------------------------------------------------------------
diff --git a/java64/TestECDH.java b/java64/TestECDH.java
deleted file mode 100755
index 3027f12..0000000
--- a/java64/TestECDH.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
-
-public class TestECDH
-{
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args)
- {
- int i,j=0,res;
- int result;
- String pp=new String("M0ng00se");
-
- int EGS=ECDH.EGS;
- int EFS=ECDH.EFS;
- int EAS=AES.KS;
-
- byte[] S1=new byte[EGS];
- byte[] W0=new byte[2*EFS+1];
- byte[] W1=new byte[2*EFS+1];
- byte[] Z0=new byte[EFS];
- byte[] Z1=new byte[EFS];
- byte[] RAW=new byte[100];
- byte[] SALT=new byte[8];
- byte[] P1=new byte[3];
- byte[] P2=new byte[4];
- byte[] V=new byte[2*EFS+1];
- byte[] M=new byte[17];
- byte[] T=new byte[12];
- byte[] CS=new byte[EGS];
- byte[] DS=new byte[EGS];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt
-
- System.out.println("Alice's Passphrase= "+pp);
- byte[] PW=pp.getBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- System.out.print("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- System.out.print("Alice's public key= 0x");
- printBinary(W0);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- {
- System.out.println("ECP Public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- System.out.print("Servers private key= 0x");
- printBinary(S1);
-
- System.out.print("Servers public key= 0x");
- printBinary(W1);
-
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- {
- System.out.print("ECP Public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- boolean same=true;
- for (i=0;i<EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- {
- System.out.println("*** ECPSVDP-DH Failed");
- return;
- }
-
- byte[] KEY=ECDH.KDF1(Z0,EAS);
-
- System.out.print("Alice's DH Key= 0x"); printBinary(KEY);
- System.out.print("Servers DH Key= 0x"); printBinary(KEY);
-
- System.out.println("Testing ECIES");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=(byte)i;
-
- byte[] C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T);
-
- System.out.println("Ciphertext= ");
- System.out.print("V= 0x"); printBinary(V);
- System.out.print("C= 0x"); printBinary(C);
- System.out.print("T= 0x"); printBinary(T);
-
-
- M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1);
- if (M.length==0)
- {
- System.out.println("*** ECIES Decryption Failed\n");
- return;
- }
- else System.out.println("Decryption succeeded");
-
- System.out.print("Message is 0x"); printBinary(M);
-
- System.out.println("Testing ECDSA");
-
- if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Signature Failed");
- return;
- }
- System.out.println("Signature= ");
- System.out.print("C= 0x"); printBinary(CS);
- System.out.print("D= 0x"); printBinary(DS);
-
- if (ECDH.ECPVP_DSA(W0,M,CS,DS)!=0)
- {
- System.out.println("***ECDSA Verification Failed");
- return;
- }
- else System.out.println("ECDSA Signature/Verification succeeded "+j);
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestECM.java
----------------------------------------------------------------------
diff --git a/java64/TestECM.java b/java64/TestECM.java
deleted file mode 100755
index b0a07a1..0000000
--- a/java64/TestECM.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for ECDH API Function only - for use with Montgomery curves */
-
-public class TestECM
-{
- public static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args)
- {
- int i,j=0,res;
- int result;
- String pp=new String("M0ng00se");
-
- int EGS=ECDH.EGS;
- int EFS=ECDH.EFS;
- int EAS=AES.KS;
-
- byte[] S1=new byte[EGS];
- byte[] W0=new byte[2*EFS+1];
- byte[] W1=new byte[2*EFS+1];
- byte[] Z0=new byte[EFS];
- byte[] Z1=new byte[EFS];
- byte[] RAW=new byte[100];
- byte[] SALT=new byte[8];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(byte)(i+1); // set Salt
-
- System.out.println("Alice's Passphrase= "+pp);
- byte[] PW=pp.getBytes();
-
-/* private key S0 of size EGS bytes derived from Password and Salt */
-
- byte[] S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- System.out.print("Alice's private key= 0x");
- printBinary(S0);
-
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- System.out.print("Alice's public key= 0x");
- printBinary(W0);
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- {
- System.out.println("Alice's public Key is invalid!\n");
- return;
- }
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- System.out.print("Servers private key= 0x");
- printBinary(S1);
-
- System.out.print("Servers public key= 0x");
- printBinary(W1);
-
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- {
- System.out.print("Server's public Key is invalid!\n");
- return;
- }
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- boolean same=true;
- for (i=0;i<EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- {
- System.out.println("*** ECPSVDP-DH Failed");
- return;
- }
-
- byte[] KEY=ECDH.KDF1(Z0,EAS);
-
- System.out.print("Alice's DH Key= 0x"); printBinary(KEY);
- System.out.print("Servers DH Key= 0x"); printBinary(KEY);
-
-//}
-//System.out.println("Test Completed Successfully");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestMPIN.java
----------------------------------------------------------------------
diff --git a/java64/TestMPIN.java b/java64/TestMPIN.java
deleted file mode 100755
index f883a57..0000000
--- a/java64/TestMPIN.java
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for MPIN API Functions */
-
-import java.util.Date;
-import java.util.Scanner;
-
-public class TestMPIN
-{
- static boolean PERMITS=true;
- static boolean PINERROR=true;
- static boolean FULL=true;
- static boolean SINGLE_PASS=false;
-
- static void printBinary(byte[] array)
- {
- int i;
- for (i=0;i<array.length;i++)
- {
- System.out.printf("%02x", array[i]);
- }
- System.out.println();
- }
-
- public static void main(String[] args) {
- RAND rng=new RAND();
- byte[] raw=new byte[100];
- for (int i=0;i<100;i++) raw[i]=(byte)(i+1);
- rng.seed(100,raw);
-
- int EGS=MPIN.EGS;
- int EFS=MPIN.EFS;
- int G1S=2*EFS+1; /* Group 1 Size */
- int G2S=4*EFS; /* Group 2 Size */
- int EAS=16;
-
- byte[] S=new byte[EGS];
- byte[] SST = new byte[G2S];
- byte[] TOKEN = new byte[G1S];
- byte[] PERMIT = new byte[G1S];
- byte[] SEC = new byte[G1S];
- byte[] xID = new byte[G1S];
- byte[] xCID = new byte[G1S];
- byte[] X= new byte[EGS];
- byte[] Y= new byte[EGS];
- byte[] E=new byte[12*EFS];
- byte[] F=new byte[12*EFS];
- byte[] HID=new byte[G1S];
- byte[] HTID=new byte[G1S];
-
- byte[] G1=new byte[12*EFS];
- byte[] G2=new byte[12*EFS];
- byte[] R=new byte[EGS];
- byte[] Z=new byte[G1S];
- byte[] W=new byte[EGS];
- byte[] T=new byte[G1S];
- byte[] CK=new byte[EAS];
- byte[] SK=new byte[EAS];
-
-/* Trusted Authority set-up */
-
- MPIN.RANDOM_GENERATE(rng,S);
- System.out.print("Master Secret s: 0x"); printBinary(S);
-
- /* Create Client Identity */
- String IDstr = "testUser@miracl.com";
- byte[] CLIENT_ID = IDstr.getBytes();
-
- byte[] HCID=MPIN.HASH_ID(CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- System.out.print("Client ID= "); printBinary(CLIENT_ID);
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- System.out.print("Server Secret SS: 0x"); printBinary(SST);
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- System.out.print("Client Secret CS: 0x");
- printBinary(TOKEN);
-
-/* Client extracts PIN from secret to create Token */
- int pin=1234;
- System.out.println("Client extracts PIN= "+pin);
- int rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- System.out.println("FAILURE: EXTRACT_PIN rtn: " + rtn);
-
- System.out.print("Client Token TK: 0x");
- printBinary(TOKEN);
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
- int date;
- if (PERMITS)
- {
- date=MPIN.today();
- System.out.println("Date= "+date);
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT);
- System.out.print("Time Permit TP: 0x"); printBinary(PERMIT);
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- System.out.print("Encoded Time Permit TP: 0x"); printBinary(PERMIT);
- MPIN.DECODING(PERMIT);
- System.out.print("Decoded Time Permit TP: 0x"); printBinary(PERMIT);
- }
- else date=0;
-
- System.out.print("\nPIN= ");
- Scanner scan=new Scanner(System.in);
- pin=scan.nextInt();
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID =x .H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-IMPORTANT: To save space and time..
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
-
- byte[] pxID=xID;
- byte[] pxCID=xCID;
- byte[] pHID=HID;
- byte[] pHTID=HTID;
- byte[] pE=E;
- byte[] pF=F;
- byte[] pPERMIT=PERMIT;
- byte[] prHID;
-
- if (date!=0)
- {
-
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- pHID=null;
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (SINGLE_PASS)
- {
- System.out.println("MPIN Single Pass");
- int timeValue = MPIN.GET_TIME();
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- rtn=MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- System.out.println("FAILURE: SERVER rtn: " + rtn);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- System.out.println("MPIN Multi Pass");
- /* Send U=x.ID to server, and recreate secret from token and pin */
- rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_1 rtn: " + rtn);
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- System.out.println("FAILURE: CLIENT_2 rtn: " + rtn);
-
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = null */
-
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- System.out.println("FAILURE: SERVER_1 rtn: " + rtn);
- }
-
- if (rtn == MPIN.BAD_PIN)
- {
- System.out.println("Server says - Bad Pin. I don't know you. Feck off.\n");
- if (PINERROR)
- {
- int err=MPIN.KANGAROO(E,F);
- if (err!=0) System.out.format("(Client PIN is out by %d)\n",err);
- }
- return;
- }
- else System.out.println("Server says - PIN is good! You really are "+IDstr);
-
-
- if (FULL)
- {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- System.out.print("Client Key = 0x"); printBinary(CK);
-
- MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK);
- System.out.print("Server Key = 0x"); printBinary(SK);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/TestRSA.java
----------------------------------------------------------------------
diff --git a/java64/TestRSA.java b/java64/TestRSA.java
deleted file mode 100755
index 2c30155..0000000
--- a/java64/TestRSA.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* test driver and function exerciser for RSA API Functions */
-
-public class TestRSA
-{
-
- public static void main(String[] args)
- {
- int i;
- int RFS=RSA.RFS;
-
- String message="Hello World\n";
-
- rsa_public_key pub=new rsa_public_key(ROM.FFLEN);
- rsa_private_key priv=new rsa_private_key(ROM.HFLEN);
-
- byte[] ML=new byte[RFS];
- byte[] C=new byte[RFS];
- byte[] RAW=new byte[100];
-
- RAND rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=(byte)(i);
-
- rng.seed(100,RAW);
-//for (i=0;i<10;i++)
-//{
- System.out.println("Generating public/private key pair");
- RSA.KEY_PAIR(rng,65537,priv,pub);
-
- byte[] M=message.getBytes();
- System.out.print("Encrypting test string\n");
- byte[] E=RSA.OAEP_ENCODE(M,rng,null); /* OAEP encode message M to E */
-
- RSA.ENCRYPT(pub,E,C); /* encrypt encoded message */
- System.out.print("Ciphertext= 0x"); RSA.printBinary(C);
-
- System.out.print("Decrypting test string\n");
- RSA.DECRYPT(priv,C,ML);
- byte[] MS=RSA.OAEP_DECODE(null,ML); /* OAEP decode message */
-
- message=new String(MS);
- System.out.print(message);
-//}
- RSA.PRIVATE_KEY_KILL(priv);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/java64/readme.txt
----------------------------------------------------------------------
diff --git a/java64/readme.txt b/java64/readme.txt
deleted file mode 100644
index c4bd115..0000000
--- a/java64/readme.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-AMCL is very simple to build for Java. This version is optimal for a 64-bit
-Virtual Machine.
-
-First - decide the modulus type and curve type you want to use. Edit ROM.java
-where indicated. You might want to use one of the curves whose details are
-already in there.
-
-Three example API files are provided, MPIN.java which
-supports our M-Pin (tm) protocol, ECDH.java which supports elliptic
-curve key exchange, digital signature and public key crypto, and RSA.java
-which supports the RSA method. The first can be tested using the
-TestMPIN.java driver programs, the second can be tested using TestECDH.java
-and TestECM.java, and the third with TestRSA.java
-
-In the ROM.java file you must provide the curve constants. Several examples
-are provided there, if you are willing to use one of these.
-
-To help generate the ROM constants for your own curve some MIRACL helper
-programs are included. The program bngen.cpp generates the ROM details for a
-BN curve, and the program ecgen.cpp generates the ROM for EC curves.
-
-The program bigtobig.cpp converts a big number to the AMCL
-BIG format.
-
-Don't forget to delete all .class files before rebuilding projects.
-
-For a quick jumpstart:-
-
-del *.class
-javac TestMPIN.java
-java TestMPIN
-