You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:25 UTC
[20/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/swift/rsa.swift
----------------------------------------------------------------------
diff --git a/version22/swift/rsa.swift b/version22/swift/rsa.swift
deleted file mode 100644
index fd3fa84..0000000
--- a/version22/swift/rsa.swift
+++ /dev/null
@@ -1,400 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-//
-// rsa.swift
-//
-// Created by Michael Scott on 25/06/2015.
-// Copyright (c) 2015 Michael Scott. All rights reserved.
-//
-
-import Foundation
-
-/* RSA API high-level functions */
-
-final public class rsa_private_key {
- var p:FF
- var q:FF
- var dp:FF
- var dq:FF
- var c:FF
-
- public init(_ n: Int)
- {
- p=FF(n);
- q=FF(n);
- dp=FF(n);
- dq=FF(n);
- c=FF(n);
- }
-}
-
-final public class rsa_public_key
-{
- var e:Int
- var n:FF
-
- public init(_ m:Int)
- {
- e=0;
- n=FF(m);
- }
-}
-
-final public class RSA {
-
- static public let RFS=Int(ROM.MODBYTES*ROM.FFLEN)
- static public let SHA256=32
- static public let SHA384=48
- static public let SHA512=64
-
- static public let HASH_TYPE=SHA384
-
- /* Hash number (optional) and string to array size of Bigs */
-
- static private func hashit(_ sha:Int,_ A: [UInt8]?,_ n: Int32) -> [UInt8]
- {
- if sha==RSA.SHA256
- {
- let H=HASH256()
- if A != nil {H.process_array(A!)}
- if n >= 0 {H.process_num(n)}
- let R=H.hash()
- return R
- }
- if sha==RSA.SHA384
- {
- let H=HASH384()
- if A != nil {H.process_array(A!)}
- if n >= 0 {H.process_num(n)}
- let R=H.hash()
- return R
- }
- if sha==RSA.SHA512
- {
- let H=HASH512()
- if A != nil {H.process_array(A!)}
- if n >= 0 {H.process_num(n)}
- let R=H.hash()
- return R
- }
- return [UInt8]()
- }
-
- /* generate an RSA key pair */
-
- static public func KEY_PAIR(_ rng: RAND,_ e:Int,_ PRIV:rsa_private_key,_ PUB:rsa_public_key)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- let n=PUB.n.getlen()/2;
- let t = FF(n);
- let p1=FF(n);
- let q1=FF(n);
-
- while true
- {
-
- PRIV.p.random(rng);
- while PRIV.p.lastbits(2) != 3 {PRIV.p.inc(1)}
- while !FF.prime(PRIV.p,rng) {PRIV.p.inc(4)}
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if p1.cfactor(e) {continue}
- break;
- }
-
- while true
- {
- PRIV.q.random(rng);
- while PRIV.q.lastbits(2) != 3 {PRIV.q.inc(1)}
- while !FF.prime(PRIV.q,rng) {PRIV.q.inc(4)}
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if q1.cfactor(e) {continue}
-
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()==0) {PRIV.dp.add(t)}
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()==0) {PRIV.dq.add(t)}
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- }
- /* Mask Generation Function */
-
- static func MGF1(_ sha: Int,_ Z: [UInt8],_ olen:Int,_ K:inout [UInt8])
- {
- let hlen=sha
-
- var k=0;
- for i in 0 ..< K.count {K[i]=0}
-
- var cthreshold=Int32(olen/hlen); if (olen%hlen != 0) {cthreshold += 1}
- for counter:Int32 in 0 ..< cthreshold
- {
- var B=RSA.hashit(sha,Z,counter)
- if (k+hlen>olen) {for i in 0 ..< olen%hlen {K[k]=B[i]; k+=1}}
- else {for i in 0 ..< hlen {K[k]=B[i]; k+=1}}
- }
- }
-
- static public func printBinary(_ array: [UInt8])
- {
- for i in 0 ..< array.count
- {
- let h=String(array[i],radix:16)
- print("\(h)", terminator: "")
- }
- print("");
- }
-
- static let SHA256ID:[UInt8]=[0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20]
- static let SHA384ID:[UInt8]=[0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,0x00,0x04,0x30]
- static let SHA512ID:[UInt8]=[0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40]
-
- /* PKCS 1.5 padding of a message to be signed */
- static public func PKCS15(_ sha:Int,_ m:[UInt8],_ w:inout [UInt8])->Bool
- {
- let hlen=sha
- let olen=Int(ROM.FF_BITS/8)
- let idlen=19;
-
- if olen<idlen+hlen+10 {return false}
- let H=hashit(sha,m,-1)
- for i in 0 ..< w.count {w[i]=0}
-
- w[0]=0
- w[1]=1
- var i=2
- var j=0
-
- while j<olen-idlen-hlen-3
- {
- w[i]=0xff
- i+=1; j+=1
- }
- w[i]=0; i+=1;
-
- if hlen==RSA.SHA256
- {
- for j in 0 ..< idlen {w[i]=SHA256ID[j]; i+=1}
- }
- if hlen==RSA.SHA384
- {
- for j in 0 ..< idlen {w[i]=SHA384ID[j]; i+=1}
- }
- if hlen==RSA.SHA512
- {
- for j in 0 ..< idlen {w[i]=SHA512ID[j]; i+=1}
- }
-
- for j in 0 ..< hlen {w[i]=H[j];i+=1}
-
- return true
- }
-
-
- /* OAEP Message Encoding for Encryption */
- static public func OAEP_ENCODE(_ sha:Int,_ m:[UInt8],_ rng:RAND,_ p:[UInt8]?) -> [UInt8]
- {
- let olen=RFS-1;
- let mlen=m.count;
- var f=[UInt8](repeating: 0,count: RSA.RFS)
-
- let hlen=sha;
- var SEED=[UInt8](repeating: 0,count: hlen)
- let seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) {return [UInt8]()}
-
- var DBMASK=[UInt8](repeating: 0,count: olen-seedlen)
-
- var h=hashit(sha,p,-1)
- for i in 0 ..< hlen {f[i]=h[i]}
-
- let slen=olen-mlen-hlen-seedlen-1;
-
- for i in 0 ..< slen {f[hlen+i]=0}
- f[hlen+slen]=1;
- for i in 0 ..< mlen {f[hlen+slen+1+i]=m[i]}
-
- for i in 0 ..< seedlen {SEED[i]=rng.getByte()}
- RSA.MGF1(sha,SEED,olen-seedlen,&DBMASK)
-
- for i in 0 ..< olen-seedlen {DBMASK[i]^=f[i]}
- RSA.MGF1(sha,DBMASK,seedlen,&f)
-
- for i in 0 ..< seedlen {f[i]^=SEED[i]}
-
- for i in 0 ..< olen-seedlen {f[i+seedlen]=DBMASK[i]}
-
- /* pad to length RFS */
- let d:Int=1;
- for i in (d...RFS-1).reversed()
- {f[i]=f[i-d]}
- for i in 0...d-1
- {f[i]=0}
-
- return f;
- }
-
- /* OAEP Message Decoding for Decryption */
- static public func OAEP_DECODE(_ sha: Int,_ p: [UInt8]?,_ f:inout [UInt8]) -> [UInt8]
- {
- let olen=RFS-1
- var k:Int
- let hlen=sha
- var SEED=[UInt8](repeating: 0,count: hlen)
- let seedlen=hlen
- var CHASH=[UInt8](repeating: 0,count: hlen)
-
- if olen<seedlen+hlen+1 {return [UInt8()]}
- var DBMASK=[UInt8](repeating: 0,count: olen-seedlen)
- for i in 0 ..< olen-seedlen {DBMASK[i]=0}
-
- if (f.count<RFS)
- {
- let d=RFS-f.count;
- for i in (d...RFS-1).reversed()
- {f[i]=f[i-d]}
- for i in 0...d-1
- {f[i]=0}
-
- }
-
- var h=hashit(sha,p,-1)
- for i in 0 ..< hlen {CHASH[i]=h[i]}
-
- let x=f[0];
-
- for i in seedlen ..< olen
- {DBMASK[i-seedlen]=f[i+1]}
-
- RSA.MGF1(sha,DBMASK,seedlen,&SEED);
- for i in 0 ..< seedlen {SEED[i]^=f[i+1]}
- RSA.MGF1(sha,SEED,olen-seedlen,&f);
- for i in 0 ..< olen-seedlen {DBMASK[i]^=f[i]}
-
- var comp=true;
- for i in 0 ..< hlen
- {
- if (CHASH[i] != DBMASK[i]) {comp=false}
- }
-
- for i in 0 ..< olen-seedlen-hlen
- {DBMASK[i]=DBMASK[i+hlen]}
-
- for i in 0 ..< hlen
- {SEED[i]=0;CHASH[i]=0;}
-
- k=0
- while (true)
- {
- if (k>=olen-seedlen-hlen) {return [UInt8]()}
- if (DBMASK[k] != 0) {break}
- k+=1
- }
-
- let t=DBMASK[k];
- if (!comp || x != 0 || t != 0x01)
- {
- for i in 0 ..< olen-seedlen {DBMASK[i]=0}
- return [UInt8]()
- }
-
- var r=[UInt8](repeating: 0,count: olen-seedlen-hlen-k-1)
-
- for i in 0 ..< olen-seedlen-hlen-k-1
- {r[i]=DBMASK[i+k+1]}
-
- for i in 0 ..< olen-seedlen {DBMASK[i]=0}
-
- return r;
- }
- /* destroy the Private Key structure */
- static public func PRIVATE_KEY_KILL(_ PRIV: rsa_private_key)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- }
- /* RSA encryption with the public key */
- static public func ENCRYPT(_ PUB: rsa_public_key,_ F:[UInt8],_ G:inout [UInt8])
- {
- let n=PUB.n.getlen()
- let f=FF(n)
-
- FF.fromBytes(f,F)
- f.power(PUB.e,PUB.n)
- f.toBytes(&G)
- }
- /* RSA decryption with the private key */
- static public func DECRYPT(_ PRIV: rsa_private_key,_ G:[UInt8],_ F:inout [UInt8])
- {
- let n=PRIV.p.getlen()
- let g=FF(2*n)
-
- FF.fromBytes(g,G)
- let jp=g.dmod(PRIV.p)
- var jq=g.dmod(PRIV.q)
-
- jp.skpow(PRIV.dp,PRIV.p)
- jq.skpow(PRIV.dq,PRIV.q)
-
- g.zero()
- g.dscopy(jp)
- jp.mod(PRIV.q)
- if (FF.comp(jp,jq)>0) {jq.add(PRIV.q)}
- jq.sub(jp)
- jq.norm()
-
- var t=FF.mul(PRIV.c,jq)
- jq=t.dmod(PRIV.q)
-
- t=FF.mul(jq,PRIV.p)
- g.add(t);
- g.norm();
-
- g.toBytes(&F);
- }
-
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/amcl3.pdf
----------------------------------------------------------------------
diff --git a/version3/amcl3.pdf b/version3/amcl3.pdf
deleted file mode 100644
index de1249d..0000000
Binary files a/version3/amcl3.pdf and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/bestpair.cpp
----------------------------------------------------------------------
diff --git a/version3/bestpair.cpp b/version3/bestpair.cpp
deleted file mode 100644
index f3e47bd..0000000
--- a/version3/bestpair.cpp
+++ /dev/null
@@ -1,623 +0,0 @@
-//
-// Program to generate "best" BN, BLS12, BLS24 and BLS48 curves (with modulus p=3 mod 8)
-//
-// g++ -O2 bestpair.cpp zzn8.cpp zzn4.cpp zzn2.cpp zzn.cpp ecn8.cpp ecn4.cpp ecn2.cpp ecn.cpp big.cpp miracl.a -o bestpair.exe
-//
-// Further tests may be needed to ensure full satisfaction (e.g. twist security, even x, etc.)
-//
-// Note that finding curves that are both GT and G2 Strong, can take a while
-//
-// Suggestions:-
-// For AES-128 security: bestpair BLS12 64 3
-// For AES-192 security: bestpair BLS24 48 4
-// FOr AES-256 security: bestpair BLS48 32 4
-
-// Some possible rational points on y^2=x^3+b (x^3+b is a perfect square)
-// b=1, x=0, -1 or 2
-// b=2, x=-1
-// b=3, x=1
-// b=4, x=0
-// b=5, x=-1
-// b=8, x=-2, 1, 2
-// b=9, x=0, 3, 6, 40
-// b=10, x=-1
-// b=12, x=-2, 13
-
-// b=-1, x=1
-// b=-2, x=3;
-// b=-4, x=2, 5
-// b=-7, x=2, 32
-// b=-8, x=2
-// b=-11, x=3, 15
-
-// of course these points need to be checked for correct order...
-
-#include <iostream>
-#include "big.h"
-#include "ecn.h"
-#include "ecn2.h"
-#include "ecn4.h"
-#include "ecn8.h"
-
-#define BN 0
-#define BLS12 1
-#define BLS24 2
-#define BLS48 3
-
-using namespace std;
-
-Miracl precision=500;
-
-// Number of ways of selecting k items from n
-Big combo(int n,int k)
-{ // calculate n C k
- int i;
- Big c,d;
-
- d=1;
- for (i=2;i<=k;i++)
- d*=i;
-
- c=1;
- for (i=n;i>n-k;i--)
- c*=i;
-
- c/=d;
- return c;
-}
-
-// Number of candidates to be searched.
-Big count(int b,int h)
-{
- Big c=combo(b-h+1,h-1)+combo(b-h+1,h-2);
- c*=pow((Big)2,h);
- return c;
-}
-
-// Move to next NAF pattern
-int iterate(int *x,int n)
-{
- int i,j,k,gotone=0;
- for (i=0;i<n-1;i++)
- {
- if (x[i]==1 && x[i+2]==0)
- {
- gotone=1;
- x[i+1]=1;
- x[i]=0;
- if (x[0]==1) break;
- for (k=1;;k++)
- if (x[k]!=0) break;
- for (j=0;j<i-k;j+=2)
- {
- x[j]=x[j+k];
- x[j+k]=0;
- }
- break;
- }
-
- }
- return gotone;
-}
-
-int main(int argc, char *argv[])
-{
- int HW,BITS,S,type,xm8,xm3,xm24,percent,pc;
- Big cnt,odds,total;
- int i,j,k,m,jj,bt,hw,twist,pb,nb,b,cb[40],ip;
- int xb[256];
- BOOL G2,GT,gotH,gotB,gotT,progress;
- Big msb,c,r,m1,n,p,q,t,x,y,w,X,Y,cof,cof2,coft,tau[9];
- Big PP,TT,FF;
- Big xp[10];
- int pw[10];
- miracl *mip=&precision;
- ECn P;
-
- argc--; argv++;
-
- if (argc<2)
- {
- cout << "Missing arguments" << endl;
- cout << "Program to find best pairing-friendly curves" << endl;
- cout << "bestpair type bits Hamming-weight" << endl;
- cout << "where type is the curve (BN, BLS12, BLS24, BLS48)" << endl;
- cout << "where bits is number of bits in curve x parameter (>30 and <200)" << endl;
- cout << "and hamming-weight is the number of non-zero bits (>1 and <10)" << endl;
- cout << "e.g. bestpair BLS12 77 3" << endl;
- cout << "Use flag /GT for GT-Strong curves" << endl;
- cout << "Use flag /G2 for G2-Strong curves" << endl;
- cout << "Use flag /P to show progress" << endl;
-
- exit(0);
- }
-
- ip=0; HW=0; BITS=0;
- G2=GT=gotB=gotH=gotT=progress=FALSE;
-
- while (ip<argc)
- {
- if (!gotT && strcmp(argv[ip],"BN")==0)
- {
- ip++;
- gotT=TRUE;
- type=BN;
- }
- if (!gotT && strcmp(argv[ip],"BLS12")==0)
- {
- ip++;
- gotT=TRUE;
- type=BLS12;
- }
- if (!gotT && strcmp(argv[ip],"BLS24")==0)
- {
- ip++;
- gotT=TRUE;
- type=BLS24;
- }
- if (!gotT && strcmp(argv[ip],"BLS48")==0)
- {
- ip++;
- gotT=TRUE;
- type=BLS48;
- }
- if (!G2 && strcmp(argv[ip],"/G2")==0)
- {
- ip++;
- G2=TRUE;
- continue;
- }
- if (!GT && strcmp(argv[ip],"/GT")==0)
- {
- ip++;
- GT=TRUE;
- continue;
- }
- if (!progress && strcmp(argv[ip],"/P")==0)
- {
- ip++;
- progress=TRUE;
- continue;
- }
- if (!gotB)
- {
- BITS=atoi(argv[ip++]);
- gotB=TRUE;
- continue;
- }
-
- if (!gotH)
- {
- HW=atoi(argv[ip++]);
- gotH=TRUE;
- continue;
- }
-
- cout << "Error in command line" << endl;
- return 0;
-
- }
- if (!gotH || !gotB || !gotT || HW>9 || HW<2 || BITS>=200 || BITS<30)
- {
- cout << "Error in command line" << endl;
- return 0;
- }
-
- hw=HW-1;
- msb=pow((Big)2,BITS);
-
- for (i=0;i<=BITS;i++)
- xb[i]=0;
-
- for (i=0;i<hw;i++)
- xb[2*i]=1;
-
- S=0;
-
- total=count(BITS,HW);
- cout << "search " << total << " candidates" << endl;
-
-// very approximate estimate of odds of success. Assumes primes are not correlated (but they are!)
- if (type==BN)
- {
- odds = (7*(4*BITS+5)/10)*(7*(4*BITS+5)/10);
- if (G2)
- odds*=(7*(4*BITS+5)/10);
- if (GT)
- odds*=(7*(12*BITS+16)/10);
- }
- if (type==BLS12)
- {
- odds = ((7*4*BITS)/10)*((7*6*BITS)/10);
- if (G2)
- odds*=(7*(8*BITS)/10);
- if (GT)
- odds*=(7*(20*BITS)/10);
- }
- if (type==BLS24)
- {
- odds = ((7*8*BITS)/10)*((7*10*BITS)/10);
- if (G2)
- odds*=(7*(32*BITS)/10);
- if (GT)
- odds*=(7*(72*BITS)/10);
- }
- if (type==BLS48)
- {
- odds = ((7*16*BITS)/10)*((7*18*BITS)/10);
- if (G2)
- odds*=(7*(128*BITS)/10);
- if (GT)
- odds*=(7*(272*BITS)/10);
- }
-
- odds/=8; // frig factor
- cout << "one in " << odds << " expected to be OK" << endl;
-
-// gprime(1000);
- percent=-1;
- cnt=0;
- for (;;)
- {
- if (cnt>0 && !iterate(xb,BITS)) break;
- for (i=j=0;i<BITS;i++)
- { // assign values to set bits
- if (xb[i]==1)
- {
- xp[j]=pow((Big)2,i);
- pw[j]=i;
- j++;
- }
- }
- xp[j]=msb;
- pw[j]=BITS;
- j++;
-
- // iterate through all combinations of + and - terms
- for (i=0;i<(1<<j);i++)
- {
- cnt+=1;
- if (progress)
- {
- pc=toint((100*cnt)/total);
-
- if (percent<pc)
- {
- percent=pc;
- cout << pc << "\%" << endl;
- }
- }
- x=0;
- bt=1;
- //cout << "x= ";
- for (k=0;k<j;k++)
- {
- if ((bt&i)!=0) {x+=xp[k]; /*cout << "+2^" << pw[k];*/}
- else {x-=xp[k]; /*cout << "-2^" << pw[k];*/}
- bt<<=1;
- }
-
- if (type==BLS12)
- {
- xm24=x%24;
- if (x<0) xm24+=24;
- xm24%=24;
- xm3=xm24%3;
- if (xm3!=1) continue; // quick exit for p%3=0
- xm8=xm24%8;
- if (xm8!=0 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- q=pow(x,4)-x*x+1;
- p=q*(((x-1)*(x-1))/3)+x;
-
- t=x+1;
- n=p+1-t;
-
- }
- if (type==BLS24)
- {
- xm24=x%24;
- if (x<0) xm24+=24;
- xm24%=24;
- xm3=xm24%3;
- if (xm3!=1) continue; // quick exit for p%3=0
- xm8=xm24%8;
- if (xm8!=0 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- q=pow(x,8)-pow(x,4)+1;
- p=q*(((x-1)*(x-1))/3)+x;
-
- t=x+1;
- n=p+1-t;
-
- }
-
- if (type==BLS48)
- {
- xm24=x%24;
- if (x<0) xm24+=24;
- xm24%=24;
- xm3=xm24%3;
- if (xm3!=1) continue; // quick exit for p%3=0
- xm8=xm24%8;
- if (xm8!=0 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- q=pow(x,16)-pow(x,8)+1;
- p=q*(((x-1)*(x-1))/3)+x;
-
- t=x+1;
- n=p+1-t;
-
- }
-
- if (type==BN)
- {
- xm8=x%8;
- if (x<0) xm8+=8;
- xm8%=8;
- if (xm8!=3 && xm8!=7) continue; // quick exit for p=3 mod 8 condition
-
- p=36*pow(x,4)+36*pow(x,3)+24*x*x+6*x+1;
- t=6*x*x+1;
- n=p+1-t;
- q=n;
- }
-
- if (p%8!=3) continue; // restriction here could be eased
-
- if (small_factors(q)) continue;
- if (small_factors(p)) continue;
-
- cof=n/q;
-
- if (type==BLS24)
- {
- coft=(pow(p,8)-pow(p,4)+1)/q;
- }
-
- if (type==BLS48)
- {
- coft=(pow(p,16)-pow(p,8)+1)/q;
- }
-
- if (type==BLS12 || type==BN)
- {
- coft=(pow(p,4)-p*p+1)/q;
- }
-
- if (GT)
- {
- if (small_factors(coft)) continue;
- }
-
- if (type==BLS12)
- {
- TT=t*t-2*p;
- PP=p*p;
- FF=t*(2*x*x*x-2*x*x-x+1)/3;
- m1=PP+1-(-3*FF+TT)/2;
- }
-
- if (type==BLS24)
- {
- TT=t*t*t*t-4*p*t*t+2*p*p;
- PP=pow(p,4);
- FF=sqrt((4*PP-TT*TT)/3);
- m1=PP+1-(3*FF+TT)/2;
- }
- if (type==BLS48)
- {
- tau[0]=2; // count points on twist over extension p^8
- tau[1]=t;
- for (jj=1;jj<8;jj++ ) tau[jj+1]=t*tau[jj]-p*tau[jj-1];
-
- TT=tau[8];
-
- PP=pow(p,8);
- FF=sqrt((4*PP-TT*TT)/3);
- m1=PP+1-(3*FF+TT)/2; //?
- }
- if (type==BN)
- {
- TT=t*t-2*p;
- PP=p*p;
- FF=sqrt((4*PP-TT*TT)/3);
- m1=PP+1-(3*FF+TT)/2;
- }
- cof2=m1/q;
-
- if (G2)
- {
- if (small_factors(cof2)) continue;
- }
-
- if (!prime(q)) continue;
- if (!prime(p)) continue;
- modulo(p);
-
- ZZn2 xi;
-
- xi.set(1,1); // for p=3 mod 8
-
-// make sure its irreducible
- if (pow(xi,(p*p-1)/2)==1)
- continue;
-
- if (pow(xi,(p*p-1)/3)==1)
- continue; // make sure that x^6-c is irreducible
-
- if (G2)
- {
- if (!prime(cof2)) continue;
- }
-
- if (GT)
- {
- if (!prime(coft)) continue;
- }
-
-
-// we have a solution
-// Find curve b parameter - uses first positive one found (but collect some other possibilities)
- pb=0;
- b=0;
- m=0;
- while (pb<=20 || b==0)
- {
- pb+=1;
- ecurve(0,pb,p,MR_AFFINE);
- while (!P.set(rand(p))) ;
- P*=cof;
- if ((q*P).iszero())
- {
- if (b==0) b=pb;
- else cb[m++]=pb;
- }
-
- }
- nb=0;
- while (nb>=-20)
- {
- nb-=1;
- ecurve(0,nb,p,MR_AFFINE);
- while (!P.set(rand(p))) ;
- P*=cof;
- if ((q*P).iszero())
- cb[m++]=nb;
- }
-
- ecurve(0,b,p,MR_AFFINE);
-// find number of points on sextic twist..
- twist=MR_SEXTIC_D;
- mip->TWIST=MR_SEXTIC_D;
-
- if (type==BLS12 || type==BN)
- {
- ECn2 Q;
- ZZn2 rr;
-
- do
- {
- rr=randn2();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- twist=MR_SEXTIC_M;
- mip->TWIST=MR_SEXTIC_M;
- do
- {
- rr=randn2();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- cout << "Never Happens" << endl;
- continue;
- }
- }
- }
- if (type==BLS24)
- {
- ECn4 Q;
- ZZn4 rr;
- do
- {
- rr=randn4();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- twist=MR_SEXTIC_M;
- mip->TWIST=MR_SEXTIC_M;
- do
- {
- rr=randn4();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- cout << "Never Happens" << endl;
- continue;
- }
- }
- }
- if (type==BLS48)
- {
- ECn8 Q;
- ZZn8 rr;
- do
- {
- rr=randn8();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- twist=MR_SEXTIC_M;
- mip->TWIST=MR_SEXTIC_M;
- do
- {
- rr=randn8();
- } while (!Q.set(rr));
-
- Q*=cof2;
- if (!(n*Q).iszero())
- {
- cout << "Never Happens" << endl;
- continue;
- }
- }
- }
- S++;
- cout << endl;
- cout << "Solution " << S << endl;
- x=0;
- bt=1;
- mip->IOBASE=16;
-
- cout << "x= ";
- for (k=0;k<j;k++)
- {
- if ((bt&i)!=0) {x+=xp[k]; cout << "+2^" << pw[k];}
- else {x-=xp[k]; cout << "-2^" << pw[k];}
- bt<<=1;
- }
- cout << " = " << x << endl;
- cout << "Curve is y^2=x^3+" << b;
- if (m>0)
- {
- cout << " (or) ";
- for (jj=0;jj<m;jj++)
- cout << cb[jj] << " ";
- }
- else cout << endl;
- cout << "\np= " << p << " (" << bits(p) << " bits)";
- if (twist==MR_SEXTIC_D) cout << " D-Type" << endl;
- if (twist==MR_SEXTIC_M) cout << " M-Type" << endl;
- if (progress) cout << endl;
- mip->IOBASE=10;
- // cout << "twist= " << p+1+t << endl;
- }
- }
-
- cout << endl;
- cout << cnt << " candidates searched" << endl;
-
- if (S==0)
- {
- cout << "No solutions found" << endl;
- return 0;
- }
- if (S==1)
- {
- cout << "One solution found" << endl;
- return 0;
- }
- cout << S << " solutions found" << endl;
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/bigtobig.cpp
----------------------------------------------------------------------
diff --git a/version3/bigtobig.cpp b/version3/bigtobig.cpp
deleted file mode 100644
index fbc89ea..0000000
--- a/version3/bigtobig.cpp
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-//
-// Program to convert from Big to AMCL BIG format
-// cl /O2 bigtobig.cpp big.cpp miracl.lib
-// g++ -O2 bigtobig.cpp big.cpp miracl.a -o bigtobig
-//
-//
-
-#include <iostream>
-#include "zzn.h"
-
-using namespace std;
-
-Miracl precision=100;
-
-// Code to parse formula in command line
-// This code isn't mine, but its public domain
-// Shamefully I forget the source
-//
-// NOTE: It may be necessary on some platforms to change the operators * and #
-//
-
-#if defined(unix)
-#define TIMES '.'
-#define RAISE '^'
-#else
-#define TIMES '*'
-#define RAISE '#'
-#endif
-
-Big tt;
-static char *ss;
-
-void eval_power (Big& oldn,Big& n,char op)
-{
- if (op) n=pow(oldn,toint(n)); // power(oldn,size(n),n,n);
-}
-
-void eval_product (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case TIMES:
- n*=oldn;
- break;
- case '/':
- n=oldn/n;
- break;
- case '%':
- n=oldn%n;
- }
-}
-
-void eval_sum (Big& oldn,Big& n,char op)
-{
- switch (op)
- {
- case '+':
- n+=oldn;
- break;
- case '-':
- n=oldn-n;
- }
-}
-
-void eval (void)
-{
- Big oldn[3];
- Big n;
- int i;
- char oldop[3];
- char op;
- char minus;
- for (i=0;i<3;i++)
- {
- oldop[i]=0;
- }
-LOOP:
- while (*ss==' ')
- ss++;
- if (*ss=='-') /* Unary minus */
- {
- ss++;
- minus=1;
- }
- else
- minus=0;
- while (*ss==' ')
- ss++;
- if (*ss=='(' || *ss=='[' || *ss=='{') /* Number is subexpression */
- {
- ss++;
- eval ();
- n=tt;
- }
- else /* Number is decimal value */
- {
- for (i=0;ss[i]>='0' && ss[i]<='9';i++)
- ;
- if (!i) /* No digits found */
- {
- cout << "Error - invalid number" << endl;
- exit (20);
- }
- op=ss[i];
- ss[i]=0;
- n=atoi(ss);
- ss+=i;
- *ss=op;
- }
- if (minus) n=-n;
- do
- op=*ss++;
- while (op==' ');
- if (op==0 || op==')' || op==']' || op=='}')
- {
- eval_power (oldn[2],n,oldop[2]);
- eval_product (oldn[1],n,oldop[1]);
- eval_sum (oldn[0],n,oldop[0]);
- tt=n;
- return;
- }
- else
- {
- if (op==RAISE)
- {
- eval_power (oldn[2],n,oldop[2]);
- oldn[2]=n;
- oldop[2]=RAISE;
- }
- else
- {
- if (op==TIMES || op=='/' || op=='%')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldn[1]=n;
- oldop[1]=op;
- }
- else
- {
- if (op=='+' || op=='-')
- {
- eval_power (oldn[2],n,oldop[2]);
- oldop[2]=0;
- eval_product (oldn[1],n,oldop[1]);
- oldop[1]=0;
- eval_sum (oldn[0],n,oldop[0]);
- oldn[0]=n;
- oldop[0]=op;
- }
- else /* Error - invalid operator */
- {
- cout << "Error - invalid operator" << endl;
- exit (20);
- }
- }
- }
- }
- goto LOOP;
-}
-
-void output(int w,Big t,Big m)
-{
- Big y=t;
-
- for (int i=0;i<w;i++)
- {
- cout << "0x" << y%m ;
- if (i<w-1) cout << ",";
- y/=m;
- }
- cout << endl;
-}
-
-int main(int argc, char **argv)
-{
- int i,ip,chunk,basebits;
- Big n,m;
- BOOL gotP,gotA,gotB;
- int Base;
- miracl *mip=&precision;
- argv++; argc--;
- if (argc<1)
- {
- cout << "Program converts from Big to BIG" << endl;
- cout << "bigtobig <big number> <chunk>> <basebits>" << endl;
- cout << "OR" << endl;
- cout << "bigtobig <formula for big number> <chunk>> <basebits>" << endl;
-#if defined(unix)
- cout << "e.g. bigtobig -f 2^255-19 32 29" << endl;
-#else
- cout << "e.g. bigtobig -f 2#255-19 32 29" << endl;
-#endif
- cout << "To input Big number in Hex, precede with -h" << endl;
- return 0;
- }
-
- ip=0;
- gprime(1000);
- gotP=gotA=gotB=FALSE;
- n=0;
- Base=10;
- while (ip<argc)
- {
- if (!gotP && strcmp(argv[ip],"-f")==0)
- {
- ip++;
- if (!gotP && ip<argc)
- {
-
- ss=argv[ip++];
- tt=0;
- eval();
- n=tt;
- gotP=TRUE;
- continue;
- }
- else
- {
- cout << "Error in command line" << endl;
- return 0;
- }
- }
-
-
- if (strcmp(argv[ip],"-h")==0)
- {
- ip++;
- Base=16;
- continue;
- }
-
- if (!gotP)
- {
- mip->IOBASE=Base;
- n=argv[ip++];
- mip->IOBASE=10;
- gotP=TRUE;
- continue;
- }
- if (!gotA)
- {
- mip->IOBASE=Base;
- chunk=atoi(argv[ip++]);
- gotA=TRUE;
- continue;
- }
- if (!gotB)
- {
- mip->IOBASE=Base;
- basebits=atoi(argv[ip++]);
- gotB=TRUE;
- continue;
- }
- cout << "Error in command line" << endl;
- return 0;
- }
- if (!gotP || !gotA || !gotB)
- {
- cout << "Error in command line" << endl;
- return 0;
- }
-
- mip->IOBASE=16;
-
- m=pow((Big)2,basebits);
-
- output(1+bits(n)/basebits,n,m);
-
- return 0;
-}
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/aes.c
----------------------------------------------------------------------
diff --git a/version3/c/aes.c b/version3/c/aes.c
deleted file mode 100644
index 656a031..0000000
--- a/version3/c/aes.c
+++ /dev/null
@@ -1,704 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-
-/*
- * Implementation of the NIST Advanced Ecryption Standard
- *
- * SU=m, SU is Stack Usage
- */
-
-#include <stdlib.h>
-#include "arch.h"
-#include "amcl.h"
-
-/* this is fixed */
-#define NB 4
-
-/* Rotates 32-bit word left by 1, 2 or 3 byte */
-
-#define ROTL8(x) (((x)<<8)|((x)>>24))
-#define ROTL16(x) (((x)<<16)|((x)>>16))
-#define ROTL24(x) (((x)<<24)|((x)>>8))
-
-static const uchar InCo[4]= {0xB,0xD,0x9,0xE}; /* Inverse Coefficients */
-
-static const uchar ptab[]=
-{
- 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
- 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
- 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
- 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
- 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
- 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
- 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
- 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
- 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
- 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
- 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
- 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
- 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
- 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
- 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
- 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
-};
-
-static const uchar ltab[]=
-{
- 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
- 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
- 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
- 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
- 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
- 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
- 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
- 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
- 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
- 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
- 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
- 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
- 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
- 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
- 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
- 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
-};
-
-static const uchar fbsub[]=
-{
- 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
- 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
- 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
- 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
- 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
- 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
- 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
- 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
- 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
- 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
- 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
- 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
- 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
- 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
- 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
- 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
-};
-
-static const uchar rbsub[]=
-{
- 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
- 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
- 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
- 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
- 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
- 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
- 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
- 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
- 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
- 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
- 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
- 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
- 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
- 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
- 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
- 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
-};
-
-static const unsign32 rco[]=
-{1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47};
-
-static const unsign32 ftable[]=
-{
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
-};
-
-static const unsign32 rtable[]=
-{
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
-};
-
-#define MR_TOBYTE(x) ((uchar)((x)))
-
-static unsign32 pack(const uchar *b)
-{
- /* pack bytes into a 32-bit Word */
- return ((unsign32)b[3]<<24)|((unsign32)b[2]<<16)|((unsign32)b[1]<<8)|(unsign32)b[0];
-}
-
-static void unpack(unsign32 a,uchar *b)
-{
- /* unpack bytes from a word */
- b[0]=MR_TOBYTE(a);
- b[1]=MR_TOBYTE(a>>8);
- b[2]=MR_TOBYTE(a>>16);
- b[3]=MR_TOBYTE(a>>24);
-}
-
-/* SU= 8 */
-static uchar bmul(uchar x,uchar y)
-{
- /* x.y= AntiLog(Log(x) + Log(y)) */
- if (x && y) return ptab[(ltab[x]+ltab[y])%255];
- else return 0;
-}
-
-static unsign32 SubByte(unsign32 a)
-{
- uchar b[4];
- unpack(a,b);
- b[0]=fbsub[b[0]];
- b[1]=fbsub[b[1]];
- b[2]=fbsub[b[2]];
- b[3]=fbsub[b[3]];
- return pack(b);
-}
-
-/* SU= 16 */
-static uchar product(unsign32 x,unsign32 y)
-{
- /* dot product of two 4-byte arrays */
- uchar xb[4],yb[4];
- unpack(x,xb);
- unpack(y,yb);
- return bmul(xb[0],yb[0])^bmul(xb[1],yb[1])^bmul(xb[2],yb[2])^bmul(xb[3],yb[3]);
-}
-
-static unsign32 InvMixCol(unsign32 x)
-{
- /* matrix Multiplication */
- unsign32 y,m;
- uchar b[4];
-
- m=pack(InCo);
- b[3]=product(m,x);
- m=ROTL24(m);
- b[2]=product(m,x);
- m=ROTL24(m);
- b[1]=product(m,x);
- m=ROTL24(m);
- b[0]=product(m,x);
- y=pack(b);
- return y;
-}
-
-/* SU= 8 */
-/* reset cipher */
-void AES_reset(amcl_aes *a,int mode,char *iv)
-{
- /* reset mode, or reset iv */
- int i;
- a->mode=mode;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
- if (mode!=ECB && iv!=NULL)
- {
- for (i=0; i<4*NB; i++)
- a->f[i]=iv[i];
- }
-}
-
-void AES_getreg(amcl_aes *a,char *ir)
-{
- int i;
- for (i=0; i<4*NB; i++) ir[i]=a->f[i];
-}
-
-/* SU= 72 */
-/* Initialise cipher */
-int AES_init(amcl_aes* a,int mode,int nk,char *key,char *iv)
-{
- /* Key length Nk=16, 24 or 32 bytes */
- /* Key Scheduler. Create expanded encryption key */
- int i,j,k,N,nr;
- unsign32 CipherKey[8];
-
- nk/=4;
-
- if (nk!=4 && nk!=6 && nk!=8) return 0;
-
- nr=6+nk;
-
- a->Nk=nk;
- a->Nr=nr;
-
- AES_reset(a,mode,iv);
-
- N=NB*(nr+1);
-
- for (i=j=0; i<nk; i++,j+=4)
- {
- CipherKey[i]=pack((uchar *)&key[j]);
- }
- for (i=0; i<nk; i++) a->fkey[i]=CipherKey[i];
- for (j=nk,k=0; j<N; j+=nk,k++)
- {
- a->fkey[j]=a->fkey[j-nk]^SubByte(ROTL24(a->fkey[j-1]))^rco[k];
- if (nk<=6)
- {
- for (i=1; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
- else
- {
- for (i=1; i<4 && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- if ((j+4)<N) a->fkey[j+4]=a->fkey[j+4-nk]^SubByte(a->fkey[j+3]);
- for (i=5; i<nk && (i+j)<N; i++)
- a->fkey[i+j]=a->fkey[i+j-nk]^a->fkey[i+j-1];
- }
-
- }
- /* now for the expanded decrypt key in reverse order */
-
- for (j=0; j<NB; j++) a->rkey[j+N-NB]=a->fkey[j];
- for (i=NB; i<N-NB; i+=NB)
- {
- k=N-NB-i;
- for (j=0; j<NB; j++) a->rkey[k+j]=InvMixCol(a->fkey[i+j]);
- }
- for (j=N-NB; j<N; j++) a->rkey[j-N+NB]=a->fkey[j];
- return 1;
-}
-
-/* SU= 80 */
-/* Encrypt a single block */
-void AES_ecb_encrypt(amcl_aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->fkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
-
- y[0]=a->fkey[k]^ftable[MR_TOBYTE(x[0])]^
- ROTL8(ftable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(ftable[x[3]>>24]);
- y[1]=a->fkey[k+1]^ftable[MR_TOBYTE(x[1])]^
- ROTL8(ftable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(ftable[x[0]>>24]);
- y[2]=a->fkey[k+2]^ftable[MR_TOBYTE(x[2])]^
- ROTL8(ftable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(ftable[x[1]>>24]);
- y[3]=a->fkey[k+3]^ftable[MR_TOBYTE(x[3])]^
- ROTL8(ftable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(ftable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(ftable[x[2]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
- /* Last Round */
-
- y[0]=a->fkey[k]^(unsign32)fbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)fbsub[x[3]>>24]);
- y[1]=a->fkey[k+1]^(unsign32)fbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)fbsub[x[0]>>24]);
- y[2]=a->fkey[k+2]^(unsign32)fbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)fbsub[x[1]>>24]);
- y[3]=a->fkey[k+3]^(unsign32)fbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)fbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)fbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)fbsub[x[2]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-}
-
-/* SU= 80 */
-/* Decrypt a single block */
-void AES_ecb_decrypt(amcl_aes *a,uchar *buff)
-{
- int i,j,k;
- unsign32 p[4],q[4],*x,*y,*t;
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- p[i]=pack((uchar *)&buff[j]);
- p[i]^=a->rkey[i];
- }
-
- k=NB;
- x=p;
- y=q;
-
- /* State alternates between x and y */
- for (i=1; i<a->Nr; i++)
- {
- /* Nr is number of rounds. May be odd. */
-
- y[0]=a->rkey[k]^rtable[MR_TOBYTE(x[0])]^
- ROTL8(rtable[MR_TOBYTE(x[3]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[2]>>16)])^
- ROTL24(rtable[x[1]>>24]);
- y[1]=a->rkey[k+1]^rtable[MR_TOBYTE(x[1])]^
- ROTL8(rtable[MR_TOBYTE(x[0]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[3]>>16)])^
- ROTL24(rtable[x[2]>>24]);
- y[2]=a->rkey[k+2]^rtable[MR_TOBYTE(x[2])]^
- ROTL8(rtable[MR_TOBYTE(x[1]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[0]>>16)])^
- ROTL24(rtable[x[3]>>24]);
- y[3]=a->rkey[k+3]^rtable[MR_TOBYTE(x[3])]^
- ROTL8(rtable[MR_TOBYTE(x[2]>>8)])^
- ROTL16(rtable[MR_TOBYTE(x[1]>>16)])^
- ROTL24(rtable[x[0]>>24]);
-
- k+=4;
- t=x;
- x=y;
- y=t; /* swap pointers */
- }
-
-
- /* Last Round */
- y[0]=a->rkey[k]^(unsign32)rbsub[MR_TOBYTE(x[0])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[3]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[2]>>16)])^
- ROTL24((unsign32)rbsub[x[1]>>24]);
- y[1]=a->rkey[k+1]^(unsign32)rbsub[MR_TOBYTE(x[1])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[0]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[3]>>16)])^
- ROTL24((unsign32)rbsub[x[2]>>24]);
- y[2]=a->rkey[k+2]^(unsign32)rbsub[MR_TOBYTE(x[2])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[1]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[0]>>16)])^
- ROTL24((unsign32)rbsub[x[3]>>24]);
- y[3]=a->rkey[k+3]^(unsign32)rbsub[MR_TOBYTE(x[3])]^
- ROTL8((unsign32)rbsub[MR_TOBYTE(x[2]>>8)])^
- ROTL16((unsign32)rbsub[MR_TOBYTE(x[1]>>16)])^
- ROTL24((unsign32)rbsub[x[0]>>24]);
-
- for (i=j=0; i<NB; i++,j+=4)
- {
- unpack(y[i],(uchar *)&buff[j]);
- x[i]=y[i]=0; /* clean up stack */
- }
-
-}
-
-/* simple default increment function */
-static void increment(char *f)
-{
- int i;
- for (i=0; i<16; i++)
- {
- f[i]++;
- if (f[i]!=0) break;
- }
-}
-
-/* SU= 40 */
-/* Encrypt using selected mode of operation */
-unsign32 AES_encrypt(amcl_aes* a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported Modes of Operation */
-
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_encrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++) buff[j]^=a->f[j];
- AES_ecb_encrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++) a->f[j]=buff[j];
- return 0;
-
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- buff[j]^=st[j];
- a->f[16-bytes+j]=buff[j];
- }
- return fell_off;
-
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
-
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
- return 0;
-
- default:
- return 0;
- }
-}
-
-/* SU= 40 */
-/* Decrypt using selected mode of operation */
-unsign32 AES_decrypt(amcl_aes *a,char *buff)
-{
- int j,bytes;
- char st[16];
- unsign32 fell_off;
-
- /* Supported modes of operation */
- fell_off=0;
- switch (a->mode)
- {
- case ECB:
- AES_ecb_decrypt(a,(uchar *)buff);
- return 0;
- case CBC:
- for (j=0; j<4*NB; j++)
- {
- st[j]=a->f[j];
- a->f[j]=buff[j];
- }
- AES_ecb_decrypt(a,(uchar *)buff);
- for (j=0; j<4*NB; j++)
- {
- buff[j]^=st[j];
- st[j]=0;
- }
- return 0;
- case CFB1:
- case CFB2:
- case CFB4:
- bytes=a->mode-CFB1+1;
- for (j=0; j<bytes; j++) fell_off=(fell_off<<8)|a->f[j];
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- for (j=bytes; j<4*NB; j++) a->f[j-bytes]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++)
- {
- a->f[16-bytes+j]=buff[j];
- buff[j]^=st[j];
- }
- return fell_off;
- case OFB1:
- case OFB2:
- case OFB4:
- case OFB8:
- case OFB16:
- bytes=a->mode-OFB1+1;
- AES_ecb_encrypt(a,(uchar *)(a->f));
- for (j=0; j<bytes; j++) buff[j]^=a->f[j];
- return 0;
-
- case CTR1:
- case CTR2:
- case CTR4:
- case CTR8:
- case CTR16:
-
- bytes=a->mode-CTR1+1;
- for (j=0; j<4*NB; j++) st[j]=a->f[j];
- AES_ecb_encrypt(a,(uchar *)st);
- for (j=0; j<bytes; j++) buff[j]^=st[j];
- increment(a->f);
- return 0;
-
- default:
- return 0;
- }
-}
-
-/* Clean up and delete left-overs */
-void AES_end(amcl_aes *a)
-{
- /* clean up */
- int i;
- for (i=0; i<NB*(a->Nr+1); i++)
- a->fkey[i]=a->rkey[i]=0;
- for (i=0; i<4*NB; i++)
- a->f[i]=0;
-}
-
-
-/*
-#include <stdio.h>
-
-#define KK 32
-
-int main()
-{
- int i;
- amcl_aes a;
- unsign32 t;
- uchar x,y;
-
- char key[KK];
- char block[16];
- char iv[16];
- for (i=0;i<KK;i++) key[i]=5;
- key[0]=1;
- for (i=0;i<16;i++) iv[i]=i;
- for (i=0;i<16;i++) block[i]=i;
-
- AES_init(&a,CTR16,KK,key,iv);
-
- printf("Plain= ");
- for (i=0;i<16;i++) printf("%02x",block[i]);
- printf("\n");
- AES_encrypt(&a,block);
- printf("Encrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
- AES_reset(&a,CTR16,iv);
- AES_decrypt(&a,block);
- printf("Decrypt= ");
- for (i=0;i<16;i++) printf("%02x",(uchar)block[i]);
- printf("\n");
-
- AES_end(&a);
-
- return 0;
-}
-
-*/
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/amcl.h
----------------------------------------------------------------------
diff --git a/version3/c/amcl.h b/version3/c/amcl.h
deleted file mode 100644
index 2558911..0000000
--- a/version3/c/amcl.h
+++ /dev/null
@@ -1,590 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-
-#ifndef AMCL_H
-#define AMCL_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdbool.h>
-#include <inttypes.h>
-#include "arch.h"
-
-#ifdef CMAKE
-#define AMCL_VERSION_MAJOR @AMCL_VERSION_MAJOR@ /**< Major version of the library */
-#define AMCL_VERSION_MINOR @AMCL_VERSION_MINOR@ /**< Minor version of the library */
-#define AMCL_VERSION_PATCH @AMCL_VERSION_PATCH@ /**< Patch version of the library */
-#define OS "@OS@" /**< Build OS */
-#endif
-
-/* modulus types */
-
-#define NOT_SPECIAL 0 /**< Modulus of no exploitable form */
-#define PSEUDO_MERSENNE 1 /**< Pseudo-mersenne modulus of form $2^n-c$ */
-#define MONTGOMERY_FRIENDLY 3 /**< Montgomery Friendly modulus of form $2^a(2^b-c)-1$ */
-#define GENERALISED_MERSENNE 2 /**< Generalised-mersenne modulus of form $2^n-2^m-1$, GOLDILOCKS only */
-
-
-/* Curve types */
-
-#define WEIERSTRASS 0 /**< Short Weierstrass form curve */
-#define EDWARDS 1 /**< Edwards or Twisted Edwards curve */
-#define MONTGOMERY 2 /**< Montgomery form curve */
-
-/* Pairing-Friendly types */
-
-#define NOT 0
-#define BN 1
-#define BLS 2
-
-#define D_TYPE 0
-#define M_TYPE 1
-
-/**
- * @brief SHA256 hash function instance */
-typedef struct
-{
- unsign32 length[2]; /**< 64-bit input length */
- unsign32 h[8]; /**< Internal state */
- unsign32 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash256;
-
-/**
- * @brief SHA384-512 hash function instance */
-typedef struct
-{
- unsign64 length[2]; /**< 64-bit input length */
- unsign64 h[8]; /**< Internal state */
- unsign64 w[80]; /**< Internal state */
- int hlen; /**< Hash length in bytes */
-} hash512;
-
-/**
- * @brief SHA384 hash function instance */
-typedef hash512 hash384;
-
-/**
- * @brief SHA3 hash function instance */
-typedef struct
-{
- unsign64 length; /**< 64-bit input length */
- unsign64 S[5][5]; /**< Internal state */
- int rate; /**< TODO */
- int len; /**< Hash length in bytes */
-} sha3;
-
-#define SHA256 32 /**< SHA-256 hashing */
-#define SHA384 48 /**< SHA-384 hashing */
-#define SHA512 64 /**< SHA-512 hashing */
-
-#define SHA3_HASH224 28 /**< SHA3 224 bit hash */
-#define SHA3_HASH256 32 /**< SHA3 256 bit hash */
-#define SHA3_HASH384 48 /**< SHA3 384 bit hash */
-#define SHA3_HASH512 64 /**< SHA3 512 bit hash */
-
-#define SHAKE128 16 /**< SHAKE128 hash */
-#define SHAKE256 32 /**< SHAKE256 hash */
-
-
-/* NewHope parameters */
-
-//q= 12289
-
-#define RLWE_PRIME 0x3001 // q in Hex
-#define RLWE_LGN 10 // Degree n=2^LGN
-#define RLWE_ND 0xF7002FFF // 1/(R-q) mod R
-#define RLWE_ONE 0x2AC8 // R mod q
-#define RLWE_R2MODP 0x1620 // R^2 mod q
-
-/* Symmetric Encryption AES structure */
-
-#define ECB 0 /**< Electronic Code Book */
-#define CBC 1 /**< Cipher Block Chaining */
-#define CFB1 2 /**< Cipher Feedback - 1 byte */
-#define CFB2 3 /**< Cipher Feedback - 2 bytes */
-#define CFB4 5 /**< Cipher Feedback - 4 bytes */
-#define OFB1 14 /**< Output Feedback - 1 byte */
-#define OFB2 15 /**< Output Feedback - 2 bytes */
-#define OFB4 17 /**< Output Feedback - 4 bytes */
-#define OFB8 21 /**< Output Feedback - 8 bytes */
-#define OFB16 29 /**< Output Feedback - 16 bytes */
-#define CTR1 30 /**< Counter Mode - 1 byte */
-#define CTR2 31 /**< Counter Mode - 2 bytes */
-#define CTR4 33 /**< Counter Mode - 4 bytes */
-#define CTR8 37 /**< Counter Mode - 8 bytes */
-#define CTR16 45 /**< Counter Mode - 16 bytes */
-
-#define uchar unsigned char /**< Unsigned char */
-
-/**
- @brief AES instance
-*/
-
-
-typedef struct
-{
- int Nk; /**< AES Key Length */
- int Nr; /**< AES Number of rounds */
- int mode; /**< AES mode of operation */
- unsign32 fkey[60]; /**< subkeys for encrypton */
- unsign32 rkey[60]; /**< subkeys for decrypton */
- char f[16]; /**< buffer for chaining vector */
-} amcl_aes;
-
-/* AES-GCM suppport. */
-
-#define GCM_ACCEPTING_HEADER 0 /**< GCM status */
-#define GCM_ACCEPTING_CIPHER 1 /**< GCM status */
-#define GCM_NOT_ACCEPTING_MORE 2 /**< GCM status */
-#define GCM_FINISHED 3 /**< GCM status */
-#define GCM_ENCRYPTING 0 /**< GCM mode */
-#define GCM_DECRYPTING 1 /**< GCM mode */
-
-
-/**
- @brief GCM mode instance, using AES internally
-*/
-
-typedef struct
-{
- unsign32 table[128][4]; /**< 2k byte table */
- uchar stateX[16]; /**< GCM Internal State */
- uchar Y_0[16]; /**< GCM Internal State */
- unsign32 lenA[2]; /**< GCM 64-bit length of header */
- unsign32 lenC[2]; /**< GCM 64-bit length of ciphertext */
- int status; /**< GCM Status */
- amcl_aes a; /**< Internal Instance of AMCL_AES cipher */
-} gcm;
-
-/* Marsaglia & Zaman Random number generator constants */
-
-#define NK 21 /**< PRNG constant */
-#define NJ 6 /**< PRNG constant */
-#define NV 8 /**< PRNG constant */
-
-
-/**
- @brief Cryptographically secure pseudo-random number generator instance
-*/
-
-typedef struct
-{
- unsign32 ira[NK]; /**< random number array */
- int rndptr; /**< pointer into array */
- unsign32 borrow; /**< borrow as a result of subtraction */
- int pool_ptr; /**< pointer into random pool */
- char pool[32]; /**< random pool */
-} csprng;
-
-
-/**
- @brief Portable representation of a big positive number
-*/
-
-typedef struct
-{
- int len; /**< length in bytes */
- int max; /**< max length allowed - enforce truncation */
- char *val; /**< byte array */
-} octet;
-
-
-/* Octet string handlers */
-/** @brief Formats and outputs an octet to the console in hex
- *
- @param O Octet to be output
- */
-extern void OCT_output(octet *O);
-/** @brief Formats and outputs an octet to the console as a character string
- *
- @param O Octet to be output
- */
-extern void OCT_output_string(octet *O);
-/** @brief Wipe clean an octet
- *
- @param O Octet to be cleaned
- */
-extern void OCT_clear(octet *O);
-/** @brief Compare two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @return 1 if equal, else 0
- */
-extern int OCT_comp(octet *O,octet *P);
-/** @brief Compare first n bytes of two octets
- *
- @param O first Octet to be compared
- @param P second Octet to be compared
- @param n number of bytes to compare
- @return 1 if equal, else 0
- */
-extern int OCT_ncomp(octet *O,octet *P,int n);
-/** @brief Join from a C string to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s zero terminated string to be joined to octet
- */
-extern void OCT_jstring(octet *O,char *s);
-/** @brief Join bytes to end of an octet
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param s bytes to be joined to end of octet
- @param n number of bytes to join
- */
-extern void OCT_jbytes(octet *O,char *s,int n);
-/** @brief Join single byte to end of an octet, repeated n times
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param b byte to be joined to end of octet
- @param n number of times b is to be joined
- */
-extern void OCT_jbyte(octet *O,int b,int n);
-/** @brief Join one octet to the end of another
- *
- Truncates if there is no room
- @param O Octet to be written to
- @param P Octet to be joined to the end of O
- */
-extern void OCT_joctet(octet *O,octet *P);
-/** @brief XOR common bytes of a pair of Octets
- *
- @param O Octet - on exit = O xor P
- @param P Octet to be xored into O
- */
-extern void OCT_xor(octet *O,octet *P);
-/** @brief reset Octet to zero length
- *
- @param O Octet to be emptied
- */
-extern void OCT_empty(octet *O);
-/** @brief Pad out an Octet to the given length
- *
- Padding is done by inserting leading zeros, so abcd becomes 00abcd
- @param O Octet to be padded
- @param n new length of Octet
- */
-extern int OCT_pad(octet *O,int n);
-/** @brief Convert an Octet to printable base64 number
- *
- @param b zero terminated byte array to take base64 conversion
- @param O Octet to be converted
- */
-extern void OCT_tobase64(char *b,octet *O);
-/** @brief Populate an Octet from base64 number
- *
- @param O Octet to be populated
- @param b zero terminated base64 string
-
- */
-extern void OCT_frombase64(octet *O,char *b);
-/** @brief Copy one Octet into another
- *
- @param O Octet to be copied to
- @param P Octet to be copied from
-
- */
-extern void OCT_copy(octet *O,octet *P);
-/** @brief XOR every byte of an octet with input m
- *
- @param O Octet
- @param m byte to be XORed with every byte of O
-
- */
-extern void OCT_xorbyte(octet *O,int m);
-/** @brief Chops Octet into two, leaving first n bytes in O, moving the rest to P
- *
- @param O Octet to be chopped
- @param P new Octet to be created
- @param n number of bytes to chop off O
-
- */
-extern void OCT_chop(octet *O,octet *P,int n);
-/** @brief Join n bytes of integer m to end of Octet O (big endian)
- *
- Typically n is 4 for a 32-bit integer
- @param O Octet to be appended to
- @param m integer to be appended to O
- @param n number of bytes in m
-
- */
-extern void OCT_jint(octet *O,int m,int n);
-/** @brief Create an Octet from bytes taken from a random number generator
- *
- Truncates if there is no room
- @param O Octet to be populated
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n number of bytes to extracted from R
-
- */
-extern void OCT_rand(octet *O,csprng *R,int n);
-/** @brief Shifts Octet left by n bytes
- *
- Leftmost bytes disappear
- @param O Octet to be shifted
- @param n number of bytes to shift
-
- */
-extern void OCT_shl(octet *O,int n);
-/** @brief Convert a hex number to an Octet
- *
- @param dst Octet
- @param src Hex string to be converted
- */
-extern void OCT_fromHex(octet *dst,char *src);
-/** @brief Convert an Octet to printable hex number
- *
- @param dst hex value
- @param src Octet to be converted
- */
-extern void OCT_toHex(octet *src,char *dst);
-/** @brief Convert an Octet to string
- *
- @param dst string value
- @param src Octet to be converted
- */
-extern void OCT_toStr(octet *src,char *dst);
-
-
-
-/* Hash function */
-/** @brief Initialise an instance of SHA256
- *
- @param H an instance SHA256
- */
-extern void HASH256_init(hash256 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA256
- @param b byte to be included in hash
- */
-extern void HASH256_process(hash256 *H,int b);
-/** @brief Generate 32-byte hash
- *
- @param H an instance SHA256
- @param h is the output 32-byte hash
- */
-extern void HASH256_hash(hash256 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA384
- *
- @param H an instance SHA384
- */
-extern void HASH384_init(hash384 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA384
- @param b byte to be included in hash
- */
-extern void HASH384_process(hash384 *H,int b);
-/** @brief Generate 48-byte hash
- *
- @param H an instance SHA384
- @param h is the output 48-byte hash
- */
-extern void HASH384_hash(hash384 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA512
- *
- @param H an instance SHA512
- */
-extern void HASH512_init(hash512 *H);
-/** @brief Add a byte to the hash
- *
- @param H an instance SHA512
- @param b byte to be included in hash
- */
-extern void HASH512_process(hash512 *H,int b);
-/** @brief Generate 64-byte hash
- *
- @param H an instance SHA512
- @param h is the output 64-byte hash
- */
-extern void HASH512_hash(hash512 *H,char *h);
-
-
-/** @brief Initialise an instance of SHA3
- *
- @param H an instance SHA3
- @param t the instance type
- */
-extern void SHA3_init(sha3 *H,int t);
-/** @brief process a byte for SHA3
- *
- @param H an instance SHA3
- @param b a byte of date to be processed
- */
-extern void SHA3_process(sha3 *H,int b);
-/** @brief create fixed length hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- */
-extern void SHA3_hash(sha3 *H,char *h);
-/** @brief create variable length hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- @param len is the length of the hash
- */
-extern void SHA3_shake(sha3 *H,char *h,int len);
-/** @brief generate further hash output of SHA3
- *
- @param H an instance SHA3
- @param h a byte array to take hash
- @param len is the length of the hash
- */
-extern void SHA3_squeeze(sha3 *H,char *h,int len);
-
-
-
-/* AES functions */
-/** @brief Reset AES mode or IV
- *
- @param A an instance of the AMCL_AES
- @param m is the new active mode of operation (ECB, CBC, OFB, CFB etc)
- @param iv the new Initialisation Vector
- */
-extern void AES_reset(amcl_aes *A,int m,char *iv);
-/** @brief Extract chaining vector from AMCL_AES instance
- *
- @param A an instance of the AMCL_AES
- @param f the extracted chaining vector
- */
-extern void AES_getreg(amcl_aes *A,char * f);
-/** @brief Initialise an instance of AMCL_AES and its mode of operation
- *
- @param A an instance AMCL_AES
- @param m is the active mode of operation (ECB, CBC, OFB, CFB etc)
- @param n is the key length in bytes, 16, 24 or 32
- @param k the AES key as an array of 16 bytes
- @param iv the Initialisation Vector
- @return 0 for invalid n
- */
-extern int AES_init(amcl_aes *A,int m,int n,char *k,char *iv);
-/** @brief Encrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- */
-extern void AES_ecb_encrypt(amcl_aes *A,uchar * b);
-/** @brief Decrypt a single 16 byte block in ECB mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 cipherext bytes, on exit becomes plaintext
- */
-extern void AES_ecb_decrypt(amcl_aes *A,uchar * b);
-/** @brief Encrypt a single 16 byte block in active mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 plaintext bytes, on exit becomes ciphertext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_encrypt(amcl_aes *A,char *b );
-/** @brief Decrypt a single 16 byte block in active mode
- *
- @param A an instance of the AMCL_AES
- @param b is an array of 16 ciphertext bytes, on exit becomes plaintext
- @return 0, or overflow bytes from CFB mode
- */
-extern unsign32 AES_decrypt(amcl_aes *A,char *b);
-/** @brief Clean up after application of AES
- *
- @param A an instance of the AMCL_AES
- */
-extern void AES_end(amcl_aes *A);
-
-
-/* AES-GCM functions */
-/** @brief Initialise an instance of AES-GCM mode
- *
- @param G an instance AES-GCM
- @param nk is the key length in bytes, 16, 24 or 32
- @param k the AES key as an array of 16 bytes
- @param n the number of bytes in the Initialisation Vector (IV)
- @param iv the IV
- */
-extern void GCM_init(gcm *G,int nk,char *k,int n,char *iv);
-/** @brief Add header (material to be authenticated but not encrypted)
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param b is the header material to be added
- @param n the number of bytes in the header
- */
-extern int GCM_add_header(gcm *G,char *b,int n);
-/** @brief Add plaintext and extract ciphertext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param c is the ciphertext generated
- @param p is the plaintext material to be added
- @param n the number of bytes in the plaintext
- */
-extern int GCM_add_plain(gcm *G,char *c,char *p,int n);
-/** @brief Add ciphertext and extract plaintext
- *
- Note that this function can be called any number of times with n a multiple of 16, and then one last time with any value for n
- @param G an instance AES-GCM
- @param p is the plaintext generated
- @param c is the ciphertext material to be added
- @param n the number of bytes in the ciphertext
- */
-extern int GCM_add_cipher(gcm *G,char *p,char *c,int n);
-/** @brief Finish off and extract authentication tag (HMAC)
- *
- @param G is an active instance AES-GCM
- @param t is the output 16 byte authentication tag
- */
-extern void GCM_finish(gcm *G,char *t);
-
-
-
-/* random numbers */
-/** @brief Seed a random number generator from an array of bytes
- *
- The provided seed should be truly random
- @param R an instance of a Cryptographically Secure Random Number Generator
- @param n the number of seed bytes provided
- @param b an array of seed bytes
-
- */
-extern void RAND_seed(csprng *R,int n,char *b);
-/** @brief Delete all internal state of a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- */
-extern void RAND_clean(csprng *R);
-/** @brief Return a random byte from a random number generator
- *
- @param R an instance of a Cryptographically Secure Random Number Generator
- @return a random byte
- */
-extern int RAND_byte(csprng *R);
-
-
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/arch.h
----------------------------------------------------------------------
diff --git a/version3/c/arch.h b/version3/c/arch.h
deleted file mode 100644
index 1de0332..0000000
--- a/version3/c/arch.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Architecture definition header file */
-
-/**
- * @file arch.h
- * @author Mike Scott
- * @date 23rd February 2016
- * @brief Architecture Header File
- *
- * Specify Processor Architecture
- *
- */
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef ARCH_H
-#define ARCH_H
-
-
-
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture ***/
-
-#ifdef CMAKE
-#define CHUNK @AMCL_CHUNK@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#else
-#define CHUNK @WL@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#endif
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-/* Create Integer types */
-/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
-
-#if __STDC_VERSION__ >= 199901L
-/* C99 code */
-#define C99
-#else
-/* Not C99 code */
-#endif
-
-#ifndef C99 /* You are on your own! These are for Microsoft C */
-#define byte unsigned char /**< 8-bit unsigned integer */
-#define sign32 __int32 /**< 32-bit signed integer */
-#define sign8 signed char /**< 8-bit signed integer */
-#define sign16 short int /**< 16-bit signed integer */
-#define sign64 long long /**< 64-bit signed integer */
-#define unsign32 unsigned __int32 /**< 32-bit unsigned integer */
-#define unsign64 unsigned long long /**< 64-bit unsigned integer */
-#else
-#include <stdint.h>
-#define byte uint8_t /**< 8-bit unsigned integer */
-#define sign8 int8_t /**< 8-bit signed integer */
-#define sign16 int16_t /**< 16-bit signed integer */
-#define sign32 int32_t /**< 32-bit signed integer */
-#define sign64 int64_t /**< 64-bit signed integer */
-#define unsign32 uint32_t /**< 32-bit unsigned integer */
-#define unsign64 uint64_t /**< 64-bit unsigned integer */
-#endif
-
-#define uchar unsigned char /**< Unsigned char */
-
-/* Don't mess with anything below this line unless you know what you are doing */
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-#if CHUNK==16
-#ifndef C99
-#define chunk __int16 /**< C type corresponding to word length */
-#define dchunk __int32 /**< Always define double length chunk type if available */
-#else
-#define chunk int16_t /**< C type corresponding to word length */
-#define dchunk int32_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 32
-#ifndef C99
-#define chunk __int32 /**< C type corresponding to word length */
-#define dchunk __int64 /**< Always define double length chunk type if available */
-#else
-#define chunk int32_t /**< C type corresponding to word length */
-#define dchunk int64_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 64
-
-#ifndef C99
-#define chunk __int64 /**< C type corresponding to word length */
-/**< Note - no 128-bit type available */
-#else
-#define chunk int64_t /**< C type corresponding to word length */
-#ifdef __GNUC__
-#define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
-#endif
-
-#ifdef __clang__
-#define dchunk __int128
-#endif
-
-#endif
-#endif
-
-#ifdef dchunk
-#define COMBA /**< Use COMBA method for faster muls, sqrs and reductions */
-#endif
-
-
-#endif