You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:35 UTC
[30/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/HASH512.js
----------------------------------------------------------------------
diff --git a/version22/js/HASH512.js b/version22/js/HASH512.js
deleted file mode 100644
index 5a6f47a..0000000
--- a/version22/js/HASH512.js
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var HASH512 = function() {
- this.length=[];
- this.h=[];
- this.w=[];
- this.init();
-};
-
-HASH512.prototype={
-
- transform: function()
- { /* basic transformation step */
- var a,b,c,d,e,ee,zz,f,g,hh,t1,t2;
- var j,r;
- for (j=16;j<80;j++)
- this.w[j]=HASH512.theta1(this.w[j-2]).add(this.w[j-7]).add(HASH512.theta0(this.w[j-15])).add(this.w[j-16]);
-
- a=this.h[0].copy(); b=this.h[1].copy(); c=this.h[2].copy(); d=this.h[3].copy();
- e=this.h[4].copy(); f=this.h[5].copy(); g=this.h[6].copy(); hh=this.h[7].copy();
-
- for (j=0;j<80;j++)
- { /* 80 times - mush it up */
- t1=hh.copy();
- t1.add(HASH512.Sig1(e)).add(HASH512.Ch(e,f,g)).add(HASH512.HK[j]).add(this.w[j]);
-
- t2=HASH512.Sig0(a); t2.add(HASH512.Maj(a,b,c));
- hh=g; g=f; f=e;
- e=d.copy(); e.add(t1);
-
- d=c;
- c=b;
- b=a;
- a=t1.copy(); a.add(t2);
- }
-
- this.h[0].add(a); this.h[1].add(b); this.h[2].add(c); this.h[3].add(d);
- this.h[4].add(e); this.h[5].add(f); this.h[6].add(g); this.h[7].add(hh);
- },
-
-/* Initialise Hash function */
- init: function()
- { /* initialise */
- var i;
- for (i=0;i<80;i++) this.w[i]=new UInt64(0,0);
- this.length[0]=new UInt64(0,0); this.length[1]=new UInt64(0,0);
- this.h[0]=HASH512.H[0].copy();
- this.h[1]=HASH512.H[1].copy();
- this.h[2]=HASH512.H[2].copy();
- this.h[3]=HASH512.H[3].copy();
- this.h[4]=HASH512.H[4].copy();
- this.h[5]=HASH512.H[5].copy();
- this.h[6]=HASH512.H[6].copy();
- this.h[7]=HASH512.H[7].copy();
- },
-
-/* process a single byte */
- process: function(byt)
- { /* process the next message byte */
- var cnt;
- cnt=(this.length[0].bot>>>6)%16;
- this.w[cnt].shlb();
- this.w[cnt].bot|=(byt&0xFF);
-
- var e=new UInt64(0,8);
- this.length[0].add(e);
- if (this.length[0].top===0 && this.length[0].bot==0) { e=new UInt64(0,1); this.length[1].add(e); }
- if ((this.length[0].bot%1024)===0) this.transform();
- },
-
-/* process an array of bytes */
- process_array: function(b)
- {
- for (var i=0;i<b.length;i++) this.process(b[i]);
- },
-
-/* process a 32-bit integer */
- process_num: function(n)
- {
- this.process((n>>24)&0xff);
- this.process((n>>16)&0xff);
- this.process((n>>8)&0xff);
- this.process(n&0xff);
- },
-
- hash: function()
- { /* pad message and finish - supply digest */
- var i;
- var digest=[];
- var len0,len1;
- len0=this.length[0].copy();
- len1=this.length[1].copy();
- this.process(0x80);
- while ((this.length[0].bot%1024)!=896) this.process(0);
-
- this.w[14]=len1;
- this.w[15]=len0;
- this.transform();
-
- for (i=0;i<HASH512.len;i++)
- { /* convert to bytes */
- digest[i]=HASH512.R(8*(7-i%8),this.h[i>>>3]).bot&0xff;
- }
-
- this.init();
- return digest;
- }
-};
-
-/* static functions */
-HASH512.S= function(n,x)
-{
- if (n==0) return x;
- if (n<32)
- return new UInt64((x.top>>>n) | (x.bot<<(32-n)), (x.bot>>>n) | (x.top << (32-n)));
- else
- return new UInt64((x.bot>>>(n-32)) | (x.top << (64-n)),(x.top>>>(n-32)) | (x.bot<<(64-n)));
-
-};
-
-HASH512.R= function(n,x)
-{
- if (n==0) return x;
- if (n<32)
- return new UInt64((x.top>>>n),(x.bot>>>n | (x.top << (32-n))));
- else
- return new UInt64(0,x.top >>> (n-32));
-};
-
-HASH512.Ch= function(x,y,z)
-{
- return new UInt64((x.top&y.top)^(~(x.top)&z.top),(x.bot&y.bot)^(~(x.bot)&z.bot));
-};
-
-HASH512.Maj= function(x,y,z)
-{
- return new UInt64((x.top&y.top)^(x.top&z.top)^(y.top&z.top),(x.bot&y.bot)^(x.bot&z.bot)^(y.bot&z.bot));
-};
-
-HASH512.Sig0= function(x)
-{
- var r1=HASH512.S(28,x);
- var r2=HASH512.S(34,x);
- var r3=HASH512.S(39,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH512.Sig1= function(x)
-{
- var r1=HASH512.S(14,x);
- var r2=HASH512.S(18,x);
- var r3=HASH512.S(41,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH512.theta0= function(x)
-{
- var r1=HASH512.S(1,x);
- var r2=HASH512.S(8,x);
- var r3=HASH512.R(7,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-HASH512.theta1= function(x)
-{
- var r1=HASH512.S(19,x);
- var r2=HASH512.S(61,x);
- var r3=HASH512.R(6,x);
- return new UInt64(r1.top^r2.top^r3.top,r1.bot^r2.bot^r3.bot);
-};
-
-/* constants */
-HASH512.len= 64;
-
-HASH512.H = [new UInt64(0x6a09e667, 0xf3bcc908), new UInt64(0xbb67ae85, 0x84caa73b),
- new UInt64(0x3c6ef372, 0xfe94f82b), new UInt64(0xa54ff53a, 0x5f1d36f1),
- new UInt64(0x510e527f, 0xade682d1), new UInt64(0x9b05688c, 0x2b3e6c1f),
- new UInt64(0x1f83d9ab, 0xfb41bd6b), new UInt64(0x5be0cd19, 0x137e2179)];
-
-HASH512.HK = [new UInt64(0x428a2f98, 0xd728ae22), new UInt64(0x71374491, 0x23ef65cd),
- new UInt64(0xb5c0fbcf, 0xec4d3b2f), new UInt64(0xe9b5dba5, 0x8189dbbc),
- new UInt64(0x3956c25b, 0xf348b538), new UInt64(0x59f111f1, 0xb605d019),
- new UInt64(0x923f82a4, 0xaf194f9b), new UInt64(0xab1c5ed5, 0xda6d8118),
- new UInt64(0xd807aa98, 0xa3030242), new UInt64(0x12835b01, 0x45706fbe),
- new UInt64(0x243185be, 0x4ee4b28c), new UInt64(0x550c7dc3, 0xd5ffb4e2),
- new UInt64(0x72be5d74, 0xf27b896f), new UInt64(0x80deb1fe, 0x3b1696b1),
- new UInt64(0x9bdc06a7, 0x25c71235), new UInt64(0xc19bf174, 0xcf692694),
- new UInt64(0xe49b69c1, 0x9ef14ad2), new UInt64(0xefbe4786, 0x384f25e3),
- new UInt64(0x0fc19dc6, 0x8b8cd5b5), new UInt64(0x240ca1cc, 0x77ac9c65),
- new UInt64(0x2de92c6f, 0x592b0275), new UInt64(0x4a7484aa, 0x6ea6e483),
- new UInt64(0x5cb0a9dc, 0xbd41fbd4), new UInt64(0x76f988da, 0x831153b5),
- new UInt64(0x983e5152, 0xee66dfab), new UInt64(0xa831c66d, 0x2db43210),
- new UInt64(0xb00327c8, 0x98fb213f), new UInt64(0xbf597fc7, 0xbeef0ee4),
- new UInt64(0xc6e00bf3, 0x3da88fc2), new UInt64(0xd5a79147, 0x930aa725),
- new UInt64(0x06ca6351, 0xe003826f), new UInt64(0x14292967, 0x0a0e6e70),
- new UInt64(0x27b70a85, 0x46d22ffc), new UInt64(0x2e1b2138, 0x5c26c926),
- new UInt64(0x4d2c6dfc, 0x5ac42aed), new UInt64(0x53380d13, 0x9d95b3df),
- new UInt64(0x650a7354, 0x8baf63de), new UInt64(0x766a0abb, 0x3c77b2a8),
- new UInt64(0x81c2c92e, 0x47edaee6), new UInt64(0x92722c85, 0x1482353b),
- new UInt64(0xa2bfe8a1, 0x4cf10364), new UInt64(0xa81a664b, 0xbc423001),
- new UInt64(0xc24b8b70, 0xd0f89791), new UInt64(0xc76c51a3, 0x0654be30),
- new UInt64(0xd192e819, 0xd6ef5218), new UInt64(0xd6990624, 0x5565a910),
- new UInt64(0xf40e3585, 0x5771202a), new UInt64(0x106aa070, 0x32bbd1b8),
- new UInt64(0x19a4c116, 0xb8d2d0c8), new UInt64(0x1e376c08, 0x5141ab53),
- new UInt64(0x2748774c, 0xdf8eeb99), new UInt64(0x34b0bcb5, 0xe19b48a8),
- new UInt64(0x391c0cb3, 0xc5c95a63), new UInt64(0x4ed8aa4a, 0xe3418acb),
- new UInt64(0x5b9cca4f, 0x7763e373), new UInt64(0x682e6ff3, 0xd6b2b8a3),
- new UInt64(0x748f82ee, 0x5defb2fc), new UInt64(0x78a5636f, 0x43172f60),
- new UInt64(0x84c87814, 0xa1f0ab72), new UInt64(0x8cc70208, 0x1a6439ec),
- new UInt64(0x90befffa, 0x23631e28), new UInt64(0xa4506ceb, 0xde82bde9),
- new UInt64(0xbef9a3f7, 0xb2c67915), new UInt64(0xc67178f2, 0xe372532b),
- new UInt64(0xca273ece, 0xea26619c), new UInt64(0xd186b8c7, 0x21c0c207),
- new UInt64(0xeada7dd6, 0xcde0eb1e), new UInt64(0xf57d4f7f, 0xee6ed178),
- new UInt64(0x06f067aa, 0x72176fba), new UInt64(0x0a637dc5, 0xa2c898a6),
- new UInt64(0x113f9804, 0xbef90dae), new UInt64(0x1b710b35, 0x131c471b),
- new UInt64(0x28db77f5, 0x23047d84), new UInt64(0x32caab7b, 0x40c72493),
- new UInt64(0x3c9ebe0a, 0x15c9bebc), new UInt64(0x431d67c4, 0x9c100d4c),
- new UInt64(0x4cc5d4be, 0xcb3e42b6), new UInt64(0x597f299c, 0xfc657e2a),
- new UInt64(0x5fcb6fab, 0x3ad6faec), new UInt64(0x6c44198c, 0x4a475817)];
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/MPIN.js
----------------------------------------------------------------------
diff --git a/version22/js/MPIN.js b/version22/js/MPIN.js
deleted file mode 100644
index fdd1d80..0000000
--- a/version22/js/MPIN.js
+++ /dev/null
@@ -1,933 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* MPIN API Functions */
-
-var MPIN = {
- BAD_PARAMS:-11,
- INVALID_POINT:-14,
- WRONG_ORDER:-18,
- BAD_PIN:-19,
-/* configure PIN here */
- MAXPIN:10000, /* max PIN */
- PBLEN:14, /* MAXPIN length in bits */
- TS:10, /* 10 for 4 digit PIN, 14 for 6-digit PIN - 2^TS/TS approx = sqrt(MAXPIN) */
- TRAP:200, /* 200 for 4 digit PIN, 2000 for 6-digit PIN - approx 2*sqrt(MAXPIN) */
- EFS:ROM.MODBYTES,
- EGS:ROM.MODBYTES,
- PAS:16,
-
- SHA256 : 32,
- SHA384 : 48,
- SHA512 : 64,
-
- HASH_TYPE : 32,
-
-
-/* return time in slots since epoch */
- today: function() {
- var now=new Date();
- return Math.floor(now.getTime()/(60000*1440)); // for daily tokens
- },
-
- bytestostring: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
- comparebytes: function(a,b)
- {
- if (a.length!=b.length) return false;
- for (var i=0;i<a.length;i++)
- {
- if (a[i]!=b[i]) return false;
- }
- return true;
- },
-
- mpin_hash: function(sha,c,U)
- {
- var t=[];
- var w=[];
- var h=[];
-
- c.geta().getA().toBytes(w); for (var i=0;i<this.EFS;i++) t[i]=w[i];
- c.geta().getB().toBytes(w); for (var i=this.EFS;i<2*this.EFS;i++) t[i]=w[i-this.EFS];
- c.getb().getA().toBytes(w); for (var i=2*this.EFS;i<3*this.EFS;i++) t[i]=w[i-2*this.EFS];
- c.getb().getB().toBytes(w); for (var i=3*this.EFS;i<4*this.EFS;i++) t[i]=w[i-3*this.EFS];
-
- U.getX().toBytes(w); for (var i=4*this.EFS;i<5*this.EFS;i++) t[i]=w[i-4*this.EFS];
- U.getY().toBytes(w); for (var i=5*this.EFS;i<6*this.EFS;i++) t[i]=w[i-5*this.EFS];
-
- if (sha==this.SHA256)
- {
- var H=new HASH256();
- H.process_array(t);
- h=H.hash();
- }
- if (sha==this.SHA384)
- {
- var H=new HASH384();
- H.process_array(t);
- h=H.hash();
- }
- if (sha==this.SHA512)
- {
- var H=new HASH512();
- H.process_array(t);
- h=H.hash();
- }
- if (h.length==0) return null;
- var R=[];
- for (var i=0;i<this.PAS;i++) R[i]=h[i];
- return R;
- },
-/* Hash number (optional) and string to point on curve */
-
- hashit: function(sha,n,B)
- {
- var R=[];
-
- if (sha==this.SHA256)
- {
- var H=new HASH256();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (sha==this.SHA384)
- {
- var H=new HASH384();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (sha==this.SHA512)
- {
- var H=new HASH512();
- if (n>0) H.process_num(n);
- H.process_array(B);
- R=H.hash();
- }
- if (R.length==0) return null;
- var W=[];
-
- if (sha>=ROM.MODBYTES)
- for (var i=0;i<ROM.MODBYTES;i++) W[i]=R[i];
- else
- {
- for (var i=0;i<sha;i++) W[i]=R[i];
- for (var i=sha;i<ROM.MODBYTES;i++) W[i]=0;
- }
- return W;
- },
-
- mapit: function(h)
- {
- var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x=BIG.fromBytes(h);
- x.mod(q);
- var P=new ECP();
- while (true)
- {
- P.setxi(x,0);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- if (ROM.CURVE_PAIRING_TYPE!=ROM.BN_CURVE)
- {
- var c=new BIG(0); c.rcopy(ROM.CURVE_Cof);
- P=P.mul(c);
- }
- return P;
- },
-
-/* needed for SOK */
- mapit2: function(h)
- {
- var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x=BIG.fromBytes(h);
- var one=new BIG(1);
- x.mod(q);
- var Q,T,K,X;
- while (true)
- {
- X=new FP2(one,x);
- Q=new ECP2(); Q.setx(X);
- if (!Q.is_infinity()) break;
- x.inc(1); x.norm();
- }
-/* Fast Hashing to G2 - Fuentes-Castaneda, Knapp and Rodriguez-Henriquez */
-
- var Fa=new BIG(0); Fa.rcopy(ROM.CURVE_Fra);
- var Fb=new BIG(0); Fb.rcopy(ROM.CURVE_Frb);
- X=new FP2(Fa,Fb);
- x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- T=new ECP2(); T.copy(Q);
- T.mul(x); T.neg();
- K=new ECP2(); K.copy(T);
- K.dbl(); K.add(T); K.affine();
-
- K.frob(X);
- Q.frob(X); Q.frob(X); Q.frob(X);
- Q.add(T); Q.add(K);
- T.frob(X); T.frob(X);
- Q.add(T);
- Q.affine();
- return Q;
-
- },
-
-/* these next two functions help to implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* maps a random u to a point on the curve */
- map: function(u,cb)
- {
- var P=new ECP();
- var x=new BIG(u);
- var p=new BIG(0); p.rcopy(ROM.Modulus);
- x.mod(p);
- while (true)
- {
- P.setxi(x,cb);
- if (!P.is_infinity()) break;
- x.inc(1); x.norm();
- }
- return P;
- },
-
-/* returns u derived from P. Random value in range 1 to return value should then be added to u */
- unmap: function(u,P)
- {
- var s=P.getS();
- var R=new ECP();
- var r=0;
- var x=P.getX();
- u.copy(x);
- while (true)
- {
- u.dec(1); u.norm();
- r++;
- R.setxi(u,s); //=new ECP(u,s);
- if (!R.is_infinity()) break;
- }
- return r;
- },
-
-/* these next two functions implement elligator squared - http://eprint.iacr.org/2014/043 */
-/* Elliptic curve point E in format (0x04,x,y} is converted to form {0x0-,u,v} */
-/* Note that u and v are indistinguisible from random strings */
- ENCODING: function(rng,E)
- {
- var i,rn,m,su,sv;
- var T=[];
-
- for (i=0;i<this.EFS;i++) T[i]=E[i+1];
- var u=BIG.fromBytes(T);
- for (i=0;i<this.EFS;i++) T[i]=E[i+this.EFS+1];
- var v=BIG.fromBytes(T);
-
- var P=new ECP(0); P.setxy(u,v);
- if (P.is_infinity()) return this.INVALID_POINT;
-
- var p=new BIG(0); p.rcopy(ROM.Modulus);
- u=BIG.randomnum(p,rng);
-
- su=rng.getByte(); if (su<0) su=-su; su%=2;
-
- var W=this.map(u,su);
- P.sub(W);
- sv=P.getS();
- rn=this.unmap(v,P);
- m=rng.getByte(); if (m<0) m=-m; m%=rn;
- v.inc(m+1);
- E[0]=(su+2*sv);
- u.toBytes(T);
- for (i=0;i<this.EFS;i++) E[i+1]=T[i];
- v.toBytes(T);
- for (i=0;i<this.EFS;i++) E[i+this.EFS+1]=T[i];
-
- return 0;
- },
-
- DECODING: function(D)
- {
- var i,su,sv;
- var T=[];
-
- if ((D[0]&0x04)!==0) return this.INVALID_POINT;
-
- for (i=0;i<this.EFS;i++) T[i]=D[i+1];
- var u=BIG.fromBytes(T);
- for (i=0;i<this.EFS;i++) T[i]=D[i+this.EFS+1];
- var v=BIG.fromBytes(T);
-
- su=D[0]&1;
- sv=(D[0]>>1)&1;
- var W=this.map(u,su);
- var P=this.map(v,sv);
- P.add(W);
- u=P.getX();
- v=P.getY();
- D[0]=0x04;
- u.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i+1]=T[i];
- v.toBytes(T);
- for (i=0;i<this.EFS;i++) D[i+this.EFS+1]=T[i];
-
- return 0;
- },
-
-/* R=R1+R2 in group G1 */
- RECOMBINE_G1: function(R1,R2,R)
- {
- var P=ECP.fromBytes(R1);
- var Q=ECP.fromBytes(R2);
-
- if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(R);
- return 0;
- },
-
-/* W=W1+W2 in group G2 */
- RECOMBINE_G2: function(W1,W2,W)
- {
- var P=ECP2.fromBytes(W1);
- var Q=ECP2.fromBytes(W2);
-
- if (P.is_infinity() || Q.is_infinity()) return this.INVALID_POINT;
-
- P.add(Q);
-
- P.toBytes(W);
- return 0;
- },
-
- HASH_ID: function(sha,ID)
- {
- return this.hashit(sha,0,ID);
- },
-
-/* create random secret S */
- RANDOM_GENERATE: function(rng,S)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var s=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- s.mod2m(2*ROM.AES_S);
- }
- s.toBytes(S);
- return 0;
- },
-
-/* Extract PIN from TOKEN for identity CID */
- EXTRACT_PIN: function(sha,CID,pin,TOKEN)
- {
- var P=ECP.fromBytes(TOKEN);
- if (P.is_infinity()) return this.INVALID_POINT;
- var h=this.hashit(sha,0,CID);
- var R=this.mapit(h);
-
- pin%=this.MAXPIN;
-
- R=R.pinmul(pin,this.PBLEN);
- P.sub(R);
-
- P.toBytes(TOKEN);
-
- return 0;
- },
-
-/* Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret */
- GET_SERVER_SECRET: function(S,SST)
- {
-
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var s=BIG.fromBytes(S);
- Q=PAIR.G2mul(Q,s);
- Q.toBytes(SST);
- return 0;
- },
-
- TEST_PAIR: function(PR)
- {
- var G=new ECP(0);
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var gx=new BIG(0); gx.rcopy(ROM.CURVE_Gx);
- var gy=new BIG(0); gy.rcopy(ROM.CURVE_Gy);
- G.setxy(gx,gy);
-
- var g=PAIR.ate(Q,G);
- g=PAIR.fexp(g);
- g.toBytes(PR);
- },
-
-/*
- W=x*H(G);
- if RNG == NULL then X is passed in
- if RNG != NULL the X is passed out
- if type=0 W=x*G where G is point on the curve, else W=x*M(G), where M(G) is mapping of octet G to point on the curve
-*/
- GET_G1_MULTIPLE: function(rng,type,X,G,W)
- {
- var x;
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
-
- if (rng!=null)
- {
- x=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- x.mod2m(2*ROM.AES_S);
- }
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P;
- if (type==0)
- {
- P=ECP.fromBytes(G);
- if (P.is_infinity()) return INVALID_POINT;
- }
- else
- P=this.mapit(G);
-
- PAIR.G1mul(P,x).toBytes(W);
- return 0;
- },
-
-
-/* Client secret CST=S*H(CID) where CID is client ID and S is master secret */
- GET_CLIENT_SECRET: function(S,CID,CST)
- {
- return this.GET_G1_MULTIPLE(null,1,S,CID,CST);
- },
-
-/* Time Permit CTT=S*(date|H(CID)) where S is master secret */
- GET_CLIENT_PERMIT: function(sha,date,S,CID,CTT)
- {
- var h=this.hashit(sha,date,CID);
- var P=this.mapit(h);
-
- var s=BIG.fromBytes(S);
- P=PAIR.G1mul(P,s);
- P.toBytes(CTT);
- return 0;
- },
-
-/* Implement step 1 on client side of MPin protocol */
- CLIENT_1: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- // var q=new BIG(0); q.rcopy(ROM.Modulus);
- var x;
- if (rng!==null)
- {
- x=BIG.randomnum(r,rng);
- if (ROM.AES_S>0)
- {
- x.mod2m(2*ROM.AES_S);
- }
- x.toBytes(X);
- }
- else
- {
- x=BIG.fromBytes(X);
- }
- var P,T,W;
-
- var h=this.hashit(sha,0,CLIENT_ID);
- P=this.mapit(h);
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return this.INVALID_POINT;
-
- pin%=this.MAXPIN;
- W=P.pinmul(pin,this.PBLEN);
- T.add(W);
-
- if (date!=0)
- {
- W=ECP.fromBytes(PERMIT);
- if (W.is_infinity()) return this.INVALID_POINT;
- T.add(W);
- h=this.hashit(sha,date,h);
- W=this.mapit(h);
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- W=PAIR.G1mul(W,x);
- P.add(W);
- }
- else
- {
- P.add(W);
- P=PAIR.G1mul(P,x);
- }
- if (xCID!=null) P.toBytes(xCID);
- }
- else
- {
- if (xID!=null)
- {
- P=PAIR.G1mul(P,x);
- P.toBytes(xID);
- }
- }
-
- T.toBytes(SEC);
- return 0;
- },
-
-/* Implement step 2 on client side of MPin protocol */
- CLIENT_2: function(X,Y,SEC)
- {
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var P=ECP.fromBytes(SEC);
- if (P.is_infinity()) return this.INVALID_POINT;
-
- var px=BIG.fromBytes(X);
- var py=BIG.fromBytes(Y);
- px.add(py);
- px.mod(r);
- // px.rsub(r);
-
- P=PAIR.G1mul(P,px);
- P.neg();
- P.toBytes(SEC);
- //PAIR.G1mul(P,px).toBytes(SEC);
- return 0;
- },
-
-/* Outputs H(CID) and H(T|H(CID)) for time permits. If no time permits set HID=HTID */
- SERVER_1: function(sha,date,CID,HID,HTID)
- {
- var h=this.hashit(sha,0,CID);
- var R,P=this.mapit(h);
-
- P.toBytes(HID);
- if (date!==0)
- {
- //if (HID!=null) P.toBytes(HID);
- h=this.hashit(sha,date,h);
- R=this.mapit(h);
- P.add(R);
- P.toBytes(HTID);
- }
- //else P.toBytes(HID);
- },
-
-/* Implement step 1 of MPin protocol on server side */
- SERVER_2: function(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F)
- {
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- var sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return this.INVALID_POINT;
-
- var R;
- if (date!==0)
- R=ECP.fromBytes(xCID);
- else
- {
- if (xID==null) return this.BAD_PARAMS;
- R=ECP.fromBytes(xID);
- }
- if (R.is_infinity()) return this.INVALID_POINT;
-
- var y=BIG.fromBytes(Y);
- var P;
-
- if (date!=0) P=ECP.fromBytes(HTID);
- else
- {
- if (HID==null) return this.BAD_PARAMS;
- P=ECP.fromBytes(HID);
- }
- if (P.is_infinity()) return this.INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- R=ECP.fromBytes(mSEC);
- if (R.is_infinity()) return this.INVALID_POINT;
-
- var g=PAIR.ate2(Q,R,sQ,P);
- g=PAIR.fexp(g);
-
- if (!g.isunity())
- {
- if (HID!=null && xID!=null && E!=null && F!=null)
- {
- g.toBytes(E);
- if (date!==0)
- {
- P=ECP.fromBytes(HID);
- if (P.is_infinity()) return this.INVALID_POINT;
- R=ECP.fromBytes(xID);
- if (R.is_infinity()) return this.INVALID_POINT;
-
- P=PAIR.G1mul(P,y);
- P.add(R);
- }
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
-
- g.toBytes(F);
- }
- return this.BAD_PIN;
- }
- return 0;
- },
-
-/* Pollards kangaroos used to return PIN error */
- KANGAROO: function(E,F)
- {
- var ge=FP12.fromBytes(E);
- var gf=FP12.fromBytes(F);
- var distance = [];
- var t=new FP12(gf);
- var table=[];
- var i,j,m,s,dn,dm,res,steps;
-
- s=1;
- for (m=0;m<this.TS;m++)
- {
- distance[m]=s;
- table[m]=new FP12(t);
- s*=2;
- t.usqr();
- }
- t.one();
- dn=0;
- for (j=0;j<this.TRAP;j++)
- {
- i=t.geta().geta().getA().lastbits(20)%this.TS;
- t.mul(table[i]);
- dn+=distance[i];
- }
- gf.copy(t); gf.conj();
- steps=0; dm=0;
- res=0;
- while (dm-dn<this.MAXPIN)
- {
- steps++;
- if (steps>4*this.TRAP) break;
- i=ge.geta().geta().getA().lastbits(20)%this.TS;
- ge.mul(table[i]);
- dm+=distance[i];
- if (ge.equals(t))
- {
- res=dm-dn;
- break;
- }
- if (ge.equals(gf))
- {
- res=dn-dm;
- break;
- }
-
- }
- if (steps>4*this.TRAP || dm-dn>=this.MAXPIN) {res=0; } // Trap Failed - probable invalid token
- return res;
- },
-
- /* return time since epoch */
- GET_TIME: function() {
- var now=new Date();
- return Math.floor(now.getTime()/(1000));
- },
-
- /* y = H(time,xCID) */
- GET_Y: function(sha,TimeValue,xCID,Y)
- {
- var q=new BIG(0);
- q.rcopy(ROM.CURVE_Order);
- var h=this.hashit(sha,TimeValue,xCID);
- var y=BIG.fromBytes(h);
- y.mod(q);
- if (ROM.AES_S>0)
- {
- y.mod2m(2*ROM.AES_S);
- }
- y.toBytes(Y);
- return 0;
- },
-
- /* One pass MPIN Client */
- CLIENT: function(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT,TimeValue,Y)
- {
-
- var rtn=0;
- var pID;
- if (date == 0) {
- pID = xID;
- } else {
- pID = xCID;
- xID = null;
- }
-
- rtn = this.CLIENT_1(sha,date,CLIENT_ID,rng,X,pin,TOKEN,SEC,xID,xCID,PERMIT);
- if (rtn != 0)
- return rtn;
-
- this.GET_Y(sha,TimeValue,pID,Y);
-
- rtn = this.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- return rtn;
-
- return 0;
- },
-
- /* One pass MPIN Server */
- SERVER: function(sha,date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F,CID,TimeValue)
- {
- var rtn=0;
- var pID;
- if (date == 0) {
- pID = xID;
- } else {
- pID = xCID;
- }
-
- this.SERVER_1(sha,date,CID,HID,HTID);
-
- this.GET_Y(sha,TimeValue,pID,Y);
-
- rtn = this.SERVER_2(date,HID,HTID,Y,SST,xID,xCID,mSEC,E,F);
- if (rtn != 0)
- return rtn;
-
- return 0;
- },
-
-/* Functions to support M-Pin Full */
-
- PRECOMPUTE: function(TOKEN,CID,G1,G2)
- {
- var P,T;
- var g;
-
- T=ECP.fromBytes(TOKEN);
- if (T.is_infinity()) return INVALID_POINT;
-
- P=this.mapit(CID);
-
- var A=new BIG(0);
- var B=new BIG(0);
- A.rcopy(ROM.CURVE_Pxa); B.rcopy(ROM.CURVE_Pxb);
- var QX=new FP2(0); QX.bset(A,B);
- A.rcopy(ROM.CURVE_Pya); B.rcopy(ROM.CURVE_Pyb);
- var QY=new FP2(0); QY.bset(A,B);
-
- var Q=new ECP2();
- Q.setxy(QX,QY);
-
- g=PAIR.ate(Q,T);
- g=PAIR.fexp(g);
- g.toBytes(G1);
-
- g=PAIR.ate(Q,P);
- g=PAIR.fexp(g);
- g.toBytes(G2);
-
- return 0;
- },
-
-/* Hash the M-Pin transcript - new */
-
- HASH_ALL: function(sha,HID,xID,xCID,SEC,Y,R,W)
- {
- var tlen=0;
- var T=[];
-
-
- for (var i=0;i<HID.length;i++) T[i]=HID[i];
- tlen+=HID.length;
- if (xCID!=null)
- {
- for (var i=0;i<xCID.length;i++) T[i+tlen]=xCID[i];
- tlen+=xCID.length;
- }
- else
- {
- for (i=0;i<xID.length;i++) T[i+tlen]=xID[i];
- tlen+=xID.length;
- }
- for (var i=0;i<SEC.length;i++) T[i+tlen]=SEC[i];
- tlen+=SEC.length;
- for (var i=0;i<Y.length;i++) T[i+tlen]=Y[i];
- tlen+=Y.length;
- for (var i=0;i<R.length;i++) T[i+tlen]=R[i];
- tlen+=R.length;
- for (var i=0;i<W.length;i++) T[i+tlen]=W[i];
- tlen+=W.length;
-
- return this.hashit(sha,0,T);
- },
-
-/* calculate common key on client side */
-/* wCID = w.(A+AT) */
- CLIENT_KEY: function(sha,G1,G2,pin,R,X,H,wCID,CK)
- {
- var t=[];
-
- var g1=FP12.fromBytes(G1);
- var g2=FP12.fromBytes(G2);
- var z=BIG.fromBytes(R);
- var x=BIG.fromBytes(X);
- var h=BIG.fromBytes(H);
-
- var W=ECP.fromBytes(wCID);
- if (W.is_infinity()) return this.INVALID_POINT;
-
- W=PAIR.G1mul(W,x);
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- var r=new BIG(0); r.rcopy(ROM.CURVE_Order);
- var q=new BIG(0); q.rcopy(ROM.Modulus);
-
- z.add(h);
- z.mod(r);
-
- var m=new BIG(q);
- m.mod(r);
-
- var a=new BIG(z);
- a.mod(m);
-
- var b=new BIG(z);
- b.div(m);
-
- g2.pinpow(pin,this.PBLEN);
- g1.mul(g2);
-
- var c=g1.trace();
- g2.copy(g1);
- g2.frob(f);
- var cp=g2.trace();
- g1.conj();
- g2.mul(g1);
- var cpm1=g2.trace();
- g2.mul(g1);
- var cpm2=g2.trace();
-
- c=c.xtr_pow2(cp,cpm1,cpm2,a,b);
-
- t=this.mpin_hash(sha,c,W);
-
- for (var i=0;i<this.PAS;i++) CK[i]=t[i];
-
- return 0;
- },
-
-/* calculate common key on server side */
-/* Z=r.A - no time permits involved */
-
- SERVER_KEY: function(sha,Z,SST,W,H,HID,xID,xCID,SK)
- {
- var t=[];
-
- var sQ=ECP2.fromBytes(SST);
- if (sQ.is_infinity()) return this.INVALID_POINT;
- var R=ECP.fromBytes(Z);
- if (R.is_infinity()) return this.INVALID_POINT;
- var A=ECP.fromBytes(HID);
- if (A.is_infinity()) return this.INVALID_POINT;
-
- var U;
- if (xCID!=null)
- U=ECP.fromBytes(xCID);
- else
- U=ECP.fromBytes(xID);
- if (U.is_infinity()) return this.INVALID_POINT;
-
- var w=BIG.fromBytes(W);
- var h=BIG.fromBytes(H);
- A=PAIR.G1mul(A,h);
- R.add(A);
-
- U=PAIR.G1mul(U,w);
- var g=PAIR.ate(sQ,R);
- g=PAIR.fexp(g);
-
- var c=g.trace();
-
- t=this.mpin_hash(sha,c,U);
-
- for (var i=0;i<this.PAS;i++) SK[i]=t[i];
-
- return 0;
- }
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/PAIR.js
----------------------------------------------------------------------
diff --git a/version22/js/PAIR.js b/version22/js/PAIR.js
deleted file mode 100644
index e7c5878..0000000
--- a/version22/js/PAIR.js
+++ /dev/null
@@ -1,650 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-var PAIR = {
-/* Line function */
- line: function(A,B,Qx,Qy)
- {
- var P=new ECP2();
- var a,b,c;
- var r=new FP12(1);
- P.copy(A);
-
- var ZZ=new FP2(P.getz()); //ZZ.copy(P.getz());
- ZZ.sqr();
- var D;
- if (A==B) D=A.dbl();
- else D=A.add(B);
- if (D<0) return r;
- var Z3=new FP2(A.getz()); //Z3.copy(A.getz());
- c=new FP4(0);
- var X,Y,T;
- if (D===0)
- { /* Addition */
- X=new FP2(B.getx()); //X.copy(B.getx());
- Y=new FP2(B.gety()); //Y.copy(B.gety());
- T=new FP2(P.getz()); //T.copy(P.getz());
-
- T.mul(Y);
- ZZ.mul(T);
-
- var NY=new FP2(P.gety()); /*NY.copy(P.gety());*/ NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T); //a.set(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- else
- { /* Doubling */
- X=new FP2(P.getx()); //X.copy(P.getx());
- Y=new FP2(P.gety()); //Y.copy(P.gety());
- T=new FP2(P.getx()); //T.copy(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X); //a.set(Z3,X);
- T.neg();
- ZZ.mul(T);
-
- ZZ.pmul(Qx);
-
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- r.set(a,b,c);
- return r;
- },
-
-/* Optimal R-ate pairing */
- ate: function(P,Q)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- n.pmul(6); n.dec(2);
- }
- else
- n.copy(x);
- n.norm();
-
- P.affine();
- Q.affine();
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var A=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
-
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- }
- r.sqr();
- }
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- if (n.parity()==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- }
-
-/* R-ate fixup */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- r.conj();
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- }
- return r;
- },
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- ate2: function(P,Q,R,S)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
-
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- n.pmul(6); n.dec(2);
- }
- else
- n.copy(x);
- n.norm();
-
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var Sx=new FP(S.getx()); //Sx.copy(S.getx());
- var Sy=new FP(S.gety()); //Sy.copy(S.gety());
-
- var A=new ECP2();
- var B=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
- if (n.parity()==1)
- {
- lv=line(A,P,Qx,Qy);
- r.smul(lv);
- lv=line(B,R,Sx,Sy);
- r.smul(lv);
- }
-
-/* R-ate fixup required for BN curves */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
- }
- return r;
- },
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- fexp: function(m)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var r=new FP12(m); //r.copy(m);
-
-/* Easy part of final exp */
- var lv=new FP12(r); //lv.copy(r);
- lv.inverse();
- r.conj();
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-
-/* Hard part of final exp */
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- var x0,x1,x2,x3,x4,x5;
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv); //x0.copy(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r); //x1.copy(r);
- x1.conj();
-
- x4=r.pow(x);
-
- x3=new FP12(x4); //x3.copy(x4);
- x3.frob(f);
- x2=x4.pow(x);
-
- x5=new FP12(x2); /*x5.copy(x2);*/ x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- }
- else
- {
- var y0,y1,y2,y3;
-// Ghamman & Fouotsa Method
- y0=new FP12(r); y0.usqr();
- y1=y0.pow(x);
- x.fshr(1); y2=y1.pow(x); x.fshl(1);
- y3=new FP12(r); y3.conj();
- y1.mul(y3);
-
- y1.conj();
- y1.mul(y2);
-
- y2=y1.pow(x);
-
- y3=y2.pow(x);
- y1.conj();
- y3.mul(y1);
-
- y1.conj();
- y1.frob(f); y1.frob(f); y1.frob(f);
- y2.frob(f); y2.frob(f);
- y1.mul(y2);
-
- y2=y3.pow(x);
- y2.mul(y0);
- y2.mul(r);
-
- y1.mul(y2);
- y2.copy(y3); y2.frob(f);
- y1.mul(y2);
- r.copy(y1);
- r.reduce();
-
-
-/*
- x0=new FP12(r);
- x1=new FP12(r);
- lv.copy(r); lv.frob(f);
- x3=new FP12(lv); x3.conj(); x1.mul(x3);
- lv.frob(f); lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x)); //r=r.pow(x);
- x3.copy(r); x3.conj(); x1.mul(x3);
- lv.copy(r); lv.frob(f);
- x0.mul(lv);
- lv.frob(f);
- x1.mul(lv);
- lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
-
- r.copy(r.pow(x));
- x0.mul(r);
- lv.copy(r); lv.frob(f); lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
- lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- lv.copy(r); lv.frob(f);
- x3.copy(lv); x3.conj(); x0.mul(x3);
- lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- x3.copy(r); x3.conj(); x0.mul(x3);
- lv.copy(r); lv.frob(f);
- x1.mul(lv);
-
- r.copy(r.pow(x));
- x1.mul(r);
-
- x0.usqr();
- x0.mul(x1);
- r.copy(x0);
- r.reduce(); */
- }
- return r;
- }
-};
-
-/* GLV method */
-PAIR.glv= function(e)
-{
- var u=[];
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var v=[];
-
- for (i=0;i<2;i++)
- {
- t.rcopy(ROM.CURVE_W[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.rcopy(ROM.CURVE_SB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- else
- { // -(x^2).P = (Beta.x,y)
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var x2=BIG.smul(x,x);
- u[0]=new BIG(e);
- u[0].mod(x2);
- u[1]=new BIG(e);
- u[1].div(x2);
- u[1].rsub(q);
- }
- return u;
-};
-
-/* Galbraith & Scott Method */
-PAIR.gs= function(e)
-{
- var u=[];
- if (ROM.CURVE_PAIRING_TYPE==ROM.BN_CURVE)
- {
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
-
- var v=[];
-
- for (i=0;i<4;i++)
- {
- t.rcopy(ROM.CURVE_WB[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
-
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.rcopy(ROM.CURVE_BB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- }
- else
- {
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var w=new BIG(e);
- for (var i=0;i<4;i++)
- {
- u[i]=new BIG(w);
- u[i].mod(x);
- w.div(x);
- }
- }
- return u;
-};
-
-/* Multiply P by e in group G1 */
-PAIR.G1mul= function(P,e)
-{
- var R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- var np,nn;
- var Q=new ECP();
- Q.copy(P);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var bcru=new BIG(0); bcru.rcopy(ROM.CURVE_Cru);
- var cru=new FP(bcru);
- var t=new BIG(0);
- var u=PAIR.glv(e);
-
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Multiply P by e in group G2 */
-PAIR.G2mul= function(P,e)
-{
- var R;
- if (ROM.USE_GS_G2)
- {
- var Q=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
-
- var u=PAIR.gs(e);
- var t=new BIG(0);
- var i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
-
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.js */
-PAIR.GTpow= function(d,e)
-{
- var r;
- if (ROM.USE_GS_GT)
- {
- var g=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var t=new BIG(0);
- var i,np,nn;
- var u=PAIR.gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
-};
-
-/* test group membership - no longer needed */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-/*
-PAIR.GTmember= function(m)
-{
- if (m.isunity()) return false;
- var r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- r.copy(m); r.frob(f); r.frob(f);
- var w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
-};
-*/
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/RAND.js
----------------------------------------------------------------------
diff --git a/version22/js/RAND.js b/version22/js/RAND.js
deleted file mode 100644
index 9e2dddd..0000000
--- a/version22/js/RAND.js
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-var RAND=function()
-{
-/* Cryptographically strong pseudo-random number generator */
- this.ira=[]; /* random number... */
- this.rndptr=0; /* ...array & pointer */
- this.borrow=0;
- this.pool_ptr=0;
- this.pool=[]; /* random pool */
- this.clean();
-};
-
-RAND.prototype=
-{
- NK:21,
- NJ:6,
- NV:8,
-
-/* Terminate and clean up */
- clean : function()
- {
- var i;
- for (i=0;i<32;i++) this.pool[i]=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- this.rndptr=0;
- this.borrow=0;
- this.pool_ptr=0;
- },
-
- sbrand: function()
- { /* Marsaglia & Zaman random number generator */
- var i,k;
- var pdiff,t; /* unsigned 32-bit */
-
- this.rndptr++;
- if (this.rndptr<this.NK) return this.ira[this.rndptr];
- this.rndptr=0;
- for (i=0,k=this.NK-this.NJ;i<this.NK;i++,k++)
- { /* calculate next NK values */
- if (k==this.NK) k=0;
- t=this.ira[k]>>>0;
- pdiff=(t - this.ira[i] - this.borrow)|0;
- pdiff>>>=0; /* This is seriously wierd shit. I got to do this to get a proper unsigned comparison... */
- if (pdiff<t) this.borrow=0;
- if (pdiff>t) this.borrow=1;
- this.ira[i]=(pdiff|0);
- }
- return this.ira[0];
- },
-
- sirand: function(seed)
- {
- var i,inn;
- var t,m=1;
- this.borrow=0;
- this.rndptr=0;
- seed>>>=0;
- this.ira[0]^=seed;
-
- for (i=1;i<this.NK;i++)
- { /* fill initialisation vector */
- inn=(this.NV*i)%this.NK;
- this.ira[inn]^=m; /* note XOR */
- t=m;
- m=(seed-m)|0;
- seed=t;
- }
-
- for (i=0;i<10000;i++) this.sbrand(); /* "warm-up" & stir the generator */
- },
-
- fill_pool: function()
- {
- var sh=new HASH256();
- for (var i=0;i<128;i++) sh.process(this.sbrand());
- this.pool=sh.hash();
- this.pool_ptr=0;
- },
-
-/* Initialize RNG with some real entropy from some external source */
- seed: function(rawlen,raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- var i;
- var digest=[];
- var b=[];
- var sh=new HASH256();
- this.pool_ptr=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- this.sirand(RAND.pack(b));
- }
- }
- this.fill_pool();
- },
-
-/* get random byte */
- getByte: function()
- {
- var r=this.pool[this.pool_ptr++];
- if (this.pool_ptr>=32) this.fill_pool();
- return (r&0xff);
- }
-};
-
-RAND.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff);
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/js/ROM.js
----------------------------------------------------------------------
diff --git a/version22/js/ROM.js b/version22/js/ROM.js
deleted file mode 100644
index dcf2af1..0000000
--- a/version22/js/ROM.js
+++ /dev/null
@@ -1,716 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-var ROM={
- CHUNK: 32,
-
-/* Field Type */
- NOT_SPECIAL: 0,
- PSEUDO_MERSENNE: 1,
- GENERALISED_MERSENNE: 2,
- MONTGOMERY_FRIENDLY: 3,
-
-/* Curve Type */
- WEIERSTRASS: 0,
- EDWARDS: 1,
- MONTGOMERY: 2,
- BN_CURVE: 0,
- BLS_CURVE: 1,
-
-/* Finite field support - for RSA, DH etc. */
- FFLEN: 4, /* Defines Finite Field size n = BIGBITS.FFLEN, where FFLEN mustbe power of 2 */
-
-/*** Enter Some Field details here ***/
-/* C25519 */
-// MODBITS: 255, /* Number of bits in Modulus */
-// MOD8: 5, /* Modulus mod 8 */
-// BASEBITS: 24,
-// AES_S: 0,
-
-/* NIST Curve */
-/* Brainpool */
-// MODBITS: 256,
-// MOD8: 7,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* BN254/BNCX */
- MODBITS: 254,
- MOD8: 3,
- BASEBITS: 24,
- AES_S: 0,
-
-/* BLS383 */
-// MODBITS: 383,
-// MOD8: 3,
-// BASEBITS: 23,
-// AES_S: 0,
-
-/* BN454 */
-// MODBITS: 454,
-// MOD8: 3,
-// BASEBITS: 23,
-// AES_S: 128,
-
-/* BLS455 */
-// MODBITS: 455,
-// MOD8: 3,
-// BASEBITS: 23,
-// AES_S: 128,
-
-/* MF254 */
-// MODBITS: 254,
-// MOD8: 7,
-// BASEBITS: 24,
-
-/* MS255 */
-// MODBITS: 255,
-// MOD8: 3,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* MF256 */
-// MODBITS: 256,
-// MOD8: 7,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* MS256 */
-// MODBITS: 256,
-// MOD8: 3,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* ANSSI */
-// MODBITS: 256,
-// MOD8: 3,
-// BASEBITS: 24,
-// AES_S: 0
-
-/* HIFIVE */
-// MODBITS: 336,
-// MOD8: 5,
-// BASEBITS: 23,
-// AES_S: 128
-
-/* GOLDILOCKS */
-// MODBITS: 448,
-// MOD8: 5,
-// BASEBITS: 23,
-// AES_S: 0
-
-/* C41417 */
-// MODBITS: 414,
-// MOD8: 7,
-// BASEBITS: 22,
-// AES_S: 0
-
-/* NIST384 */
-// MODBITS: 384,
-// MOD8: 7,
-// BASEBITS: 23,
-// AES_S: 0
-
-/* NIST521 */
-// MODBITS: 521,
-// MOD8: 7,
-// BASEBITS: 23,
-// AES_S: 0
-
-/* Specify Field here */
-
-/* C25519 */
-// MODTYPE: 1,
-// Modulus: [0xFFFFED,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-// MConst: 19,
-
-/* BNCX */
- MODTYPE:0,
- Modulus: [0x1B55B3,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- MConst:0x789E85,
-
-/* BLS383 */
-// MODTYPE:0,
-// Modulus: [0x2D556B,0x556A55,0x75EAB2,0x23AFBA,0x1BB01,0x2BAEA4,0x5CC20F,0x758B67,0x20F99,0x640A63,0x69A3A8,0x6009AA,0x2A7852,0x20B8AA,0x7DD718,0x104054,0x7AC5],
-// MConst:0x23D0BD,
-
-/* HIFIVE */
-// MODTYPE:1,
-// Modulus: [0x7FFFFD,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x3FFF],
-// MConst: 0x3,
-
-/* GOLDILOCKS */
-// MODTYPE: 2,
-// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF],
-// MConst: 0x1,
-
-/* C41417 */
-// MODTYPE: 1,
-// Modulus: [0x3FFFEF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFF],
-// MConst: 0x11,
-
-/* NIST384 */
-// MODTYPE: 0,
-// Modulus: [0x7FFFFF,0x1FF,0x0,0x0,0x7FFFF0,0x7FDFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF],
-// MConst: 0x1,
-
-/* NIST521 */
-// MODTYPE: 1,
-// Modulus: [0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF],
-// MConst: 0x1,
-
-/* BN254 Curve */
-//MODTYPE:0,
-//Modulus: [0x13,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-//MConst:0x9435E5,
-
-/* BN454 Curve */
-//MODTYPE:0,
-//Modulus: [0x13,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],
-//MConst:0x1435E5,
-
-/* BLS455 Curve */
-//MODTYPE:0,
-//Modulus: [0x2AB,0x300,0x5AAA80,0x59554A,0x589556,0x2374D8,0x2B3A1B,0x6DCCCA,0x14B8B3,0x29F966,0x2F64E5,0x6AB11A,0x63A5B1,0x7ECCB,0x2480C0,0x7CADA,0x2AA00E,0x72AAAE,0x655555,0x2AAAA],
-//MConst:0x4017FD,
-
-/* BNT Curve */
-//MODTYPE:0,
-//Modulus: [0xB4A713,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-//MConst:0x14C4E5,
-
-/* BNT2 */
-//MODTYPE:0,
-//Modulus: [0x60A48B,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-//MConst:0x505CDD,
-
-/* NIST Modulus */
-// MODTYPE:0,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x1,0xFFFF00,0xFFFF],
-// MConst:0x1,
-
-/* MF254 Modulus */
-// MODTYPE:3,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-// MConst:0x3F81,
-
-/* MS255 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFD03,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//MConst:0x2FD,
-
-/* MS256 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFF43,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//MConst:0xBD,
-
-/* MF256 Modulus */
-//MODTYPE:3,
-//Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//MConst:0xFFA8,
-
-/* Brainpool Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E5377,0x481D1F,0x282013,0xD52620,0x3BF623,0x8D726E,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// MConst:0xFD89B9,
-
-/* ANSSI Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E9C03,0xF353D8,0x6DE8FC,0xABC8CA,0x61ADBC,0x435B39,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// MConst:0x4E1155,
-
-/* Specify Curve here */
-
-/* ED25519 Edwards */
-// CURVETYPE: 1,
-// CURVE_A : -1,
-// CURVE_B : [0x5978A3,0x4DCA13,0xAB75EB,0x4141D8,0x700A4D,0xE89800,0x797779,0x8CC740,0x6FFE73,0x6CEE2B,0x5203],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x25D51A,0x2D608F,0xB2C956,0x9525A7,0x2CC760,0xDC5C69,0x31FDD6,0xC0A4E2,0x6E53FE,0x36D3CD,0x2169],
-// CURVE_Gy: [0x666658,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x6666],
-
-/* Curve25519 */
-// CURVETYPE: 2,
-// CURVE_A : 486662,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* NIST Curve */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xD2604B,0x3C3E27,0xF63BCE,0xCC53B0,0x1D06B0,0x86BC65,0x557698,0xB3EBBD,0x3A93E7,0x35D8AA,0x5AC6],
-// CURVE_Order:[0x632551,0xCAC2FC,0x84F3B9,0xA7179E,0xE6FAAD,0xFFFFBC,0xFFFFFF,0xFFFFFF,0x0,0xFFFF00,0xFFFF],
-// CURVE_Gx :[0x98C296,0x3945D8,0xA0F4A1,0x2DEB33,0x37D81,0x40F277,0xE563A4,0xF8BCE6,0x2C4247,0xD1F2E1,0x6B17],
-// CURVE_Gy :[0xBF51F5,0x406837,0xCECBB6,0x6B315E,0xCE3357,0x9E162B,0x4A7C0F,0x8EE7EB,0x1A7F9B,0x42E2FE,0x4FE3],
-
-/* MF254 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFD08D,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Order:[0x8DF83F,0x19C4AF,0xC06FA4,0xDA375,0x818BEA,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Gx :[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xD4EBC,0xDF37F9,0x31AD65,0xF85119,0xB738E3,0x8AEBDF,0x75BD77,0x4AE15A,0x2E5601,0x3FD33B,0x140E],
-
-/* MF254 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x2701E5,0xD0FDAF,0x187C52,0xE3212,0x329A84,0x3F4E36,0xD50236,0x951D00,0xA4C335,0xE690D6,0x19F0],
-
-
-/* MF254 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -55790,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-// CURVE_Gx: [0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS255 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFAB46,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Order:[0x594AEB,0xAC983C,0xDFAB8F,0x3AD2B3,0x4A3828,0xFFFF86,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xCB44BA,0xFF6769,0xD1733,0xDDFDA6,0xB6C78C,0x7D177D,0xF9B2FF,0x921EBF,0xBA7833,0x6AC0ED,0x6F7A],
-
-/* MS255 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-//CURVE_Gx :[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x8736A0,0x255BD0,0x45BA2A,0xED445A,0x914B8A,0x47E552,0xDD8E0C,0xEC254C,0x7BB545,0x78534A,0x26CB],
-
-/* MS255 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -240222,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-// CURVE_Gx: [0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x51A825,0x202947,0x6020AB,0xEA265C,0x3C8275,0xFFFFE4,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xB56C77,0x6306C2,0xC10BF4,0x75894E,0x2C2F93,0xDD6BD0,0x6CCEEE,0xFC82C9,0xE466D7,0x1853C1,0x696F],
-
-/* MS256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-//CURVE_Gx :[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x1CADBA,0x6FB533,0x3F707F,0x824D30,0x2A6D63,0x46BFBE,0xB39FA0,0xA3D330,0x1276DB,0xB41E2A,0x7D0A],
-
-/* MS256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -61370,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-// CURVE_Gx: [0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MF256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x9857EB,0xC5E1A7,0x4B9D10,0xE6E507,0x517513,0xFFFFFC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x724D2A,0x954C2B,0x661007,0x8D94DC,0x6947EB,0xAE2895,0x26123D,0x7BABBA,0x1808CE,0x7C87BE,0x2088],
-
-/* MF256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xF3C908,0xA722F2,0x8D7DEA,0x8DFEA6,0xC05E64,0x1AACA0,0xF3DB2C,0xEAEBEE,0xCC4D5A,0xD4F8F8,0xDAD8],
-
-/* MF256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -54314,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-// CURVE_Gx: [0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* Brainpool */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xE92B04,0x8101FE,0x256AE5,0xAF2F49,0x93EBC4,0x76B7BF,0x733D0B,0xFE66A7,0xD84EA4,0x61C430,0x662C],
-// CURVE_Order:[0x4856A7,0xE8297,0xF7901E,0xB561A6,0x397AA3,0x8D718C,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// CURVE_Gx :[0x1305F4,0x91562E,0x2B79A1,0x7AAFBC,0xA142C4,0x6149AF,0xB23A65,0x732213,0xCFE7B7,0xEB3CC1,0xA3E8],
-// CURVE_Gy :[0x25C9BE,0xE8F35B,0x1DAB,0x39D027,0xBCB6DE,0x417E69,0xE14644,0x7F7B22,0x39C56D,0x6C8234,0x2D99],
-
-/* ANSSI */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x7BB73F,0xED967B,0x803075,0xE4B1A1,0xEC0C9A,0xC00FDF,0x754A44,0xD4ABA,0x28A930,0x3FCA54,0xEE35],
-// CURVE_Order:[0xD655E1,0xD459C6,0x941FFD,0x40D2BF,0xDC67E1,0x435B53,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// CURVE_Gx :[0x8F5CFF,0x7A2DD9,0x164C9,0xAF98B7,0x27D2DC,0x23958C,0x4749D4,0x31183D,0xC139EB,0xD4C356,0xB6B3],
-// CURVE_Gy :[0x62CFB,0x5A1554,0xE18311,0xE8E4C9,0x1C307,0xEF8C27,0xF0F3EC,0x1F9271,0xB20491,0xE0F7C8,0x6142],
-
-/* HIFIVE */
-// CURVETYPE:1,
-// CURVE_A : 1,
-// CURVE_B : [0x2B67,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x1FA805,0x2B2E7D,0x29ECBE,0x3FC9DD,0xBD6B8,0x530A18,0x45057E,0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x800],
-// CURVE_Gx :[0xC,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy :[0x7E8632,0xD0A0B,0x6C4AFB,0x501B2E,0x55650C,0x36DB6B,0x1FBD0D,0x61C08E,0x314B46,0x70A7A3,0x587401,0xC70E0,0x56502E,0x38C2D6,0x303],
-
-/* GOLDILOCKS */
-// CURVETYPE:1,
-// CURVE_A : 1,
-// CURVE_B : [0x7F6756,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7DFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FF],
-// CURVE_Order:[0x5844F3,0x52556,0x548DE3,0x6E2C7A,0x4C2728,0x52042D,0x6BB58D,0x276DA4,0x23E9C4,0x7EF994,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x1FF],
-// CURVE_Gx :[0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x52AAAA,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555555,0x2AAAAA,0x555],
-// CURVE_Gy :[0x1386ED,0x779BD5,0x2F6BAB,0xE6D03,0x4B2BED,0x131777,0x4E8A8C,0x32B2C1,0x44B80D,0x6515B1,0x5F8DB5,0x426EBD,0x7A0358,0x6DDA,0x21B0AC,0x6B1028,0xDB359,0x15AE09,0x17A58D,0x570],
-
-/* C41417 */
-// CURVETYPE:1,
-// CURVE_A : 1,
-// CURVE_B : [0xE21,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x6AF79,0x69784,0x1B0E7,0x18F3C6,0x338AD,0xDBC70,0x6022B,0x533DC,0x3CC924,0x3FFFAC,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x3FFFFF,0x7FFF],
-// CURVE_Gx :[0xBC595,0x204BCF,0xC4FD3,0x14DF19,0x33FAA8,0x4C069,0x16BA11,0x2AD35B,0x1498A4,0x15FFCD,0x3EC7F,0x27D130,0xD4636,0x9B97F,0x631C3,0x8630,0x144330,0x241450,0x1A334],
-// CURVE_Gy :[0x22,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* NIST384 */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x6C2AEF,0x11DBA7,0x74AA17,0x51768C,0x6398D8,0x6B58CA,0x5404E1,0xA0447,0x411203,0x5DFD02,0x607671,0x4168C8,0x56BE3F,0x1311C0,0xFB9F9,0x17D3F1,0xB331],
-// CURVE_Order:[0x452973,0x32D599,0x6BB3B0,0x45853B,0x20DB24,0x3BEB03,0x7D0DCB,0x31A6C0,0x7FFFC7,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0xFFFF],
-// CURVE_Gx :[0x760AB7,0x3C70E4,0x30E951,0x7AA94B,0x2F25DB,0x470AA0,0x20950A,0x7BA0F0,0x1B9859,0x45174F,0x3874ED,0x56BA3,0x71EF32,0x71D638,0x22C14D,0x65115F,0xAA87],
-// CURVE_Gy :[0x6A0E5F,0x3AF921,0x75E90C,0x6BF40C,0xB1CE1,0x18014C,0x6D7C2E,0x6D1889,0x147CE9,0x7A5134,0x63D076,0x16E14F,0xBF929,0x6BB3D3,0x98B1B,0x6F254B,0x3617],
-
-/* NIST521 */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x503F00,0x3FA8D6,0x47BD14,0x6961A7,0x3DF883,0x60E6AE,0x4EEC6F,0x29605E,0x137B16,0x23D8FD,0x5864E5,0x84F0A,0x1918EF,0x771691,0x6CC57C,0x392DCC,0x6EA2DA,0x6D0A81,0x688682,0x50FC94,0x18E1C9,0x27D72C,0x1465],
-// CURVE_Order:[0x386409,0x6E3D22,0x3AEDBE,0x4CE23D,0x5C9B88,0x3A0776,0x3DC269,0x6600A4,0x166B7F,0x77E5F,0x461A1E,0x7FFFD2,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFFFF,0x7FFF],
-// CURVE_Gx :[0x65BD66,0x7C6385,0x6FE5F9,0x2B5214,0xB3C18,0x1BC669,0x68BFEA,0xEE093,0x5928FE,0x6FDFCE,0x52D79,0x69EDD5,0x7606B4,0x3F0515,0x4FED48,0x409C82,0x429C64,0x472B68,0x7B2D98,0x4E6CF1,0x70404E,0x31C0D6,0x31A1],
-// CURVE_Gy :[0x516650,0x28ED3F,0x222FA,0x139612,0x47086A,0x6C26A7,0x4FEB41,0x285C80,0x2640C5,0x32BDE8,0x5FB9CA,0x733164,0x517273,0x2F5F7,0x66D11A,0x2224AB,0x5998F5,0x58FA37,0x297ED0,0x22E4,0x9A3BC,0x252D4F,0x460E],
-
-/* BNCX Curve */
-
- CURVETYPE:0,
- CURVE_PAIRING_TYPE: 0,
- CURVE_A : 0,
- CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- CURVE_Order:[0xEB1F6D,0xC0A636,0xCEBE11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Bnx:[0xC012B1,0x3,0x4000],
- CURVE_Cru:[0x235C97,0x931794,0x5631E0,0x71EF87,0xBDDF64,0x3F1440,0xCA8,0x480000],
- CURVE_Fra:[0xC80EA3,0x83355,0x215BD9,0xF173F8,0x677326,0x189868,0x8AACA7,0xAFE18B,0x3A0164,0x82FA6,0x1359],
- CURVE_Frb:[0x534710,0x1BBC06,0xC0628D,0x269546,0xD863C7,0x4E3ABB,0xD9CDBC,0xDC53,0x3628A9,0xF7D062,0x10A6],
- CURVE_Pxa:[0xD2EC74,0x1CEEE4,0x26C085,0xA03E27,0x7C85BF,0x4BBB90,0xF5C3,0x358B25,0x53B256,0x2D2C70,0x1968],
- CURVE_Pxb:[0x29CFE1,0x8E8B2E,0xF47A5,0xC209C3,0x1B97B0,0x9743F8,0x37A8E9,0xA011C9,0x19F64A,0xB9EC3E,0x1466],
- CURVE_Pya:[0xBE09F,0xFCEBCF,0xB30CFB,0x847EC1,0x61B33D,0xE20963,0x157DAE,0xD81E22,0x332B8D,0xEDD972,0xA79],
- CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616],
- CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Gy :[0x1],
-
-// Arrays must be padded!
-
- CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]],
- CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0],
- [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0],
- [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]],
- CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]],
- [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-
-/* BNT Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0x30210D,0x777E8D,0x363A75,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Bnx:[0x4081,0x806000,0x4000],
-CURVE_Cru:[0x4FCD87,0x53D5AB,0x1FADEB,0xF2BAB1,0x4C82A5,0x4C976,0x476515,0x4801B1],
-CURVE_Fra:[0xC80022,0xD14EAD,0xE359F5,0xD6FACC,0x6C4904,0x3211BE,0xF190A1,0x4F6509,0xBBC439,0xA292C9,0x1328],
-CURVE_Frb:[0xECA6F1,0xEAB040,0xD764A7,0x3DF997,0x1E0C51,0xA3DEB0,0x450657,0xAAA6A1,0x5B3D15,0x7E489B,0x10D8],
-CURVE_Pxa:[0x8E65BB,0x87E228,0x13BE89,0x1CAA63,0xCC00AD,0x548B7C,0x325041,0xBCC055,0xC1339E,0x3FCD04,0x1448],
-CURVE_Pxb:[0xDBE2C0,0x888808,0x853A67,0xF81E34,0x957FE1,0x51B57B,0xA631A,0xDA3FC5,0x4EC302,0x46B338,0x87F],
-CURVE_Pya:[0x20CA1D,0x2C47E0,0xF36C20,0x7E8399,0x4CB416,0x9F72C9,0xC6E543,0x4A2C69,0x2B0BD7,0xC29C10,0x14E8],
-CURVE_Pyb:[0x6628F2,0x437C71,0xDC6BD8,0x67BCB7,0xA27E1,0x72681D,0xA82C75,0xEDEC18,0x454BD1,0xE2A462,0x17AF],
-CURVE_Gx :[0xB4A712,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x838403,0x430061,0x838426,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0],[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0x840504,0x43C061,0x840427,0x824199,0x18121,0x60,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xAC9D0A,0x347E2B,0xB2B64F,0x107131,0x875313,0xD5EFAE,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]]],
-CURVE_WB:[[0x80C080,0x406020,0x80C161,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x8C4A85,0x390408,0x6C36B5,0xA352DC,0xDEAD2F,0x58868E,0xDA4363,0x300120,0x0,0x0,0x0],
- [0x464583,0xDCB204,0x363B5A,0xD1A96E,0x6F5697,0xAC4347,0x6D21B1,0x180090,0x0,0x0,0x0],
- [0x814181,0x412020,0x814162,0x80C088,0x8060,0x20,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]],
- [[0x8102,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x8101,0xC000,0x8001,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x10202,0x18000,0x10002,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2FA00A,0x76BE8D,0x35BA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
- [0x4082,0x806000,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-
-*/
-
-/* BNT2 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xAA2BF5,0x71A511,0x33D7FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Bnx:[0x608205,0x20100,0x4000],
-CURVE_Cru:[0x66BD33,0x274448,0xEFB50,0x301647,0x755B77,0xECF236,0xC3617B,0x480006],
-CURVE_Fra:[0xAEF062,0x68C973,0xE492B2,0x33C3BC,0xBCC69B,0x7F195B,0xF67FA3,0xBD0A41,0xE8CAB6,0xB8D29,0x124E],
-CURVE_Frb:[0xB1B429,0x736240,0x6D5600,0xF52D19,0x12CD48,0x50E726,0x18BBE6,0xFA43DE,0x268FF6,0xF8F517,0x11B1],
-CURVE_Pxa:[0x40A3C8,0x92399F,0x784ACC,0xE96611,0x35CDA4,0x61706B,0x7B0569,0x8279D7,0x93C631,0x17CF96,0x16FC],
-CURVE_Pxb:[0x549540,0x7A8AD8,0x61055,0xE6F651,0xDB6F7B,0xA95D17,0x565907,0x9C8188,0x597590,0xB500BD,0x1EB5],
-CURVE_Pya:[0x220513,0xECC514,0x7B147B,0x860E73,0x844A78,0x35F126,0x51B839,0x9D4DFA,0x1422AA,0xE49876,0x1E8E],
-CURVE_Pyb:[0x7CE78E,0x328F57,0x781FB9,0xE26FA5,0x7EB746,0x1FB8E2,0xA93DBC,0xA29D76,0xE33BDB,0xF4CDBA,0x23CE],
-CURVE_Gx :[0x60A48A,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x347083,0x6282A1,0x1D10B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0xF5748C,0x6684A1,0x1D90B7,0x1399E,0x603,0x60,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x75BB72,0xF2270,0x16C744,0x267D9A,0xCF87DE,0xCFFFC1,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]]],
-CURVE_WB:[[0x70A224,0x72D48A,0x94592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x30EF19,0x572CF0,0x721D5A,0x763543,0xA39651,0x48A1B9,0x8240FD,0x300004,0x0,0x0,0x0],
- [0x48B88F,0x2C96F8,0xB92EAD,0xBB1AA1,0xD1CB28,0xA450DC,0x41207E,0x180002,0x0,0x0,0x0],
- [0x31A62D,0x76D68B,0x9C592,0x688A,0x201,0x20,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]],
- [[0xC1040A,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xC10409,0x40200,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x820812,0x80401,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xE927EA,0x6DA310,0x3357FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
- [0x608206,0x20100,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-*/
-
-/* BN254 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof : [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xD,0x0,0x10A100,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Bnx:[0x1,0x0,0x4080],
-CURVE_Cru:[0x7,0x0,0x6CD80,0x0,0x90000,0x249,0x400000,0x49B362],
-CURVE_Fra:[0x2A6DE9,0xE6C06F,0xC2E17D,0x4D3F77,0x97492,0x953F85,0x50A846,0xB6499B,0x2E7C8C,0x761921,0x1B37],
-CURVE_Frb:[0xD5922A,0x193F90,0x50C582,0xB2C088,0x178B6D,0x6AC8DC,0x2F57B9,0x3EAB2,0xD18375,0xEE691E,0x9EB],
-CURVE_Pxa:[0x3FB2B,0x4224C8,0xD91EE,0x4898BF,0x648BBB,0xEDB6A4,0x7E8C61,0xEB8D8C,0x9EB62F,0x10BB51,0x61A],
-CURVE_Pxb:[0xD54CF3,0x34C1E7,0xB70D8C,0xAE3784,0x4D746B,0xAA5B1F,0x8C5982,0x310AA7,0x737833,0xAAF9BA,0x516],
-CURVE_Pya:[0xCD2B9A,0xE07891,0xBD19F0,0xBDBE09,0xBD0AE6,0x822329,0x96698C,0x9A90E0,0xAF9343,0x97A06B,0x218],
-CURVE_Pyb:[0x3ACE9B,0x1AEC6B,0x578A2D,0xD739C9,0x9006FF,0x8D37B0,0x56F5F3,0x8F6D44,0x8B1526,0x2B0E7C,0xEBB],
-CURVE_Gx :[0x12,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x3,0x0,0x20400,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0x4,0x0,0x28500,0x0,0x818000,0x61,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0xE9D00,0x0,0x1E0000,0x79E,0x800000,0xBA344D,0x1,0x648240,0x2523]]],
-CURVE_WB:[[0x0,0x0,0x4080,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0],[0x5,0x0,0x54A80,0x0,0x70000,0x1C7,0x800000,0x312241,0x0,0x0,0x0],[0x3,0x0,0x2C580,0x0,0x838000,0xE3,0xC00000,0x189120,0x0,0x0,0x0],[0x1,0x0,0xC180,0x0,0x808000,0x20,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523]],[[0x2,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x0,0x8100,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x0,0x10200,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x0,0x102000,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x4080,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-*/
-
-/* BN454 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 0,
-CURVE_A : 0,
-
-CURVE_Order:[0xD,0x8400,0x780000,0x100003,0x2006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],
-CURVE_B: [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof: [0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Gx:[0x12,0x9C00,0x100000,0x700004,0x6006C4,0x4A109,0x514200,0x640000,0x80091,0x803AA,0x36A22,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],
-CURVE_Gy:[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-CURVE_Bnx:[0x1,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cru:[0x7,0x3600,0x100000,0x580001,0x300121,0x903,0xD9200,0x2D0000,0x480000,0x48006C,0x1B0,0x91B0,0x36000,0x6C000,0x48000,0x0,0x0,0x0,0x0,0x0],
-CURVE_Fra:[0x73B0EC,0x393FAA,0x6E0C0B,0x1D485C,0x2EEE6C,0x62FD8F,0x4D280A,0x6E835B,0x2D6A87,0x37B2AC,0x568803,0x7657E5,0x129326,0x3B9C4D,0x67175B,0x159909,0x61CCD9,0x4D0FD7,0x7B1C9E,0x973C],
-CURVE_Frb:[0xC4F27,0x475C55,0x21F3F4,0x52B7A7,0x311858,0x21A37A,0x419F5,0x757CA5,0x5A9609,0x5050FD,0x2CE21E,0x1A923A,0xF2CD9,0x6CE3C5,0x33E910,0x6A79CE,0x1EC3B6,0x34A028,0x72361,0x88C3],
-CURVE_Pxa:[0x702B14,0x775841,0x6C7EE8,0x786615,0x3C30BE,0x5FFE6D,0x1AD7F3,0x77F16D,0x1FE1E7,0x5DBF8,0x5150DA,0x4BCA41,0x2D66CC,0x197743,0x6ED766,0x57F0B1,0x68F14A,0x2A106C,0x53E035,0xA01E],
-CURVE_Pxb:[0x5BF266,0x5A1D88,0x5BA701,0x3C11E1,0x65ACBB,0x378A46,0x91E43,0x7E9723,0x72F769,0x77CD,0x5C7782,0x554A8C,0x7BA9E2,0x7CACCA,0x5CDFA,0x6A92C2,0x4B1E40,0x5D002,0x35A785,0xACA9],
-CURVE_Pya:[0x1B15C7,0x56D77C,0x2D24E6,0x2AAE36,0x726024,0x69F6BB,0x194651,0x2338E2,0x7C5DD5,0x44EF51,0x3EAAEA,0x774179,0x300871,0xC9875,0x289B87,0x3D07F0,0x12C528,0x578DB6,0x10011E,0xEB3D],
-CURVE_Pyb:[0x571D60,0x4DF6C0,0x63B043,0x3D8946,0x127184,0x4CB8FD,0x349D4E,0x45F387,0x743376,0x4C096,0x6145D7,0x408801,0x4F0B46,0x578BD4,0x432922,0x1F6C8F,0x753F90,0x5935B,0x8D821,0x4BB7],
-CURVE_W:[[0x3,0x1000,0x180000,0x400000,0x0,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_SB:[[[0x4,0x1400,0x180000,0x500000,0x200000,0x181,0x300,0x30000,0xC0000,0xC0000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x7400,0x600000,0x500003,0x2006C3,0x49E07,0x513C00,0x5E0000,0x700091,0x7003A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]]],
-CURVE_WB:[[0x0,0x200,0x80000,0x80000,0x100000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x5,0x2A00,0x700000,0x280000,0x5000C1,0x702,0x90E00,0x200000,0x380000,0x380048,0x120,0x6120,0x24000,0x48000,0x30000,0x0,0x0,0x0,0x0,0x0],[0x3,0x1600,0x380000,0x580000,0x300060,0x381,0x48700,0x100000,0x1C0000,0x1C0024,0x90,0x3090,0x12000,0x24000,0x18000,0x0,0x0,0x0,0x0,0x0],[0x1,0x600,0x80000,0x180000,0x300000,0x80,0x100,0x10000,0x40000,0x40000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
-CURVE_BB:[[[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0xD,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9
090,0x1B000,0x24000,0x12000],[0xC,0x8200,0x780000,0x80003,0x1006C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000]],[[0x2,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x1,0x400,0x0,0x100000,0x200000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],[[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0x2,0x800,0x0,0x200000,0x400000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],[0xA,0x8000,0x780000,0x3,0x6C4,0x49F88,0x513F00,0x610000,0x7C0091,0x7C03A9,0x36A21,0x10EA20,0x21C000,0x288012,0x1B006C,0x12D8,0x9090,0x1B000,0x24000,0x12000],[0x2,0x200,0x0,0x80000,0x100000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x
0,0x0,0x0,0x0]]],
-*/
-
-/* BLS455 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 1,
-CURVE_A : 0,
-
-CURVE_Order:[0x400001,0xFFFFF,0x70000,0x20000,0xA0000,0x3A200,0x1D400,0x12F00,0x4F00,0x1E20,0xB80,0x1C0,0x80,0x20,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_B: [0xA,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof: [0x3FFAAB,0x2FFF55,0x2DAA55,0x2DAA55,0x2B1555,0x2AD555,0x1555,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Gx:[0x7CEDD1,0xBBBFB,0x3EDB53,0x59D01A,0x5C6F43,0x38E4A6,0x55A95E,0xBF82D,0x611B32,0x6571D9,0xE4AC7,0x5867F4,0x1F342A,0x6CF329,0x47B8C9,0x76D2C8,0x4C56AB,0xBC81,0x57CECC,0xC42],
-CURVE_Gy:[0x619B9B,0x7AF34C,0x219013,0x6B7D01,0x1D80A5,0x34926D,0xC8B64,0x477391,0x1C1E96,0x5CB086,0x7D7EC7,0x4A9C00,0x4A9BC8,0x3C711D,0x7503FA,0x6B6FD7,0x43DEB0,0x7130BF,0x6DDFA7,0xCD46],
-
-CURVE_Bnx:[0x800,0x100,0x80,0x80,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cru:[0xAA9,0x5FF800,0xAA480,0x7A51BB,0x7A5190,0x1FD921,0x6F7552,0x54595C,0x33A586,0x68D3B6,0x76675E,0x1AA657,0x491731,0x7FCD2B,0x2340BF,0x77ADA,0x2A900E,0x72AAAE,0x655555,0x2AAAA],
-CURVE_Fra:[0x2EBF21,0x1F7B94,0x590273,0x399BCC,0x72F54A,0xA930A,0x7E21D5,0x23940C,0x51F853,0x778395,0x13C08A,0x6A1ACA,0x282CD7,0x61EF7,0x3E0634,0x53A2CA,0x5C0016,0x397C75,0x125CFB,0x1CBF5],
-CURVE_Frb:[0x51438A,0x60876B,0x1A80C,0x1FB97E,0x65A00C,0x18E1CD,0x2D1846,0x4A38BD,0x42C060,0x3275D0,0x1BA45A,0x9650,0x3B78DA,0x1CDD4,0x667A8C,0x34280F,0x4E9FF7,0x392E38,0x52F85A,0xDEB5],
-CURVE_Pxa:[0x41F542,0x3E41E1,0x4011D,0x7C2B3F,0x5D6070,0x7AEECC,0x262ECC,0xEBC03,0x153172,0x6D0BDA,0x1271C7,0x762DB5,0x303D3F,0x2A79D6,0x4193FD,0x31C6F7,0x31B4C4,0x181D34,0x4BEA00,0x17658],
-CURVE_Pxb:[0x49F03D,0xDDCCE,0x4BA642,0x2D62F7,0x9A55A,0x5402DD,0x3B3623,0x33DA0D,0x6163E0,0x48A1FC,0x25BD88,0x70E471,0x755066,0x664DD0,0x486521,0x2CD407,0xBEAEE,0x5B7F76,0x7F3819,0x767],
-CURVE_Pya:[0x1A77F4,0x6B48B0,0x42A0C8,0x5BD3F0,0x70F367,0x2B73B3,0x1299B5,0x647D06,0xD6EC4,0x7ECBC,0x7B0BBC,0x4CE0D4,0x1C7DC2,0x1F4B59,0x4F2887,0x221922,0x2BB9C5,0x7B9AB,0x76429B,0x11238],
-CURVE_Pyb:[0x1FDBA2,0x76DB3C,0x55BD04,0x9ED01,0x7E6309,0x111C54,0x4F66B1,0x2FDE48,0x340158,0x4F9EC3,0x27B5CB,0xD90E4,0x656D80,0xAB1F2,0x487BB8,0x4C7CF4,0x3CFC86,0x256F60,0xF2A0F,0x19A8],
-
-// not used
-CURVE_W:[[],[]],
-CURVE_SB:[[[],[]],[[],[]]],
-CURVE_WB:[[],[],[],[]],
-CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]],
-*/
-
-
-/* BLS383 Curve */
-/*
-CURVETYPE:0,
-CURVE_PAIRING_TYPE: 1,
-CURVE_A : 0,
-
-CURVE_Order:[0x7FF001,0x700001,0x6003FF,0x387F3,0x4BFDE0,0xBDBE3,0x127,0x3D18,0x7F910,0x198800,0x190401,0xA,0x0,0x0,0x0,0x0,0x0],
-CURVE_B: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cof: [0x52B,0x54000,0x328000,0x555559,0x55560A,0xC0A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Gx:[0x10786B,0x36691A,0x2B4356,0x71FAA,0x33477C,0xAF173,0x496DCD,0x37B2DF,0x4007BB,0x389ED5,0x3FD5FA,0x7EAC18,0x6EC02E,0x3F11F6,0x262B6E,0x67725E,0xB08],
-CURVE_Gy:[0x145DDB,0x34047A,0x5F3017,0x462FF7,0x713F51,0x5654CD,0x3B0D18,0x492FAB,0x19C7A,0x7D2DE6,0x660488,0x30823,0x5BE599,0x215B1E,0x1C4120,0x499BB,0x1F39],
-
-CURVE_Bnx:[0x40,0x2000,0x44000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Cru:[0x2155A9,0x5589DB,0x78F68E,0x43B0F2,0x5DF2FE,0x4C64C4,0x37EAB7,0x1AD35E,0x128D30,0x6A246,0x6FAB5A,0x5F9D15,0x24190D,0x756408,0x7DD717,0x104054,0x7AC5],
-CURVE_Fra:[0x34508B,0x4B3525,0x4D0CAE,0x503777,0x463DB7,0x3BF78E,0xD072C,0x2AE9A0,0x69D32D,0x282C73,0x1730DB,0xCD9F8,0x6AB98B,0x7DC9B0,0x1CBCC8,0x7D8CC3,0x5A5],
-CURVE_Frb:[0x7904E0,0xA352F,0x28DE04,0x537843,0x3B7D49,0x6FB715,0x4FBAE2,0x4AA1C7,0x183C6C,0x3BDDEF,0x5272CD,0x532FB2,0x3FBEC7,0x22EEF9,0x611A4F,0x12B391,0x751F],
-CURVE_Pxa:[0x2C9472,0x3310B7,0xDB581,0xEF16E,0x77C4D3,0x119114,0x72430C,0x447E5E,0x1971C6,0x4E53E0,0x710FC5,0x349A9C,0x6B8BF3,0x4B4AC3,0x2FF607,0x3915AB,0x4D50],
-CURVE_Pxb:[0x72AB23,0x17AF44,0x73A26D,0x6A7A26,0x47AF19,0x640D46,0x5BDEE4,0xCFD9F,0x53E2A8,0x5CAE3B,0x58D75F,0x515D1D,0x1A1263,0x18F018,0x16EB0A,0x30BE1F,0xEE3],
-CURVE_Pya:[0x7BD4FD,0x24612E,0x7F1A07,0x3906FE,0x40B660,0x191341,0x7F2564,0x143D20,0x3CF878,0x4A5C3F,0x53BB9,0x8E118,0x3325E0,0x7102D7,0x170A21,0x42CD0,0x8F4],
-CURVE_Pyb:[0x2C4CE6,0x44144A,0x32297,0x3A57FA,0x35907A,0x4891DE,0x5D8290,0x50CCA0,0x2B0FD,0x13FFDF,0x6353A9,0x794D0,0x4997BA,0x6F70DC,0x4AB1F,0x5DD446,0x1DCA],
-
-// not used
-CURVE_W:[[],[]],
-CURVE_SB:[[[],[]],[[],[]]],
-CURVE_WB:[[],[],[],[]],
-CURVE_BB:[[[],[],[],[]],[[],[],[],[]],[[],[],[],[]],[[],[],[],[]]],
-
-*/
-
- USE_GLV: false,
- USE_GS_G2: false,
- USE_GS_GT: false,
- GT_STRONG: false,
-
- debug: false,
-
-
-// AES constants
-
- ECB:0,
- CBC:1,
- CFB1:2,
- CFB2:3,
- CFB4:5,
- OFB1:14,
- OFB2:15,
- OFB4:17,
- OFB8:21,
- OFB16:29,
- CTR1:30,
- CTR2:31,
- CTR4:33,
- CTR8:37,
- CTR16:45,
-
-// GCM constants
-
- GCM_ACCEPTING_HEADER:0,
- GCM_ACCEPTING_CIPHER:1,
- GCM_NOT_ACCEPTING_MORE:2,
- GCM_FINISHED:3,
- GCM_ENCRYPTING:0,
- GCM_DECRYPTING:1
-
-};
-
-ROM.MODINV=(Math.pow(2,-ROM.BASEBITS))
-ROM.NLEN=(1+(Math.floor((ROM.MODBITS-1)/ROM.BASEBITS)));
-ROM.DNLEN=2*ROM.NLEN;
-ROM.BMASK=(1<<ROM.BASEBITS)-1;
-ROM.MODBYTES=(1+(Math.floor((ROM.MODBITS-1)/8)));
-ROM.NEXCESS=(1<<(ROM.CHUNK-ROM.BASEBITS-1)); // 2^(CHUNK-BASEBITS-1)
-ROM.FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-ROM.MODBITS)); // 2^(BASEBITS*NLEN-MODBITS)
-ROM.OMASK=(-1)<<ROM.TBITS;
-ROM.TBITS=ROM.MODBITS%ROM.BASEBITS;
-ROM.TMASK=(1<<ROM.TBITS)-1;
-ROM.BIGBITS=(8*ROM.MODBYTES);
-
-ROM.FF_BITS=(ROM.BIGBITS*ROM.FFLEN);
-ROM.HFLEN=(ROM.FFLEN/2); /* Useful for half-size RSA private key operations */