You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2018/11/07 23:49:58 UTC
[21/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/MPINAuth.js
----------------------------------------------------------------------
diff --git a/js/MPINAuth.js b/js/MPINAuth.js
deleted file mode 100755
index 7cacb65..0000000
--- a/js/MPINAuth.js
+++ /dev/null
@@ -1,517 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- MIRACL JavaScript M-Pin Authentication Functions
-
- Provides these functions:
-
- calculateMPinToken Calculates the MPin Token
-
- getLocalEntropy Gets an entropy value from the client machine
-
- initializeRNG Initialize the Random Number Generator
-
- addShares Add two points on the curve that are originally in hex format
-
- pass1Request Form the JSON request for pass one of the M-Pin protocol
-
- pass2Request Form the JSON request for pass two of the M-Pin protocol
-
- passRequest Form the JSON request for one pass M-Pin protocol
-
-*/
-
-/*
-
-Run LINT tool;
-
-jslint MPINAuth.js
-
-expected output;
-
-MPINAuth.js
- #1 Read only.
- MPINAuth = {}; // Line 61, Pos 1
- #2 Unexpected '('.
- if (typeof (window) === 'undefined') { // Line 134, Pos 16
- #3 Unexpected 'typeof'. Use '===' to compare directly with undefined.
- if (typeof (window) === 'undefined') { // Line 134, Pos 9
- #4 Unexpected '('.
- if (typeof (crypto) !== 'undefined') { // Line 139, Pos 16
- #5 Unexpected 'typeof'. Use '===' to compare directly with undefined.
- if (typeof (crypto) !== 'undefined') { // Line 139, Pos 9
-
-*/
-
-
-/*global MPIN */
-/*global MPINAuth */
-/*global RAND */
-/*global Uint32Array */
-/*jslint browser: true*/
-/*jslint plusplus: true */
-
-MPINAuth = {};
-
-// Random Number Generator
-MPINAuth.rng = new RAND();
-
-// Pass 1 values
-MPINAuth.SEC = [];
-MPINAuth.X = [];
-
-// Default value for debug output
-MPINAuth.DEBUG = false;
-
-// Errors
-MPINAuth.BAD_HEX = -20;
-MPINAuth.BAD_BYTES = -21;
-
-/* Calculates the MPin Token
-
- This function convert mpin_id _hex to unicode. It then maps the mpin_id
- to a point on the curve, multiplies this value by PIN and then subtracts
- it from the client_secret curve point to generate the M-Pin token.
-
- Args:
-
- PIN: Four digit PIN
- client_secret_hex: Hex encoded client secret
- mpin_id_hex: Hex encoded M-Pin ID
-
- Returns:
-
- mpin_token_hex: Hex encoded M-Pin Token
-
-*/
-MPINAuth.calculateMPinToken = function (mpin_id_hex, PIN, client_secret_hex) {
- "use strict";
- var client_secret_bytes, mpin_id_bytes, token_hex, error_code;
-
- client_secret_bytes = [];
- mpin_id_bytes = [];
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken client_secret_hex: " + client_secret_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken mpin_id_hex: " + mpin_id_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken PIN: " + PIN); }
-
- client_secret_bytes = MPINAuth.hextobytes(client_secret_hex);
- mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex);
-
- error_code = MPIN.EXTRACT_PIN(mpin_id_bytes, PIN, client_secret_bytes);
- if (error_code !== 0) {
- console.log("MPINAuth.calculateMPinToken error_code: " + error_code);
- return error_code;
- }
- token_hex = MPIN.bytestostring(client_secret_bytes);
- if (MPINAuth.DEBUG) {console.log("MPINAuth.calculateMPinToken token_hex: " + token_hex); }
- return token_hex;
-};
-
-/* Get local entropy
-
- This function makes a call to /dev/urandom for a 256 bit value
-
- Args:
-
- NA
-
- Returns:
-
- entropy_val: 256 bit random value or null
-
-*/
-MPINAuth.getLocalEntropy = function () {
- "use strict";
- var crypto, array, entropy_val, i, hex_val;
- if (typeof (window) === 'undefined') {
- if (MPINAuth.DEBUG) {console.log("MPINAuth.getLocalEntropy Test mode without browser"); }
- return "";
- }
- crypto = (window.crypto || window.msCrypto);
- if (typeof (crypto) !== 'undefined') {
- array = new Uint32Array(8);
- crypto.getRandomValues(array);
-
- entropy_val = "";
- for (i = 0; i < array.length; i++) {
- hex_val = array[i].toString(16);
- entropy_val = entropy_val + hex_val;
- }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.getLocalEntropy len(entropy_val): " + entropy_val.length + " entropy_val: " + entropy_val); }
- return entropy_val;
- }
- return "";
-};
-
-/* Initialize the Random Number Generator (RNG)
-
- This function uses an external and, where available, a
- local entropy source to initialize a RNG.
-
- Args:
-
- seed_value: External seed value for RNGTurn on generation of local entropy
-
- Returns:
-
-*/
-MPINAuth.initializeRNG = function (seed_hex) {
- "use strict";
- var local_entropy_hex, entropy_hex, entropy_bytes;
- local_entropy_hex = MPINAuth.getLocalEntropy();
- entropy_hex = local_entropy_hex + seed_hex;
- if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG seed_val_hex: " + seed_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG local_entropy_hex: " + local_entropy_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.initializeRNG entropy_hex: " + entropy_hex); }
-
- entropy_bytes = MPINAuth.hextobytes(entropy_hex);
-
- MPINAuth.rng.clean();
- MPINAuth.rng.seed(entropy_bytes.length, entropy_bytes);
-};
-
-/* Add two points on the curve that are originally in hex format
-
- This function is used to add client secret or time permits shares.
-
- Args:
-
- share1_hex: Hex encoded point on the curve which represents
- a time permit or client secret share
- share2_hex: Hex encoded point on the curve which represents
- a time permit or client secret share
-
- Returns:
-
- sum_hex: Hex encoded sum of the shares
-
-*/
-MPINAuth.addShares = function (share1_hex, share2_hex) {
- "use strict";
- var share1_bytes, share2_bytes, sum_bytes, error_code, sum_hex;
-
- share1_bytes = [];
- share2_bytes = [];
- sum_bytes = [];
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares share1_hex: " + share1_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares share2_hex: " + share2_hex); }
-
- share1_bytes = MPINAuth.hextobytes(share1_hex);
- share2_bytes = MPINAuth.hextobytes(share2_hex);
-
- error_code = MPIN.RECOMBINE_G1(share1_bytes, share2_bytes, sum_bytes);
- if (error_code !== 0) {
- console.log("MPINAuth.addShares error_code: " + error_code);
- return error_code;
- }
- sum_hex = MPIN.bytestostring(sum_bytes);
- if (MPINAuth.DEBUG) {console.log("MPINAuth.addShares sum_hex: " + sum_hex); }
- return sum_hex;
-};
-
-
-/* Form the JSON request for pass one of the M-Pin protocol
-
- This function assigns to the property X a random value. It assigns to
- the property SEC the sum of the client secret and time permit. It also
- calculates the values U and UT which are required for M-Pin authentication,
- where U = X.(map_to_curve(MPIN_ID)) and UT = X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- UT is called the commitment. U is the required for finding the PIN error.
-
- Args:
-
- mpin_id_hex: Hex encoded M-Pin ID
- token_hex: Hex encoded M-Pin Token
- timePermit_hex: Hex encoded Time Permit
- PIN: PIN for authentication
- epoch_days: The number of epoch days.
- X_hex: X value generated externally. This is used for test.
-
- Returns:
-
- {
- mpin_id: mpin_id_hex,
- UT: UT_hex,
- U: U_hex,
- pass: 1
- }
-
- where;
-
- mpin_id: Hex encoded M-Pin ID
- UT: Hex encoded X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- U: Hex encoded X.(map_to_curve(MPIN_ID))
- pass: Protocol first pass
-
-*/
-MPINAuth.pass1Request = function (mpin_id_hex, token_hex, timePermit_hex, PIN, epoch_days, X_hex) {
- "use strict";
- var UT_hex, U_hex, date, error_code, mpin_id_bytes, token_bytes, timePermit_bytes, U, UT, request;
-
- mpin_id_bytes = [];
- token_bytes = [];
- timePermit_bytes = [];
- U = [];
- UT = [];
- request = {};
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request mpin_id_hex: " + mpin_id_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request token_hex: " + token_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request timePermit_hex: " + timePermit_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request PIN: " + PIN); }
- if (MPINAuth.DEBUG) {console.log("mpinAuth.pass1Request epoch_days: " + epoch_days); }
-
- // The following is used for test
- if (X_hex !== null) {
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request X: " + X_hex); }
- MPINAuth.X = MPINAuth.hextobytes(X_hex);
- MPINAuth.rng = null;
- }
-
- mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex);
- token_bytes = MPINAuth.hextobytes(token_hex);
- timePermit_bytes = MPINAuth.hextobytes(timePermit_hex);
-
- error_code = MPIN.CLIENT_1(epoch_days, mpin_id_bytes, MPINAuth.rng, MPINAuth.X, PIN, token_bytes, MPINAuth.SEC, U, UT, timePermit_bytes);
- if (error_code !== 0) {
- console.log("MPINAuth.pass1Request error_code: " + error_code);
- return error_code;
- }
- UT_hex = MPIN.bytestostring(UT);
- U_hex = MPIN.bytestostring(U);
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.rng: " + MPINAuth.rng); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.X: " + MPIN.bytestostring(MPINAuth.X)); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request MPINAuth.SEC: " + MPIN.bytestostring(MPINAuth.SEC)); }
-
- // Form request
- request = {
- mpin_id: mpin_id_hex,
- UT: UT_hex,
- U: U_hex,
- pass: 1
- };
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass1Request request: "); }
- if (MPINAuth.DEBUG) {console.dir(request); }
-
- return request;
-};
-
-
-/* Form the JSON request for pass two of the M-Pin protocol
-
- This function uses the random value y from the server, property X
- and the combined client secret and time permit to calculate
- the value V which is sent to the M-Pin server.
-
- Args:
-
- y_hex: Random value supplied by server
-
- Returns:
-
- {
- V: V_hex,
- OTP: requestOTP,
- WID: accessNumber,
- pass: 2
- }
-
- where;
-
- V: Value required by the server to authenticate user
- OTP: Request OTP: 1 = required
- WID: Number required for mobile authentication
- pass: Protocol second pass
-
-*/
-MPINAuth.pass2Request = function (y_hex, requestOTP, accessNumber) {
- "use strict";
-
- var y_bytes, x_hex, SEC_hex, error_code, V_hex, request;
-
- request = {};
-
- y_bytes = MPINAuth.hextobytes(y_hex);
- x_hex = MPIN.bytestostring(MPINAuth.X);
- SEC_hex = MPIN.bytestostring(MPINAuth.SEC);
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request x_hex: " + x_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request y_hex: " + y_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request SEC_hex: " + SEC_hex); }
-
- // Compute V
- error_code = MPIN.CLIENT_2(MPINAuth.X, y_bytes, MPINAuth.SEC);
- if (error_code !== 0) {
- console.log("MPINAuth.pass2Request error_code: " + error_code);
- return error_code;
- }
- V_hex = MPIN.bytestostring(MPINAuth.SEC);
-
- // Form reuest
- request = {
- V: V_hex,
- OTP: requestOTP,
- WID: accessNumber,
- pass: 2
- };
- if (MPINAuth.DEBUG) {console.log("MPINAuth.pass2Request request: "); }
- if (MPINAuth.DEBUG) {console.dir(request); }
-
- return request;
-};
-
-
-/* Convert a hex representation of a Point to bytes
-
- This function converts a hex value to a bytes array
-
- Args:
-
- hex_value: Hex encoded byte value
-
- Returns:
-
- byte_value: Input value in bytes
-
-*/
-MPINAuth.hextobytes = function (value_hex) {
- "use strict";
- var len, byte_value, i;
-
- len = value_hex.length;
- byte_value = [];
-
- for (i = 0; i < len; i += 2) {
- byte_value[(i / 2)] = parseInt(value_hex.substr(i, 2), 16);
- }
- return byte_value;
-};
-
-
-/* Form the JSON request for single pass M-Pin protocol
-
- This function performs the client side M-Pin protocol
- It also calculates the values U and UT which are required for M-Pin authentication,
- where U = X.(map_to_curve(MPIN_ID)) and UT = X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- UT is called the commitment. U is the required for finding the PIN error.
-
- Args:
-
- mpin_id_hex: Hex encoded M-Pin ID
- token_hex: Hex encoded M-Pin Token
- timePermit_hex: Hex encoded Time Permit
- PIN: PIN for authentication
- requestOTP: Reqeuest a One Time Password
- accessNumber: Access number for desktop authentication
- timeValue: Epoch time
-
- Returns:
-
- {
- mpin_id: mpin_id_hex,
- U: U_hex,
- UT: UT_hex,
- V: V_hex,
- T: timeValue,
- OTP: requestOTP,
- WID: accessNumber
- }
-
- where;
-
- mpin_id: Hex encoded M-Pin ID
- U: Hex encoded X.(map_to_curve(MPIN_ID))
- UT: Hex encoded X.(map_to_curve(MPIN_ID) + map_to_curve(DATE|sha256(MPIN_ID))
- V: Value required by the server to authenticate user
- T: Epoch time
- OTP: Request OTP: 1 = required
- WID: Number required for mobile authentication
-
-*/
-MPINAuth.passRequest = function (mpin_id_hex, token_hex, timePermit_hex, PIN, requestOTP, accessNumber, epoch_days, timeValue, X_hex) {
- "use strict";
- var X, Y, SEC, UT_hex, U_hex, date, error_code, mpin_id_bytes, token_bytes, timePermit_bytes, U, UT, V_hex, request;
-
- X = [];
- Y = [];
- SEC = [];
- mpin_id_bytes = [];
- token_bytes = [];
- timePermit_bytes = [];
- U = [];
- UT = [];
- request = {};
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest mpin_id_hex: " + mpin_id_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest token_hex: " + token_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest timePermit_hex: " + timePermit_hex); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest PIN: " + PIN); }
- if (MPINAuth.DEBUG) {console.log("mpinAuth.passRequest timeValue: " + timeValue); }
-
- mpin_id_bytes = MPINAuth.hextobytes(mpin_id_hex);
- token_bytes = MPINAuth.hextobytes(token_hex);
-
- if (timePermit_hex === null) {
- date = 0;
- } else {
- timePermit_bytes = MPINAuth.hextobytes(timePermit_hex);
- date = epoch_days;
- }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest date: " + date); }
-
- // The following is used for test
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest X: " + X_hex); }
- if (X_hex !== null) {
- X = MPINAuth.hextobytes(X_hex);
- MPINAuth.rng = null;
- }
-
- error_code = MPIN.CLIENT(date, mpin_id_bytes, MPINAuth.rng, X, PIN, token_bytes, SEC, U, UT, timePermit_bytes, timeValue, Y);
- if (error_code !== 0) {
- console.log("MPINAuth.passRequest error_code: " + error_code);
- return error_code;
- }
- UT_hex = MPIN.bytestostring(UT);
- U_hex = MPIN.bytestostring(U);
- V_hex = MPIN.bytestostring(SEC);
-
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest MPINAuth.rng: " + MPINAuth.rng); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest X: " + MPIN.bytestostring(X)); }
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest Y: " + MPIN.bytestostring(Y)); }
-
- // Form request
- request = {
- mpin_id: mpin_id_hex,
- U: U_hex,
- UT: UT_hex,
- V: V_hex,
- T: timeValue,
- OTP: requestOTP,
- WID: accessNumber
- };
- if (MPINAuth.DEBUG) {console.log("MPINAuth.passRequest request: "); }
- if (MPINAuth.DEBUG) {console.dir(request); }
-
- return request;
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/PAIR.js
----------------------------------------------------------------------
diff --git a/js/PAIR.js b/js/PAIR.js
deleted file mode 100755
index e3a0628..0000000
--- a/js/PAIR.js
+++ /dev/null
@@ -1,506 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-var PAIR = {
-/* Line function */
- line: function(A,B,Qx,Qy)
- {
- var P=new ECP2();
- var a,b,c;
- var r=new FP12(1);
- P.copy(A);
-
- var ZZ=new FP2(P.getz()); //ZZ.copy(P.getz());
- ZZ.sqr();
- var D;
- if (A==B) D=A.dbl();
- else D=A.add(B);
- if (D<0) return r;
- var Z3=new FP2(A.getz()); //Z3.copy(A.getz());
- c=new FP4(0);
- var X,Y,T;
- if (D===0)
- { /* Addition */
- X=new FP2(B.getx()); //X.copy(B.getx());
- Y=new FP2(B.gety()); //Y.copy(B.gety());
- T=new FP2(P.getz()); //T.copy(P.getz());
-
- T.mul(Y);
- ZZ.mul(T);
-
- var NY=new FP2(P.gety()); /*NY.copy(P.gety());*/ NY.neg();
- ZZ.add(NY);
- Z3.pmul(Qy);
- T.mul(P.getx());
- X.mul(NY);
- T.add(X);
- a=new FP4(Z3,T); //a.set(Z3,T);
- ZZ.neg();
- ZZ.pmul(Qx);
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- else
- { /* Doubling */
- X=new FP2(P.getx()); //X.copy(P.getx());
- Y=new FP2(P.gety()); //Y.copy(P.gety());
- T=new FP2(P.getx()); //T.copy(P.getx());
- T.sqr();
- T.imul(3);
-
- Y.sqr();
- Y.add(Y);
- Z3.mul(ZZ);
- Z3.pmul(Qy);
-
- X.mul(T);
- X.sub(Y);
- a=new FP4(Z3,X); //a.set(Z3,X);
- T.neg();
- ZZ.mul(T);
-
- ZZ.pmul(Qx);
-
- b=new FP4(ZZ); //b.seta(ZZ);
- }
- r.set(a,b,c);
- return r;
- },
-
-/* Optimal R-ate pairing */
- ate: function(P,Q)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var A=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
-
- r.smul(lv);
-
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- }
- r.sqr();
- }
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
-
-/* R-ate fixup */
- r.conj();
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
-
- return r;
- },
-
-/* Optimal R-ate double pairing e(P,Q).e(R,S) */
- ate2: function(P,Q,R,S)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var n=new BIG(x); //n.copy(x);
- var K=new ECP2();
- var lv;
- n.pmul(6); n.dec(2); n.norm();
- P.affine();
- Q.affine();
- R.affine();
- S.affine();
-
- var Qx=new FP(Q.getx()); //Qx.copy(Q.getx());
- var Qy=new FP(Q.gety()); //Qy.copy(Q.gety());
-
- var Sx=new FP(S.getx()); //Sx.copy(S.getx());
- var Sy=new FP(S.gety()); //Sy.copy(S.gety());
-
- var A=new ECP2();
- var B=new ECP2();
- var r=new FP12(1);
-
- A.copy(P);
- B.copy(R);
- var nb=n.nbits();
-
- for (var i=nb-2;i>=1;i--)
- {
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
- if (n.bit(i)==1)
- {
- lv=PAIR.line(A,P,Qx,Qy);
- r.smul(lv);
- lv=PAIR.line(B,R,Sx,Sy);
- r.smul(lv);
- }
- r.sqr();
- }
-
- lv=PAIR.line(A,A,Qx,Qy);
- r.smul(lv);
-
- lv=PAIR.line(B,B,Sx,Sy);
- r.smul(lv);
-
-
-/* R-ate fixup */
- r.conj();
-
- K.copy(P);
- K.frob(f);
- A.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(A,K,Qx,Qy);
- r.smul(lv);
-
- K.copy(R);
- K.frob(f);
- B.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
- K.frob(f);
- K.neg();
- lv=PAIR.line(B,K,Sx,Sy);
- r.smul(lv);
-
- return r;
- },
-
-/* final exponentiation - keep separate for multi-pairings and to avoid thrashing stack */
- fexp: function(m)
- {
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
-
- var r=new FP12(m); //r.copy(m);
- var x0,x1,x2,x3,x4,x5;
-
-/* Easy part of final exp */
- var lv=new FP12(r); //lv.copy(r);
- lv.inverse();
- r.conj();
- r.mul(lv);
- lv.copy(r);
- r.frob(f);
- r.frob(f);
- r.mul(lv);
-
-/* Hard part of final exp */
- lv.copy(r);
- lv.frob(f);
- x0=new FP12(lv); //x0.copy(lv);
- x0.frob(f);
- lv.mul(r);
- x0.mul(lv);
- x0.frob(f);
- x1=new FP12(r); //x1.copy(r);
- x1.conj();
-
- x4=r.pow(x);
-
- x3=new FP12(x4); //x3.copy(x4);
- x3.frob(f);
- x2=x4.pow(x);
-
- x5=new FP12(x2); /*x5.copy(x2);*/ x5.conj();
- lv=x2.pow(x);
-
- x2.frob(f);
- r.copy(x2); r.conj();
-
- x4.mul(r);
- x2.frob(f);
-
- r.copy(lv);
- r.frob(f);
- lv.mul(r);
-
- lv.usqr();
- lv.mul(x4);
- lv.mul(x5);
- r.copy(x3);
- r.mul(x5);
- r.mul(lv);
- lv.mul(x2);
- r.usqr();
- r.mul(lv);
- r.usqr();
- lv.copy(r);
- lv.mul(x1);
- r.mul(x0);
- lv.usqr();
- r.mul(lv);
- r.reduce();
- return r;
- }
-};
-
-/* GLV method */
-PAIR.glv= function(e)
-{
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var u=[];
- var v=[];
- for (i=0;i<2;i++)
- {
- t.rcopy(ROM.CURVE_W[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
- u[0].copy(e);
- for (i=0;i<2;i++)
- for (j=0;j<2;j++)
- {
- t.rcopy(ROM.CURVE_SB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
-};
-
-/* Galbraith & Scott Method */
-PAIR.gs= function(e)
-{
- var i,j;
- var t=new BIG(0);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var u=[];
- var v=[];
-
- for (i=0;i<4;i++)
- {
- t.rcopy(ROM.CURVE_WB[i]);
- var d=BIG.mul(t,e);
- v[i]=new BIG(d.div(q));
- u[i]=new BIG(0);
- }
-
- u[0].copy(e);
- for (i=0;i<4;i++)
- for (j=0;j<4;j++)
- {
- t.rcopy(ROM.CURVE_BB[j][i]);
- t.copy(BIG.modmul(v[j],t,q));
- u[i].add(q);
- u[i].sub(t);
- u[i].mod(q);
- }
- return u;
-};
-
-/* Multiply P by e in group G1 */
-PAIR.G1mul= function(P,e)
-{
- var R;
- if (ROM.USE_GLV)
- {
- P.affine();
- R=new ECP();
- R.copy(P);
- var np,nn;
- var Q=new ECP();
- Q.copy(P);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var bcru=new BIG(0); bcru.rcopy(ROM.CURVE_Cru);
- var cru=new FP(bcru);
- var t=new BIG(0);
- var u=PAIR.glv(e);
- Q.getx().mul(cru);
-
- np=u[0].nbits();
- t.copy(BIG.modneg(u[0],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[0].copy(t);
- R.neg();
- }
-
- np=u[1].nbits();
- t.copy(BIG.modneg(u[1],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[1].copy(t);
- Q.neg();
- }
-
- R=R.mul2(u[0],Q,u[1]);
-
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Multiply P by e in group G2 */
-PAIR.G2mul= function(P,e)
-{
- var R;
- if (ROM.USE_GS_G2)
- {
- var Q=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
-
- var u=PAIR.gs(e);
- var t=new BIG(0);
- var i,np,nn;
- P.affine();
- Q[0]=new ECP2(); Q[0].copy(P);
- for (i=1;i<4;i++)
- {
- Q[i]=new ECP2(); Q[i].copy(Q[i-1]);
- Q[i].frob(f);
- }
-
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- Q[i].neg();
- }
- }
-
- R=ECP2.mul4(Q,u);
- }
- else
- {
- R=P.mul(e);
- }
- return R;
-};
-
-/* Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.js */
-PAIR.GTpow= function(d,e)
-{
- var r;
- if (ROM.USE_GS_GT)
- {
- var g=[];
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb);
- var q=new BIG(0); q.rcopy(ROM.CURVE_Order);
- var t=new BIG(0);
- var i,np,nn;
- var u=PAIR.gs(e);
-
- g[0]=new FP12(d);
- for (i=1;i<4;i++)
- {
- g[i]=new FP12(0); g[i].copy(g[i-1]);
- g[i].frob(f);
- }
- for (i=0;i<4;i++)
- {
- np=u[i].nbits();
- t.copy(BIG.modneg(u[i],q));
- nn=t.nbits();
- if (nn<np)
- {
- u[i].copy(t);
- g[i].conj();
- }
- }
- r=FP12.pow4(g,u);
- }
- else
- {
- r=d.pow(e);
- }
- return r;
-};
-
-/* test group membership */
-/* with GT-Strong curve, now only check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2} */
-PAIR.GTmember= function(m)
-{
- if (m.isunity()) return false;
- var r=new FP12(m);
- r.conj();
- r.mul(m);
- if (!r.isunity()) return false;
-
- var fa=new BIG(0); fa.rcopy(ROM.CURVE_Fra);
- var fb=new BIG(0); fb.rcopy(ROM.CURVE_Frb);
- var f=new FP2(fa,fb); //f.bset(fa,fb);
-
- r.copy(m); r.frob(f); r.frob(f);
- var w=new FP12(r); w.frob(f); w.frob(f);
- w.mul(m);
- if (!ROM.GT_STRONG)
- {
- if (!w.equals(r)) return false;
- var x=new BIG(0); x.rcopy(ROM.CURVE_Bnx);
- r.copy(m); w=r.pow(x); w=w.pow(x);
- r.copy(w); r.sqr(); r.mul(w); r.sqr();
- w.copy(m); w.frob(f);
- }
- return w.equals(r);
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/RAND.js
----------------------------------------------------------------------
diff --git a/js/RAND.js b/js/RAND.js
deleted file mode 100755
index 30b63d9..0000000
--- a/js/RAND.js
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/*
- * Cryptographic strong random number generator
- *
- * Unguessable seed -> SHA -> PRNG internal state -> SHA -> random numbers
- * Slow - but secure
- *
- * See ftp://ftp.rsasecurity.com/pub/pdfs/bull-1.pdf for a justification
- */
-
-/* Marsaglia & Zaman Random number generator constants */
-
-
-var RAND=function()
-{
-/* Cryptographically strong pseudo-random number generator */
- this.ira=[]; /* random number... */
- this.rndptr=0; /* ...array & pointer */
- this.borrow=0;
- this.pool_ptr=0;
- this.pool=[]; /* random pool */
- this.clean();
-};
-
-RAND.prototype=
-{
- NK:21,
- NJ:6,
- NV:8,
-
-/* Terminate and clean up */
- clean : function()
- {
- var i;
- for (i=0;i<32;i++) this.pool[i]=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- this.rndptr=0;
- this.borrow=0;
- this.pool_ptr=0;
- },
-
- sbrand: function()
- { /* Marsaglia & Zaman random number generator */
- var i,k;
- var pdiff,t; /* unsigned 32-bit */
-
- this.rndptr++;
- if (this.rndptr<this.NK) return this.ira[this.rndptr];
- this.rndptr=0;
- for (i=0,k=this.NK-this.NJ;i<this.NK;i++,k++)
- { /* calculate next NK values */
- if (k==this.NK) k=0;
- t=this.ira[k]>>>0;
- pdiff=(t - this.ira[i] - this.borrow)|0;
- pdiff>>>=0; /* This is seriously wierd shit. I got to do this to get a proper unsigned comparison... */
- if (pdiff<t) this.borrow=0;
- if (pdiff>t) this.borrow=1;
- this.ira[i]=(pdiff|0);
- }
- return this.ira[0];
- },
-
- sirand: function(seed)
- {
- var i,inn;
- var t,m=1;
- this.borrow=0;
- this.rndptr=0;
- seed>>>=0;
- this.ira[0]^=seed;
-
- for (i=1;i<this.NK;i++)
- { /* fill initialisation vector */
- inn=(this.NV*i)%this.NK;
- this.ira[inn]^=m; /* note XOR */
- t=m;
- m=(seed-m)|0;
- seed=t;
- }
-
- for (i=0;i<10000;i++) this.sbrand(); /* "warm-up" & stir the generator */
- },
-
- fill_pool: function()
- {
- var sh=new HASH();
- for (var i=0;i<128;i++) sh.process(this.sbrand());
- this.pool=sh.hash();
- this.pool_ptr=0;
- },
-
-/* Initialize RNG with some real entropy from some external source */
- seed: function(rawlen,raw)
- { /* initialise from at least 128 byte string of raw random entropy */
- var i;
- var digest=[];
- var b=[];
- var sh=new HASH();
- this.pool_ptr=0;
- for (i=0;i<this.NK;i++) this.ira[i]=0;
- if (rawlen>0)
- {
- for (i=0;i<rawlen;i++)
- sh.process(raw[i]);
- digest=sh.hash();
-
-/* initialise PRNG from distilled randomness */
- for (i=0;i<8;i++)
- {
- b[0]=digest[4*i]; b[1]=digest[4*i+1]; b[2]=digest[4*i+2]; b[3]=digest[4*i+3];
- this.sirand(RAND.pack(b));
- }
- }
- this.fill_pool();
- },
-
-/* get random byte */
- getByte: function()
- {
- var r=this.pool[this.pool_ptr++];
- if (this.pool_ptr>=32) this.fill_pool();
- return (r&0xff);
- }
-};
-
-RAND.pack= function(b)
-{ /* pack 4 bytes into a 32-bit Word */
- return (((b[3])&0xff)<<24)|((b[2]&0xff)<<16)|((b[1]&0xff)<<8)|(b[0]&0xff);
-};
-
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/ROM.js
----------------------------------------------------------------------
diff --git a/js/ROM.js b/js/ROM.js
deleted file mode 100755
index 7a91844..0000000
--- a/js/ROM.js
+++ /dev/null
@@ -1,620 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* Fixed Data in ROM - Field and Curve parameters */
-
-var ROM={
- NLEN: 11,
- BASEBITS: 24,
- CHUNK: 32,
- MODBYTES: 32,
- MODINV: 0.000000059604644775390625,
-
-/* Field Type */
- NOT_SPECIAL: 0,
- PSEUDO_MERSENNE: 1,
- MONTGOMERY_FRIENDLY: 3,
-
-/* Curve Type */
- WEIERSTRASS: 0,
- EDWARDS: 1,
- MONTGOMERY: 2,
-
- USE_GLV: false,
- USE_GS_G2: false,
- USE_GS_GT: true,
- GT_STRONG: false,
-
-/* Finite field support - for RSA, DH etc. */
- FF_BITS: 2048, /* Finite Field Size in bits - must be 256.2^n */
-
-/*** Enter Some Field details here ***/
-/* C25519 */
-// MODBITS: 255, /* Number of bits in Modulus */
-// MOD8: 5, /* Modulus mod 8 */
-
-/* NIST Curve */
-/* Brainpool */
-// MODBITS: 256,
-// MOD8: 7,
-
-/* BN */
- MODBITS: 254,
- MOD8: 3,
-
-/* MF254 */
-// MODBITS: 254,
-// MOD8: 7,
-
-/* MS255 */
-//MODBITS: 255,
-//MOD8: 3,
-
-/* MF256 */
-// MODBITS: 256,
-// MOD8: 7,
-
-/* MS256 */
-//MODBITS: 256,
-//MOD8: 3,
-
-/* ANSSI */
-// MODBITS: 256,
-// MOD8: 3,
-
-
-/* Specify Field here */
-
-/* C25519 */
-// MODTYPE: 1,
-// Modulus: [0xFFFFED,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-// MConst: 19,
-
-/* BNCX */
- MODTYPE:0,
- Modulus: [0x1B55B3,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- MConst:0x789E85,
-
-/* BN Curve */
-//MODTYPE:0,
-//Modulus: [0x13,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-//MConst:0x9435E5,
-
-/* BNT Curve */
-//MODTYPE:0,
-//Modulus: [0xB4A713,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-//MConst:0x14C4E5,
-
-/* BNT2 */
-//MODTYPE:0,
-//Modulus: [0x60A48B,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-//MConst:0x505CDD,
-
-/* NIST Modulus */
-// MODTYPE:0,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x0,0x0,0x0,0x0,0x1,0xFFFF00,0xFFFF],
-// MConst:0x1,
-
-/* MF254 Modulus */
-// MODTYPE:3,
-// Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-// MConst:0x3F81,
-
-/* MS255 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFD03,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//MConst:0x2FD,
-
-/* MS256 Modulus */
-//MODTYPE:1,
-//Modulus: [0xFFFF43,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//MConst:0xBD,
-
-/* MF256 Modulus */
-//MODTYPE:3,
-//Modulus: [0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//MConst:0xFFA8,
-
-/* Brainpool Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E5377,0x481D1F,0x282013,0xD52620,0x3BF623,0x8D726E,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// MConst:0xFD89B9,
-
-/* ANSSI Modulus */
-// MODTYPE:0,
-// Modulus: [0x6E9C03,0xF353D8,0x6DE8FC,0xABC8CA,0x61ADBC,0x435B39,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// MConst:0x4E1155,
-
-/* Specify Curve here */
-
-/* ED25519 Edwards */
-// CURVETYPE: 1,
-// CURVE_A : -1,
-// CURVE_B : [0x5978A3,0x4DCA13,0xAB75EB,0x4141D8,0x700A4D,0xE89800,0x797779,0x8CC740,0x6FFE73,0x6CEE2B,0x5203],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x25D51A,0x2D608F,0xB2C956,0x9525A7,0x2CC760,0xDC5C69,0x31FDD6,0xC0A4E2,0x6E53FE,0x36D3CD,0x2169],
-// CURVE_Gy: [0x666658,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x666666,0x6666],
-
-/* Curve25519 */
-// CURVETYPE: 2,
-// CURVE_A : 486662,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0xF5D3ED,0x631A5C,0xD65812,0xA2F79C,0xDEF9DE,0x14,0x0,0x0,0x0,0x0,0x1000],
-// CURVE_Gx: [0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* NIST Curve */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xD2604B,0x3C3E27,0xF63BCE,0xCC53B0,0x1D06B0,0x86BC65,0x557698,0xB3EBBD,0x3A93E7,0x35D8AA,0x5AC6],
-// CURVE_Order:[0x632551,0xCAC2FC,0x84F3B9,0xA7179E,0xE6FAAD,0xFFFFBC,0xFFFFFF,0xFFFFFF,0x0,0xFFFF00,0xFFFF],
-// CURVE_Gx :[0x98C296,0x3945D8,0xA0F4A1,0x2DEB33,0x37D81,0x40F277,0xE563A4,0xF8BCE6,0x2C4247,0xD1F2E1,0x6B17],
-// CURVE_Gy :[0xBF51F5,0x406837,0xCECBB6,0x6B315E,0xCE3357,0x9E162B,0x4A7C0F,0x8EE7EB,0x1A7F9B,0x42E2FE,0x4FE3],
-
-/* MF254 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFD08D,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Order:[0x8DF83F,0x19C4AF,0xC06FA4,0xDA375,0x818BEA,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3F80],
-//CURVE_Gx :[0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xD4EBC,0xDF37F9,0x31AD65,0xF85119,0xB738E3,0x8AEBDF,0x75BD77,0x4AE15A,0x2E5601,0x3FD33B,0x140E],
-
-/* MF254 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x367B,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x2701E5,0xD0FDAF,0x187C52,0xE3212,0x329A84,0x3F4E36,0xD50236,0x951D00,0xA4C335,0xE690D6,0x19F0],
-
-
-/* MF254 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -55790,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x6E98C7,0xD3FEC4,0xB0EAF3,0x8BD62F,0x95306C,0xFFFFEB,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFFFF,0xFE0],
-// CURVE_Gx: [0x3,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS255 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0xFFAB46,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Order:[0x594AEB,0xAC983C,0xDFAB8F,0x3AD2B3,0x4A3828,0xFFFF86,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x7FFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xCB44BA,0xFF6769,0xD1733,0xDDFDA6,0xB6C78C,0x7D177D,0xF9B2FF,0x921EBF,0xBA7833,0x6AC0ED,0x6F7A],
-
-/* MS255 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0xEA97,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-//CURVE_Gx :[0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x8736A0,0x255BD0,0x45BA2A,0xED445A,0x914B8A,0x47E552,0xDD8E0C,0xEC254C,0x7BB545,0x78534A,0x26CB],
-
-/* MS255 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -240222,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order: [0x36EB75,0xD1ED04,0x2EAC49,0xEDA683,0xF1A785,0xFFFFDC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x1FFF],
-// CURVE_Gx: [0x4,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MS256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x25581,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x51A825,0x202947,0x6020AB,0xEA265C,0x3C8275,0xFFFFE4,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFF],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xB56C77,0x6306C2,0xC10BF4,0x75894E,0x2C2F93,0xDD6BD0,0x6CCEEE,0xFC82C9,0xE466D7,0x1853C1,0x696F],
-
-/* MS256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x3BEE,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-//CURVE_Gx :[0xD,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x1CADBA,0x6FB533,0x3F707F,0x824D30,0x2A6D63,0x46BFBE,0xB39FA0,0xA3D330,0x1276DB,0xB41E2A,0x7D0A],
-
-/* MS256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -61370,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0x22B4AD,0x4E6F11,0x64E5B8,0xD0A6BC,0x6AA55A,0xFFFFBE,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FFF],
-// CURVE_Gx: [0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* MF256 Modulus, Weierstrass Curve */
-//CURVETYPE:0,
-//CURVE_A : -3,
-//CURVE_B : [0x14E6A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0x9857EB,0xC5E1A7,0x4B9D10,0xE6E507,0x517513,0xFFFFFC,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFA7],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0x724D2A,0x954C2B,0x661007,0x8D94DC,0x6947EB,0xAE2895,0x26123D,0x7BABBA,0x1808CE,0x7C87BE,0x2088],
-
-/* MF256 Modulus, Edwards Curve */
-//CURVETYPE:1,
-//CURVE_A : -1,
-//CURVE_B : [0x350A,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-//CURVE_Gx :[0x1,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-//CURVE_Gy :[0xF3C908,0xA722F2,0x8D7DEA,0x8DFEA6,0xC05E64,0x1AACA0,0xF3DB2C,0xEAEBEE,0xCC4D5A,0xD4F8F8,0xDAD8],
-
-/* MF256 Modulus, Montgomery Curve */
-// CURVETYPE: 2,
-// CURVE_A : -54314,
-// CURVE_B : [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Order:[0xEC7BAB,0x2EDED8,0xC966D9,0xB86733,0x54BBAF,0xFFFFB1,0xFFFFFF,0xFFFFFF,0xFFFFFF,0xFFFFFF,0x3FE9],
-// CURVE_Gx: [0x8,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-// CURVE_Gy: [0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-
-/* Brainpool */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0xE92B04,0x8101FE,0x256AE5,0xAF2F49,0x93EBC4,0x76B7BF,0x733D0B,0xFE66A7,0xD84EA4,0x61C430,0x662C],
-// CURVE_Order:[0x4856A7,0xE8297,0xF7901E,0xB561A6,0x397AA3,0x8D718C,0x909D83,0x3E660A,0xEEA9BC,0x57DBA1,0xA9FB],
-// CURVE_Gx :[0x1305F4,0x91562E,0x2B79A1,0x7AAFBC,0xA142C4,0x6149AF,0xB23A65,0x732213,0xCFE7B7,0xEB3CC1,0xA3E8],
-// CURVE_Gy :[0x25C9BE,0xE8F35B,0x1DAB,0x39D027,0xBCB6DE,0x417E69,0xE14644,0x7F7B22,0x39C56D,0x6C8234,0x2D99],
-
-/* ANSSI */
-// CURVETYPE:0,
-// CURVE_A : -3,
-// CURVE_B : [0x7BB73F,0xED967B,0x803075,0xE4B1A1,0xEC0C9A,0xC00FDF,0x754A44,0xD4ABA,0x28A930,0x3FCA54,0xEE35],
-// CURVE_Order:[0xD655E1,0xD459C6,0x941FFD,0x40D2BF,0xDC67E1,0x435B53,0xE8CE42,0x10126D,0x3AD58F,0x178C0B,0xF1FD],
-// CURVE_Gx :[0x8F5CFF,0x7A2DD9,0x164C9,0xAF98B7,0x27D2DC,0x23958C,0x4749D4,0x31183D,0xC139EB,0xD4C356,0xB6B3],
-// CURVE_Gy :[0x62CFB,0x5A1554,0xE18311,0xE8E4C9,0x1C307,0xEF8C27,0xF0F3EC,0x1F9271,0xB20491,0xE0F7C8,0x6142],
-
-
-/* BNCX Curve */
-
- CURVETYPE:0,
- CURVE_A : 0,
- CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- CURVE_Order:[0xEB1F6D,0xC0A636,0xCEBE11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Bnx:[0xC012B1,0x3,0x4000],
- CURVE_Cru:[0x235C97,0x931794,0x5631E0,0x71EF87,0xBDDF64,0x3F1440,0xCA8,0x480000],
- CURVE_Fra:[0xC80EA3,0x83355,0x215BD9,0xF173F8,0x677326,0x189868,0x8AACA7,0xAFE18B,0x3A0164,0x82FA6,0x1359],
- CURVE_Frb:[0x534710,0x1BBC06,0xC0628D,0x269546,0xD863C7,0x4E3ABB,0xD9CDBC,0xDC53,0x3628A9,0xF7D062,0x10A6],
- CURVE_Pxa:[0xD2EC74,0x1CEEE4,0x26C085,0xA03E27,0x7C85BF,0x4BBB90,0xF5C3,0x358B25,0x53B256,0x2D2C70,0x1968],
- CURVE_Pxb:[0x29CFE1,0x8E8B2E,0xF47A5,0xC209C3,0x1B97B0,0x9743F8,0x37A8E9,0xA011C9,0x19F64A,0xB9EC3E,0x1466],
- CURVE_Pya:[0xBE09F,0xFCEBCF,0xB30CFB,0x847EC1,0x61B33D,0xE20963,0x157DAE,0xD81E22,0x332B8D,0xEDD972,0xA79],
- CURVE_Pyb:[0x98EE9D,0x4B2288,0xEBED90,0x69D2ED,0x864EA5,0x3461C2,0x512D8D,0x35C6E4,0xC4C090,0xC39EC,0x616],
- CURVE_Gx :[0x1B55B2,0x23EF5C,0xE1BE66,0x18093E,0x3FD6EE,0x66D324,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- CURVE_Gy :[0x1],
-
-// Arrays must be padded!
-
- CURVE_W:[[0x2FEB83,0x634916,0x120054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- CURVE_SB:[[[0xB010E4,0x63491D,0x128054,0xB4038,0x0,0x60,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0xBB33EA,0x5D5D20,0xBCBDBD,0x188CE,0x3FD6EE,0x66D264,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]]],
- CURVE_WB:[[0x7A84B0,0x211856,0xB0401C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0],
- [0x220475,0xF995BE,0x9A36CD,0xA8CA7F,0x7E94ED,0x2A0DC0,0x870,0x300000,0x0,0x0,0x0],
- [0xF10B93,0xFCCAE0,0xCD3B66,0xD4653F,0x3F4A76,0x1506E0,0x438,0x180000,0x0,0x0,0x0],
- [0xFAAA11,0x21185D,0xB0C01C,0x3C012,0x0,0x20,0x0,0x0,0x0,0x0,0x0]],
- CURVE_BB:[[[0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBD,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0x2B0CBC,0xC0A633,0xCE7E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400]],
- [[0x802562,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x802561,0x7,0x8000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]],
- [[0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x4AC2,0xF,0x10000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
- [0x6AFA0A,0xC0A62F,0xCE3E11,0xCC906,0x3FD6EE,0x66D2C4,0x647A63,0xB0BDDF,0x702A0D,0x8,0x2400],
- [0xC012B2,0x3,0x4000,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0]]],
-
-/* BNT Curve */
-/*
-CURVETYPE:0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0x30210D,0x777E8D,0x363A75,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Bnx:[0x4081,0x806000,0x4000],
-CURVE_Cru:[0x4FCD87,0x53D5AB,0x1FADEB,0xF2BAB1,0x4C82A5,0x4C976,0x476515,0x4801B1],
-CURVE_Fra:[0xC80022,0xD14EAD,0xE359F5,0xD6FACC,0x6C4904,0x3211BE,0xF190A1,0x4F6509,0xBBC439,0xA292C9,0x1328],
-CURVE_Frb:[0xECA6F1,0xEAB040,0xD764A7,0x3DF997,0x1E0C51,0xA3DEB0,0x450657,0xAAA6A1,0x5B3D15,0x7E489B,0x10D8],
-CURVE_Pxa:[0x8E65BB,0x87E228,0x13BE89,0x1CAA63,0xCC00AD,0x548B7C,0x325041,0xBCC055,0xC1339E,0x3FCD04,0x1448],
-CURVE_Pxb:[0xDBE2C0,0x888808,0x853A67,0xF81E34,0x957FE1,0x51B57B,0xA631A,0xDA3FC5,0x4EC302,0x46B338,0x87F],
-CURVE_Pya:[0x20CA1D,0x2C47E0,0xF36C20,0x7E8399,0x4CB416,0x9F72C9,0xC6E543,0x4A2C69,0x2B0BD7,0xC29C10,0x14E8],
-CURVE_Pyb:[0x6628F2,0x437C71,0xDC6BD8,0x67BCB7,0xA27E1,0x72681D,0xA82C75,0xEDEC18,0x454BD1,0xE2A462,0x17AF],
-CURVE_Gx :[0xB4A712,0xBBFEEE,0xBABE9D,0x14F464,0x8A5556,0xD5F06E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x838403,0x430061,0x838426,0x824199,0x18121,0x60],[0x8101,0xC000,0x8001]],
-CURVE_SB:[[[0x840504,0x43C061,0x840427,0x824199,0x18121,0x60],[0x8101,0xC000,0x8001]],[[0x8101,0xC000,0x8001],[0xAC9D0A,0x347E2B,0xB2B64F,0x107131,0x875313,0xD5EFAE,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]]],
-CURVE_WB:[[0x80C080,0x406020,0x80C161,0x80C088,0x8060,0x20],[0x8C4A85,0x390408,0x6C36B5,0xA352DC,0xDEAD2F,0x58868E,0xDA4363,0x300120],[0x464583,0xDCB204,0x363B5A,0xD1A96E,0x6F5697,0xAC4347,0x6D21B1,0x180090],[0x814181,0x412020,0x814162,0x80C088,0x8060,0x20]],
-CURVE_BB:[[[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x8102,0xC000,0x8001]],[[0x8101,0xC000,0x8001],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08D,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x2FE08C,0xF71E8D,0x35FA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401]],[[0x8102,0xC000,0x8001],[0x8101,0xC000,0x8001],[0x8101,0xC000,0x8001],[0x8101,0xC000,0x8001]],[[0x4082,0x806000,0x4000],[0x10202,0x18000,0x10002],[0x2FA00A,0x76BE8D,0x35BA74,0x92B2CB,0x88D434,0xD5F00E,0x3696F8,0xFA0BAB,0x17014E,0x20DB65,0x2401],[0x4082,0x806000,0x4000]]],
-
-*/
-
-/* BNT2 Curve */
-/*
-CURVETYPE:0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xAA2BF5,0x71A511,0x33D7FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Bnx:[0x608205,0x20100,0x4000],
-CURVE_Cru:[0x66BD33,0x274448,0xEFB50,0x301647,0x755B77,0xECF236,0xC3617B,0x480006],
-CURVE_Fra:[0xAEF062,0x68C973,0xE492B2,0x33C3BC,0xBCC69B,0x7F195B,0xF67FA3,0xBD0A41,0xE8CAB6,0xB8D29,0x124E],
-CURVE_Frb:[0xB1B429,0x736240,0x6D5600,0xF52D19,0x12CD48,0x50E726,0x18BBE6,0xFA43DE,0x268FF6,0xF8F517,0x11B1],
-CURVE_Pxa:[0x40A3C8,0x92399F,0x784ACC,0xE96611,0x35CDA4,0x61706B,0x7B0569,0x8279D7,0x93C631,0x17CF96,0x16FC],
-CURVE_Pxb:[0x549540,0x7A8AD8,0x61055,0xE6F651,0xDB6F7B,0xA95D17,0x565907,0x9C8188,0x597590,0xB500BD,0x1EB5],
-CURVE_Pya:[0x220513,0xECC514,0x7B147B,0x860E73,0x844A78,0x35F126,0x51B839,0x9D4DFA,0x1422AA,0xE49876,0x1E8E],
-CURVE_Pyb:[0x7CE78E,0x328F57,0x781FB9,0xE26FA5,0x7EB746,0x1FB8E2,0xA93DBC,0xA29D76,0xE33BDB,0xF4CDBA,0x23CE],
-CURVE_Gx :[0x60A48A,0xDC2BB4,0x51E8B2,0x28F0D6,0xCF93E4,0xD00081,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x347083,0x6282A1,0x1D10B7,0x1399E,0x603,0x60],[0xC10409,0x40200,0x8000]],
-CURVE_SB:[[[0xF5748C,0x6684A1,0x1D90B7,0x1399E,0x603,0x60],[0xC10409,0x40200,0x8000]],[[0xC10409,0x40200,0x8000],[0x75BB72,0xF2270,0x16C744,0x267D9A,0xCF87DE,0xCFFFC1,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]]],
-CURVE_WB:[[0x70A224,0x72D48A,0x94592,0x688A,0x201,0x20],[0x30EF19,0x572CF0,0x721D5A,0x763543,0xA39651,0x48A1B9,0x8240FD,0x300004],[0x48B88F,0x2C96F8,0xB92EAD,0xBB1AA1,0xD1CB28,0xA450DC,0x41207E,0x180002],[0x31A62D,0x76D68B,0x9C592,0x688A,0x201,0x20]],
-CURVE_BB:[[[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0xC1040A,0x40200,0x8000]],[[0xC10409,0x40200,0x8000],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F1,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x49A9F0,0x6FA411,0x3397FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400]],[[0xC1040A,0x40200,0x8000],[0xC10409,0x40200,0x8000],[0xC10409,0x40200,0x8000],[0xC10409,0x40200,0x8000]],[[0x608206,0x20100,0x4000],[0x820812,0x80401,0x10000],[0xE927EA,0x6DA310,0x3357FB,0x27B738,0xCF8DE1,0xD00021,0xF3B89,0xB74E20,0xF5AAD,0x48241,0x2400],[0x608206,0x20100,0x4000]]],
-*/
-
-/* BN Curve */
-/*
-CURVETYPE:0,
-CURVE_A : 0,
-CURVE_B : [0x2,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0],
-CURVE_Order:[0xD,0x0,0x10A100,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Bnx:[0x1,0x0,0x4080],
-CURVE_Cru:[0x7,0x0,0x6CD80,0x0,0x90000,0x249,0x400000,0x49B362],
-CURVE_Fra:[0x2A6DE9,0xE6C06F,0xC2E17D,0x4D3F77,0x97492,0x953F85,0x50A846,0xB6499B,0x2E7C8C,0x761921,0x1B37],
-CURVE_Frb:[0xD5922A,0x193F90,0x50C582,0xB2C088,0x178B6D,0x6AC8DC,0x2F57B9,0x3EAB2,0xD18375,0xEE691E,0x9EB],
-CURVE_Pxa:[0xFD0CB4,0x2C7935,0x7C2BAB,0xE4FCC5,0xA5E319,0x763B05,0x24F6DF,0x335FB7,0x5EA7EA,0x4D4F5,0x95B],
-CURVE_Pxb:[0x962455,0x7D0790,0x5E38A0,0x3D27AA,0x6D86BE,0x47F39D,0x89E057,0x9D42BF,0x8347B4,0xD8A7C0,0x5D4],
-CURVE_Pya:[0x8A46C,0xCE687A,0x91F9AD,0xE98A41,0x82B30,0xB1F169,0x4C3784,0xA16D1C,0xE5313F,0x2ABF25,0xABF],
-CURVE_Pyb:[0xF306EC,0x88D405,0xA0E6DF,0x6ADD13,0x48207,0x9D6A5C,0x1E4781,0xB38627,0x79DABD,0x9A87E6,0x1876],
-CURVE_Gx :[0x12,0x0,0x13A700,0x0,0x210000,0x861,0x800000,0xBA344D,0x1,0x648240,0x2523],
-CURVE_Gy :[0x1],
-CURVE_W:[[0x3,0x0,0x20400,0x0,0x818000,0x61],[0x1,0x0,0x8100]],
-CURVE_SB:[[[0x4,0x0,0x28500,0x0,0x818000,0x61],[0x1,0x0,0x8100]],[[0x1,0x0,0x8100],[0xA,0x0,0xE9D00,0x0,0x1E0000,0x79E,0x800000,0xBA344D,0x1,0x648240,0x2523]]],
-CURVE_WB:[[0x0,0x0,0x4080,0x0,0x808000,0x20],[0x5,0x0,0x54A80,0x0,0x70000,0x1C7,0x800000,0x312241],[0x3,0x0,0x2C580,0x0,0x838000,0xE3,0xC00000,0x189120],[0x1,0x0,0xC180,0x0,0x808000,0x20]],
-CURVE_BB:[[[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x8100]],[[0x1,0x0,0x8100],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xD,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0xC,0x0,0x106080,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523]],[[0x2,0x0,0x8100],[0x1,0x0,0x8100],[0x1,0x0,0x8100],[0x1,0x0,0x8100]],[[0x2,0x0,0x4080],[0x2,0x0,0x10200],[0xA,0x0,0x102000,0x0,0x9F8000,0x7FF,0x800000,0xBA344D,0x1,0x648240,0x2523],[0x2,0x0,0x4080]]],
-
-*/
-
- debug: false,
-
-// HASH constants
-
- H0:0x6A09E667,
- H1:0xBB67AE85,
- H2:0x3C6EF372,
- H3:0xA54FF53A,
- H4:0x510E527F,
- H5:0x9B05688C,
- H6:0x1F83D9AB,
- H7:0x5BE0CD19,
-
- HK:[0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2],
-
-// AES constants
-
- ECB:0,
- CBC:1,
- CFB1:2,
- CFB2:3,
- CFB4:5,
- OFB1:14,
- OFB2:15,
- OFB4:17,
- OFB8:21,
- OFB16:29,
-
- InCo:[0xB,0xD,0x9,0xE], /* Inverse Coefficients */
- rco:[1,2,4,8,16,32,64,128,27,54,108,216,171,77,154,47],
-
- ptab:[
- 1,3,5,15,17,51,85,255,26,46,114,150,161,248,19,53,
- 95,225,56,72,216,115,149,164,247,2,6,10,30,34,102,170,
- 229,52,92,228,55,89,235,38,106,190,217,112,144,171,230,49,
- 83,245,4,12,20,60,68,204,79,209,104,184,211,110,178,205,
- 76,212,103,169,224,59,77,215,98,166,241,8,24,40,120,136,
- 131,158,185,208,107,189,220,127,129,152,179,206,73,219,118,154,
- 181,196,87,249,16,48,80,240,11,29,39,105,187,214,97,163,
- 254,25,43,125,135,146,173,236,47,113,147,174,233,32,96,160,
- 251,22,58,78,210,109,183,194,93,231,50,86,250,21,63,65,
- 195,94,226,61,71,201,64,192,91,237,44,116,156,191,218,117,
- 159,186,213,100,172,239,42,126,130,157,188,223,122,142,137,128,
- 155,182,193,88,232,35,101,175,234,37,111,177,200,67,197,84,
- 252,31,33,99,165,244,7,9,27,45,119,153,176,203,70,202,
- 69,207,74,222,121,139,134,145,168,227,62,66,198,81,243,14,
- 18,54,90,238,41,123,141,140,143,138,133,148,167,242,13,23,
- 57,75,221,124,132,151,162,253,28,36,108,180,199,82,246,1
- ],
- ltab:[
- 0,255,25,1,50,2,26,198,75,199,27,104,51,238,223,3,
- 100,4,224,14,52,141,129,239,76,113,8,200,248,105,28,193,
- 125,194,29,181,249,185,39,106,77,228,166,114,154,201,9,120,
- 101,47,138,5,33,15,225,36,18,240,130,69,53,147,218,142,
- 150,143,219,189,54,208,206,148,19,92,210,241,64,70,131,56,
- 102,221,253,48,191,6,139,98,179,37,226,152,34,136,145,16,
- 126,110,72,195,163,182,30,66,58,107,40,84,250,133,61,186,
- 43,121,10,21,155,159,94,202,78,212,172,229,243,115,167,87,
- 175,88,168,80,244,234,214,116,79,174,233,213,231,230,173,232,
- 44,215,117,122,235,22,11,245,89,203,95,176,156,169,81,160,
- 127,12,246,111,23,196,73,236,216,67,31,45,164,118,123,183,
- 204,187,62,90,251,96,177,134,59,82,161,108,170,85,41,157,
- 151,178,135,144,97,190,220,252,188,149,207,205,55,63,91,209,
- 83,57,132,60,65,162,109,71,20,42,158,93,86,242,211,171,
- 68,17,146,217,35,32,46,137,180,124,184,38,119,153,227,165,
- 103,74,237,222,197,49,254,24,13,99,140,128,192,247,112,7
- ],
- fbsub:[
- 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,
- 202,130,201,125,250,89,71,240,173,212,162,175,156,164,114,192,
- 183,253,147,38,54,63,247,204,52,165,229,241,113,216,49,21,
- 4,199,35,195,24,150,5,154,7,18,128,226,235,39,178,117,
- 9,131,44,26,27,110,90,160,82,59,214,179,41,227,47,132,
- 83,209,0,237,32,252,177,91,106,203,190,57,74,76,88,207,
- 208,239,170,251,67,77,51,133,69,249,2,127,80,60,159,168,
- 81,163,64,143,146,157,56,245,188,182,218,33,16,255,243,210,
- 205,12,19,236,95,151,68,23,196,167,126,61,100,93,25,115,
- 96,129,79,220,34,42,144,136,70,238,184,20,222,94,11,219,
- 224,50,58,10,73,6,36,92,194,211,172,98,145,149,228,121,
- 231,200,55,109,141,213,78,169,108,86,244,234,101,122,174,8,
- 186,120,37,46,28,166,180,198,232,221,116,31,75,189,139,138,
- 112,62,181,102,72,3,246,14,97,53,87,185,134,193,29,158,
- 225,248,152,17,105,217,142,148,155,30,135,233,206,85,40,223,
- 140,161,137,13,191,230,66,104,65,153,45,15,176,84,187,22
- ],
- rbsub:[
- 82,9,106,213,48,54,165,56,191,64,163,158,129,243,215,251,
- 124,227,57,130,155,47,255,135,52,142,67,68,196,222,233,203,
- 84,123,148,50,166,194,35,61,238,76,149,11,66,250,195,78,
- 8,46,161,102,40,217,36,178,118,91,162,73,109,139,209,37,
- 114,248,246,100,134,104,152,22,212,164,92,204,93,101,182,146,
- 108,112,72,80,253,237,185,218,94,21,70,87,167,141,157,132,
- 144,216,171,0,140,188,211,10,247,228,88,5,184,179,69,6,
- 208,44,30,143,202,63,15,2,193,175,189,3,1,19,138,107,
- 58,145,17,65,79,103,220,234,151,242,207,206,240,180,230,115,
- 150,172,116,34,231,173,53,133,226,249,55,232,28,117,223,110,
- 71,241,26,113,29,41,197,137,111,183,98,14,170,24,190,27,
- 252,86,62,75,198,210,121,32,154,219,192,254,120,205,90,244,
- 31,221,168,51,136,7,199,49,177,18,16,89,39,128,236,95,
- 96,81,127,169,25,181,74,13,45,229,122,159,147,201,156,239,
- 160,224,59,77,174,42,245,176,200,235,187,60,131,83,153,97,
- 23,43,4,126,186,119,214,38,225,105,20,99,85,33,12,125
- ],
- ftable:[
- 0xa56363c6,0x847c7cf8,0x997777ee,0x8d7b7bf6,0xdf2f2ff,0xbd6b6bd6,
- 0xb16f6fde,0x54c5c591,0x50303060,0x3010102,0xa96767ce,0x7d2b2b56,
- 0x19fefee7,0x62d7d7b5,0xe6abab4d,0x9a7676ec,0x45caca8f,0x9d82821f,
- 0x40c9c989,0x877d7dfa,0x15fafaef,0xeb5959b2,0xc947478e,0xbf0f0fb,
- 0xecadad41,0x67d4d4b3,0xfda2a25f,0xeaafaf45,0xbf9c9c23,0xf7a4a453,
- 0x967272e4,0x5bc0c09b,0xc2b7b775,0x1cfdfde1,0xae93933d,0x6a26264c,
- 0x5a36366c,0x413f3f7e,0x2f7f7f5,0x4fcccc83,0x5c343468,0xf4a5a551,
- 0x34e5e5d1,0x8f1f1f9,0x937171e2,0x73d8d8ab,0x53313162,0x3f15152a,
- 0xc040408,0x52c7c795,0x65232346,0x5ec3c39d,0x28181830,0xa1969637,
- 0xf05050a,0xb59a9a2f,0x907070e,0x36121224,0x9b80801b,0x3de2e2df,
- 0x26ebebcd,0x6927274e,0xcdb2b27f,0x9f7575ea,0x1b090912,0x9e83831d,
- 0x742c2c58,0x2e1a1a34,0x2d1b1b36,0xb26e6edc,0xee5a5ab4,0xfba0a05b,
- 0xf65252a4,0x4d3b3b76,0x61d6d6b7,0xceb3b37d,0x7b292952,0x3ee3e3dd,
- 0x712f2f5e,0x97848413,0xf55353a6,0x68d1d1b9,0x0,0x2cededc1,
- 0x60202040,0x1ffcfce3,0xc8b1b179,0xed5b5bb6,0xbe6a6ad4,0x46cbcb8d,
- 0xd9bebe67,0x4b393972,0xde4a4a94,0xd44c4c98,0xe85858b0,0x4acfcf85,
- 0x6bd0d0bb,0x2aefefc5,0xe5aaaa4f,0x16fbfbed,0xc5434386,0xd74d4d9a,
- 0x55333366,0x94858511,0xcf45458a,0x10f9f9e9,0x6020204,0x817f7ffe,
- 0xf05050a0,0x443c3c78,0xba9f9f25,0xe3a8a84b,0xf35151a2,0xfea3a35d,
- 0xc0404080,0x8a8f8f05,0xad92923f,0xbc9d9d21,0x48383870,0x4f5f5f1,
- 0xdfbcbc63,0xc1b6b677,0x75dadaaf,0x63212142,0x30101020,0x1affffe5,
- 0xef3f3fd,0x6dd2d2bf,0x4ccdcd81,0x140c0c18,0x35131326,0x2fececc3,
- 0xe15f5fbe,0xa2979735,0xcc444488,0x3917172e,0x57c4c493,0xf2a7a755,
- 0x827e7efc,0x473d3d7a,0xac6464c8,0xe75d5dba,0x2b191932,0x957373e6,
- 0xa06060c0,0x98818119,0xd14f4f9e,0x7fdcdca3,0x66222244,0x7e2a2a54,
- 0xab90903b,0x8388880b,0xca46468c,0x29eeeec7,0xd3b8b86b,0x3c141428,
- 0x79dedea7,0xe25e5ebc,0x1d0b0b16,0x76dbdbad,0x3be0e0db,0x56323264,
- 0x4e3a3a74,0x1e0a0a14,0xdb494992,0xa06060c,0x6c242448,0xe45c5cb8,
- 0x5dc2c29f,0x6ed3d3bd,0xefacac43,0xa66262c4,0xa8919139,0xa4959531,
- 0x37e4e4d3,0x8b7979f2,0x32e7e7d5,0x43c8c88b,0x5937376e,0xb76d6dda,
- 0x8c8d8d01,0x64d5d5b1,0xd24e4e9c,0xe0a9a949,0xb46c6cd8,0xfa5656ac,
- 0x7f4f4f3,0x25eaeacf,0xaf6565ca,0x8e7a7af4,0xe9aeae47,0x18080810,
- 0xd5baba6f,0x887878f0,0x6f25254a,0x722e2e5c,0x241c1c38,0xf1a6a657,
- 0xc7b4b473,0x51c6c697,0x23e8e8cb,0x7cdddda1,0x9c7474e8,0x211f1f3e,
- 0xdd4b4b96,0xdcbdbd61,0x868b8b0d,0x858a8a0f,0x907070e0,0x423e3e7c,
- 0xc4b5b571,0xaa6666cc,0xd8484890,0x5030306,0x1f6f6f7,0x120e0e1c,
- 0xa36161c2,0x5f35356a,0xf95757ae,0xd0b9b969,0x91868617,0x58c1c199,
- 0x271d1d3a,0xb99e9e27,0x38e1e1d9,0x13f8f8eb,0xb398982b,0x33111122,
- 0xbb6969d2,0x70d9d9a9,0x898e8e07,0xa7949433,0xb69b9b2d,0x221e1e3c,
- 0x92878715,0x20e9e9c9,0x49cece87,0xff5555aa,0x78282850,0x7adfdfa5,
- 0x8f8c8c03,0xf8a1a159,0x80898909,0x170d0d1a,0xdabfbf65,0x31e6e6d7,
- 0xc6424284,0xb86868d0,0xc3414182,0xb0999929,0x772d2d5a,0x110f0f1e,
- 0xcbb0b07b,0xfc5454a8,0xd6bbbb6d,0x3a16162c
- ],
- rtable:[
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,0xcb6bab3b,0xf1459d1f,
- 0xab58faac,0x9303e34b,0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,0x495ab1de,0x671bba25,
- 0x980eea45,0xe1c0fe5d,0x2752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,0x2d83bed4,0xd3217458,
- 0x2969e049,0x44c8c98e,0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,0x184adf63,0x82311ae5,
- 0x60335197,0x457f5362,0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,0x23d373ab,0xe2024b72,
- 0x578f1fe3,0x2aab5566,0x728ebb2,0x3c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,0x2b1ccf8a,0x92b479a7,
- 0xf0f207f3,0xa1e2694e,0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,0x39ec830b,0xaaef6040,
- 0x69f715e,0x51106ebd,0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x55dc471,0x6fd40604,0xff155060,0x24fb9819,0x97e9bdd6,
- 0xcc434089,0x779ed967,0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x0,0x83868009,0x48ed2b32,
- 0xac70111e,0x4e725a6c,0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,0xb1670a0c,0xfe75793,
- 0xd296eeb4,0x9e919b1b,0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0xaba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,0xb0d090e,0xadc78bf2,
- 0xb9a8b62d,0xc8a91e14,0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,0x7629438b,0xdcc623cb,
- 0x68fcedb6,0x63f1e4b8,0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,0x4b2f9e1d,0xf330b2dc,
- 0xec52860d,0xd0e3c177,0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,0xc74e4987,0xc1d138d9,
- 0xfea2ca8c,0x360bd498,0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0xd927850,0x9bcc5f6a,0x62467e54,0xc2138df6,0xe8b8d890,
- 0x5ef7392e,0xf5afc382,0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,0x97826cd,0xf418596e,
- 0x1b79aec,0xa89a4f83,0x656e95e6,0x7ee6ffaa,0x8cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,0xafb2a431,0x31233f2a,
- 0x3094a5c6,0xc066a235,0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0xe50cd7f,0x2ff69117,0x8dd64d76,0x4db0ef43,
- 0x544daacc,0xdf0496e4,0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x4ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,0x5a1d67b3,0x52d2db92,
- 0x335610e9,0x1347d66d,0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,0x59dfd29c,0x3f73f255,
- 0x79ce1418,0xbf37c773,0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,0x72c31d16,0xc25e2bc,
- 0x8b493c28,0x41950dff,0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0
- ],
-
-// GCM constants
-
- GCM_ACCEPTING_HEADER:0,
- GCM_ACCEPTING_CIPHER:1,
- GCM_NOT_ACCEPTING_MORE:2,
- GCM_FINISHED:3,
- GCM_ENCRYPTING:0,
- GCM_DECRYPTING:1
-
-};
-
-ROM.DNLEN=2*ROM.NLEN;
-ROM.MASK=(1<<ROM.BASEBITS)-1;
-
-ROM.TBITS=ROM.MODBITS%ROM.BASEBITS;
-ROM.OMASK=(-1)<<ROM.TBITS;
-ROM.TMASK=(1<<ROM.TBITS)-1;
-
-ROM.NEXCESS=(1<<(ROM.CHUNK-ROM.BASEBITS-1)); // 2^(CHUNK-BASEBITS-1)
-ROM.FEXCESS=(1<<(ROM.BASEBITS*ROM.NLEN-ROM.MODBITS)); // 2^(BASEBITS*NLEN-MODBITS)
-
-ROM.FFLEN=(ROM.FF_BITS/256);
-ROM.HFLEN=(ROM.FFLEN/2); /* Useful for half-size RSA private key operations */
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/RSA.js
----------------------------------------------------------------------
diff --git a/js/RSA.js b/js/RSA.js
deleted file mode 100755
index 5b90770..0000000
--- a/js/RSA.js
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* RSA API Functions */
-
-var rsa_private_key=function(n)
-{
- this.p=new FF(n);
- this.q=new FF(n);
- this.dp=new FF(n);
- this.dq=new FF(n);
- this.c=new FF(n);
-};
-
-var rsa_public_key=function(m)
-{
- this.e=0;
- this.n=new FF(m);
-};
-
-
-
-RSA= {
- RFS: ROM.MODBYTES*ROM.FFLEN,
-
- bytestohex: function(b)
- {
- var s="";
- var len=b.length;
- var ch;
-
- for (var i=0;i<len;i++)
- {
- ch=b[i];
- s+=((ch>>>4)&15).toString(16);
- s+=(ch&15).toString(16);
-
- }
- return s;
- },
-
- bytestostring: function(b)
- {
- var s="";
- for (var i=0;i<b.length;i++)
- {
- s+=String.fromCharCode(b[i]);
- }
- return s;
- },
-
- stringtobytes: function(s)
- {
- var b=[];
- for (var i=0;i<s.length;i++)
- b.push(s.charCodeAt(i));
- return b;
- },
-
-
- KEY_PAIR: function(rng,e,PRIV,PUB)
- { /* IEEE1363 A16.11/A16.12 more or less */
-
- // var m,r,bytes,hbytes,words,err,res=0;
- var n=PUB.n.length>>1;
- var t = new FF(n);
- var p1=new FF(n);
- var q1=new FF(n);
-
- for (;;)
- {
-
- PRIV.p.random(rng);
- while (PRIV.p.lastbits(2)!=3) PRIV.p.inc(1);
- while (!FF.prime(PRIV.p,rng)) PRIV.p.inc(4);
-
- p1.copy(PRIV.p);
- p1.dec(1);
-
- if (p1.cfactor(e)) continue;
- break;
- }
-
- for (;;)
- {
- PRIV.q.random(rng);
- while (PRIV.q.lastbits(2)!=3) PRIV.q.inc(1);
- while (!FF.prime(PRIV.q,rng)) PRIV.q.inc(4);
-
- q1.copy(PRIV.q);
- q1.dec(1);
-
- if (q1.cfactor(e)) continue;
- break;
- }
-
- PUB.n=FF.mul(PRIV.p,PRIV.q);
- PUB.e=e;
-
- t.copy(p1);
- t.shr();
- PRIV.dp.set(e);
- PRIV.dp.invmodp(t);
- if (PRIV.dp.parity()===0) PRIV.dp.add(t);
- PRIV.dp.norm();
-
- t.copy(q1);
- t.shr();
- PRIV.dq.set(e);
- PRIV.dq.invmodp(t);
- if (PRIV.dq.parity()===0) PRIV.dq.add(t);
- PRIV.dq.norm();
-
- PRIV.c.copy(PRIV.p);
- PRIV.c.invmodp(PRIV.q);
-
- return;
- },
-
-/* Mask Generation Function */
- MGF1: function(Z,olen,K)
- {
- var H=new HASH();
- var i,hlen=H.len;
- var B=[];
-
- var counter,cthreshold,k=0;
- for (i=0;i<K.length;i++) K[i]=0;
-
- cthreshold=Math.floor(olen/hlen); if (olen%hlen!==0) cthreshold++;
- for (counter=0;counter<cthreshold;counter++)
- {
- H.process_array(Z); H.process_num(counter);
- B=H.hash();
-
- if (k+hlen>olen) for (i=0;i<olen%hlen;i++) K[k++]=B[i];
- else for (i=0;i<hlen;i++) K[k++]=B[i];
- }
- },
-
- /* OAEP Message Encoding for Encryption */
- OAEP_ENCODE: function(m,rng,p)
- {
- var i,slen,olen=RSA.RFS-1;
- var mlen=m.length;
- var hlen,seedlen;
- var f=[];
-
- var H=new HASH();
- hlen=H.len;
- var SEED=[];
- seedlen=hlen;
- if (mlen>olen-hlen-seedlen-1) return null;
-
- var DBMASK=[];
-
- if (p!==null) H.process_array(p);
- var h=H.hash();
- for (i=0;i<hlen;i++) f[i]=h[i];
-
- slen=olen-mlen-hlen-seedlen-1;
-
- for (i=0;i<slen;i++) f[hlen+i]=0;
- f[hlen+slen]=1;
- for (i=0;i<mlen;i++) f[hlen+slen+1+i]=m[i];
-
- for (i=0;i<seedlen;i++) SEED[i]=rng.getByte();
- this.MGF1(SEED,olen-seedlen,DBMASK);
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
- this.MGF1(DBMASK,seedlen,f);
-
- for (i=0;i<seedlen;i++) f[i]^=SEED[i];
-
- for (i=0;i<olen-seedlen;i++) f[i+seedlen]=DBMASK[i];
-
- /* pad to length RFS */
- var d=1;
- for (i=RSA.RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- return f;
- },
-
- /* OAEP Message Decoding for Decryption */
- OAEP_DECODE: function(p,f)
- {
- var x,t;
- var comp;
- var i,k,olen=RSA.RFS-1;
- var hlen,seedlen;
-
- var H=new HASH();
- hlen=H.len;
- var SEED=[];
- seedlen=hlen;
- var CHASH=[];
- seedlen=hlen=32;
- if (olen<seedlen+hlen+1) return null;
- var DBMASK=[];
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- if (f.length<RSA.RFS)
- {
- var d=RSA.RFS-f.length;
- for (i=RFS-1;i>=d;i--)
- f[i]=f[i-d];
- for (i=d-1;i>=0;i--)
- f[i]=0;
-
- }
-
- if (p!==null) H.process_array(p);
- var h=H.hash();
- for (i=0;i<hlen;i++) CHASH[i]=h[i];
-
- x=f[0];
-
- for (i=seedlen;i<olen;i++)
- DBMASK[i-seedlen]=f[i+1];
-
- this.MGF1(DBMASK,seedlen,SEED);
- for (i=0;i<seedlen;i++) SEED[i]^=f[i+1];
- this.MGF1(SEED,olen-seedlen,f);
- for (i=0;i<olen-seedlen;i++) DBMASK[i]^=f[i];
-
- comp=true;
- for (i=0;i<hlen;i++)
- {
- if (CHASH[i]!=DBMASK[i]) comp=false;
- }
-
- for (i=0;i<olen-seedlen-hlen;i++)
- DBMASK[i]=DBMASK[i+hlen];
-
- for (i=0;i<hlen;i++)
- SEED[i]=CHASH[i]=0;
-
- for (k=0;;k++)
- {
- if (k>=olen-seedlen-hlen) return null;
- if (DBMASK[k]!==0) break;
- }
-
- t=DBMASK[k];
- if (!comp || x!==0 || t!=0x01)
- {
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
- return null;
- }
-
- var r=[];
-
- for (i=0;i<olen-seedlen-hlen-k-1;i++)
- r[i]=DBMASK[i+k+1];
-
- for (i=0;i<olen-seedlen;i++) DBMASK[i]=0;
-
- return r;
- },
-
- /* destroy the Private Key structure */
- PRIVATE_KEY_KILL: function(PRIV)
- {
- PRIV.p.zero();
- PRIV.q.zero();
- PRIV.dp.zero();
- PRIV.dq.zero();
- PRIV.c.zero();
- },
-
- /* RSA encryption with the public key */
- ENCRYPT: function(PUB,F,G)
- {
- var n=PUB.n.getlen();
- var f=new FF(n);
-
- FF.fromBytes(f,F);
- f.power(PUB.e,PUB.n);
- f.toBytes(G);
- },
-
- /* RSA decryption with the private key */
- DECRYPT: function(PRIV,G,F)
- {
- var n=PRIV.p.getlen();
- var g=new FF(2*n);
-
- FF.fromBytes(g,G);
- var jp=g.dmod(PRIV.p);
- var jq=g.dmod(PRIV.q);
-
- jp.skpow(PRIV.dp,PRIV.p);
- jq.skpow(PRIV.dq,PRIV.q);
-
- g.zero();
- g.dscopy(jp);
- jp.mod(PRIV.q);
- if (FF.comp(jp,jq)>0) jq.add(PRIV.q);
- jq.sub(jp);
- jq.norm();
-
- var t=FF.mul(PRIV.c,jq);
- jq=t.dmod(PRIV.q);
-
- t=FF.mul(jq,PRIV.p);
- g.add(t);
- g.norm();
-
- g.toBytes(F);
- }
-
-};
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestECDH.html
----------------------------------------------------------------------
diff --git a/js/TestECDH.html b/js/TestECDH.html
deleted file mode 100644
index 6c57021..0000000
--- a/js/TestECDH.html
+++ /dev/null
@@ -1,137 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test ECC</title>
-</head>
-<body>
-<h1>JavaScript Test ECC Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="HASH.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="ECDH.js"></script>
-
-<script>
-/* test driver and function exerciser for ECDH/ECIES/ECDSA API Functions */
- var i,j=0,res;
- var result;
- var pp="M0ng00se";
-
- var EGS=ECDH.EGS;
- var EFS=ECDH.EFS;
- var EAS=16;
-
- var S1=[];
- var W0=[];
- var W1=[];
- var Z0=[];
- var Z1=[];
- var RAW=[];
- var SALT=[];
- var P1=[];
- var P2=[];
- var V=[];
- var M=[];
- var T=new Array(12); // must specify required length
- var CS=[];
- var DS=[];
-
- var rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=i;
-
- rng.seed(100,RAW);
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt
-
- window.document.write("Alice's Passphrase= " + pp + "<br>");
-
- var PW=ECDH.stringtobytes(pp);
-/* private key S0 of size EGS bytes derived from Password and Salt */
- var S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>");
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>");
- window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- alert("ECP Public Key is invalid!");
-
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- var same=true;
- for (i=0;i<ECDH.EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- alert("*** ECPSVDP-DH Failed");
-
- var KEY=ECDH.KDF1(Z0,ECDH.EAS);
-
- window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
- window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
-
- window.document.write("Testing ECIES"+ "<br>");
-
- P1[0]=0x0; P1[1]=0x1; P1[2]=0x2;
- P2[0]=0x0; P2[1]=0x1; P2[2]=0x2; P2[3]=0x3;
-
- for (i=0;i<=16;i++) M[i]=i;
-
- var C=ECDH.ECIES_ENCRYPT(P1,P2,rng,W1,M,V,T);
-
- window.document.write("Ciphertext= "+ "<br>");
- window.document.write("V= 0x"+ECDH.bytestostring(V)+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(C)+ "<br>");
- window.document.write("T= 0x"+ECDH.bytestostring(T)+ "<br>");
-
-
- M=ECDH.ECIES_DECRYPT(P1,P2,V,C,T,S1);
- if (M.length==0)
- alert("*** ECIES Decryption Failed ");
- else window.document.write("Decryption succeeded"+ "<br>");
-
- window.document.write("Message is 0x"+ECDH.bytestostring(M)+ "<br>");
-
-
- window.document.write("Testing ECDSA"+ "<br>");
-
- if (ECDH.ECPSP_DSA(rng,S0,M,CS,DS)!=0)
- alert("***ECDSA Signature Failed");
-
- window.document.write("Signature= "+ "<br>");
- window.document.write("C= 0x"+ECDH.bytestostring(CS)+ "<br>");
- window.document.write("D= 0x"+ECDH.bytestostring(DS)+ "<br>");
-
- if (ECDH.ECPVP_DSA(W0,M,CS,DS)!=0)
- alert("***ECDSA Verification Failed");
- else window.document.write("ECDSA Signature/Verification succeeded "+ j+ "<br>");
-//}
-//window.document.write("Test Completed Successfully"+ "<br>");
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestECM.html
----------------------------------------------------------------------
diff --git a/js/TestECM.html b/js/TestECM.html
deleted file mode 100644
index 2010378..0000000
--- a/js/TestECM.html
+++ /dev/null
@@ -1,95 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test ECC</title>
-</head>
-<body>
-<h1>JavaScript Test ECC Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="HASH.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="ECDH.js"></script>
-
-<script>
-/* test driver and function exerciser for ECDH API Functions only - for use with Montgpmery curves */
- var i,j=0,res;
- var result;
- var pp="M0ng00se";
-
- var EGS=ECDH.EGS;
- var EFS=ECDH.EFS;
- var EAS=16;
-
- var S1=[];
- var W0=[];
- var W1=[];
- var Z0=[];
- var Z1=[];
- var RAW=[];
- var SALT=[];
-
- var rng=new RAND();
-
- rng.clean();
- for (i=0;i<100;i++) RAW[i]=i;
-
- rng.seed(100,RAW);
-//for (j=0;j<100;j++)
-//{
-
- for (i=0;i<8;i++) SALT[i]=(i+1); // set Salt
-
- window.document.write("Alice's Passphrase= " + pp + "<br>");
-
- var PW=ECDH.stringtobytes(pp);
-/* private key S0 of size EGS bytes derived from Password and Salt */
- var S0=ECDH.PBKDF2(PW,SALT,1000,EGS);
-
- window.document.write("Alice's private key= 0x"+ECDH.bytestostring(S0)+ "<br>");
-/* Generate Key pair S/W */
- ECDH.KEY_PAIR_GENERATE(null,S0,W0);
-
- window.document.write("Alice's public key= 0x"+ECDH.bytestostring(W0)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W0);
- if (res!=0)
- alert("Alice's public Key is invalid!");
-/* Random private key for other party */
- ECDH.KEY_PAIR_GENERATE(rng,S1,W1);
-
- window.document.write("Servers private key= 0x"+ECDH.bytestostring(S1)+ "<br>");
- window.document.write("Servers public key= 0x"+ECDH.bytestostring(W1)+ "<br>");
-
- res=ECDH.PUBLIC_KEY_VALIDATE(true,W1);
- if (res!=0)
- alert("Server's public Key is invalid!");
-
-
-/* Calculate common key using DH - IEEE 1363 method */
-
- ECDH.ECPSVDP_DH(S0,W1,Z0);
- ECDH.ECPSVDP_DH(S1,W0,Z1);
-
- var same=true;
- for (i=0;i<ECDH.EFS;i++)
- if (Z0[i]!=Z1[i]) same=false;
-
- if (!same)
- alert("*** ECPSVDP-DH Failed");
-
- var KEY=ECDH.KDF1(Z0,ECDH.EAS);
-
- window.document.write("Alice's DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
- window.document.write("Servers DH Key= 0x"+ECDH.bytestostring(KEY)+ "<br>");
-
-//}
-//window.document.write("Test Completed Successfully"+ "<br>");
-</script>
-</body>
-</html>
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/70e3a3a3/js/TestMPIN.html
----------------------------------------------------------------------
diff --git a/js/TestMPIN.html b/js/TestMPIN.html
deleted file mode 100644
index 790880d..0000000
--- a/js/TestMPIN.html
+++ /dev/null
@@ -1,310 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-<title>JavaScript Test MPIN</title>
-</head>
-<body>
-<h1>JavaScript Test MPIN Example</h1>
-<script type="text/javascript" src="DBIG.js"></script>
-<script type="text/javascript" src="BIG.js"></script>
-<script type="text/javascript" src="FP.js"></script>
-<script type="text/javascript" src="ROM.js"></script>
-<script type="text/javascript" src="HASH.js"></script>
-<script type="text/javascript" src="RAND.js"></script>
-<script type="text/javascript" src="AES.js"></script>
-<script type="text/javascript" src="GCM.js"></script>
-<script type="text/javascript" src="ECP.js"></script>
-<script type="text/javascript" src="FP2.js"></script>
-<script type="text/javascript" src="ECP2.js"></script>
-<script type="text/javascript" src="FP4.js"></script>
-<script type="text/javascript" src="FP12.js"></script>
-<script type="text/javascript" src="PAIR.js"></script>
-<script type="text/javascript" src="MPIN.js"></script>
-
-<script>
-/* test driver and function exerciser for MPIN API Functions */
-
- var i,res;
- var result;
-
- var EGS=MPIN.EGS;
- var EFS=MPIN.EFS;
- var EAS=16;
-
- var rng=new RAND();
- rng.clean();
-
- var RAW=[];
- for (i=0;i<100;i++) RAW[i]=i+1;
- rng.seed(100,RAW);
-
- var G1S=2*EFS+1; /* Group 1 Size */
- var G2S=4*EFS; /* Group 2 Size */
-
- var S=[];
- var SST=[];
- var TOKEN = [];
- var PERMIT = [];
- var SEC = [];
- var xID = [];
- var xCID = [];
- var X= [];
- var Y= [];
- var E=[];
- var F=[];
- var HCID=[];
- var HID=[];
- var HTID=[];
-
- var G1=[];
- var G2=[];
- var R=[];
- var Z=[];
- var W=[];
- var T=[];
- var CK=[];
- var SK=[];
-
-/* Set configuration */
- var PERMITS=true;
- var PINERROR=true;
- var FULL=false;
- var ONE_PASS=false;
- var TIME_FUNCTIONS=false;
- var total_time=0;
- var nIter=100
-
-/* Trusted Authority set-up */
- MPIN.RANDOM_GENERATE(rng,S);
- window.document.write("Master Secret s: 0x"+MPIN.bytestostring(S) + "<br>");
-
- /* Create Client Identity */
- var IDstr = "testUser@miracl.com";
- var CLIENT_ID = MPIN.stringtobytes(IDstr);
- HCID=MPIN.HASH_ID(CLIENT_ID); /* Either Client or TA calculates Hash(ID) - you decide! */
-
- window.document.write("Client ID= "+MPIN.bytestostring(CLIENT_ID) + "<br>");
-
-/* Client and Server are issued secrets by DTA */
- MPIN.GET_SERVER_SECRET(S,SST);
- window.document.write("Server Secret SS: 0x"+MPIN.bytestostring(SST) + "<br>");
-
- MPIN.GET_CLIENT_SECRET(S,HCID,TOKEN);
- window.document.write("Client Secret CS: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
-/* Client extracts PIN from secret to create Token */
- var pin=1234;
- window.document.write("Client extracts PIN= "+pin + "<br>");
- var rtn=MPIN.EXTRACT_PIN(CLIENT_ID,pin,TOKEN);
- if (rtn != 0)
- window.document.write("Failed to extract PIN " + "<br>");
-
- window.document.write("Client Token TK: 0x"+MPIN.bytestostring(TOKEN) + "<br>");
-
- if (FULL)
- {
- MPIN.PRECOMPUTE(TOKEN,HCID,G1,G2);
- }
-
- var date;
- if (PERMITS)
- {
- date=MPIN.today();
-/* Client gets "Time Token" permit from DTA */
- MPIN.GET_CLIENT_PERMIT(date,S,HCID,PERMIT);
- window.document.write("Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
-
-/* This encoding makes Time permit look random - Elligator squared */
- MPIN.ENCODING(rng,PERMIT);
- window.document.write("Encoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- MPIN.DECODING(PERMIT);
- window.document.write("Decoded Time Permit TP: 0x"+MPIN.bytestostring(PERMIT) + "<br>");
- }
- else date=0;
-
-
- pin=parseInt(prompt("Enter PIN= "));
-
-/* Set date=0 and PERMIT=null if time permits not in use
-
-Client First pass: Inputs CLIENT_ID, optional RNG, pin, TOKEN and PERMIT. Output xID = x.H(CLIENT_ID) and re-combined secret SEC
-If PERMITS are is use, then date!=0 and PERMIT is added to secret and xCID = x.(H(CLIENT_ID)+H_T(date|H(CLIENT_ID)))
-Random value x is supplied externally if RNG=null, otherwise generated and passed out by RNG
-
-If Time Permits OFF set xCID = null, HTID=null and use xID and HID only
-If Time permits are ON, AND pin error detection is required then all of xID, xCID, HID and HTID are required
-If Time permits are ON, AND pin error detection is NOT required, set xID=null, HID=null and use xCID and HTID only.
-
-
-*/
- var pxID=xID;
- var pxCID=xCID;
- var pHID=HID;
- var pHTID=HTID;
- var pE=E;
- var pF=F;
- var pPERMIT=PERMIT;
- var prHID;
-
- if (date!=0)
- {
- prHID=pHTID;
- if (!PINERROR)
- {
- pxID=null;
- pHID=null;
- }
- }
- else
- {
- prHID=pHID;
- pPERMIT=null;
- pxCID=null;
- pHTID=null;
- }
- if (!PINERROR)
- {
- pE=null;
- pF=null;
- }
-
- if (ONE_PASS)
- {
- window.document.write("MPIN Single Pass " + "<br>");
- timeValue = MPIN.GET_TIME();
- window.document.write("Epoch " + timeValue + "<br>");
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- var end = new Date().getTime();
- var t1 = end - start;
- total_time = total_time + t1;
- var iter_time = t1 / nIter;
- var iter_per_sec = nIter / (t1 / 1000);
- window.document.write("MPIN.CLIENT: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- rtn=MPIN.CLIENT(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT,timeValue,Y);
- }
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z);
- }
- var end = new Date().getTime();
- var t2 = end - start;
- total_time = total_time + t2;
- var iter_time = t2 / nIter;
- var iter_per_sec = nIter / (t2 / 1000);
- window.document.write("MPIN.GET_G1_MULTIPLE: time " + t2 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
- }
-
- rtn=MPIN.SERVER(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF,CLIENT_ID,timeValue);
- if (rtn != 0)
- window.document.write("FAILURE: SERVER rtn: " + rtn+ "<br>");
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
- }
- else
- {
- window.document.write("MPIN Multi Pass " + "<br>");
- rtn=MPIN.CLIENT_1(date,CLIENT_ID,rng,X,pin,TOKEN,SEC,pxID,pxCID,pPERMIT);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_1 rtn: " + rtn + "<br>");
-
- if (FULL)
- {
- HCID=MPIN.HASH_ID(CLIENT_ID);
- MPIN.GET_G1_MULTIPLE(rng,1,R,HCID,Z); /* Also Send Z=r.ID to Server, remember random r */
- }
-
- /* Server calculates H(ID) and H(T|H(ID)) (if time permits enabled), and maps them to points on the curve HID and HTID resp. */
- MPIN.SERVER_1(date,CLIENT_ID,pHID,pHTID);
-
- /* Server generates Random number Y and sends it to Client */
- MPIN.RANDOM_GENERATE(rng,Y);
-
- if (FULL)
- {
- MPIN.GET_G1_MULTIPLE(rng,0,W,prHID,T); /* Also send T=w.ID to client, remember random w */
- }
-
- /* Client Second Pass: Inputs Client secret SEC, x and y. Outputs -(x+y)*SEC */
- rtn=MPIN.CLIENT_2(X,Y,SEC);
- if (rtn != 0)
- window.document.write("FAILURE: CLIENT_2 rtn: " + rtn + "<br>");
- /* Server Second pass. Inputs hashed client id, random Y, -(x+y)*SEC, xID and xCID and Server secret SST. E and F help kangaroos to find error. */
- /* If PIN error not required, set E and F = NULL */
- rtn=MPIN.SERVER_2(date,pHID,pHTID,Y,SST,pxID,pxCID,SEC,pE,pF);
-
- if (rtn != 0)
- window.document.write("FAILURE: SERVER_1 rtn: " + rtn+ "<br>");
-
- }
-
-
- if (rtn == this.MPIN.BAD_PIN)
- {
- window.document.write("Server says - Bad Pin. I don't know you. Feck off." + "<br>");
- if (PINERROR)
- {
- var err=MPIN.KANGAROO(E,F);
- if (err!=0) window.document.write("(Client PIN is out by "+err + ")<br>");
- }
- }
- else
- {
- window.document.write("Server says - PIN is good! You really are "+IDstr + "<br>");
- if (FULL)
- {
- if (TIME_FUNCTIONS)
- {
- var start = new Date().getTime();
- for (i = 0; i < nIter; ++i) {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- }
- var end = new Date().getTime();
- var t3 = end - start;
- total_time = total_time + t3;
- var iter_time = t3 / nIter;
- var iter_per_sec = nIter / (t3 / 1000);
- window.document.write("MPIN.CLIENT_KEY: time " + t1 + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
- }
- else
- {
- MPIN.CLIENT_KEY(G1,G2,pin,R,X,T,CK);
- }
- window.document.write("Client Key = 0x"+MPIN.bytestostring(CK) + "<br>");
-
- MPIN.SERVER_KEY(Z,SST,W,pxID,pxCID,SK);
- window.document.write("Server Key = 0x"+MPIN.bytestostring(SK) + "<br>");
- }
- }
- // var iter_time = total_time / nIter;
- // var iter_per_sec = nIter / (total_time / 1000);
- // window.document.write("CLIENT: total time " + total_time + "ms iteration time " + iter_time + "ms iterations per second " + iter_per_sec + "<br>");
-
-
-</script>
-</body>
-</html>