You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by br...@apache.org on 2019/01/15 15:19:53 UTC
[48/51] [partial] incubator-milagro-crypto git commit: update code
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/arch.h
----------------------------------------------------------------------
diff --git a/version22/c/arch.h b/version22/c/arch.h
deleted file mode 100644
index 21753bd..0000000
--- a/version22/c/arch.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* Architecture definition header file */
-
-/**
- * @file arch.h
- * @author Mike Scott
- * @date 23rd February 2016
- * @brief Architecture Header File
- *
- * Specify Processor Architecture
- *
- */
-
-/* NOTE: There is only one user configurable section in this header - see below */
-
-#ifndef ARCH_H
-#define ARCH_H
-
-
-
-
-/*** START OF USER CONFIGURABLE SECTION - set architecture ***/
-
-#ifdef CMAKE
-#define CHUNK @AMCL_CHUNK@ /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#else
-#define CHUNK 32 /**< size of chunk in bits = wordlength of computer = 16, 32 or 64. Note not all curve options are supported on 16-bit processors - see rom.c */
-#endif
-
-/*** END OF USER CONFIGURABLE SECTION ***/
-
-
-
-/* Create Integer types */
-/* Support for C99? Note for GCC need to explicitly include -std=c99 in command line */
-
-#if __STDC_VERSION__ >= 199901L
-/* C99 code */
-#define C99
-#else
-/* Not C99 code */
-#endif
-
-#ifndef C99 /* You are on your own! These are for Microsoft C */
-#define sign32 __int32 /**< 32-bit signed integer */
-#define sign8 signed char /**< 8-bit signed integer */
-#define unsign32 unsigned __int32 /**< 32-bit unsigned integer */
-#define unsign64 unsigned long long /**< 64-bit unsigned integer */
-#else
-#include <stdint.h>
-#define sign8 int8_t /**< 8-bit signed integer */
-#define sign32 int32_t /**< 32-bit signed integer */
-#define unsign32 uint32_t /**< 32-bit unsigned integer */
-#define unsign64 uint64_t /**< 64-bit unsigned integer */
-#endif
-
-#define uchar unsigned char /**< Unsigned char */
-
-/* Don't mess with anything below this line unless you know what you are doing */
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-/* This next is probably OK, but may need changing for non-C99-standard environments */
-
-#if CHUNK==16
-#ifndef C99
-#define chunk __int16 /**< C type corresponding to word length */
-#define dchunk __int32 /**< Always define double length chunk type if available */
-#else
-#define chunk int16_t /**< C type corresponding to word length */
-#define dchunk int32_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 32
-#ifndef C99
-#define chunk __int32 /**< C type corresponding to word length */
-#define dchunk __int64 /**< Always define double length chunk type if available */
-#else
-#define chunk int32_t /**< C type corresponding to word length */
-#define dchunk int64_t /**< Always define double length chunk type if available */
-#endif
-#endif
-
-#if CHUNK == 64
-
-#ifndef C99
-#define chunk __int64 /**< C type corresponding to word length */
-/**< Note - no 128-bit type available */
-#else
-#define chunk int64_t /**< C type corresponding to word length */
-#ifdef __GNUC__
-#define dchunk __int128 /**< Always define double length chunk type if available - GCC supports 128 bit type ??? */
-#endif
-#endif
-#endif
-
-#ifdef dchunk
-#define COMBA /**< Use COMBA method for faster BN muls, sqrs and reductions */
-#endif
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/benchtest_ec.c
----------------------------------------------------------------------
diff --git a/version22/c/benchtest_ec.c b/version22/c/benchtest_ec.c
deleted file mode 100644
index 5929d0b..0000000
--- a/version22/c/benchtest_ec.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/* Test and benchmark elliptic curve and RSA functions
- First build amcl.a from build_ec batch file
- gcc -O3 benchtest_ec.c amcl.a -o benchtest_ec.exe
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "amcl.h"
-#include "rsa.h"
-
-#define MIN_TIME 10.0
-#define MIN_ITERS 10
-
-int main()
-{
- csprng RNG;
- BIG s,r,x,y;
- ECP P,G;
- FP12 g;
- int i,iterations;
- clock_t start;
- double elapsed;
- char pr[10];
- unsigned long ran;
- rsa_public_key pub;
- rsa_private_key priv;
- char m[RFS],d[RFS],c[RFS];
- octet M= {0,sizeof(m),m};
- octet D= {0,sizeof(d),d};
- octet C= {0,sizeof(c),c};
-
-#if CHOICE==NIST256
- printf("NIST256 Curve\n");
-#endif
-#if CHOICE==C25519
- printf("C25519 Curve\n");
-#endif
-#if CHOICE==BRAINPOOL
- printf("BRAINPOOL Curve\n");
-#endif
-#if CHOICE==ANSSI
- printf("ANSSI Curve\n");
-#endif
-#if CHOICE==MF254
- printf("MF254 Curve\n");
-#endif
-#if CHOICE==MS255
- printf("MS255 Curve\n");
-#endif
-#if CHOICE==MF256
- printf("MF256 Curve\n");
-#endif
-#if CHOICE==MS256
- printf("MS256 Curve\n");
-#endif
-#if CHOICE==HIFIVE
- printf("HIFIVE Curve\n");
-#endif
-#if CHOICE==GOLDILOCKS
- printf("GOLDILOCKS Curve\n");
-#endif
-#if CHOICE==NIST384
- printf("NIST384 Curve\n");
-#endif
-#if CHOICE==C41417
- printf("C41417 Curve\n");
-#endif
-#if CHOICE==NIST521
- printf("NIST521 Curve\n");
-#endif
-
-#if CHOICE==BN254
- printf("BN254 Curve\n");
-#endif
-#if CHOICE==BN454
- printf("BN454 Curve\n");
-#endif
-#if CHOICE==BN646
- printf("BN646 Curve\n");
-#endif
-
-#if CHOICE==BN254_CX
- printf("BN254_CX Curve\n");
-#endif
-#if CHOICE==BN254_T
- printf("BN254_T Curve\n");
-#endif
-#if CHOICE==BN254_T2
- printf("BN254_T2 Curve\n");
-#endif
-#if CHOICE==BLS455
- printf("BLS455 Curve\n");
-#endif
-#if CHOICE==BLS383
- printf("BLS383 Curve\n");
-#endif
-
-#if CURVETYPE==WEIERSTRASS
- printf("Weierstrass parameterization\n");
-#endif
-#if CURVETYPE==EDWARDS
- printf("Edwards parameterization\n");
-#endif
-#if CURVETYPE==MONTGOMERY
- printf("Montgomery parameterization\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- time((time_t *)&ran);
- pr[0]=ran;
- pr[1]=ran>>8;
- pr[2]=ran>>16;
- pr[3]=ran>>24;
- for (i=4;i<10;i++) pr[i]=i;
- RAND_seed(&RNG,10,pr);
-
- BIG_rcopy(x,CURVE_Gx);
-#if CURVETYPE!=MONTGOMERY
- BIG_rcopy(y,CURVE_Gy);
- ECP_set(&G,x,y);
-#else
- ECP_set(&G,x);
-#endif
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,&RNG);
- ECP_copy(&P,&G);
- ECP_mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- ECP_mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("EC mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- printf("Generating %d-bit RSA public/private key pair\n",FFLEN*BIGBITS);
-
- iterations=0;
- start=clock();
- do {
- RSA_KEY_PAIR(&RNG,65537,&priv,&pub,NULL,NULL);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA gen - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- //FF_randomnum(plain,pub.n,&RNG,FFLEN);
-
- M.len=RFS;
- for (i=0;i<RFS;i++) M.val[i]=i%128;
-
- iterations=0;
- start=clock();
- do {
- RSA_ENCRYPT(&pub,&M,&C);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA enc - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- RSA_DECRYPT(&priv,&C,&D);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("RSA dec - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- for (i=0;i<RFS;i++)
- {
- if (M.val[i]!=D.val[i])
- {
- printf("FAILURE - RSA decryption\n");
- return 0;
- }
- }
-
- printf("All tests pass\n");
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/benchtest_pair.c
----------------------------------------------------------------------
diff --git a/version22/c/benchtest_pair.c b/version22/c/benchtest_pair.c
deleted file mode 100644
index c9dcf38..0000000
--- a/version22/c/benchtest_pair.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/* Test and benchmark pairing functions
- First build amcl.a from build_pair batch file
- gcc -O3 benchtest_pair.c amcl.a -o benchtest_pair.exe
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "amcl.h" /* Make sure and select a pairing-friendly curve in here! */
-
-#define MIN_TIME 10.0
-#define MIN_ITERS 10
-
-int main()
-{
- csprng RNG;
- BIG q,s,r,x,y,a,b,m;
- ECP P,G;
- FP2 wx,wy,f;
- FP4 c,cp,cpm1,cpm2,cr;
- ECP2 Q,W;
- FP12 g,w;
- unsigned long ran;
-
- int i,iterations;
- clock_t start;
- double elapsed;
- char pr[10];
-
-#if CHOICE==BN254
- printf("BN254 Curve\n");
-#endif
-#if CHOICE==BN454
- printf("BN454 Curve\n");
-#endif
-#if CHOICE==BN646
- printf("BN646 Curve\n");
-#endif
-
-#if CHOICE==BN254_CX
- printf("BN254_CX Curve\n");
-#endif
-#if CHOICE==BN254_T
- printf("BN254_T Curve\n");
-#endif
-#if CHOICE==BN254_T2
- printf("BN254_T2 Curve\n");
-#endif
-#if CHOICE==BLS455
- printf("BLS455 Curve\n");
-#endif
-#if CHOICE==BLS383
- printf("BLS383 Curve\n");
-#endif
-
-#if CHUNK==16
- printf("16-bit Build\n");
-#endif
-#if CHUNK==32
- printf("32-bit Build\n");
-#endif
-#if CHUNK==64
- printf("64-bit Build\n");
-#endif
-
- time((time_t *)&ran);
- pr[0]=ran;
- pr[1]=ran>>8;
- pr[2]=ran>>16;
- pr[3]=ran>>24;
- for (i=4;i<10;i++) pr[i]=i;
-
- RAND_seed(&RNG,10,pr);
-
- BIG_rcopy(x,CURVE_Gx);
-
- BIG_rcopy(y,CURVE_Gy);
- ECP_set(&G,x,y);
-
-
- BIG_rcopy(r,CURVE_Order);
- BIG_randomnum(s,r,&RNG);
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,r);
-
- if (!ECP_isinf(&P))
- {
- printf("FAILURE - rG!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP_copy(&P,&G);
- PAIR_G1mul(&P,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G1 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
-
- BIG_rcopy(wx.a,CURVE_Pxa); FP_nres(wx.a);
- BIG_rcopy(wx.b,CURVE_Pxb); FP_nres(wx.b);
- BIG_rcopy(wy.a,CURVE_Pya); FP_nres(wy.a);
- BIG_rcopy(wy.b,CURVE_Pyb); FP_nres(wy.b);
- ECP2_set(&W,&wx,&wy);
-
- ECP2_copy(&Q,&W);
- ECP2_mul(&Q,r);
-
- if (!ECP2_isinf(&Q))
- {
- printf("FAILURE - rQ!=O\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- ECP2_copy(&Q,&W);
- PAIR_G2mul(&Q,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("G2 mul - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- FP12_copy(&g,&w);
-
- PAIR_GTpow(&g,r);
-
- if (!FP12_isunity(&g))
- {
- printf("FAILURE - g^r!=1\n");
- return 0;
- }
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_GTpow(&g,s);
-
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- BIG_rcopy(a,CURVE_Fra);
- BIG_rcopy(b,CURVE_Frb);
- FP2_from_BIGs(&f,a,b);
-
- BIG_rcopy(q,Modulus);
-
- BIG_copy(m,q);
- BIG_mod(m,r);
-
- BIG_copy(a,s);
- BIG_mod(a,m);
-
- BIG_copy(b,s);
- BIG_sdiv(b,m);
-
- FP12_copy(&g,&w);
- FP12_trace(&c,&g);
-
- FP12_frob(&g,&f);
- FP12_trace(&cp,&g);
-
- FP12_conj(&w,&w);
- FP12_mul(&g,&w);
-
- FP12_trace(&cpm1,&g);
- FP12_mul(&g,&w);
- FP12_trace(&cpm2,&g);
-
- iterations=0;
- start=clock();
- do {
- FP4_xtr_pow2(&cr,&cp,&c,&cpm1,&cpm2,a,b);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("GT pow (compressed) - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- PAIR_ate(&w,&Q,&P);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing ATE - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- iterations=0;
- start=clock();
- do {
- FP12_copy(&g,&w);
- PAIR_fexp(&g);
- iterations++;
- elapsed=(clock()-start)/(double)CLOCKS_PER_SEC;
- } while (elapsed<MIN_TIME || iterations<MIN_ITERS);
- elapsed=1000.0*elapsed/iterations;
- printf("PAIRing FEXP - %8d iterations ",iterations);
- printf(" %8.2lf ms per iteration\n",elapsed);
-
- ECP_copy(&P,&G);
- ECP2_copy(&Q,&W);
-
- PAIR_G1mul(&P,s);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- ECP_copy(&P,&G);
-
- PAIR_G2mul(&Q,s);
- PAIR_ate(&w,&Q,&P);
- PAIR_fexp(&w);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,sP) \n");
- return 0;
- }
-
- ECP2_copy(&Q,&W);
- PAIR_ate(&g,&Q,&P);
- PAIR_fexp(&g);
-
- PAIR_GTpow(&g,s);
-
- if (!FP12_equals(&g,&w))
- {
- printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n");
- return 0;
- }
-
- printf("All tests pass\n");
-
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/big.c
----------------------------------------------------------------------
diff --git a/version22/c/big.c b/version22/c/big.c
deleted file mode 100644
index 1fe6259..0000000
--- a/version22/c/big.c
+++ /dev/null
@@ -1,1525 +0,0 @@
-/*
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-*/
-
-/* AMCL basic functions for BIG type */
-/* SU=m, SU is Stack Usage */
-
-#include "amcl.h"
-
-/* Calculates x*y+c+*r */
-
-#ifdef dchunk
-
-/* Method required to calculate x*y+c+r, bottom half in r, top half returned */
-chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- dchunk prod=(dchunk)x*y+c+*r;
- *r=(chunk)prod&BMASK;
- return (chunk)(prod>>BASEBITS);
-}
-
-#else
-
-/* No integer type available that can store double the wordlength */
-/* accumulate partial products */
-
-chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- chunk x0,x1,y0,y1;
- chunk bot,top,mid,carry;
- x0=x&HMASK;
- x1=(x>>HBITS);
- y0=y&HMASK;
- y1=(y>>HBITS);
- bot=x0*y0;
- top=x1*y1;
- mid=x0*y1+x1*y0;
- x0=mid&HMASK1;
- x1=(mid>>HBITS1);
- bot+=x0<<HBITS;
- bot+=*r;
- bot+=c;
-
-#if HDIFF==1
- bot+=(top&HDIFF)<<(BASEBITS-1);
- top>>=HDIFF;
-#endif
-
- top+=x1;
- carry=bot>>BASEBITS;
- bot&=BMASK;
- top+=carry;
-
- *r=bot;
- return top;
-}
-
-#endif
-
-/*
-
-// Alternative non Standard Solution required if no type available that can store double the wordlength
-// The use of compiler intrinsics is permitted
-
-
-#if CHUNK==64
-#ifdef _WIN64
-#include <intrin.h>
-
-static INLINE chunk muladd(chunk x,chunk y,chunk c,chunk *r)
-{
- chunk t,e;
- uchunk b;
- b=_mul128(x,y,&t);
- e=c+*r;
- b+=e;
-// make correction for possible carry to top half
- if (e<0)
- t-=(b>e);
- else
- t+=(b<e);
-
- *r=b&MASK;
- return (chunk)((t<<(CHUNK-BASEBITS)) | (b>>BASEBITS));
-}
-
-#endif
-#endif
-
-*/
-
-/* test a=0? */
-int BIG_iszilch(BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* test a=0? */
-int BIG_diszilch(DBIG a)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- if (a[i]!=0) return 0;
- return 1;
-}
-
-/* SU= 56 */
-/* output a */
-void BIG_output(BIG a)
-{
- BIG b;
- int i,len;
- len=BIG_nbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
- if (len<MODBYTES*2) len=MODBYTES*2;
-
- for (i=len-1; i>=0; i--)
- {
- BIG_copy(b,a);
- BIG_shr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* SU= 16 */
-void BIG_rawoutput(BIG a)
-{
- int i;
- printf("(");
- for (i=0; i<NLEN-1; i++)
-#if CHUNK==64
- printf("%"PRIxMAX",",(uint64_t) a[i]);
- printf("%"PRIxMAX")",(uint64_t) a[NLEN-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[NLEN-1]);
-#endif
-}
-/*
-void BIG_rawdoutput(DBIG a)
-{
- int i;
- printf("(");
- for (i=0;i<DNLEN-1;i++)
-#if CHUNK==64
- printf("%llx,",(long long unsigned int) a[i]);
- printf("%llx)",(long long unsigned int) a[DNLEN-1]);
-#else
- printf("%x,",(unsigned int) a[i]);
- printf("%x)",(unsigned int) a[NLEN-1]);
-#endif
-}
-*/
-/* Swap a and b if d=1 */
-void BIG_cswap(BIG a,BIG b,int d)
-{
- int i;
- chunk t,c=d;
- c=~(c-1);
-#ifdef DEBUG_NORM
- for (i=0; i<=NLEN; i++)
-#else
- for (i=0; i<NLEN; i++)
-#endif
- {
- t=c&(a[i]^b[i]);
- a[i]^=t;
- b[i]^=t;
- }
-}
-
-/* Move b to a if d=1 */
-void BIG_cmove(BIG f,BIG g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<=NLEN; i++)
-#else
- for (i=0; i<NLEN; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* Move g to f if d=1 */
-void BIG_dcmove(DBIG f,DBIG g,int d)
-{
- int i;
- chunk b=(chunk)-d;
-#ifdef DEBUG_NORM
- for (i=0; i<=DNLEN; i++)
-#else
- for (i=0; i<DNLEN; i++)
-#endif
- {
- f[i]^=(f[i]^g[i])&b;
- }
-}
-
-/* convert BIG to/from bytes */
-/* SU= 64 */
-void BIG_toBytes(char *b,BIG a)
-{
- int i;
- BIG c;
- BIG_norm(a);
- BIG_copy(c,a);
- for (i=MODBYTES-1; i>=0; i--)
- {
- b[i]=c[0]&0xff;
- BIG_fshr(c,8);
- }
-}
-
-/* SU= 16 */
-void BIG_fromBytes(BIG a,char *b)
-{
- int i;
- BIG_zero(a);
- for (i=0; i<MODBYTES; i++)
- {
- BIG_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- //BIG_inc(a,(int)(unsigned char)b[i]); BIG_norm(a);
- }
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-void BIG_fromBytesLen(BIG a,char *b,int s)
-{
- int i,len=s;
- BIG_zero(a);
-
- if (s>MODBYTES) s=MODBYTES;
- for (i=0; i<len; i++)
- {
- BIG_fshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-
-
-/* SU= 88 */
-void BIG_doutput(DBIG a)
-{
- DBIG b;
- int i,len;
- BIG_dnorm(a);
- len=BIG_dnbits(a);
- if (len%4==0) len/=4;
- else
- {
- len/=4;
- len++;
- }
-
- for (i=len-1; i>=0; i--)
- {
- BIG_dcopy(b,a);
- BIG_dshr(b,i*4);
- printf("%01x",(unsigned int) b[0]&15);
- }
-}
-
-/* Copy b=a */
-void BIG_copy(BIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=a[NLEN];
-#endif
-}
-
-/* Copy from ROM b=a */
-void BIG_rcopy(BIG b,const BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=0;
-#endif
-}
-
-/* double length DBIG copy b=a */
-void BIG_dcopy(DBIG b,DBIG a)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[DNLEN]=a[DNLEN];
-#endif
-}
-
-/* Copy BIG to bottom half of DBIG */
-void BIG_dscopy(DBIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN-1; i++)
- b[i]=a[i];
-
- b[NLEN-1]=a[NLEN-1]&BMASK; /* top word normalized */
- b[NLEN]=a[NLEN-1]>>BASEBITS;
-
- for (i=NLEN+1; i<DNLEN; i++) b[i]=0;
-#ifdef DEBUG_NORM
- b[DNLEN]=a[NLEN];
-#endif
-}
-
-/* Copy BIG to top half of DBIG */
-void BIG_dsucopy(DBIG b,BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=0;
- for (i=NLEN; i<DNLEN; i++)
- b[i]=a[i-NLEN];
-#ifdef DEBUG_NORM
- b[DNLEN]=a[NLEN];
-#endif
-}
-
-/* Copy bottom half of DBIG to BIG */
-void BIG_sdcopy(BIG b,DBIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i];
-#ifdef DEBUG_NORM
- b[NLEN]=a[DNLEN];
-#endif
-}
-
-/* Copy top half of DBIG to BIG */
-void BIG_sducopy(BIG b,DBIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- b[i]=a[i+NLEN];
-#ifdef DEBUG_NORM
- b[NLEN]=a[DNLEN];
-#endif
-}
-
-/* Set a=0 */
-void BIG_zero(BIG a)
-{
- int i;
- for (i=0; i<NLEN; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-void BIG_dzero(DBIG a)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[DNLEN]=0;
-#endif
-}
-
-/* set a=1 */
-void BIG_one(BIG a)
-{
- int i;
- a[0]=1;
- for (i=1; i<NLEN; i++)
- a[i]=0;
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
-
-
-
-/* Set c=a+b */
-/* SU= 8 */
-void BIG_add(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0; i<NLEN; i++)
- c[i]=a[i]+b[i];
-#ifdef DEBUG_NORM
- c[NLEN]=a[NLEN]+b[NLEN]+1;
- if (c[NLEN]>=NEXCESS) printf("add problem - digit overflow %d\n",c[NLEN]);
-#endif
-}
-
-/* Set c=c+d */
-void BIG_inc(BIG c,int d)
-{
- BIG_norm(c);
- c[0]+=(chunk)d;
-#ifdef DEBUG_NORM
- c[NLEN]=1;
-#endif
-}
-
-/* Set c=a-b */
-/* SU= 8 */
-void BIG_sub(BIG c,BIG a,BIG b)
-{
- int i;
- for (i=0; i<NLEN; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[NLEN]=a[NLEN]+b[NLEN]+1;
- if (c[NLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[NLEN]);
-#endif
-}
-
-/* SU= 8 */
-
-void BIG_dsub(DBIG c,DBIG a,DBIG b)
-{
- int i;
- for (i=0; i<DNLEN; i++)
- c[i]=a[i]-b[i];
-#ifdef DEBUG_NORM
- c[DNLEN]=a[DNLEN]+b[DNLEN]+1;
- if (c[DNLEN]>=NEXCESS) printf("sub problem - digit overflow %d\n",c[DNLEN]);
-#endif
-}
-
-
-/* Set c=c-1 */
-void BIG_dec(BIG c,int d)
-{
- BIG_norm(c);
- c[0]-=(chunk)d;
-#ifdef DEBUG_NORM
- c[NLEN]=1;
-#endif
-}
-
-/* multiplication r=a*c by c<=NEXCESS */
-void BIG_imul(BIG r,BIG a,int c)
-{
- int i;
- for (i=0; i<NLEN; i++) r[i]=a[i]*c;
-#ifdef DEBUG_NORM
- r[NLEN]=(a[NLEN]+1)*c-1;
- if (r[NLEN]>=NEXCESS) printf("int mul problem - digit overflow %d\n",r[NLEN]);
-#endif
-}
-
-/* multiplication r=a*c by larger integer - c<=FEXCESS */
-/* SU= 24 */
-chunk BIG_pmul(BIG r,BIG a,int c)
-{
- int i;
- chunk ak,carry=0;
- BIG_norm(a);
- for (i=0; i<NLEN; i++)
- {
- ak=a[i];
- r[i]=0;
- carry=muladd(ak,(chunk)c,carry,&r[i]);
- }
-#ifdef DEBUG_NORM
- r[NLEN]=0;
-#endif
- return carry;
-}
-
-/* r/=3 */
-/* SU= 16 */
-int BIG_div3(BIG r)
-{
- int i;
- chunk ak,base,carry=0;
- BIG_norm(r);
- base=((chunk)1<<BASEBITS);
- for (i=NLEN-1; i>=0; i--)
- {
- ak=(carry*base+r[i]);
- r[i]=ak/3;
- carry=ak%3;
- }
- return (int)carry;
-}
-
-/* multiplication c=a*b by even larger integer b>FEXCESS, resulting in DBIG */
-/* SU= 24 */
-void BIG_pxmul(DBIG c,BIG a,int b)
-{
- int j;
- chunk carry;
- BIG_dzero(c);
- carry=0;
- for (j=0; j<NLEN; j++)
- carry=muladd(a[j],(chunk)b,carry,&c[j]);
- c[NLEN]=carry;
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-}
-
-/* .. if you know the result will fit in a BIG, c must be distinct from a and b */
-/* SU= 40 */
-void BIG_smul(BIG c,BIG a,BIG b)
-{
- int i,j;
- chunk carry;
- BIG_norm(a);
- BIG_norm(b);
-
- BIG_zero(c);
- for (i=0; i<NLEN; i++)
- {
- carry=0;
- for (j=0; j<NLEN; j++)
- {
- if (i+j<NLEN)
- carry=muladd(a[i],b[j],carry,&c[i+j]);
- }
- }
-#ifdef DEBUG_NORM
- c[NLEN]=0;
-#endif
-}
-
-/* Set c=a*b */
-/* SU= 72 */
-void BIG_mul(DBIG c,BIG a,BIG b)
-{
- int i;
-#ifdef dchunk
- dchunk t,co;
- dchunk s;
- dchunk d[NLEN];
- int k;
-#endif
-
- /* change here - a and b MUST be normed on input */
-
-// BIG_norm(a); /* needed here to prevent overflow from addition of partial products */
-// BIG_norm(b);
-
- /* Faster to Combafy it.. Let the compiler unroll the loops! */
-
-#ifdef COMBA
-
- /* faster psuedo-Karatsuba method */
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
- for (i=0; i<NLEN; i++)
- d[i]=(dchunk)a[i]*b[i];
-
- s=d[0];
- t=s;
- c[0]=(chunk)t&BMASK;
- co=t>>BASEBITS;
-
- for (k=1; k<NLEN; k++)
- {
- s+=d[k];
- t=co+s;
- for (i=k; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
- for (k=NLEN; k<2*NLEN-1; k++)
- {
- s-=d[k-NLEN];
- t=co+s;
- for (i=NLEN-1; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]);
- c[k]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
- c[2*NLEN-1]=(chunk)co;
-
-#endif
-
-#else
- int j;
- chunk carry;
- BIG_dzero(c);
- for (i=0; i<NLEN; i++)
- {
- carry=0;
- for (j=0; j<NLEN; j++)
- carry=muladd(a[i],b[j],carry,&c[i+j]);
-
- c[NLEN+i]=carry;
- }
-
-#endif
-
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-}
-
-/* Set c=a*a */
-/* SU= 80 */
-void BIG_sqr(DBIG c,BIG a)
-{
- int i,j,last;
-#ifdef dchunk
- dchunk t,co;
-#endif
-
- /* change here - a MUST be normed on input */
-// BIG_norm(a);
-
- /* Note 2*a[i] in loop below and extra addition */
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
- t=(dchunk)a[0]*a[0];
- c[0]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- t=(dchunk)a[1]*a[0];
- t+=t;
- t+=co;
- c[1]=(chunk)t&BMASK;
- co=t>>BASEBITS;
-
- last=NLEN-NLEN%2;
- for (j=2; j<last; j+=2)
- {
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- t=(dchunk)a[j+1]*a[0];
- for (i=1; i<(j+2)/2; i++) t+=(dchunk)a[j+1-i]*a[i];
- t+=t;
- t+=co;
- c[j+1]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
- j=last;
-#if NLEN%2==1
- t=(dchunk)a[j]*a[0];
- for (i=1; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- j++;
- t=(dchunk)a[NLEN-1]*a[j-NLEN+1];
- for (i=j-NLEN+2; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- j++;
-#endif
- for (; j<DNLEN-2; j+=2)
- {
- t=(dchunk)a[NLEN-1]*a[j-NLEN+1];
- for (i=j-NLEN+2; i<(j+1)/2; i++) t+=(dchunk)a[j-i]*a[i];
- t+=t;
- t+=co;
- t+=(dchunk)a[j/2]*a[j/2];
- c[j]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- t=(dchunk)a[NLEN-1]*a[j-NLEN+2];
- for (i=j-NLEN+3; i<(j+2)/2; i++) t+=(dchunk)a[j+1-i]*a[i];
- t+=t;
- t+=co;
- c[j+1]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- }
-
- t=(dchunk)a[NLEN-1]*a[NLEN-1]+co;
- c[DNLEN-2]=(chunk)t&BMASK;
- co=t>>BASEBITS;
- c[DNLEN-1]=(chunk)co;
-#endif
-
-#else
- chunk carry;
- BIG_dzero(c);
- for (i=0; i<NLEN; i++)
- {
- carry=0;
- for (j=i+1; j<NLEN; j++)
- carry=muladd(a[i],a[j],carry,&c[i+j]);
- c[NLEN+i]=carry;
- }
-
- for (i=0; i<DNLEN; i++) c[i]*=2;
-
- for (i=0; i<NLEN; i++)
- c[2*i+1]+=muladd(a[i],a[i],0,&c[2*i]);
-
- BIG_dnorm(c);
-#endif
-
-
-#ifdef DEBUG_NORM
- c[DNLEN]=0;
-#endif
-
-}
-
-/* Montgomery reduction */
-void BIG_monty(BIG a,BIG md,chunk MC,DBIG d)
-{
- int i,k;
-
-#ifdef dchunk
- dchunk t,c,s;
- dchunk dd[NLEN];
- chunk v[NLEN];
-#endif
-
-#ifdef COMBA
-
-#ifdef UNWOUND
-
- /* Insert output of faster.c here */
-
-#else
-
- t=d[0];
- v[0]=((chunk)t*MC)&BMASK;
- t+=(dchunk)v[0]*md[0];
- c=(t>>BASEBITS)+d[1];
- s=0;
-
- for (k=1; k<NLEN; k++)
- {
- t=c+s+(dchunk)v[0]*md[k];
- for (i=k-1; i>k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- v[k]=((chunk)t*MC)&BMASK;
- t+=(dchunk)v[k]*md[0];
- c=(t>>BASEBITS)+d[k+1];
- dd[k]=(dchunk)v[k]*md[k];
- s+=dd[k];
- }
- for (k=NLEN; k<2*NLEN-1; k++)
- {
- t=c+s;
- for (i=NLEN-1; i>=1+k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]);
- a[k-NLEN]=(chunk)t&BMASK;
- c=(t>>BASEBITS)+d[k+1];
- s-=dd[k-NLEN+1];
- }
- a[NLEN-1]=(chunk)c&BMASK;
-
-#endif
-
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-
-#else
- int j;
- chunk m,carry;
- for (i=0; i<NLEN; i++)
- {
- if (MC==-1) m=(-d[i])&BMASK;
- else
- {
- if (MC==1) m=d[i];
- else m=(MC*d[i])&BMASK;
- }
- carry=0;
- for (j=0; j<NLEN; j++)
- carry=muladd(m,md[j],carry,&d[i+j]);
- d[NLEN+i]+=carry;
- }
- BIG_sducopy(a,d);
- BIG_norm(a);
-
-#endif
-}
-
-/* General shift left of a by n bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_shl(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
-
-// a[NLEN-1]=((a[NLEN-1-m]<<n))|(a[NLEN-m-2]>>(BASEBITS-n));
-
- a[NLEN-1]=((a[NLEN-1-m]<<n));
- if (NLEN>=m+2) a[NLEN-1]|=(a[NLEN-m-2]>>(BASEBITS-n));
-
- for (i=NLEN-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK)|(a[i-m-1]>>(BASEBITS-n));
- a[m]=(a[0]<<n)&BMASK;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* Fast shift left of a by n bits, where n less than a word, Return excess (but store it as well) */
-/* a MUST be normalised */
-/* SU= 16 */
-int BIG_fshl(BIG a,int n)
-{
- int i;
-
- a[NLEN-1]=((a[NLEN-1]<<n))|(a[NLEN-2]>>(BASEBITS-n)); /* top word not masked */
- for (i=NLEN-2; i>0; i--)
- a[i]=((a[i]<<n)&BMASK)|(a[i-1]>>(BASEBITS-n));
- a[0]=(a[0]<<n)&BMASK;
-
- return (int)(a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* return excess - only used in ff.c */
-}
-
-/* double length left shift of a by k bits - k can be > BASEBITS , a MUST be normalised */
-/* SU= 32 */
-void BIG_dshl(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
-
- a[DNLEN-1]=((a[DNLEN-1-m]<<n))|(a[DNLEN-m-2]>>(BASEBITS-n));
-
- for (i=DNLEN-2; i>m; i--)
- a[i]=((a[i-m]<<n)&BMASK)|(a[i-m-1]>>(BASEBITS-n));
- a[m]=(a[0]<<n)&BMASK;
- for (i=0; i<m; i++) a[i]=0;
-
-}
-
-/* General shift rightof a by k bits */
-/* a MUST be normalised */
-/* SU= 32 */
-void BIG_shr(BIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
- for (i=0; i<NLEN-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&BMASK);
- if (NLEN>m) a[NLEN-m-1]=a[NLEN-1]>>n;
- for (i=NLEN-m; i<NLEN; i++) a[i]=0;
-
-}
-
-/* Faster shift right of a by k bits. Return shifted out part */
-/* a MUST be normalised */
-/* SU= 16 */
-int BIG_fshr(BIG a,int k)
-{
- int i;
- chunk r=a[0]&(((chunk)1<<k)-1); /* shifted out part */
- for (i=0; i<NLEN-1; i++)
- a[i]=(a[i]>>k)|((a[i+1]<<(BASEBITS-k))&BMASK);
- a[NLEN-1]=a[NLEN-1]>>k;
- return (int)r;
-}
-
-/* double length right shift of a by k bits - can be > BASEBITS */
-/* SU= 32 */
-void BIG_dshr(DBIG a,int k)
-{
- int i;
- int n=k%BASEBITS;
- int m=k/BASEBITS;
- for (i=0; i<DNLEN-m-1; i++)
- a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS-n))&BMASK);
- a[DNLEN-m-1]=a[DNLEN-1]>>n;
- for (i=DNLEN-m; i<DNLEN; i++ ) a[i]=0;
-}
-
-/* Split DBIG d into two BIGs t|b. Split happens at n bits, where n falls into NLEN word */
-/* d MUST be normalised */
-/* SU= 24 */
-chunk BIG_split(BIG t,BIG b,DBIG d,int n)
-{
- int i;
- chunk nw,carry=0;
- int m=n%BASEBITS;
-// BIG_dnorm(d);
-
- if (m==0)
- {
- for (i=0; i<NLEN; i++) b[i]=d[i];
- if (t!=b)
- {
- for (i=NLEN; i<2*NLEN; i++) t[i-NLEN]=d[i];
- carry=t[NLEN-1]>>BASEBITS;
- t[NLEN-1]=t[NLEN-1]&BMASK; /* top word normalized */
- }
- return carry;
- }
-
- for (i=0; i<NLEN-1; i++) b[i]=d[i];
-
- b[NLEN-1]=d[NLEN-1]&(((chunk)1<<m)-1);
-
- if (t!=b)
- {
- carry=(d[DNLEN-1]<<(BASEBITS-m));
- for (i=DNLEN-2; i>=NLEN-1; i--)
- {
- nw=(d[i]>>m)|carry;
- carry=(d[i]<<(BASEBITS-m))&BMASK;
- t[i-NLEN+1]=nw;
- }
- }
-#ifdef DEBUG_NORM
- t[NLEN]=0;
- b[NLEN]=0;
-#endif
- return carry;
-}
-
-/* you gotta keep the sign of carry! Look - no branching! */
-/* Note that sign bit is needed to disambiguate between +ve and -ve values */
-/* normalise BIG - force all digits < 2^BASEBITS */
-chunk BIG_norm(BIG a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<NLEN-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK;
- carry=d>>BASEBITS;
- }
- a[NLEN-1]=(a[NLEN-1]+carry);
-
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
- return (a[NLEN-1]>>((8*MODBYTES)%BASEBITS)); /* only used in ff.c */
-}
-
-void BIG_dnorm(DBIG a)
-{
- int i;
- chunk d,carry=0;
- for (i=0; i<DNLEN-1; i++)
- {
- d=a[i]+carry;
- a[i]=d&BMASK;
- carry=d>>BASEBITS;
- }
- a[DNLEN-1]=(a[DNLEN-1]+carry);
-#ifdef DEBUG_NORM
- a[DNLEN]=0;
-#endif
-}
-
-/* Compare a and b. Return 1 for a>b, -1 for a<b, 0 for a==b */
-/* a and b MUST be normalised before call */
-int BIG_comp(BIG a,BIG b)
-{
- int i;
- for (i=NLEN-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-int BIG_dcomp(DBIG a,DBIG b)
-{
- int i;
- for (i=DNLEN-1; i>=0; i--)
- {
- if (a[i]==b[i]) continue;
- if (a[i]>b[i]) return 1;
- else return -1;
- }
- return 0;
-}
-
-/* return number of bits in a */
-/* SU= 8 */
-int BIG_nbits(BIG a)
-{
- int bts,k=NLEN-1;
- chunk c;
- BIG_norm(a);
- while (k>=0 && a[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS*k;
- c=a[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-/* SU= 8, Calculate number of bits in a DBIG - output normalised */
-int BIG_dnbits(DBIG a)
-{
- int bts,k=DNLEN-1;
- chunk c;
- BIG_dnorm(a);
- while (k>=0 && a[k]==0) k--;
- if (k<0) return 0;
- bts=BASEBITS*k;
- c=a[k];
- while (c!=0)
- {
- c/=2;
- bts++;
- }
- return bts;
-}
-
-
-/* Set b=b mod c */
-/* SU= 16 */
-void BIG_mod(BIG b,BIG c)
-{
- int k=0;
- BIG r; /**/
-
- BIG_norm(b);
- if (BIG_comp(b,c)<0)
- return;
- do
- {
- BIG_fshl(c,1);
- k++;
- }
- while (BIG_comp(b,c)>=0);
-
- while (k>0)
- {
- BIG_fshr(c,1);
-
-// constant time...
- BIG_sub(r,b,c);
- BIG_norm(r);
- BIG_cmove(b,r,1-((r[NLEN-1]>>(CHUNK-1))&1));
- /*
- if (BIG_comp(b,c)>=0)
- {
- BIG_sub(b,b,c);
- BIG_norm(b);
- }
- */
- k--;
- }
-}
-
-/* Set a=b mod c, b is destroyed. Slow but rarely used. */
-/* SU= 96 */
-void BIG_dmod(BIG a,DBIG b,BIG c)
-{
- int k=0;
- DBIG m,r;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- if (BIG_dcomp(b,m)<0)
- {
- BIG_sdcopy(a,b);
- return;
- }
-
- do
- {
- BIG_dshl(m,1);
- k++;
- }
- while (BIG_dcomp(b,m)>=0);
-
- while (k>0)
- {
- BIG_dshr(m,1);
-// constant time...
- BIG_dsub(r,b,m);
- BIG_dnorm(r);
- BIG_dcmove(b,r,1-((r[DNLEN-1]>>(CHUNK-1))&1));
- /*
- if (BIG_dcomp(b,m)>=0)
- {
- BIG_dsub(b,b,m);
- BIG_dnorm(b);
- }
- */
- k--;
- }
- BIG_sdcopy(a,b);
-}
-
-/* Set a=b/c, b is destroyed. Slow but rarely used. */
-/* SU= 136 */
-
-void BIG_ddiv(BIG a,DBIG b,BIG c)
-{
- int d,k=0;
- DBIG m,dr;
- BIG e,r;
- BIG_dnorm(b);
- BIG_dscopy(m,c);
-
- BIG_zero(a);
- BIG_zero(e);
- BIG_inc(e,1);
-
- while (BIG_dcomp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_dshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_dshr(m,1);
- BIG_fshr(e,1);
-
- BIG_dsub(dr,b,m);
- BIG_dnorm(dr);
- d=1-((dr[DNLEN-1]>>(CHUNK-1))&1);
- BIG_dcmove(b,dr,d);
-
- BIG_add(r,a,e);
- BIG_norm(r);
- BIG_cmove(a,r,d);
- /*
- if (BIG_dcomp(b,m)>=0)
- {
- BIG_add(a,a,e);
- BIG_norm(a);
- BIG_dsub(b,b,m);
- BIG_dnorm(b);
- } */
- k--;
- }
-}
-
-/* SU= 136 */
-
-void BIG_sdiv(BIG a,BIG c)
-{
- int d,k=0;
- BIG m,e,b,r;
- BIG_norm(a);
- BIG_copy(b,a);
- BIG_copy(m,c);
-
- BIG_zero(a);
- BIG_zero(e);
- BIG_inc(e,1);
-
- while (BIG_comp(b,m)>=0)
- {
- BIG_fshl(e,1);
- BIG_fshl(m,1);
- k++;
- }
-
- while (k>0)
- {
- BIG_fshr(m,1);
- BIG_fshr(e,1);
-
- BIG_sub(r,b,m);
- BIG_norm(r);
- d=1-((r[NLEN-1]>>(CHUNK-1))&1);
- BIG_cmove(b,r,d);
-
- BIG_add(r,a,e);
- BIG_norm(r);
- BIG_cmove(a,r,d);
- /*
- if (BIG_comp(b,m)>=0)
- {
- BIG_sub(b,b,m);
- BIG_norm(b);
- BIG_add(a,a,e);
- BIG_norm(a);
- } */
- k--;
- }
-}
-
-/* return LSB of a */
-int BIG_parity(BIG a)
-{
- return a[0]%2;
-}
-
-/* return n-th bit of a */
-/* SU= 16 */
-int BIG_bit(BIG a,int n)
-{
- if (a[n/BASEBITS]&((chunk)1<<(n%BASEBITS))) return 1;
- else return 0;
-}
-
-/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed.
-nbs is number of bits processed, and nzs is number of trailing 0s detected */
-/* SU= 32 */
-/*
-int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs)
-{
- int j,r,nb;
-
- nb=BIG_bit(x3,i)-BIG_bit(x,i);
- *nbs=1;
- *nzs=0;
- if (nb==0) return 0;
- if (i==0) return nb;
-
- if (nb>0) r=1;
- else r=(-1);
-
- for (j=i-1;j>0;j--)
- {
- (*nbs)++;
- r*=2;
- nb=BIG_bit(x3,j)-BIG_bit(x,j);
- if (nb>0) r+=1;
- if (nb<0) r-=1;
- if (abs(r)>5) break;
- }
-
- if (r%2!=0 && j!=0)
- { // backtrack
- if (nb>0) r=(r-1)/2;
- if (nb<0) r=(r+1)/2;
- (*nbs)--;
- }
-
- while (r%2==0)
- { // remove trailing zeros
- r/=2;
- (*nzs)++;
- (*nbs)--;
- }
- return r;
-}
-*/
-
-/* return last n bits of a, where n is small < BASEBITS */
-/* SU= 16 */
-int BIG_lastbits(BIG a,int n)
-{
- int msk=(1<<n)-1;
- BIG_norm(a);
- return ((int)a[0])&msk;
-}
-
-/* get 8*MODBYTES size random number */
-void BIG_random(BIG m,csprng *rng)
-{
- int i,b,j=0,r=0;
- int len=8*MODBYTES;
-
- BIG_zero(m);
- /* generate random BIG */
- for (i=0; i<len; i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_shl(m,1);
- m[0]+=b;
- j++;
- j&=7;
- }
-
-#ifdef DEBUG_NORM
- m[NLEN]=0;
-#endif
-}
-
-/* get random BIG from rng, modulo q. Done one bit at a time, so its portable */
-
-void BIG_randomnum(BIG m,BIG q,csprng *rng)
-{
- int i,b,j=0,r=0;
- DBIG d;
- BIG_dzero(d);
- /* generate random DBIG */
- for (i=0; i<2*MODBITS; i++)
- {
- if (j==0) r=RAND_byte(rng);
- else r>>=1;
- b=r&1;
- BIG_dshl(d,1);
- d[0]+=b;
- j++;
- j&=7;
- }
- /* reduce modulo a BIG. Removes bias */
- BIG_dmod(m,d,q);
-#ifdef DEBUG_NORM
- m[NLEN]=0;
-#endif
-}
-
-/* Set r=a*b mod m */
-/* SU= 96 */
-void BIG_modmul(BIG r,BIG a,BIG b,BIG m)
-{
- DBIG d;
- BIG_mod(a,m);
- BIG_mod(b,m);
-//BIG_norm(a); BIG_norm(b);
- BIG_mul(d,a,b);
- BIG_dmod(r,d,m);
-}
-
-/* Set a=a*a mod m */
-/* SU= 88 */
-void BIG_modsqr(BIG r,BIG a,BIG m)
-{
- DBIG d;
- BIG_mod(a,m);
-//BIG_norm(a);
- BIG_sqr(d,a);
- BIG_dmod(r,d,m);
-}
-
-/* Set r=-a mod m */
-/* SU= 16 */
-void BIG_modneg(BIG r,BIG a,BIG m)
-{
- BIG_mod(a,m);
- BIG_sub(r,m,a);
- BIG_mod(r,m);
-}
-
-/* Set a=a/b mod m */
-/* SU= 136 */
-void BIG_moddiv(BIG r,BIG a,BIG b,BIG m)
-{
- DBIG d;
- BIG z;
- BIG_mod(a,m);
- BIG_invmodp(z,b,m);
-//BIG_norm(a); BIG_norm(z);
- BIG_mul(d,a,z);
- BIG_dmod(r,d,m);
-}
-
-/* Get jacobi Symbol (a/p). Returns 0, 1 or -1 */
-/* SU= 216 */
-int BIG_jacobi(BIG a,BIG p)
-{
- int n8,k,m=0;
- BIG t,x,n,zilch,one;
- BIG_one(one);
- BIG_zero(zilch);
- if (BIG_parity(p)==0 || BIG_comp(a,zilch)==0 || BIG_comp(p,one)<=0) return 0;
- BIG_norm(a);
- BIG_copy(x,a);
- BIG_copy(n,p);
- BIG_mod(x,p);
-
- while (BIG_comp(n,one)>0)
- {
- if (BIG_comp(x,zilch)==0) return 0;
- n8=BIG_lastbits(n,3);
- k=0;
- while (BIG_parity(x)==0)
- {
- k++;
- BIG_shr(x,1);
- }
- if (k%2==1) m+=(n8*n8-1)/8;
- m+=(n8-1)*(BIG_lastbits(x,2)-1)/4;
- BIG_copy(t,n);
-
- BIG_mod(t,x);
- BIG_copy(n,x);
- BIG_copy(x,t);
- m%=2;
-
- }
- if (m==0) return 1;
- else return -1;
-}
-
-/* Set r=1/a mod p. Binary method */
-/* SU= 240 */
-void BIG_invmodp(BIG r,BIG a,BIG p)
-{
- BIG u,v,x1,x2,t,one;
- BIG_mod(a,p);
- BIG_copy(u,a);
- BIG_copy(v,p);
- BIG_one(one);
- BIG_copy(x1,one);
- BIG_zero(x2);
-
- while (BIG_comp(u,one)!=0 && BIG_comp(v,one)!=0)
- {
- while (BIG_parity(u)==0)
- {
- BIG_shr(u,1);
- if (BIG_parity(x1)!=0)
- {
- BIG_add(x1,p,x1);
- BIG_norm(x1);
- }
- BIG_shr(x1,1);
- }
- while (BIG_parity(v)==0)
- {
- BIG_shr(v,1);
- if (BIG_parity(x2)!=0)
- {
- BIG_add(x2,p,x2);
- BIG_norm(x2);
- }
- BIG_shr(x2,1);
- }
- if (BIG_comp(u,v)>=0)
- {
- BIG_sub(u,u,v);
- BIG_norm(u);
- if (BIG_comp(x1,x2)>=0) BIG_sub(x1,x1,x2);
- else
- {
- BIG_sub(t,p,x2);
- BIG_add(x1,x1,t);
- }
- BIG_norm(x1);
- }
- else
- {
- BIG_sub(v,v,u);
- BIG_norm(v);
- if (BIG_comp(x2,x1)>=0) BIG_sub(x2,x2,x1);
- else
- {
- BIG_sub(t,p,x1);
- BIG_add(x2,x2,t);
- }
- BIG_norm(x2);
- }
- }
- if (BIG_comp(u,one)==0)
- BIG_copy(r,x1);
- else
- BIG_copy(r,x2);
-}
-
-/* set x = x mod 2^m */
-void BIG_mod2m(BIG x,int m)
-{
- int i,wd,bt;
- chunk msk;
-// if (m>=MODBITS) return;
- wd=m/BASEBITS;
- bt=m%BASEBITS;
- msk=((chunk)1<<bt)-1;
- x[wd]&=msk;
- for (i=wd+1; i<NLEN; i++) x[i]=0;
-}
-
-// new
-/* Convert to DBIG number from byte array of given length */
-void BIG_dfromBytesLen(DBIG a,char *b,int s)
-{
- int i,len=s;
- BIG_dzero(a);
-
- for (i=0; i<len; i++)
- {
- BIG_dshl(a,8);
- a[0]+=(int)(unsigned char)b[i];
- }
-#ifdef DEBUG_NORM
- a[NLEN]=0;
-#endif
-}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_ec
----------------------------------------------------------------------
diff --git a/version22/c/build_ec b/version22/c/build_ec
deleted file mode 100644
index b5dc735..0000000
--- a/version22/c/build_ec
+++ /dev/null
@@ -1,22 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 ff.c
-
-rm amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-gcc -std=c99 -O3 testecdh.c ecdh.c randapi.c amcl.a -o testecdh
-gcc -std=c99 -O3 testrsa.c rsa.c randapi.c amcl.a -o testrsa
-gcc -std=c99 -O3 benchtest_ec.c rsa.c amcl.a -o benchtest_ec
-
-rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_ec.bat
----------------------------------------------------------------------
diff --git a/version22/c/build_ec.bat b/version22/c/build_ec.bat
deleted file mode 100644
index a49fc25..0000000
--- a/version22/c/build_ec.bat
+++ /dev/null
@@ -1,22 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 ff.c
-
-del amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o ff.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-gcc -std=c99 -O3 testecdh.c ecdh.c randapi.c amcl.a -o testecdh.exe
-gcc -std=c99 -O3 testrsa.c rsa.c randapi.c amcl.a -o testrsa.exe
-gcc -std=c99 -O3 benchtest_ec.c rsa.c amcl.a -o benchtest_ec.exe
-
-del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_pair
----------------------------------------------------------------------
diff --git a/version22/c/build_pair b/version22/c/build_pair
deleted file mode 100644
index 6b6bae2..0000000
--- a/version22/c/build_pair
+++ /dev/null
@@ -1,27 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 fp2.c
-gcc -std=c99 -c -O3 ecp2.c
-gcc -std=c99 -c -O3 fp4.c
-gcc -std=c99 -c -O3 fp12.c
-gcc -std=c99 -c -O3 pair.c
-
-rm amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
-
-gcc -std=c99 -O3 testmpin.c mpin.c randapi.c amcl.a -o testmpin
-gcc -std=c99 -O3 benchtest_pair.c amcl.a -o benchtest_pair
-
-rm *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/build_pair.bat
----------------------------------------------------------------------
diff --git a/version22/c/build_pair.bat b/version22/c/build_pair.bat
deleted file mode 100644
index 88b5daf..0000000
--- a/version22/c/build_pair.bat
+++ /dev/null
@@ -1,27 +0,0 @@
-
-gcc -std=c99 -c -O3 big.c
-gcc -std=c99 -c -O3 fp.c
-gcc -std=c99 -c -O3 ecp.c
-gcc -std=c99 -c -O3 hash.c
-gcc -std=c99 -c -O3 rand.c
-gcc -std=c99 -c -O3 aes.c
-gcc -std=c99 -c -O3 gcm.c
-gcc -std=c99 -c -O3 oct.c
-gcc -std=c99 -c -O3 rom.c
-
-gcc -std=c99 -c -O3 fp2.c
-gcc -std=c99 -c -O3 ecp2.c
-gcc -std=c99 -c -O3 fp4.c
-gcc -std=c99 -c -O3 fp12.c
-gcc -std=c99 -c -O3 pair.c
-
-del amcl.a
-ar rc amcl.a big.o fp.o ecp.o hash.o
-ar r amcl.a rand.o aes.o gcm.o oct.o rom.o
-
-ar r amcl.a pair.o fp2.o ecp2.o fp4.o fp12.o
-
-gcc -std=c99 -O3 testmpin.c mpin.c randapi.c amcl.a -o testmpin.exe
-gcc -std=c99 -O3 benchtest_pair.c amcl.a -o benchtest_pair.exe
-
-del *.o
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ca.crt
----------------------------------------------------------------------
diff --git a/version22/c/ca.crt b/version22/c/ca.crt
deleted file mode 100644
index e3ad02f..0000000
--- a/version22/c/ca.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID6zCCAtOgAwIBAgIJALJxywTGMUA7MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYD
-VQQGEwJJRTEQMA4GA1UECAwHSXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYD
-VQQKDAZNSVJBQ0wxDTALBgNVBAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQx
-JDAiBgkqhkiG9w0BCQEWFW1pa2Uuc2NvdHRAbWlyYWNsLmNvbTAeFw0xNjA2MzAx
-NzQyNDFaFw0yMTA2MzAxNzQyNDFaMIGLMQswCQYDVQQGEwJJRTEQMA4GA1UECAwH
-SXJlbGFuZDEPMA0GA1UEBwwGRHVibGluMQ8wDQYDVQQKDAZNSVJBQ0wxDTALBgNV
-BAsMBGxhYnMxEzARBgNVBAMMCk1pa2UgU2NvdHQxJDAiBgkqhkiG9w0BCQEWFW1p
-a2Uuc2NvdHRAbWlyYWNsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAPCTPcPWgiI0ka5Czd0ZzW+gTaMEe9QW7FGu5+9fS6ALrCpdbxdwDX8+OQXZ
-uQJpLYEAIq1pDh3fVQguH/jUM9gQQrS2Lmz3KhXC/J3yv85FRotCGv13ztapMedT
-y2IxzbtPvoQQc+IAlUPX6DtD8JqBoAstrlQUnkMChKztMGR2OERdjNzXmXm+KMMP
-lZzk+EvRwCornVA+SB5QAWj7y/3ISFo0y1WG8ewoQEx3HQYrjXbQP1VTdiLW7dHP
-QP86XKoTMtTBEYWuFhKB9ClCeu4Qqqxqa9UPIVfdro7SoZScCt+OX4KhzLnOCFup
-oLxE+yTDhDpYcCcmI1yglCv9DpMCAwEAAaNQME4wHQYDVR0OBBYEFFH18YEMoxms
-7121N/nQ+Wm3b5smMB8GA1UdIwQYMBaAFFH18YEMoxms7121N/nQ+Wm3b5smMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBALCUob0y2O4DSzsqG76yrtCx
-XWxDdgjSkHKzwFK62BzZK5EuCDJrVgCyoLX0SvYvoT9x0wtS+bxJ7TNEGn7Rkp5/
-iSQCUSF7sVRoHqzErk70xVKKDy5FS+zre8k08nJrtRg2u1PmY95NO1SE96BtUVLs
-+8rQuqEX283tqlmqE/SF2+lxOb0WaVrya4oCJfj/XT83pRTcd5w9i7huWltMbKba
-gkmlQ/5q9Ayp/Jh1lLXmxr+/xEbZ2xEop/y+mgVF0vLxap7R5toBA0Yk7vvirlYv
-0hZGqGi5lBc9VeUqm1H/7XCi5xRU3AtJ4QRk4Z1xUa4qAPKfiqlPKd1dVe3Ah3w=
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/eccert.pem
----------------------------------------------------------------------
diff --git a/version22/c/eccert.pem b/version22/c/eccert.pem
deleted file mode 100644
index b9dfca5..0000000
--- a/version22/c/eccert.pem
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICqjCCAZICCQCk9jKdJYtnjDANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
-SUUxEDAOBgNVBAgMB0lyZWxhbmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwG
-TUlSQUNMMQ0wCwYDVQQLDARsYWJzMRMwEQYDVQQDDApNaWtlIFNjb3R0MSQwIgYJ
-KoZIhvcNAQkBFhVtaWtlLnNjb3R0QG1pcmFjbC5jb20wHhcNMTYwNjMwMTc0NjQ4
-WhcNMTYwNzMwMTc0NjQ4WjCBjDELMAkGA1UEBhMCSUUxEDAOBgNVBAgMB0lyZWxh
-bmQxDzANBgNVBAcMBkR1YmxpbjEPMA0GA1UECgwGTUlSQUNMMQ0wCwYDVQQLDARs
-YWJzMRgwFgYDVQQDDA9LZWFsYW4gTWNDdXNrZXIxIDAeBgkqhkiG9w0BCQEWEWtl
-YWxhbkBtaXJhY2wuY29tMDkwFAYHKoZIzj0CAQYJKwYBBAHaRw8BAyEASiRQmhO9
-PP+SqodOhXYrnSlcyAOog63E6a4KLDFvAzEwDQYJKoZIhvcNAQELBQADggEBALBy
-fCM/EhdqWBrEnDHtH2/U8xr1eSylHdcfnDSDR+X6KXH5rIJ/397lZQMHB6QSsEiV
-rWzfFDFPPjDN3xEDsZw09ZTT+L8Wi5P3UKR1gtawQCx3ciKEywAU1CU2dV05gvye
-bqIsbFUyH7jOlj6/1hIx9zaiLcoEex6D55MYQuWo664HF3CNdJFk1k4HF+fclRhy
-l4iryp0F9p0Wl5vyn96kg0NwaBZG860oCWDHZsjRq1JeSSaRf9CKNXWbQwjByeEc
-DphpprqmoVcI60cC0TvZZm1x4y7vjCXLD6uCDw3P7fnSp40yce64+IKUr8/cS+QY
-us58KHdLaLXsojZHL3c=
------END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ecdh.c
----------------------------------------------------------------------
diff --git a/version22/c/ecdh.c b/version22/c/ecdh.c
deleted file mode 100644
index 74694f7..0000000
--- a/version22/c/ecdh.c
+++ /dev/null
@@ -1,751 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/* ECDH/ECIES/ECDSA Functions - see main program below */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <time.h>
-
-#include "ecdh.h"
-
-#define ROUNDUP(a,b) ((a)-1)/(b)+1
-
-/* general purpose hash function w=hash(p|n|x|y) */
-/* pad or truncate ouput to length pad if pad!=0 */
-static void hashit(int sha,octet *p,int n,octet *x,octet *w,int pad)
-{
- int i,c[4],hlen;
- hash256 sha256;
- hash512 sha512;
- char hh[64];
-
- switch (sha)
- {
- case SHA256:
- HASH256_init(&sha256);
- break;
- case SHA384:
- HASH384_init(&sha512);
- break;
- case SHA512:
- HASH512_init(&sha512);
- break;
- }
-
- hlen=sha;
-
- for (i=0; i<p->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,p->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,p->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,p->val[i]);
- break;
- }
- }
- if (n>0)
- {
- c[0]=(n>>24)&0xff;
- c[1]=(n>>16)&0xff;
- c[2]=(n>>8)&0xff;
- c[3]=(n)&0xff;
- for (i=0; i<4; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,c[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,c[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,c[i]);
- break;
- }
- }
- }
- if (x!=NULL) for (i=0; i<x->len; i++)
- {
- switch(sha)
- {
- case SHA256:
- HASH256_process(&sha256,x->val[i]);
- break;
- case SHA384:
- HASH384_process(&sha512,x->val[i]);
- break;
- case SHA512:
- HASH512_process(&sha512,x->val[i]);
- break;
- }
- }
-
- switch (sha)
- {
- case SHA256:
- HASH256_hash(&sha256,hh);
- break;
- case SHA384:
- HASH384_hash(&sha512,hh);
- break;
- case SHA512:
- HASH512_hash(&sha512,hh);
- break;
- }
-
- OCT_empty(w);
- if (!pad)
- OCT_jbytes(w,hh,hlen);
- else
- {
- if (pad<=hlen)
- OCT_jbytes(w,hh,pad);
- else
- {
- OCT_jbytes(w,hh,hlen);
- OCT_jbyte(w,0,pad-hlen);
- }
- }
- return;
-}
-
-/* Hash octet p to octet w */
-void HASH(int sha,octet *p,octet *w)
-{
- hashit(sha,p,-1,NULL,w,0);
-}
-
-/* Calculate HMAC of m using key k. HMAC is tag of length olen */
-int HMAC(int sha,octet *m,octet *k,int olen,octet *tag)
-{
- /* Input is from an octet m *
- * olen is requested output length in bytes. k is the key *
- * The output is the calculated tag */
- int hlen,b;
- char h[128],k0[128];
- octet H= {0,sizeof(h),h};
- octet K0= {0,sizeof(k0),k0};
-
- hlen=sha;
- if (hlen>32) b=128;
- else b=64;
-
- if (olen<4 /*|| olen>hlen*/) return 0;
-
- if (k->len > b) hashit(sha,k,-1,NULL,&K0,0);
- else OCT_copy(&K0,k);
-
- OCT_jbyte(&K0,0,b-K0.len);
-
- OCT_xorbyte(&K0,0x36);
-
- hashit(sha,&K0,-1,m,&H,0);
-
- OCT_xorbyte(&K0,0x6a); /* 0x6a = 0x36 ^ 0x5c */
- hashit(sha,&K0,-1,&H,&H,olen);
-
- OCT_empty(tag);
-
- OCT_jbytes(tag,H.val,olen);
-
- return 1;
-}
-
-/* Key Derivation Functions */
-/* Input octet z */
-/* Output key of length olen */
-/*
-void KDF1(octet *z,int olen,octet *key)
-{
- char h[32];
- octet H={0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=32;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=0;counter<cthreshold;counter++)
- {
- hashit(z,counter,NULL,NULL,&H);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-}
-*/
-void KDF2(int sha,octet *z,octet *p,int olen,octet *key)
-{
- /* NOTE: the parameter olen is the length of the output k in bytes */
- char h[64];
- octet H= {0,sizeof(h),h};
- int counter,cthreshold;
- int hlen=sha;
-
- OCT_empty(key);
-
- cthreshold=ROUNDUP(olen,hlen);
-
- for (counter=1; counter<=cthreshold; counter++)
- {
- hashit(sha,z,counter,p,&H,0);
- if (key->len+hlen>olen) OCT_jbytes(key,H.val,olen%hlen);
- else OCT_joctet(key,&H);
- }
-
-}
-
-/* Password based Key Derivation Function */
-/* Input password p, salt s, and repeat count */
-/* Output key of length olen */
-void PBKDF2(int sha,octet *p,octet *s,int rep,int olen,octet *key)
-{
- int i,j,len,d=ROUNDUP(olen,sha);
- char f[64],u[64]; /*****/
- octet F= {0,sizeof(f),f};
- octet U= {0,sizeof(u),u};
- OCT_empty(key);
-
- for (i=1; i<=d; i++)
- {
- len=s->len;
- OCT_jint(s,i,4);
-
- HMAC(sha,s,p,sha,&F); /* sha not EFS */
-
- s->len=len;
- OCT_copy(&U,&F);
- for (j=2; j<=rep; j++)
- {
- HMAC(sha,&U,p,sha,&U); /* sha not EFS */
- OCT_xor(&F,&U);
- }
-
- OCT_joctet(key,&F);
- }
-
- OCT_chop(key,NULL,olen);
-}
-
-/* AES encryption/decryption. Encrypt byte array M using key K and returns ciphertext */
-void AES_CBC_IV0_ENCRYPT(octet *k,octet *m,octet *c)
-{
- /* AES CBC encryption, with Null IV and key k */
- /* Input is from an octet string m, output is to an octet string c */
- /* Input is padded as necessary to make up a full final block */
- amcl_aes a;
- int fin;
- int i,j,ipt,opt;
- char buff[16];
- int padlen;
-
- OCT_clear(c);
- if (m->len==0) return;
- AES_init(&a,CBC,k->len,k->val,NULL);
-
- ipt=opt=0;
- fin=0;
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- if (ipt<m->len) buff[i]=m->val[ipt++];
- else
- {
- fin=1;
- break;
- }
- }
- if (fin) break;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- }
-
- /* last block, filled up to i-th index */
-
- padlen=16-i;
- for (j=i; j<16; j++) buff[j]=padlen;
- AES_encrypt(&a,buff);
- for (i=0; i<16; i++)
- if (opt<c->max) c->val[opt++]=buff[i];
- AES_end(&a);
- c->len=opt;
-}
-
-/* decrypts and returns TRUE if all consistent, else returns FALSE */
-int AES_CBC_IV0_DECRYPT(octet *k,octet *c,octet *m)
-{
- /* padding is removed */
- amcl_aes a;
- int i,ipt,opt,ch;
- char buff[16];
- int fin,bad;
- int padlen;
- ipt=opt=0;
-
- OCT_clear(m);
- if (c->len==0) return 1;
- ch=c->val[ipt++];
-
- AES_init(&a,CBC,k->len,k->val,NULL);
- fin=0;
-
- for(;;)
- {
- for (i=0; i<16; i++)
- {
- buff[i]=ch;
- if (ipt>=c->len)
- {
- fin=1;
- break;
- }
- else ch=c->val[ipt++];
- }
- AES_decrypt(&a,buff);
- if (fin) break;
- for (i=0; i<16; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
- }
- AES_end(&a);
- bad=0;
- padlen=buff[15];
- if (i!=15 || padlen<1 || padlen>16) bad=1;
- if (padlen>=2 && padlen<=16)
- for (i=16-padlen; i<16; i++) if (buff[i]!=padlen) bad=1;
-
- if (!bad) for (i=0; i<16-padlen; i++)
- if (opt<m->max) m->val[opt++]=buff[i];
-
- m->len=opt;
- if (bad) return 0;
- return 1;
-}
-
-/* Calculate a public/private EC GF(p) key pair. W=S.G mod EC(p),
- * where S is the secret key and W is the public key
- * and G is fixed generator.
- * If RNG is NULL then the private key is provided externally in S
- * otherwise it is generated randomly internally */
-int ECP_KEY_PAIR_GENERATE(csprng *RNG,octet* S,octet *W)
-{
- BIG r,gx,s;
- ECP G;
- int res=0;
- BIG_rcopy(gx,CURVE_Gx);
-
-#if CURVETYPE!=MONTGOMERY
- BIG gy;
- BIG_rcopy(gy,CURVE_Gy);
- ECP_set(&G,gx,gy);
-#else
- ECP_set(&G,gx);
-#endif
-
- BIG_rcopy(r,CURVE_Order);
- if (RNG!=NULL)
- {
- BIG_randomnum(s,r,RNG);
- }
- else
- {
- BIG_fromBytes(s,S->val);
- BIG_mod(s,r);
- }
-
-#ifdef AES_S
- BIG_mod2m(s,2*AES_S);
-// BIG_toBytes(S->val,s);
-#endif
-
- ECP_mul(&G,s);
-#if CURVETYPE!=MONTGOMERY
- ECP_get(gx,gy,&G);
-#else
- ECP_get(gx,&G);
- /*
- ECP_rhs(gy,gx);
- FP_sqrt(gy,gy);
- FP_neg(gy,gy);
- FP_inv(gy,gy);
- FP_mul(r,gx,gy);
- FP_reduce(r);
-
- BIG_zero(gy);
- BIG_inc(gy,486664);
- FP_neg(gy,gy);
- FP_sqrt(gy,gy);
- FP_reduce(gy);
- FP_mul(r,r,gy);
- FP_reduce(r);
-
- printf("x= "); BIG_output(r); printf("\n");
-
- BIG_copy(r,gx);
- BIG_dec(r,1);
- BIG_copy(gy,gx);
- BIG_inc(gy,1);
- FP_inv(gy,gy);
- FP_mul(r,r,gy);
- FP_reduce(r);
-
- printf("y= "); BIG_output(r); printf("\n");
-
- BIG_zero(r);
- BIG_inc(r,121665);
- BIG_zero(gy);
- BIG_inc(gy,121666);
- FP_inv(gy,gy);
- FP_mul(r,r,gy);
- FP_neg(r,r);
- FP_reduce(r);
-
- printf("d= "); BIG_output(r); printf("\n");
- */
-
-#endif
-
- S->len=EGS;
- BIG_toBytes(S->val,s);
-
-#if CURVETYPE!=MONTGOMERY
- W->len=2*EFS+1;
- W->val[0]=4;
- BIG_toBytes(&(W->val[1]),gx);
- BIG_toBytes(&(W->val[EFS+1]),gy);
-#else
- W->len=EFS+1;
- W->val[0]=2;
- BIG_toBytes(&(W->val[1]),gx);
-#endif
-
- return res;
-}
-
-/* validate public key. Set full=true for fuller check */
-int ECP_PUBLIC_KEY_VALIDATE(int full,octet *W)
-{
- BIG q,r,wx;
- ECP WP;
- int valid;
- int res=0;
-
- BIG_rcopy(q,Modulus);
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(wx,&(W->val[1]));
- if (BIG_comp(wx,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#if CURVETYPE!=MONTGOMERY
- BIG wy;
- BIG_fromBytes(wy,&(W->val[EFS+1]));
- if (BIG_comp(wy,q)>=0) res=ECDH_INVALID_PUBLIC_KEY;
-#endif
- if (res==0)
- {
-
-#if CURVETYPE!=MONTGOMERY
- valid=ECP_set(&WP,wx,wy);
-#else
- valid=ECP_set(&WP,wx);
-#endif
- if (!valid || ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
- if (res==0 && full)
- {
-
- ECP_mul(&WP,r);
- if (!ECP_isinf(&WP)) res=ECDH_INVALID_PUBLIC_KEY;
- }
- }
-
- return res;
-}
-
-/* IEEE-1363 Diffie-Hellman online calculation Z=S.WD */
-int ECPSVDP_DH(octet *S,octet *WD,octet *Z)
-{
- BIG r,s,wx;
- int valid;
- ECP W;
- int res=0;
-
- BIG_fromBytes(s,S->val);
-
- BIG_fromBytes(wx,&(WD->val[1]));
-#if CURVETYPE!=MONTGOMERY
- BIG wy;
- BIG_fromBytes(wy,&(WD->val[EFS+1]));
- valid=ECP_set(&W,wx,wy);
-#else
- valid=ECP_set(&W,wx);
-#endif
- if (!valid) res=ECDH_ERROR;
- if (res==0)
- {
- BIG_rcopy(r,CURVE_Order);
- BIG_mod(s,r);
-
- ECP_mul(&W,s);
- if (ECP_isinf(&W)) res=ECDH_ERROR;
- else
- {
-#if CURVETYPE!=MONTGOMERY
- ECP_get(wx,wx,&W);
-#else
- ECP_get(wx,&W);
-#endif
- Z->len=MODBYTES;
- BIG_toBytes(Z->val,wx);
- }
- }
- return res;
-}
-
-#if CURVETYPE!=MONTGOMERY
-
-/* IEEE ECDSA Signature, C and D are signature on F using private key S */
-int ECPSP_DSA(int sha,csprng *RNG,octet *K,octet *S,octet *F,octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG gx,gy,r,s,f,c,d,u,vx,w;
- ECP G,V;
-
- hashit(sha,F,-1,NULL,&H,sha);
- BIG_rcopy(gx,CURVE_Gx);
- BIG_rcopy(gy,CURVE_Gy);
- BIG_rcopy(r,CURVE_Order);
-
- BIG_fromBytes(s,S->val);
-
- int hlen=H.len;
- if (H.len>MODBYTES) hlen=MODBYTES;
- BIG_fromBytesLen(f,H.val,hlen);
-
- ECP_set(&G,gx,gy);
-
- do
- {
- if (RNG!=NULL)
- {
- BIG_randomnum(u,r,RNG);
- BIG_randomnum(w,r,RNG); /* randomize calculation */
- }
- else
- {
- BIG_fromBytes(u,K->val);
- BIG_mod(u,r);
- }
-
-#ifdef AES_S
- BIG_mod2m(u,2*AES_S);
-#endif
- ECP_copy(&V,&G);
- ECP_mul(&V,u);
-
- ECP_get(vx,vx,&V);
-
- BIG_copy(c,vx);
- BIG_mod(c,r);
- if (BIG_iszilch(c)) continue;
- if (RNG!=NULL)
- {
- BIG_modmul(u,u,w,r);
- }
-
- BIG_invmodp(u,u,r);
- BIG_modmul(d,s,c,r);
-
- BIG_add(d,f,d);
- if (RNG!=NULL)
- {
- BIG_modmul(d,d,w,r);
- }
-
- BIG_modmul(d,u,d,r);
-
- }
- while (BIG_iszilch(d));
-
- C->len=D->len=EGS;
-
- BIG_toBytes(C->val,c);
- BIG_toBytes(D->val,d);
-
- return 0;
-}
-
-/* IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W */
-int ECPVP_DSA(int sha,octet *W,octet *F, octet *C,octet *D)
-{
- char h[128];
- octet H= {0,sizeof(h),h};
-
- BIG r,gx,gy,wx,wy,f,c,d,h2;
- int res=0;
- ECP G,WP;
- int valid;
-
- hashit(sha,F,-1,NULL,&H,sha);
- BIG_rcopy(gx,CURVE_Gx);
- BIG_rcopy(gy,CURVE_Gy);
- BIG_rcopy(r,CURVE_Order);
-
- OCT_shl(C,C->len-MODBYTES);
- OCT_shl(D,D->len-MODBYTES);
-
- BIG_fromBytes(c,C->val);
- BIG_fromBytes(d,D->val);
-
- int hlen=H.len;
- if (hlen>MODBYTES) hlen=MODBYTES;
-
- BIG_fromBytesLen(f,H.val,hlen);
-
- //BIG_fromBytes(f,H.val);
-
- if (BIG_iszilch(c) || BIG_comp(c,r)>=0 || BIG_iszilch(d) || BIG_comp(d,r)>=0)
- res=ECDH_INVALID;
-
- if (res==0)
- {
- BIG_invmodp(d,d,r);
- BIG_modmul(f,f,d,r);
- BIG_modmul(h2,c,d,r);
-
- ECP_set(&G,gx,gy);
-
- BIG_fromBytes(wx,&(W->val[1]));
- BIG_fromBytes(wy,&(W->val[EFS+1]));
-
- valid=ECP_set(&WP,wx,wy);
-
- if (!valid) res=ECDH_ERROR;
- else
- {
- ECP_mul2(&WP,&G,h2,f);
-
- if (ECP_isinf(&WP)) res=ECDH_INVALID;
- else
- {
- ECP_get(d,d,&WP);
- BIG_mod(d,r);
- if (BIG_comp(d,c)!=0) res=ECDH_INVALID;
- }
- }
- }
-
- return res;
-}
-
-/* IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T */
-void ECP_ECIES_ENCRYPT(int sha,octet *P1,octet *P2,csprng *RNG,octet *W,octet *M,int tlen,octet *V,octet *C,octet *T)
-{
-
- int i,len;
- char z[EFS],vz[3*EFS+1],k[2*EAS],k1[EAS],k2[EAS],l2[8],u[EFS];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet U= {0,sizeof(u),u};
-
- if (ECP_KEY_PAIR_GENERATE(RNG,&U,V)!=0) return;
- if (ECPSVDP_DH(&U,W,&Z)!=0) return;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,2*EAS,&K);
-
- K1.len=K2.len=EAS;
- for (i=0; i<EAS; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[EAS+i];
- }
-
- AES_CBC_IV0_ENCRYPT(&K1,M,C);
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,tlen,T);
- C->len=len;
-}
-
-/* IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M */
-int ECP_ECIES_DECRYPT(int sha,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M)
-{
-
- int i,len;
- char z[EFS],vz[3*EFS+1],k[2*EAS],k1[EAS],k2[EAS],l2[8],tag[32];
- octet Z= {0,sizeof(z),z};
- octet VZ= {0,sizeof(vz),vz};
- octet K= {0,sizeof(k),k};
- octet K1= {0,sizeof(k1),k1};
- octet K2= {0,sizeof(k2),k2};
- octet L2= {0,sizeof(l2),l2};
- octet TAG= {0,sizeof(tag),tag};
-
- if (ECPSVDP_DH(U,V,&Z)!=0) return 0;
-
- OCT_copy(&VZ,V);
- OCT_joctet(&VZ,&Z);
-
- KDF2(sha,&VZ,P1,EFS,&K);
-
- K1.len=K2.len=EAS;
- for (i=0; i<EAS; i++)
- {
- K1.val[i]=K.val[i];
- K2.val[i]=K.val[EAS+i];
- }
-
- if (!AES_CBC_IV0_DECRYPT(&K1,C,M)) return 0;
-
- OCT_jint(&L2,P2->len,8);
-
- len=C->len;
- OCT_joctet(C,P2);
- OCT_joctet(C,&L2);
- HMAC(sha,C,&K2,T->len,&TAG);
- C->len=len;
-
- if (!OCT_comp(T,&TAG)) return 0;
-
- return 1;
-
-}
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version22/c/ecdh.h
----------------------------------------------------------------------
diff --git a/version22/c/ecdh.h b/version22/c/ecdh.h
deleted file mode 100644
index 7d0536b..0000000
--- a/version22/c/ecdh.h
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-*/
-
-/**
- * @file ecdh.h
- * @author Mike Scott and Kealan McCusker
- * @date 2nd June 2015
- * @brief ECDH Header file for implementation of standard EC protocols
- *
- * declares functions
- *
- */
-
-#ifndef ECDH_H
-#define ECDH_H
-
-#include "amcl.h"
-
-#define EAS 16 /**< Symmetric Key size - 128 bits */
-#define EGS MODBYTES /**< ECC Group Size in bytes */
-#define EFS MODBYTES /**< ECC Field Size in bytes */
-
-#define HASH_TYPE_ECC SHA256 /**< Hash type */
-
-#define ECDH_OK 0 /**< Function completed without error */
-/*#define ECDH_DOMAIN_ERROR -1*/
-#define ECDH_INVALID_PUBLIC_KEY -2 /**< Public Key is Invalid */
-#define ECDH_ERROR -3 /**< ECDH Internal Error */
-#define ECDH_INVALID -4 /**< ECDH Internal Error */
-/*#define ECDH_DOMAIN_NOT_FOUND -5
-#define ECDH_OUT_OF_MEMORY -6
-#define ECDH_DIV_BY_ZERO -7
-#define ECDH_BAD_ASSUMPTION -8*/
-
-/* ECDH Auxiliary Functions */
-
-
-/** @brief hash an octet into another octet
- *
- @param h is the hash type
- @param I input octet
- @param O output octet - H(I)
- */
-extern void HASH(int h,octet *I,octet *O);
-/** @brief HMAC of message M using key K to create tag of length len in octet tag
- *
- IEEE-1363 MAC1 function. Uses SHA256 internally.
- @param h is the hash type
- @param M input message octet
- @param K input encryption key
- @param len is output desired length of HMAC tag
- @param tag is the output HMAC
- @return 0 for bad parameters, else 1
- */
-extern int HMAC(int h,octet *M,octet *K,int len,octet *tag);
-
-/*extern void KDF1(octet *,int,octet *);*/
-
-/** @brief Key Derivation Function - generates key K from inputs Z and P
- *
- IEEE-1363 KDF2 Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param Z input octet
- @param P input key derivation parameters - can be NULL
- @param len is output desired length of key
- @param K is the derived key
- */
-extern void KDF2(int h,octet *Z,octet *P,int len,octet *K);
-/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter
- *
- PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally.
- @param h is the hash type
- @param P input password
- @param S input salt
- @param rep Number of times to be iterated.
- @param len is output desired length
- @param K is the derived key
- */
-extern void PBKDF2(int h,octet *P,octet *S,int rep,int len,octet *K);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_ENCRYPT function. Encrypts in CBC mode with a zero IV, padding as necessary to create a full final block.
- @param K AES key
- @param P input plaintext octet
- @param C output ciphertext octet
- */
-extern void AES_CBC_IV0_ENCRYPT(octet *K,octet *P,octet *C);
-/** @brief AES encrypts a plaintext to a ciphtertext
- *
- IEEE-1363 AES_CBC_IV0_DECRYPT function. Decrypts in CBC mode with a zero IV.
- @param K AES key
- @param C input ciphertext octet
- @param P output plaintext octet
- @return 0 if bad input, else 1
- */
-extern int AES_CBC_IV0_DECRYPT(octet *K,octet *C,octet *P);
-
-/* ECDH primitives - support functions */
-/** @brief Generate an ECC public/private key pair
- *
- @param R is a pointer to a cryptographically secure random number generator
- @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input
- @param W the output public key, which is s.G, where G is a fixed generator
- @return 0 or an error code
- */
-extern int ECP_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W);
-/** @brief Validate an ECC public key
- *
- @param f if = 0 just does some simple checks, else tests that W is of the correct order
- @param W the input public key to be validated
- @return 0 if public key is OK, or an error code
- */
-extern int ECP_PUBLIC_KEY_VALIDATE(int f,octet *W);
-
-/* ECDH primitives */
-
-/** @brief Generate Diffie-Hellman shared key
- *
- IEEE-1363 Diffie-Hellman shared secret calculation
- @param s is the input private key,
- @param W the input public key of the other party
- @param K the output shared key, in fact the x-coordinate of s.W
- @return 0 or an error code
- */
-extern int ECPSVDP_DH(octet *s,octet *W,octet *K);
-/*extern int ECPSVDP_DHC(octet *,octet *,int,octet *);*/
-
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/*#if CURVETYPE!=MONTGOMERY */
-/* ECIES functions */
-/** @brief ECIES Encryption
- *
- IEEE-1363 ECIES Encryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param R is a pointer to a cryptographically secure random number generator
- @param W the input public key of the recieving party
- @param M is the plaintext message to be encrypted
- @param len the length of the HMAC tag
- @param V component of the output ciphertext
- @param C the output ciphertext
- @param T the output HMAC tag, part of the ciphertext
- */
-extern void ECP_ECIES_ENCRYPT(int h,octet *P1,octet *P2,csprng *R,octet *W,octet *M,int len,octet *V,octet *C,octet *T);
-/** @brief ECIES Decryption
- *
- IEEE-1363 ECIES Decryption
- @param h is the hash type
- @param P1 input Key Derivation parameters
- @param P2 input Encoding parameters
- @param V component of the input ciphertext
- @param C the input ciphertext
- @param T the input HMAC tag, part of the ciphertext
- @param U the input private key for decryption
- @param M the output plaintext message
- @return 1 if successful, else 0
- */
-extern int ECP_ECIES_DECRYPT(int h,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M);
-
-/* ECDSA functions */
-/** @brief ECDSA Signature
- *
- IEEE-1363 ECDSA Signature
- @param h is the hash type
- @param R is a pointer to a cryptographically secure random number generator
- @param k Ephemeral key. This value is used when R=NULL
- @param s the input private signing key
- @param M the input message to be signed
- @param c component of the output signature
- @param d component of the output signature
-
- */
-extern int ECPSP_DSA(int h,csprng *R,octet *k,octet *s,octet *M,octet *c,octet *d);
-/** @brief ECDSA Signature Verification
- *
- IEEE-1363 ECDSA Signature Verification
- @param h is the hash type
- @param W the input public key
- @param M the input message
- @param c component of the input signature
- @param d component of the input signature
- @return 0 or an error code
- */
-extern int ECPVP_DSA(int h,octet *W,octet *M,octet *c,octet *d);
-/*#endif*/
-
-#endif
-